CN105721162A - Method and device for automatically importing digital certificate to application program - Google Patents
Method and device for automatically importing digital certificate to application program Download PDFInfo
- Publication number
- CN105721162A CN105721162A CN201610067808.0A CN201610067808A CN105721162A CN 105721162 A CN105721162 A CN 105721162A CN 201610067808 A CN201610067808 A CN 201610067808A CN 105721162 A CN105721162 A CN 105721162A
- Authority
- CN
- China
- Prior art keywords
- certificate
- digital certificate
- imported
- file
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000008676 import Effects 0.000 claims abstract description 37
- 238000007689 inspection Methods 0.000 claims description 40
- 238000012795 verification Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 description 27
- 238000009434 installation Methods 0.000 description 9
- 230000007547 defect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method and device for automatically importing a digital certificate to an application program, and relates to the field of information security. The device comprises a file obtaining module used for obtaining a certificate file according to a certificate file name; a certificate obtaining module for obtaining the digital certificate in the certificate file obtained by the file obtaining module; a slot obtaining module for obtaining a slot capable of operating the application program; a first importing module for decoding the digital certificate obtained by the certificate obtaining module, importing the decoded data to the application program through the slot obtained by the slot obtaining module, thus finishing importing the digital certificate, and setting a certificate trusting mode of the imported digital certificate according to the type of the imported digital certificate. The method and the device have the advantages that through adoption of the technical scheme provided by the invention to automatically import the digital certificate to the application program, the manual operation trouble of the user can be eliminated; and the importing efficiency of the digital certificate can be improved.
Description
Technical field
The present invention relates to information security field, particularly relate to a kind of method being automatically imported digital certificate in application program and device.
Background technology
Digital certificate is a file comprising owner's information and public-key cryptography through certificate authority digital signature, the information of transmission over networks can be encrypted and decrypted with the encryption technology that digital certificate is core, digital signature and signature verification, to guarantee the non repudiation transmitting the confidentiality of information, integrity and transaction on the net.Inventor finds in the process realize the present invention, there is following defect in prior art: some application programs (asThe MozillaFirefox of Mozilla companyAnd MozillaThunderbird) need user to manually import digital certificate and the trust mode of amendment digital certificate, and operational approach corresponding to different application is usually present difference, operate not only length consuming time and also efficiency is low.
Summary of the invention
It is an object of the invention to overcome the defect of prior art, it is provided that a kind of method being automatically imported digital certificate in application program and device.
On the one hand, the present invention provides a kind of method being automatically imported digital certificate in application program, specifically includes:
Step S1, according to certificate filename obtain certificate file;
Step S2, the digital certificate obtained in described certificate file;
Step S3, obtain and can operate the groove of application program, described digital certificate is decoded, by described groove, the data that decoding obtains being imported to described application program to complete the importing of described digital certificate, mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
Specifically, above-mentioned steps S1 specifically includes: open certificate file according to certificate filename, obtains the handle of described certificate file, certificate file according to described handle acquiring.
Further, above-mentioned steps S1 also includes: check the form of the certificate file got, if the first default certificate format then performs step S2, if the second default certificate format then performs following steps:
Step S4, obtain and can operate the groove of application program;
Each digital certificate in step S5, sequentially acquisition certificate file, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that obtain of decoding are imported to application program to complete the importing of digital certificate currently got by described groove, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported;
Described first presets certificate format is specially cer certificate format or pfx certificate format or p12 certificate format;Described second presets certificate format is specially p7b certificate format;
When the described first default certificate format is specially pfx certificate format or p12 certificate format, step S1 also includes: add cryptographic check algorithm, receive the cryptographic certificate of user's input, described cryptographic certificate is verified according to described cryptographic check algorithm, if verify by; perform step S2, if verification do not pass through; terminate.
Specifically, step S5 specifically includes:
The quantity of the digital certificate in step 1-1, acquisition certificate file;
Step 1-2, from described certificate file obtain a digital certificate not being imported into application program, the digital certificate that decoding currently gets, the data that decoding obtains importing to described application program to complete the importing of digital certificate currently got by the described groove that can operate application program, mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported;
Step 1-3, quantity according to the digital certificate in described certificate file judge whether also have the digital certificate not being imported into application program in certificate file, are then return step 1-2, otherwise terminate.
Step 1-1 specifically includes:
Step 2-1, certificate file is write in the structure of pkcs7 form;
Step 2-2, according to the type attributive judgment in described structure the signature form of certificate file, and obtain the pointer in the digital certificate store region pointed in described structure according to the corresponding member variable in described structure according to the type of described signature form;
Step 2-3, the digital certificate store region accessed according to described pointer in described structure, obtain the quantity of digital certificate in described memory area.
