javascript与Capicom实现显示证书信息
首先介绍下什么是Capicom:
Capicom是Windows操作系统为我们提供了先进的加密体系模型CryptAPI,同时该模型也提供了丰富的函数供第三方开发使用。但使用CryptAPI完成一些通常的操作(如:加密、签名)仍然是相当复杂的。幸好MS同时提供了CAPICOM组件,封装了上述的复杂操作,使你只需要调用一两个函数,就可以完成指定的功能。CAPICOM是一个COM模型的组件,可以在Windows环境下各种语言中使用。而且,CAPICOM中的大多数接口都是“脚本安全”的,这意味着你可以在浏览器网页脚本中安全地使用这些接口所提供的功能。
Capicom官方API地址:
http://msdn.microsoft.com/en-us/library/aa380256(VS.85).aspx
下面介绍下怎么使用这个例子(浏览器必须是IE,还有IE中需要有数字证书):
1.把附件的例子下载到本地后,打开可以看到一个叫cert的文件夹,这个里面包含了一个证书,这个是一个HongKong Post Cert,把这个证书导如到你的IE浏览器中(点工具->Internet 选项->内容->证书->导入,接下来就一步步操作,选择证书,然后输入密码,证书的密码为12345678)。
2.找到GDCA_CAPICOM.HTM这个文件,右键选择打开方式为IE,然后IE会弹出一个是否允许运行ActiveX插件,允许就可以了。
3.如果你的IE中有证书的话,在页面会显示你证书的信息,然后选择你要查看的证书,点击显示选定证书信息按钮,就会在下面显示你当前选择的证书信息(这个显示证书信息的做得比较寒酸,就在当前也没加了一个层,然后显示在了这个层的里面 
).
4.收工。import java.io.IOException;import java.security.InvalidKeyException;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.beans.factory.BeanFactory;import org.springframework.beans.factory.xml.XmlBeanFactory;import org.springframework.core.io.ClassPathResource;import org.springframework.core.io.Resource;import sun.misc.BASE64Decoder;import sun.misc.BASE64Encoder;/** * Servlet implementation class PersonShowServlet */public class PersonShowServlet extends HttpServlet {private static final long serialVersionUID = 1L; private String signatureAlgorithm = "SHA1withRSA"; /** * @see HttpServlet#HttpServlet() */ public PersonShowServlet() { super(); // TODO Auto-generated constructor stub } //在这里后台做签名与js相比较public static void main(String[] args) throws ServletException,IOException, KeyStoreException, NoSuchAlgorithmException,CertificateException, UnrecoverableKeyException {PersonShowServlet pss = new PersonShowServlet();byte[] bytes = "Hello 1".getBytes("UTF-8");//pss.digest("Hello 1");byte[] signedBytes = pss.doSign(bytes, CertificateUtil.loadPrivateKey("E:/tmp/pki-crt/mark.jks"));String signedB64 = new BASE64Encoder().encode(signedBytes);System.out.println(signedB64);Resource resource = new ClassPathResource("/com/apusic/portal/ldap/demo/spring-ldap.xml");BeanFactory factory = new XmlBeanFactory(resource);UserDao userDao = (UserDao) factory.getBean("userDao");String dn = "cn=mark";Person person = userDao.getPersonByDn(dn);PublicKey publicKey = CertificateUtil.loadCertificate(person).getPublicKey();boolean result = pss.doVerify(bytes, publicKey, new BASE64Decoder().decodeBuffer(signedB64));System.out.println(result);}//在这里校验js生成的签名/** * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {String text = request.getParameter("loginMsgText");String security = request.getParameter("loginMsgSecurity");System.out.println(security.length());byte[] signed = new BASE64Decoder().decodeBuffer(security);Resource resource = new ClassPathResource("/com/apusic/portal/ldap/demo/spring-ldap.xml");BeanFactory factory = new XmlBeanFactory(resource);UserDao userDao = (UserDao) factory.getBean("userDao");String dn = "cn=mark";Person person = userDao.getPersonByDn(dn);try { byte[] digest = text.getBytes();//digest(text); PublicKey publicKey = CertificateUtil.loadCertificate(person).getPublicKey(); if(doVerify(digest, publicKey, signed)){ response.getWriter().println("verified, it's OK"); }else{ response.getWriter().println("verified, it's Invalid"); }} catch (CertificateException e) {// TODO Auto-generated catch blocke.printStackTrace();}} private byte[] doSign(byte[] digest, PrivateKey priKey){ // do sign for the message digest java.security.Signature signature = null; try { signature = java.security.Signature.getInstance(signatureAlgorithm); } catch (NoSuchAlgorithmException e) { } try { signature.initSign(priKey); } catch (InvalidKeyException e) { } try { signature.update(digest); } catch (java.security.SignatureException e) { //could not happen after the initialization } byte[] signed = null; try { signed = signature.sign(); } catch (java.security.SignatureException e) { } return signed; } private boolean doVerify(byte[] digest, PublicKey pubKey, byte[] signedInfo) { // do verify java.security.Signature signature = null; try { signature = java.security.Signature.getInstance(signatureAlgorithm); } catch (NoSuchAlgorithmException e) { return false; } try { signature.initVerify(pubKey); } catch (InvalidKeyException e) { return false; } try { signature.update(digest); } catch (java.security.SignatureException e) { return false; } try { return signature.verify(signedInfo); } catch (java.security.SignatureException e) { return false; } }/** * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {doGet(request, response);}}
我现在是陷入绝境了,实在没办法了,兄台要是有时间,还望帮我看看,谢谢了!
