EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Distributed Cryptography:

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#24308
Posted: 03/26/2013 08:42:39
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

The page is loaded and it shows the text "Empty session" just as you have said.
#24309
Posted: 03/26/2013 09:29:03
by Alexander Ionov (EldoS Corp.)

Sorry, I don't have ideas anymore. The error "401 Access denied" is returned from the server, this is not a local error. This means that the activex control has attempted to post signed data back to the server but failed to access the URL specified in the DataURL parameter. Please note that this sample activex control does not use the browser to transfer signed data. Instead it opens a separate internal connection to the server. So if your server (or the folder on the server) requires a kind of authorization that is performed by the browser automatically (by adding Authorization header field or using cookies), the control does not know about this and does not send this information to the server. This may result in the reported error.

Quote
Ari Urkullu wrote:
When we adquire SecureBlackBox licenses, including the license for DC component, will we be able to see all the source code of the sample "C#\PDFBlackbox\ASPNet_Distributed"?

When you purchase a license for DC add-on, you'll receive the complete sources of all the browser side DC modules: the ActiveX control, the Java applet and the Flex program.


--
Best regards,
Alexander Ionov
#24339
Posted: 03/27/2013 10:54:33
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Sorry, I didn't know that the ActiveX control was opening a separate internal connection to the server. Our platform uses information about the user through cookies, so I think that it is happening what you said.

I will try to summarize which is our goal. What we want is to be able to sign pdf documents with PAdES-LTV signature, in distributed way. I mean, the certificate in the client side and the pdf to sign in the server side. We have to insert OCSP responses and the timestamp, and for doing these inserts, we have to work with third party entities, requesting them OCSP responses and timepstamps through http requests. Also we may need to insert additional certificates that the one the user selects in the client side.

With all this, I have the next doubts:

When we buy the license for DC add-on, will we be able to modify the ActiveX Control (and the Java applet) source code, so it uses the connection I have with the server, instead of openning a new separate one?

When we buy the license for DC add-on, will we be able to modify the ActiveX Control (and the Java applet) source code, so we can do PAdES LTV signature? I include that we should be able to incorporate the OCSP responses and timestamps from third party entities obtained through HTTP requests, and also insert additional certificates if needed.

I think that beginning from your sample "C#\PDFBlackbox\ASPNet_Distributed":

The timestamp should be added in the Result.aspx.vb, after receiving the signature block. Is this right?

The OCSP responses should be added in the Result.aspx.vb too, right?

If we need to add another certificates moreover than the one in the client side the user is using to do the signature, I think that the should be added in the Result.aspx.vb, right?

I think that these are all my doubts by the moment about this topic.

Thank you very much,
Ari.
#24342
Posted: 03/27/2013 11:25:04
by Alexander Ionov (EldoS Corp.)

Quote
Ari Urkullu wrote:
When we buy the license for DC add-on, will we be able to modify the ActiveX Control (and the Java applet) source code, so it uses the connection I have with the server, instead of openning a new separate one?

Unfortunatelly I'm not sure if it's possible to use the browser connection to send data from activex control or java applet. This does not mean it's impossible at all, just I don't know anything about this.
But I think it's definitely possible to pass the required cookie to the control and the applet and modify them in order to send that cookie through the internal connection.

Quote
Ari Urkullu wrote:
The timestamp should be added in the Result.aspx.vb, after receiving the signature block. Is this right?

The OCSP responses should be added in the Result.aspx.vb too, right?

If we need to add another certificates moreover than the one in the client side the user is using to do the signature, I think that the should be added in the Result.aspx.vb, right?

Unfortunatelly I don't know much about PDF signature internals, so I'll ask my collegue to answer these questions.


--
Best regards,
Alexander Ionov
#24343
Posted: 03/27/2013 11:38:27
by Ken Ivanov (EldoS Corp.)

Ari,

Quote
The timestamp should be added in the Result.aspx.vb, after receiving the signature block. Is this right?