Step 2-2 specifically includes: the signature form of certificate file according to the type attributive judgment in described structure, if common signature form then obtains the pointer in the digital certificate store region pointed in described structure according to the member variable cert in the member variable d.sign in described structure;If the signature form with envelope then obtains the pointer in the digital certificate store region pointed in described structure according to the member variable cert in the member variable d.signed_and_enveloped in described structure.
Also include before the groove that described acquisition can operate application program: distribution can operate the groove of application program.
The data that described decoding obtains specifically include: certificate serial number, certificate principal name, certificate data, certificate format and certificate issuers's title.
The described type according to the digital certificate imported arranges the trust mode of the digital certificate of importing, specifically include: judge the type of the digital certificate imported, if the certificate of the digital certificate of importing is then trusted mode by CA certificate is set to the first predetermined manner, if the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner.
The type of the described digital certificate judging to import specifically includes: judging whether comprise the basic constrained attributes of certificate in the digital certificate imported, if comprising, the digital certificate imported is CA certificate, if not comprising, the digital certificate imported is server certificate.
On the other hand, the present invention also provides for a kind of device being automatically imported digital certificate in application program, specifically includes:
Obtain file module, for obtaining certificate file according to certificate filename;
Obtain certificate module, for obtaining the digital certificate in the certificate file that described acquisition file module gets;
Obtain channel mould block, for obtaining the groove that can operate application program;
First imports module, digital certificate for described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
Described acquisition file module specifically for: open certificate file according to certificate filename, obtain the handle of described certificate file, certificate file according to described handle acquiring.
Described device also includes checking that module and second imports module;Described inspection module, for checking the form of certificate file that described acquisition file module gets;Described second imports module, for when the inspection result of described inspection module is the second default certificate format, sequentially obtain each digital certificate in the certificate file that described acquisition file module gets, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that decoding obtains are imported to application program to complete the importing of digital certificate currently got by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported;
Described first import module specifically for: when the inspection result of described inspection module be first preset certificate format time, the digital certificate that described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
Described first import module specifically for: when the inspection result of described inspection module is cer certificate format or pfx certificate format or p12 certificate format, the digital certificate that described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;
Described second imports module, for when the inspection result of described inspection module is p7b certificate format, sequentially obtain each digital certificate in certificate file, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that decoding obtains are imported to application program to complete the importing of digital certificate currently got by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported.
Described first import module specifically for: the digital certificate described acquisition certificate module got when the inspection result of described inspection module is cer certificate format is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;When the inspection result of described inspection module is pfx certificate format or p12 certificate format, add cryptographic check algorithm, receive the cryptographic certificate of user's input, described cryptographic certificate is verified according to described cryptographic check algorithm, and the verification of described cryptographic certificate by time digital certificate that described acquisition certificate module is got be decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and the certificate arranging the digital certificate of importing according to the type of digital certificate imported trusts mode.
Described second imports module specifically includes:
Obtain submodule, for when the inspection result of described inspection module be second preset certificate format time, obtain the quantity of digital certificate in the certificate file that described acquisition file module gets;
Import submodule, during for also having, in the certificate file that described acquisition file module gets, the digital certificate not being imported into application program, a digital certificate not being imported into described application program is obtained from described certificate file, the digital certificate currently got is decoded, the data that decoding obtains are imported to described application program by the groove got by described acquisition channel mould block, and mode trusted by the certificate arranging the current digital certificate imported according to the type of the current digital certificate imported;
Judge submodule, for judging whether the certificate file that described acquisition file module gets also has the digital certificate not being imported into application program according to the acquisition result of described acquisition submodule.
Described acquisition submodule specifically includes:
Writing unit, in the structure of the certificate file write pkcs7 form got by described acquisition file module;
Pointer acquiring unit, for the Format Type of the type attributive judgment certificate file in the structure according to pkcs7 form, and the pointer that the Format Type of foundation certificate file is according to the digital certificate store region in the structure of the corresponding member variable acquisition sensing pkcs7 form in the structure of pkcs7 form;
Number obtainment unit, the pointer for getting according to described pointer acquiring unit accesses the digital certificate store region in the structure of pkcs7 form, obtains the quantity of digital certificate in described digital certificate store region.
Described pointer acquiring unit is specifically for signature form according to the type attributive judgment digital certificate in the structure of pkcs7 form, if common signature form then obtains the pointer in digital certificate store region in the structure pointing to pkcs7 form according to the member variable cert in the member variable d.sign in the structure of pkcs7 form;If the signature form with envelope then obtains the pointer in the digital certificate store region in the structure of sensing pkcs7 form according to the member variable cert in the member variable d.signed_and_enveloped in the structure of pkcs7 form.
Described device also includes: distributing trough module, for distributing the described groove that can operate application program.
Described first imports module includes importing submodule: certificate serial number, certificate principal name, certificate data, certificate format and the certificate issuers's title that decoding obtains is imported to described application program by the groove for being got by described acquisition channel mould block.
