Class VerificationOptions

Options pertaining to digital signature verification.

Inheritance

System.Object

VerificationOptions

Implements

System.IDisposable

Inherited Members

System.Object.ToString()

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

Namespace: pdftron.PDF

Assembly: PDFNet.dll

Syntax

public sealed class VerificationOptions : IDisposable

Constructors

VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel)

Constructs a set of options for digital signature verification.

Declaration

public VerificationOptions(VerificationOptions.SignatureVerificationSecurityLevel in_level)

Parameters

Type	Name	Description
VerificationOptions.SignatureVerificationSecurityLevel	in_level	the general security level to use. Sets other security settings internally.

Methods

AddTrustedCertificate(Byte[])

Adds a certificate to the store of trusted certificates inside this options object. This overload uses the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour, to determine the trust level of the certificate.

Declaration

public void AddTrustedCertificate(byte[] in_certificate_data)

Parameters

Type	Name	Description
System.Byte[]	in_certificate_data	a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header + Base64 encoded DER + appropriate footer) format

AddTrustedCertificate(Byte[], UInt16)

Declaration

public void AddTrustedCertificate(byte[] in_certificate_data, ushort in_trust_flags)

Parameters

Type	Name	Description
System.Byte[]	in_certificate_data
System.UInt16	in_trust_flags

AddTrustedCertificate(String)

Adds a certificate to the store of trusted certificates inside this options object, by loading it from a file. This overload uses the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour, to determine the trust level of the certificate.

Declaration

public void AddTrustedCertificate(string in_filepath)

Parameters

Type	Name	Description
System.String	in_filepath	a path to a file containing the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format

AddTrustedCertificate(String, UInt16)

Declaration

public void AddTrustedCertificate(string in_filepath, ushort in_trust_flags)

Parameters

Type	Name	Description
System.String	in_filepath
System.UInt16	in_trust_flags

AddTrustedCertificates(Byte[])

Bulk trust list loading API from P7C. Attempts to decode the input data as binary DER and trust multiple trusted root certificates from it. Compatible with Acrobat's .P7C format, which is a variation on PKCS #7/CMS that only contains certificates (i.e. no CRLs, no signature, etc.). If a certificate cannot be decoded, this is ignored and an attempt is made to decode the next certificate. This overload takes no account of trust-level flags because none are available in the P7C format. Therefore, when this function is used, all certificates in the P7C file will be loaded as if trusted for everything, which may lead to false positives when compared to other PDF software. (Most applications use the FDF Cert Exchange format.) The FDF-trust-list-loading function "LoadTrustList" should be used instead whenever possible.

Declaration

public void AddTrustedCertificates(byte[] in_P7C_binary_DER_certificates_file_data)

Parameters

Type	Name	Description
System.Byte[]	in_P7C_binary_DER_certificates_file_data	the P7C-format bulk certificate data, encoded in binary DER (Distinguished Encoding Rules)

Dispose()

Declaration

public override sealed void Dispose()

Dispose(Boolean)

Declaration

[HandleProcessCorruptedStateExceptions]
protected void Dispose(bool A_0)

Parameters

Type	Name	Description
System.Boolean	A_0

EnableDigestVerification(Boolean)

Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.

Declaration

public void EnableDigestVerification(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	A boolean.

EnableModificationVerification(Boolean)

Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.

Declaration

public void EnableModificationVerification(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	A boolean.

EnableOnlineCRLRevocationChecking(Boolean)

Enables / disables online CRL revocation checking.The default setting is for it to be turned off, but this may change in future versions.

Declaration

public void EnableOnlineCRLRevocationChecking(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	what setting to use

Remarks

CRL checking is off by default because the technology is inherently complicated and resource - intensive, but may help improve verification rate when files are verified against a recent reference - time(e.g.maximum security mode), because online CRLs will be valid within that time.This mode will not be useful for old archival - type('LTV') documents verified in archiving - and-compatibility security mode, because their online OCSP and / or CRL responder servers may not be alive anymore.However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.

EnableOnlineOCSPRevocationChecking(Boolean)

Enables/disables online OCSP revocation checking. The default setting is for it to be turned on.

Declaration

public void EnableOnlineOCSPRevocationChecking(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	what setting to use

EnableOnlineRevocationChecking(Boolean)

Enables/disables all online revocation checking modes. The default settings are that online OCSP is turned on and online CRL is turned off, but the default CRL setting may change in future versions.

Declaration

public void EnableOnlineRevocationChecking(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	what setting to use.

Remarks

EnableTrustVerification(Boolean)

Sets a flag that can turn on or off the verification of the trust status of a digital signature.

Declaration

public void EnableTrustVerification(bool in_on_or_off)

Parameters

Type	Name	Description
System.Boolean	in_on_or_off	A boolean.

Finalize()

Declaration

protected void Finalize()

LoadTrustList(FDFDoc)

Bulk trust list loading API with trust flag support. Loads a trust list that is structured in Acrobat's FDF Data/Cert Exchange format into the VerificationOptions certificate store. Use of this function is strongly recommended instead of the P7C API (i.e. AddTrustedCertificates). Certificates inside the FDF trust list that cannot be decoded and loaded, will be skipped.

Declaration

public void LoadTrustList(FDFDoc in_fdf_cert_exchange_data)

Parameters

Type	Name	Description
FDFDoc	in_fdf_cert_exchange_data	an FDFDoc from the FDF cert exchange data

SetRevocationTimeout(UInt32)

Declaration

public void SetRevocationTimeout(uint in_revocation_timeout_milliseconds)

Parameters

Type	Name	Description
System.UInt32	in_revocation_timeout_milliseconds

Implements

System.IDisposable