Table of Contents

Namespace SimpleSign.Core.Validation

Classes

CertificateChainService

Default implementation of ICertificateChainService.

CertificateValidationException

Thrown when a certificate fails validation — for example, when the certificate chain cannot be built, the certificate has expired, or the root CA is not trusted.

CryptoVerifier

Verifies cryptographic signature validity and PAdES attribute binding. All methods are static — no state needed. Uses Span<byte> to minimize allocations.

CryptoVerifierService

Default implementation of ICryptoVerifier.

RevocationCheckException

Thrown when a certificate revocation check fails — for example, when an OCSP responder times out, a CRL cannot be downloaded, or the certificate has been revoked.

SignatureValidationResult

Complete result of a PDF signature validation.

TimestampValidator

Validates RFC 3161 timestamp tokens embedded in CMS signatures. Verifies TSA signature, nonce, and extracts timestamp date.

TimestampValidatorService

Default implementation of ITimestampValidator.

ValidationException

Thrown when the PDF validation engine encounters a structural or cryptographic error that prevents validation from completing.

ValidationOptions

Options for the validation engine.

Interfaces

ICertificateChainService

Service for certificate chain operations: AIA chasing, certificate loading.

ICryptoVerifier

Cryptographic signature verification and signing-certificate binding validation.

IRevocationChecker

Checks certificate revocation status via embedded CRLs, OCSP, and online CRL.

ITimestampValidator

Validates RFC 3161 timestamp tokens embedded in signatures.

Enums

RevocationSource

Describes the mechanism used to verify the revocation status of a signer's certificate. Useful for distinguishing offline (B-LT/B-LTA) from online (B-T) revocation checks.

Delegates

TimestampValidator.CertificateChainValidatorDelegate

Delegate for certificate chain validation, allowing the caller to supply its own implementation.