Described first imports module includes arranging submodule: for judging the type of the digital certificate imported, if the trust mode of the digital certificate of importing is then set to the first predetermined manner by CA certificate, if the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner.
The described submodule that arranges includes judging unit: for judging whether comprise the basic constrained attributes of certificate in the digital certificate imported, if comprising, the digital certificate imported is CA certificate, if not comprising, the digital certificate imported is server certificate.
The beneficial effects of the present invention is: in application program, be automatically imported digital certificate by technical scheme provided by the invention, be possible not only to save the trouble of user's manual operation, additionally it is possible to improve the importing efficiency of digital certificate.
Accompanying drawing explanation
For the clearer explanation embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
A kind of flow chart to the method being automatically imported digital certificate in application program that Fig. 1 provides for the embodiment of the present invention 1;
Fig. 2 is a kind of flow chart implemented of step 109 in Fig. 1;
Fig. 3 is a kind of flow chart implemented of step c1 in Fig. 2;
A kind of block diagram to the device being automatically imported digital certificate in application program that Fig. 4 provides for the embodiment of the present invention 2.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those skilled in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention.
Embodiment 1
The present embodiment provides a kind of method being automatically imported digital certificate in application program, as it is shown in figure 1, described method includes:
Step 101, according to certificate filename obtain certificate file;
Further, step 101 specifically includes:
Step a1, open certificate file according to certificate filename, obtain the handle of certificate file;
Further, step a1 includes: calling system function open opens certificate file according to default file name with read-only mode, obtains the handle of certificate file according to the return value of system function open;
Step a2, according to described handle acquiring certificate file;
Further, step a2 can realize especially by calling system function read.
Step 102, check certificate file form, if pfx certificate format or p12 certificate format then perform step 103, if cer certificate format then performs step 105, if p7b certificate format then performs step 108;
Further, step 102 specifically includes: check the extension name of certificate file, if the extension of certificate file is called pfx, certificate file is pfx certificate format, performing step 103, if the extension of certificate file p12 by name, certificate file is p12 certificate format, performs step 103, if the extension of certificate file is called cer, certificate file is cer certificate format, performing step 105, if the extension of certificate file p7b by name, certificate file is p7b certificate format, performs step 108.
Step 103, interpolation cryptographic check algorithm, receive the cryptographic certificate of user's input;
Further, add cryptographic check algorithm to realize especially by calling OpenSSL function SSLeay_add_all_algorithms.
Step 104, according to cryptographic check algorithm verify cryptographic certificate, if verification by; perform step 105, if verification do not pass through; terminate;
Further, step 104 can realize especially by calling OpenSSL function PKCS12_parse.
Step 105, the digital certificate obtained in certificate file;
Further, step 105 can realize especially by calling OpenSSL function PEM_read_X509 or i2d_x509.
Step 106, acquisition can operate the Slot (groove) of application program, and digital certificate is decoded, and by described Slot, the data that decoding obtains imported to application program;
Further, acquisition can operate the Slot of application program and specifically include: call the PK11_GetInternalKeySlot function in the nss3 dynamic base under the installation directory of application program, obtains the pointer of described Slot according to the return value of PK11_GetInternalKeySlot function;Correspondingly, also include distribution before the Slot that acquisition can operate application program and can operate the Slot of application program, specifically, the Slot of application program can be operated by calling the NSS_Initialize function distribution in the nss3 dynamic base under the installation directory of application program;
Digital certificate decoding is specifically included: the CERT_DecodeCertFromPackage function in the smile3 dynamic base calling under the installation directory of application program realizes, obtain the pointer of the buffer zone pointing to the data that decoding obtains according to the return value of CERT_DecodeCertFromPackage function;
The data that decoding obtains include: certificate serial number (CKA_SERIAL_NUMBER), certificate principal name (CKA_SUBJECT), certificate data (CKA_VALUE), certificate format (such as X509 form etc.) and certificate issuers's title (CKA_ISSUER);
By described Slot, the data that decoding obtains are imported to application program to specifically include: the data write application program that decoding is obtained by the PK11_ImportCert function calling in the nss3 dynamic base under the installation directory of application program according to the pointer of the described Slot that can operate application program;
Step 107, the digital certificate that importing is set according to the type of digital certificate imported certificate trust mode, terminate;
Further, step 107 specifically includes: judge the type of the digital certificate imported, if the certificate of the digital certificate of importing is then trusted mode by CA certificate is set to the first predetermined manner:
Trust.sslFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.emailFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.objectSigningFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
If the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner:
Trust.sslFlags=CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD
Further, judge that the type of the digital certificate imported can specifically include: judge whether the digital certificate imported comprises the basic constrained attributes of certificate, if comprising, the digital certificate imported is specially CA certificate, if not comprising, the digital certificate imported is specially server certificate;
The basic constrained attributes of certificate is specially NID_basic_constraints;Judge that whether comprising the basic constrained attributes of certificate in the digital certificate imported specifically includes: call OpenSSL function X509_get_ext_by_nid according to preset value, whether the return value judging X509_get_ext_by_nid is described preset value, if the return value of X509_get_ext_by_nid is described preset value, certificate does not then comprise the basic constrained attributes of certificate, if the return value of X509_get_ext_by_nid is not described preset value, then certificate comprises the basic constrained attributes of certificate;
The trust mode arranging digital certificate can realize especially by the CERT_ChangeCertTrus function in the nss3 dynamic base called under the installation directory of application program.