Yes. Timestamp is calculated over the signature block, so it is technically impossible to add it on the pre-signing stage.

Quote
The OCSP responses should be added in the Result.aspx.vb too, right?

Not really. If you intend to create generic PDF signatures (not PAdES ones), the relevant CRLs and OCSP responses should be added on the pre-signing stage, as PDF specification requires them to be stored as signed attributes. PAdES signatures are free from this requirement, so you can add revocation information on the finalization stage.

Quote
If we need to add another certificates moreover than the one in the client side the user is using to do the signature, I think that the should be added in the Result.aspx.vb, right?

That's right, all the extra certificates should be added on the finalization stage.
#24406
Posted: 04/02/2013 03:16:02
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

I guess that I have found a new clue about the issue "Step 4. Progress: Failed. Server response: 401 Access Denied".

Your sample "EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\ASPNet_Distributed" works well in my computer. I copied the directory "C:\Documents and Settings\All Users\Documents\EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\ASPNet_Distributed" in the desktop and I tried to execute it. The first time I opened the desktop copy, it asked me the next question:

"The Web project 'DCWeb' is currently configured to use the URL 'http://localhost/DCWeb'. The web server has this URL mapped to a different folder 'C:\Documents and Settings\All Users\Documents\EldoS\SecureBlackBox.NET\Samples\C#\PDFBlackBox\ASPNet_Distributed\'. Would you like to remap this URL to point this Web project's folder?"

If I click "No", when I try to debug the project (the copied one), it shows me a dialog error with the text:

"Unable to start debugging on the web server. See help for common configuration errors. Running the web page outside of the debugger may provide further information.

Make sure the server is operation correctly. Verify there are no syntax errors in web.config by doing a Debug.Start Without Debugging. You may also want to refer to the ASP.NET and ATL Server debugging topic in the online documentation."

Also when I try to start without debugging it shows me inside an internet explorer window the error:

"Server Application Unavailable

The web application you are attempting to access on this web server is currently unavailable. Please hit the "Refresh" button in your web browser to retry your request.

Administrator Note: An error message detailing the cause of this specific request failure cna be found in the application event log of the web server. Please review this log entry to discover what caused this error to occur."

If I click "Yes" to the remap question, when I debug the project (the copied one) first I get the error:

"Access to the path 'C:\Documents and Settings\auv\Desktop\ASPNet_Distributed\Data\0aeppmrybhug4e2atgkxrz45.tmp' is denied."

So I give to the user "ASP.NET Machine Account (AUV\ASPNET)" full control to the copied project folder, and to the subfolders and subfiles inside it. Then when I try to debug again the copied project, I get the error "Step 4. Progress: FAILED. Server response: 401 Unauthorized", jus the same error that the one at the beginning of this thread.

So I guess that error is something related with the IIS configuration.
#24437
Posted: 04/03/2013 10:17:57
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Ok, doing another test, the results match what Alexander said. I started testing our platform, and when I was about to click on "Finish" button to do the digital signature where I got the error "Step 4. Progress: Failed. Server response: 401 Access Denied", I accessed just before the IIS and I activated the Anonymous access and after I clicked "Finish" the operation is completed. So it looks like when we buy your licenses we will have to pass the required cookie to the control or applet.

This last test I have done launching the ActiveX part. If I try the same with the Java part, in Result.aspx.vb, in the function FinishSigning in the line doc.CompleteAsyncOperation(Fich, state, handler) an exception is launched, where the message is "No enough space for signature". The Result.aspx is the same for both ActiveX and Java parts. So I guess that the real error is done before Result.aspx is called. Do you have any idea about what could be causing this error in that instruction?
#24439
Posted: 04/03/2013 11:03:29
by Alexander Ionov (EldoS Corp.)

Quote
Ari Urkullu wrote:
an exception is launched, where the message is "No enough space for signature"

This knowledgebase article will shed some light on your problem.


