1,jsp 的编写要求
<script language="javascript" type="text/javascript">
var clientCertID;
var selectedID; //p10数据包的解析项 //获取客户端签名证书
function GetClientCertID(){
clientCertID=CASecurityClient.SOF_GetUserList();
var aaa = clientCertID.split("&&&");
//alert("验证口令-->" + CASecurityClient.SOF_Login(aaa[0],"111111"));
//alert("userINfo-->" + CASecurityClient.SOF_GetUserInfo(aaa[0],1));
document.getElementById("ClientCertID").value=clientCertID;
} //客户端签名
function ClientSign(){
clientCertID=CASecurityClient.SOF_GetUserList();
var certText=CASecurityClient.SOF_ExportUserCert(clientCertID);
document.getElementById("certInfo").value=certText;
// 写死这个数值就可以 0x00000021 -->意思是取整个证书拥有者DN
var selectedValue="0x00000021";
var certTypeText=CASecurityClient.SOF_GetCertInfo(certText,parseInt(selectedValue));
//alert("证书主题项:" + certTypeText);
var part = certTypeText.split(",");
var userId; for ( var i = 0; i < part.length; i++) {
var par = /^\s+/;
var strRes = part[i].replace(par, '');
/* if (strRes.indexOf("OU=ID") == 0) {
//取得OU用户账号
userId = strRes.substr(5, strRes.length);
alert("userid is:" + userId);
} */
if (strRes.indexOf("OU=I") == 0&&strRes.indexOf("OU=ID") != 0) {
//取得OU用户身份证号
userId = strRes.substr(4, strRes.length);
//alert("userid is:" + userId);
} } document.getElementById("ClientCertID").value = userId;
var cipherText=CASecurityClient.SOF_SignDataByP7(clientCertID,userId);
if(cipherText==""){
alert("客户端签名失败!");
return;
}
//ClientSignP7.action = "login.do?type=2&cipherText="+cipherText;
//ClientSignP7.submit();
var certInfo = $("#certInfo").val();
var url = "<%=request.getContextPath()%>"+"/loginCheck.do";
$.ajax({
type: "post",
async:true,
global:false,
url: url,
dataType:"json",
data:{"userId":userId,"type":2,"cipherText":cipherText,"certInfo":certInfo},
success: function(data) {
//BaseUtils.hideWaitMsg();
/* var ret = jQuery.parseJSON(data); */
if(data.flag){
//BaseUtils.showWaitMsg();
console.log(data);
window.location.href="mltreeInfo/forMain_shiji.do"; }else{
alert(data.msg);
}
}
});
}
</script>
前台的接受验证与后台ajax对象相关联,
2,重要之处:
<head></head>与<body></body>之间添加
<OBJECT ID="CASecurityClient"
CLASSID="CLSID:F8119DB1-73CB-49F7-8559-2B5EDD869D2A"
style="LEFT: 0px; WIDTH: 1px; TOP: 0px; HEIGHT: 1px" height="1"
width="1"></OBJECT>
3,LoginController添加:
public RetObj loginCheck(HttpServletRequest request, HttpServletResponse response, String userId,String password,Boolean remember,String validCode,String type,String cipherText,String certInfo) {
System.out.println("-------------------"+cipherText+"=============="+type);
if(cipherText!=""&&cipherText!=null){
try {
cipherText = EscapeUnescape.unescape(cipherText);//获取客户端签名值
//配置SVS服务器地址
//SVSClient svsClient = new SVSClient("60.216.5.244", "9189"); --------测试地址
SVSClient svsClient = new SVSClient("10.1.6.188", "9188");
//验证客户端签名,包括证书、签名值
NetoneSVS sss= svsClient.verifyPKCS7(cipherText);
if(sss.getStatusCode()!=200){
System.out.println("错误码为:"+sss.getStatusCode() + "/n验签名结果:"+sss.getStatusCodeMessage());
return new RetObj(false);
}else{
System.out.println("验签名成功");
}
System.out.println("原文信息为-->"+new Base64decode().decodeBase64(sss.getOrginalBase64()));
获取验证信息,根据自己的封装处理的需要变化