Step 108, acquisition can operate the Slot of application program;
Further, step 108 specifically includes: call the PK11_GetInternalKeySlot function in the nss3 dynamic base under the installation directory of application program, obtains the pointer of described Slot according to the return value of PK11_GetInternalKeySlot function;
Correspondingly, also include distribution before the Slot that acquisition can operate application program and can operate the Slot of application program, specifically, the Slot of application program can be operated by calling the NSS_Initialize function distribution in the nss3 dynamic base under the installation directory of application program.
Each digital certificate in step 109, sequentially acquisition certificate file, whenever getting a digital certificate, the digital certificate currently got is decoded, by described Slot, the data that decoding obtains are imported to application program, and the certificate of the digital certificate arranging current importing according to the type of the digital certificate currently got trusts mode, terminate.
Specifically, decode the data obtained to include: certificate serial number (CKA_SERIAL_NUMBER), certificate principal name (CKA_SUBJECT), certificate data (CKA_VALUE), certificate format (such as X509 form etc.) and certificate issuers's title (CKA_ISSUER).
Further, as in figure 2 it is shown, step 109 specifically includes:
The quantity of the digital certificate in step c1, acquisition certificate file;
Further, as it is shown on figure 3, step c1 specifically includes:
Step i, certificate file is write in the structure of pkcs7 form;
Specifically, step i can pass through to call OpenSSL function d2i_PKCS7 realization;
Step ii, signature form according to the type attributive judgment certificate file in structure, if common signature form then performs step iii;If the signature form with envelope then performs step iv;
Specifically, step ii may include that with the type attribute in structure for parameter, call OpenSSL function OBJ_obj2nid, return value according to OBJ_obj2nid judges the signature form of certificate file, if the return value of OBJ_obj2nid is NID_pkcs7_signed, the signature form of certificate file is common signature form, perform step iii, if the return value of OBJ_obj2nid is NID_pkcs7_signedAndEnveloped, the signature form of certificate file is the signature form with envelope, performs step iv;
Step iii, obtain the pointer in digital certificate store region in direction structure body according to the member variable cert in the member variable d.sign in structure, perform step v;
Step iv, obtain the pointer in digital certificate store region in direction structure body according to the member variable cert in the member variable d.signed_and_enveloped in structure, perform step v;
Step v, according to the digital certificate store region in the pointer access structure body in the digital certificate store region in described direction structure body, obtain the quantity of digital certificate in digital certificate store region;
Specifically, step v can specifically include: with the pointer in the digital certificate store region in described direction structure body for parameter, call OpenSSL function sk_x509_num, the quantity according to the digital certificate in the return value of sk_x509_num acquisition digital certificate store region.
Step c2, from certificate file obtain a digital certificate being not yet imported into application program;
Further, step c2 specifically includes: with the pointer in the digital certificate store region in described direction structure body for parameter, call OpenSSL function sk_X509_value and obtain n-th certificate in digital certificate store region, the quantity of the digital certificate in 1≤n≤digital certificate store district;
Step c3, the digital certificate currently got is decoded;
Step c4, will currently be decoded the data obtained by the described Slot that can operate application program and import application program;
Further, step c4 specifically includes: call the data importing application program that decoding is obtained by the PK11_ImportCert function in the nss3 dynamic base under the installation directory of application program according to the pointer of the described Slot that can operate application program;
The type of the current digital certificate imported of step c5, basis arranges the certificate trust mode of the digital certificate of current importing;
Further, step c5 specifically includes: judge the type of the current digital certificate imported, if mode then trusted by the certificate of the digital certificate currently imported by CA certificate is set to the first default trust mode:
Trust.sslFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.emailFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
Trust.objectSigningFlags=CERTDB_TRUSTED_CA | CERTDB_TRUSTED_CLIENT_CA
If mode then trusted by the certificate of the digital certificate currently imported by server certificate is set to the second default trust mode:
Trust.sslFlags=CERTDB_TRUSTED | CERTDB_TERMINAL_RECORD
Further, judge that the type of the current digital certificate imported specifically includes: judge whether the current digital certificate imported comprises the basic constrained attributes of certificate, if the current digital certificate imported comprises the basic constrained attributes of certificate, then the current digital certificate imported is specially CA certificate, if not comprising the basic constrained attributes of certificate in the current digital certificate imported, then the current digital certificate imported is specially server certificate;
The basic constrained attributes of certificate is specially NID_basic_constraints;Judge that whether comprising the basic constrained attributes of certificate in the current digital certificate imported specifically includes: call OpenSSL function X509_get_ext_by_nid according to preset value, whether the return value judging X509_get_ext_by_nid is described preset value, if the return value of X509_get_ext_by_nid is described preset value, then the current digital certificate imported does not comprise the basic constrained attributes of certificate, if the return value of X509_get_ext_by_nid is not described preset value, then the current digital certificate imported comprises the basic constrained attributes of certificate;
The trust mode arranging digital certificate can realize especially by the CERT_ChangeCertTrus function in the nss3 dynamic base called under the installation directory of application program.
