EldoS | Feel safer!

Software components for data protection, secure storage and transfer

How to use ElFileTSPClient to timestamp PDF file?

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 07/30/2008 04:14:01
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17


The error is now: No signing certificate found.

Stack Trace:

at SBPDFSecurity.TElPDFPublicKeySecurityHandler.GetEstimatedSignatureSize()
   at SBPDF.TElPDFDocument.PreCalculateSignatures@2(TElPDFSignature Sig, TPDFDictionary V, Int32& ObjNum, Int32& GenNum)
   at SBPDF.TElPDFDocument.PreCalculateSignatures(Boolean IncrementalUpdate)
   at SBPDF.TElPDFDocument.Close(Boolean Save)
   at test.TimeStamp() in E:\My Documents\Blackbox Test\test.aspx.vb:line 145

Line 145: Document.Close(Success) 'After the TimeStamp Call

The TimeStamp code is the same as in my last post.
Posted: 07/30/2008 04:21:59
by Ken Ivanov (EldoS Corp.)

The error is now: No signing certificate found.

The error message says for itself. The certificate you are using for signing either does not contain a private key, or no certificate is assigned at all.
Posted: 07/30/2008 05:05:35
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Does this refer to the pfx certificate or the timestamp certificate being returned by the timestamp call? Because like I said, I haven't changed any other code (or my pfx certificate) and when I made the same call to www.digistamp.com using TElHTTPSClient and TElHTTPTSPClient it worked fine.

Are you sure there's not something wrong with the handle TimeStampEvent code?

Are you sure the syntax is correctly requesting the timestamp and using the streams correctly?

Thanks again, Dan
Posted: 07/30/2008 06:20:13
by Ken Ivanov (EldoS Corp.)

This refers to the certificate used for signing.

Your handler code is in general correct. The only potential problem I see is that tspResponseStream may not support seeking, so CopyStream() method might fail.

Please try to replace the following part of code:
SBUtils.Unit.CopyStream(tspResponseStream, respStream, tspResponseStream.Length)


read = tspResponseStream.Read(buf, 0, buf.Length)
respStream.Write(buf, 0, read)

and check if it helps.
Posted: 07/30/2008 07:52:15
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, that moved it on.. kinda. Now I get the error "The remote server returned an error: (501) Not implemented." at line: tspHTTPResponse = tspHTTPRequest.GetResponse()

I've tried changing the log in credientials just to see if the initial request is working and it is because I got an "unauthorized" error which means the url and credentials and query is partially working.

It has to be with the way I am reading the request and writing the response.

Stack Trace:

   at System.Net.HttpWebRequest.GetResponse()
   at test.HandleTimestampNeeded(Object Sender, Stream reqStream, Stream respStream, Boolean& Succeeded) in E:\My Documents\Blackbox Test\test.aspx.vb:line 198
   at SBTSPClient.TElFileTSPClient.Timestamp(Byte[] HashedData, Int32& ServerResult, Int32& FailureInfo, Byte[]& ReplyCMS)
   at SBMessages.TElMessageSigner.TimestampMessage(TElPKCS7Message Msg)
   at SBMessages.TElMessageSigner.SignPublicKey(Byte[] InBuffer, Int32 InStartIndex, Int32 InSize, Byte[]& OutBuffer, Int32 OutStartIndex, Int32& OutSize, Stream InStream, Stream OutStream, Int64 InCount, Boolean Detached)
   at SBMessages.TElMessageSigner.Sign(Byte[] InBuffer, Byte[]& OutBuffer, Int32& OutSize, Boolean Detached)
   at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHashPKCS7(Byte[] Hash, Int32 StartIndex, Int32 Count)
   at SBPDFSecurity.TElPDFPublicKeySecurityHandler.SignHash(Byte[] Hash, Int32 StartIndex, Int32 Count)
   at SBPDF.TElPDFDocument.InsertActualSignatureInformation(Boolean IncrementalUpdate)
   at SBPDF.TElPDFDocument.Close(Boolean Save)
   at test.TimeStamp() in E:\My Documents\Blackbox Test\test.aspx.vb:line 145

Private Sub HandleTimestampNeeded(ByVal Sender As Object, ByVal reqStream As Stream, ByVal respStream As Stream, ByRef Succeeded As Boolean) Handles TSPClient.OnTimestampNeeded

        Dim tspHTTPRequest As HttpWebRequest
        Dim tspHTTPResponse As HttpWebResponse
        Dim tspResponseStream As Stream

        ' (1) sending reqStream to timestamp server
        tspHTTPRequest = WebRequest.Create("http://tsatest1.digistamp.com/tsa")
        tspHTTPRequest.Method = "POST"
        tspHTTPRequest.Timeout = 10000
        tspHTTPRequest.ContentType = "application/timestamp-query"
        tspHTTPRequest.Credentials = New NetworkCredential("username", "password")

        Dim newStream As Stream = tspHTTPRequest.GetRequestStream()
        Dim buf(65536) As Byte
        Dim read As Integer
        reqStream.Position = 0
        While True
            read = reqStream.Read(buf, 0, buf.Length)
            newStream.Write(buf, 0, read)
            If read < buf.Length Then
                Exit While
            End If
        End While

        ' (2) writing the received response to the respStream
        tspHTTPResponse = tspHTTPRequest.GetResponse()
        tspResponseStream = tspHTTPResponse.GetResponseStream()
        read = tspResponseStream.Read(buf, 0, buf.Length)
        respStream.Write(buf, 0, read)
        respStream.Position = 0

        ' (3) setting Succeeded to True if the response has been received correctly,
        ' or to False if some error has occured during negotiation to timestamping server
        If tspHTTPResponse.StatusCode = HttpStatusCode.OK Then
            Succeeded = True
            Succeeded = False
        End If
Posted: 07/30/2008 08:30:56
by Ken Ivanov (EldoS Corp.)

Please check if your code works with some other TSP server. The following one can be freely used: http://www.edelweb.fr/cgi-bin/service-tsp
Posted: 07/30/2008 08:39:37
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, I have already tried this and although it says "signed successfully" when I check the PDF file signature the date tab says "Signature date/time are from the clock on the signer's computer".
Posted: 07/30/2008 08:51:37
by Eugene Mayevski (EldoS Corp.)

Any problem with the timestamp will cause Adobe software to give the message you quoted. There's no way to find out the actual reason.
So, are you saying that with edelweb TSP service (the URL given above) you get this message too?

Sincerely yours
Eugene Mayevski
Posted: 07/30/2008 08:53:59
by Ken Ivanov (EldoS Corp.)

That's because the certificate of this server is not specified as trusted in the Acrobat application.

As your application does work with Edelweb server, the code itself also does. BTW, did you have a chance to successfully request timestamp from *your* server with TElHTTPSClient and not HttpWebRequest?
Posted: 07/30/2008 09:55:29
by Dan Saul (Standard support level)
Joined: 07/23/2008
Posts: 17

Yes, when I used the original code implementing TElHTTPSClient/TElHTTPTSPClient and www.digistamp.com server the timestamp worked and the date tab on the pdf signature correctly showed information about digistamp (but not the date because it is a test server and also because it is not trusted).

How can the original code sign successfully and this new code using TElFileTSPClient not work the same way?
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.



Topic viewed 10928 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!