EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Question about PDF and Acrobat Reader

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 12/14/2006 05:51:10
by Eugene Mayevski (Team)

We can't do anything that you can't do. I.e. you can take the certificate that works and compare it to yours.

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 06:00:26
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

The thing is that i don't have a certificate that works ;). Do you have anyone?
Posted: 12/14/2006 06:27:32
by Eugene Mayevski (Team)

No, we don't have any. You can take one from response sent by the server that works (you mentioned the URL above).

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 06:32:16
by Eugene Mayevski (Team)

Hold on. I've found a certificate and our test server. If they work, I will post them both here.

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 07:07:44
by Eugene Mayevski (Team)

This goddamn piece of crap, called Acrobat, doesn't like TSANameSet parameter.

I've attached the certificate and here's the code for the TSP server (the certificate is accessed via cert.storage):

procedure TfrmMain.FileTSPClientTimestampNeeded(Sender: TObject; RequestStream,
  ReplyStream: TStream; var Succeeded: Boolean);
var TSPReply : TStream;
    TSPServer.TSPInfo.Time := Now - 2;
    TSPServer.TSPInfo.AccuracySet := false;
    TSPServer.TSPInfo.AccuracySec := 0;
    TSPServer.TSPInfo.AccuracyMilli := 10;
    TSPServer.TSPInfo.AccuracyMicro := 0;
    TSPServer.TSPInfo.SerialNumber := BytesOfString('MySerial');
//    TSPServer.TSPInfo.TSAName.DNSName := 'www.eldos.com';
//    TSPServer.TSPInfo.TSAName.NameType := gnDNSName;
    TSPServer.TSPInfo.TSANameSet := false;
    TSPServer.SaveReplyToStream(psGranted, 0, ReplyStream);
    Succeeded := true;
    Succeeded := false;

I've got no idea regarding why it doens't handle TSAName - maybe just another bug in it's ASN parser...

[ Download ]

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 07:09:50
by Eugene Mayevski (Team)

Well, at least it understands Accuracy fields so you can set AccuracySet to true in the above code.

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 07:18:29
by Santiago Castaño (Standard support level)
Joined: 04/16/2006
Posts: 155

You're right... I set the TSANameSet to false and my server is now compatible with Adobe :) maybe you should teach them some things... :p

Many thanks... all is solved now
Posted: 12/14/2006 07:42:20
by Eugene Mayevski (Team)

BTW ... the edelweb site uses something like this:

TSPServer.TSPInfo.TSAName.UniformResourceIdentifier := 'http://www.eldos.com/';
TSPServer.TSPInfo.TSAName.NameType := gnUniformResourceIdentifier;

However I couldn't make Adobe work with the above settings either. It can be that acrobat compares the name in the TSAName with the name in the certificate. I don't know exactly.

Sincerely yours
Eugene Mayevski
Posted: 12/14/2006 08:17:04
by Eugene Mayevski (Team)

Well, Acrobat is not that huge piece (but still a piece):


The purpose of the tsa field is to give a hint in identifying the
name of the TSA. If present, it MUST correspond to one of the
subject names included in the certificate that is to be used to
verify the token. However, the actual identification of the entity

So the TSA name must correspond to the certificate name.

Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.



Topic viewed 9468 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!