n20-common-lib 2.9.13 → 2.9.14

package/src/plugins/Sign/NetV3/index.js

@@ -1,4 +1,4 @@
-import { Message } from 'element-ui'
+import { Message, MessageBox } from 'element-ui'
 import axios from '../../../utils/axios.js'
 import { IWSAgent } from './InfosecNetSignCNGAgent.min.js'
 let {
@@ -8,8 +8,18 @@ let {
   IWSASetAsyncMode, // 设置通讯方式 同步/异步
   IWSA_rsa_csp_genContainerP10,
   IWSA_rsa_csp_AdvgenContainerP10,
+  IWSA_rsa_csp_importSignX509Cert,
   IWSA_rsa_csp_AdvImportSignEncCert,
-  IWSA_rsa_csp_importSignP7Cert
+  IWSA_rsa_csp_importSignP7Cert,
+  IWSA_sm2_skf_getProviderList,
+  IWSA_sm2_skf_genContainerP10,
+  IWSA_sm2_skf_importSignX509Cert,
+  IWSA_sm2_skf_getApplicationList,
+  IWSA_sm2_skf_setDevice,
+  IWSA_sm2_skf_getDeviceList,
+  IWSA_rsa_csp_getCountOfCert,
+  IWSA_rsa_csp_getCertInfo,
+  IWSA_rsa_csp_deleteContainer
 } = new IWSAgent()
 
