EldoS | Feel safer!

Software components for data protection, secure storage and transfer


Posted: 11/21/2008 10:57:15
by José Luis Gordo (Standard support level)
Joined: 11/21/2008
Posts: 2

Hi to all.
We are evaluating your library for signing & manipulating PDF files. We have already finished our research with PDF "module", so we are now trying to check PDF signs against an OCSP server.

I have studied OCSPCLient sample, and we wrote some code to extract X509 Certificates from a PDF File and to add them to a MemoryStorage. After that, we get the issuer certificate from each Certificate contained in the PDF Doc.
Finally we read the signer certificate from an smart card and we issue the PerformRequest command, that always returns 79879 (ERROR_WRONG_SIGNATURE).

This is a piece of code that gives us this error too:

TElPDFDocument MyDoc = new TElPDFDocument();

TElPDFSignature sig = MyDoc.get_Signatures(0);
TElPDFPublicKeySecurityHandler Handler = (TElPDFPublicKeySecurityHandler)sig.Handler;

TElX509Certificate DocCert = Handler.Certificates.get_Certificates(0);
//Now I have the first certificate of the document. I must get the issuer Certificate

TElWinCertStorage CertStorage = new TElWinCertStorage();
int i = CertStorage.GetIssuerCertificate(Cert);

TElX509Certificate IssuerCert = CertStorage.get_Certificates(i);

//This function retrieves the smart card certificate by user ID
TElX509Certificate SignerCert = GetCertByUserID("myuserid");

//ok, now i have got everything i need, so i try to make my request

TElMemoryCertStorage ToValidateMCS = new TElMemoryCertStorage();
TElMemoryCertStorage IssuerCertMCS = new TElMemoryCertStorage();
TElMemoryCertStorage SignerMCS = new TElMemoryCertStorage();

ToValidateMCS.Add(DocCert, false);
IssuerCertMCS.Add(IssuerCert, false);
SignerMCS.Add(SignerCert, false);

//Initialization of OCSPClient
TElHTTPOCSPClient Client = new TElHTTPOCSPClient();
Client.CertStorage = ToValidateMCS;
Client.IssuerCertStorage = IssuerCertMCS;
Client.SigningCertStorage = SignerMCS;

Client.HTTPClient = new TElHTTPSClient();
Client.URL = "http://ocsp.myserver.net";

Client.Nonce = SBUtils.Unit.BytesOfString(DateTime.Now.ToString());

Client.IncludeCertificates = true;
Client.IncludeSignature = true;

short ServerResponse = 0;
byte [] Reply = null;

int Result = Client.PerformRequest(ref ServerResponse, ref Reply);


Can you tell me if i'm missing some operation before making the request?

Thanks a lot.

Posted: 11/22/2008 02:45:50
by Ken Ivanov (Team)

Thank you for contacting us.

First of all, it is necessary to check if the request itself is correct (it is possible that the server returns such error if it is unable to build a complete certificate chain for validation, or it does not trust the certificate that was used to sign the request). Would you be so kind to save the OCSP request to the file (using TElFileOCSPClient component) and post it to the Helpdesk ticket for investigation?
Posted: 11/24/2008 03:40:36
by José Luis Gordo (Standard support level)
Joined: 11/21/2008
Posts: 2

Ticket number #14417

Posted: 02/23/2009 09:55:34
by medianet software (Basic support level)
Joined: 02/23/2009
Posts: 1

Hola José Luis, estamos en la misma situación en la que te encontrabas tú. ¿Has logrado arreglarlo? ¿Podrias contarnos como?

Posted: 02/23/2009 10:18:46
by Ken Ivanov (Team)

Lo siento, el problema no ha resuelto. Por favor, intente jugar con propiedades:
* IncludeSignature (intente ambos false y true)
* IncludeCertificates (lo mismo)
* Options (intente todos combinaciones de ocoIncludeVersion y ocoIncludeSupportedResponseTypes banderas).

Si nada de opciones no ayudan, por favor solicite al administrador del OCSP servidor para ver a revista del servidor. Probablemente ayudara a encontrar la causa del problema.



Topic viewed 1936 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!