Step c6, quantity according to the digital certificate in certificate file judge whether also have the digital certificate not being imported into application program in certificate file, are then return step c2, otherwise terminate.
Embodiment 2
As shown in Figure 4, the present embodiment provides a kind of device being automatically imported digital certificate in application program, and described device includes obtaining file module 21, obtains certificate module 22, obtains channel mould block 23 and the first importing module 24.
Specifically, the concrete function of above-mentioned each module is as follows:
Obtain file module 21, for obtaining certificate file according to certificate filename;
Obtain certificate module 22, for obtaining the digital certificate in the certificate file that described acquisition file module 21 gets;
Obtain channel mould block 23, for obtaining the groove that can operate application program;
First imports module 24, digital certificate for described acquisition certificate module 22 is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block 23, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
Further, obtaining file module 21 can be specifically for: opens certificate file according to certificate filename, obtains the handle of described certificate file, certificate file according to described handle acquiring.
Further, the device that the present embodiment provides also includes check that module 25 and second imports module 26, wherein:
Check module 25, for checking the form of certificate file that described acquisition file module 21 gets;
Second imports module 26, for when the inspection result of described inspection module 25 is the second default certificate format, sequentially obtain each digital certificate in the certificate file that described acquisition certificate file module 21 gets, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that decoding obtains are imported to application program to complete the importing of digital certificate currently got by the groove got by described acquisition channel mould block 23, and the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported trusts mode;
Correspondingly, first import module 24 specifically for: when the inspection result of described inspection module 25 be first preset certificate format time, the digital certificate that described acquisition certificate module 22 is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block 23, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;
Further, the first default certificate format includes the certificate formats such as cer, pfx and p12;Second presets certificate format includes the certificate formats such as p7b, correspondingly:
First import module 24 specifically for: the digital certificate described acquisition certificate module 22 got when the inspection result of described inspection module 25 is cer certificate format is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block 23, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;When the inspection result of described inspection module 25 is pfx certificate format or p12 certificate format, add cryptographic check algorithm, receive the cryptographic certificate of user's input, described cryptographic certificate is verified according to described cryptographic check algorithm, if verify by, the digital certificate that described acquisition certificate module 22 is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block 23, and the certificate arranging the digital certificate of importing according to the type of digital certificate imported trusts mode, if verification does not pass through, terminate;
Second imports module 26 specifically includes acquisition submodule, imports submodule and judge submodule, and the function of each submodule is as follows:
Obtain submodule, for when the inspection result of described inspection module 25 be second preset certificate format time, obtain the quantity of digital certificate in the certificate file that described acquisition file module 21 gets;
Import submodule, during for also having, in the certificate file that described acquisition file module 21 gets, the digital certificate not being imported into application program, a digital certificate being not yet imported into described application program is obtained from described certificate file, the digital certificate currently got is decoded, the data that decoding obtains are imported to described application program by the groove got by described acquisition channel mould block 23, and mode trusted by the certificate arranging the current digital certificate imported according to the type of the current digital certificate imported;
Judge submodule, for judging whether the certificate file that described acquisition file module 21 gets also has the digital certificate not being imported into application program according to the acquisition result of described acquisition submodule;
Specifically, above-mentioned acquisition submodule farther includes writing unit, pointer acquiring unit and number obtainment unit, and the function of each unit is as follows:
Writing unit, in the structure of the certificate file write pkcs7 form got by described acquisition file module 21;
Pointer acquiring unit, for the Format Type of the type attributive judgment certificate file in the structure according to pkcs7 form, and the pointer that the Format Type of foundation certificate file is according to the digital certificate store region in the structure of the corresponding member variable acquisition sensing pkcs7 form in the structure of pkcs7 form;
Number obtainment unit, the pointer for getting according to described pointer acquiring unit accesses the digital certificate store region in the structure of pkcs7 form, obtains the quantity of digital certificate in described digital certificate store region;
Further, above-mentioned pointer acquiring unit is specifically for signature form according to the type attributive judgment digital certificate in the structure of pkcs7 form, if common signature form then obtains the pointer in digital certificate store region in the structure pointing to pkcs7 form according to the member variable cert in the member variable d.sign in the structure of pkcs7 form;If the signature form with envelope then obtains the pointer in the digital certificate store region in the structure of sensing pkcs7 form according to the member variable cert in the member variable d.signed_and_enveloped in the structure of pkcs7 form.
