Class: VerificationOptions

Core.PDFNet. VerificationOptions


new VerificationOptions()

Options pertaining to digital signature verification.

Extends

Members


<static> CertificateTrustFlag

Type:
  • number
Properties:
Name Type Description
e_signing_trust number
e_certification_trust number
e_dynamic_content number
e_javascript number
e_identity number
e_trust_anchor number
e_default_trust number
e_complete_trust number

<static> SecurityLevel

Type:
  • number
Properties:
Name Type Description
e_compatibility_and_archiving number
e_maximum number

<static> TimeMode

Type:
  • number
Properties:
Name Type Description
e_signing number
e_timestamp number
e_current number

Methods


<static> create(in_level)

Constructs a set of options for digital signature verification.
Parameters:
Name Type Description
in_level number
PDFNet.VerificationOptions.SecurityLevel = {
	e_compatibility_and_archiving : 0
	e_maximum : 1
}
-- the general security level to use. Sets other security settings internally.
Returns:
A promise that resolves to an object of type: "PDFNet.VerificationOptions"
Type
Promise.<Core.PDFNet.VerificationOptions>

addTrustedCertificate(in_certificate_buf [, in_trust_flags])

Adds a certificate to the store of trusted certificates inside this options object.
Parameters:
Name Type Argument Description
in_certificate_buf ArrayBuffer | Int8Array | Uint8Array | Uint8ClampedArray - a buffer consisting of the data of an X.509 public-key certificate encoded in binary DER (Distinguished Encoding Rules) format, or in PEM (appropriate Privacy-Enhanced Mail header+Base64 encoded DER+appropriate footer) format
in_trust_flags number <optional>
- a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. There is a default parameter value, the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour for this parameter.
Returns:
Type
Promise.<void>

addTrustedCertificateFromURL(url [, options] [, trust_flags])

Adds a certificate from a url to the store of trusted certificates inside this options object.
Parameters:
Name Type Argument Description
url string The url from which to download the file
options object <optional>
Additional options
Properties
Name Type Description
withCredentials boolean Whether to set the withCredentials property on the XMLHttpRequest
customHeaders object An object containing custom HTTP headers to be used when downloading the document
trust_flags number <optional>
- a combination of trust flags (see enum CertificateTrustFlag) that determine for which situations this certificate should be trusted during trust verification. There is a default parameter value, the e_default_trust CertificateTrustFlag, which matches Acrobat's behaviour for this parameter.
Returns:
Type
Promise.<void>

addTrustedCertificates(in_P7C_binary_DER_certificates_file_data)

Bulk trust list loading API from P7C. Attempts to decode the input data as binary DER and trust multiple trusted root certificates from it. Compatible with Acrobat's .P7C format, which is a variation on PKCS #7/CMS that only contains certificates (i.e. no CRLs, no signature, etc.). If a certificate cannot be decoded, this is ignored and an attempt is made to decode the next certificate. This overload takes no account of trust-level flags because none are available in the P7C format. Therefore, when this function is used, all certificates in the P7C file will be loaded as if trusted for everything, which may lead to false positives when compared to other PDF software. (Most applications use the FDF Cert Exchange format.) The FDF-trust-list-loading function "LoadTrustList" should be used instead whenever possible.
Parameters:
Name Type Description
in_P7C_binary_DER_certificates_file_data ArrayBuffer | Int8Array | Uint8Array | Uint8ClampedArray - the P7C-format bulk certificate data, encoded in binary DER (Distinguished Encoding Rules)
Returns:
Type
Promise.<void>

destroy()

Destructor
Inherited From:
Returns:
Type
Promise.<void>

enableDigestVerification(in_on_or_off)

Sets a flag that can turn on or off the verification of the digest (cryptographic hash) component of a digital signature.
Parameters:
Name Type Description
in_on_or_off boolean - A boolean.
Returns:
Type
Promise.<void>

enableModificationVerification(in_on_or_off)

Sets a flag that can turn on or off the verification of the permissibility of any modifications made to the document after the signing of the digital signature being verified, in terms of the document and field permissions specified by the digital signature being verified.
Parameters:
Name Type Description
in_on_or_off boolean - A boolean.
Returns:
Type
Promise.<void>

enableOnlineCRLRevocationChecking(in_on_or_off)

Enables/disables online CRL revocation checking. The default setting is for it to be turned off, but this may change in future versions. Note: CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters:
Name Type Description
in_on_or_off boolean - what setting to use
Returns:
Type
Promise.<void>

enableOnlineOCSPRevocationChecking(in_on_or_off)

Enables/disables online OCSP revocation checking. The default setting is for it to be turned on.
Parameters:
Name Type Description
in_on_or_off boolean - what setting to use.
Returns:
Type
Promise.<void>

enableOnlineRevocationChecking(in_on_or_off)

enables/disables all online revocation checking modes. The default settings are that online OCSP is turned on and online CRL is turned off, but the default CRL setting may change in future versions. Note: CRL checking is off by default because the technology is inherently complicated and resource-intensive, but may help improve verification rate when files are verified against a recent reference-time (e.g. maximum security mode), because online CRLs will be valid within that time. This mode will not be useful for old archival-type ('LTV') documents verified in archiving-and-compatibility security mode, because their online OCSP and/or CRL responder servers may not be alive anymore. However, such LTV documents can be created (if the CRL responder servers are still active) by enabling online checking, verifying, and then embedding the data using DigitalSignatureField.EnableLTVOfflineVerification.
Parameters:
Name Type Description
in_on_or_off boolean - what setting to use
Returns:
Type
Promise.<void>

enableTrustVerification(in_on_or_off)

Sets a flag that can turn on or off the verification of the trust status of a digital signature.
Parameters:
Name Type Description
in_on_or_off boolean - A boolean.
Returns:
Type
Promise.<void>

loadTrustList(in_fdf_cert_exchange_data)

Bulk trust list loading API with trust flag support. Loads a trust list that is structured in Acrobat's FDF Data/Cert Exchange format into the VerificationOptions certificate store. Use of this function is strongly recommended instead of the P7C API (i.e. AddTrustedCertificates). Certificates inside the FDF trust list that cannot be decoded and loaded, will be skipped.
Parameters:
Name Type Description
in_fdf_cert_exchange_data Core.PDFNet.PDFDoc | Core.PDFNet.SDFDoc | Core.PDFNet.FDFDoc - an FDFDoc from the FDF cert exchange data
Returns:
Type
Promise.<void>

setRevocationProxyPrefix(in_str)

Sets a URI prefix to use for online revocation requests during digital signature verification. Useful for Emscripten platform -- used to avoid CORS-related errors. The default value is https://proxy.pdftron.com
Parameters:
Name Type Description
in_str string the proxy prefix URL string to use for revocation requests
Returns:
Type
Promise.<void>

setRevocationTimeout(in_revocation_timeout_milliseconds)

Sets the timeout for online revocation requests.
Parameters:
Name Type Description
in_revocation_timeout_milliseconds number
Returns:
Type
Promise.<void>

takeOwnership()

Take the ownership of this object, so that PDFNet.runWithCleanup won't destroy this object.
Inherited From:
Returns:
Type
void