javascript呼叫微軟CertEnroll實現CSP數字證書申請
阿新 • • 發佈:2018-11-11
本文主要通過簡單例項,展示javascript呼叫微軟CertEnroll及相關控制元件,實現對CSP數字證書的申請操作。
1. CSP讀取及列表展示
... var providerList = document.getElementById("cspprovider"); var certEnrollFactory = document.getElementById("oCertEnrollFactory"); var csps = certEnrollFactory.CreateObject("X509Enrollment.CCspInformations"); var csp = certEnrollFactory.CreateObject("X509Enrollment.CCspInformation"); var providerName = ""; var index = 0; csps.AddAvailableCsps(); while (csps.Count > index) { csp = csps.ItemByIndex(index); providerName = csp.Name; option = new Option(providerName, index, false, true); providerList.add(option); providerName = ""; index++; } ...
2. 生成P10
... var pkcs10 = ""; var dn = <dn>; var csp = <csp>; var keysize = <keysize>; var certEnrollFactory = document.getElementById("oCertEnrollFactory"); var csp = certEnrollFactory.CreateObject("X509Enrollment.CCspInformation"); var csps = certEnrollFactory.CreateObject("X509Enrollment.CCspInformations"); var privateKey = certEnrollFactory.CreateObject("X509Enrollment.CX509PrivateKey"); var request = certEnrollFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") var objectIds = certEnrollFactory.CreateObject("X509Enrollment.CObjectIds"); var objectId = certEnrollFactory.CreateObject("X509Enrollment.CObjectId"); var x509ExtensionEnhancedKeyUsage = certEnrollFactory.CreateObject("X509Enrollment.CX509ExtensionEnhancedKeyUsage"); var extensionTemplate = certEnrollFactory.CreateObject("X509Enrollment.CX509ExtensionTemplateName"); var distinguishedName = certEnrollFactory.CreateObject("X509Enrollment.CX500DistinguishedName"); var enroll = certEnrollFactory.CreateObject("X509Enrollment.CX509Enrollment"); csp.InitializeFromName(csp); csps.Add(objCSP); privateKey.Length = parseInt(keysize, 10); privateKey.KeySpec = 2; privateKey.ExportPolicy = 1; privateKey.ProviderName = objCSP.Name; privateKey.ProviderType = objCSP.Type; privateKey.KeyUsage = 16777215; privateKey.MachineContext = 0; privateKey.CspInformations = csps; request.InitializeFromPrivateKey(1, privateKey, ""); objectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); extensionTemplate.InitializeEncode("1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2,1.3.6.1.4.1.311.10.3.12,1.3.6.1.5.5.7.3.4"); request.X509Extensions.Add(extensionTemplate); distinguishedName.Encode(dn, 0); request.Subject = distinguishedName; enroll.InitializeFromRequest(request); pkcs10 = enroll.CreateRequest(1); pkcs10 = pkcs10.replace(/\r\n/g, ""); ...
3. 安裝證書
...
var certEnrollFactory = document.getElementById("oCertEnrollFactory");
var enroll = certEnrollFactory.CreateObject("X509Enrollment.CX509Enrollment");
enroll.Initialize(1)
enroll.InstallResponse(4, pkcs7, 0x7, "")
...
4. 證書讀取
... var certSN = <certsn>; var commonName = <commonname>; var myStore = new ActiveXObject("CAPICOM.Store"); var certificate; myStore.Open(2, "My", 0); var filteredCertificates = myStore.Certificates.Find(1, commonName); for (i = 1; i <= filteredCertificates.Count; i++) { certificate = filteredCertificates.Item(i); if (certificate.SerialNumber == certSN) { break; } } ...
5. 數字證書選擇與簽名
...
var plainText = "HELLO";
var signedData = "";
var signedData = new ActiveXObject("CAPICOM.SignedData");
var timeAttribute = new ActiveXObject("CAPICOM.Attribute");
var signer = new ActiveXObject("CAPICOM.Signer");
var myStore = new ActiveXObject("CAPICOM.Store");
myStore.Open(2, "My", 0);
var today = new Date();
var filteredCertificates = myStore.Certificates;
var selectedCertificate = filteredCertificates.Select();
signedData.Content = plainText;
signer.Certificate = selectedCertificate;
signer.Options = 2;
timeAttribute.Name = 0;
timeAttribute.Value = today.getVarDate();
signer.AuthenticatedAttributes.Add(timeAttribute);
signedData = signedData.Sign(signer, false, 0);
...