SignDoc SDK (.NET with exceptions)  5.0.2.22
Public Member Functions | List of all members
SignDocCertificate Class Reference

An X.509 certificiate. More...

Public Member Functions

 ~SignDocCertificate ()
 Destructor. More...
 
 !SignDocCertificate ()
 Finalizer. More...
 
 SignDocCertificate ()
 Constructor. More...
 
 SignDocCertificate (SignDocCertificate aSource)
 Copy constructor. More...
 
SignDocCertificate clone ()
 Create a copy of this object. More...
 
void clear ()
 Remove any certificates from this object. More...
 
void loadFromMemory (ConstArray(Byte) aData, CertificateLoadFlags aFlags)
 Load a certificate from a blob. More...
 
void loadFromFile (string aPath, CertificateLoadFlags aFlags)
 Load a certificate from a file. More...
 
int getCertificateCount ()
 Get the number of certificates. More...
 
void selectCertificate (int aIndex)
 Select a certificate. More...
 
int getSelectedCertificate ()
 Get the index of the currently selected certificate. More...
 
 ARRAY (Byte) saveToMemory(CertificateSaveFlags aFlags)
 Save the selected certificate as a blob. More...
 
void saveToFile (string aPath, CertificateSaveFlags aFlags)
 Save the certificate to a file. More...
 
string getLabel ()
 Get the PEM label of the certificate. More...
 
bool isCA ()
 Check if the CA bit of the certificate is set. More...
 
bool isSelfSigned ()
 Check if the certificate is self-signed. More...
 
bool isValidForSigning (SignDocSignatureParameters aParameters)
 Check if the certificate can be used as signing certificate for signing documents. More...
 
string getIssuerCommonName ()
 Get the issuer common name. More...
 
string getSubjectCommonName ()
 Get the subject common name. More...
 
string getSubjectEmail ()
 Get the subject's email address. More...
 
string getNotBefore ()
 Get the notBefore value. More...
 
string getNotAfter ()
 Get the notAfter value. More...
 
string getKeyAlgorithm ()
 Get the key algorithm in human-readable form. More...
 
string getKeyAlgorithmOID ()
 Get the key algorithm as object identifier. More...
 
 ARRAY (Byte) getSerialNumber()
 Get the serial number. More...
 
 ARRAY (Byte) getEncodedIssuer()
 Get the encoded issuer. More...
 
 ARRAY (Byte) getEncodedSubject()
 Get the encoded subject. More...
 
 ARRAY (SignDocCertificate) getSigningCertificates(SignDocSignatureParameters aParameters)
 Get certificates that can be used for signing. More...
 
string getErrorMessage ()
 Get an error message for the last function call. More...
 

Detailed Description

An X.509 certificiate.

This class can be used for extracting information from an X.509 certificate. You can also use getSigningCertificates() to get certificates that can be used for signing.

When loading from a PEM blob or file (or when using CertificateLoadFlags.Add), an object of this class may contain multiple certificates, see getCertificateCount() and selectCertificate().

Constructor & Destructor Documentation

~SignDocCertificate ( )

Destructor.

!SignDocCertificate ( )

Finalizer.

SignDocCertificate ( )

Constructor.

This object won't contain a certificate for now, getCertificateCount() will return zero.

SignDocCertificate ( SignDocCertificate  aSource)

Copy constructor.

Parameters
[in]aSourceThe object to be copied.

Member Function Documentation

ARRAY ( Byte  )

Save the selected certificate as a blob.

If all certificates are selected by selectCertificate(-1), aFlags must include CertificateSaveFlags.PEM.

Certificates without PEM label will be saved with PEM label "CERTIFICATE".

Parameters
[in]aFlagsFlags controlling the format of the blob and other details of the operation, see CertificateSaveFlags.
Returns
The certificate as a blob.
See also
loadFromMemory(), saveToFile()
ARRAY ( Byte  )

Get the serial number.

Returns
The serial number of the currently selected certificate as blob with the most-significant octet first.
See also
selectCertificate()
ARRAY ( Byte  )

Get the encoded issuer.

Returns
The issuer of the currently selected certificate as DER-encoded blob.
See also
getIssuerCommonName(), selectCertificate()
ARRAY ( Byte  )

Get the encoded subject.

Returns
The subject of the currently selected certificate as DER-encoded blob.
See also
getSubjectCommonName(), getSubjectEmail(), selectCertificate()
ARRAY ( SignDocCertificate  )

Get certificates that can be used for signing.

On Windows, the certificates are provided by the Windows certificate store or a PKCS #11 module configured in aParameters.

On MacOS and Linux, the certificates are provided by a PKCS #11 module configured in aParameters.

Only certificates for which a private key is available and which are time-valid and have suitable key usage will be returned.

This SignDocCertificate object is only used for storing any error message.

Parameters
[in]aParametersPKCS #11 configuration and parameters for filtering certificates. Integer parameter "SelectCertificate" must include CertificateSelectionFlags.Software or CertificateSelectionFlags.Hardware. Values from the signature field's seed value dictionary stored in aParameters by SignDocDocument.createSignatureParameters() will be used for filtering certificates. String parameter "Timestamp" (which must not be "TSA") and integer parameter "TimestampOffset" will be used for getting the signing time.
Returns
The certificates.
Note
The WinRT component returns null instead of an empty array.
See also
isValidForSigning()
void clear ( )

Remove any certificates from this object.

getCertificateCount() will return zero.

SignDocCertificate clone ( )

Create a copy of this object.

Returns
The new object.
int getCertificateCount ( )

Get the number of certificates.

After loading from a PEM blob or file, this object may contain multiple certificates. This method returns the number of certificates loaded.

