21.11.2003 17:10:03Как отследить просроченный сертификат? Ответов: 1
Елена
Подскажите пожалуйста, какой метод или какое свойство CAPICOM надо использовать, чтобы отследить просроченный сертификат и не наблюдать следующую ошибку при исполнении PHP-скрипта:
Invoke() failed: Ошибка. Source: Unavailable Description: The signer’s certificate is not valid for signing
 
Ответы:
22.11.2003 12:00:40uri
Const CAPICOM_CHECK_NONE = 0
’ No validity checking is done.
Const CAPICOM_CHECK_TRUSTED_ROOT = 1
’ Check for a trusted root of the certificate chain.
Const CAPICOM_CHECK_TIME_VALIDITY = 2
’ Check the time validity of all certificates in the chain.
Const CAPICOM_CHECK_SIGNATURE_VALIDITY = 4
’ Check for valid signatures on all certificates in the chain.
Const CAPICOM_CHECK_ONLINE_REVOCATION_STATUS = 8
’Check the revocation status of all certificates in the chain using CRLs available online.
Const CAPICOM_CHECK_OFFLINE_REVOCATION_STATUS = 16
’Check the revocation status of all certificates in the chain using any offline CRLs.
Const CAPICOM_VERIFY_SIGNATURE_ONLY = 0
’ Only the signature is checked.
Const CAPICOM_VERIFY_SIGNATURE_AND_CERTIFICATE = 1
’Both the signature and the validity of the certificate used to create the signature are checked.
Const CAPICOM_TRUST_IS_NOT_TIME_VALID = 1 ’0x00000001
’ The current date is not within a certificate’s valid period.
Const CAPICOM_TRUST_IS_NOT_TIME_NESTED = 2 ’0x00000002
’ The time validity of a certificate in the chain falls outside the time validity of one or more of its verifying certificates.
Const CAPICOM_TRUST_IS_REVOKED = 4 ’0x00000004
’ One or more of the certificates in the chain has been revoked.
Const CAPICOM_TRUST_IS_NOT_SIGNATURE_VALID = 8 ’0x00000008
’ One or more of the certificates in the chain does not have a valid signature.
Const CAPICOM_TRUST_IS_NOT_VALID_FOR_USAGE = 16 ’0x00000010
’ One or more of the certificates in the chain is not valid for its usage.
Const CAPICOM_TRUST_IS_UNTRUSTED_ROOT = 32 ’0x00000020
’ The root certificate of the chain is not trusted.
Const CAPICOM_TRUST_REVOCATION_STATUS_UNKNOWN = 64 ’0x00000040
’ The revocation status of one or more of the certificates in the chain cannot be determined.
Const CAPICOM_TRUST_IS_CYCLIC = 128 ’0x00000080
’ A certificate in the chain is used to certify a certificate that was used in its own certification.
Const CAPICOM_TRUST_IS_PARTIAL_CHAIN = 65536 ’0x00010000
’ The truest chain cannot be completed to a certificate in the Root store.
Const CAPICOM_TRUST_CTL_IS_NOT_TIME_VALID = 131072 ’0x00020000
’ The chain depends upon a CTL that is not time-valid.
Const CAPICOM_TRUST_CTL_IS_NOT_SIGNATURE_VALID = 262144 ’ 0x00040000
’ The chain depends upon a CTL that does not have a valid signature.
Const CAPICOM_TRUST_CTL_IS_NOT_VALID_FOR_USAGE = 524288 ’0x00080000
’ The chain depends upon a CTL that is not valid for its usage in the chain.

Dim sSignedDoc, i
Dim SignedData
Dim Cert
Dim Chain
Dim Store
Dim CertSign
Dim SN, SNi
Dim Signer

SN = "198EF79200030000138F"

Set Store = CreateObject("CAPICOM.Store")
Set Signer = CreateObject("CAPICOM.Signer")
Store.Open 2

For Each Cert In Store.Certificates
SNi = Cert.SerialNumber
If SNi = SN Then
Set CertSign = Cert
End If
Next

sSignedDoc = "Привет"
Signature = ""

Set SignedData = CreateObject("CAPICOM.SignedData")
SignedData.Content = sSignedDoc

Signer.Certificate = CertSign

Signature = SignedData.Sign (Signer, False, 1)

SignedData.Verify Signature, False, 1

If HandleError Then
MsgBox "Verified error"
else
MsgBox "Verified OK"
End If


CertSign.IsValid.CheckFlag = CAPICOM_CHECK_TRUSTED_ROOT Or CAPICOM_CHECK_TIME_VALIDITY Or CAPICOM_CHECK_SIGNATURE_VALIDITY Or CAPICOM_CHECK_ONLINE_REVOCATION_STATUS
Set Chain = CreateObject("CAPICOM.Chain")
Chain.Build CertSign
If Chain.Status <> 0 Then
MsgBox "Cert Error"
else
MsgBox "Cert OK"
End If