 IWSASetTimeOut(6000)
@@ -47,27 +57,43 @@ function getDnCertBase64(dn, res) {
 }
 
 function getUserCert(uno) {
-  try {
-    axios.post(`/bems/prod_1.0/dssc/sign/updateCert_direct/${uno}`).then(({ code, data }) => {
-      if (code === 200) {
+  uno = uno || sessionStorage.getItem('userNo')
+  axios.post(`/bems/prod_1.0/dssc/sign/updateCert_direct/${uno}`).then(async ({ code, data }) => {
+    if (code === 200) {
+      // 非国密
+      if (data.alg !== 'SM2') {
         // 设置提供者 Microsoft Base Cryptographic Provider v1.0
         IWSA_rsa_csp_setProvider('Microsoft Base Cryptographic Provider v1.0')
         // 设置同步模式
         IWSASetAsyncMode(false)
-        let alg = data.alg === 'RSA_1024' ? '1024' : ata.alg === 'RSA_2048' ? '2048' : '1024'
-        let dn = getDN()
-        let sd = data.sd === 'd'
-
-        const res = IWSA_rsa_csp_genContainerP10(alg, data.subjectDN || dn, sd)
+        let alg = data.alg === 'RSA_1024' ? '1024' : data.alg === 'RSA_2048' ? '2048' : '1024'
+        /**
+         * （方法 RSA）生成 P10 包，新容器
+         * 参数一：签名密钥或加密密钥标识,”true”/”false”
+         * 参数二：密钥长度 512，1024， 2048，4096
+         * 参数三：主题 DN，空值 DN 请赋值””空串
+         * 参数四：摘要算法 OID，使用默认值请赋值””空串
+         * 参数五：公钥算法 OID，，使用默认值请赋值””空串
+         * 参数六：签名算法 OID，，使用默认值请赋值””空串
+         * 参数七：私钥是否可导出,”true”/”false”
+         * 参数八：是否启用增强密钥保护,”true”/”false”
+         */
+        const res = IWSA_rsa_csp_genContainerP10('true', alg, '', '', '', '', 'false', 'false')
         if (res[0] === '0') {
           let dto = {
             ...data,
-            publicKey: res[1],
-            tmpPubKey: res[2] || ''
+            publicKey: res[2],
+            tmpPubKey: res[1] || ''
           }
           axios.post(`/bems/prod_1.0/dssc/sign/getRadsCert`, dto).then(({ code, data }) => {
             if (code === 200) {
-              const certData = IWSA_rsa_csp_importSignP7Cert(res[1], data.signCer)
+              /**
+               * （方法 RSA）导入签名证书 X509
+               * 参数一：容器名，支持””：使用产生 P10 时的容器
+               * 参数二：X509 证书，Base64 编码
+               */
+
+              const certData = IWSA_rsa_csp_importSignX509Cert(res[1], data.signCer)
               if (certData[0] === '0') {
                 Message.success('证书导入成功')
               } else {
@@ -78,11 +104,66 @@ function getUserCert(uno) {
         } else {
           Message.error('产生 P10失败，错误码：：' + data[0])
         }
+        // 国密
+      } else {
+        /**
+         * （方法 SM2）生成 P10 包，新容器
+         * 参数y一：主题 DN，空值 DN 请赋值””空串
+         */
+        // 设置同步模式
+        IWSASetAsyncMode(false)
+        const roviderList = IWSA_sm2_skf_getProviderList()
+        console.log(roviderList)
+        if (roviderList.length === 0) {
+          Message.error('请检查ukey是否正常')
+          return
+        }
+        const providerList = IWSA_sm2_skf_getDeviceList(roviderList[0].Provider)
+        if (providerList.length === 0) {
+          Message.error('未获取到SM2设备')
+          return
+        }
+        const applicationList = IWSA_sm2_skf_getApplicationList(roviderList[0].Provider, providerList[0].Device)
+        if (applicationList.length === 0) {
+          Message.error('未获取到SM2应用')
+          return
+        }
+        IWSA_sm2_skf_setDevice(roviderList[0].Provider, providerList[0].Device, applicationList[0].Application)
+        await MessageBox.prompt('请输入PIN码', '提示', {
+          confirmButtonText: '确定',
+          cancelButtonText: '取消',
+          closeOnClickModal: false,
+          inputType: 'password'
+        }).then(({ value }) => {
+          const res = IWSA_sm2_skf_genContainerP10(value, '', '', 'true')
+          if (res[0] === '0') {
+            let dto = {
+              ...data,
+              publicKey: res[2],
+              tmpPubKey: res[1] || ''
+            }
+            axios.post(`/bems/prod_1.0/dssc/sign/getRadsCert`, dto).then(({ code, data }) => {
+              if (code === 200) {
+                /**
+                 * （方法 RSA）导入签名证书 X509
+                 * 参数一：容器名，支持””：使用产生 P10 时的容器
+                 * 参数二：X509 证书，Base64 编码
+                 */
+                const certData = IWSA_sm2_skf_importSignX509Cert(value, res[1], data.signCer)
+                if (certData[0] === '0') {
+                  Message.success('证书导入成功')
+                } else {
+                  Message.error('导入证书失败，错误码：：' + certData[0])
+                }
+              }
+            })
+          } else {
+            Message.error('产生 P10失败，错误码：：' + data[0])
+          }
+        })
       }
-    })
-  } catch (error) {
-    console.error(error)
-  }
+    }
+  })
 }
 
