en:esya:cades:sertifika-dogrulama

Certificate Validation

Before signature creation, the certificate must be validated. Thus, creation of invalid signatures due to invalid signing certificates is avoided. The certificate validation can be disabled by using parameters. You can see the parameter P_VALIDATE_CERTIFICATE_BEFORE_SIGNING in section Parameters.

CMS Signature API validates the signing certificates upon signature creation and verification. If any problem occurs during certificate validation then the exception CertificateValidationException is thrown. For detailed information about certificate validation see Certificate Validation. The certificate validation policy, which is explained in detail in that section , is specified by using the parameter EParameters.P_CERT_VALIDATION_POLICY.

Accessing to the Signers

The signature structure take place in the class BaseSignedData. In this class, parallel and counter signatures are in a tree structure. The method getSignerList() returns the first level signers in the tree. Therefore, if only parallel signatures exist in the document, getSignerList()' returns all of the signers. As for the counter signatures, the method getCounterSigners() of the signer object whose counter signatures are searched for must be called. The method getAllSignerList() of the class BaseSignedData'' can be used to get all of the signers as a list without any information about the signature tree. For more detailed information, please examine the class “SignersInJTree” in sample codes.

In signature operations, the identification of the signature owner is performed by the signer's certificate. This certificate is usually added into the signed document, which is also the case in ESYA API. From the certificate, the name and the identification number (For Turkey) can be acquired.

BaseSignedData bsd = new BaseSignedData(signedData);
ECertificate cert = bsd.getSignerList().get(0).getSignerCertificate();

if(cert == null){

	System.out.println("İmzaci bilgisi yok");
} else {

	System.out.println("İsim & Soyisim: " + cert.getSubject().getCommonNameAttribute());
	System.out.println("TC Kimlik No: " + cert.getSubject().getSerialNumberAttribute());
}

BaseSignedData bsd = new BaseSignedData(signedData);
ECertificate cert = bsd.getSignerList()[0].getSignerCertificate();

if (cert == null)
{
Console.WriteLine("Imzaci bilgisi yok");
}
else
{
Console.WriteLine("Isim & Soyisim: " + cert.getSubject().getCommonNameAttribute());
Console.WriteLine("TC Kimlik No: " + cert.getSubject().getSerialNumberAttribute());
}