PreviousNextIndex

VALIDATE-SEAL( ) method

Validates the message authentication code (MAC) generated by the SEAL( ) method to seal a Client-principal object.

You can use this method to validate the seal whenever necessary.

Return type: LOGICAL

Applies to: Client-principal object handle

Syntax 
VALIDATE-SEAL( [ validation-key ] )

validation-key

If you specify a validation key, the AVM uses that key to validate the seal. If you do not specify a validation key, the AVM uses the authentication domain’s key stored in the application’s trusted authentication domain registry for the Client-principal object to validate the seal. The AVM validates the seal by comparing it to the MAC generated by either the specified validation key or the authentication domain key stored in the trusted authentication domain registry. If the seal matches the MAC, then the seal is valid and this method returns TRUE. Otherwise, the seal is invalid and this method returns FALSE.

If the Client-principal object is not sealed and not in the LOGIN state, the AVM generates a run-time error.

The AVM also checks the LOGIN-EXPIRATION-TIMESTAMP attribute. If the Client-principal object expires before you can validate its seal, the AVM sets the LOGIN-STATE attribute to “EXPIRED” and returns FALSE.

Calling this method does not generate an audit event or an audit record.

The following code fragment illustrates how to use the VALIDATE-SEAL( ) method: 

DEFINE VARIABLE hCP    AS HANDLE    NO-UNDO. 
DEFINE VARIABLE key    AS CHARACTER NO-UNDO. 
DEFINE VARIABLE val-ok AS LOGICAL   NO-UNDO. 
. . . 
CREATE CLIENT-PRINCIPAL hCp. 
. . . 
val-ok = hCP:VALIDATE-SEAL(key).

See also: LOGIN-EXPIRATION-TIMESTAMP attribute, LOGIN-STATE attribute, SEAL( ) method

OpenEdge Release 10.2B
Copyright © 2009 Progress Software Corporation
PreviousNextIndex