Returns
The number of certificates.
See also
loadFromFile(), loadFromMemory(), selectCertificate()
string getErrorMessage ( )

Get an error message for the last function call.

Returns
A string describing the reason for the failure of the last function call. The string is empty if the last call succeeded.
string getIssuerCommonName ( )

Get the issuer common name.

Returns
The common name of the selected certificate's issuer.
See also
getEncodedIssuer(), selectCertificate()
string getKeyAlgorithm ( )

Get the key algorithm in human-readable form.

Returns
The key algorithm of the currently selected certificate in human-readable form:
  • "DSA-BITS" where BITS is the key length in bits (e.g., "DSA-2048")
  • "DSA" if the key length is unknown
  • "ECC-CURVE" where CURVE is the name of the curve (e.g., "ECC-prime256v1")
  • "ECC" if the curve is unknown
  • "RSA-BITS" where BITS is the key length in bits (e.g., "RSA-2048")
  • "RSA" if the key length is unknown
See also
getKeyAlgorithmOID(), selectCertificate()
string getKeyAlgorithmOID ( )

Get the key algorithm as object identifier.

Returns
The key algorithm of the currently selected certificate as object identifier.
See also
getKeyAlgorithm(), selectCertificate()
string getLabel ( )

Get the PEM label of the certificate.

Returns
The PEM label ("CERTIFICATE" or "TRUSTED CERTIFICATE") of the selected certificate or an empty string ("") if the certificate was not loaded from a PEM blob or file.
See also
selectCertificate()
string getNotAfter ( )

Get the notAfter value.

The certificate is not valid after the time specified by the notAfter value.

Returns
The notAfter value in YYYY-MM-DDThh:mm:ss.SSSZ format.
See also
getNotBefore(), selectCertificate()
string getNotBefore ( )

Get the notBefore value.

The certificate is not valid before the time specified by the notBefore value.

Returns
The notBefore value in YYYY-MM-DDThh:mm:ss.SSSZ format.
See also
getNotAfter(), selectCertificate()
int getSelectedCertificate ( )

Get the index of the currently selected certificate.

Returns
The index of the currently selected certificate, -1 if all certificates are selected.
See also
selectCertificate()
string getSubjectCommonName ( )

Get the subject common name.

Returns
The common name of the selected certificate's subject.
See also
getEncodedSubject(), selectCertificate()
string getSubjectEmail ( )

Get the subject's email address.

Returns
The email address of the selected certificate's subject. An empty string if the email address is not present.
See also
getEncodedSubject(), selectCertificate()
bool isCA ( )

Check if the CA bit of the certificate is set.

Returns
true iff the CA bit of the certificate is set.
See also
selectCertificate()
bool isSelfSigned ( )

Check if the certificate is self-signed.

Returns
true iff the certificate is self-signed, ie, if the subject and the issuer are identical.
See also
selectCertificate()
bool isValidForSigning ( SignDocSignatureParameters  aParameters)

Check if the certificate can be used as signing certificate for signing documents.

Parameters
[in]aParametersParameters for getting the signing time, can be null. Only string parameter "Timestamp" (which must not be "TSA") and integer parameter "TimestampOffset" are used.
Returns
true if the certificate is time-valid and has suitable key usage, false otherwise.
See also
getErrorMessage(), getSigningCertificates(), selectCertificate()
void loadFromFile ( string  aPath,
CertificateLoadFlags  aFlags 
)

Load a certificate from a file.

For PEM, multiple certificates may be loaded.

This method opens the file, loads the certificate from the file, and closes the file.

The first new certificate will be selected.

Parameters
[in]aPathThe pathname of the file to be read.
[in]aFlagsFlags modifying the behavior of this function, see CertificateLoadFlags.

getCertificateCount(), loadFromMemory(), saveToFile(), selectCertificate()

void loadFromMemory ( ConstArray(Byte)  aData,
CertificateLoadFlags  aFlags 
)

Load a certificate from a blob.

For PEM, multiple certificates may be loaded.

The first new certificate will be selected.

Parameters
[in]aBlobA blob containing a DER-encoded or PEM-encoded X.509 certificate.
[in]aFlagsFlags modifying the behavior of this function, see CertificateLoadFlags.
See also
getCertificateCount(), loadFromFile(), saveToMemory(), selectCertificate()
void saveToFile ( string  aPath,
CertificateSaveFlags  aFlags 
)

Save the certificate to a file.

If all certificates are selected by selectCertificate(-1), aFlags must include SaveCertificateFlags.PEM.

Certificates without PEM label will be saved with PEM label "CERTIFICATE".

Parameters
[in]aPathThe pathname of the file to be created or overwritten.
[in]aFlagsFlags controlling the format of the blob and other details of the operation, see CertificateSaveFlags.
See also
addFromFile(), getErrorMessage(), loadFromFile(), saveToMemory()
void selectCertificate ( int  aIndex)

Select a certificate.

After loading from a PEM blob or file, this object may contain multiple certificates. This method selects the certificate to be operated on. Initially, the first certificate (at index 0) is selected.

Methods such as getSubjectCommonName() that work on a single certificate will fail if all certificates are selected even if there is only one certificate.

Parameters
[in]aIndex0-based index of the certificate to be selected, -1 to select all certificates.
See also
getCertificateCount(), getEncodedIssuer(), getEncodedSubject(), getIssuerCommonName(), getKeyAlgorithm(), getKeyAlgorithmOID(), getLabel(), getNotAfter(), getNotBefore(), getSerialNumber(), getSubjectCommonName(), getSubjectEmail(), isCA(), isSelfSigned(), isValidForSigning(), saveToFile(), saveToMemory()