--
Best regards,
Alexander Ionov
#24593
Posted: 04/16/2013 07:57:52
by Ari Urkullu (Basic support level)
Joined: 11/26/2012
Posts: 26

Hello,

I couldn't write earlier, I have been busy with other stuff. The solution of the thread worked perfectly, thank you very much.

Now I am trying to modify your sample from "C#\PDFBlackbox\ASPNet_Distributed". I added to it a reference to SecureBlackBox.PKIPDF and then modified the code the nex way:

I replaced in PreSigner.cs, Page_Load, the line:

Code
TElPDFPublicKeySecurityHandler handler = new TElPDFPublicKeySecurityHandler();


for the line:

Code
TElPDFAdvancedPublicKeySecurityHandler handler = new TElPDFAdvancedPublicKeySecurityHandler();


Afterwards I added just after the next line in the same function:

Code
handler.CustomName = "Adobe.PPKMS";


The lines:

Code
handler.PAdESSignatureType = TSBPAdESSignatureType.pastBasic;
handler.AutoCollectRevocationInfo = false;
handler.IgnoreChainValidationErrors = false;


When I try to execute the sample using the ActiveX part with this modifications it shows me the next error:

Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.NullReferenceException: Object reference not set to an instance of an object.


Line 51: signature.SigningTime = DateTime.UtcNow;
Line 52:
Line 53: state = doc.InitiateAsyncOperation();
Line 54: }
Line 55: finally

Source File: C:\Documents and Settings\All Users\Documents\EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\ASPNet_Distributed\PreSigner.cs Line: 53

[NullReferenceException: Object reference not set to an instance of an object.]
SBPAdES.TElPDFAdvancedPublicKeySecurityHandler.GetEstimatedSignatureSize(Boolean AsyncMode) +191
SBPDF.TElPDFDocument.PreCalculateSignatures@2(TElPDFSignature Sig, TElPDFDictionary V) +254
SBPDF.TElPDFDocument.PreCalculateSignatures(Boolean IncrementalUpdate) +11867
SBPDF.TElPDFDocument.Close(Boolean Save) +4363
SBPDF.TElPDFDocument.InitiateAsyncOperation() +73
DCWeb.PreSigner.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\All Users\Documents\EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\ASPNet_Distributed\PreSigner.cs:53
DCWeb.ActiveX.Control.Page_Load(Object sender, EventArgs e) in C:\Documents and Settings\All Users\Documents\EldoS\SecureBlackbox.NET\Samples\C#\PDFBlackbox\ASPNet_Distributed\ActiveX\Control.aspx.cs:14
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
System.Web.UI.Control.OnLoad(EventArgs e) +91
System.Web.UI.Control.LoadRecursive() +74
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2207



I don't know exactly why it is going wrong. I have looked in:

http://www.eldos.com/documentation/sbb/documentation/ref_cl_pdfadvancedpublickeysecurityhandler.html#prplist
http://www.eldos.com/documentation/sbb/documentation/ref_cl_pdfpublickeysecurityhandler.html#mtdlist
http://www.eldos.com/documentation/sbb/documentation/ref_cl_pdfsecurityhandler.html#prplist

And I can't see the method GetEstimatedSignatureSize. I wonder if I am missing to set a property or something. Have you any idea why this error could be happening?
#24594
Posted: 04/16/2013 08:31:38
by Ken Ivanov (EldoS Corp.)

Hello Ari,

1) Please try to set the SignatureSizeEstimationStrategy property to TSBPAdESSignatureSizeEstimationStrategy.psesBasic and check if it helps to overcome the problem.

2) Do you assign an initialized certificate storage object to the CertStorage property of the handler? The handler won't be able to calculate the size of the signature placeholder accurately in psesSmart and psesSmartAndTrialTimestamp modes unless a certificate storage containing all the certificates participating in the signing operation is provided.
Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages

Reply

Statistics

Topic viewed 7726 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!