|
|
|
|
|
|
|
|
|
|
- LDAP section of the certificate
- Managing certificates in WEBDEV
CertificateCheckString (Function) In french: CertificatVérifieChaîne Checks the correspondence between a signature and a string. Syntax
Checking the correspondence between a signature and a string (numeric signature) Hide the details
<Result> = CertificateCheckString(<String to check> , <Signature buffer> , <Certificate file> [, <Password> [, <Trusted authorities>]] , <Options>)
<Result>: Integer constant Result of signature check: | | | certificateExpired | Valid signature but expired certificate. | | certificateInvalid | Invalid signature or certificate. | | certificateOk | Trusted signature and certificate. | | certificateUntrusted | Valid signature but untrusted certificate root. |
<String to check>: Character string or Buffer Character string on which the check will be performed.
This parameter can correspond to an ANSI string, a UNICODE string or a Buffer. The string will be processed as a buffer.
If this parameter corresponds to a string (without specifying the type), the type of string taken into account depends on the type of string defined by default in the current project configuration.
Remark: In the case of a UNICODE string, note that Unicode is not the same on Linux and Windows. <Signature buffer>: Buffer Buffer containing the signature of the string. This buffer is returned by CertificateSignString. <Certificate file>: Character string or Buffer Corresponds to: - Full path of certificate file to use (in PEM, DER or P12 format).
- Buffer containing the certificate to use.
Remarks: - For a PKCS7 signature, this parameter allows you to add certificates used to search for the trusted string.
- For the raw signature, this parameter contains the public key.
<Password>: Character string Password that will be used to decrypt the certificate file if this one is password-protected.
Remark: This parameter is useful if the certificate used is identical to the one used for the signature. <Trusted authorities>: String or array of strings Full path of trusted certificate to use.
This parameter can also correspond to an array of strings containing the full path of different trusted certificates to use. <Options>: Integer constant (or combination of constants) Signature format: | | | certPKCS7 | Signature in PKCS7 format. | | certSignatureOnly | Signature only. In this case, the certSignatureOnly constant must be combined with the hashing algorithm: - certSignatureOnly + certMD5: MD5 algorithm.
- certSignatureOnly + certSHA160: SHA1 algorithm.
- certSignatureOnly + certSHA256: SHA2 algorithm. A 256-bit result is produced.
- certSignatureOnly + certSHA384: SHA-384 algorithm. A 384-bit result is produced
- certSignatureOnly + certSHA512: SHA-512 algorithm. A 512-bit result is produced.
In this case, the trusted string is not checked. Only the validity of signature in relation to the public key is checked. |
Remarks LDAP section of the certificate The certificate and the trusted certificate must have different LDAP sections. A section contains the details about the issuer of the certificate. For example, you can use different "commonName" sub-sections.
Otherwise, the function may return an error corresponding to the certificateUntrusted constant. Remark: Depending on the tool used, this section can have different names: Issuer (Windows certificate), etc. Business / UI classification: Business Logic
This page is also available for…
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|