CN105721162B - The method and device of digital certificate is automatically imported into application program - Google Patents
The method and device of digital certificate is automatically imported into application program Download PDFInfo
- Publication number
- CN105721162B CN105721162B CN201610067808.0A CN201610067808A CN105721162B CN 105721162 B CN105721162 B CN 105721162B CN 201610067808 A CN201610067808 A CN 201610067808A CN 105721162 B CN105721162 B CN 105721162B
- Authority
- CN
- China
- Prior art keywords
- certificate
- digital certificate
- format
- imported
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000008676 import Effects 0.000 claims abstract description 54
- 238000007689 inspection Methods 0.000 claims description 24
- 238000012795 verification Methods 0.000 claims description 8
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 27
- 238000009434 installation Methods 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000011017 operating method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of to be automatically imported the method and device of digital certificate into application program, is related to information security field.Described device includes: acquisition file module, for obtaining certificate file according to certificate filename;Certificate module is obtained, for obtaining the digital certificate in the certificate file that the acquisition file module is got;Channel mould block is obtained, for obtaining the slot that can operate application program;First import modul, digital certificate for getting to the acquisition certificate module is decoded, the data that decoding obtains are imported into the application program to complete the importing of the digital certificate by the slot got by the acquisition channel mould block, and the certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode.The beneficial effects of the present invention are digital certificate is automatically imported into application program using technical solution provided by the invention, the trouble of user's manual operation can be not only saved, additionally it is possible to improve the importing efficiency of digital certificate.
Description
Technical field
The present invention relates to information security field more particularly to a kind of methods that digital certificate is automatically imported into application program
And device.
Background technique
Digital certificate is the text comprising owner's information and public-key cryptography through certificate authority digital signature
Part, the information of transmission over networks can be encrypted and decrypted using digital certificate as the encryption technology of core, digital signature and
Signature verification, to ensure to transmit confidentiality, integrality and the non repudiation of transaction of information on the net.Inventor is realizing this hair
Find in bright process, following defect exists in the prior art: some application programs are (such asThe Mozilla of Mozilla company FirefoxThe manual importing digital certificate of user is needed with Mozilla Thunderbird) and modifies the trusted parties of digital certificate
Formula, and the corresponding operating method of different application is usually present difference, and operating, not only time-consuming but also low efficiency.
Summary of the invention
The purpose of the present invention is overcoming the deficiencies of existing technologies, provides and a kind of be automatically imported digital certificate into application program
Method and device.
On the one hand, the present invention provides a kind of method that digital certificate is automatically imported into application program, specifically includes:
Step S1, certificate file is obtained according to certificate filename;
Step S2, the digital certificate in the certificate file is obtained;
Step S3, the slot that can operate application program is obtained, the digital certificate is decoded, will be solved by the slot
The data that code obtains imported into the application program to complete the importing of the digital certificate, according to the class of the digital certificate of importing
The certificate for the digital certificate that type setting imports trusts mode.
Specifically, above-mentioned steps S1 is specifically included: being opened certificate file according to certificate filename, is obtained the certificate file
Handle, according to certificate file described in the handle acquiring.
Further, in above-mentioned steps S1 further include: the format for checking the certificate file got, if the first default card
Book format thens follow the steps S2, then executes following steps if the second default certificate format:
Step S4, the slot that can operate application program is obtained;
Step S5, each digital certificate in certificate file is sequentially obtained, and whenever getting a digital certificate, it is right
The digital certificate currently got is decoded, and the data that decoding obtains are imported into application program to complete to work as by the slot
Before the importing of digital certificate that gets, and the digital certificate currently imported is set according to the type of the digital certificate currently imported
Certificate trust mode;
The first default certificate format is specially cer certificate format or pfx certificate format or p12 certificate format;It is described
Second default certificate format is specially p7b certificate format;
When the described first default certificate format is specially pfx certificate format or p12 certificate format, also wrapped in step S1
Include: addition cryptographic check algorithm receives the cryptographic certificate of user's input, and it is close to verify the certificate according to the cryptographic check algorithm
Code, if verification terminates by thening follow the steps S2, if verifying and not passing through.
Specifically, step S5 is specifically included:
Step 1-1, the quantity of the digital certificate in certificate file is obtained;
Step 1-2, the digital certificate for not being imported into application program is obtained from the certificate file, decoding currently obtains
The data that decoding obtains are imported into the application program by the slot that can operate application program by the digital certificate got
To complete the importing of the digital certificate currently got, the number currently imported is set according to the type of the digital certificate currently imported
The certificate of word certificate trusts mode;
Step 1-3, according to the quantity of the digital certificate in the certificate file judge in certificate file whether there are also not by
The digital certificate for importing application program is then return step 1-2, otherwise terminates.
Step 1-1 is specifically included:
It step 2-1, will be in the structural body of certificate file write-in pkcs7 format;
Step 2-2, the signature format of the certificate file according to the type determined property in the structural body, and according to institute
The type for stating signature format obtains the digital certificate being directed toward in the structural body according to the corresponding member variable in the structural body
The pointer of storage region;
Step 2-3, the digital certificate store region in the structural body is accessed according to the pointer, obtains the memory block
The quantity of digital certificate in domain.
