13.09.2006 14:06:55 не работает CadesSignMessage через HTTP через прокси-сервер   Ответов: 25

Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Вызываю CadesSignMessage, где прописываю: Вот строчки подключения к серверам TSP и HTTP-Proxy. [Параметры прокси-сервера] ProxyURI=http://tepmel.center.cg:8080 ProxyAuthType=16 //Negotiate ProxyPassword=<Proxy Password> ProxyUser=<Proxy Login> [Параметры TSP-сервера] TSPURI=http://tsp.vrca.ru/tsp/tsp.srf TSPAuthType=0 // No authentication TSPPassword= //No password TSPUser= //No Login Вот лог. ------------------------------------------------------- cades.dll: (pSignPara=0x0012EC00, fDetachedSignature=0, cToBeSigned=1, rgpbToBeSigned=0x0012EC40, rgcbToBeSigned=0x0012EC34, ppSignedBlob=0x0012EBF4)First-chance exception at 0x7c812a5b in CryptedDocs.exe: Microsoft C++ exception: E_NO_DEVICE at memory location 0x0819fdd7.. cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 cades.dll: (dwMsgEncodingType=0x00010001, dwFlags=0x00000000, pvMsgEncodeInfo=0x0012E5B0, pszInnerContentObjID=0, pStreamInfo=0x00000000) cades.dll: Start.cades.dll: Input parameters checked.cades.dll: Copy of input structures is ready. cades.dll: Signers updating start.cades.dll: Signer #0.cades.dll: (pAttr=0) cades.dll: Signer does not have signinCert or otherSigningCert attribute. cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 The thread 'Win32 Thread' (0xa4c) has exited with code 0 (0x0). cades.dll: Certificates equality checked.cades.dll: Attributes copied. cades.dll: (szHashAlgorithm=1.2.643.2.2.9)cades.dll: Hash algorithm deduced. cades.dll: otherSigningCert attribute assembled.cades.dll: Signed is updated successfully. cades.dll: Calling CryptMsgOpenToEncode() cades.dll: (hMsg=0x001B5008, GetLastError=0x00000000 cades.dll: (hCryptMsg=0x001B4C48, dwSignatureIndex=0, pCadesSignPara=0x0012EC14) cades.dll: Input parameters checked.cades.dll: Signed attributes extracted via CMSG_SIGNER_AUTH_ATTR_PARAM cades.dll: Signer certificate ID found.cades.dll: pSignerCert=0x001B3388 cades.dll: Signature verified. cades.dll: Hash algorithm deduced.cades.dll: Signature extracted via CMSG_ENCRYPTED_DIGEST cades.dll: Creating new CRequest for the thread... cades.dll: Creating new CRequest for the thread... OK. 13:58:48.698 ::*Session* :: WinHttpCrackUrl("http://tsp.vrca.ru/tsp/tsp.srf", 0x0, 0x0, 0x12dbb0) 13:58:48.698 ::*Session* :: WinHttpCrackUrlA("http://tsp.vrca.ru/tsp/tsp.srf", 0x1e, 0x0, 0x12da60) 13:58:48.698 ::*Session* :: WinHttpCrackUrlA() returning TRUE 13:58:48.708 ::*Session* :: WinHttpCrackUrl() returning TRUE 13:58:48.708 ::*Session* :: WinHttpOpen("Crypto-Pro tspcli.dll", (1), "", "", 0x0) 13:58:48.708 ::*Session* :: WinHttpOpen() returning handle 0xe47000 13:58:48.708 ::*Session* :: WinHttpCrackUrl("http://tepmel.center.cg:8080", 0x0, 0x0, 0x12dbec) 13:58:48.708 ::*Session* :: WinHttpCrackUrlA("http://tepmel.center.cg:8080", 0x1c, 0x0, 0x12da60) 13:58:48.708 ::*Session* :: WinHttpCrackUrlA() returning TRUE 13:58:48.708 ::*Session* :: WinHttpCrackUrl() returning TRUE 13:58:48.708 ::*Session* :: WinHttpSetOption(0xe47000, (38), 0x12db94 [0x3], 12) 13:58:48.708 ::*Session* :: WinHttpSetOption() returning TRUE 13:58:48.708 ::*Session* :: WinHttpConnect(0xe47000, "tsp.vrca.ru", 80, 0x0) 'CryptedDocs.exe': Loaded 'C:\WINDOWS\system32\mswsock.dll', No symbols loaded. 'CryptedDocs.exe': Loaded 'C:\WINDOWS\system32\hnetcfg.dll', No symbols loaded. 'CryptedDocs.exe': Loaded 'C:\WINDOWS\system32\wshtcpip.dll', No symbols loaded. 13:58:48.738 ::*Session* :: WinHttpConnect() returning handle 0xe47100 13:58:48.738 ::*Session* :: WinHttpOpenRequest(0xe47100, "POST", "tsp/tsp.srf", "", "", 0x0, 0x00000000) 13:58:48.738 ::*Session* :: WinHttpCreateUrlA(0x12d940, 0x0, 0x7fc0000, 0x12d97c) 13:58:48.738 ::*Session* :: WinHttpCreateUrlA() returning TRUE 13:58:48.738 ::*0000001* :: WinHttpOpenRequest() returning handle 0x7fb0000 13:58:48.738 ::*0000001* :: WinHttpSetOption(0x7fb0000, (77), 0x12db68 [0x2], 4) 13:58:48.738 ::*0000001* :: WinHttpSetOption() returning TRUE 13:58:48.738 ::*0000001* :: WinHttpSendRequest(0x7fb0000, "Content-type: application/timestamp-query", -1, 0x83b1298, 64, 64, 0) 13:58:48.738 ::*0000001* :: WinHttpCreateUrlA(0x12d8d8, 0x0, 0x7fc0000, 0x12d8bc) 13:58:48.738 ::*0000001* :: WinHttpCreateUrlA() returning TRUE 13:58:48.738 ::*0000001* :: Using proxy server: tepmel.center.cg:8080 13:58:48.758 ::*0000001* :: "tepmel.center.cg" resolved cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 13:58:48.758 ::*0000001* :: sending data: 13:58:48.758 ::*0000001* :: 259 (0x103) bytes 13:58:48.758 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:48.758 ::*0000001* :: POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 13:58:48.758 ::*0000001* :: Content-type: application/timestamp-query 13:58:48.758 ::*0000001* :: User-Agent: Crypto-Pro tspcli.dll 13:58:48.758 ::*0000001* :: Host: tsp.vrca.ru 13:58:48.758 ::*0000001* :: Content-Length: 64 13:58:48.758 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:48.768 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:48.768 ::*0000001* :: WinHttpSendRequest() returning TRUE 13:58:48.768 ::*0000001* :: WinHttpReceiveResponse(0x7fb0000, 0x0) 13:58:48.768 ::*0000001* :: received data: 13:58:48.768 ::*0000001* :: 1024 (0x400) bytes 13:58:48.768 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:48.768 ::*0000001* :: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) 13:58:48.768 ::*0000001* :: Via: 1.1 TEPMEL 13:58:48.768 ::*0000001* :: Proxy-Authenticate: Negotiate 13:58:48.768 ::*0000001* :: Proxy-Authenticate: Kerberos 13:58:48.768 ::*0000001* :: Proxy-Authenticate: NTLM 13:58:48.768 ::*0000001* :: Proxy-Authenticate: Basic realm="tepmel.center.cg" 13:58:48.768 ::*0000001* :: Connection: Keep-Alive 13:58:48.768 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:48.768 ::*0000001* :: Pragma: no-cache 13:58:48.768 ::*0000001* :: Cache-Control: no-cache 13:58:48.768 ::*0000001* :: Content-Type: text/html 13:58:48.768 ::*0000001* :: Content-Length: 4107 13:58:48.768 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:48.808 ::*0000001* :: WinHttpReceiveResponse() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpQueryHeaders(0x7fb0000, (0x20000013), "<null>", 0xe584cc, 0x12db6c [4], 0x0 [0]) 13:58:48.808 ::*0000001* :: WinHttpQueryHeaders() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpQueryAuthSchemes(0x7fb0000, 0x12db60, 0x12db7c) 13:58:48.808 ::*0000001* :: WinHttpQueryAuthSchemes() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpQueryAuthSchemes(0x7fb0000, 0x12db60, 0x12db7c) 13:58:48.808 ::*0000001* :: WinHttpQueryAuthSchemes() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpSetCredentials(0x7fb0000, 0x1, 0x10, "", "<username>", "<password>") 13:58:48.808 ::*0000001* :: WinHttpSetCredentialsA(0x7fb0000, 0x1, 0x10, "", "<username>", "<password>") 13:58:48.808 ::*0000001* :: WinHttpSetCredentialsA() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpSetCredentials() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpSetCredentials(0x7fb0000, 0x1, 0x10, "", "<username>", "<password>") 13:58:48.808 ::*0000001* :: WinHttpSetCredentialsA(0x7fb0000, 0x1, 0x10, "", "<username>", "<password>") 13:58:48.808 ::*0000001* :: WinHttpSetCredentialsA() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpSetCredentials() returning TRUE 13:58:48.808 ::*0000001* :: WinHttpSendRequest(0x7fb0000, "Content-type: application/timestamp-query", -1, 0x83b1298, 64, 64, 0) 13:58:48.818 ::*0000001* :: WinHttpCreateUrlA(0x12d8d8, 0x0, 0x7fc0000, 0x12d8bc) 13:58:48.818 ::*0000001* :: WinHttpCreateUrlA() returning TRUE 13:58:48.818 ::*0000001* :: Using proxy server: tepmel.center.cg:8080 cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 13:58:51.211 ::*0000001* :: sending data: 13:58:51.211 ::*0000001* :: 283 (0x11b) bytes 13:58:51.211 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:51.211 ::*0000001* :: POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 13:58:51.211 ::*0000001* :: Content-Length: 0 13:58:51.211 ::*0000001* :: User-Agent: Crypto-Pro tspcli.dll 13:58:51.211 ::*0000001* :: Host: tsp.vrca.ru 13:58:51.211 ::*0000001* :: Proxy-Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw== 13:58:51.211 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:51.211 ::*0000001* :: Content-Type: application/timestamp-query 13:58:51.211 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:51.211 ::*0000001* :: WinHttpSendRequest() returning TRUE 13:58:51.211 ::*0000001* :: WinHttpReceiveResponse(0x7fb0000, 0x0) 13:58:51.211 ::*0000001* :: received data: 13:58:51.211 ::*0000001* :: 512 (0x200) bytes 13:58:51.211 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:51.211 ::*0000001* :: HTTP/1.1 407 Proxy Authentication Required ( Access is denied. ) 13:58:51.211 ::*0000001* :: Via: 1.1 TEPMEL 13:58:51.211 ::*0000001* :: Proxy-Authenticate: Negotiate TlRMTVNTUAACAAAADAAMADgAAAAFgomippVx+edLHV0AAAAAAAAAAHQAdABEAAAABQLODgAAAA9DAEUATgBUAEUAUgACAAwAQwBFAE4AVABFAFIAAQAMAFQARQBQAE0ARQBMAAQAEgBjAGUAbgB0AGUAcgAuAGMAZwADACAAdABlAHAAbQBlAGwALgBjAGUAbgB0AGUAcgAuAGMAZwAFABIAYwBlAG4AdABlAHIALgBjAGcAAAAAAA== 13:58:51.211 ::*0000001* :: Connection: Keep-Alive 13:58:51.211 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:51.211 ::*0000001* :: Pragma: no-cache 13:58:51.211 ::*0000001* :: Cache-Control: no-cache 13:58:51.211 ::*0000001* :: Content-Type: text/html 13:58:51.211 ::*0000001* :: Content-Length: 0 13:58:51.221 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:51.241 ::*0000001* :: WinHttpCreateUrlA(0x12d970, 0x0, 0x7fc0000, 0x12d954) 13:58:51.241 ::*0000001* :: WinHttpCreateUrlA() returning TRUE 13:58:51.241 ::*0000001* :: Using proxy server: tepmel.center.cg:8080 13:58:51.241 ::*0000001* :: sending data: 13:58:51.241 ::*0000001* :: 512 (0x200) bytes 13:58:51.241 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:51.241 ::*0000001* :: POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 13:58:51.241 ::*0000001* :: Content-Length: 64 13:58:51.241 ::*0000001* :: User-Agent: Crypto-Pro tspcli.dll 13:58:51.241 ::*0000001* :: Host: tsp.vrca.ru 13:58:51.241 ::*0000001* :: Proxy-Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHQAAAAYABgAjAAAAAwADABIAAAADgAOAFQAAAASABIAYgAAAAAAAACkAAAABYKIogUBKAoAAAAPYwBlAG4AdABlAHIAcwBoAG0AaQBrAG8AdgBIAE8AVABNAEEAUwBUAEUAUgBrAV5QcHkxKQAAAAAAAAAAAAAAAAAAAABEwVKn2gWAnSvDcM8wOgq/dvFozX6ROwQ= 13:58:51.241 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:51.241 ::*0000001* :: Content-Type: application/timestamp-query 13:58:51.241 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:51.271 ::*0000001* :: received data: 13:58:51.271 ::*0000001* :: 219 (0xdb) bytes 13:58:51.271 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 13:58:51.271 ::*0000001* :: HTTP/1.1 200 OK 13:58:51.271 ::*0000001* :: Via: 1.1 TEPMEL 13:58:51.271 ::*0000001* :: Connection: Keep-Alive 13:58:51.271 ::*0000001* :: Proxy-Connection: Keep-Alive 13:58:51.271 ::*0000001* :: Content-Length: 1896 13:58:51.271 ::*0000001* :: Date: Wed, 13 Sep 2006 09:58:49 GMT 13:58:51.271 ::*0000001* :: Content-Type: application/timestamp-reply 13:58:51.271 ::*0000001* :: Server: Microsoft-IIS/6.0 13:58:51.271 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 13:58:51.271 ::*0000001* :: WinHttpReceiveResponse() returning TRUE 13:58:51.271 ::*0000001* :: WinHttpQueryHeaders(0x7fb0000, (0x20000013), "<null>", 0xe584cc, 0x12db6c [4], 0x0 [0]) 13:58:51.271 ::*0000001* :: WinHttpQueryHeaders() returning TRUE 13:58:51.271 ::*0000001* :: WinHttpQueryAuthSchemes(0x7fb0000, 0x12db60, 0x12db7c) 13:58:51.271 ::*0000001* :: WinHttpQueryAuthSchemes: error 4317 [0x10dd] 13:58:51.271 ::*0000001* :: WinHttpQueryAuthSchemes() returning FALSE 13:58:51.271 ::*0000001* :: WinHttpReadData(0x7fb0000, 0x83b3008, 65536, 0x12db6c) 13:58:51.271 ::*0000001* :: WinHttpReadData() returning TRUE 13:58:51.271 ::*0000001* :: WinHttpReadData(0x7fb0000, 0x83b3008, 65536, 0x12db6c) 13:58:51.271 ::*0000001* :: WinHttpReadData() returning TRUE 13:58:51.271 ::*0000001* :: WinHttpCloseHandle(0x7fb0000) 13:58:51.271 ::*0000001* :: WinHttpCloseHandle() returning TRUE 13:58:51.271 ::*Session* :: WinHttpCloseHandle(0xe47100) 13:58:51.281 ::*Session* :: WinHttpCloseHandle() returning TRUE cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 cades.dll: CAtlException, m_hr=0x8009202bcades.dll: (res=0, GetLastError=0x8009202bcades.dll: Exception thrown.First-chance exception at 0x7c812a5b in CryptedDocs.exe: Microsoft C++ exception: ATL::CAtlException at memory location 0x0012e520.. cades.dll: CAtlException, m_hr=0x8009202bcades.dll: (res=0, GetLastError=0x8009202b ------------------------------------------------------- И еще вопрос.. Вы все-таки скажите, что такое Proxy URI, потому, что в WinHTTP servicesw такого понятия нет. Есть понятие CERN-имени прокси-сервера. Ведь прокси это же не документ в вебе, к которому прописываем URI. Может проблема как раз в том, что я не понимаю что такое Proxy URI.

