SignDoc SDK (.NET without exceptions)
5.0.0
|
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2(). More...
Public Member Functions | |
~SignDocVerificationResult () | |
Destructor. More... | |
!SignDocVerificationResult () | |
Finalizer. More... | |
SignatureState | getState (out ReturnCode aReturnCode) |
Get the signature state. More... | |
ModificationState | getModificationState (out ReturnCode aReturnCode) |
Get the modification state of a PDF document. More... | |
SigningMethod | getMethod (out ReturnCode aReturnCode) |
Get the signing method. More... | |
int | getDocMDP () |
Get the DocMDP P value of a certification signature. More... | |
int | getLockMDP () |
Get the lock MDP value of the signature. More... | |
string | getDigestAlgorithm (out ReturnCode aReturnCode) |
Get the message digest algorithm of the signature. More... | |
Blobs | getCertificates (out ReturnCode aReturnCode) |
Get the certificates of the signature. More... | |
CertificateChainState | verifyCertificateChain (out ReturnCode aReturnCode, SignDocVerificationParameters aParameters) |
Verify the certificate chain of the signature's certificate. More... | |
CertificateRevocationState | getCertificateRevocationState (out ReturnCode aReturnCode) |
Get the revocation state of the certificate chain of the signature's certificate. More... | |
ReturnCode | verifyCertificateSimplified (SignDocVerificationParameters aParameters) |
Simplified verification of the certificate chain and revocation status of the signature's certificate. More... | |
int | getCertificateChainLength (out ReturnCode aReturnCode) |
Get the certificate chain length. More... | |
string | getSignatureString (out ReturnCode aReturnCode, string aName) |
Get a string parameter from the signature field. More... | |
byte[] | getSignatureBlob (out ReturnCode aReturnCode, string aName) |
Get a blob property from the signature field. More... | |
byte[] | getBiometricData (out ReturnCode aReturnCode, byte[] aKey, string aKeyPath, byte[] aPassphrase) |
Get the biometric data of the field. More... | |
byte[] | getEncryptedBiometricData (out ReturnCode aReturnCode) |
Get the encrypted biometric data of the field. More... | |
BiometricEncryption | getBiometricEncryption (out ReturnCode aReturnCode) |
Get the encryption method used for biometric data of the signature field. More... | |
bool | checkBiometricHash (out ReturnCode aReturnCode, byte[] aBio) |
Check the hash of the biometric data. More... | |
TimeStampState | getTimeStampState (out ReturnCode aReturnCode) |
Get the state of the RFC 3161 time stamp. More... | |
string | getTimeStampDigestAlgorithm (out ReturnCode aReturnCode) |
Get the message digest algorithm of the RFC 3161 timestamp. More... | |
CertificateChainState | verifyTimeStampCertificateChain (out ReturnCode aReturnCode, SignDocVerificationParameters aParameters) |
Verify the certificate chain of the RFC 3161 time stamp. More... | |
CertificateRevocationState | getTimeStampCertificateRevocationState (out ReturnCode aReturnCode) |
Get the revocation state of the certificate chain of the RFC 3161 time stamp. More... | |
ReturnCode | verifyTimeStampCertificateSimplified (SignDocVerificationParameters aParameters) |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp. More... | |
string | getTimeStamp (out ReturnCode aReturnCode) |
Get the value of the RFC 3161 time stamp. More... | |
Blobs | getTimeStampCertificates (out ReturnCode aReturnCode) |
Get the certificates of the RFC 3161 time stamp. More... | |
string | getErrorMessage () |
Get an error message for the last function call. More... | |
Information about a signature field returned by SignDocDocument.verifySignature() or SignDocDocument.verifySignature2().
Destructor.
Finalizer.
bool checkBiometricHash | ( | out ReturnCode | aReturnCode, |
byte[] | aBio | ||
) |
Check the hash of the biometric data.
This function fails for document time stamps, see getMethod().
[in] | aBio | Unencrypted biometric data, typically retrieved by getBiometricData(). |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
byte [] getBiometricData | ( | out ReturnCode | aReturnCode, |
byte[] | aKey, | ||
string | aKeyPath, | ||
byte[] | aPassphrase | ||
) |
Get the biometric data of the field.
Use getBiometricEncryption() to find out what parameters need to be passed:
This function fails for document time stamps, see getMethod().
[in] | aKey | The key (must be empty if aKeyPath is non-empty). |
[in] | aKeyPath | Pathname of the file containing the key (must be an empty string if aKey is non-empty). |
[in] | aPassphrase | Passphrase for decrypting the key contained in the file named by aKeyPath. If this argument an empty string, it will be assumed that the key file is not protected by a passphrase. aPassphrase is used only when reading the key from a file for BiometricEncryption.RSA. The passphrase should contain ASCII characters only. |
[out] | aReturnCode | The return code, ReturnCode.OK if successful, ReturnCode.NoBiometricData if no biometric data is availabable. |
BiometricEncryption getBiometricEncryption | ( | out ReturnCode | aReturnCode | ) |
Get the encryption method used for biometric data of the signature field.