 /**
@@ -90,17 +171,68 @@ function getUserCert(uno) {
  * @param {*} cspName
  * @returns
  */
-export function updateCert(cspName) {
+export function updateCert(cspName, onSuccess, dnInfo) {
+  let oldContainer = ''
   // 设置提供者  'ArgusKey CSP For BEHFC v1.0'
   IWSA_rsa_csp_setProvider(cspName)
   // 设置同步模式
   IWSASetAsyncMode(false)
-  let dn = getDN()
+  let dn = dnInfo || getDN()
   if (!dn) {
-    return Message.error('未获取到Dn信息')
+    Message.error('未获取到Dn信息')
+    return
+  }
+  //获取当前证书的容器
+  IWSA_rsa_csp_getCountOfCert((res) => {
+    if (res > 0) {
+      for (let i = 0; i < res; i++) {
+        //获取证书详情
+        IWSA_rsa_csp_getCertInfo(i, (res, Provider, Container, certDN) => {
+          if (res == 0 && compareDN(certDN, dn)) {
+            oldContainer = Container
+          }
+        })
+      }
+    }
+  })
+  //生成新容器并下载证书
+  let res = IWSA_rsa_csp_genContainerP10('true', window.updateCertSize || '1024', dn, '', '', '', 'false', 'false')
+  if (res[0] === '0') {
+    axios
+      .post(`/bems/prod_1.0/dssc/sign/getDnCertBase64`, {
+        userDn: dn,
+        p10: res[2]
+      })
+      .then(({ data }) => {
+        if (data) {
+          let list = JSON.parse(data)
+          if (list[0]?.errNum === '0') {
+            let code = IWSA_rsa_csp_importSignP7Cert(res[1], list[0]?.cert)
+            if (code === '0') {
+              //删除旧证书
+              if (oldContainer != '') {
+                IWSA_rsa_csp_deleteContainer(oldContainer)
+              }
+              Message.success('证书导入成功')
+              if (typeof onSuccess === 'function') {
+                onSuccess()
+              }
+            } else {
+              IWSA_rsa_csp_deleteContainer(res[1])
+              Message.error('证书导入失败，请联系管理员，错误码为' + code)
+            }
+          } else {
+            IWSA_rsa_csp_deleteContainer(res[1])
+            Message.error('证书下载失败，请联系管理员，错误码为' + list[0]?.errNum)
+          }
+        } else {
+          IWSA_rsa_csp_deleteContainer(res[1])
+          Message.error('证书下载服务出错，请重试或联系管理员')
+        }
+      })
+  } else {
+    Message.error('容器生成失败，请联系管理员，错误码为' + res[0])
   }
-  let data = IWSA_rsa_csp_genContainerP10('true', '1024', dn, '', '', '', 'false', 'false')
-  GetDateNotAfter(data, dn)
 }
 function GetDateNotAfter(res, dn) {
   if (res[0] === '0') {
@@ -116,3 +248,12 @@ function GetDateNotAfter(res, dn) {
 export function updateCertHG(uno) {
   getUserCert(uno)
 }
+
+function compareDN(dn1, dn2) {
+  let dn1Arr = dn1.split(',').map((c) => c.trim())
+  let dn2Arr = dn2.split(',').map((c) => c.trim())
+  if (dn1Arr.every((dnAttr) => dn2Arr.includes(dnAttr))) {
+    return true
+  }
+  return false
+}

package/src/plugins/Sign/SkfSign/index.js

@@ -29,7 +29,7 @@ function getDN() {
 
 /* 检测本地签名端口是否可用 */
 export function availableSign(fn, url) {
-  available = IWSAGetAvailable()
+  let available = IWSAGetAvailable()
   if (available) {
     fn && fn(available)
   } else {
@@ -41,7 +41,7 @@ export function availableSign(fn, url) {
 }
 
 function checkAvailable(fn, url, count) {
-  available = IWSAGetAvailable()
+  let available = IWSAGetAvailable()
   let name = window.NetSignDownloadName || 'NetSignCNG签名助手'
   if (available) {
     fn && fn(available)
@@ -84,53 +84,44 @@ function verifyDn(dnList, dn) {
 }
 
 // 签名
-export async function getSign(plain, dn) {
-  if (dn === undefined) {
-    dn = getDN()
-  }
+export async function getSign(plain, dn = getDN()) {
+  // 验证DN参数
   if (!dn) {
     Message.error('签名参数DN错误!')
     return false
   }
 
-  let plainText = ''
-  if (typeof plain === 'object') {
-    plainText = JSON.stringify(plain)
-  } else {
-    plainText = plain
-  }
+  // 处理签名文本
+  const plainText = typeof plain === 'object' ? JSON.stringify(plain) : plain
+
+  // 获取并验证证书信息
   const checkRes = await getCertInfo(dn)
 