Step 2-2 is specifically included: according to the signature format of certificate file described in the type determined property in the structural body,
It is then obtained according to the member variable cert in the member variable d.sign in the structural body if common signature format and is directed toward institute
State the pointer in the digital certificate store region in structural body;If signature format with envelope then according in the structural body at
Member variable cert in member's variable d.signed_and_enveloped obtains the digital certificate being directed toward in the structural body and deposits
The pointer in storage area domain.
The acquisition can operate before the slot of application program further include: distribution can operate the slot of application program.
The obtained data that decode specifically include: certificate serial number, certificate principal name, certificate data, certificate format
And certificate issuers' title.
The trust mode for the digital certificate that the type setting of the digital certificate according to importing imports, specifically includes: sentencing
The certificate of the digital certificate of importing is then trusted mode if CA certificate and is set as first in advance by the type of the disconnected digital certificate imported
If mode, the certificate of the digital certificate of importing is then trusted into mode if server certificate and is set as the second predetermined manner.
Whether the type for judging the digital certificate imported specifically includes: judging in the digital certificate imported comprising certificate
Basic constrained attributes, if the digital certificate imported comprising if be CA certificate, if not including the digital certificate that imports is server
Certificate.
On the other hand, the present invention also provides a kind of is automatically imported the device of digital certificate into application program, specifically includes:
File module is obtained, for obtaining certificate file according to certificate filename;
Certificate module is obtained, for obtaining the digital certificate in the certificate file that the acquisition file module is got;
Channel mould block is obtained, for obtaining the slot that can operate application program;
First import modul, the digital certificate for getting to the acquisition certificate module is decoded, by described
It obtains the slot that channel mould block is got and the data that decoding obtains is imported into the application program to complete leading for the digital certificate
The certificate for the digital certificate for entering, and being imported according to the setting of the type of the digital certificate of importing trusts mode.
The acquisition file module is specifically used for: opening certificate file according to certificate filename, obtains the certificate file
Handle, according to certificate file described in the handle acquiring.
Described device further includes checking module and the second import modul;The inspection module, for checking the acquisition text
The format for the certificate file that part module is got;Second import modul, for being when the inspection result for checking module
When the second default certificate format, each digital certificate in the certificate file that the acquisition file module is got sequentially is obtained,
And whenever getting a digital certificate, the digital certificate currently got is decoded, passes through the acquisition channel mould block
The data that decoding obtains are imported into application program to complete the importing of the digital certificate currently got, and root by the slot got
The certificate of the digital certificate currently imported according to the type setting of the digital certificate currently imported trusts mode;
First import modul is specifically used for: when the inspection result for checking module is the first default certificate format
When, the digital certificate got to the acquisition certificate module is decoded, will by the slot that the acquisition channel mould block is got
It decodes obtained data and imported into the application program to complete the importing of the digital certificate, and according to the digital certificate of importing
Type setting import digital certificate certificate trust mode.
First import modul is specifically used for: when the inspection result for checking module is that cer certificate format or pfx are demonstrate,proved
When book format or p12 certificate format, the digital certificate got to the acquisition certificate module is decoded, and passes through the acquisition
The data that decoding obtains are imported into the application program to complete the importing of the digital certificate by the slot that channel mould block is got, and
The certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode;
Second import modul, for sequentially obtaining when the inspection result for checking module is p7b certificate format
Each digital certificate in certificate file, and whenever getting a digital certificate, to the digital certificate currently got into
The data that decoding obtains are imported into application program by the slot that the acquisition channel mould block is got to complete currently to obtain by row decoding
The importing for the digital certificate got, and the card of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported
Letter appoints mode.
First import modul is specifically used for: when the inspection result for checking module is cer certificate format to institute
It states the digital certificate that acquisition certificate module is got to be decoded, is obtained decoding by the slot that the acquisition channel mould block is got
Data imported into the application program to complete the importing of the digital certificate, and set according to the type of the digital certificate of importing
The certificate for setting the digital certificate of importing trusts mode;When the inspection result for checking module is pfx certificate format or p12 certificate
When format, cryptographic check algorithm is added, receives the cryptographic certificate of user's input, the card is verified according to the cryptographic check algorithm
Book password, and the digital certificate got when cryptographic certificate verification passes through to the acquisition certificate module solve
The data that decoding obtains are imported into the application program by the slot that the acquisition channel mould block is got to complete the number by code
The importing of word certificate, and the certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode.
Second import modul specifically includes:
Acquisition submodule, for when the inspection result for checking module is the second default certificate format, described in acquisition
Obtain the quantity of the digital certificate in the certificate file that file module is got;
Submodule is imported, for there are also not to be imported into using journey in the certificate file that the acquisition file module is got
When the digital certificate of sequence, the digital certificate for not being imported into the application program is obtained from the certificate file, to current
The digital certificate got is decoded, and the data that decoding obtains are imported into institute by the slot that the acquisition channel mould block is got
Application program is stated, the certificate of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported trusts mode;
Judging submodule judges that the acquisition file module is got for the acquisition result according to the acquisition submodule
Certificate file in whether there are also be not imported into the digital certificate of application program.
The acquisition submodule specifically includes:
Writing unit, the structural body of the certificate file write-in pkcs7 format for getting the acquisition file module
In;
Pointer acquiring unit, the format for the type determined property certificate file in the structural body according to pkcs7 format
Type, and obtained and be directed toward according to the corresponding member variable in the structural body of pkcs7 format according to the Format Type of certificate file
The pointer in the digital certificate store region in the structural body of pkcs7 format;
Number obtainment unit, the structure of the pointer access pkcs7 format for being got according to the pointer acquiring unit
Digital certificate store region in body obtains the quantity of the digital certificate in the digital certificate store region.
