EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Question about PDF and Acrobat Reader

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
#1862
Posted: 12/14/2006 05:51:10
by Eugene Mayevski (EldoS Corp.)

We can't do anything that you can't do. I.e. you can take the certificate that works and compare it to yours.


Sincerely yours
Eugene Mayevski
#1863
Posted: 12/14/2006 06:00:26
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

The thing is that i don't have a certificate that works ;). Do you have anyone?
#1864
Posted: 12/14/2006 06:27:32
by Eugene Mayevski (EldoS Corp.)

No, we don't have any. You can take one from response sent by the server that works (you mentioned the URL above).


Sincerely yours
Eugene Mayevski
#1865
Posted: 12/14/2006 06:32:16
by Eugene Mayevski (EldoS Corp.)

Hold on. I've found a certificate and our test server. If they work, I will post them both here.


Sincerely yours
Eugene Mayevski
#1866
Posted: 12/14/2006 07:07:44
by Eugene Mayevski (EldoS Corp.)

This goddamn piece of crap, called Acrobat, doesn't like TSANameSet parameter.

I've attached the certificate and here's the code for the TSP server (the certificate is accessed via cert.storage):

Code
procedure TfrmMain.FileTSPClientTimestampNeeded(Sender: TObject; RequestStream,
  ReplyStream: TStream; var Succeeded: Boolean);
var TSPReply : TStream;
begin
  try
    TSPServer.LoadRequestFromStream(RequestStream);
    TSPServer.TSPInfo.Time := Now - 2;
    TSPServer.TSPInfo.AccuracySet := false;
    TSPServer.TSPInfo.AccuracySec := 0;
    TSPServer.TSPInfo.AccuracyMilli := 10;
    TSPServer.TSPInfo.AccuracyMicro := 0;
    TSPServer.TSPInfo.SerialNumber := BytesOfString('MySerial');
//    TSPServer.TSPInfo.TSAName.DNSName := 'www.eldos.com';
//    TSPServer.TSPInfo.TSAName.NameType := gnDNSName;
    TSPServer.TSPInfo.TSANameSet := false;
    TSPServer.SaveReplyToStream(psGranted, 0, ReplyStream);
    Succeeded := true;
  except
    Succeeded := false;
  end;
end;


I've got no idea regarding why it doens't handle TSAName - maybe just another bug in it's ASN parser...


[ Download ]

Sincerely yours
Eugene Mayevski
#1867
Posted: 12/14/2006 07:09:50
by Eugene Mayevski (EldoS Corp.)

Well, at least it understands Accuracy fields so you can set AccuracySet to true in the above code.


Sincerely yours
Eugene Mayevski
#1868
Posted: 12/14/2006 07:18:29
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

You're right... I set the TSANameSet to false and my server is now compatible with Adobe :) maybe you should teach them some things... :p

Many thanks... all is solved now
#1869
Posted: 12/14/2006 07:42:20
by Eugene Mayevski (EldoS Corp.)

BTW ... the edelweb site uses something like this:

TSPServer.TSPInfo.TSAName.UniformResourceIdentifier := 'http://www.eldos.com/';
TSPServer.TSPInfo.TSAName.NameType := gnUniformResourceIdentifier;


However I couldn't make Adobe work with the above settings either. It can be that acrobat compares the name in the TSAName with the name in the certificate. I don't know exactly.


Sincerely yours
Eugene Mayevski
#1870
Posted: 12/14/2006 08:17:04
by Eugene Mayevski (EldoS Corp.)

Well, Acrobat is not that huge piece (but still a piece):

Quote

The purpose of the tsa field is to give a hint in identifying the
name of the TSA. If present, it MUST correspond to one of the
subject names included in the certificate that is to be used to
verify the token. However, the actual identification of the entity


So the TSA name must correspond to the certificate name.


Sincerely yours
Eugene Mayevski
Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.

Reply

Statistics

Topic viewed 8328 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!