Ответы:

13.09.2006 14:21:45 Смирнов Павел

С прокси у вас всё нормально. Можно задать как у Вас, можно без префикса "http://". Мы это уже обсуждали. Из лога видно, что запрос идёт через прокси и аутентификация на прокси проходит нормально. Служба штампов выдаёт ответ. Дальше видна ошибка 0x8009202b - None of the signers of the cryptographic message or certificate trust list is trusted. Разбирайтесь с доверием.

14.09.2006 10:47:47 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Настройки строчек подключения к HTTP-прокси и TSP те же, но вот другой лог. Help! -------------------------------------------------------- 00000000 0.00000000 [3188] In DllGetClassObject 00000001 0.00014024 [3188] CShellExtClassFactory::CShellExtClassFactory() 00000002 0.00025171 [3188] CShellExtClassFactory::QueryInterface() 00000003 0.00035396 [3188] CShellExtClassFactory::CreateInstance() 00000004 0.00045983 [3188] CShellExt::CShellExt() 00000005 0.00318225 [3188] CShellExt::QueryInterface()==>IID_IShellExtInit 00000006 0.00329623 [3188] CShellExt::AddRef() 00000007 0.00348508 [3188] CShellExt::Initialize() 00000008 0.00359096 [3188] CShellExt::QueryInterface()==>IID_IContextMenu 00000009 0.00479558 [3188] CShellExt::AddRef() 00000010 0.00498024 [3188] CShellExt::QueryInterface()==>Unknown Interface! 00000011 0.00509478 [3188] CShellExt::QueryInterface()==>Unknown Interface! 00000012 0.00536185 [3188] CShellExt::QueryContextMenu() 00000013 0.00550461 [3188] CMF_NORMAL... 00000014 0.00563535 [3188] CShellExt::AddRef() 00000015 0.00573900 [3188] CShellExt::Release() 00000016 0.00583566 [3188] CShellExt::Release() 00000017 0.02586251 [3188] CCryptedDocsShellExt::Initialize enter 00000018 0.03122017 [3188] CCryptedDocsShellExt::Initialize exit 00000019 0.03541400 [3188] CCryptedDocsShellExt::QueryContextMenu enter 00000020 0.03909883 [3188] CCryptedDocsShellExt::QueryContextMenu TRY 00000021 0.04340636 [3188] CryptDocument::Serialize enter 00000022 0.04708029 [3188] CryptDocData::Serialize enter 00000023 0.05085870 [3188] CryptDocData::Serialize ar.IsLoading() 00000024 0.05463460 [3188] CryptDocData::Serialize exit 00000025 0.05835183 [3188] CryptDocument::Serialize CryptDocData::Clean 00000026 0.06217522 [3188] CryptDocument::Serialize exit 00000027 0.06601398 [3188] CCryptedDocsShellExt::QueryContextMenu CryptDocument::Clean 00000028 0.06986614 [3188] CCryptedDocsShellExt::QueryContextMenu exit 00000029 0.08384166 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000030 1.58062744 [3188] CCryptedDocsShellExt::GetCommandString enter 00000031 1.58462656 [3188] CCryptedDocsShellExt::GetCommandString uFlags & GCS_HELPTEXT 00000032 1.58853257 [3188] CCryptedDocsShellExt::GetCommandString exit 00000033 1.90859568 [3188] CCryptedDocsShellExt::GetCommandString enter 00000034 1.91226649 [3188] CCryptedDocsShellExt::GetCommandString uFlags & GCS_HELPTEXT 00000035 1.91595244 [3188] CCryptedDocsShellExt::GetCommandString exit 00000036 1.92007363 [3188] CCryptedDocsShellExt::InvokeCommand enter 00000037 1.92378747 [3188] CCryptedDocsShellExt::InvokeCommand LOWORD( pCmdInfo->lpVerb ), case 0, this->bSignedFile == FALSE 00000038 2.63311315 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000039 4.08086491 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000040 4.11410761 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000041 4.70826864 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000042 4.88353539 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000043 6.65230894 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000044 6.65432501 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000045 10.29508209 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000046 12.41323757 [3188] ServiceParams::ServiceParams enter 00000047 12.42095375 [3188] ServiceParams::ServiceParams params : 00000048 12.42465591 [3188] TSP URI = http://tsp.vrca.ru/tsp/tsp.srf 00000049 12.43017387 [3188] Proxy URI = http://tepmel.center.cg:8080 00000050 12.43378830 [3188] Proxy Authtype = 16 00000051 12.43744659 [3188] TSP Authtype = 0 00000052 12.44116688 [3188] ServiceParams::ServiceParams exit 00000053 12.45573902 [3188] CCryptedDocsShellExt::InvokeCommand pobjAdvSign = new AdvancedSign succes 00000054 12.45978737 [3188] CryptDocument::AddSign pre-objSign.MakeDataSign 00000055 12.46347904 [3188] AdvancedSign::MakeDataSign enter 00000056 12.46710491 [3188] cades.dll: (pSignPara=0x015ECDCC, fDetachedSignature=0, cToBeSigned=1, rgpbToBeSigned=0x015ECE0C, rgcbToBeSigned=0x015ECE00, ppSignedBlob=0x015ECDC0) 00000057 12.50747013 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000058 13.10482407 [3188] cades.dll: (dwMsgEncodingType=0x00010001, dwFlags=0x00000000, pvMsgEncodeInfo=0x015EC708, pszInnerContentObjID=0, pStreamInfo=0x00000000) 00000059 13.10502529 [3188] cades.dll: Start. 00000060 13.10516930 [3188] cades.dll: Input parameters checked. 00000061 13.10529995 [3188] cades.dll: Copy of input structures is ready. 00000062 13.10544014 [3188] cades.dll: Signers updating start. 00000063 13.10557842 [3188] cades.dll: Signer #0. 00000064 13.10571003 [3188] cades.dll: (pAttr=0) 00000065 13.10598373 [3188] cades.dll: Signer does not have signinCert or otherSigningCert attribute. 00000066 13.10630226 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000067 13.22108936 [3188] cades.dll: Certificates equality checked. 00000068 13.22126007 [3188] cades.dll: Attributes copied. 00000069 13.22140312 [3188] cades.dll: (szHashAlgorithm=1.2.643.2.2.9) 00000070 13.22153664 [3188] cades.dll: Hash algorithm deduced. 00000071 13.22277737 [3188] cades.dll: otherSigningCert attribute assembled. 00000072 13.22292519 [3188] cades.dll: Signed is updated successfully. 00000073 13.22409439 [3188] cades.dll: Calling CryptMsgOpenToEncode() 00000074 13.22440243 [3188] cades.dll: (hMsg=0x01309218, GetLastError=0x00000000 00000075 13.22898674 [3188] cades.dll: (hCryptMsg=0x01309218, dwSignatureIndex=0, pCadesSignPara=0x015ECDE0) 00000076 13.22913361 [3188] cades.dll: Input parameters checked. 00000077 13.22935581 [3188] cades.dll: Signed attributes extracted via CMSG_SIGNER_AUTH_ATTR_PARAM 00000078 13.23090363 [3188] cades.dll: Signer certificate ID found. 00000079 13.23105335 [3188] cades.dll: pSignerCert=0x012FE300 00000080 13.23918056 [3188] cades.dll: Signature verified. 00000081 13.23933887 [3188] cades.dll: Hash algorithm deduced. 