XX公司的CA,与平台融合解决方法。。。。。

1,jsp 的编写要求

   

<script language="javascript" type="text/javascript">
    var clientCertID;
    var selectedID; //p10数据包的解析项
    
    //获取客户端签名证书
    function GetClientCertID(){
        clientCertID=CASecurityClient.SOF_GetUserList();
        var aaa = clientCertID.split("&&&");
        //alert("验证口令-->" + CASecurityClient.SOF_Login(aaa[0],"111111"));
        //alert("userINfo-->" + CASecurityClient.SOF_GetUserInfo(aaa[0],1));
        document.getElementById("ClientCertID").value=clientCertID;
    }

    //客户端签名
    function ClientSign(){
        clientCertID=CASecurityClient.SOF_GetUserList();
        var certText=CASecurityClient.SOF_ExportUserCert(clientCertID);
        document.getElementById("certInfo").value=certText;  
        // 写死这个数值就可以 0x00000021 -->意思是取整个证书拥有者DN
        var selectedValue="0x00000021";
        var certTypeText=CASecurityClient.SOF_GetCertInfo(certText,parseInt(selectedValue));
        //alert("证书主题项:" + certTypeText);
        var part = certTypeText.split(",");
        var userId;

        for ( var i = 0; i < part.length; i++) {
            var par = /^\s+/;
            var strRes = part[i].replace(par, '');
            /* if (strRes.indexOf("OU=ID") == 0) {
                //取得OU用户账号
                userId = strRes.substr(5, strRes.length);
                alert("userid is:" + userId);
            } */
            if (strRes.indexOf("OU=I") == 0&&strRes.indexOf("OU=ID") != 0) {
                //取得OU用户身份证号
                userId = strRes.substr(4, strRes.length);
                //alert("userid is:" + userId);
            }

        }
    
        document.getElementById("ClientCertID").value = userId;
        var cipherText=CASecurityClient.SOF_SignDataByP7(clientCertID,userId);
        if(cipherText==""){
            alert("客户端签名失败!");
            return;
        }
        //ClientSignP7.action = "login.do?type=2&cipherText="+cipherText;
        //ClientSignP7.submit();
        var certInfo = $("#certInfo").val();
        var url = "<%=request.getContextPath()%>"+"/loginCheck.do"; 
        $.ajax({
            type: "post",
            async:true,
            global:false,
            url: url,
            dataType:"json",
            data:{"userId":userId,"type":2,"cipherText":cipherText,"certInfo":certInfo},
            success: function(data) {
                //BaseUtils.hideWaitMsg();
                /* var ret = jQuery.parseJSON(data); */
                if(data.flag){                
                    //BaseUtils.showWaitMsg();
                    console.log(data);
                    window.location.href="mltreeInfo/forMain_shiji.do";
                
                }else{
                    alert(data.msg);
                }
            }
        });
    }
</script>

前台的接受验证与后台ajax对象相关联,

2,重要之处:

<head></head>与<body></body>之间添加

<OBJECT ID="CASecurityClient"
CLASSID="CLSID:F8119DB1-73CB-49F7-8559-2B5EDD869D2A"
style="LEFT: 0px; WIDTH: 1px; TOP: 0px; HEIGHT: 1px" height="1"
width="1"></OBJECT>

 

3,LoginController添加:

public RetObj loginCheck(HttpServletRequest request, HttpServletResponse response, String userId,String password,Boolean remember,String validCode,String type,String cipherText,String certInfo) {
        System.out.println("-------------------"+cipherText+"=============="+type);
        if(cipherText!=""&&cipherText!=null){
            try {
                
                cipherText = EscapeUnescape.unescape(cipherText);//获取客户端签名值
                //配置SVS服务器地址
                //SVSClient svsClient = new SVSClient("60.216.5.244", "9189");      --------测试地址
                SVSClient svsClient = new SVSClient("10.1.6.188", "9188");   
                //验证客户端签名,包括证书、签名值
                NetoneSVS sss= svsClient.verifyPKCS7(cipherText);
                if(sss.getStatusCode()!=200){
                    System.out.println("错误码为:"+sss.getStatusCode() + "/n验签名结果:"+sss.getStatusCodeMessage());
                    return new RetObj(false);
                }else{

                    System.out.println("验签名成功");
                    
                }
                 System.out.println("原文信息为-->"+new Base64decode().decodeBase64(sss.getOrginalBase64()));

获取验证信息,根据自己的封装处理的需要变化

 

posted @ 2017-08-22 11:11  小虎Tiger  阅读(833)  评论(0编辑  收藏  举报