Check the hash of the biometric data. This function fails for document time stamps, see getMethod().

Releases all resources used by the SignDocVerificationResult

Get the biometric data of the field.

Get the encryption method used for biometric data of the signature field. This function fails for document time stamps, see getMethod().

Get the certificate chain length. verifyCertificateChain() or verifyCertificateSimplified() must have been called successfully. This function fails for document time stamps, see getMethod() and getTimeStampCertificates().

Get the revocation state of the certificate chain of the signature's certificate. verifyCertificateChain() must have been called successfully. getErrorMessage() will return an error message if the verification result returned is not #crs_ok. If #vf_check_revocation was not set in integer parameter "VerificationFlags" for the most recent call to verifyCertificateChain(), this function will return #crs_not_checked. This function fails for document time stamps, see getMethod() and getTimeStampCertificateRevocationState().

Get the certificates of the signature. This function fails for document time stamps, see getMethod() and getTimeStampCertificates().

Get the message digest algorithm of the signature. Note that the values returned by this functions are different from the Digest values used by de.softpro.doc.SignDocField.getSeedValueDigestMethod() and friends:

Get the DocMDP P value of a certification signature. The DocMDP P value specifies what modifications to the document are allowed by the certification signature.

Get the encrypted biometric data of the field. Use this function if you cannot use getBiometricData() for decrypting the biometric data (for instance, because the private key is stored in an HSM). In the following description of the format of the encrypted data retrieved by this function, all numbers are stored in little-endian format (howver, RSA uses big-endian format): - 4 octets: version number - 4 octets: number of following octets (hash and body) - 32 octets: SHA-256 hash of body (ie, of the octets which follow) - body (format depends on version number) . If the version number is 1, the encryption method is be_rsa with a 2048-bit key and the body has this format: - 32 octets: SHA-256 hash of unencrypted biometric data - 256 octets: AES-256 session key encrypted with 2048-bit RSA 2.0 (OAEP) with SHA-256 - rest: biometric data encrypted with AES-256 in CBC mode using padding as described in RFC 2246. The IV is zero (not a problem as the session key is random). . If the version number is 2, the body has this format: - 4 octets: method (be_fixed, be_binary, be_passphrase) - 32 octets: IV (only the first 16 octets are used, please ignore the rest) - 32 octets: SHA-256 hash of unencrypted biometric data - rest: biometric data encrypted with AES-256 in CBC mode using padding as described in RFC 2246. . If the version number is 3, the encryption method is be_rsa with a key longer than 2048 bits and the body has this format: - 4 octets: size n of encrypted AES key in octets - n octets: AES-256 session key encrypted with RSA 2.0 (OAEP) with SHA-256 - 32 octets: IV (only the first 16 octets are used, please ignore the rest) - 32 octets: SHA-256 hash of unencrypted biometric data - rest: biometric data encrypted with AES-256 in CBC mode using padding as described in RFC 2246. This function fails for document time stamps, see getMethod().

Get the length of the key used for signing.

Get the lock MDP value of the signature. The lock MDP value specifies what modifications to the document are allowed by the signature.

Get the signing method. If the output is SignDocSignatureParameters.m_digsig_cades_rfc3161, the signature is a document time stamp. Use verifyTimeStampCertificateChain() etc. instead of verifyCertificateChain() etc. for document time stamps.

Get the modification state of a PDF document. Use this function to find out if the modifications applied to a PDF document after adding a signature are allowed by that signature. As there is no specification for the modifications allowed or prohibited by a signature, this function tries to mimic the behavior of Adobe Reader. For TIFF documents, the output is computed directly from the output of getState().

Get a blob property from the signature field. Available blob parameters are: -BiometricHash A message digest computed over the document hash and the unencrypted biometric data, empty if not present. - Contents The Contents entry of the signature dictionary, that is, the digital signature (PDF documents only). - Signature The PKCS #1 or DER-encoded PKCS #7 signature. . Additional, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_BiometricData", and "Prop_Build", which are reserved), see de.softpro.doc.SignDocSignatureParameters.setBlob().

Get a string parameter from the signature field.

Get the signature state. Use this function to find out if the document is still identical to the signed document, or has been updated since signed, or has been tampered with. If the state is ss_unsupported_signature or ss_invalid_certificate, getErrorMessage() will provide additional information. Use verifyCertificateChain() to find out if you can trust the identity of the signer. If the return value is #ss_document_extended for a PDF document, you should call getModificationState() to get additional information.

Get the value of the RFC 3161 time stamp. You must call verifyTimeStampCertificateChain() and getTimeStampCertificateRevocationState() to find out whether the time stamp can be trusted. If either of these functions report a problem, the time stamp should not be displayed. A signature has either an RFC 3161 time stamp (returned by this function) or a time stamp stored as string parameter (returned by getSignatureString().

Get the revocation state of the certificate chain of the RFC 3161 time stamp. verifyTimeStampCertificateChain() must have been called successfully. getErrorMessage() will return an error message if this function fails (return value not #rc_ok) or the verification result returned is not #crs_ok. If #vf_check_revocation was not set in integer parameter "VerificationFlags" of the most recent call to verifyTimeStampCertificateChain(), this function will return #crs_not_checked.

Get the certificates of the RFC 3161 time stamp.

Get the message digest algorithm of the RFC 3161 timestamp. The following table shows the supported digest algorithms and the respective value of integer parameter "TimeStampHashAlgorithm":

Get the state of the RFC 3161 time stamp.

Verify the certificate chain of the signature's certificate. Use this function to find out if you can trust the identity of the signer. getErrorMessage() will return an error message if this function fails (return value not #rc_ok) or the verification result returned is not #ccs_ok or getCertificateRevocationState() won't return #crs_ok. Call getCertificateRevocationState() after this function to get the revocation state. This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateChain().

Simplified verification of the certificate chain and revocation status of the signature's certificate. This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure. This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateSimplified().

Verify the certificate chain of the RFC 3161 time stamp. getErrorMessage() will return an error message if this function fails (return value not #rc_ok) or the verification result returned is not #ccs_ok. Call getTimeStampCertificateRevocationState() after this function to get the revocation state.

Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp. This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure. For integer parameter "CertificateChainVerificationPolicy", #ccvp_accept_self_signed_with_bio and #ccvp_accept_self_signed_with_rsa_bio are treated like #ccvp_accept_self_signed.