EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Exception is thrown on CompleteAsyncSign() call

Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.
#22396
Posted: 11/08/2012 09:42:49
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi,
I'm currently trying to implement a prototype which makes use of distributed signing in order to evaluate a possible move to SBB 10. I wrote my code following what discussed in http://www.eldos.com/forum/read.php?PAGEN_3=1&FID=7&TID=3014#nav_start_3

I made 3 methods: the first (the client, using your naming conventions) loads a document and stores the request and the CMS message in files. The second acts as the server and loads the request and generates a response, saved to a file.
The third is the client again, loading both response and message and completing the procedure.

Everything seems to be fine up until CompleteAsyncSign(), where the following exception is thrown:
Quote
Project Project1.exe raised exception class EElCMSError with message 'Bad asynchronous state'.


I have no idea how to investigate it further and need some help. I'm unable to find documentation about distributed signature classes and methods (is the documentation incomplete or is just me? Should the latter be true, where can I find reference documentation and examples for the DS features?).

I hope to have included all the relevant details. The code is the following:
Code
int Signer::InitiateDistributedSignature(const AnsiString& aSrcFileName, const AnsiString& aReqFileName, const AnsiString& aMsgFileName)
{
  TElSignedCMSMessage* aMessage = new TElSignedCMSMessage(0);

  TFileStream* aSrcStream = new TFileStream(aSrcFileName, fmOpenRead | fmShareDenyWrite);
  aMessage->CreateNew(aSrcStream, 0, aSrcStream->Size);

  int aIdx = aMessage->AddSignature();
  TElCMSSignature* aSignature = aMessage->Signatures[aIdx];
  aSignature->DigestAlgorithm = SB_ALGORITHM_DGST_SHA1;
  aSignature->PublicKeyAlgorithm = SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION;
  aSignature->SigningOptions = TSBCMSSigningOptions(csoIncludeCertToMessage | csoInsertContentType | csoInsertMessageDigests | csoInsertSigningTime);
  aSignature->SigningTime = UTCNow();

  TFileStream* aMsgStream = new TFileStream(aMsgFileName, fmCreate);
  aMessage->Save(aMsgStream);

  TElDCAsyncState* aState = NULL;
  aSignature->InitiateAsyncSign(aState);

  TFileStream* aReqStream = new TFileStream(aReqFileName, fmCreate);

  TElDCXMLEncoding* aEncoding = new TElDCXMLEncoding();
  aState->SaveToStream(aReqStream, aEncoding);

  aMessage->Close();

  delete aEncoding;
  delete aSrcStream;
  delete aReqStream;
  delete aMsgStream;
  delete aMessage;

  return 0; //OK
}

int Signer::ClientSign(const AnsiString& aReqFileName, const AnsiString& aRespFileName)
{
  TFileStream* aReqStream = new TFileStream(aReqFileName, fmOpenRead | fmShareDenyWrite);
  TElDCX509SignOperationHandler* aHandler = new TElDCX509SignOperationHandler();
  TElDCStandardServer* aServer = new TElDCStandardServer();

  aHandler->CertStorage = mCertStorage;
  aServer->AddOperarionHandler(aHandler);

  TFileStream* aRespFileStream = new TFileStream(aRespFileName, fmCreate);
  TElDCXMLEncoding* aEncoding = new TElDCXMLEncoding();

  aServer->Process(aReqStream, aRespFileStream, aEncoding, aEncoding);

  delete aReqStream;
  delete aRespFileStream;
  delete aServer;
  delete aHandler;
  delete aEncoding;

  return 0; //OK
}

int Signer::CompleteDistributeSignature(const AnsiString& aRespFileName, const AnsiString& aMsgFileName, const AnsiString aDestFileName)
{
  TFileStream* aRespStream = new TFileStream(aRespFileName, fmOpenRead | fmShareDenyWrite);
  TFileStream* aMsgStream = new TFileStream(aMsgFileName, fmOpenRead | fmShareDenyWrite);
  TElDCAsyncState* aState = new TElDCAsyncState();
  TElSignedCMSMessage* aMessage = new TElSignedCMSMessage(0);

  TElDCXMLEncoding* aEncoding = new TElDCXMLEncoding();
  aState->LoadFromStream(aRespStream, aEncoding);

  aMessage->Open(aMsgStream, NULL, 0, 0);

  aMessage->Signatures[0]->CompleteAsyncSign(aState);

  TFileStream* aDestStream = new TFileStream(aDestFileName, fmCreate);
  aMessage->Save(aDestStream);

  delete aRespStream;
  delete aMsgStream;
  delete aState;
  delete aMessage;
  delete aDestStream;

  return 0; //OK
}


Thank you for the help.
Best regards.
#22404
Posted: 11/08/2012 13:39:04
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Please refer to this article and check if your code it written as its described there: https://www.eldos.com/security/articles/7477.php The scheme from next page may be also helpful: https://www.eldos.com/sbb/desc-dc.php
#22415
Posted: 11/09/2012 02:51:16
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi, thank you for helping.
Yes, that very article was the starting point of my implmentation. As far as I can tell there is apparently nothing different between my code and the article, the winazure sample and the code posted in the topic linked in my first comment.

Unfortunately, the error message is not really helpful in determining what exactly went wrong (i.e error code or something similar). Could you maybe double check my code, or give me hints about common causes of that error?

In the meanwhile, I changed my code so that the TElSignedCMSMessage object is no longer serialized/deserialized between presign and finalization steps: the same instance is kept and used in both procedures. This did not solve the problem though.
#22416
Posted: 11/09/2012 03:19:42
by Ken Ivanov (EldoS Corp.)

There is a mistake in your InitiateDistributedSignature() method - you are saving the CMS object before initiating the distributed signing operation (lines 16 and 19 of your code snippet). The pre-signing stage (encapsulated in the InitiateAsyncSign() method) actually involves building a skeleton of a CMS signature object, which must be saved to the pre-signed blob in order to make the signing completion operation succeed.
#22417
Posted: 11/09/2012 03:53:40
by Christoph Moar (Standard support level)
Joined: 08/28/2009
Posts: 46

Hi, thank you! This seems to solve the issue. Process completes without errors and now I just have to perform a couple of checks on the resulting file (to be sure I did not miss anything else).

Thank you again and best regards!
Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.

Reply

Statistics

Topic viewed 1070 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!