The device that the present embodiment provides also includes distributing trough module 27, for distributing the described groove that can operate application program.
First imports module 24 includes importing submodule, and certificate serial number, certificate principal name, certificate data, certificate format and the certificate issuers's title that decoding obtains is imported to described application program specifically for the groove got by described acquisition channel mould block 23 by described importing submodule.
First imports module 24 includes arranging submodule, the described submodule that arranges is specifically for judging the type of the digital certificate of importing, if the trust mode of the digital certificate of importing is then set to the first predetermined manner by CA certificate, if the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner;
Further, submodule is set and includes judging unit, described judging unit is specifically for judging whether comprise the basic constrained attributes of certificate in the digital certificate imported, if comprising, the digital certificate imported is CA certificate, if not comprising, the digital certificate imported is server certificate.
Embodiment described above is the present invention more preferably detailed description of the invention, and the usual variations and alternatives that those skilled in the art carries out within the scope of technical solution of the present invention all should be included in protection scope of the present invention.
Claims (24)
1. the method being automatically imported digital certificate in application program, it is characterised in that including:
Step S1, according to certificate filename obtain certificate file;
Step S2, the digital certificate obtained in described certificate file;
Step S3, obtain and can operate the groove of application program, described digital certificate is decoded, by described groove, the data that decoding obtains being imported to described application program to complete the importing of described digital certificate, mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
2. the method for claim 1, it is characterised in that described according to certificate filename obtain certificate file specifically include: open certificate file according to certificate filename, obtain the handle of described certificate file, certificate file according to described handle acquiring.
3. the method for claim 1, it is characterised in that also include in described step S1: check the form of the certificate file got, if the first default certificate format then performs step S2, if the second default certificate format then performs following steps:
Step S4, obtain and can operate the groove of application program;
Each digital certificate in step S5, sequentially acquisition certificate file, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that obtain of decoding are imported to application program to complete the importing of digital certificate currently got by described groove, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported.
4. method as claimed in claim 3, it is characterised in that described first presets certificate format is specially cer certificate format or pfx certificate format or p12 certificate format;Described second presets certificate format is specially p7b certificate format.
5. method as claimed in claim 4, it is characterized in that, when the described first default certificate format is specially pfx certificate format or p12 certificate format, described step S1 also includes: add cryptographic check algorithm, receive the cryptographic certificate of user's input, according to described cryptographic check algorithm verify described cryptographic certificate, if verification by; perform step S2, if verification do not pass through; terminate.
6. method as claimed in claim 3, it is characterised in that described step S5 specifically includes:
The quantity of the digital certificate in step 1-1, acquisition certificate file;
Step 1-2, from described certificate file obtain a digital certificate not being imported into application program, the digital certificate that decoding currently gets, the data that decoding obtains importing to described application program to complete the importing of digital certificate currently got by the described groove that can operate application program, mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported;
Step 1-3, quantity according to the digital certificate in described certificate file judge whether also have the digital certificate not being imported into application program in certificate file, are then return step 1-2, otherwise terminate.
7. method as claimed in claim 6, it is characterised in that described step 1-1 specifically includes:
Step 2-1, certificate file is write in the structure of pkcs7 form;
Step 2-2, according to the type attributive judgment in described structure the signature form of certificate file, and obtain the pointer in the digital certificate store region pointed in described structure according to the corresponding member variable in described structure according to the type of described signature form;
Step 2-3, the digital certificate store region accessed according to described pointer in described structure, obtain the quantity of digital certificate in described memory area.
8. method as claimed in claim 7, it is characterized in that, described step 2-2 specifically includes: the signature form of certificate file according to the type attributive judgment in described structure, if common signature form then obtains the pointer in the digital certificate store region pointed in described structure according to the member variable cert in the member variable d.sign in described structure;If the signature form with envelope then obtains the pointer in the digital certificate store region pointed in described structure according to the member variable cert in the member variable d.signed_and_enveloped in described structure.
9. the method for claim 1, it is characterised in that also include before the groove that described acquisition can operate application program: distribution can operate the groove of application program.
10. the method for claim 1, it is characterised in that the data that described decoding obtains specifically include: certificate serial number, certificate principal name, certificate data, certificate format and certificate issuers's title.
