Discuss this help topic in SecureBlackbox Forum
Obtain signature validation log
Creation or validation of CAdES signature is a complex process sometimes involving dozens of steps, it is often convenient to have its step-by-step log. This may be particularly useful for tracking the reason for failing chain validation.
Note: creation and validation procedures are fairly similar in the spirit of CAdES. Ninety percent of operations invoked in both processes consist in deep validation of the involved certificate chain(s).
Most operations performed by TElCAdESSignatureProcessor during signing or verification are related to chain validation. Hence, problems mostly arise at this stage. Actual chain validation is done by TElX509CertificateValidator which maintains its own log. Therefore getting the signing or validation log is essentially obtaining the log of the involved validator component.
The log created by a validator component can be obtained from its InternalLogger.Log.Text property. The log can be fetched when the chain validation is over. In case of TElCAdESSignatureProcessor-powered validation, the end of validation is reported by the OnCertValidatorFinished event. This event's handler is a good place to obtain the validation log:
void handleCertValidatorFinished(object Sender, SBCertValidator.TElX509CertificateValidator CertValidator, TElX509Certificate Cert, TSBCertificateValidity Validity, int Reason)
{
Console.WriteLine("Finished validation of the certificate: " + Cert.SubjectRDN.SaveToDNString() + " / " + Cert.IssuerRDN.SaveToDNString() + ", validity: " + Validity.ToString() + ", reason: " + Reason.ToString());
Console.WriteLine(CertValidator.InternalLogger.Log.Text);
}
Note 1: depending on the particular configuration of TElCAdESSignatureProcessor and TElX509CertificateValidator you might receive quite different logs.