SignDoc SDK (.NET with exceptions)
5.0.0
|
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2(). More...
Public Member Functions | |
~SignDocVerificationResult () | |
Destructor. More... | |
!SignDocVerificationResult () | |
Finalizer. More... | |
SignatureState | getState () |
Get the signature state. More... | |
ModificationState | getModificationState () |
Get the modification state of a PDF document. More... | |
SigningMethod | getMethod () |
Get the signing method. More... | |
int | getDocMDP () |
Get the DocMDP P value of a certification signature. More... | |
int | getLockMDP () |
Get the lock MDP value of the signature. More... | |
string | getDigestAlgorithm () |
Get the message digest algorithm of the signature. More... | |
Blobs | getCertificates () |
Get the certificates of the signature. More... | |
CertificateChainState | verifyCertificateChain (SignDocVerificationParameters aParameters) |
Verify the certificate chain of the signature's certificate. More... | |
CertificateRevocationState | getCertificateRevocationState () |
Get the revocation state of the certificate chain of the signature's certificate. More... | |
VerificationResultReturnCode | verifyCertificateSimplified (SignDocVerificationParameters aParameters) |
Simplified verification of the certificate chain and revocation status of the signature's certificate. More... | |
int | getCertificateChainLength () |
Get the certificate chain length. More... | |
string | getSignatureString (string aName) |
Get a string parameter from the signature field. More... | |
byte[] | getSignatureBlob (string aName) |
Get a blob property from the signature field. More... | |
byte[] | getBiometricData (byte[] aKey, string aKeyPath, byte[] aPassphrase) |
Get the biometric data of the field. More... | |
byte[] | getEncryptedBiometricData () |
Get the encrypted biometric data of the field. More... | |
BiometricEncryption | getBiometricEncryption () |
Get the encryption method used for biometric data of the signature field. More... | |
bool | checkBiometricHash (byte[] aBio) |
Check the hash of the biometric data. More... | |
TimeStampState | getTimeStampState () |
Get the state of the RFC 3161 time stamp. More... | |
string | getTimeStampDigestAlgorithm () |
Get the message digest algorithm of the RFC 3161 timestamp. More... | |
CertificateChainState | verifyTimeStampCertificateChain (SignDocVerificationParameters aParameters) |
Verify the certificate chain of the RFC 3161 time stamp. More... | |
CertificateRevocationState | getTimeStampCertificateRevocationState () |
Get the revocation state of the certificate chain of the RFC 3161 time stamp. More... | |
VerificationResultReturnCode | verifyTimeStampCertificateSimplified (SignDocVerificationParameters aParameters) |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp. More... | |
string | getTimeStamp () |
Get the value of the RFC 3161 time stamp. More... | |
Blobs | getTimeStampCertificates () |
Get the certificates of the RFC 3161 time stamp. More... | |
string | getErrorMessage () |
Get an error message for the last function call. More... | |
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2().
Destructor.
Finalizer.
bool checkBiometricHash | ( | byte[] | aBio | ) |
Check the hash of the biometric data.
This function fails for document time stamps, see getMethod().
[in] | aBio | Unencrypted biometric data, typically retrieved by getBiometricData(). |
byte [] getBiometricData | ( | byte[] | aKey, |
string | aKeyPath, | ||
byte[] | aPassphrase | ||
) |
Get the biometric data of the field.
Use getBiometricEncryption() to find out what parameters need to be passed:
This function fails for document time stamps, see getMethod().
[in] | aKey | The key (must be empty if aKeyPath is non-empty). |
[in] | aKeyPath | Pathname of the file containing the key (must be an empty string if aKey is non-empty). |
[in] | aPassphrase | Passphrase for decrypting the key contained in the file named by aKeyPath. If this argument an empty string, it will be assumed that the key file is not protected by a passphrase. aPassphrase is used only when reading the key from a file for BiometricEncryption.RSA. The passphrase should contain ASCII characters only. |
BiometricEncryption getBiometricEncryption | ( | ) |
Get the encryption method used for biometric data of the signature field.
This function fails for document time stamps, see getMethod().
int getCertificateChainLength | ( | ) |
Get the certificate chain length.
verifyCertificateChain() or verifyCertificateSimplified() must have been called successfully.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
CertificateRevocationState getCertificateRevocationState | ( | ) |
Get the revocation state of the certificate chain of the signature's certificate.
verifyCertificateChain() must have been called successfully.
getErrorMessage() will return an error message if the verification result returned is not CertificateRevocationState.OK.
If VerificationFlags.CheckRevocation was not set in integer parameter "VerificationFlags" for the most recent call to verifyCertificateChain(), this function will return CertificateRevocationState.NotChecked.
This function fails for document time stamps, see getMethod() and getTimeStampCertificateRevocationState().
Blobs getCertificates | ( | ) |
Get the certificates of the signature.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
string getDigestAlgorithm | ( | ) |
Get the message digest algorithm of the signature.
Note that the values returned by this functions are different from the Digest values used by SignDocField.getSeedValueDigestMethod() and friends:
DigestMethod | getDigestAlgorithm() | DetachedHashAlgorithm |
---|---|---|
n/a | "MD5" | n/a |
"RIPEMD160" | "RIPEMD-160" | "RIPEMD-160" |
"SHA1" | "SHA-1" | "SHA-1" |
- | "SHA-224" | "SHA-224" |
"SHA256" | "SHA-256" | "SHA-256" |
"SHA384" | "SHA-384" | "SHA-384" |
"SHA512" | "SHA-512" | "SHA-512" |
int getDocMDP | ( | ) |
Get the DocMDP P value of a certification signature.