11. the method for claim 1, it is characterized in that, the described type according to the digital certificate imported arranges the trust mode of the digital certificate of importing, specifically include: judge the type of the digital certificate imported, if the certificate of the digital certificate of importing is then trusted mode by CA certificate is set to the first predetermined manner, if the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner.
12. method as claimed in claim 11, it is characterized in that, the type of the described digital certificate judging to import specifically includes: judge whether comprise the basic constrained attributes of certificate in the digital certificate imported, if comprising, the digital certificate imported is CA certificate, if not comprising, the digital certificate imported is server certificate.
13. the device being automatically imported digital certificate in application program, it is characterised in that including:
Obtain file module, for obtaining certificate file according to certificate filename;
Obtain certificate module, for obtaining the digital certificate in the certificate file that described acquisition file module gets;
Obtain channel mould block, for obtaining the groove that can operate application program;
First imports module, digital certificate for described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
14. device as claimed in claim 13, it is characterised in that described acquisition file module specifically for: open certificate file according to certificate filename, obtain the handle of described certificate file, certificate file according to described handle acquiring.
15. device as claimed in claim 13, it is characterised in that also include checking that module and second imports module;Described inspection module, for checking the form of certificate file that described acquisition file module gets;Described second imports module, for when the inspection result of described inspection module is the second default certificate format, sequentially obtain each digital certificate in the certificate file that described acquisition file module gets, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that decoding obtains are imported to application program to complete the importing of digital certificate currently got by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported;
Described first import module specifically for: when the inspection result of described inspection module be first preset certificate format time, the digital certificate that described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported.
16. device as claimed in claim 15, it is characterized in that, described first import module specifically for: when the inspection result of described inspection module is cer certificate format or pfx certificate format or p12 certificate format, the digital certificate that described acquisition certificate module is got is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;
Described second imports module, for when the inspection result of described inspection module is p7b certificate format, sequentially obtain each digital certificate in certificate file, and whenever getting a digital certificate, the digital certificate currently got is decoded, the data that decoding obtains are imported to application program to complete the importing of digital certificate currently got by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging current importing according to the type of the current digital certificate imported.
17. device as claimed in claim 16, it is characterized in that, described first import module specifically for: the digital certificate described acquisition certificate module got when the inspection result of described inspection module is cer certificate format is decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and mode trusted by the certificate of the digital certificate arranging importing according to the type of the digital certificate imported;When the inspection result of described inspection module is pfx certificate format or p12 certificate format, add cryptographic check algorithm, receive the cryptographic certificate of user's input, described cryptographic certificate is verified according to described cryptographic check algorithm, and the verification of described cryptographic certificate by time digital certificate that described acquisition certificate module is got be decoded, the data that decoding obtains are imported to described application program to complete the importing of described digital certificate by the groove got by described acquisition channel mould block, and the certificate arranging the digital certificate of importing according to the type of digital certificate imported trusts mode.
18. device as claimed in claim 15, it is characterised in that described second imports module specifically includes:
Obtain submodule, for when the inspection result of described inspection module be second preset certificate format time, obtain the quantity of digital certificate in the certificate file that described acquisition file module gets;
Import submodule, during for also having, in the certificate file that described acquisition file module gets, the digital certificate not being imported into application program, a digital certificate not being imported into described application program is obtained from described certificate file, the digital certificate currently got is decoded, the data that decoding obtains are imported to described application program by the groove got by described acquisition channel mould block, and mode trusted by the certificate arranging the current digital certificate imported according to the type of the current digital certificate imported;
Judge submodule, for judging whether the certificate file that described acquisition file module gets also has the digital certificate not being imported into application program according to the acquisition result of described acquisition submodule.
19. device as claimed in claim 18, it is characterised in that described acquisition submodule specifically includes:
Writing unit, in the structure of the certificate file write pkcs7 form got by described acquisition file module;
Pointer acquiring unit, for the Format Type of the type attributive judgment certificate file in the structure according to pkcs7 form, and the pointer that the Format Type of foundation certificate file is according to the digital certificate store region in the structure of the corresponding member variable acquisition sensing pkcs7 form in the structure of pkcs7 form;
Number obtainment unit, the pointer for getting according to described pointer acquiring unit accesses the digital certificate store region in the structure of pkcs7 form, obtains the quantity of digital certificate in described digital certificate store region.
20. device as claimed in claim 19, it is characterized in that, described pointer acquiring unit is specifically for signature form according to the type attributive judgment digital certificate in the structure of pkcs7 form, if common signature form then obtains the pointer in digital certificate store region in the structure pointing to pkcs7 form according to the member variable cert in the member variable d.sign in the structure of pkcs7 form;If the signature form with envelope then obtains the pointer in the digital certificate store region in the structure of sensing pkcs7 form according to the member variable cert in the member variable d.signed_and_enveloped in the structure of pkcs7 form.
21. device as claimed in claim 13, it is characterised in that also include: distributing trough module, for distributing the described groove that can operate application program.