00000082 13.23954296 [3188] cades.dll: Signature extracted via CMSG_ENCRYPTED_DIGEST 00000083 13.24595356 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrl("http://tsp.vrca.ru/tsp/tsp.srf", 0x0, 0x0, 0x15ebd08) 00000084 13.24612141 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrlA("http://tsp.vrca.ru/tsp/tsp.srf", 0x1e, 0x0, 0x15ebbb8) 00000085 13.24625111 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000086 13.24637604 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000087 13.24651814 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrl("http://tepmel.center.cg:8080", 0x0, 0x0, 0x15ebd44) 00000088 13.24665260 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrlA("http://tepmel.center.cg:8080", 0x1c, 0x0, 0x15ebbb8) 00000089 13.24678421 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000090 13.24690819 [3188] 10:29:58.864 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000091 13.24705887 [3188] 10:29:58.864 ::*Session* :: WinHttpSetOption(0x9d36000, (38), 0x15ebcec [0x3], 12) 00000092 13.24728107 [3188] 10:29:58.864 ::*Session* :: WinHttpSetOption() returning TRUE 00000093 13.24741650 [3188] 10:29:58.864 ::*Session* :: WinHttpConnect(0x9d36000, "tsp.vrca.ru", 80, 0x0) 00000094 13.24763489 [3188] 10:29:58.864 ::*Session* :: WinHttpConnect() returning handle 0x9d3e300 00000095 13.24777794 [3188] 10:29:58.864 ::*Session* :: WinHttpOpenRequest(0x9d3e300, "POST", "tsp/tsp.srf", "", "", 0x0, 0x00000000) 00000096 13.24798584 [3188] 10:29:58.864 ::*Session* :: WinHttpCreateUrlA(0x15eba98, 0x0, 0x9d70000, 0x15ebad4) 00000097 13.24812984 [3188] 10:29:58.864 ::*Session* :: WinHttpCreateUrlA() returning TRUE 00000098 13.24829483 [3188] 10:29:58.864 ::*0000002* :: WinHttpOpenRequest() returning handle 0x9d60000 00000099 13.24843216 [3188] 10:29:58.864 ::*0000002* :: WinHttpSetOption(0x9d60000, (77), 0x15ebcc0 [0x2], 4) 00000100 13.24855423 [3188] 10:29:58.864 ::*0000002* :: WinHttpSetOption() returning TRUE 00000101 13.24868488 [3188] 10:29:58.864 ::*0000002* :: WinHttpSendRequest(0x9d60000, "Content-type: application/timestamp-query", -1, 0x9b09598, 64, 64, 0) 00000102 13.24891090 [3188] 10:29:58.864 ::*0000002* :: WinHttpCreateUrlA(0x15eba30, 0x0, 0x9d70000, 0x15eba14) 00000103 13.24906254 [3188] 10:29:58.864 ::*0000002* :: WinHttpCreateUrlA() returning TRUE 00000104 13.24921894 [3188] 10:29:58.864 ::*0000002* :: Using proxy server: tepmel.center.cg:8080 00000105 13.25068474 [3188] 10:29:58.864 ::*0000002* :: sending data: 00000106 13.25081825 [3188] 10:29:58.864 ::*0000002* :: 259 (0x103) bytes 00000107 13.25099468 [3188] 10:29:58.864 ::*0000002* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000108 13.25111771 [3188] 10:29:58.864 ::*0000002* :: 00000109 13.25122738 [3188] POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 00000110 13.25122738 [3188] 10:29:58.864 ::*0000002* :: Content-type: application/timestamp-query 00000111 13.25122738 [3188] 10:29:58.864 ::*0000002* :: User-Agent: Crypto-Pro tspcli.dll 00000112 13.25122738 [3188] 10:29:58.864 ::*0000002* :: 00000113 13.25133801 [3188] Host: tsp.vrca.ru 00000114 13.25133801 [3188] 10:29:58.864 ::*0000002* :: Content-Length: 64 00000115 13.25133801 [3188] 10:29:58.864 ::*0000002* :: 00000116 13.25145435 [3188] Proxy-Connection: Keep-Alive 00000117 13.25156116 [3188] 00000118 13.25183582 [3188] 10:29:58.864 ::*0000002* :: <<<<-------- End ----------------------------------------------->>>> 00000119 13.25198078 [3188] 10:29:58.864 ::*0000002* :: WinHttpSendRequest() returning TRUE 00000120 13.25208950 [3188] 10:29:58.864 ::*0000002* :: WinHttpReceiveResponse(0x9d60000, 0x0) 00000121 13.28093719 [3188] 10:29:58.897 ::*0000002* :: received data: 00000122 13.28105736 [3188] 10:29:58.897 ::*0000002* :: 219 (0xdb) bytes 00000123 13.28125858 [3188] 10:29:58.897 ::*0000002* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000124 13.28143215 [3188] 10:29:58.897 ::*0000002* :: 00000125 13.28154469 [3188] HTTP/1.1 200 OK 00000126 13.28154469 [3188] 10:29:58.897 ::*0000002* :: Via: 1.1 TEPMEL 00000127 13.28154469 [3188] 10:29:58.897 ::*0000002* :: Connection: Keep-Alive 00000128 13.28154469 [3188] 10:29:58.897 ::*0000002* :: Proxy-Connection: Keep-Alive 00000129 13.28154469 [3188] 10:29:58.897 ::*0000002* :: Content-Length: 00000130 13.28166771 [3188] 1896 00000131 13.28166771 [3188] 10:29:58.897 ::*0000002* :: Date: Thu, 14 Sep 2006 06:30:10 GMT 00000132 13.28166771 [3188] 10:29:58.897 ::*0000002* :: Content-Type 00000133 13.28177547 [3188] : application/timestamp-reply 00000134 13.28177547 [3188] 10:29:58.897 ::*0000002* :: 00000135 13.28187847 [3188] Server: Microsoft-IIS/6.0 00000136 13.28198433 [3188] 00000137 13.28217411 [3188] 10:29:58.897 ::*0000002* :: <<<<-------- End ----------------------------------------------->>>> 00000138 13.28231716 [3188] 10:29:58.897 ::*0000002* :: WinHttpReceiveResponse() returning TRUE 00000139 13.28244209 [3188] 10:29:58.897 ::*0000002* :: WinHttpQueryHeaders(0x9d60000, (0x20000013), "<null>", 0x9aefda4, 0x15ebcc4 [4], 0x0 [0]) 00000140 13.28256893 [3188] 10:29:58.897 ::*0000002* :: WinHttpQueryHeaders() returning TRUE 00000141 13.28269577 [3188] 10:29:58.897 ::*0000002* :: WinHttpQueryAuthSchemes(0x9d60000, 0x15ebcb8, 0x15ebcd4) 00000142 13.28281689 [3188] 10:29:58.897 ::*0000002* :: WinHttpQueryAuthSchemes: error 4317 [0x10dd] 00000143 13.28298283 [3188] 10:29:58.897 ::*0000002* :: WinHttpQueryAuthSchemes() returning FALSE 00000144 13.28400135 [3188] 10:29:58.897 ::*0000002* :: WinHttpReadData(0x9d60000, 0x9b0eff8, 65536, 0x15ebcc4) 00000145 13.28421116 [3188] 10:29:58.897 ::*0000002* :: WinHttpReadData() returning TRUE 00000146 13.28436756 [3188] 10:29:58.897 ::*0000002* :: WinHttpReadData(0x9d60000, 0x9b0eff8, 65536, 0x15ebcc4) 00000147 13.28455067 [3188] 10:29:58.913 ::*0000002* :: WinHttpReadData() returning TRUE 00000148 13.28472710 [3188] 10:29:58.913 ::*0000002* :: WinHttpCloseHandle(0x9d60000) 00000149 13.28485298 [3188] 10:29:58.913 ::*0000002* :: WinHttpCloseHandle() returning TRUE 00000150 13.28499699 [3188] 10:29:58.913 ::*Session* :: WinHttpCloseHandle(0x9d3e300) 00000151 13.28534317 [3188] 10:29:58.913 ::*Session* :: WinHttpCloseHandle() returning TRUE 00000152 13.28549194 [3188] cades.dll: CAtlException, m_hr=0xc2100100 00000153 13.28562355 [3188] cades.dll: (res=0, GetLastError=0xc2100100 00000154 13.28601742 [3188] cades.dll: Exception thrown. 00000155 13.28617382 [3188] cades.dll: CAtlException, m_hr=0xc2100100 00000156 13.28637218 [3188] cades.dll: (res=0, GetLastError=0xc2100100 00000157 13.28697205 [3188] AdvancedSign::MakeDataSign GetLastError() = -1039138560 00000158 13.29073048 [3188] CCryptedDocsShellExt::InvokeCommand AND_CATCH(CUserException, pExc) 00000159 13.30870152 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000160 13.90681553 [3188] ServiceParams::ServiceParams enter 00000161 13.91523647 [3188] ServiceParams::ServiceParams params : 00000162 13.91894436 [3188] TSP URI = http://tsp.vrca.ru/tsp/tsp.srf 00000163 13.92301464 [3188] Proxy URI = http://tepmel.center.cg:8080 00000164 13.92621040 [3188] Proxy Authtype = 16 00000165 13.93068790 [3188] TSP Authtype = 0 00000166 13.93440533 [3188] ServiceParams::ServiceParams exit 00000167 13.94915390 [3188] CCryptedDocsShellExt::InvokeCommand pobjSign = new Sign success 00000168 13.95287514 [3188] CryptDocument::AddSign pre-objSign.MakeDataSign 00000169 13.95664501 [3188] Sign::MakeDataSign enter 00000170 13.99920464 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000171 14.61116219 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000172 14.64105892 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000173 14.65301800 [3188] Sign::MakeDataSign !CryptSignMessage 2 00000174 14.65820694 [3188] CCryptedDocsShellExt::InvokeCommand AND_CATCH(CUserException, pExc) pre-delete 00000175 14.66212940 [3188] CCryptedDocsShellExt::InvokeCommand AND_CATCH(CUserException, pExc) post-delete 00000176 14.68161869 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000177 15.28227901 [3188] CCryptedDocsShellExt::InvokeCommand AdvSignDocument_cleanup pre 00000178 15.28756046 [3188] CCryptedDocsShellExt::InvokeCommand AdvSignDocument_cleanup post 00000179 15.29189205 [3188] CCryptedDocsShellExt::QueryContextMenu exit 00000180 15.29526043 [3188] CShellExt::QueryInterface()==>Unknown Interface! 00000181 15.29550266 [3188] CShellExt::QueryInterface()==>Unknown Interface! 00000182 15.29601002 [3188] CShellExt::Release() ---------------------------------------------------

