Discuss this help topic in SecureBlackbox Forum

Load CMS message

Obtaining signature validation log As creation or validation of a CAdES signature is a complex process sometimes involving dozens of steps, it is often convenient to get a log of the procedure step-by-step. This may be particularly useful for tracking the reason for failing chain validation. Note: we are saying creation AND validation, because both operations are fairly similar CAdES-wise. A cornerstone of both processes is deep validation of the certificate chain(s) involved, which contributes the 90% of the activities performed during each operation. The majority of tasks performed by the component within a signing or verifying operation are related to chain validation. As such, most of the issues happen on that stage. Chains are validated with TElX509CertificateValidator class, which maintains its own logging system. Therefore getting the signing or validation log is essentially getting the log of the involved validator components. The log created by a validator component can be obtained from its InternalLogger.Log.Text property. This should be performed when the chain validation is over - which in case of TElCAdESSignatureProcessor-powered validation is your OnCertValidatorFinished event handler: void handleCertValidatorFinished(object Sender, SBCertValidator.TElX509CertificateValidator CertValidator, TElX509Certificate Cert, TSBCertificateValidity Validity, int Reason) { Console.WriteLine("Finished validation of the certificate: " + Cert.SubjectRDN.SaveToDNString() + " / " + Cert.IssuerRDN.SaveToDNString() + ", validity: " + Validity.ToString() + ", reason: " + Reason.ToString()); Console.WriteLine(CertValidator.InternalLogger.Log.Text); } Note 1: depending on particular configuration of TElCAdESSignatureProcessor and TElX509CertificateValidator objects, you might receive quite different logs. Note 2: complicated signature structures (i.e. those including countersignatures and timestamps) may involve the use of several validator objects. You might wish to get the logs for every of them.

Discuss this help topic in SecureBlackbox Forum