-  if (checkRes === -1 || ['dnListEmpty', 'dnIsEmpty', 'Empty'].includes(checkRes)) {
-    switch (checkRes) {
-      case 'dnListEmpty':
-        Message.warning('没有匹配到证书!')
-        break
-      case 'dnIsEmpty':
-        Message.warning('DN参数为空!')
-        break
-      case 'Empty':
-        Message.warning('当前Ukey不匹配!')
-        break
-      default:
-        Message.warning('没有匹配到证书!')
-    }
+  // 证书验证错误处理
+  const errorMessages = {
+    dnListEmpty: '没有匹配到证书!',
+    dnIsEmpty: 'DN参数为空!',
+    Empty: '当前Ukey不匹配!'
+  }
+
+  if (checkRes === -1 || Object.keys(errorMessages).includes(checkRes)) {
+    Message.warning(errorMessages[checkRes] || '没有匹配到证书!')
     return ''
   }
-  let answer
-  await MessageBox.prompt('请输入PIN码', '提示', {
-    confirmButtonText: '确定',
-    cancelButtonText: '取消',
-    closeOnClickModal: false,
-    inputType: 'password'
-  }).then(({ value }) => {
-    return performSign(plainText, value).then((signedData) => {
-      answer = signedData
+
+  // 获取PIN码并执行签名
+  try {
+    const { value: pin } = await MessageBox.prompt('请输入PIN码', '提示', {
+      confirmButtonText: '确定',
+      cancelButtonText: '取消',
+      closeOnClickModal: false,
+      inputType: 'password'
     })
-  })
-  // 签名
 
-  return answer
+    return await performSign(plainText, pin)
+  } catch (error) {
+    return Promise.reject(error)
+  }
 }
 
 /**
@@ -140,19 +131,28 @@ export async function getSign(plain, dn) {
  */
 export async function getCertInfo(dn) {
   return new Promise((resolve, reject) => {
+    let arg
+    if (
+      navigator.platform.toLowerCase().includes('linux') ||
+      navigator.userAgent.toLowerCase().includes('linux') ||
+      // 检查是否为银河麒麟特有的环境变量或特征
+      typeof window.KylinOS !== 'undefined' ||
+      document.documentElement.dataset.osType === 'kylin'
+    ) {
+      arg = window.VUE_APP_NetSign_ARG_Linux
+    } else {
+      arg = process.env.VUE_APP_NetSign_ARG || window.VUE_APP_NetSign_ARG || 'WTSKFInterface.dll'
+    }
     // 获取证书列表
-    IWSASkfGetCertList(
-      process.env.VUE_APP_NetSign_ARG || window.VUE_APP_NetSign_ARG || 'WTSKFInterface.dll',
-      (CertListData, errorCode) => {
-        if (errorCode) {
-          Message.error(codeDate[errorCode])
-          reject()
-        } else {
-          const checkRes = verifyDn(CertListData, dn)
-          resolve(checkRes)
-        }
+    IWSASkfGetCertList(arg, (CertListData, errorCode) => {
+      if (errorCode) {
+        Message.error(codeDate[errorCode])
+        reject()
+      } else {
+        const checkRes = verifyDn(CertListData, dn)
+        resolve(checkRes)
       }
-    )
+    })
   })
 }
 
@@ -164,15 +164,18 @@ export async function getCertInfo(dn) {
  */
 async function performSign(plainText, value) {
   return new Promise((resolve, reject) => {
-    IWSASkfSignData(plainText, 0, value, 'SM3', (errorCode, signedData) => {
+    let code = 'SM3'
+    // 有色信创国产系统 需要传入SHA1
+    if (window.VUE_APP_NetSign_ARG === '/opt/apps/cn.win-trust.usertool/files/bin/libSKFInterface.so') {
+      code = 'SHA1'
+    }
+    IWSASkfSignData(plainText, 0, value, code, (errorCode, signedData) => {
       if (errorCode === 0 || errorCode === '0') {
         resolve(signedData)
       } else {
         Message.error(codeDate[errorCode])
         reject()
       }
-    }).catch(() => {
-      resolve()
     })
   })
 }