The pointer acquiring unit is specifically used for: being demonstrate,proved according to the type determined property number in the structural body of pkcs7 format
The signature format of book, if common signature format then according in the member variable d.sign in the structural body of pkcs7 format at
Member variable cert obtains the pointer in the digital certificate store region being directed toward in the structural body of pkcs7 format;If the label with envelope
Name format is then according to the member variable in the member variable d.signed_and_enveloped in the structural body of pkcs7 format
Cert obtains the pointer in the digital certificate store region being directed toward in the structural body of pkcs7 format.
Described device further include: distributing trough module, for distributing the slot that can operate application program.
First import modul includes importing submodule: the slot for being got by the acquisition channel mould block will decode
Obtained certificate serial number, certificate principal name, certificate data, certificate format and certificate issuers' title imported into the application
Program.
First import modul includes setting submodule: the type of the digital certificate for judging to import is demonstrate,proved if CA
Book then sets the first predetermined manner for the trust mode of the digital certificate of importing, if server certificate then by the number of importing
The certificate of certificate trusts mode and is set as the second predetermined manner.
It is described setting submodule include judging unit: for judge import digital certificate in whether include certificate substantially about
Beam attribute, if the digital certificate imported comprising if be CA certificate, if not including the digital certificate that imports is server certificate.
The beneficial effects of the present invention are: digital card is automatically imported into application program with technical solution provided by the invention
Book can not only save the trouble of user's manual operation, additionally it is possible to improve the importing efficiency of digital certificate.
Detailed description of the invention
Illustrate the embodiment of the present invention or technical solution in the prior art in order to clearer, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of process for method that digital certificate is automatically imported into application program that the embodiment of the present invention 1 provides
Figure;
Fig. 2 is a kind of flow chart of specific implementation of step 109 in Fig. 1;
Fig. 3 is a kind of flow chart of specific implementation of step c1 in Fig. 2;
Fig. 4 is a kind of box for device that digital certificate is automatically imported into application program that the embodiment of the present invention 2 provides
Figure.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without making creative work
Example, shall fall within the protection scope of the present invention.
Embodiment 1
The method that the present embodiment provides a kind of to be automatically imported digital certificate into application program, as shown in Figure 1, the method
Include:
Step 101 obtains certificate file according to certificate filename;
Further, step 101 specifically includes:
Step a1, certificate file is opened according to certificate filename, obtains the handle of certificate file;
Further, step a1 includes: that calling system function open is demonstrate,proved according to default file name with read-only mode opening
Written matter obtains the handle of certificate file according to the return value of system function open;
Step a2, according to the handle acquiring certificate file;
Further, step a2 can be realized especially by calling system function read.
Step 102, the format for checking certificate file, then follow the steps 103 if pfx certificate format or p12 certificate format,
105 are thened follow the steps if cer certificate format, thens follow the steps 108 if p7b certificate format;
Further, step 102 specifically includes: the extension name of certificate file is checked, if the entitled pfx of the extension of certificate file
Then certificate file is pfx certificate format, executes step 103, and certificate file is p12 card if the entitled p12 of extension of certificate file
Book format executes step 103, and certificate file is cer certificate format if the entitled cer of extension of certificate file, executes step
105, certificate file is p7b certificate format if the entitled p7b of extension of certificate file, executes step 108.
Step 103, addition cryptographic check algorithm, receive the cryptographic certificate of user's input;
Further, addition cryptographic check algorithm can be especially by calling OpenSSL function SSLeay_add_all_
Algorithms is realized.
Step 104 verifies cryptographic certificate according to cryptographic check algorithm, if verifying by thening follow the steps 105, if verification is not
By then terminating;
Further, step 104 can be realized especially by calling OpenSSL function PKCS12_parse.
Digital certificate in step 105, acquisition certificate file;
Further, step 105 can be realized especially by calling OpenSSL function PEM_read_X509 or i2d_x509.
Step 106, acquisition can operate the Slot (slot) of application program, be decoded to digital certificate, by described
The data that decoding obtains are imported into application program by Slot;
Further, the Slot that acquisition can operate application program is specifically included: under the installation directory for calling application program
Nss3 dynamic base in PK11_GetInternalKeySlot function, according to PK11_GetInternalKeySlot function
Return value obtains the pointer of the Slot;It correspondingly, further include that distribution can be with before obtaining the Slot that can operate application program
The Slot of application program is operated, specifically, the NSS_ in the nss3 dynamic base under installation directory by calling application program
Initialize function distributes the Slot that can operate application program;
Digital certificate decoding is specifically included: being called in the smile3 dynamic base under the installation directory of application program
CERT_DecodeCertFromPackage function is realized, according to the return value of CERT_DecodeCertFromPackage function
Obtain the pointer for being directed toward the buffer zone for the data that decoding obtains;
Decoding obtained data includes: certificate serial number (CKA_SERIAL_NUMBER), certificate principal name (CKA_
SUBJECT), certificate data (CKA_VALUE), certificate format (such as X509 format) and certificate issuers' title (CKA_
ISSUER);
The data that decoding obtains are imported into application program by the Slot to specifically include: being answered according to described can operate
The PK11_ImportCert function in the nss3 dynamic base under the installation directory of application program is called with the pointer of the Slot of program
Application program is written in the data that decoding is obtained;
The certificate trust mode of step 107, the digital certificate imported according to the type setting of the digital certificate of importing, knot
Beam;
Further, step 107 specifically includes: judging the type of the digital certificate imported, will then import if CA certificate
Digital certificate certificate trust mode be set as the first predetermined manner:
Trust.sslFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.emailFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.objectSigningFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
The certificate of the digital certificate of importing is then trusted into mode if server certificate and is set as the second predetermined manner:
Trust.sslFlags=CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD
Further, judge that the type of the digital certificate imported can specifically include: judging in the digital certificate imported
Whether include certificate basic constrained attributes, is specially CA certificate if the digital certificate imported comprising if, is imported if not including
Digital certificate is specially server certificate;
The basic constrained attributes of certificate are specially NID_basic_constraints;Judge import digital certificate in whether
It is specifically included comprising the basic constrained attributes of certificate: OpenSSL function X509_get_ext_by_nid being called according to preset value, is sentenced
Whether the return value of disconnected X509_get_ext_by_nid is the preset value, if the return value of X509_get_ext_by_nid is
The preset value does not include the basic constrained attributes of certificate then, if the return value of X509_get_ext_by_nid is not institute in certificate
Preset value is stated, then includes the basic constrained attributes of certificate in certificate;
The trust mode that digital certificate is arranged can be especially by the nss3 dynamic base under the installation directory for calling application program
In CERT_ChangeCertTrus function realize.
