EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Validate (signature/certified signature) return expired

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#20654
Posted: 06/28/2012 05:56:43
by Draycir Thailand (Standard support level)
Joined: 04/03/2012
Posts: 9

when i validate the signature i receive the validityreason =8 (expired)
in 2 different case
1) Sign PDF with expired certificate at the time of signing and open it after the expired date
2) Sign PDF with unexpired certificate at the time of signing and open it after expired date

is there anyway i can differentiate these 2 case?
#20656
Posted: 06/28/2012 06:12:53
by Eugene Mayevski (EldoS Corp.)

It's just basic date/time comparison. If you get "expired", you need to check if signing date is earlier than certificate expiration date. Such check can be done in OnAfterCertificateValidation event of TElX509CertificateValidator or after validation is complete.


Sincerely yours
Eugene Mayevski
#20669
Posted: 06/29/2012 02:00:49
by Draycir Thailand (Standard support level)
Joined: 04/03/2012
Posts: 9

i was thinking about that but wasnt sure if i can assume that. ie. certificate could be both expired and invalid. so even it was signed before the expiry date doesn't mean that at the time of signing the certificate was valid.
And since the validate function only return 1 validatereason value, i dont know if certain certificate failed because it's expired only? or because it's both expired and invalid(revoked, not trusted, etc.)
#20670
Posted: 06/29/2012 02:19:01
by Vsevolod Ievgiienko (EldoS Corp.)

Hello.

If a certificate is both expired and invalid (revoked, not trusted, etc.) the validate reason will be a combination of flags (see validity reasons table here: http://www.eldos.com/documentation/sb...date.html).
#20671
Posted: 06/29/2012 02:21:44
by Eugene Mayevski (EldoS Corp.)

Quote
Draycir Thailand wrote:
And since the validate function only return 1 validatereason value, i dont know if certain certificate failed because it's expired only? or because it's both expired and invalid(revoked, not trusted, etc.)


ValidityReason is a combination of flags and you get more than one reason at the same time. However, TElX509CertificateValidator doesn't validate expired certificates unless ValidateInvalidCertificates property is set to true.


Sincerely yours
Eugene Mayevski
#20672
Posted: 06/29/2012 02:56:28
by Draycir Thailand (Standard support level)
Joined: 04/03/2012
Posts: 9

Quote
Vsevolod Ievgiienko wrote:
Hello.

If a certificate is both expired and invalid (revoked, not trusted, etc.) the validate reason will be a combination of flags (see validity reasons table here: http://www.eldos.com/documentation/sb...date.html.


Thanks, i wasn't pay attention that this can be a combination of flagged bit value.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1137 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!