0 Replies Latest reply on Sep 24, 2012 5:03 AM by capitancorazza

    TIMESTAMP management issues

    capitancorazza

      Adobe Acrobat 9 seems to have a little bug in the timestamping process.

       

      When using an http TimeStamp server that requires basic authentication a first connection (made by Acrobat) is always tried without the needed BasicAuth field set (regardless the settings of the specific TS server). So, for every TS request two different queries are always sent.

       

      Below an example of the packets captured during a transaction:

       

      POST /cdie/HttpService HTTP/1.1

      Accept: */*

      Content-Type: application/timestamp-query

      Content-Length: 53

      Character-Encoding: binary

      User-Agent: PPKHandler

      Host: marte.infocert.it

      Connection: Keep-Alive

      Cache-Control: no-cache

       

      03...0!0...+........fYA.C.....4....Ll..<...]...b>....HTTP/1.1 401 Unauthorized

      Date: Mon, 24 Sep 2012 10:40:03 GMT

      Server: WEB SERVER INFOCERT

      X-Powered-By: Application Server Infocert - marca3

      WWW-Authenticate: Basic realm="cdie"

      Content-Length: 37

      Vary: Accept-Encoding,User-Agent

      Keep-Alive: timeout=15, max=100

      Connection: Keep-Alive

      Content-Type: text/plain;charset=ISO-8859-1

      Content-Language: it

      MSGNO = 1900               //SPECIFIC TSA BUILT-IN "BASICAUTH MISSING" EXTRA ERROR MESSAGE

      DESCR = user mancante  //SPECIFIC TSA BUILT-IN "BASICAUTH MISSING" EXTRA ERROR MESSAGE

       

       

      POST /cdie/HttpService HTTP/1.1

      Accept: */*

      Content-Type: application/timestamp-query

      Content-Length: 53

      Character-Encoding: binary

      Authorization: Basic Y3N0Y***********

      User-Agent: PPKHandler

      Host: marte.infocert.it

      Connection: Keep-Alive

      Cache-Control: no-cache

       

      03...0!0...+........fYA.C.....4....Ll..<...]...b>....HTTP/1.1 200 OK

      Date: Mon, 24 Sep 2012 10:40:03 GMT

      Server: WEB SERVER INFOCERT

      X-Powered-By: Application Server Infocert - marca1

      Content-Length: 90

      Vary: Accept-Encoding,User-Agent

      Keep-Alive: timeout=15, max=99

      Connection: Keep-Alive

      Content-Type: text/plain;charset=ISO-8859-1

      Content-Language: it

      ERRNO= 1300                                                                              //SPECIFIC TSA BUILT-IN "WRONG USR/PWD"  EXTRA ERROR MESSAGE

      DESCR= Identificazione fallita: password:********:errata per  //SPECIFIC TSA BUILT-IN "WRONG USR/PWD"  EXTRA ERROR MESSAGE

       

      Please note that the two requests are automatically issued in succession.

      Please note also that the related registry keys are as below:

       

      Windows Registry Editor Version 5.00

       

      [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cPPKHandler\cTimeStampServers\c1]

      "bAuthRequired"=dword:00000001

      "tLockboxId"="nE08L6...B64_STRING"

      "tName"="IC HTTP"

      "tServer"="http://marte.infocert.it/cdie/HttpService"

       

       

       

       

      My two cents: if the authentication towards the TS server fails (as in the example above), the error reported in the Acrobat's errors window is a "BER decoding error" (in italian, "Si è verificato un errore durante la decodifica BER:"), so basically it gives no information of what error has been encountered. Maybe reporting the content of the server response (that often will contain a server-specific error message) in the errors window would be desirable.