14.09.2006 13:14:21 Смирнов Павел

Добавьте в реестр ещё следующие параметры трейсинга и пришлите вывод: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Crypto Pro\Trace] "tspcli.dll"="" "ProcessFlags"="dword:00000002"

14.09.2006 14:15:20 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Вставил инфу в реестр, получил лог.. ------------------------------------------------------- 00000000 0.00000000 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000001 0.00163652 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000002 0.00297831 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000003 0.00391614 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000041 6.25289869 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000042 7.31972265 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000043 8.69688320 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000044 8.83771801 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000045 11.74189663 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000046 15.20674419 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000047 16.74307442 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000048 17.85045052 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000049 18.24236679 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000050 19.84749222 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000051 19.84925079 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000052 20.49309921 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000053 23.57708740 [3188] ServiceParams::ServiceParams enter 00000054 23.62070274 [3188] ServiceParams::ServiceParams params : 00000055 23.62478638 [3188] TSP URI = http://tsp.vrca.ru/tsp/tsp.srf 00000056 23.63045311 [3188] Proxy URI = http://tepmel.center.cg:8080 00000057 23.64510155 [3188] Proxy Authtype = 16 00000058 23.64925766 [3188] TSP Authtype = 0 00000062 23.69226456 [3188] AdvancedSign::MakeDataSign enter 00000063 23.72168732 [3188] cades.dll: (pSignPara=0x09D6CDCC, fDetachedSignature=0, cToBeSigned=1, rgpbToBeSigned=0x09D6CE0C, rgcbToBeSigned=0x09D6CE00, ppSignedBlob=0x09D6CDC0) 00000064 23.75459862 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000065 24.36433029 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000066 24.38456154 [3188] cades.dll: (dwMsgEncodingType=0x00010001, dwFlags=0x00000000, pvMsgEncodeInfo=0x09D6C708, pszInnerContentObjID=0, pStreamInfo=0x00000000) 00000067 24.38598824 [3188] cades.dll: Start. 00000068 24.38617516 [3188] cades.dll: Input parameters checked. 00000069 24.38630676 [3188] cades.dll: Copy of input structures is ready. 00000070 24.38649559 [3188] cades.dll: Signers updating start. 00000071 24.38673210 [3188] cades.dll: Signer #0. 00000072 24.38687134 [3188] cades.dll: (pAttr=0) 00000073 24.38715172 [3188] cades.dll: Signer does not have signinCert or otherSigningCert attribute. 00000074 24.51171494 [3188] cades.dll: Certificates equality checked. 00000075 24.51189041 [3188] cades.dll: Attributes copied. 00000076 24.56568527 [3188] cades.dll: (szHashAlgorithm=1.2.643.2.2.9) 00000077 24.56584167 [3188] cades.dll: Hash algorithm deduced. 00000078 25.08525467 [3188] cades.dll: otherSigningCert attribute assembled. 00000079 25.08539963 [3188] cades.dll: Signed is updated successfully. 00000080 25.08553696 [3188] cades.dll: Calling CryptMsgOpenToEncode() 00000081 25.10398865 [3188] cades.dll: (hMsg=0x01389120, GetLastError=0x00000000 00000082 25.13397217 [3188] cades.dll: (hCryptMsg=0x01389120, dwSignatureIndex=0, pCadesSignPara=0x09D6CDE0) 00000083 25.13426971 [3188] cades.dll: Input parameters checked. 00000084 25.13454247 [3188] cades.dll: Signed attributes extracted via CMSG_SIGNER_AUTH_ATTR_PARAM 00000085 25.18457794 [3188] cades.dll: Signer certificate ID found. 00000086 25.18571091 [3188] cades.dll: pSignerCert=0x0135D750 00000087 25.22772789 [3188] cades.dll: Signature verified. 00000088 25.22789764 [3188] cades.dll: Hash algorithm deduced. 00000089 25.22812271 [3188] cades.dll: Signature extracted via CMSG_ENCRYPTED_DIGEST 00000090 25.22832680 [3188] cades.dll: Creating new CRequest for the thread... 00000091 25.34914398 [3188] cades.dll: Creating new CRequest for the thread... OK. 00000092 25.51378059 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrl("http://tsp.vrca.ru/tsp/tsp.srf", 0x0, 0x0, 0x9d6bd08) 00000093 25.51393700 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrlA("http://tsp.vrca.ru/tsp/tsp.srf", 0x1e, 0x0, 0x9d6bbb8) 00000094 25.51406288 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000095 25.51422119 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000096 25.51441002 [3188] 13:20:05.949 ::*Session* :: WinHttpOpen("Crypto-Pro tspcli.dll", (1), "", "", 0x0) 00000097 25.51656151 [3188] 13:20:05.949 ::*Session* :: WinHttpOpen() returning handle 0xb6f6000 00000098 25.51671028 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrl("http://tepmel.center.cg:8080", 0x0, 0x0, 0x9d6bd44) 00000099 25.51684761 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrlA("http://tepmel.center.cg:8080", 0x1c, 0x0, 0x9d6bbb8) 00000100 25.51697922 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000101 25.51715851 [3188] 13:20:05.949 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000102 25.51759338 [3188] 13:20:05.949 ::*Session* :: WinHttpSetOption(0xb6f6000, (38), 0x9d6bcec [0x3], 12) 00000103 25.51775360 [3188] 13:20:05.949 ::*Session* :: WinHttpSetOption() returning TRUE 00000104 25.51790428 [3188] 13:20:05.949 ::*Session* :: WinHttpConnect(0xb6f6000, "tsp.vrca.ru", 80, 0x0) 00000105 25.57613182 [3188] 13:20:06.011 ::*Session* :: WinHttpConnect() returning handle 0xb6fe000 00000106 25.57650948 [3188] 13:20:06.011 ::*Session* :: WinHttpOpenRequest(0xb6fe000, "POST", "tsp/tsp.srf", "", "", 0x0, 0x00000000) 00000107 25.57666588 [3188] 13:20:06.011 ::*Session* :: WinHttpCreateUrlA(0x9d6ba98, 0x0, 0xb730000, 0x9d6bad4) 00000108 25.57682991 [3188] 13:20:06.011 ::*Session* :: WinHttpCreateUrlA() returning TRUE 00000109 25.57709122 [3188] 13:20:06.011 ::*0000001* :: WinHttpOpenRequest() returning handle 0xb720000 00000110 25.57731628 [3188] 13:20:06.011 ::*0000001* :: WinHttpSetOption(0xb720000, (77), 0x9d6bcc0 [0x2], 4) 00000111 25.57746315 [3188] 13:20:06.011 ::*0000001* :: WinHttpSetOption() returning TRUE 00000112 25.57775307 [3188] 13:20:06.011 ::*0000001* :: WinHttpSendRequest(0xb720000, "Content-type: application/timestamp-query", -1, 0xb57bd38, 64, 64, 0) 00000113 25.57793617 [3188] 13:20:06.011 ::*0000001* :: WinHttpCreateUrlA(0x9d6ba30, 0x0, 0xb730000, 0x9d6ba14) 00000114 25.57810211 [3188] 13:20:06.011 ::*0000001* :: WinHttpCreateUrlA() returning TRUE 00000115 25.57883835 [3188] 13:20:06.011 ::*0000001* :: Using proxy server: tepmel.center.cg:8080 00000116 25.59526062 [3188] 13:20:06.027 ::*0000001* :: "tepmel.center.cg" resolved 00000117 25.60392761 [3188] 13:20:06.043 ::*0000001* :: sending data: 00000118 25.60408401 [3188] 13:20:06.043 ::*0000001* :: 259 (0x103) bytes 00000119 25.60422897 [3188] 13:20:06.043 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000120 25.60446167 [3188] 13:20:06.043 ::*0000001* :: 00000121 25.60461235 [3188] POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 00000122 25.60461235 [3188] 13:20:06.043 ::*0000001* :: Content-type: application/timestamp-query 00000123 25.60461235 [3188] 13:20:06.043 ::*0000001* :: User-Agent: Crypto-Pro tspcli.dll 00000124 25.60461235 [3188] 13:20:06.043 ::*0000001* :: 00000125 25.60477066 [3188] Host: tsp.vrca.ru 00000126 25.60477066 [3188] 13:20:06.043 ::*0000001* :: Content-Length: 64 00000127 25.60477066 [3188] 13:20:06.043 ::*0000001* :: 00000128 25.60491371 [3188] Proxy-Connection: Keep-Alive 00000129 25.60505676 [3188] 00000130 25.60544586 [3188] 13:20:06.043 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 00000131 25.60567856 [3188] 13:20:06.043 ::*0000001* :: WinHttpSendRequest() returning TRUE 00000132 25.60594940 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000133 25.60612679 [3188] 13:20:06.043 ::*0000001* :: WinHttpReceiveResponse(0xb720000, 0x0) 00000134 25.64410782 [3188] 13:20:06.074 ::*0000001* :: received data: 00000135 25.64422989 [3188] 13:20:06.074 ::*0000001* :: 219 (0xdb) bytes 00000136 25.64457130 [3188] 13:20:06.074 ::*0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000137 25.64471245 [3188] 13:20:06.074 ::*0000001* :: 00000138 25.64482307 [3188] HTTP/1.1 200 OK 00000139 25.64482307 [3188] 13:20:06.074 ::*0000001* :: Via: 1.1 TEPMEL 00000140 25.64482307 [3188] 13:20:06.074 ::*0000001* :: Connection: Keep-Alive 00000141 25.64482307 [3188] 13:20:06.074 ::*0000001* :: Proxy-Connection: Keep-Alive 00000142 25.64482307 [3188] 13:20:06.074 ::*0000001* :: Content-Length: 00000143 25.64494705 [3188] 1896 00000144 25.64494705 [3188] 13:20:06.074 ::*0000001* :: Date: Thu, 14 Sep 2006 09:20:06 GMT 00000145 25.64494705 [3188] 13:20:06.074 ::*0000001* :: Content-Type 00000146 25.64505386 [3188] : application/timestamp-reply 00000147 25.64505386 [3188] 13:20:06.074 ::*0000001* :: 00000148 25.64515495 [3188] Server: Microsoft-IIS/6.0 00000149 25.64526367 [3188] 00000150 25.64553070 [3188] 13:20:06.074 ::*0000001* :: <<<<-------- End ----------------------------------------------->>>> 00000151 25.64570045 [3188] 13:20:06.074 ::*0000001* :: WinHttpReceiveResponse() returning TRUE 00000152 25.64583015 [3188] 13:20:06.074 ::*0000001* :: WinHttpQueryHeaders(0xb720000, (0x20000013), "<null>", 0xb5955d4, 0x9d6bcc4 [4], 0x0 [0]) 00000153 25.64596558 [3188] 13:20:06.074 ::*0000001* :: WinHttpQueryHeaders() returning TRUE 00000154 25.64610481 [3188] 13:20:06.074 ::*0000001* :: WinHttpQueryAuthSchemes(0xb720000, 0x9d6bcb8, 0x9d6bcd4) 00000155 25.64622307 [3188] 13:20:06.074 ::*0000001* :: WinHttpQueryAuthSchemes: error 4317 [0x10dd] 00000156 25.64648628 [3188] 13:20:06.074 ::*0000001* :: WinHttpQueryAuthSchemes() returning FALSE 00000157 25.64717865 [3188] 13:20:06.074 ::*0000001* :: WinHttpReadData(0xb720000, 0xb59d008, 65536, 0x9d6bcc4) 00000158 25.64949036 [3188] 13:20:06.074 ::*0000001* :: WinHttpReadData() returning TRUE 00000159 25.64971161 [3188] 13:20:06.074 ::*0000001* :: WinHttpReadData(0xb720000, 0xb59d008, 65536, 0x9d6bcc4) 00000160 25.64987183 [3188] 13:20:06.074 ::*0000001* :: WinHttpReadData() returning TRUE 00000161 25.65009308 [3188] 13:20:06.074 ::*0000001* :: WinHttpCloseHandle(0xb720000) 00000162 25.65029716 [3188] 13:20:06.090 ::*0000001* :: WinHttpCloseHandle() returning TRUE 00000163 25.65043259 [3188] 13:20:06.090 ::*Session* :: WinHttpCloseHandle(0xb6fe000) 00000164 25.65059280 [3188] 13:20:06.090 ::*Session* :: WinHttpCloseHandle() returning TRUE 00000165 25.65125847 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000166 25.66224670 [3188] cades.dll: CAtlException, m_hr=0xc2100100 00000167 25.66239357 [3188] cades.dll: (res=0, GetLastError=0xc2100100 00000168 25.66280556 [3188] cades.dll: Exception thrown. 00000169 25.66300201 [3188] cades.dll: CAtlException, m_hr=0xc2100100 00000170 25.66318512 [3188] cades.dll: (res=0, GetLastError=0xc2100100 00000171 25.66380119 [3188] AdvancedSign::MakeDataSign GetLastError() = -1039138560 00000172 25.77751350 [3188] CCryptedDocsShellExt::InvokeCommand AND_CATCH(CUserException, pExc) 00000183 28.57128525 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000184 29.21167755 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000185 29.23983955 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000186 29.84844398 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000191 29.99458313 [3188] TSP URI = http://tsp.vrca.ru/tsp/tsp.srf 00000192 30.00172234 [3188] Proxy URI = http://tepmel.center.cg:8080 00000193 30.00676346 [3188] Proxy Authtype = 16 00000194 30.01092339 [3188] TSP Authtype = 0 00000197 30.66954422 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000205 60.05037308 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000206 60.05043030 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000207 60.05531693 [3188] cades.dll: hInstance=6E000000, dwReason=2 lpReserved=0 00000208 60.05638885 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 00000209 70.91277313 [3188] cades.dll: hInstance=6E000000, dwReason=3 lpReserved=0 -------------------------------------------------------

14.09.2006 14:29:09 Смирнов Павел

В логе ничего не добавилось. Вы процесс перезапускали, в котором всё это безобразие творится?

14.09.2006 14:29:10 Смирнов Павел

В логе ничего не добавилось. Вы процесс перезапускали, в котором всё это безобразие творится?

15.09.2006 10:17:43 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Да. Процесс explorer.exe. Клиент -- это расширение оболочки (простая ATL-библиотека, поддерживающая IShellExtInit и IContextMenu). Вставил инфу в реестр (т.е. скопировал текст из ответа в форуме в reg-файл и запустил его). Перезагрузился (для того, чтобы библиотеки КриптоПро, будучи заново загруженными, подцепили настройки из реестра). Отловил лог. Выслал Вам.

15.09.2006 10:53:42 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Информация из winerror.h..Судя по (слава направо расшифровывая) 0xc2100100 = (11000010000100000000000100000000)_2 это (11)_2 - error flag, <Customer code flag> = (0)_2, <reserved> = (0)_2, <facility code> = (001000010000)_2, <facility's status code> = (0000000100000000)_2. Т.е. что-то системное и фатальное для работы логики.

15.09.2006 15:44:47 Смирнов Павел

Код ошибки-то наш. Его выдаёт tspcli.dll при ошибке HTTP-обмена. Но уж больно странно это выглядит, после того как winhttp говорит, что всё хорошо. Поэтому я попросил прислать более подробный лог, включающий сообщения от tspcli.dll. Странно, что ничего в логе не изменилось. Тогда пойдём другим путём. Получите на этой же машине штамп с помощью tsputil.exe ровно так же, как это происходит при подписи, т.е. через тот же прокси с теми же настройками. Расскажите, что получилось.

15.09.2006 19:04:23 Шмыков Дима (Центр, ведущий разработчик)

Выдает ошибку "Подпись верна, но сертификат не корректен (один из сертификатов в цепочке, возможно, отозван невозможно проверить функцию отзыва, т.к. сервер отзыва сертификатов недоступен)".

18.09.2006 14:14:21 Смирнов Павел

Устраняйте эту ошибку и пробуйте снова.