The DocMDP P value specifies what modifications to the document are allowed by the certification signature.
byte [] getEncryptedBiometricData | ( | ) |
Get the encrypted biometric data of the field.
Use this function if you cannot use getBiometricData() for decrypting the biometric data (for instance, because the private key is stored in an HSM).
In the following description of the format of the encrypted data retrieved by this function, all numbers are stored in little-endian format (howver, RSA uses big-endian format):
If the version number is 1, the encryption method is BiometricEncryption.RSA with a 2048-bit key and the body has this format:
If the version number is 2, the body has this format:
If the version number is 3, the encryption method is BiometricEncryption.RSA with a key longer than 2048 bits and the body has this format:
This function fails for document time stamps, see getMethod().
string getErrorMessage | ( | ) |
Get an error message for the last function call.
int getLockMDP | ( | ) |
Get the lock MDP value of the signature.
The lock MDP value specifies what modifications to the document are allowed by the signature.
SigningMethod getMethod | ( | ) |
Get the signing method.
If the output is SigningMethod.DigSigCadesRFC3161, the signature is a document time stamp. Use verifyTimeStampCertificateChain() etc. instead of verifyCertificateChain() etc. for document time stamps.
ModificationState getModificationState | ( | ) |
Get the modification state of a PDF document.
Use this function to find out if the modifications applied to a PDF document after adding a signature are allowed by that signature.
As there is no specification for the modifications allowed or prohibited by a signature, this function tries to mimic the behavior of Adobe Reader.
For TIFF documents, the output is computed directly from the output of getState().
byte [] getSignatureBlob | ( | string | aName | ) |
Get a blob property from the signature field.
Available blob parameters are:
Additional, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see SignDocSignatureParameters.setBlob().
[in] | aName | The name of the property. |
string getSignatureString | ( | string | aName | ) |
Get a string parameter from the signature field.
Available string parameters are:
Additionally, you can store your own strings in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see SignDocSignatureParameters.setString().
The following parameters are not available for document time stamps, see getMethod(): ContactInfo, Location, Reason, and Signer.
[in] | aName | The name of the parameter. |
SignatureState getState | ( | ) |
Get the signature state.
Use this function to find out if the document is still identical to the signed document, or has been updated since signed, or has been tampered with.
If the state is SignatureState.UnsupportedSignature or SignatureState.InvalidCertificate, getErrorMessage() will provide additional information.
If the state is SignatureState.DocumentExtended, getModificationState() will provide additional information.
Use verifyCertificateChain() to find out if you can trust the identity of the signer.
If the output is SignatureState.DocumentExtended for a PDF document, you should call getModificationState() to get additional information.
string getTimeStamp | ( | ) |
Get the value of the RFC 3161 time stamp.
You must call verifyTimeStampCertificateChain() and getTimeStampCertificateRevocationState() to find out whether the time stamp can be trusted. If either of these functions report a problem, the time stamp should not be displayed.
A signature has either an RFC 3161 time stamp (returned by this function) or a time stamp stored as string parameter (returned by getSignatureString().
CertificateRevocationState getTimeStampCertificateRevocationState | ( | ) |
Get the revocation state of the certificate chain of the RFC 3161 time stamp.
verifyTimeStampCertificateChain() must have been called successfully. getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateRevocationState.OK.
If VerificationFlags.CheckRevocation was not set in integer parameter "VerificationFlags" of the most recent call to verifyTimeStampCertificateChain(), this function will return CertificateRevocationState.NotChecked.
Blobs getTimeStampCertificates | ( | ) |
Get the certificates of the RFC 3161 time stamp.
string getTimeStampDigestAlgorithm | ( | ) |
Get the message digest algorithm of the RFC 3161 timestamp.
The following table shows the supported digest algorithms and the respective value of string parameter "TimeStampHashAlgorithm":
getTimeStampDigestAlgorithm() | TimeStampHashAlgorithm |
---|---|
"MD5" | n/a |
"RIPEMD-160" | n/a |
"SHA-1" | "SHA-1" |
"SHA-256" | "SHA-256" |
"SHA-384" | "SHA-384" |
"SHA-512" | "SHA-512" |
TimeStampState getTimeStampState | ( | ) |
Get the state of the RFC 3161 time stamp.
CertificateChainState verifyCertificateChain | ( | SignDocVerificationParameters | aParameters | ) |
Verify the certificate chain of the signature's certificate.
Use this function to find out if you can trust the identity of the signer.
getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateChainState.OK or getCertificateRevocationState() won't return CertificateRevocationState.OK.
Call getCertificateRevocationState() after this function to get the revocation state.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateChain().
[in] | aParameters | Verification parameters or null for default parameters. |
VerificationResultReturnCode verifyCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) |
Simplified verification of the certificate chain and revocation status of the signature's certificate.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateSimplified().
[in] | aParameters | Verification parameters or null for default parameters. |
CertificateChainState verifyTimeStampCertificateChain | ( | SignDocVerificationParameters | aParameters | ) |
Verify the certificate chain of the RFC 3161 time stamp.
getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateChainState.OK.
Call getTimeStampCertificateRevocationState() after this function to get the revocation state.
[in] | aParameters | verification parameters or null for default parameters. |
VerificationResultReturnCode verifyTimeStampCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
For integer parameter "CertificateChainVerificationPolicy", CertificateChainVerificationPolicy.AcceptSelfSignedWithBio and CertificateChainVerificationPolicy.AcceptSelfSignedWithRSABio are treated like CertificateChainVerificationPolicy.AcceptSelfSigned.
[in] | aParameters | Verification parameters or null for default parameters. |