IE中自动安装根数字证书

基本思路:

1、在XP、Windows 2003的IE上,通过XEnroll.dll控件来完成根数字证书的自动安装。

2、在Vista,Windows 2008,Windows 7 的IE上,需要使用CertEnroll.dll来自动完成根数字证书的自动安装。

3、XEnroll.InstallPKCS7只适用于自动安装根证书。XEnroll.acceptPKCS7 用于安装用户数字证书,但需要配合CSR(Certificate signing request)才能够使用。要实现自动安装用户证书:

在IE中:需要配合Enroll.createPKCS10CSR来生成CSR(Certificate signing request)

在Firefox中:需要配合使用html的keygen标签来生成CSR

4、如果只需要能够下载证书并安装,而不要在IE浏览器中完成证书注销、证书申请等功能,可以采用下载证书文件的方式,MIME Type可以采用

application/x-pkcs12、application/pkcs-12

几个与PKI证书相关的MIME Type:

application/x-x509-ca-cert、application/x-x509-user-cert、application/pkcs10、application/x-pkcs10、application/pkcs-12、

application/x-pkcs12、application/x-pkcs7-signature、application/pkcs7-mime、application/x-pkcs7-mime、

application/pkcs7-mime、application/x-pkcs7-mime、application/x-pkcs7-certreqresp、application/pkcs7-signature

  测试代码:


<%@ page language="java" import="java.util.*" pageEncoding="GBK"%>


 <%@ page import="java.lang.*,java.io.*" %>


<html>


<head>


<title>IE中自动安装数字证书测试</title>


</head>


<body>


IE中使用XEnroll.InstallPKCS7自动安装根数字证书<br/>


 备注:这里测试的根证书采用Base64编码 X.509格式(CER)<br/>


<%     StringBuffer server_cert =new StringBuffer();


try {    


String realPath = this.getClass().getClassLoader().getResource("liangchuan.cer").getPath();   


 File file = new File(realPath);    


if (!file.exists()) 


{        out.println("<HTML><BODY><P>");        


out.println("<h2>根证书文件不存在</h2> <br/>");       


 out.println("</P></BODY></HTML>");        


out.flush();        


out.close();    }else{       


 BufferedReader bf=new BufferedReader(new FileReader(file));      


  String line=null;        


while((line=bf.readLine())!=null)            


server_cert.append(line);        


bf.close();    }


}


catch(Exception e)


{    out.println("<HTML><BODY><P>");    


out.println("<h2>读取证书文件出错</h2> <br/>");    


out.println(e.toString());    


out.println("</P></BODY></HTML>");    


out.flush();    


out.close();}


String Agent = request.getHeader("User-Agent");


StringTokenizer st = new StringTokenizer(Agent,";");st.nextToken();


String userBrowser = st.nextToken();


String userOS = st.nextToken();


out.println("你的操作系统为:");


out.println(userOS);


String activexLib="XEnroll";


//检查是否是Windows Vista,Windows 2008,Windows 7,


在Vista,Windows 2008,Windows 7上,需要使用 CertEnroll.dll


//Windows 2008 Server, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2;...


//Windows Vista, IE7 User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;...


//Windows 7,IE8 User-Agent header: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;...




if(userOS.equals("Windows NT 6.0") || userOS.equals("Windows NT 6.1")|| 


userOS.equals("Windows NT 5.2"))   


 activexLib="CertEnroll";


String sPKCS7=server_cert.toString();%>


<% if(activexLib.equals("XEnroll")){ %>    


<object id="XEnroll" classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="xenroll.dll">


</object>  


  <SCRIPT language="VBSCRIPT"> ON ERROR resume next        sPKCS7 = "<%= sPKCS7 %>"        


//XEnroll.InstallPKCS7用于安装根证书。        


XEnroll.InstallPKCS7(sPKCS7)       


 if err.Number <> 0 then           


 if err.number = -2146885628 then               


 MsgBox "Keyset does not exist"            


else               


 MsgBox "证书下载时出错,错误号="&err.description            


end if        


else            


MsgBox "证书已成功装入"        


end if


</script><% } 


else {%>


//方法来源://http://blogs.msdn.com/alejacma/archive/2009/01/28/


how-to-create-a-certificate-request-with-certenroll-javascript.aspx


//Vista下由于暂时没有测试环境,方法尚待验证    


<object id="objCertEnrollClassFactory" classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"></object>   


 <script language="javascript">    function InstallCert()   


 {        document.write("<br>Installing certificate...");        


try {            


// Variables            


var objEnroll = objCertEnrollClassFactory.CreateObject("X509Enrollment.CX509Enrollment")            


var sPKCS7 = "<%= sPKCS7 %>"            


objEnroll.Initialize(1); // ContextUser            


objEnroll.InstallResponse(0, sPKCS7, 6, ""); 


// AllowNone = 0, XCN_CRYPT_STRING_BASE64_ANY = 6        }        


catch (ex) 


{            


document.write("<br>" + ex.description);            


return false;       


 }    


return true;    }    


InstallCert();     


</script><% } %>


<%/*


out.println("用下载方式下载p12格式的文件下载后安装"); 


ClassLoader cl = this.getClass().getClassLoader();


try 


{    


InputStream is = cl.getResourceAsStream("liangchuan.p12");   


 //response.setContentType("application/x-x509-ca-cert");   


 response.setContentType("application/x-pkcs12");    


response.addHeader("Content-Disposition", "attachment; filename=liangchuan.p12");   


 OutputStream os = response.getOutputStream();    


//InputStream is = new FileInputStream(fileName);   


 while (is.available() > 0) 


{        


char c = (char) is.read();       


 os.write(c);    }    


os.flush();    


is.close(); } 


catch (Exception e) {     


out.println("<HTML><BODY><P>");    


out.println("<h2>下载证书文件出错</h2> <br/>");    


out.println(e.toString());    


out.println("</P></BODY></HTML>");    


out.flush();    


out.close(); }*/%>


</body>


</html>




 






	
posted on 
2010-04-09 10:06 
peter_zhang 
阅读(2615) 
评论(0编辑 
收藏 
举报












    
    

    
    

    

        

    

        

            
                
                
            
        

    

    

    

    











	
		

			

			
                
                    

			

                    

	





	Powered by: 博客园
	Copyright © 2024 peter_zhang

Powered by .NET 8.0 on Kubernetes