Public Member Functions
|The status of the signature, i.e. |
|The signer's certificate. |
|The signer's email address (if any), as stored in the certificate. |
|Returns the SecTrustRef that was used to verify the certificate. |
|The result of certificate verification, as a CSSM_RESULT code; a nonzero value indicates an error. |
Represents a signer of a CMS message, as returned by the MYDecoder.signers property.
|- (MYCertificate *) certificate
The signer's certificate.
You should check the status property first, to see whether the signature and certificate are valid. For safety purposes, if you haven't checked status yet, this method will return nil if the signer status is not kCMSSignerValid.
|- (NSString *) emailAddress
The signer's email address (if any), as stored in the certificate.
|- (CMSSignerStatus) status
The status of the signature, i.e.
whether it's valid or not. Values include: kCMSSignerValid :both signature and signer certificate verified OK. kCMSSignerNeedsDetachedContent:the MYDecoder's detachedContent property must be set, to ascertain the signature status. kCMSSignerInvalidSignature :bad signature -- either the content or the signature data were tampered with after the message was encoded. kCMSSignerInvalidCert :an error occurred verifying the signer's certificate. Further information available via the verifyResult and copyTrust methods.
|- (SecTrustRef) trust
Returns the SecTrustRef that was used to verify the certificate.
You can use this object to get more detailed information about how the verification was done. If you set the parent decoder's policy property, then that SecPolicy will be used to evaluate trust; otherwise you'll need to do it yourself using the SecTrust object.
|- (OSStatus) verifyResult
The result of certificate verification, as a CSSM_RESULT code; a nonzero value indicates an error.
Some of the most common and interesting errors are:
CSSMERR_TP_INVALID_ANCHOR_CERT : The cert was verified back to a self-signed (root) cert which was present in the message, but that root cert is not a known, trusted root cert. CSSMERR_TP_NOT_TRUSTED: The cert could not be verified back to a root cert. CSSMERR_TP_VERIFICATION_FAILURE: A root cert was found which does not self-verify. CSSMERR_TP_VERIFY_ACTION_FAILED: Indicates a failure of the requested policy action. CSSMERR_TP_INVALID_CERTIFICATE: Indicates a bad leaf cert. CSSMERR_TP_CERT_EXPIRED: A cert in the chain was expired at the time of verification. CSSMERR_TP_CERT_NOT_VALID_YET: A cert in the chain was not yet valie at the time of verification.