EldoS | Feel safer!

Software components for data protection, secure storage and transfer

rootCACert

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#36743
Posted: 05/17/2016 10:50:19
by Nick Adams (Basic support level)
Joined: 05/17/2016
Posts: 1

In this article, any idea what rootCACert is referring to and how to instance it?

https://www.eldos.com/security/articles/7883.php

Code
1.   TElPDFDocument doc = new TElPDFDocument();
2.   try
3.   {
4.     // Opening the document.
5.     doc.Open(docStream);
6.   
7.     // Obtaining the last signature object.
8.     int index = doc.SignatureCount - 1;
9.     TElPDFSignature sig = doc.get_Signatures(Idx);
10.   
11.     // Checking if the signature references the correct handler.
12.     if (!(sig.Handler is TElPDFAdvancedPublicKeySecurityHandler))
13.     {
14.       throw new Exception(“Wrong security handler, PAdES is likely not to be initialized”);
15.     }
16.   
17.     // Ensuring that the existing signature contains the complete set
18.     // of revocation elements.
19.     TElPDFAdvancedPublicKeySecurityHandler handler = (TElPDFAdvancedPublicKeySecurityHandler)(sig.Handler);
20.   
21.     // Configuring the handler to make it perform deep chain validation
22.     // and collect all available revocation information from
23.     // online sources.
24.     handler.AutoCollectRevocationInfo = true;
25.     handler.ForceCompleteChainValidation = true;
26.       
27.     // Use the CustomRevocationInfo property to provide the handler
28.     // with revocation information not available online:
29.     handler.CustomRevocationInfo.Certificates.Add(intmCACert, false);
30.     handler.CustomRevocationInfo.Certificates.Add(rootCACert, false);
31.     index = Handler.CustomRevocationInfo.AddCRL();
32.     handler.CustomRevocationInfo.get_CRLs(index).Assign(rootCACrl);
33.   
34.     // Updating the signature (collecting missing revocation elements
35.     // and adding them to the document).
36.     sig.Update();
37.   
38.     // Adding document timestamp.
39.     index = doc.AddSignature();
40.     sig = doc.get_Signatures(index);
41.     sig.SigningTime = DateTime.UtcNow;
42.   
43.     // Creating a handler and assigning it to the new signature object.
44.     handler = new TElPDFAdvancedPublicKeySecurityHandler();
45.     try
46.     {
47.       sig.Handler = handler;
48.       handler.PAdESSignatureType = TSBPAdESSignatureType.pastDocumentTimestamp;
49.   
50.       // Creating and configuring TSP components.
51.       httpClient = new TElHTTPSClient();
52.       try
53.       {
54.         tspClient = new TElHTTPTSPClient();
55.         try
56.         {
57.           tspClient.HTTPClient = httpClient;
58.           tspClient.URL = “http://tsa.myserver.com”;
59.           handler.TSPClient = tspClient;
60.   
61.           // Saving and closing the document.
62.           doc.Close(true);
63.         }
64.         finally
65.         {
66.           tspClient.Dispose();
67.         }
68.       }
69.       finally
70.       {
71.         httpClient.Dispose();
72.       }
73.     }
74.     finally
75.     {
76.       handler.Dispose();
77.     }
78.   }
79.   finally
80.   {
81.     doc.Dispose();
82.   }
83.   
#36744
Posted: 05/17/2016 13:00:14
by Eugene Mayevski (EldoS Corp.)

intmCACert and rootCACert in the code above are sample certificates, that show, how one would add certificates, not available online. For example, you might know that the root certificate of the company's OCSP responder is not accessible for online collection (say the OCSP server doesn't send it), but is known to your software. Then you can add it to the list of known certificates, so that the revocation information collector could pick it from the list during collection.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 1019 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!