22.09.2006 15:01:47 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Ошибку устранили. Вот лог. { Ошибку устранили. Вот лог. *Session* :: WinHttpCrackUrl("http://tsp.vrca.ru/tsp/tsp.srf", 0x0, 0x0, 0x6dcd0) *Session* :: WinHttpCrackUrlA("http://tsp.vrca.ru/tsp/tsp.srf", 0x1e, 0x0, 0x6db80) *Session* :: WinHttpCrackUrlA() returning TRUE *Session* :: WinHttpCrackUrl() returning TRUE *Session* :: WinHttpOpen("Crypto-Pro tspcli.dll", (1), "", "", 0x0) *Session* :: WinHttpOpen() returning handle 0x8e66000 *Session* :: WinHttpCrackUrl("http://tepmel.center.cg:8080", 0x0, 0x0, 0x6dd0c) *Session* :: WinHttpCrackUrlA("http://tepmel.center.cg:8080", 0x1c, 0x0, 0x6db80) *Session* :: WinHttpCrackUrlA() returning TRUE *Session* :: WinHttpCrackUrl() returning TRUE *Session* :: WinHttpSetOption(0x8e66000, (38), 0x6dcb4 [0x3], 12) *Session* :: WinHttpSetOption() returning TRUE *Session* :: WinHttpConnect(0x8e66000, "tsp.vrca.ru", 80, 0x0) *Session* :: WinHttpConnect() returning handle 0x8e6e000 *Session* :: WinHttpOpenRequest(0x8e6e000, "POST", "tsp/tsp.srf", "", "", 0x0, 0x00000000) *Session* :: WinHttpCreateUrlA(0x6da60, 0x0, 0x8eb0000, 0x6da9c) *Session* :: WinHttpCreateUrlA() returning TRUE *0000001* :: WinHttpOpenRequest() returning handle 0x8ea0000 *0000001* :: WinHttpSetOption(0x8ea0000, (77), 0x6dc88 [0x2], 4) *0000001* :: WinHttpSetOption() returning TRUE *0000001* :: WinHttpSendRequest(0x8ea0000, "Content-type: application/timestamp-query", -1, 0x8cb4170, 64, 64, 0) *0000001* :: WinHttpCreateUrlA(0x6d9f8, 0x0, 0x8eb0000, 0x6d9dc) *0000001* :: WinHttpCreateUrlA() returning TRUE *0000001* :: Using proxy server: tepmel.center.cg:8080 *0000001* :: "tepmel.center.cg" resolved *0000001* :: sending data: *0000001* :: 259 (0x103) bytes *0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> *0000001* :: POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 *0000001* :: Content-type: application/timestamp-query *0000001* :: User-Agent: Crypto-Pro tspcli.dll *0000001* :: Host: tsp.vrca.ru *0000001* :: Content-Length: 64 *0000001* :: Proxy-Connection: Keep-Alive *0000001* :: <<<<-------- End ----------------------------------------------->>>> *0000001* :: WinHttpSendRequest() returning TRUE *0000001* :: WinHttpReceiveResponse(0x8ea0000, 0x0) *0000001* :: received data: *0000001* :: 1024 (0x400) bytes *0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> *0000001* :: HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) *0000001* :: Via: 1.1 TEPMEL *0000001* :: Proxy-Authenticate: Negotiate *0000001* :: Proxy-Authenticate: Kerberos *0000001* :: Proxy-Authenticate: NTLM *0000001* :: Proxy-Authenticate: Basic realm="tepmel.center.cg" *0000001* :: Connection: Keep-Alive *0000001* :: Proxy-Connection: Keep-Alive *0000001* :: Pragma no-cache *0000001* :: Cache-Control: no-cache Content-Type: text/html Content-Length: 4107 *0000001* :: <<<<-------- End ----------------------------------------------->>>> *0000001* :: WinHttpReceiveResponse() returning TRUE *0000001* :: WinHttpQueryHeaders(0x8ea0000, (0x20000013), "<null>", 0x8ccedb4, 0x6dc8c [4], 0x0 [0]) *0000001* :: WinHttpQueryHeaders() returning TRUE *0000001* :: WinHttpQueryAuthSchemes(0x8ea0000, 0x6dc80, 0x6dc9c) *0000001* :: WinHttpQueryAuthSchemes() returning TRUE *0000001* :: WinHttpQueryAuthSchemes(0x8ea0000, 0x6dc80, 0x6dc9c) *0000001* :: WinHttpQueryAuthSchemes() returning TRUE *0000001* :: WinHttpSetCredentials(0x8ea0000, 0x1, 0x10, "", "<username>", "<password>") *0000001* :: WinHttpSetCredentialsA(0x8ea0000, 0x1, 0x10, "", "<username>", "<password>") *0000001* :: WinHttpSetCredentialsA() returning TRUE *0000001* :: WinHttpSetCredentials() returning TRUE *0000001* :: WinHttpSetCredentials(0x8ea0000, 0x1, 0x10, "", "<username>", "<password>") *0000001* :: WinHttpSetCredentialsA(0x8ea0000, 0x1, 0x10, "", "<username>", "<password>") *0000001* :: WinHttpSetCredentialsA() returning TRUE *0000001* :: WinHttpSetCredentials() returning TRUE *0000001* :: WinHttpSendRequest(0x8ea0000, "Content-type: application/timestamp-query", -1, 0x8cb4170, 64, 64, 0) *0000001* :: WinHttpCreateUrlA(0x6d9f8, 0x0, 0x8eb0000, 0x6d9dc) *0000001* :: WinHttpCreateUrlA() returning TRUE *0000001* :: Using proxy server: tepmel.center.cg:8080 *0000001* :: sending data: *0000001* :: 1884 (0x75c) bytes *0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> POST http://tsp.vrca.ru/tsp/tsp.srf HTTP/1.1 *0000001* :: Content-Length: 64 *0000001* :: User-Agent: Crypto-Pro tspcli.dll *0000001* :: Host: tsp.vrca.ru *0000001* :: Proxy-Authorization: Negotiate YIIE1AYGKwYBBQUCoIIEyDCCBMSgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBJoEggSWYIIEkgYJKoZIhvcSAQICAQBuggSBMIIEfaADAgEFoQMCAQ6iBwMFACAAAACjggOqYYIDpjCCA6KgAwIBBaELGwlDRU5URVIuQ0ei IzAhoAMCAQKhGjAYGwRIVFRQGxB0ZXBtZWwuY2VudGVyLmNno4IDZzCCA2OgAwIBF6EDAgEOooIDVQSCA1EmbiA/ir8hs+85wMz/8tlr3L/S7P4Hf8WySY6OfSmtbySlbt27feW6jeQshDCx2nnVYiY2r764UzQw9IkWnR3WkaT5UaQ8LXp7MqpJDxfYnF61tQzSJ0TVQ5p24F1h2N5x7PH5Dmt nuLxAE5Rk4ARehzgCD3UcDAgDZUpXo6fRNUwmtwLi1lHUdffBaY8NrLXB2H8EgT8avxnjwoUaXc3M4fK2I3dQU+LANHBmQU/rz5/QFPgDteRUmaNGu9iebhMvZ1qBwicBNtfBvOOqUVAy3AKAaz/DIA8PGOIvpdpZjwnqpnXWrb26tc8H6PwvYrM9W5LT8k55APRuXgYAq6wq7OF6E1qEWVb+KW ePvXGDrjg7Yra7VkMfuppwa+sODCwiYq9Bib/E+6ndJKUzc8sMSlOtzNnm0L9oikP6X62LB6HuyHaQXeoY33d2TEmLmfQBRGPVz0oU2/Py73bfs8eCfJLgLM5BlI7Ki+BeYwgYuq+3eE+Rtizp9b6Eyo079fJj+xZ8bsEHJW5HJgj1s25oFYlb3iGo0TJFin7XSpRLz5Mx8HF+f+fe7zSDOcw3f fVtU0VszfkRld8ruwvLYHaYLjdrhS30Ly1YDom6A9PWuUhF7YFFjeMqiZAko+RPvAK95okHOYLRr0GT2+KESQ5n7c7gLrdqXAq7kkAdgXUjJQP0Q+nw1IX4uyrS12pZy4nJEZh0Aqu+FsKXIiCQsMlqX2EFYTETrB9Vk6jCgwG+BNYhJa+a4SxGVw+mvikFeyOlWhuXCSQjConi503Ef0PrUYyk