EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Timestamping through Proxy server

Posted: 04/29/2010 02:35:58
by Bram Breels (Standard support level)
Joined: 02/20/2009
Posts: 4


We need to implement a PDF signing and timestamping application in an environment where all internet communication is done through a proxy server.
To emulate this environment, I've set up a proxy server on my development machine and tried to sign and timestamp a given PDF. When using the local proxy server in Internet Explorer, the request to the timestamping server goes through, meaning the proxy supports the HTTPS request.

When running the signing and timestamping application (using Eldos Secure black box) without proxy settings (through the standard internet gateway) on the local machine, the process succeeds. But when using the proxy server, the process halts (hangs) indefinitely.

         TElX509Certificate x509Certificate = this.GetTElCertificate();
         TElMemoryCertStorage certStorage;
         TElMessageSigner signer;
         certStorage = new TElMemoryCertStorage();
         signer = new TElMessageSigner();
         signer.CertStorage = certStorage;
         signer.UsePSS = false;
         signer.CertStorage.Add(x509Certificate, true);

            TElHTTPTSPClient httpTspClient = new TElHTTPTSPClient();
            httpTspClient.URL = this.signInfo.TimeStampInfo.URL;
            httpTspClient.HTTPClient = new TElHTTPSClient();
            httpTspClient.HTTPClient.RequestParameters = new TElHTTPRequestParams();
            httpTspClient.HTTPClient.RequestParameters.Username = this.signInfo.TimeStampInfo.RequestParametersUserName;
            httpTspClient.HTTPClient.RequestParameters.Password = this.signInfo.TimeStampInfo.RequestParametersPassWord;
            if(proxySettings != null)
               httpTspClient.HTTPClient.UseHTTPProxy = true;
               httpTspClient.HTTPClient.HTTPProxyHost = proxySettings.Host;
               httpTspClient.HTTPClient.HTTPProxyPort = proxySettings.Port;
               httpTspClient.HTTPClient.HTTPProxyUsername = proxySettings.UserName;
                    httpTspClient.HTTPClient.HTTPProxyPassword = proxySettings.Password;
               httpTspClient.HTTPClient.UseHTTPProxy = false;
            httpTspClient.HTTPClient.OnCertificateValidate += this.CertificateValidate;
            httpTspClient.HTTPClient.ClientCertStorage = new TElMemoryCertStorage();

            if(string.IsNullOrEmpty(this.signInfo.TimeStampInfo.ClientCertificateStoreFilePath) == false)
               using(FileStream f = new FileStream(this.signInfo.TimeStampInfo.ClientCertificateStoreFilePath, FileMode.Open))
                  TElX509Certificate cer = new TElX509Certificate();
                  cer.LoadFromStreamPFX(f, this.signInfo.TimeStampInfo.ClientCertificateStorePassword, 0);

                  this.certStorage.Add(cer, true);

               for(int i = 0; i < this.certStorage.ChainCount; i++)
                  int index = this.certStorage.get_Chains(i);
                     this.certIndex = index;

            httpTspClient.HTTPClient.OnCertificateNeededEx += this.CertificateNeededEx;

            signer.TSPClient = httpTspClient;

         int outSize = buffer.Length + 16384;
         byte[] outBuffer = new byte[outSize];
         int result = signer.Sign(buffer, ref outBuffer, ref outSize, false); //-> PROCESS HANGS HERE

         if(result != 0)
            throw new Exception(String.Format("Error {0} when signing the file", result));


Could you please tell us what is wrong with this code snippet, or why it might hang?

Much obliged,
Sven Billiau
.NET Architect
Advalvas Europe NV
Posted: 04/29/2010 03:04:48
by Eugene Mayevski (Team)

Are you accessing HTTP or HTTPS resource? Different settings should be used in these cases.

Sincerely yours
Eugene Mayevski
Posted: 05/06/2010 03:56:12
by Bram Breels (Standard support level)
Joined: 02/20/2009
Posts: 4


Sorry for the late reply...
We are accessing a HTTPS resource.

everything works without using a Web-Proxy-server. Once using the Proxy-server the marked code line hangs.

Kind regards,
Posted: 05/06/2010 08:32:25
by Eugene Mayevski (Team)

Right, this is why I asked.

When you access HTTPS resource, you need to connect via HTTPS proxy server. Your HTTP proxy can support HTTP CONNECT mode (the one you need), and in this case it acts *also* as HTTPS proxy server.

You specify use of HTTPS proxy by setting UseWebTunneling properties to true and other WebTunneling* properties accordingly. In this case you need to disable "regular" HTTP proxy.

I know that seems to be confusing, but the proxy types are different and so they must be distinguished in code. Mixing them together could cause security problems and other unpleasant consequences.

Sincerely yours
Eugene Mayevski



Topic viewed 1560 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!