Step 108, acquisition can operate the Slot of application program;
Further, step 108 specifically includes: calling in the nss3 dynamic base under the installation directory of application program
PK11_GetInternalKeySlot function, according to the acquisition of the return value of PK11_GetInternalKeySlot function
The pointer of Slot;
It correspondingly, further include that distribution can operate application program before obtaining the Slot that can operate application program
Slot, specifically, the NSS_Initialize function point in the nss3 dynamic base under installation directory by calling application program
With the Slot that can operate application program.
Step 109, sequentially each digital certificate in acquisition certificate file, it is right whenever getting a digital certificate
The digital certificate currently got is decoded, and the data that decoding obtains are imported into application program, and root by the Slot
The certificate of the digital certificate currently imported according to the type setting of the digital certificate currently got trusts mode, terminates.
Specifically, the data decoded include: certificate serial number (CKA_SERIAL_NUMBER), certificate principal name
(CKA_SUBJECT), certificate data (CKA_VALUE), certificate format (such as X509 format) and certificate issuers' title (CKA_
ISSUER)。
Further, as shown in Fig. 2, step 109 specifically includes:
Step c1, the quantity of the digital certificate in certificate file is obtained;
Further, as shown in figure 3, step c1 is specifically included:
It step i, will be in the structural body of certificate file write-in pkcs7 format;
Specifically, step i can be by calling OpenSSL function d2i_PKCS7 to realize;
Step ii, according to the signature format of the type determined property certificate file in structural body, if common signature lattice
Formula thens follow the steps iii;Iv is thened follow the steps if the signature format with envelope;
Specifically, step ii may include: to call OpenSSL function OBJ_ using the type attribute in structural body as parameter
Obj2nid judges the signature format of certificate file according to the return value of OBJ_obj2nid, if the return value of OBJ_obj2nid is
NID_pkcs7_signed then certificate file signature format be common signature format, execute step iii, if OBJ_obj2nid
Return value be the signature format of NID_pkcs7_signedAndEnveloped then certificate file be the signature format with envelope,
Execute step iv;
Step iii, it is obtained in direction structure body according to the member variable cert in the member variable d.sign in structural body
Digital certificate store region pointer, execute step v;
Step iv, it is obtained according to the member variable cert in the member variable d.signed_and_enveloped in structural body
The pointer in digital certificate store region of the fetching into structural body executes step v;
Step v, according to the number in the pointer access structure body in the digital certificate store region in the direction structure body
Certificate store domain obtains the quantity of the digital certificate in digital certificate store region;
Specifically, step v can be specifically included: the pointer with the digital certificate store region in the direction structure body is
Parameter calls OpenSSL function sk_x509_num, is obtained in digital certificate store region according to the return value of sk_x509_num
Digital certificate quantity.
Step c2, the digital certificate for being not yet imported into application program is obtained from certificate file;
Further, step c2 is specifically included: with the pointer in the digital certificate store region in the direction structure body
For parameter, OpenSSL function sk_X509_value is called to obtain n-th certificate in digital certificate store region, 1≤n≤number
The quantity of digital certificate in word certificate store;
Step c3, the digital certificate currently got is decoded;
Step c4, it is imported obtained data are currently decoded using journey by the Slot that can operate application program
Sequence;
Further, step c4 is specifically included: being answered according to the pointer of the Slot that can operate application program calling
Application is imported with the data that the PK11_ImportCert function in the nss3 dynamic base under the installation directory of program obtains decoding
Program;
Step c5, the certificate trusted parties of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported
Formula;
Further, step c5 is specifically included: the type for the digital certificate that judgement currently imports, and then will if CA certificate
The certificate of the digital certificate currently imported trusts mode and is set as the first default trust mode:
Trust.sslFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.emailFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.objectSigningFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
The certificate of the digital certificate currently imported is then trusted into mode if server certificate and is set as the second default trust
Mode:
Trust.sslFlags=CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD
Further, the type for the digital certificate that judgement currently imports specifically includes: the number card that judgement currently imports
It whether include the basic constrained attributes of certificate in book, if in the digital certificate currently imported including the basic constrained attributes of certificate, when
The digital certificate of preceding importing is specially CA certificate, if not including the basic constrained attributes of certificate in the digital certificate currently imported,
The digital certificate currently imported is specially server certificate;
The basic constrained attributes of certificate are specially NID_basic_constraints;Judge in the digital certificate currently imported
Whether specifically included comprising the basic constrained attributes of certificate: OpenSSL function X509_get_ext_by_ is called according to preset value
Nid judges whether the return value of X509_get_ext_by_nid is the preset value, if X509_get_ext_by_nid's returns
Returning value is the preset value, then does not include the basic constrained attributes of certificate in the digital certificate currently imported, if X509_get_ext_
The return value of by_nid is not the preset value, then includes the basic constrained attributes of certificate in the digital certificate currently imported;
The trust mode that digital certificate is arranged can be especially by the nss3 dynamic base under the installation directory for calling application program
In CERT_ChangeCertTrus function realize.