iFNpvTeIFYPzOdIlayPTUWSjSxY6Lj2dEdV8bDCxQJFNW2QCbBkCCrlC+KElv669gzGzxvephBIspuNaRwO5YKjAg5vxzjrLAwh4AAlHy8ugTHyvsfysCFj0PF1FWTd75m0zI/Yqfj6JNwfTTyuMCjsx3qBKuljjhxT089NpQYKl8ozes4sC4NgsJzitzR4mYPp32BTcqHN9zl4k4OLf0zjz4mL vIbkkmOgXUnl+OUR0kk21R+kHuOFtcLY3nbUBLaVu8lu9WE++91zkZnarQ4TQH7pdWX9mjw08jq2allHIfmPyp0HXEwVA+o8BecS+XQxEpK5bocImgrSyo0SkgbkwgbagAwIBF6KBrgSBq/4Pt6KOIkl1V1OXz42tsXSfhEDW5jlVGQaGJLqCd7O5uArJQ9W0WFAmQ9lCv2RAGVUbrqZGJ1ue28 0IPxPUYKfptRAa1Jk+RydCcBFKJYdbyjELMooX8D1/6Nr0XTsHAgL0X2TARtFHQ2msER7mBNbIJbOUjsyHTGeP1w7lE9TWmDlA4Jq+CoKxLOR3wEgeiL6mvqj4TZatCNJlEBiWxDNRO+rNyUzaqFnpvg== *0000001* :: Proxy-Connection: Keep-Alive *0000001* :: Content-Type: application/timestamp-query *0000001* :: <<<<-------- End ----------------------------------------------->>>> *0000001* :: WinHttpSendRequest() returning TRUE *0000001* :: WinHttpReceiveResponse(0x8ea0000, 0x0) *0000001* :: received data: *0000001* :: 219 (0xdb) bytes *0000001* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> HTTP/1.1 200 OK *0000001* :: Via: 1.1 TEPMEL *0000001* :: Connection: Keep-Alive *0000001* :: Proxy-Connection: Keep-Alive *0000001* :: Content-Length: [3332] 1896 *0000001* :: Date: Fri, 22 Sep 2006 09:58:15 GMT *0000001* :: Content-Type application/timestamp-reply *0000001* :: Server: Microsoft-IIS/6.0 *0000001* :: <<<<-------- End ----------------------------------------------->>>> *0000001* :: WinHttpReceiveResponse() returning TRUE *0000001* :: WinHttpQueryHeaders(0x8ea0000, (0x20000013), "<null>", 0x8ccedb4, 0x6dc8c [4], 0x0 [0]) *0000001* :: WinHttpQueryHeaders() returning TRUE *0000001* :: WinHttpQueryAuthSchemes(0x8ea0000, 0x6dc80, 0x6dc9c) *0000001* :: WinHttpQueryAuthSchemes: error 4317 [0x10dd] *0000001* :: WinHttpQueryAuthSchemes() returning FALSE *0000001* :: WinHttpReadData(0x8ea0000, 0x8ccf008, 65536, 0x6dc8c) *0000001* :: WinHttpReadData() returning TRUE *0000001* :: WinHttpReadData(0x8ea0000, 0x8ccf008, 65536, 0x6dc8c) *0000001* :: WinHttpReadData() returning TRUE *0000001* :: WinHttpCloseHandle(0x8ea0000) *0000001* :: WinHttpCloseHandle() returning TRUE *Session* :: WinHttpCloseHandle(0x8e6e000) *Session* :: WinHttpCloseHandle() returning TRUE *Session* :: WinHttpCrackUrl("http://ocsp.vrca.ru/ocsp/ocsp.srf", 0x0, 0x0, 0x6d4a8) *Session* :: WinHttpCrackUrlA("http://ocsp.vrca.ru/ocsp/ocsp.srf", 0x21, 0x0, 0x6d360) *Session* :: WinHttpCrackUrlA() returning TRUE *Session* :: WinHttpCrackUrl() returning TRUE *Session* :: WinHttpOpen("Crypto-Pro ocspcli.dll", (1), "", "", 0x0) *Session* :: WinHttpOpen() returning handle 0x8e66140 *Session* :: DoConnectoidsExist() *Session* :: IsRasInstalled() *Session* :: IsRasInstalled() returning TRUE *Session* :: DoConnectoidsExist() returning TRUE *Session* :: WinHttpSetOption(0x8e66140, (38), 0x6d490 [0x3], 12) *Session* :: WinHttpSetOption() returning TRUE *Session* :: WinHttpConnect(0x8e66140, "ocsp.vrca.ru", 80, 0x0) *Session* :: WinHttpConnect() returning handle 0x8e6e000 *Session* :: WinHttpOpenRequest(0x8e6e000, "POST", "ocsp/ocsp.srf", "", "", 0x0, 0x00000000) *Session* :: WinHttpCreateUrlA(0x6d240, 0x0, 0x8eb0000, 0x6d27c) *Session* :: WinHttpCreateUrlA() returning TRUE *0000002* :: WinHttpOpenRequest() returning handle 0x8ea0000 *0000002* :: WinHttpSetOption(0x8ea0000, (77), 0x6d464 [0x2], 4) *0000002* :: WinHttpSetOption() returning TRUE *0000002* :: WinHttpSendRequest(0x8ea0000, "Content-type: application/ocsp-request", -1, 0x8cca228, 129, 129, 0) *0000002* :: WinHttpCreateUrlA(0x6d1dc, 0x0, 0x8eb0000, 0x6d1c0) *0000002* :: WinHttpCreateUrlA() returning TRUE *0000002* :: Using proxy server: 10.10.16.254:8080 *0000002* :: sending data: *0000002* :: 327 (0x147) bytes *0000002* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> *0000002* :: POST http://ocsp.vrca.ru/ocsp/ocsp.srf HTTP/1.1 *0000002* :: Content-type: application/ocsp-request *0000002* :: User-Agent: Crypto-Pro ocspcli.dll Host: ocsp.vrca.ru *0000002* :: Content-Length: 129 Proxy-Connection: Keep-Alive *0000002* :: <<<<-------- End ----------------------------------------------->>>> *0000002* :: WinHttpSendRequest() returning TRUE *0000002* :: WinHttpReceiveResponse(0x8ea0000, 0x0) *0000002* :: received data: *0000002* :: 1024 (0x400) bytes *0000002* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied. ) *0000002* :: Via: 1.1 TEPMEL Proxy-Authenticate: Negotiate *0000002* :: Proxy-Authenticate: Kerberos *0000002* :: Proxy-Authenticate: NTLM *0000002* :: Proxy-Authenticate: Basic realm="tepmel.center.cg" *0000002* :: Connection: Keep-Alive *0000002* :: Proxy-Connection: Keep-Alive *0000002* :: Pragma no-cache *0000002* :: Cache-Control: no-cache *0000002* :: Content-Type: text/html *0000002* :: Content-Length: 4107 *0000002* :: <<<<-------- End ----------------------------------------------->>>> *0000002* :: WinHttpReceiveResponse() returning TRUE *0000002* :: WinHttpQueryHeaders(0x8ea0000, (0x20000013), "<null>", 0x8cb4e70, 0x6d468 [4], 0x0 [0]) *0000002* :: WinHttpQueryHeaders() returning TRUE *0000002* :: WinHttpQueryAuthSchemes(0x8ea0000, 0x6d45c, 0x6d484) *0000002* :: WinHttpQueryAuthSchemes() returning TRUE *0000002* :: WinHttpQueryAuthSchemes(0x8ea0000, 0x6d45c, 0x6d484) *0000002* :: WinHttpQueryAuthSchemes() returning TRUE *0000002* :: WinHttpCloseHandle(0x8ea0000) *0000002* :: WinHttpCloseHandle() returning TRUE *Session* :: WinHttpCloseHandle(0x8e6e000) *Session* :: WinHttpCloseHandle() returning TRUE } При этом GetLastError после вызова CadesSignMassage возвращает 0xC2110100.

