首页  :: 新随笔  :: 管理

自动安装数字证书根证书

Posted on 2011-05-07 21:58  季枫  阅读(5636)  评论(1编辑  收藏  举报
<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
<%@ page import="java.lang.*,java.io.*"%>
<html>
    
<head>
        
<title>IE中自动安装数字证书测试</title>
    
</head>
    
<body>
        IE中使用XEnroll.InstallPKCS7自动安装根数字证书
        
<br />
        备注:这里测试的根证书采用Base64编码 X.509格式(CER)
        
<br />
<%     
StringBuffer server_cert 
=new StringBuffer();
try {    
    java.net.URL url 
=config.getServletContext().getResource("/base64_root_comsys.cer");
    BufferedReader breader 
=new BufferedReader(new InputStreamReader(url.openStream()));
}
catch(Exception e)
{
    e.printStackTrace();
    out.println(
"<HTML><BODY><P>");    
    out.println(
"<h2>读取证书文件出错</h2> <br/>");    
    out.println(e.toString());    
    out.println(
"</P></BODY></HTML>");    
    out.flush();    
    out.close();
}
String Agent 
= request.getHeader("User-Agent");
StringTokenizer st 
= new StringTokenizer(Agent,";");
st.nextToken();
String userBrowser 
= st.nextToken();
String userOS 
= st.nextToken();
out.println(
"你的操作系统为:");
out.println(userOS);
String activexLib
="XEnroll";
//检查是否是Windows Vista,Windows 2008,Windows 7,在Vista,Windows 2008,Windows 7上,需要使用 CertEnroll.dll
//Windows 2008 Server, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;...
//Windows Vista, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;...
//Windows 7,IE8 User-Agent header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;...

if(userOS.indexOf("Windows NT 6.0")>-1 || userOS.indexOf("Windows NT 6.1")>-1 || userOS.indexOf("Windows NT 5.2")>-1){
        activexLib
="CertEnroll";
    }
    String sPKCS7
=server_cert.toString();
    sPKCS7
="-----BEGIN CERTIFICATE-----MIIDZzCCAk+gAwIBAgIJAJrhdPt6af7nMA0GCSqGSIb3DQEBBAUAMGoxFjAUBgNVBAoTDWNvbXN5cy5uZXQuY24xDTALBgNVBAsTBFVDSVQxHjAcBgNVBAMTFUNPTVNZUy5ORVQuQ04gUk9PVCBDQTEhMB8GCSqGSIb3DQEJARYSbGlhb2ppZmVuZ0AxNjMuY29tMB4XDTExMDQyMjAyMTkzMFoXDTE3MDQyMDAyMTkzMFowajEWMBQGA1UEChMNY29tc3lzLm5ldC5jbjENMAsGA1UECxMEVUNJVDEeMBwGA1UEAxMVQ09NU1lTLk5FVC5DTiBST09UIENBMSEwHwYJKoZIhvcNAQkBFhJsaWFvamlmZW5nQDE2My5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnYB2tr8D3IcPND9tCh4c1GMnL15hdJ5oYJ12DpoaEbCciELkOmogaQ2IjVSLBCfHZKkX6X9hJqdCHH2oiGvNZyuN5mjfy+KWuebs7r9sqaTzJ6/e1vgSaiYox1DIO+oI59MH22jH3i8OMw2qbE3TqlLvVmZBflomVkGIOz95iJOzKOJwIUA3VhFYvI/Wlf4NzqfOL0zNNmoFUcD4BYVAqhVa570FFxEaGl8DvLaKUraKfho6zRHVc7MrjFrI6SlSRhe2hi/c24HrOpzoUPD46zztL/v6sSV37chsf6+V44WO4rCth0wEZzws8Hd6ch8NsUcMJjM8IOG2NMrn6x0CLAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBAD4UIk7CVBwsK7DWg74eM2zwfU4bFm02BKMVFDVNwwTdjdcGSlxrNChbymHFuhG00USxy9/d4ApWxUX/y3MxmkXusENE2Rg6Wk92k6SCfbhIOXUrI+0YxXNAjInIcABsasOZAZ/ECuIuQbap5UyEHCiy0VJKRKKNCthE2dBbnTLaS1ierSuWubuyOMGDtQTCdjU7zYjwGLSLNXkUGNfG+t5XkltXRNFxUgkVh6q2sHxo76I2taya4KQp2SM6W4t8tdJXzBvdI1me5bT7sWDu4fYwsTnjwQACXrb6PKi86jq3YxP3DV/t+Beq87NP2mJg+0Ind8RNTenM714R7VtFrz8=-----END CERTIFICATE-----";        
%>
        
<% if(activexLib.equals("XEnroll")){ %>
        
<object id="XEnroll" classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="xenroll.dll">
        