This function fails for document time stamps, see getMethod().
[out] | aReturnCode | The return code, ReturnCode.OK if successful, ReturnCode.NoBiometricData if no biometric data is availabable. |
int getCertificateChainLength | ( | out ReturnCode | aReturnCode | ) |
Get the certificate chain length.
verifyCertificateChain() or verifyCertificateSimplified() must have been called successfully.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
CertificateRevocationState getCertificateRevocationState | ( | out ReturnCode | aReturnCode | ) |
Get the revocation state of the certificate chain of the signature's certificate.
verifyCertificateChain() must have been called successfully.
getErrorMessage() will return an error message if the verification result returned is not CertificateRevocationState.OK.
If VerificationFlags.CheckRevocation was not set in integer parameter "VerificationFlags" for the most recent call to verifyCertificateChain(), this function will return CertificateRevocationState.NotChecked.
This function fails for document time stamps, see getMethod() and getTimeStampCertificateRevocationState().
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
Blobs getCertificates | ( | out ReturnCode | aReturnCode | ) |
Get the certificates of the signature.
This function fails for document time stamps, see getMethod() and getTimeStampCertificates().
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
string getDigestAlgorithm | ( | out ReturnCode | aReturnCode | ) |
Get the message digest algorithm of the signature.
Note that the values returned by this functions are different from the Digest values used by SignDocField.getSeedValueDigestMethod() and friends:
DigestMethod | getDigestAlgorithm() | DetachedHashAlgorithm |
---|---|---|
n/a | "MD5" | n/a |
"RIPEMD160" | "RIPEMD-160" | "RIPEMD-160" |
"SHA1" | "SHA-1" | "SHA-1" |
- | "SHA-224" | "SHA-224" |
"SHA256" | "SHA-256" | "SHA-256" |
"SHA384" | "SHA-384" | "SHA-384" |
"SHA512" | "SHA-512" | "SHA-512" |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
int getDocMDP | ( | ) |
Get the DocMDP P value of a certification signature.
The DocMDP P value specifies what modifications to the document are allowed by the certification signature.
byte [] getEncryptedBiometricData | ( | out ReturnCode | aReturnCode | ) |
Get the encrypted biometric data of the field.
Use this function if you cannot use getBiometricData() for decrypting the biometric data (for instance, because the private key is stored in an HSM).
In the following description of the format of the encrypted data retrieved by this function, all numbers are stored in little-endian format (howver, RSA uses big-endian format):
If the version number is 1, the encryption method is BiometricEncryption.RSA with a 2048-bit key and the body has this format:
If the version number is 2, the body has this format:
If the version number is 3, the encryption method is BiometricEncryption.RSA with a key longer than 2048 bits and the body has this format:
This function fails for document time stamps, see getMethod().
[out] | aReturnCode | The return code, ReturnCode.OK if successful, ReturnCode.NoBiometricData if no biometric data is availabable. |
string getErrorMessage | ( | ) |
Get an error message for the last function call.
int getLockMDP | ( | ) |
Get the lock MDP value of the signature.
The lock MDP value specifies what modifications to the document are allowed by the signature.
SigningMethod getMethod | ( | out ReturnCode | aReturnCode | ) |
Get the signing method.
If the output is SigningMethod.DigSigCadesRFC3161, the signature is a document time stamp. Use verifyTimeStampCertificateChain() etc. instead of verifyCertificateChain() etc. for document time stamps.
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
ModificationState getModificationState | ( | out ReturnCode | aReturnCode | ) |
Get the modification state of a PDF document.
Use this function to find out if the modifications applied to a PDF document after adding a signature are allowed by that signature.
As there is no specification for the modifications allowed or prohibited by a signature, this function tries to mimic the behavior of Adobe Reader.
For TIFF documents, the output is computed directly from the output of getState().
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
byte [] getSignatureBlob | ( | out ReturnCode | aReturnCode, |
string | aName | ||
) |
Get a blob property from the signature field.
Available blob parameters are:
Additional, you can store your own blobs in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see SignDocSignatureParameters.setBlob().
[in] | aName | The name of the property. |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
string getSignatureString | ( | out ReturnCode | aReturnCode, |
string | aName | ||
) |
Get a string parameter from the signature field.
Available string parameters are:
Additionally, you can store your own strings in the signature by using a name starting with "Prop_", except for "Prop_AuthTime", "Prop_AuthType", "Prop_Build", and any name starting with "Prop_BiometricData" (which are reserved), see SignDocSignatureParameters.setString().
