MYSigner Class Reference

Represents a signer of a CMS message, as returned by the MYDecoder.signers property. More...

List of all members.

Public Member Functions

(id) - initWithDecoder:index:policy:

Properties

CMSSignerStatus status
 The status of the signature, i.e.
MYCertificatecertificate
 The signer's certificate.
NSString * emailAddress
 The signer's email address (if any), as stored in the certificate.
Expert

Advanced methods.

SecTrustRef trust
 Returns the SecTrustRef that was used to verify the certificate.
OSStatus verifyResult
 The result of certificate verification, as a CSSM_RESULT code; a nonzero value indicates an error.

Detailed Description

Represents a signer of a CMS message, as returned by the MYDecoder.signers property.


Property Documentation

- (MYCertificate *) certificate [read, assign]

The signer's certificate.

You should check the status property first, to see whether the signature and certificate are valid. For safety purposes, if you haven't checked status yet, this method will return nil if the signer status is not kCMSSignerValid.

- (NSString *) emailAddress [read, assign]

The signer's email address (if any), as stored in the certificate.

- (CMSSignerStatus) status [read, assign]

The status of the signature, i.e.

whether it's valid or not. Values include: kCMSSignerValid :both signature and signer certificate verified OK. kCMSSignerNeedsDetachedContent:the MYDecoder's detachedContent property must be set, to ascertain the signature status. kCMSSignerInvalidSignature :bad signature -- either the content or the signature data were tampered with after the message was encoded. kCMSSignerInvalidCert :an error occurred verifying the signer's certificate. Further information available via the verifyResult and copyTrust methods.

- (SecTrustRef) trust [read, assign]

Returns the SecTrustRef that was used to verify the certificate.

You can use this object to get more detailed information about how the verification was done. If you set the parent decoder's policy property, then that SecPolicy will be used to evaluate trust; otherwise you'll need to do it yourself using the SecTrust object.

- (OSStatus) verifyResult [read, assign]

The result of certificate verification, as a CSSM_RESULT code; a nonzero value indicates an error.

Some of the most common and interesting errors are:

CSSMERR_TP_INVALID_ANCHOR_CERT : The cert was verified back to a self-signed (root) cert which was present in the message, but that root cert is not a known, trusted root cert. CSSMERR_TP_NOT_TRUSTED: The cert could not be verified back to a root cert. CSSMERR_TP_VERIFICATION_FAILURE: A root cert was found which does not self-verify. CSSMERR_TP_VERIFY_ACTION_FAILED: Indicates a failure of the requested policy action. CSSMERR_TP_INVALID_CERTIFICATE: Indicates a bad leaf cert. CSSMERR_TP_CERT_EXPIRED: A cert in the chain was expired at the time of verification. CSSMERR_TP_CERT_NOT_VALID_YET: A cert in the chain was not yet valie at the time of verification.


The documentation for this class was generated from the following files:
Generated on Sun Apr 17 12:23:58 2011 for MYCrypto by  doxygen 1.6.3