Step c6, judge whether there are also be not imported into answer in certificate file according to the quantity of the digital certificate in certificate file
With the digital certificate of program, it is then return step c2, otherwise terminates.
Embodiment 2
The device of digital certificate, described device are automatically imported into application program as shown in figure 4, the present embodiment provides a kind of
Including obtaining file module 21, obtaining certificate module 22, acquisition channel mould block 23 and the first import modul 24.
Specifically, the concrete function of above-mentioned each module is as follows:
File module 21 is obtained, for obtaining certificate file according to certificate filename;
Certificate module 22 is obtained, for obtaining the number card in the certificate file that the acquisition file module 21 is got
Book;
Channel mould block 23 is obtained, for obtaining the slot that can operate application program;
First import modul 24, the digital certificate for getting to the acquisition certificate module 22 are decoded, pass through
The slot that the acquisition channel mould block 23 is got will decode obtained data and imported into the application program to complete the number and demonstrate,prove
The importing of book, and the certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode.
Further, obtaining file module 21 can be specifically used for: opening certificate file according to certificate filename, obtain institute
The handle for stating certificate file, according to certificate file described in the handle acquiring.
It further, further include checking module 25 and the second import modul 26 in device provided in this embodiment, in which:
Module 25 is checked, for checking the format for obtaining the certificate file that file module 21 is got;
Second import modul 26, for when it is described check module 25 inspection result be the second default certificate format when, according to
Sequence obtains each digital certificate in the certificate file that gets of acquisition certificate file module 21, and whenever getting one
When digital certificate, the digital certificate currently got is decoded, will be solved by the slot that the acquisition channel mould block 23 is got
The data that code obtains imported into application program to complete the importing of the digital certificate currently got, and according to the number currently imported
The certificate for the digital certificate that the type setting of word certificate currently imports trusts mode;
Correspondingly, the first import modul 24 is specifically used for: when the inspection result for checking module 25 is the first default card
When book format, the digital certificate got to the acquisition certificate module 22 is decoded, and is obtained by the acquisition channel mould block 23
The data that decoding obtains are imported into the application program to complete the importing of the digital certificate by the slot got, and according to importing
Digital certificate type setting import digital certificate certificate trust mode;
Further, the first default certificate format includes the certificate formats such as cer, pfx and p12;Second default certificate lattice
Formula includes the certificate formats such as p7b, correspondingly:
First import modul 24 is specifically used for: when the inspection result for checking module 25 is cer certificate format to institute
It states the digital certificate that acquisition certificate module 22 is got to be decoded, will be decoded by the slot that the acquisition channel mould block 23 is got
Obtained data imported into the application program to complete the importing of the digital certificate, and the class of the digital certificate according to importing
The certificate for the digital certificate that type setting imports trusts mode;When it is described check module 25 inspection result be pfx certificate format or
When p12 certificate format, cryptographic check algorithm is added, the cryptographic certificate of user's input is received, according to cryptographic check algorithm school
The cryptographic certificate is tested, is decoded, passes through if verifying the digital certificate got if to the acquisition certificate module 22
The slot that the acquisition channel mould block 23 is got will decode obtained data and imported into the application program to complete the number and demonstrate,prove
The importing of book, and the certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode, if verification is not
By then terminating;
Second import modul 26 specifically includes acquisition submodule, imports submodule and judging submodule, the function of each submodule
It can be as follows:
Acquisition submodule, for obtaining institute when the inspection result for checking module 25 is the second default certificate format
State the quantity for obtaining the digital certificate in the certificate file that file module 21 is got;
Submodule is imported, for there are also be not imported into application in the certificate file that the acquisition file module 21 is got
When the digital certificate of program, the digital certificate for being not yet imported into the application program is obtained from the certificate file, it is right
The digital certificate currently got is decoded, and is led the data that decoding obtains by the slot that the acquisition channel mould block 23 is got
Enter to the application program, the certificate of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported is trusted
Mode;
Judging submodule judges that the acquisition file module 21 obtains for the acquisition result according to the acquisition submodule
To certificate file in whether there are also be not imported into the digital certificate of application program;
Specifically, above-mentioned acquisition submodule further comprises writing unit, pointer acquiring unit and number obtainment unit, respectively
The function of unit is as follows:
Writing unit, the structure of the certificate file write-in pkcs7 format for getting the acquisition file module 21
In body;
Pointer acquiring unit, the format for the type determined property certificate file in the structural body according to pkcs7 format
Type, and obtained and be directed toward according to the corresponding member variable in the structural body of pkcs7 format according to the Format Type of certificate file
The pointer in the digital certificate store region in the structural body of pkcs7 format;
Number obtainment unit, the structure of the pointer access pkcs7 format for being got according to the pointer acquiring unit
Digital certificate store region in body obtains the quantity of the digital certificate in the digital certificate store region;
Further, above-mentioned pointer acquiring unit is specifically used for: being sentenced according to the type attribute in the structural body of pkcs7 format
The signature format of disconnected digital certificate, if common signature format then according to the member variable in the structural body of pkcs7 format
Member variable cert in d.sign obtains the pointer in the digital certificate store region being directed toward in the structural body of pkcs7 format;If
It is the signature format with envelope then according in the member variable d.signed_and_enveloped in the structural body of pkcs7 format
Member variable cert obtain be directed toward pkcs7 format structural body in digital certificate store region pointer.
