SignDocVerificationParameters Class |
If you use null instead of a SignDocVerificationParameters object, the following default values will be used (those are identical to the default values for a freshly created SignDocVerificationParameters object): - CertificateChainVerificationPolicy: ccvp_accept_self_signed_with_rsa_bio - CertificateRevocationVerificationPolicy: crvp_dont_check - ComputeOfflineNextUpdate: -1 (that is, embedded CRLs and OCSP responses without nextUpdate will be indefinitely valid) - Timeout: 10000 - UserAgent: "SignDoc" - VerificationFlags: 0 (that is, revocation checking is disabled) - VerificationModel: vm_minimal -VerificationTime: empty(that is, current date and time) . However, for SignDocDocument.updateDSS() and SignDocDocument.updateDSS2(), the following default values will be used if a null pointer is passed (those are identical to the values set by setForUpdateDSS()) : -CertificateChainVerificationPolicy : #ccvp_accept_self_signed_with_rsa_bio -CertificateRevocationVerificationPolicy: #crvp_online -ComputeOfflineNextUpdate: 0 (that is, embedded CRLs and OCSP responses without nextUpdate won't be valid) -Timeout: 10000 -UserAgent : "SignDoc" -VerificationFlags : 0 -VerificationModel : #vm_shell -VerificationTime: empty(that is, current date and time) . To make the signature maximally meaningful, verification parameters for SignDocDocument.addSignature() should include vf_check_revocation in integer parameter "VerificationFlags". If integer parameter "CertificateChainVerificationPolicy" is ccvp_dont_verify, integer parameter "CertificateRevocationVerificationPolicy" must be crvp_dont_check.
Namespace: de.softpro.signdocsdk
public sealed class SignDocVerificationParameters : IDisposable
The SignDocVerificationParameters type exposes the following members.
Name | Description | |
---|---|---|
SignDocVerificationParameters | Constructor.
See SignDocVerificationParameters for the default values.
|
Name | Description | |
---|---|---|
clone | ||
destroy | Destroy this object, overwriting sensitive data.
After calling this method, all methods of this object will throw.
| |
Dispose | Releases all resources used by the SignDocVerificationParameters | |
equals | ||
getErrorMessage | Get an error message for the last function call. | |
setBlob | Set an blob parameter.
Available blob parameters are: - IntermediateCertificate Add an intermediate certificate which might help building the certificate chain. The blob must contain a serialized X.509 certificate (DER or PEM). - TrustedCertificate Add a trusted root certificate. The blob must contain a serialized X.509 certificate (DER or PEM). | |
setForUpdateDSS | Set suitable values for using this object with
SignDocDocument.updateDSS() and SignDocDocument.updateDSS2().
| |
setInteger | Set an integer parameter.
Available integer parameters are: - CertificateChainVerificationPolicy Policy for simplified verification of the certificate chain: #ccvp_dont_verify, #ccvp_accept_self_signed, #ccvp_accept_self_signed_with_bio, or #ccvp_accept_self_signed_with_rsa_bio. The default value is #ccvp_accept_self_signed_with_rsa_bio. This parameter is used by SignDocDocument.renderPageAsImage(), SignDocDocument.updateDSS(), SignDocDocument.updateDSS2(), SignDocVerificationResult.verifyCertificateSimplified(), and SignDocVerificationResult.verifyTimeStampCertificateSimplified() only. - CertificateRevocationVerificationPolicy Policy for simplified verification of the revocation status of the certificates: #crvp_dont_check, #crvp_offline, or #crvp_online. The default value is #crvp_dont_check. This parameter is used by SignDocDocument.renderPageAsImage(), SignDocDocument.updateDSS(), SignDocDocument.updateDSS2(), SignDocVerificationResult.verifyCertificateSimplified(), and SignDocVerificationResult.verifyTimeStampCertificateSimplified() only. - ChainPolicy Abbreviation for "CertificateChainVerificationPolicy". - ComputeOfflineNextUpdate Number of hours embedded CRLs and OCSP responses that do not have a nextUpdate value will be assumed to be valid after their thisUpdate value. That is, nextUpdate will be computed from thisUpdate by adding the specified number of hours. The value -1 is special and means that those CRLs and OCSP responses will be assumed to be valid indefinitely. The default value is -1. See also flag #vf_enforce_next_update of integer parameter "VerificationFlags". - Flags Abbreviation for "VerificationFlags". - Model Abbreviation for "VerificationModel". - RevocationPolicy Abbreviation for "CertificateRevocationVerificationPolicy". - Timeout The timeout (in millisconds) for HTTP connections used for checking the revocation state of certificates. This value is ignored unless vf_check_revocation is set for integer parameter "VerificationFlags". The default value is 10000. - VerificationFlags Flags modifying the verification. This is a combination of these flags: #vf_check_revocation, #vf_crl_first, #vf_enforce_next_update, #vf_enforce_ocsp_signer, #vf_ignore_no_revocation, #vf_no_ocsp_nonce, #vf_offline, #vf_online, #vf_use_crl_only, #vf_use_ocsp_only. If you pass 0, the revocation state of the certificates won't be checked. The default value is 0. SignDocDocument.renderPageAsImage(), SignDocDocument.updateDSS(), SignDocDocument.updateDSS2(), SignDocVerificationResult.verifyCertificateSimplified(), and SignDocVerificationResult.verifyTimeStampCertificateSimplified() use integer parameter CertificateRevocationVerificationPolicy instead of the vf_check_revocation flag. #vf_offline should not be set for SignDocDocument.addSignature(). - VerificationModel Model to be used for verifying the certificate chain: #vm_minimal, #vm_chain, #vm_modified_shell, or #vm_shell. The default value is #vm_minimal. SignDocDocument.addSignature() ignores this parameter and uses #vm_chain if revocation data is to be included in the signature. | |
setString | Set a string parameter.
Available string parameters are: - UserAgent The value of the User-Agent header field sent to CRL and OCSP servers. The default value is "SignDoc". - VerificationTime Empty (for the current date and time) or a string in ISO 8601 format ("yyyy-mm-ddThh:mm:ss", with optional timezone) specifying the verification date and time. The default value is empty. Used only if integer parameter "VerificationModel" is vm_shell. This parameteter is not used by SignDocDocument.addSignature(); that function always use the signing time as verification time. |