TIMESTAMP management issues
capitancorazza Sep 24, 2012 5:03 AMAdobe Acrobat 9 seems to have a little bug in the timestamping process.
When using an http TimeStamp server that requires basic authentication a first connection (made by Acrobat) is always tried without the needed BasicAuth field set (regardless the settings of the specific TS server). So, for every TS request two different queries are always sent.
Below an example of the packets captured during a transaction:
POST /cdie/HttpService HTTP/1.1
Accept: */*
Content-Type: application/timestamp-query
Content-Length: 53
Character-Encoding: binary
User-Agent: PPKHandler
Host: marte.infocert.it
Connection: Keep-Alive
Cache-Control: no-cache
03...0!0...+........fYA.C.....4....Ll..<...]...b>....HTTP/1.1 401 Unauthorized
Date: Mon, 24 Sep 2012 10:40:03 GMT
Server: WEB SERVER INFOCERT
X-Powered-By: Application Server Infocert - marca3
WWW-Authenticate: Basic realm="cdie"
Content-Length: 37
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain;charset=ISO-8859-1
Content-Language: it
MSGNO = 1900 //SPECIFIC TSA BUILT-IN "BASICAUTH MISSING" EXTRA ERROR MESSAGE
DESCR = user mancante //SPECIFIC TSA BUILT-IN "BASICAUTH MISSING" EXTRA ERROR MESSAGE
POST /cdie/HttpService HTTP/1.1
Accept: */*
Content-Type: application/timestamp-query
Content-Length: 53
Character-Encoding: binary
Authorization: Basic Y3N0Y***********
User-Agent: PPKHandler
Host: marte.infocert.it
Connection: Keep-Alive
Cache-Control: no-cache
03...0!0...+........fYA.C.....4....Ll..<...]...b>....HTTP/1.1 200 OK
Date: Mon, 24 Sep 2012 10:40:03 GMT
Server: WEB SERVER INFOCERT
X-Powered-By: Application Server Infocert - marca1
Content-Length: 90
Vary: Accept-Encoding,User-Agent
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain;charset=ISO-8859-1
Content-Language: it
ERRNO= 1300 //SPECIFIC TSA BUILT-IN "WRONG USR/PWD" EXTRA ERROR MESSAGE
DESCR= Identificazione fallita: password:********:errata per //SPECIFIC TSA BUILT-IN "WRONG USR/PWD" EXTRA ERROR MESSAGE
Please note that the two requests are automatically issued in succession.
Please note also that the related registry keys are as below:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cPPKHandler\cTimeStampServers\c1]
"bAuthRequired"=dword:00000001
"tLockboxId"="nE08L6...B64_STRING"
"tName"="IC HTTP"
"tServer"="http://marte.infocert.it/cdie/HttpService"
My two cents: if the authentication towards the TS server fails (as in the example above), the error reported in the Acrobat's errors window is a "BER decoding error" (in italian, "Si è verificato un errore durante la decodifica BER:"), so basically it gives no information of what error has been encountered. Maybe reporting the content of the server response (that often will contain a server-specific error message) in the errors window would be desirable.