在 Win/IE 中,您仍然可以在没有任何第三方 ActiveX 或外部库的情况下使用 CAPICOM http://en.wikipedia.org/wiki/CAPICOM 。
这适用于安装 IE 的任何地方。
然而,这正在退役。
以下是我用来登录 IE 的内容。我称之为: var signature = signDigest(stringToBeSigned);
function signDigest(text) {
if (window.event)
window.event.cancelBubble = true;
var dest = sign(text); //TODO
return dest;
}
// CAPICOM constants
var CAPICOM_STORE_OPEN_READ_ONLY = 0;
var CAPICOM_CURRENT_USER_STORE = 2;
var CAPICOM_CERTIFICATE_FIND_SHA1_HASH = 0;
var CAPICOM_CERTIFICATE_FIND_EXTENDED_PROPERTY = 6;
var CAPICOM_CERTIFICATE_FIND_TIME_VALID = 9;
var CAPICOM_CERTIFICATE_FIND_KEY_USAGE = 12;
var CAPICOM_DIGITAL_SIGNATURE_KEY_USAGE = 0x00000080;
var CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME = 0;
var CAPICOM_INFO_SUBJECT_SIMPLE_NAME = 0;
var CAPICOM_ENCODE_BASE64 = 0;
var CAPICOM_E_CANCELLED = -2138568446;
var CERT_KEY_SPEC_PROP_ID = 6;
function IsCAPICOMInstalled() {
if (typeof (oCAPICOM) == "object") {
if ((oCAPICOM.object != null)) {
// We found CAPICOM!
return true;
}
}
}
function FindCertificateByHash() {
try {
// instantiate the CAPICOM objects
var MyStore = new ActiveXObject("CAPICOM.Store");
// open the current users personal certificate store
MyStore.Open(CAPICOM_CURRENT_USER_STORE, "My", CAPICOM_STORE_OPEN_READ_ONLY);
// find all of the certificates that have the specified hash
var FilteredCertificates = MyStore.Certificates.Find(CAPICOM_CERTIFICATE_FIND_SHA1_HASH, strUserCertigicateThumbprint);
var Signer = new ActiveXObject("CAPICOM.Signer");
Signer.Certificate = FilteredCertificates.Item(1);
return Signer;
// Clean Up
MyStore = null;
FilteredCertificates = null;
}
catch (e) {
if (e.number != CAPICOM_E_CANCELLED) {
return new ActiveXObject("CAPICOM.Signer");
}
}
}
function sign(src) {
if (window.crypto && window.crypto.signText)
return sign_NS(src);
else
return sign_IE(src);
}
function sign_NS(src) {
var s = crypto.signText(src, "ask");
return s;
}
function sign_IE(src) {
try {
// instantiate the CAPICOM objects
var SignedData = new ActiveXObject("CAPICOM.SignedData");
var TimeAttribute = new ActiveXObject("CAPICOM.Attribute");
// Set the data that we want to sign
SignedData.Content = src;
var Signer = FindCertificateByHash();
// Set the time in which we are applying the signature
var Today = new Date();
TimeAttribute.Name = CAPICOM_AUTHENTICATED_ATTRIBUTE_SIGNING_TIME;
TimeAttribute.Value = Today.getVarDate();
Today = null;
Signer.AuthenticatedAttributes.Add(TimeAttribute);
// Do the Sign operation
var szSignature = SignedData.Sign(Signer, true, CAPICOM_ENCODE_BASE64);
return szSignature;
}
catch (e) {
if (e.number != CAPICOM_E_CANCELLED) {
alert("An error occurred when attempting to sign the content, the error was: " + e.description);
}
}
return "";
}
我在编码等方面遇到了一些问题,所以我也包含了我的控制器(.net)
byte[] decbuff = Convert.FromBase64String(signature);
//CAPICOM USES 16 BIT ENCODING
Encoding utf16Enc = Encoding.GetEncoding("UTF-16LE");
byte[] utf16Data = utf16Enc.GetBytes(getContent);
ContentInfo content = new ContentInfo(utf16Data);
System.Security.Cryptography.Pkcs.SignedCms cms = new System.Security.Cryptography.Pkcs.SignedCms(content,true);
cms.Decode(decbuff);
int length = decbuff.Length;
X509Certificate2 cert = cms.SignerInfos[0].Certificate;
X509Chain chain = new X509Chain();
bool theVal = chain.Build(cert);
cms.CheckHash();
cms.CheckSignature(false);