Further include distributing trough module 27 in device provided in this embodiment, described can operate application program for distributing
Slot.
It include importing submodule in first import modul 24, the importing submodule is specifically used for passing through the acquisition channel mould
Certificate serial number, certificate principal name, certificate data, certificate format and the certificate issue that the slot that block 23 is got obtains decoding
Person's title imported into the application program.
It include setting submodule in first import modul 24, the setting submodule is specifically used for the number card that judgement imports
The type of book then sets the first predetermined manner for the trust mode of the digital certificate of importing if CA certificate, if server
The certificate of the digital certificate of importing is then trusted mode and is set as the second predetermined manner by certificate;
Further, being arranged includes judging unit in submodule, and the judging unit is specifically used for the number that judgement imports
Whether include the basic constrained attributes of certificate in certificate, is CA certificate if the digital certificate imported comprising if, is imported if not including
Digital certificate be server certificate.
Embodiment described above is the present invention more preferably specific embodiment, and those skilled in the art is in this hair
The usual variations and alternatives carried out in bright technical proposal scope should be all included within the scope of the present invention.
Claims (22)
1. a kind of method for being automatically imported digital certificate into application program characterized by comprising
Step S1, certificate file is obtained according to certificate filename;
Step S2, the digital certificate in the certificate file is obtained;
Step S3, the slot that can operate application program is obtained, the digital certificate is decoded, will be decoded by the slot
To data imported into the application program to complete the importing of the digital certificate, set according to the type of the digital certificate of importing
The certificate for setting the digital certificate of importing trusts mode;
In the step S1 further include: the format for checking the certificate file got is then executed if the first default certificate format
Step S2 then executes following steps if the second default certificate format:
Step S4, the slot that can operate application program is obtained;
Step S5, each digital certificate in certificate file is sequentially obtained, and whenever getting a digital certificate, to current
The digital certificate got is decoded, and the data that decoding obtains are imported into application program to complete currently to obtain by the slot
The importing for the digital certificate got, and the card of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported
Letter appoints mode.
2. the method as described in claim 1, which is characterized in that described specifically to be wrapped according to certificate filename acquisition certificate file
It includes: certificate file being opened according to certificate filename, the handle of the certificate file is obtained, according to certificate described in the handle acquiring
File.
3. the method as described in claim 1, which is characterized in that the first default certificate format is specially cer certificate format
Or pfx certificate format or p12 certificate format;The second default certificate format is specially p7b certificate format.
4. method as claimed in claim 3, which is characterized in that when the described first default certificate format is specially pfx certificate lattice
When formula or p12 certificate format, in the step S1 further include: addition cryptographic check algorithm receives the cryptographic certificate of user's input,
The cryptographic certificate is verified according to the cryptographic check algorithm, if verification by thening follow the steps S2, is tied if verification does not pass through
Beam.
5. the method as described in claim 1, which is characterized in that the step S5 is specifically included:
Step 1-1, the quantity of the digital certificate in certificate file is obtained;
Step 1-2, the digital certificate for not being imported into application program is obtained from the certificate file, decoding is currently got
Digital certificate, the obtained data of decoding are imported into complete by the application program by the slot that can operate application program
At the importing of the digital certificate currently got, demonstrate,proved according to the number that the setting of the type of the digital certificate currently imported currently imports
The certificate of book trusts mode;
Step 1-3, judge whether there are also be not imported into certificate file according to the quantity of the digital certificate in the certificate file
The digital certificate of application program is then return step 1-2, otherwise terminates.
6. method as claimed in claim 5, which is characterized in that the step 1-1 is specifically included:
It step 2-1, will be in the structural body of certificate file write-in pkcs7 format;
Step 2-2, the signature format of the certificate file according to the type determined property in the structural body, and according to the label
The type of name format obtains the digital certificate store being directed toward in the structural body according to the corresponding member variable in the structural body
The pointer in region;
Step 2-3, the digital certificate store region in the structural body is accessed according to the pointer, obtained in the storage region
Digital certificate quantity.
7. method as claimed in claim 6, which is characterized in that the step 2-2 is specifically included: according in the structural body
The signature format of certificate file described in type determined property then becomes according to the member in the structural body if common signature format
Measure the pointer that the member variable cert in d.sign obtains the digital certificate store region being directed toward in the structural body;If taking a message
The signature format of envelope is then according to the member variable in the member variable d.signed_and_enveloped in the structural body
Cert obtains the pointer in the digital certificate store region being directed toward in the structural body.
