Website Download Support
 

Discuss this help topic in SecureBlackbox Forum

TElOCSPServer.OnCertificateCheck

TElOCSPServer     

Filter: C#  VB.NET  Pascal  C++  PHP  Java  

This event is fired when certificate status must be checked.

Declaration

[C#]
    event TSBCertificateOCSPCheckEvent OnCertificateCheck;
    delegate void TSBCertificateOCSPCheckEvent(Object Sender, byte[] HashAlgOID, byte[] IssuerNameHash, byte[] IssuerKeyHash, byte[] CertificateSerial, ref TElOCSPCertificateStatus CertStatus, ref TSBCRLReasonFlag Reason, ref DateTime RevocationTime, ref DateTime ThisUpdate, ref DateTime NextUpdate);

[VB.NET]
    Event OnCertificateCheck As TSBCertificateOCSPCheckEvent
    Delegate Sub TSBCertificateOCSPCheckEvent(ByVal Sender As Object, ByVal HashAlgOID As Byte(), ByVal IssuerNameHash As Byte(), ByVal IssuerKeyHash As Byte(), ByVal CertificateSerial As Byte(), ByRef CertStatus As TElOCSPCertificateStatus, ByRef Reason As TSBCRLReasonFlag, ByRef RevocationTime As DateTime, ByRef ThisUpdate As DateTime, ByRef NextUpdate As DateTime)

[Pascal]
    property OnCertificateCheck : TSBCertificateOCSPCheckEvent;
    TSBCertificateOCSPCheckEvent = procedure(Sender : TObject; const HashAlgOID : ByteArray; const IssuerNameHash : ByteArray; const IssuerKeyHash : ByteArray; const CertificateSerial : ByteArray; var CertStatus : TElOCSPCertificateStatus; var Reason : TSBCRLReasonFlag; var RevocationTime, ThisUpdate, NextUpdate : TDateTime) of object;

[C++]
    void get_OnCertificateCheck(TSBCertificateOCSPCheckEvent &pMethodOutResult, void * &pDataOutResult);
    void set_OnCertificateCheck(TSBCertificateOCSPCheckEvent pMethodValue, void * pDataValue);
    typedef void (SB_CALLBACK *TSBCertificateOCSPCheckEvent)(void * _ObjectData, TObjectHandle Sender, const uint8_t pHashAlgOID[], int32_t szHashAlgOID, const uint8_t pIssuerNameHash[], int32_t szIssuerNameHash, const uint8_t pIssuerKeyHash[], int32_t szIssuerKeyHash, const uint8_t pCertificateSerial[], int32_t szCertificateSerial, TElOCSPCertificateStatusRaw &CertStatus, TSBCRLReasonFlagRaw &Reason, int64_t &RevocationTime, int64_t &ThisUpdate, int64_t &NextUpdate);

[PHP]
    TSBCertificateOCSPCheckEvent|callable|NULL get_OnCertificateCheck()
    void set_OnCertificateCheck(TSBCertificateOCSPCheckEvent|callable|NULL $Value)
    callable TSBCertificateOCSPCheckEvent(TObject $Sender, string $HashAlgOID, string $IssuerNameHash, string $IssuerKeyHash, string $CertificateSerial, integer &$CertStatus, integer &$Reason, DateTime &$RevocationTime, DateTime &$ThisUpdate, DateTime &$NextUpdate)

[Java]
    TSBCertificateOCSPCheckEvent getOnCertificateCheck();
    void setOnCertificateCheck(TSBCertificateOCSPCheckEvent Value);
    TSBCertificateOCSPCheckEvent.Callback OnCertificateCheck = new TSBCertificateOCSPCheckEvent.Callback() {
        public void TSBCertificateOCSPCheckEventCallback(TObject arg0, byte[] arg1, byte[] arg2, byte[] arg3, byte[] arg4, TElCertificateOCSPCheckParams arg5) {
            //...
        }
    }

Parameters

  • HashAlgOID - OID of the hash algorithm, used to create IssuerNameHash and IssuerKeyHash
  • IssuerNameHash - hash of the IssuerName field of the certificate, being verified
  • IssuerKeyHash - hash of the public key of the certificate, which was used to sign the certificate being verified
  • CertificateSerial - serial of the certificate being verified
  • CertStatus - certificate status
  • Reason - reason of certificate revocation
  • RevocationTime - time when the certificate was revoked
  • ThisUpdate - time of the current status update
  • NextUpdate - time of the next status update
  • pHashAlgOID -
  • szHashAlgOID - the length of pcHashAlgOID.
  • pIssuerNameHash -
  • szIssuerNameHash - the length of pcIssuerNameHash.
  • pIssuerKeyHash -
  • szIssuerKeyHash - the length of pcIssuerKeyHash.
  • pCertificateSerial -
  • szCertificateSerial - the length of pcCertificateSerial.

Possible values of certificate status:

[.NET] [C++] [Pascal] Description
csGood = 0 csGood Indicates a positive response to the status inquiry.At a minimum, this positive response indicates that the certificateis not revoked, but does not necessarily mean that the certificatewas ever issued or that the time at which the response was producedis within the certificate's validity interval.
csRevoked = 1 csRevoked Indicates that the certificate has been revoked(either permanantly or temporarily (on hold))
csUnknown = 2 csUnknown Indicates that the responder doesn't know aboutthe certificate being requested.

Possible values of CRL reason flags:

[.NET] [Pascal] [C++] Description
rfUnspecified = 1 rfUnspecified f_rfUnspecified = 1 The reason is not specified.
rfKeyCompromise = 2 rfKeyCompromise f_rfKeyCompromise = 2 The key has been compromised.
rfCACompromise = 4 rfCACompromise f_rfCACompromise = 4 Certificate authority has been compromised.
rfAffiliationChanged = 8 rfAffiliationChanged f_rfAffiliationChanged = 8 Certificate's affiliation was inappropriately changed.
rfSuperseded = 16 rfSuperseded f_rfSuperseded = 16 Certificate has been superseded.
rfCessationOfOperation = 32 rfCessationOfOperation f_rfCessationOfOperation = 32 The CA is no longer operational.
rfCertificateHold = 64 rfCertificateHold f_rfCertificateHold = 64 The certificate has been placed on hold.
rfObsolete1 = 128 rfObsolete1 f_rfObsolete1 = 128 Obsoleted.
rfRemoveFromCRL = 256 rfRemoveFromCRL f_rfRemoveFromCRL = 256 The certificate has been removed from the CRL.
rfPrivilegeWithdrawn = 512 rfPrivilegeWithdrawn f_rfPrivilegeWithdrawn = 512 The user's privileges have been withdrawn by the CA.
rfAACompromize = 1024 rfAACompromize f_rfAACompromize = 1024 The certificate has been compromized.

Description

    This event is fired for each certificate from the request. In response to this event you need to provide certificate status and other parameters necessary for the OCSP response.

Discuss this help topic in SecureBlackbox Forum

Copyright (c) 2018, /n software, inc.