22. device as claimed in claim 13, it is characterized in that, described first imports module includes importing submodule: certificate serial number, certificate principal name, certificate data, certificate format and the certificate issuers's title that decoding obtains is imported to described application program by the groove for being got by described acquisition channel mould block.
23. device as claimed in claim 13, it is characterized in that, described first imports module includes arranging submodule: for judging the type of the digital certificate imported, if the trust mode of the digital certificate of importing is then set to the first predetermined manner by CA certificate, if the certificate of the digital certificate of importing is then trusted mode by server certificate is set to the second predetermined manner.
24. device as claimed in claim 23, it is characterized in that, the described submodule that arranges includes judging unit: for judging whether comprise the basic constrained attributes of certificate in the digital certificate imported, if comprising, the digital certificate imported is CA certificate, if not comprising, the digital certificate imported is server certificate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067808.0A CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610067808.0A CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105721162A true CN105721162A (en) | 2016-06-29 |
CN105721162B CN105721162B (en) | 2019-03-05 |
Family
ID=56155357
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610067808.0A Active CN105721162B (en) | 2016-01-30 | 2016-01-30 | The method and device of digital certificate is automatically imported into application program |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105721162B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107678886A (en) * | 2017-10-09 | 2018-02-09 | 飞天诚信科技股份有限公司 | A kind of method and terminal device for preserving, recovering application data |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
US20150350362A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Proxied push |
-
2016
- 2016-01-30 CN CN201610067808.0A patent/CN105721162B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
CN103117862A (en) * | 2013-02-18 | 2013-05-22 | 无锡矽鼎科技有限公司 | Method for using X.509 digital certificate of openssl for verifying Java certificate |
US20150350362A1 (en) * | 2014-05-30 | 2015-12-03 | Apple Inc. | Proxied push |
Non-Patent Citations (3)
Title |
---|
HI,我是小瑞!: "PKI 常见的数字证书格式", 《HTTPS://BLOG.CSDN.NET/XIAXIAORUI2003/ARTICLE/DETAILS/3758183》 * |
JAMES: "NSS certificate DB concurrency", 《HTTP://CODEVERGE.COM/MOZILLA.DEV.TECH.CRYPTO/NSS-CERTIFICATE-DB-CONCURRENCY/1509861》 * |
KAMI WAN: "python中的with语句使用", 《HTTPS://KAIMINGWAN.COM/CATEGORY/LANGUAGE/PAGE/3》 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107678886A (en) * | 2017-10-09 | 2018-02-09 | 飞天诚信科技股份有限公司 | A kind of method and terminal device for preserving, recovering application data |
CN107678886B (en) * | 2017-10-09 | 2020-02-21 | 飞天诚信科技股份有限公司 | Method for storing and recovering application program data and terminal equipment |
Also Published As
Publication number | Publication date |
---|---|
CN105721162B (en) | 2019-03-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9819494B2 (en) | Digital signature service system based on hash function and method thereof | |
US6513116B1 (en) | Security information acquisition | |
US8341400B2 (en) | Method and apparatus for achieving nonconformant public key infrastructures | |
CN102868688B (en) | Certification system and method and electronic signature tool | |
CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
CN110278086A (en) | Compatibility method, device, terminal, system and storage medium based on CPK and PKI | |
CN110324358A (en) | Video data manages authentication method, module, equipment and platform | |
CN111859457A (en) | Intelligent contract setting method and system | |
CN103297816B (en) | A kind of method for safely downloading and receiving terminal for digital television | |
CN115150109A (en) | Authentication method, device and related equipment | |
CN113868713B (en) | Data verification method and device, electronic equipment and storage medium | |
CN113452526A (en) | Electronic document storage and verification method and corresponding device | |
CN102045280B (en) | Cable modem (CM) and certificate test method thereof | |
CN113704794B (en) | Bid file processing method and device in electronic bidding system | |
CN118070312A (en) | Method and device for encrypting and decrypting file and computer equipment | |
CN105721162A (en) | Method and device for automatically importing digital certificate to application program | |
CN108183804B (en) | Certificate sharing method | |
CN109245896B (en) | Electronic bidding method for realizing CA interconnection and intercommunication | |
CN109413200A (en) | A kind of method, client, MES and electronic equipment that resource imports | |
CN105871840A (en) | Certificate management method and system | |
CN110708302B (en) | Dynamic two-dimensional code key manager based on positioning sensing data and method thereof | |
CN112286865A (en) | Data exchange method based on government affair field | |
CN112926956A (en) | Block chain financial payment management method and system | |
CN111049808A (en) | Real-name authentication method and device | |
CN110336772A (en) | Web data automatic evidence-collecting method and equipment based on encrypted authentication server |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
OL01 | Intention to license declared | ||
OL01 | Intention to license declared |