8. the method as described in claim 1, which is characterized in that the slot that the acquisition can operate application program also wraps before
Include: distribution can operate the slot of application program.
9. the method as described in claim 1, which is characterized in that the obtained data that decode specifically include: certificate serial number,
Certificate principal name, certificate data, certificate format and certificate issuers' title.
10. the method as described in claim 1, which is characterized in that the type of the digital certificate according to importing, which is arranged, to be imported
Digital certificate trust mode, specifically include: judge import digital certificate type, if CA certificate then by the number of importing
The certificate of word certificate trusts mode and is set as the first predetermined manner, if server certificate then by the certificate of the digital certificate of importing
Trust mode is set as the second predetermined manner.
11. method as claimed in claim 10, which is characterized in that the type for the digital certificate that the judgement imports specifically is wrapped
It includes: judging whether comprising the basic constrained attributes of certificate in the digital certificate imported, be that CA is demonstrate,proved if the digital certificate imported comprising if
Book, the digital certificate imported if not including are server certificate.
12. a kind of device for being automatically imported digital certificate into application program characterized by comprising
File module is obtained, for obtaining certificate file according to certificate filename;
Certificate module is obtained, for obtaining the digital certificate in the certificate file that the acquisition file module is got;
Channel mould block is obtained, for obtaining the slot that can operate application program;
First import modul, the digital certificate for getting to the acquisition certificate module are decoded, and pass through the acquisition
The data that decoding obtains are imported into the application program to complete the importing of the digital certificate by the slot that channel mould block is got, and
The certificate of the digital certificate imported according to the setting of the type of the digital certificate of importing trusts mode;
It further include checking module and the second import modul;The inspection module, for checking that the acquisition file module is got
Certificate file format;Second import modul, for being the second default certificate when the inspection result for checking module
When format, each digital certificate in the certificate file that gets of acquisition file module is sequentially obtained, and whenever getting
When one digital certificate, the digital certificate currently got is decoded, it will by the slot that the acquisition channel mould block is got
It decodes obtained data and imported into application program to complete the importing of the digital certificate currently got, and according to currently importing
The certificate for the digital certificate that the type setting of digital certificate currently imports trusts mode;
First import modul is specifically used for: right when the inspection result for checking module is the first default certificate format
The digital certificate that the acquisition certificate module is got is decoded, and will be decoded by the slot that the acquisition channel mould block is got
To data imported into the application program to complete the importing of the digital certificate, and the type of the digital certificate according to importing
The certificate that the digital certificate imported is arranged trusts mode.
13. device as claimed in claim 12, which is characterized in that the acquisition file module is specifically used for: according to certificate text
Part name opens certificate file, the handle of the certificate file is obtained, according to certificate file described in the handle acquiring.
14. device as claimed in claim 13, which is characterized in that first import modul is specifically used for: when the inspection
When the inspection result of module is cer certificate format or pfx certificate format or p12 certificate format, the acquisition certificate module is obtained
The digital certificate got is decoded, and the data that decoding obtains imported into described by the slot got by the acquisition channel mould block
The digital certificate imported is arranged according to the type of the digital certificate of importing to complete the importing of the digital certificate for application program
Certificate trust mode;
Second import modul, for sequentially obtaining certificate when the inspection result for checking module is p7b certificate format
Each digital certificate in file, and whenever getting a digital certificate, the digital certificate currently got is solved
The data that decoding obtains are imported into application program by the slot that the acquisition channel mould block is got to complete currently to get by code
Digital certificate importing, and believed according to the certificate of digital certificate that the setting of the type of the digital certificate currently imported currently imports
The mode of appointing.
15. device as claimed in claim 14, which is characterized in that first import modul is specifically used for: when the inspection
The digital certificate got when the inspection result of module is cer certificate format to the acquisition certificate module is decoded, and is passed through
The data that decoding obtains are imported into the application program to complete the digital certificate by the slot that the acquisition channel mould block is got
Importing, and according to the type of the digital certificate of importing setting import digital certificate certificate trust mode;When the inspection
When the inspection result of module is pfx certificate format or p12 certificate format, cryptographic check algorithm is added, receives the card of user's input
Book password verifies the cryptographic certificate according to the cryptographic check algorithm, and when cryptographic certificate verification passes through to institute
It states the digital certificate that acquisition certificate module is got to be decoded, is obtained decoding by the slot that the acquisition channel mould block is got
Data imported into the application program to complete the importing of the digital certificate, and set according to the type of the digital certificate of importing
The certificate for setting the digital certificate of importing trusts mode.
16. device as claimed in claim 12, which is characterized in that second import modul specifically includes:
Acquisition submodule, for obtaining the acquisition when the inspection result for checking module is the second default certificate format
The quantity for the digital certificate in certificate file that file module is got;
Submodule is imported, for there are also be not imported into application program in the certificate file that the acquisition file module is got
When digital certificate, the digital certificate for not being imported into the application program is obtained from the certificate file, is obtained to current
To digital certificate be decoded, data that decoding obtains are imported by described answer by the slot that gets of acquisition channel mould block
With program, the certificate of the digital certificate currently imported according to the setting of the type of the digital certificate currently imported trusts mode;
Judging submodule judges the card that the acquisition file module is got for the acquisition result according to the acquisition submodule
Whether there are also the digital certificates for not being imported into application program in written matter.