22.09.2006 15:14:25 Смирнов Павел

Из лога видно, что OCSP-клиент "обиделся" на аутентификацию. Настройте нужный тип аутентификации в групповой политике КриптоПро OCSP Client.

22.09.2006 15:38:55 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Это на серверной стороне делается? Со стороны клиента я пользуюсь AIA-расширением для доступа к OCSP. Пробовал также ставить в строчке подключения к TSP-серверу тип авторизации Negotiate (т.е. константа 16), и лог тот же.

22.09.2006 15:46:01 Смирнов Павел

Речь идёт о КриптоПро OCSP Client. Параметры подключения к серверу штампов времени на него, очевидно, не влияют. Вам необходимо настроить групповую политику для той машины, которая создаёт подпись. Как вы будете это делать - через доменную политику или локально - не важно. Настройте политику "Аутентификация (прокси-сервер): тип по умолчанию".

22.09.2006 15:55:19 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Так они же платные. А для разработки у нас только cadessdk есть. Так никаких политик нельзя проставлять.

22.09.2006 16:22:24 Смирнов Павел

Вам нужно добиться работоспособности на макете? То, что клиент платный, вам не мешает. Открываете на той машине, где он работает (и стоит SDK, судя по всему), оснастку управления групповыми политиками. Там уже зарегистрированы политики КриптоПро TSP Client и OCSP Client.

22.09.2006 16:33:20 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

какой msc-файл надо запустить, чтобы открыть это консоль?

22.09.2006 16:43:34 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

У меня клиентская машина стоит под управлением WindowsXP Home. Нет там таких консолей. Все файлы msc позапускал. Нету. :)

22.09.2006 18:18:55 Смирнов Павел

На XP Home Edition, оказывается, нет групповых политик. Учитывая специфику сред, где применяется эта ОС, мы будем рекомендовать в таких случаях администратору системы изготавливать reg-файлы с настройками наших клиентов для того, чтобы владельцы XP Home Edition могли поместить эти настройки в реестр. В вашем случае надо записать в ключе HKLM\Software\Policies\Crypto-Pro\OCSP DWORD-значение ProxyAuthTypeDefault = 16.

