EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to use ElFileTSPClient to timestamp PDF file?

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#7126
Posted: 07/30/2008 04:14:01
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Hi,

The error is now: No signing certificate found.

Stack Trace:

Code
at SBPDFSecurity.TElPDFPublicKeySecurityHandler.GetEstimatedSignatureSize()
   at SBPDF.TElPDFDocument.PreCalculateSignatures@2(TElPDFSignature Sig, TPDFDictionary V, Int32& ObjNum, Int32& GenNum)
   at SBPDF.TElPDFDocument.PreCalculateSignatures(Boolean IncrementalUpdate)
   at SBPDF.TElPDFDocument.Close(Boolean Save)
   at test.TimeStamp() in E:\My Documents\Blackbox Test\test.aspx.vb:line 145


Line 145: Document.Close(Success) 'After the TimeStamp Call

The TimeStamp code is the same as in my last post.
#7127
Posted: 07/30/2008 04:21:59
by Ken Ivanov (EldoS Corp.)

Quote
The error is now: No signing certificate found.

The error message says for itself. The certificate you are using for signing either does not contain a private key, or no certificate is assigned at all.
#7128
Posted: 07/30/2008 05:05:35
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Does this refer to the pfx certificate or the timestamp certificate being returned by the timestamp call? Because like I said, I haven't changed any other code (or my pfx certificate) and when I made the same call to www.digistamp.com using TElHTTPSClient and TElHTTPTSPClient it worked fine.

Are you sure there's not something wrong with the handle TimeStampEvent code?

Are you sure the syntax is correctly requesting the timestamp and using the streams correctly?

Thanks again, Dan
#7130
Posted: 07/30/2008 06:20:13
by Ken Ivanov (EldoS Corp.)

This refers to the certificate used for signing.

Your handler code is in general correct. The only potential problem I see is that tspResponseStream may not support seeking, so CopyStream() method might fail.

Please try to replace the following part of code:
Code
SBUtils.Unit.CopyStream(tspResponseStream, respStream, tspResponseStream.Length)


with

Code
read = tspResponseStream.Read(buf, 0, buf.Length)
respStream.Write(buf, 0, read)


and check if it helps.
#7131
Posted: 07/30/2008 07:52:15
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, that moved it on.. kinda. Now I get the error "The remote server returned an error: (501) Not implemented." at line: tspHTTPResponse = tspHTTPRequest.GetResponse()

I've tried changing the log in credientials just to see if the initial request is working and it is because I got an "unauthorized" error which means the url and credentials and query is partially working.

It has to be with the way I am reading the request and writing the response.

Stack Trace:

Code
   at System.Net.HttpWebRequest.GetResponse()
   at test.HandleTimestampNeeded(Object Sender, Stream reqStream, Stream respStream, Boolean& Succeeded) in E:\My Documents\Blackbox Test\test.aspx.vb:line 198
   at SBTSPClient.TElFileTSPClient.Timestamp(Byte[] HashedData, Int32& ServerResult, Int32& FailureInfo, Byte[]& ReplyCMS)
   at SBMessages.TElMessageSigner.TimestampMessage(TElPKCS7Message Msg)
   at SBMessages.TElMessageSigner.SignPublicKey(Byte[] InBuffer, Int32 InStartIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutStartIndex, Int32& OutSize, Stream InStream, Stream OutStream, Int64 InCount, Boolean Detached)
   at SBMessages.TElMessageSigner.Sign(Byte[] InBuffer, Byte[]& OutBuffer, Int32& OutSize, Boolean Detached)
   at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHashPKCS7(Byte[] Hash, Int32 StartIndex, Int32 Count)
   at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count)
   at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate)
   at SBPDF.TElPDFDocument.Close(Boolean Save)
   at test.TimeStamp() in E:\My Documents\Blackbox Test\test.aspx.vb:line 145


Code
Private Sub HandleTimestampNeeded(ByVal Sender As Object, ByVal reqStream As Stream, ByVal respStream As Stream, ByRef Succeeded As Boolean) Handles TSPClient.OnTimestampNeeded

        Dim tspHTTPRequest As HttpWebRequest
        Dim tspHTTPResponse As HttpWebResponse
        Dim tspResponseStream As Stream

        ' (1) sending reqStream to timestamp server
        tspHTTPRequest = WebRequest.Create("http://tsatest1.digistamp.com/tsa")
        tspHTTPRequest.Method = "POST"
        tspHTTPRequest.Timeout = 10000
        tspHTTPRequest.ContentType = "application/timestamp-query"
        tspHTTPRequest.Credentials = New NetworkCredential("username", "password")

        Dim newStream As Stream = tspHTTPRequest.GetRequestStream()
        Dim buf(65536) As Byte
        Dim read As Integer
        reqStream.Position = 0
        While True
            read = reqStream.Read(buf, 0, buf.Length)
            newStream.Write(buf, 0, read)
            If read < buf.Length Then
                Exit While
            End If
        End While
        newStream.Close()

        ' (2) writing the received response to the respStream
        tspHTTPResponse = tspHTTPRequest.GetResponse()
        tspResponseStream = tspHTTPResponse.GetResponseStream()
        read = tspResponseStream.Read(buf, 0, buf.Length)
        respStream.Write(buf, 0, read)
        respStream.Position = 0

        ' (3) setting Succeeded to True if the response has been received correctly,
        ' or to False if some error has occured during negotiation to timestamping server
        If tspHTTPResponse.StatusCode = HttpStatusCode.OK Then
            Succeeded = True
        Else
            Succeeded = False
        End If
#7132
Posted: 07/30/2008 08:30:56
by Ken Ivanov (EldoS Corp.)

Please check if your code works with some other TSP server. The following one can be freely used: http://www.edelweb.fr/cgi-bin/service-tsp
#7133
Posted: 07/30/2008 08:39:37
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, I have already tried this and although it says "signed successfully" when I check the PDF file signature the date tab says "Signature date/time are from the clock on the signer's computer".
#7135
Posted: 07/30/2008 08:51:37
by Eugene Mayevski (EldoS Corp.)

Any problem with the timestamp will cause Adobe software to give the message you quoted. There's no way to find out the actual reason.
So, are you saying that with edelweb TSP service (the URL given above) you get this message too?


Sincerely yours
Eugene Mayevski
#7136
Posted: 07/30/2008 08:53:59
by Ken Ivanov (EldoS Corp.)

That's because the certificate of this server is not specified as trusted in the Acrobat application.

As your application does work with Edelweb server, the code itself also does. BTW, did you have a chance to successfully request timestamp from *your* server with TElHTTPSClient and not HttpWebRequest?
#7137
Posted: 07/30/2008 09:55:29
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, when I used the original code implementing TElHTTPSClient/TElHTTPTSPClient and www.digistamp.com server the timestamp worked and the date tab on the pdf signature correctly showed information about digistamp (but not the date because it is a test server and also because it is not trusted).

How can the original code sign successfully and this new code using TElFileTSPClient not work the same way?
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 10830 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!