The following parameters are not available for document time stamps, see getMethod(): ContactInfo, Location, Reason, and Signer.
[in] | aName | The name of the parameter. |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
SignatureState getState | ( | out ReturnCode | aReturnCode | ) |
Get the signature state.
Use this function to find out if the document is still identical to the signed document, or has been updated since signed, or has been tampered with.
If the state is SignatureState.UnsupportedSignature or SignatureState.InvalidCertificate, getErrorMessage() will provide additional information.
If the state is SignatureState.DocumentExtended, getModificationState() will provide additional information.
Use verifyCertificateChain() to find out if you can trust the identity of the signer.
If the output is SignatureState.DocumentExtended for a PDF document, you should call getModificationState() to get additional information.
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
string getTimeStamp | ( | out ReturnCode | aReturnCode | ) |
Get the value of the RFC 3161 time stamp.
You must call verifyTimeStampCertificateChain() and getTimeStampCertificateRevocationState() to find out whether the time stamp can be trusted. If either of these functions report a problem, the time stamp should not be displayed.
A signature has either an RFC 3161 time stamp (returned by this function) or a time stamp stored as string parameter (returned by getSignatureString().
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
CertificateRevocationState getTimeStampCertificateRevocationState | ( | out ReturnCode | aReturnCode | ) |
Get the revocation state of the certificate chain of the RFC 3161 time stamp.
verifyTimeStampCertificateChain() must have been called successfully. getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateRevocationState.OK.
If VerificationFlags.CheckRevocation was not set in integer parameter "VerificationFlags" of the most recent call to verifyTimeStampCertificateChain(), this function will return CertificateRevocationState.NotChecked.
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
Blobs getTimeStampCertificates | ( | out ReturnCode | aReturnCode | ) |
Get the certificates of the RFC 3161 time stamp.
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
string getTimeStampDigestAlgorithm | ( | out ReturnCode | aReturnCode | ) |
Get the message digest algorithm of the RFC 3161 timestamp.
The following table shows the supported digest algorithms and the respective value of string parameter "TimeStampHashAlgorithm":
getTimeStampDigestAlgorithm() | TimeStampHashAlgorithm |
---|---|
"MD5" | n/a |
"RIPEMD-160" | n/a |
"SHA-1" | "SHA-1" |
"SHA-256" | "SHA-256" |
"SHA-384" | "SHA-384" |
"SHA-512" | "SHA-512" |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
TimeStampState getTimeStampState | ( | out ReturnCode | aReturnCode | ) |
Get the state of the RFC 3161 time stamp.
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
CertificateChainState verifyCertificateChain | ( | out ReturnCode | aReturnCode, |
SignDocVerificationParameters | aParameters | ||
) |
Verify the certificate chain of the signature's certificate.
Use this function to find out if you can trust the identity of the signer.
getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateChainState.OK or getCertificateRevocationState() won't return CertificateRevocationState.OK.
Call getCertificateRevocationState() after this function to get the revocation state.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateChain().
[in] | aParameters | Verification parameters or null for default parameters. |
[out] | aReturnCode | The return code, ReturnCode.OK iff successful. |
ReturnCode verifyCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) |
Simplified verification of the certificate chain and revocation status of the signature's certificate.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
This function fails for document time stamps, see getMethod() and verifyTimeStampCertificateSimplified().
[in] | aParameters | Verification parameters or null for default parameters. |
CertificateChainState verifyTimeStampCertificateChain | ( | out ReturnCode | aReturnCode, |
SignDocVerificationParameters | aParameters | ||
) |
Verify the certificate chain of the RFC 3161 time stamp.
getErrorMessage() will return an error message if this function fails or the verification result returned is not CertificateChainState.OK.
Call getTimeStampCertificateRevocationState() after this function to get the revocation state.
[in] | aParameters | verification parameters or null for default parameters. |
[out] | aReturnCode | The return code, ReturnCode.OK if successful, ReturnCode.NotVerified if verification has failed. |
ReturnCode verifyTimeStampCertificateSimplified | ( | SignDocVerificationParameters | aParameters | ) |
Simplified verification of the certificate chain and revocation status of the RFC 3161 time stamp.
This function just returns a good / not good value according to policies defined by the arguments. It does not tell the caller what exactly is wrong. However, getErrorMessage() will return an error message if this function fails. Do not attempt to base decisions on that error message, please use verifyCertificateChain() instead of this function if you need details about the failure.
For integer parameter "CertificateChainVerificationPolicy", CertificateChainVerificationPolicy.AcceptSelfSignedWithBio and CertificateChainVerificationPolicy.AcceptSelfSignedWithRSABio are treated like CertificateChainVerificationPolicy.AcceptSelfSigned.
[in] | aParameters | Verification parameters or null for default parameters. |