EldoS | Feel safer!

Software components for data protection, secure storage and transfer

OCSP Client error SB_OCSP_ERROR_WRONG_SIGNATURE

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#8240
Posted: 11/21/2008 10:57:15
by José Luis Gordo (Standard support level)
Joined: 11/21/2008
Posts: 2

Hi to all.
We are evaluating your library for signing & manipulating PDF files. We have already finished our research with PDF "module", so we are now trying to check PDF signs against an OCSP server.

I have studied OCSPCLient sample, and we wrote some code to extract X509 Certificates from a PDF File and to add them to a MemoryStorage. After that, we get the issuer certificate from each Certificate contained in the PDF Doc.
Finally we read the signer certificate from an smart card and we issue the PerformRequest command, that always returns 79879 (ERROR_WRONG_SIGNATURE).

This is a piece of code that gives us this error too:



TElPDFDocument MyDoc = new TElPDFDocument();

MyDoc.Open(MyFileStream);
TElPDFSignature sig = MyDoc.get_Signatures(0);
TElPDFPublicKeySecurityHandler Handler = (TElPDFPublicKeySecurityHandler)sig.Handler;

TElX509Certificate DocCert = Handler.Certificates.get_Certificates(0);
//Now I have the first certificate of the document. I must get the issuer Certificate

TElWinCertStorage CertStorage = new TElWinCertStorage();
CertStorage.SystemStores.Add("CA");
int i = CertStorage.GetIssuerCertificate(Cert);

TElX509Certificate IssuerCert = CertStorage.get_Certificates(i);

//This function retrieves the smart card certificate by user ID
TElX509Certificate SignerCert = GetCertByUserID("myuserid");


//ok, now i have got everything i need, so i try to make my request

TElMemoryCertStorage ToValidateMCS = new TElMemoryCertStorage();
TElMemoryCertStorage IssuerCertMCS = new TElMemoryCertStorage();
TElMemoryCertStorage SignerMCS = new TElMemoryCertStorage();

ToValidateMCS.Add(DocCert, false);
IssuerCertMCS.Add(IssuerCert, false);
SignerMCS.Add(SignerCert, false);

//Initialization of OCSPClient
TElHTTPOCSPClient Client = new TElHTTPOCSPClient();
Client.CertStorage = ToValidateMCS;
Client.IssuerCertStorage = IssuerCertMCS;
Client.SigningCertStorage = SignerMCS;

Client.HTTPClient = new TElHTTPSClient();
Client.URL = "http://ocsp.myserver.net";

Client.Nonce = SBUtils.Unit.BytesOfString(DateTime.Now.ToString());


Client.IncludeCertificates = true;
Client.IncludeSignature = true;

short ServerResponse = 0;
byte [] Reply = null;

int Result = Client.PerformRequest(ref ServerResponse, ref Reply);

//RESULT IS ALWAYS HERE SB_OCSP_ERROR_WRONG_SIGNATURE



Can you tell me if i'm missing some operation before making the request?

Thanks a lot.

#8242
Posted: 11/22/2008 02:45:50
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

First of all, it is necessary to check if the request itself is correct (it is possible that the server returns such error if it is unable to build a complete certificate chain for validation, or it does not trust the certificate that was used to sign the request). Would you be so kind to save the OCSP request to the file (using TElFileOCSPClient component) and post it to the Helpdesk ticket for investigation?
#8245
Posted: 11/24/2008 03:40:36
by José Luis Gordo (Standard support level)
Joined: 11/21/2008
Posts: 2

Ok,
Ticket number #14417

Thanks
#9006
Posted: 02/23/2009 09:55:34
by medianet software (Basic support level)
Joined: 02/23/2009
Posts: 1

Hola José Luis, estamos en la misma situación en la que te encontrabas tú. ¿Has logrado arreglarlo? ¿Podrias contarnos como?

manuel.cernuda[at]medianet[dot]es
#9007
Posted: 02/23/2009 10:18:46
by Ken Ivanov (EldoS Corp.)

Lo siento, el problema no ha resuelto. Por favor, intente jugar con propiedades:
* IncludeSignature (intente ambos false y true)
* IncludeCertificates (lo mismo)
* Options (intente todos combinaciones de ocoIncludeVersion y ocoIncludeSupportedResponseTypes banderas).

Si nada de opciones no ayudan, por favor solicite al administrador del OCSP servidor para ver a revista del servidor. Probablemente ayudara a encontrar la causa del problema.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 1740 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!