package/src/plugins/Sign/bjca/index.js

@@ -11,7 +11,8 @@ function getDN() {
 }
 
 /* 给对象或字符串签名 */
-export async function getSign(plain, dn) {
+export async function getSign(plain, dn, word) {
+  console.log('getSign', plain, dn, word)
   let errMsg
   let plainText
   await new Promise((resolve, reject) => {
@@ -87,10 +88,10 @@ export async function getSign(plain, dn) {
   await new Promise((resolve, reject) => {
     for (let i = 0; i < r_retVal.length; i++) {
       const val = r_retVal[i].retVal
-      window.SOF_GetCertInfoByOid(
-        val,
-        process.env.VUE_APP_NetSign_ARG || window.VUE_APP_NetSign_ARG || '1.2.156.112562.2.1.1.23',
-        (s) => {
+
+      if (window.VUE_APP_NetSign_TYPE === 'DN') {
+        //新版本，比较DN
+        window.SOF_GetCertInfo(val, 33, (s) => {
           if (s.retVal) {
             s_retVal.push({ certId: r_retVal[i].certId, retVal: s.retVal })
             resolve()
@@ -99,16 +100,83 @@ export async function getSign(plain, dn) {
             Message.error(errMsg)
             reject(errMsg)
           }
-        }
-      )
+        })
+      } else {
+        //原始版本，比较SN
+        window.SOF_GetCertInfoByOid(
+          val,
+          process.env.VUE_APP_NetSign_ARG || window.VUE_APP_NetSign_ARG || '1.2.156.112562.2.1.1.23',
+          (s) => {
+            if (s.retVal) {
+              s_retVal.push({ certId: r_retVal[i].certId, retVal: s.retVal })
+              resolve()
+            } else {
+              errMsg = '证书信息获取失败!'
+              Message.error(errMsg)
+              reject(errMsg)
+            }
+          }
+        )
+      }
     }
   })
 