22.09.2006 19:31:53 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Мы сейчас тестили, и вот что должны вам сказать.. С прокси, которая не требует аутентификации, оно ходит, и усовершенствованную подпись ставит. А вот с аутентификацией начинаются проблемы. Не хватает HTTP-заголовка Proxy-Authorization : <тип >. Т.е. на лицо проблема. К примеру, браузер MSIE посылает этот заголовок, а ваши библиотеки, судя по логам, нет. Прокся squid/2.5 Stable 6. Она выдает ошибку ERR_CACHE_ACCESS_DENIED. Но это лишь мое (наше отделовское :) ) мнение. Вот лог... { 00000000 0.00000000 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrl("http://217.198.11.34/tsp/tsp.srf", 0x0, 0x0, 0x6da28) 00000001 0.00011063 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrlA("http://217.198.11.34/tsp/tsp.srf", 0x20, 0x0, 0x6d8d8) 00000002 0.00019695 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000003 0.00027601 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000004 0.00036094 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrl("http://lab3:3128", 0x0, 0x0, 0x6da64) 00000005 0.00044475 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrlA("http://lab3:3128", 0x10, 0x0, 0x6d8d8) 00000006 0.00052688 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrlA() returning TRUE 00000007 0.00060455 [1544] 19:14:43.765 ::*Session* :: WinHttpCrackUrl() returning TRUE 00000008 0.00068975 [1544] 19:14:43.765 ::*Session* :: WinHttpSetOption(0x1556000, (38), 0x6da0c [0x3], 12) 00000009 0.00082971 [1544] 19:14:43.765 ::*Session* :: WinHttpSetOption() returning TRUE 00000010 0.00094537 [1544] 19:14:43.765 ::*Session* :: WinHttpConnect(0x1556000, "217.198.11.34", 80, 0x0) 00000011 0.00102359 [1544] 19:14:43.765 ::*Session* :: WinHttpConnect() returning handle 0x1556300 00000012 0.00111048 [1544] 19:14:43.765 ::*Session* :: WinHttpOpenRequest(0x1556300, "POST", "tsp/tsp.srf", "", "", 0x0, 0x00000000) 00000013 0.00122669 [1544] 19:14:43.765 ::*Session* :: WinHttpCreateUrlA(0x6d7b8, 0x0, 0x7ed0000, 0x6d7f4) 00000014 0.00143482 [1544] 19:14:43.765 ::*Session* :: WinHttpCreateUrlA() returning TRUE 00000015 0.00153818 [1544] 19:14:43.765 ::*0000015* :: WinHttpOpenRequest() returning handle 0x7bf2000 00000016 0.00167368 [1544] 19:14:43.765 ::*0000015* :: WinHttpSetOption(0x7bf2000, (77), 0x6d9e0 [0x2], 4) 00000017 0.00176000 [1544] 19:14:43.765 ::*0000015* :: WinHttpSetOption() returning TRUE 00000018 0.00188348 [1544] 19:14:43.765 ::*0000015* :: WinHttpSendRequest(0x7bf2000, "Content-type: application/timestamp-query", -1, 0x7dd1a18, 64, 64, 0) 00000019 0.00197036 [1544] 19:14:43.765 ::*0000015* :: WinHttpCreateUrlA(0x6d750, 0x0, 0x7ed0000, 0x6d734) 00000020 0.00205892 [1544] 19:14:43.765 ::*0000015* :: WinHttpCreateUrlA() returning TRUE 00000021 0.00274784 [1544] 19:14:43.765 ::*0000015* :: Using proxy server: lab3:3128 00000022 0.00327891 [1544] 19:14:43.765 ::*0000015* :: sending data: 00000023 0.00335964 [1544] 19:14:43.765 ::*0000015* :: 263 (0x107) bytes 00000024 0.00343424 [1544] 19:14:43.765 ::*0000015* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000025 0.00346217 [1544] 19:14:43.765 ::*0000015* :: 00000026 0.00354095 [1544] POST http://217.198.11.34/tsp/tsp.srf HTTP/1.1 00000027 0.00354095 [1544] 19:14:43.765 ::*0000015* :: Content-type: application/timestamp-query 00000028 0.00354095 [1544] 19:14:43.765 ::*0000015* :: User-Agent: Crypto-Pro tspcli.dll 00000029 0.00354095 [1544] 19:14:43.765 ::*0000015* :: 00000030 0.00363398 [1544] Host: 217.198.11.34 00000031 0.00363398 [1544] 19:14:43.765 ::*0000015* :: Content-Length: 64 00000032 0.00363398 [1544] 19:14:43.765 ::*0000015* :: 00000033 0.00375327 [1544] Proxy-Connection: Keep-Alive 00000034 0.00382535 [1544] 00000035 0.00395916 [1544] 19:14:43.765 ::*0000015* :: <<<<-------- End ----------------------------------------------->>>> 00000036 0.00406867 [1544] 19:14:43.765 ::*0000015* :: WinHttpSendRequest() returning TRUE 00000037 0.00412287 [1544] 19:14:43.765 ::*0000015* :: WinHttpReceiveResponse(0x7bf2000, 0x0) 00000038 0.00523279 [1544] 19:14:43.765 ::*0000015* :: received data: 00000039 0.00533280 [1544] 19:14:43.765 ::*0000015* :: 1024 (0x400) bytes 00000040 0.00540767 [1544] 19:14:43.765 ::*0000015* :: <<<<-------- HTTP headers follow below ----------------------------------------------->>>> 00000041 0.00549455 [1544] 19:14:43.765 ::*0000015* :: 00000042 0.00557501 [1544] HTTP/1.0 407 Proxy Authentication Required 00000043 0.00557501 [1544] 19:14:43.765 ::*0000015* :: Server: squid/2.5.STABLE6 00000044 0.00557501 [1544] 19:14:43.765 ::*0000015* :: Mime-Version: 1.0 00000045 0.00557501 [1544] 19:14:43.765 ::*0000015* :: Date: Fri, 22 Sep 2006 15:19:12 GMT 00000046 0.00557501 [1544] 19:14:43.765 ::*0000015* :: 00000047 0.00567251 [1544] Content-Type: text/html 00000048 0.00567251 [1544] 19:14:43.765 ::*0000015* :: Content-Length: 1309 00000049 0.00567251 [1544] 19:14:43.765 ::*0000015* :: Expires: Fri, 22 Sep 2006 15:19:12 GMT 00000050 0.00567251 [1544] 19:14:43.765 ::*0000015* :: X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 00000051 0.00567251 [1544] 19:14:43.765 ::*0000015* :: 00000052 0.00576218 [1544] Proxy-Authenticate: Basic realm="Squid proxy-caching web server" 00000053 0.00576218 [1544] 19:14:43.765 ::*0000015* :: X-Cache: MISS from lab3 00000054 0.00576218 [1544] 19:14:43.765 ::*0000015* :: 00000055 0.00584069 [1544] Proxy-Connection: keep-alive 00000056 0.00591192 [1544] 00000057 0.00603931 [1544] 19:14:43.765 ::*0000015* :: <<<<-------- End ----------------------------------------------->>>> 00000058 0.00612704 [1544] 19:14:43.765 ::*0000015* :: WinHttpReceiveResponse() returning TRUE 00000059 0.00620749 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryHeaders(0x7bf2000, (0x20000013), "<null>", 0x7dd59dc, 0x6d9e4 [4], 0x0 [0]) 00000060 0.00628935 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryHeaders() returning TRUE 00000061 0.00636729 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryAuthSchemes(0x7bf2000, 0x6d9d8, 0x6d9f4) 00000062 0.00644635 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryAuthSchemes() returning TRUE 00000063 0.00652346 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryAuthSchemes(0x7bf2000, 0x6d9d8, 0x6d9f4) 00000064 0.00660196 [1544] 19:14:43.765 ::*0000015* :: WinHttpQueryAuthSchemes() returning TRUE 00000065 0.00686121 [1544] 19:14:43.765 ::*0000015* :: WinHttpCloseHandle(0x7bf2000) 00000066 0.00693999 [1544] 19:14:43.765 ::*0000015* :: WinHttpCloseHandle() returning TRUE 00000067 0.00702547 [1544] 19:14:43.765 ::*Session* :: WinHttpCloseHandle(0x1556300) 00000068 0.01516729 [1544] 19:14:43.765 ::*Session* :: WinHttpCloseHandle() returning TRUE } Вот заголовок MSIE на авторизацию на squid.. { запрос: { 1158938596.834 984 10.10.21.200 TCP_MISS/200 3755 GET http://10.10.21.101/ dima DIRECT/10.10.21.101 text/html [Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */*\r\nAccept-Language: ru\r\nProxy-Authorization: Basic RElNQToxMjM0NTY=\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)\r\nHost: 10.10.21.101\r\nProxy-Connection: Keep-Alive\r\n] } ответ: { [HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nDate: Fri, 22 Sep 2006 15:16:02 GMT\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nMicrosoftOfficeWebServer: 5.0_Pub\r\nContent-Length: 3421\r\nContent-Type: text/html\r\nSet-Cookie: ASPSESSIONIDACDAAQRQ=CNBHLMLCDKDOMHMNJPBNFAOL; path=/\r\nCache-control: private\r\n\r] } } Вот заголовок Konquerror на авторизацию на squid.. { запрос: { 1158938789.510 3 10.10.21.129 TCP_MISS/200 3688 GET http://lab1.center.cg/ dima DIRECT/10.10.21.101 text/html [User-Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux 2.6.17-gentoo-r7-redbaron-1) KHTML/3.5.4 (like Gecko)\r\nAccept: text/html, image/jpeg, image/png, text/*, image/*, */*\r\nAccept-Encoding: x-gzip, x-deflate, gzip, deflate\r\nAccept-Charset: utf-8, utf-8;q=0.5, *;q=0.5\r\nAccept-Language: ru, en\r\nHost: lab1.center.cg\r\nCookie: ASPSESSIONIDACDAAQRQ=ANBHLMLCIEGNOHPOOLFILMEF\r\nProxy-Authorization: Basic ZGltYToxMjM0NTY=\r\nConnection: Keep-Alive\r\n] } ответ: { [HTTP/1.1 200 OK\r\nConnection: keep-alive\r\nDate: Fri, 22 Sep 2006 15:19:15 GMT\r\nServer: Microsoft-IIS/6.0\r\nX-Powered-By: ASP.NET\r\nMicrosoftOfficeWebServer: 5.0_Pub\r\nContent-Length: 3421\r\nContent-Type: text/html\r\nCache-control: private\r\n\r] } } Вот заголовок ваших библиотек.. { запрос: { 1158937475.080 1 10.10.21.200 TCP_DENIED/407 1688 POST http://217.198.11.34/tsp/tsp.srf - NONE/- text/html [Content-Type: application/timestamp-query\r\nUser-Agent: Crypto-Pro tspcli.dll\r\nHost: 217.198.11.34\r\nContent-Length: 64\r\nProxy-Connection: Keep-Alive\r\n] } ответ: { [HTTP/1.0 407 Proxy Authentication Required\r\nServer: squid/2.5.STABLE6\r\nMime-Version: 1.0\r\nDate: Fri, 22 Sep 2006 15:04:35 GMT\r\nContent-Type: text/html\r\nContent-Length: 1309\r\nExpires: Fri, 22 Sep 2006 15:04:35 GMT\r\nX-Squid-Error: ERR_CACHE_ACCESS_DENIED 0\r\nProxy-Authenticate: Basic realm="Squid proxy-caching web server"\r\n\r] } }

22.09.2006 19:48:48 Смирнов Павел

С этим всё понятно. Это нормальное поведение при первом соединении через прокси-сервер. После получения первой ошибки 407, браузеры начинают подставлять аутентификацию. Наши библиотеки, работающие через winhttp, ведут себя точно так же. Опции аутентификации winhttp задаются нашими библиотеками. Прочитайте мой ответ, написанный в 18:18, и попробуйте предложенный там метод. При этом, конечно, оставьте аутентификацию для TSP-клиента, как она задавалась раньше.

22.09.2006 19:54:04 Шмыков Дима (Казань, компания Центр-Сервис, софт-отдел, lead developer)

Ваш метод с реестром и использовася. После ошибки 407 библиотека и не пытается что-то отослать. Это видно по логам squid и по вашим собственным.

22.09.2006 19:59:47 Смирнов Павел

В вашем логе видно обращение TSP-клиента. На него указанный параметр не влияет - это параметр OCSP-клиента.

22.09.2006 23:43:08 Шмыков Дима (компания "Центр", программист)

Оно понятно, что для OCSP. Но факт фактом, что дальше HTTP-взаимодействие не проходит. Еще были замечены другие вещи: когда HTTP-данные вовремя не приходили, то по запросу в следующий раз библиотеки КриптоПро (по-моему это было с tspcli.dll), выдавала ошибку, причем как-то сразу и быстро, как будто сразу знала, что следующая попытка тоже не удастся, хотя третья попытка прошла успешно (это я про случай без аутентификации на прокси). И еще, за одно. На будущее, если таковой состоится, надеюсь.. Вот, написав интерфейс взаимодействия для КриптоПро TSP и OCSP-серверов, вы не освободили разработчика от использования WinHTTP Services. Приколы с выбором аутентификации и нестабильностью самой так называемой "разъединенной модели" все равно подталкивает добросовестный разработчиков на ниписание дополнительного кода. Да, и хотелось бы увидеть эти библиотеки, аккуратно упакованные в .NET-сборки.