</object>
        
<SCRIPT language="VBSCRIPT">
            ON ERROR resume next
            sPKCS7
="-----BEGIN CERTIFICATE-----MIIDZzCCAk+gAwIBAgIJAJrhdPt6af7nMA0GCSqGSIb3DQEBBAUAMGoxFjAUBgNVBAoTDWNvbXN5cy5uZXQuY24xDTALBgNVBAsTBFVDSVQxHjAcBgNVBAMTFUNPTVNZUy5ORVQuQ04gUk9PVCBDQTEhMB8GCSqGSIb3DQEJARYSbGlhb2ppZmVuZ0AxNjMuY29tMB4XDTExMDQyMjAyMTkzMFoXDTE3MDQyMDAyMTkzMFowajEWMBQGA1UEChMNY29tc3lzLm5ldC5jbjENMAsGA1UECxMEVUNJVDEeMBwGA1UEAxMVQ09NU1lTLk5FVC5DTiBST09UIENBMSEwHwYJKoZIhvcNAQkBFhJsaWFvamlmZW5nQDE2My5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnYB2tr8D3IcPND9tCh4c1GMnL15hdJ5oYJ12DpoaEbCciELkOmogaQ2IjVSLBCfHZKkX6X9hJqdCHH2oiGvNZyuN5mjfy+KWuebs7r9sqaTzJ6/e1vgSaiYox1DIO+oI59MH22jH3i8OMw2qbE3TqlLvVmZBflomVkGIOz95iJOzKOJwIUA3VhFYvI/Wlf4NzqfOL0zNNmoFUcD4BYVAqhVa570FFxEaGl8DvLaKUraKfho6zRHVc7MrjFrI6SlSRhe2hi/c24HrOpzoUPD46zztL/v6sSV37chsf6+V44WO4rCth0wEZzws8Hd6ch8NsUcMJjM8IOG2NMrn6x0CLAgMBAAGjEDAOMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBAD4UIk7CVBwsK7DWg74eM2zwfU4bFm02BKMVFDVNwwTdjdcGSlxrNChbymHFuhG00USxy9/d4ApWxUX/y3MxmkXusENE2Rg6Wk92k6SCfbhIOXUrI+0YxXNAjInIcABsasOZAZ/ECuIuQbap5UyEHCiy0VJKRKKNCthE2dBbnTLaS1ierSuWubuyOMGDtQTCdjU7zYjwGLSLNXkUGNfG+t5XkltXRNFxUgkVh6q2sHxo76I2taya4KQp2SM6W4t8tdJXzBvdI1me5bT7sWDu4fYwsTnjwQACXrb6PKi86jq3YxP3DV/t+Beq87NP2mJg+0Ind8RNTenM714R7VtFrz8=-----END CERTIFICATE-----"
            XEnroll.InstallPKCS7 sPKCS7
            
//XEnroll.InstallPKCS7用于安装根证书。        
            XEnroll.InstallPKCS7 sPKCS7     
             
if err.Number <> 0 then           
                 
if err.number = -2146885628 then               
                     MsgBox 
"Keyset does not exist"            
                 
else               
                     MsgBox 
"证书下载时出错,错误号="&err.description            
                 end 
if        
            
else            
                MsgBox 
"证书已成功装入"        
            end 
if
    
</script>
        
<% } 
else {%>
<!--  
        
//方法来源://http://blogs.msdn.com/alejacma/archive/2009/01/28/how-to-create-a-certificate-request-with-certenroll-javascript.aspx
        
//Vista下由于暂时没有测试环境,方法尚待验证
-->
        
<object id="objCertEnrollClassFactory" classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"></object>
        
<script language="javascript">
          function InstallCert(){
                document.write(
"<br>Installing certificate...");        
                
try {            
                    
// Variables            
                    var objEnroll = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509Enrollment")            
                    var sPKCS7 
= "<%= sPKCS7 %>"            
                    objEnroll.Initialize(
1); // ContextUser            
                    objEnroll.InstallResponse(0, sPKCS7, 6""); 
                    
// AllowNone = 0, XCN_CRYPT_STRING_BASE64_ANY = 6        
                }catch (err) 
                {            
                    document.write(
"<br>" + err.description);            
                    
return false;       
                 }    
                
return true;
            }    
        InstallCert();     
</script>
        
<% } %>
        
<%/*
out.println("用下载方式下载p12格式的文件下载后安装"); 
ClassLoader cl = this.getClass().getClassLoader();
try 
{    
InputStream is = cl.getResourceAsStream("liangchuan.p12");   
 //response.setContentType("application/x-x509-ca-cert");   
 response.setContentType("application/x-pkcs12");    
response.addHeader("Content-Disposition", "attachment; filename=liangchuan.p12");   
 OutputStream os = response.getOutputStream();    
//InputStream is = new FileInputStream(fileName);   
 while (is.available() > 0) 
{        
char c = (char) is.read();       
 os.write(c);    }    
os.flush();    
is.close(); } 
catch (Exception e) {     
out.println("<HTML><BODY><P>");    
out.println("<h2>下载证书文件出错</h2> <br/>");    
out.println(e.toString());    
out.println("</P></BODY></HTML>");    
out.flush();    
out.close(); }
*/%>
    
</body>
</html>

在win7 下有问题 :

报“CertEnroll::CX509Enrollment::InstallResponse: 已处理证书链,但是在不受信任提供程序信任的根证书中终止。 0x800b0109 (-2146762487)错误”
将objEnroll.InstallResponse(0, sPKCS7, 6"");   改成objEnroll.InstallResponse(4, sPKCS7, 6""); 但只能安装“中级证书颁发机构”  达不到目的

 

http://msdn.microsoft.com/en-us/library/aa378051(v=vs.85).aspx


 

智读 | 成都会领科技有限公司官网 | 智读App下载 | 每天听本书的博客 | |