+  /**
+   * 从Dn中获取CN
+   * @param {string} dn 要解析的Dn
+   * @returns {string} 解析后的CN
+   */
+  function parseCA(dn) {
+    const mark = /^CN=/
+    let CN = dn.split(',').find((b) => mark.test(b))
+    return CN ? CN.replace(mark, '') : ''
+  }
+
+  function compareDN(dn1, dn2) {
+    if (dn1 === dn2) {
+      return true
+    }
+    const pdn1 = parseCA(dn1)
+    const pdn2 = parseCA(dn2)
+    if (!pdn1 || !pdn2) {
+      return false
+    }
+    if (pdn1 === pdn2) {
+      return true
+    }
+    return false
+  }
+
   /**
    * 签名
    */
   let v_retVal, cert
-  let val = s_retVal.filter((v) => v.retVal === dn)
+  let val = s_retVal.filter((v) => compareDN(v.retVal, dn))
+  await new Promise((resolve, reject) => {
+    // 如果未传入pin码 则不校验直接调取验签接口 通过原生pin输入框校验
+    if (!word) {
+      resolve()
+    } else {
+      // 校验证书是否被锁
+      window.SOF_GetPinRetryCount(val[0].certId, (v) => {
+        if (v && v.retVal > 0) {
+          window.SOF_Login(val[0].certId, word, (v) => {
+            if (v && v.retVal === true) {
+              resolve()
+            } else {
+              errMsg = 'pin码错误!'
+              window.alert(errMsg)
+              reject(errMsg)
+            }
+          })
+        } else {
+          errMsg = '证书口令已被锁死，必须解锁后才能使用!'
+          window.alert(errMsg)
+          reject(errMsg)
+        }
+      })
+    }
+  })
   if (val.length > 0) {
     cert = r_retVal.filter((s) => s.certId === val[0].certId)
     await new Promise((resolve, reject) => {
@@ -118,7 +186,7 @@ export async function getSign(plain, dn) {
           resolve()
         } else {
           errMsg = '签名失败!'
-          Message.error(errMsg)
+          window.alert(errMsg)
           reject(errMsg)
         }
       })
@@ -126,6 +194,158 @@ export async function getSign(plain, dn) {
     return Promise.resolve(v_retVal + '@@@' + cert[0].retVal)
   } else {
     errMsg = '参数dn信息不匹配！'
+    window.alert(errMsg)
+    return Promise.reject(errMsg)
+  }
+}
+
+export async function getCert(dn) {
+  console.log(dn)
+  debugger
+  let errMsg
+  await new Promise((resolve, reject) => {
+    window._bjca_init_(
+      () => resolve(),
+      () => {
+        errMsg = '没有检测到签名驱动!'
+        Message.error(errMsg)
+        reject(errMsg)
+      }
+    )
+  })
+
+  if (dn === undefined) {
+    dn = getDN()
+  }
+  if (!dn) {
+    errMsg = '签名参数DN错误!'
+    Message.error(errMsg)
+    return Promise.reject(errMsg)
+  }
+
+  /**
+   * 获取证书列表
+   */
+  let CertIdList = []
+  await new Promise((resolve, reject) => {
+    window.SOF_GetUserList((l) => {
+      if (l.retVal) {
+        CertIdList = l.retVal
+          .replace(/&&&$/, '')
+          .split('&&&')
+          .map((s) => s.split('||')[1])
+        resolve()
+      } else {
+        Message.error('证书获取失败')
+        resolve()
+      }
+    })
+  })
+
+  /**
+   * 获取证书
+   */
+
+  let r_retVal = []
+  await new Promise((resolve, reject) => {
+    for (let i = 0; i < CertIdList.length; i++) {
+      const item = CertIdList[i]
+      window.SOF_ExportUserCert(item, (r) => {
+        if (r.retVal) {
+          r_retVal.push({ certId: CertIdList[i], retVal: r.retVal })
+          resolve()
+        } else {
+          errMsg = '证书获取失败!'
+          Message.error(errMsg)
+          reject(errMsg)
+        }
+      })
+    }
+  })
+
+  /**
+   * 根据OID获取证书信息
+   */
+  let s_retVal = []
+  await new Promise((resolve, reject) => {
+    for (let i = 0; i < r_retVal.length; i++) {
+      const val = r_retVal[i].retVal
+
+      if (window.VUE_APP_NetSign_TYPE === 'DN') {
+        //新版本，比较DN
+        window.SOF_GetCertInfo(val, 33, (s) => {
+          if (s.retVal) {
+            s_retVal.push({ certId: r_retVal[i].certId, retVal: s.retVal })
+            resolve()
+          } else {
+            errMsg = '证书信息获取失败!'
+            Message.error(errMsg)
+            reject(errMsg)
+          }
+        })
+      } else {
+        //原始版本，比较SN
+        window.SOF_GetCertInfoByOid(
+          val,
+          process.env.VUE_APP_NetSign_ARG || window.VUE_APP_NetSign_ARG || '1.2.156.112562.2.1.1.23',
+          (s) => {
+            if (s.retVal) {
+              s_retVal.push({ certId: r_retVal[i].certId, retVal: s.retVal })
+              resolve()
+            } else {
+              errMsg = '证书信息获取失败!'
+              Message.error(errMsg)
+              reject(errMsg)
+            }
+          }
+        )
+      }
+    }
+  })
+
+  /**
+   * 从Dn中获取CN
+   * @param {string} dn 要解析的Dn
+   * @returns {string} 解析后的CN
+   */
+  function parseCA(dn) {
+    const mark = /^CN=/
+    let CN = dn.split(',').find((b) => mark.test(b))
+    return CN ? CN.replace(mark, '') : ''
+  }
+
+  function compareDN(dn1, dn2) {
+    if (dn1 === dn2) {
+      return true
+    }
+    const pdn1 = parseCA(dn1)
+    const pdn2 = parseCA(dn2)
+
+    if (!pdn1 || !pdn2) {
+      return false
+    }
+    if (pdn1 === pdn2) {
+      return true
+    }
+
+    return false
+  }
+
+  /**
+   * 签名
+   */
+  let cert
+
+  let val = s_retVal.filter((v) => compareDN(v.retVal, dn))
+  if (val.length > 0) {
+    cert = r_retVal.filter((s) => s.certId === val[0].certId)
+    return
+  } else {
+    if (s_retVal[0] && s_retVal[0].retVal && dn) {
+      errMsg = `用户CN值为:CN=${parseCA(dn)},数字证书CN值为:CN=${parseCA(s_retVal[0].retVal)}.不匹配`
+    } else {
+      errMsg = '参数dn信息不匹配！'
+    }
     Message.error(errMsg)
     return Promise.reject(errMsg)
   }