VALIDATE-SEAL( ) method

Validates the message authentication code (MAC) generated by the SEAL( ) method to seal a client-principal object.

You can use this method to validate the seal whenever necessary.

Return type: LOGICAL

Applies to: Client-principal object handle

Syntax

VALIDATE-SEAL ( [domain-access-code ] )

domain-access-code

An optional character expression containing the access code that is defined for the user's domain and that originally was used to seal the client-principal object. The AVM converts this value to a UTF-8 before using it, which ensures a consistent value regardless of code page settings.

ABL raises ERROR if the client-principal object is not:

• Sealed
• In the LOGIN state

If you specify a domain access code, the AVM uses the specified value to validate the seal.

If you do not specify a domain access code, the AVM uses the access code defined for the domain in the trusted domain registry to validate the seal.

The AVM validates the seal by comparing it to the MAC generated from either the specified domain access code or the matching domain access code stored in the trusted domain registry. If the seal matches the generated MAC, the seal is valid and this method returns TRUE. Otherwise, the seal is invalid and this method returns FALSE.

The AVM also checks the LOGIN-EXPIRATION-TIMESTAMP attribute. If the client-principal object expires before you can validate its seal, the AVM sets the LOGIN-STATE attribute to "EXPIRED" and returns FALSE.

Calling this method does not generate an audit event or an audit record.

The following code fragment illustrates how to use the VALIDATE-SEAL( ) method:

DEFINE VARIABLE hCP    AS HANDLE    NO-UNDO.
DEFINE VARIABLE key    AS CHARACTER NO-UNDO.
DEFINE VARIABLE val-ok AS LOGICAL   NO-UNDO.
. . .
CREATE CLIENT-PRINCIPAL hCp.
. . .
val-ok = hCP:VALIDATE-SEAL(key).

See also

LOGIN-EXPIRATION-TIMESTAMP attribute, LOGIN-STATE attribute, SEAL( ) method