IE中自动安装根数字证书

基本思路:

1、在XP、Windows 2003的IE上,通过XEnroll.dll控件来完成根数字证书的自动安装。

2、在Vista,Windows 2008,Windows 7 的IE上,需要使用CertEnroll.dll来自动完成根数字证书的自动安装。

3、XEnroll.InstallPKCS7只适用于自动安装根证书。XEnroll.acceptPKCS7 用于安装用户数字证书,但需要配合CSR(Certificate signing request)才能够使用。要实现自动安装用户证书:

在IE中:需要配合Enroll.createPKCS10CSR来生成CSR(Certificate signing request)

在Firefox中:需要配合使用html的keygen标签来生成CSR

4、如果只需要能够下载证书并安装,而不要在IE浏览器中完成证书注销、证书申请等功能,可以采用下载证书文件的方式,MIME Type可以采用

application/x-pkcs12、application/pkcs-12

几个与PKI证书相关的MIME Type:

application/x-x509-ca-cert、application/x-x509-user-cert、application/pkcs10、application/x-pkcs10、application/pkcs-12、

application/x-pkcs12、application/x-pkcs7-signature、application/pkcs7-mime、application/x-pkcs7-mime、

application/pkcs7-mime、application/x-pkcs7-mime、application/x-pkcs7-certreqresp、application/pkcs7-signature

  测试代码:

<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>
 <%@ page import="java.lang.*,java.io.*" %>
<html>
<head>
<title>IE中自动安装数字证书测试</title>
</head>
<body>
IE中使用XEnroll.InstallPKCS7自动安装根数字证书<br/>
 备注:这里测试的根证书采用Base64编码 X.509格式(CER)<br/>
<%     StringBuffer server_cert =new StringBuffer();
try {    
String realPath = this.getClass().getClassLoader().getResource("liangchuan.cer").getPath();   
 File file = new File(realPath);    
if (!file.exists()) 
{        out.println("<HTML><BODY><P>");        
out.println("<h2>根证书文件不存在</h2> <br/>");       
 out.println("</P></BODY></HTML>");        
out.flush();        
out.close();    }else{       
 BufferedReader bf=new BufferedReader(new FileReader(file));      
  String line=null;        
while((line=bf.readLine())!=null)            
server_cert.append(line);        
bf.close();    }
}
catch(Exception e)
{    out.println("<HTML><BODY><P>");    
out.println("<h2>读取证书文件出错</h2> <br/>");    
out.println(e.toString());    
out.println("</P></BODY></HTML>");    
out.flush();    
out.close();}
String Agent = request.getHeader("User-Agent");
StringTokenizer st = new StringTokenizer(Agent,";");st.nextToken();
String userBrowser = st.nextToken();
String userOS = st.nextToken();
out.println("你的操作系统为:");
out.println(userOS);
String activexLib="XEnroll";
//检查是否是Windows Vista,Windows 2008,Windows 7,
在Vista,Windows 2008,Windows 7上,需要使用 CertEnroll.dll
//Windows 2008 Server, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;...
//Windows Vista, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;...
//Windows 7,IE8 User-Agent header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;...

if(userOS.equals("Windows NT 6.0") || userOS.equals("Windows NT 6.1")|| 
userOS.equals("Windows NT 5.2"))   
 activexLib="CertEnroll";
String sPKCS7=server_cert.toString();%>
<% if(activexLib.equals("XEnroll")){ %>    
<object id="XEnroll" classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="xenroll.dll">
</object>  
  <SCRIPT language="VBSCRIPT"> ON ERROR resume next        sPKCS7 = "<%= sPKCS7 %>"        
//XEnroll.InstallPKCS7用于安装根证书。        
XEnroll.InstallPKCS7(sPKCS7)       
 if err.Number <> 0 then           
 if err.number = -2146885628 then               
 MsgBox "Keyset does not exist"            
else               
 MsgBox "证书下载时出错,错误号="&err.description            
end if        
else            
MsgBox "证书已成功装入"        
end if
</script><% } 
else {%>
//方法来源://http://blogs.msdn.com/alejacma/archive/2009/01/28/
how-to-create-a-certificate-request-with-certenroll-javascript.aspx
//Vista下由于暂时没有测试环境,方法尚待验证    
<object id="objCertEnrollClassFactory" classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"></object>   
 <script language="javascript">    function InstallCert()   
 {        document.write("<br>Installing certificate...");        
try {            
// Variables            
var objEnroll = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509Enrollment")            
var sPKCS7 = "<%= sPKCS7 %>"            
objEnroll.Initialize(1); // ContextUser            
objEnroll.InstallResponse(0, sPKCS7, 6, ""); 
// AllowNone = 0, XCN_CRYPT_STRING_BASE64_ANY = 6        }        
catch (ex) 
{            
document.write("<br>" + ex.description);            
return false;       
 }    
return true;    }    
InstallCert();     
</script><% } %>
<%/*
out.println("用下载方式下载p12格式的文件下载后安装"); 
ClassLoader cl = this.getClass().getClassLoader();
try 
{    
InputStream is = cl.getResourceAsStream("liangchuan.p12");   
 //response.setContentType("application/x-x509-ca-cert");   
 response.setContentType("application/x-pkcs12");    
response.addHeader("Content-Disposition", "attachment; filename=liangchuan.p12");   
 OutputStream os = response.getOutputStream();    
//InputStream is = new FileInputStream(fileName);   
 while (is.available() > 0) 
{        
char c = (char) is.read();       
 os.write(c);    }    
os.flush();    
is.close(); } 
catch (Exception e) {     
out.println("<HTML><BODY><P>");    
out.println("<h2>下载证书文件出错</h2> <br/>");    
out.println(e.toString());    
out.println("</P></BODY></HTML>");    
out.flush();    
out.close(); }*/%>
</body>
</html>

 

posted on 2010-04-09 10:06  peter_zhang  阅读(2631)  评论(0编辑  收藏  举报