17. device as claimed in claim 16, which is characterized in that the acquisition submodule specifically includes:
Writing unit, the certificate file for getting the acquisition file module are written in the structural body of pkcs7 format;
Pointer acquiring unit, for the Format Type of the type determined property certificate file in the structural body according to pkcs7 format,
And it is obtained according to the Format Type of certificate file according to the corresponding member variable in the structural body of pkcs7 format and is directed toward pkcs7 lattice
The pointer in the digital certificate store region in the structural body of formula;
Number obtainment unit, the pointer for being got according to the pointer acquiring unit access in the structural body of pkcs7 format
Digital certificate store region, obtain the quantity of the digital certificate in the digital certificate store region.
18. device as claimed in claim 17, which is characterized in that the pointer acquiring unit is specifically used for: according to pkcs7 lattice
The signature format of type determined property digital certificate in the structural body of formula, if common signature format then according to pkcs7 format
Structural body in member variable d.sign in member variable cert obtain be directed toward pkcs7 format structural body in number card
The pointer of book storage region;If the signature format with envelope then according to the member variable in the structural body of pkcs7 format
Member variable cert in d.signed_and_enveloped obtains the digital certificate being directed toward in the structural body of pkcs7 format and deposits
The pointer in storage area domain.
19. device as claimed in claim 12, which is characterized in that further include: distributing trough module described can be grasped for distributing
Make the slot of application program.
20. device as claimed in claim 12, which is characterized in that first import modul includes importing submodule: being used for
Obtained certificate serial number, certificate principal name, certificate data, certificate will be decoded by the slot that the acquisition channel mould block is got
Format and certificate issuers' title imported into the application program.
21. device as claimed in claim 12, which is characterized in that first import modul includes setting submodule: being used for
The type for judging the digital certificate imported, then sets first for the trust mode of the digital certificate of importing if CA certificate and presets
The certificate of the digital certificate of importing is then trusted mode if server certificate and is set as the second predetermined manner by mode.
22. device as claimed in claim 21, which is characterized in that the setting submodule includes judging unit: for judging
In the digital certificate of importing whether include the basic constrained attributes of certificate, if the digital certificate imported comprising if be CA certificate, if not
Digital certificate comprising then importing is server certificate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067808.0A CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067808.0A CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105721162A CN105721162A (en) | 2016-06-29 |
CN105721162B true CN105721162B (en) | 2019-03-05 |
Family
ID=56155357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610067808.0A Active CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105721162B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107678886B (en) * | 2017-10-09 | 2020-02-21 | 飞天诚信科技股份有限公司 | Method for storing and recovering application program data and terminal equipment |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9654581B2 (en) * | 2014-05-30 | 2017-05-16 | Apple Inc. | Proxied push |
-
2016
- 2016-01-30 CN CN201610067808.0A patent/CN105721162B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
Non-Patent Citations (3)
Title |
---|
NSS certificate DB concurrency;James;《http://codeverge.com/mozilla.dev.tech.crypto/nss-certificate-db-concurrency/1509861》;20101026;第2页 |
PKI 常见的数字证书格式;HI,我是小瑞!;《https://blog.csdn.net/xiaxiaorui2003/article/details/3758183》;20090112;全文 |
python中的with语句使用;Kami Wan;《https://kaimingwan.com/category/language/page/3》;20160113;第2-3页 |
Also Published As
Publication number | Publication date |
---|---|
CN105721162A (en) | 2016-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109067801A (en) | A kind of identity identifying method, identification authentication system and computer-readable medium | |
CN109978688A (en) | The access control method and its contract generator and server of distributed common recognition system | |
CN106161359A (en) | The method and device of certification user, the method and device of registration wearable device | |
US20020038290A1 (en) | Digital notary system and method | |
CN107294738A (en) | The treating method and apparatus of communication charge | |
Müller et al. | {“Johnny}, you are {fired!”}–Spoofing {OpenPGP} and {S/MIME} Signatures in Emails | |
CN110519115A (en) | Gateway interface test method, terminal device, storage medium and device | |
CN110378755A (en) | Electronic invoice generation method, device, computer equipment and storage medium | |
CN108347361A (en) | Applied program testing method, device, computer equipment and storage medium | |
CN110391913A (en) | The binding method and device of vehicle | |
CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
CN107257284A (en) | A kind of method and apparatus for carrying out virtual card transaction | |
CN110188159A (en) | Collage-credit data cut-in method, device, equipment and computer readable storage medium | |
CN108900311A (en) | A kind of no certificate bluetooth key endorsement method and system | |
CN109067544A (en) | A kind of private key verification method, the apparatus and system of soft or hard combination | |
CN109858904A (en) | Data processing method and device based on block chain | |
CN108416224B (en) | A kind of data encryption/decryption method and device | |
CN110021291A (en) | A kind of call method and device of speech synthesis file | |
CN106209730A (en) | A kind of method and device managing application identities | |
CN105721162B (en) | The method and device of digital certificate is automatically imported into application program | |
CN109962785A (en) | A kind of system and its electric signing system including TEE | |
CN109858210A (en) | Information Authentication method, apparatus, computer equipment and storage medium | |
CN206481316U (en) | Information acquisition system and system of real name information gathering, application system | |
Yanti et al. | Implementation of Advanced Encryption Standard (AES) and QR code algorithm on digital legalization system | |
CN108833104A (en) | A kind of signature method, verification method and the device of file |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
OL01 | Intention to license declared | ||
OL01 | Intention to license declared |