SecSeal應用集成方案 V10.doc

SecSeal安全電子印章系統(tǒng)應用集成方案一、 導入用戶證書到數(shù)據(jù)庫導入用戶公鑰證書到數(shù)據(jù)庫，在應用中可以通過接口傳入證書執(zhí)行加密授權。1. 獲取證書由凱特信安項目工程師協(xié)助，收集應用系統(tǒng)用戶證書。2. 證書寫入數(shù)據(jù)庫 為用戶表新建一列，用于存儲證書內(nèi)容。 讀取數(shù)字證書內(nèi)容，把“-BEGIN CERTIFICATE-”和“-END CERTIFICATE-”，去掉，把數(shù)字證書內(nèi)容寫入對應的用戶表中。保存的證書格式如下：MIIDjjCCAvegAwIBAgIQFAhf/KTWYie5KKR+4AiCjDANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwOTE1MDcwMzIyWhcNMDgwOTE1MDcwMzIyWjCBrDEPMA0GA1UEAx4Ggs+I1W4KMRswGQYDVQQLExIzNTAxMjQxOTgxMDkxMzQ2MTIxDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMRswGQYDVQQHHhJ5j13eXgJuVlJNje8ANQA4U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHzAdBgkqhkiG9w0BCQETEHN1eXlAa2luZC5jb20uY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOACPw2XOUDmXjvzrYZPhjKFWIzhswBJ1Z0yAfLe0/lkjrGMPncWuDj6kH0DFimRPaRbBu1sJ3PDSCqPAgEwOrntTJ0JXkRJySPyodoYiUfIXW8AFn7J6H30WF3Jf91airdX+1bmK0sFROIXHOmyUqii8JF59e8Cb2NfRzdsw0WDAgMBAAGjgeowgecwHwYDVR0jBBgwFoAU1r3G/04GA5tRF5LpEIgFQ713SDEwHQYDVR0OBBYEFHcRqLvFaaOWO96wdu9YoauIf2B0MAsGA1UdDwQEAwID+DAMBgNVHRMEBTADAQEAMIGJBgNVHR8EgYEwfzB9oHugeaR3MHUxDTALBgNVBAMTBGNybDExDDAKBgNVBAsTA2NybDEMMAoGA1UECxMDMTE4MQowCAYDVQQLEwExMQ0wCwYDVQQKEwRmamNhMQ8wDQYDVQQHEwZmdXpob3UxDzANBgNVBAgTBmZ1amlhbjELMAkGA1UEBhMCY24wDQYJKoZIhvcNAQEFBQADgYEAWt0pZ7Dex4rdsZZl13RQkikD9JNWMj2qCaajpdX0p183+2f7vd+WuUDWP8FKaCsXKe8wPb0c8mDOwJLx7ajc2Hmd/9nIGqrn+71cvweXaIVHqmvRZ4TdYWD1vXiUuFHT4XAm7Rdj8jgGc4sEUvxUGLBuoj03F1sj07fxi1VxoJQ=二、 應用系統(tǒng)集成1. 增加“蓋章”環(huán)節(jié)在應用系統(tǒng)中增加“蓋章”環(huán)節(jié)，可以是一個頁面按鈕2. 在蓋章頁面中申明控件 蓋章頁面中 標簽做如下配置： 在元素內(nèi)包含有對控件的引用 ，如下所示: 在元素內(nèi)必須包含有對引用控件的聲明,如下所示: 在使用控件的表單中實例化控件，并給予對象ID號：3. 調用SecSeal蓋章系統(tǒng)接口為“蓋章”環(huán)節(jié)編寫代碼，SecSeal接口可以在頁面腳本中使用。調用代碼例子如下：function ExecOp(srcF,objF) /srcF為需要蓋章的文件地址，可以為遠程地址如：/ABC.doc/也可以為本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 編輯任務;job.Operation = 0x5; /對word文件蓋章，同時輸出紅頭和黑頭job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自動退出if (! job.ExecEdit(srcF) ) alert( 文件蓋章失敗! );return;4. 判斷流程中需要蓋章的用戶 確定流程中需要蓋章及查看公文的用戶假設流程中張三對文檔蓋章，李四接收查看文檔。因此需要對張三和李四進行授權。 搜索數(shù)據(jù)庫，找到這些用戶的證書內(nèi)容在應用程序中，所有用戶表，找到張三和李四用戶對應的證書內(nèi)容，賦值給變量。strCert1 =MIIDkDCCAvmgAwIBAgIQCzKMFmLhOvS6fDsleT0jojANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwODA5MDIyMTIwWhcNMDgwODA5MDIyMTIwWjCBrjEPMA0GA1UEAx4GUhhmU2VPMRgwFgYDVQQLEw8zNTAxMTE4MTA2MTA1MDExDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMSEwHwYDVQQHHhh5j13eXgJmS1uJUzpqH2dRADEAMQA0U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHjAcBgkqhkiG9w0BCQETD2NjdHZidHhAMTYzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8FiUk/Fw7jZos5PAu4iKZLyWAN8HJ/2RIzzF3xT3iBzwz55FOpQQQdYAq8U6XR8er0njOzAqQ+rPbXCTS6LlKNoe4LNki2Sij4QApvHgljTkH7zBAVNERvsqK6Wr9KqJSF97RsyE1ai4bE9w1qypRBHVFLRLh6Y9untUE/WDNikCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQU5p5zenmbmfJxnM/rYyRr2V9LHkswCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTENMAsGA1UEAxMEY3JsMTEMMAoGA1UECxMDY3JsMQwwCgYDVQQLEwMxMTgxCjAIBgNVBAsTATExDTALBgNVBAoTBGZqY2ExDzANBgNVBAcTBmZ1emhvdTEPMA0GA1UECBMGZnVqaWFuMQswCQYDVQQGEwJjbjANBgkqhkiG9w0BAQUFAAOBgQCMzKB+7slIdw1dNY4GOEP8WPVpnHql+er27v4rowoOllfd+24z7RYYrisVwI5pbwfl+0JQ3r+6uLYODhm4O236rktH1HiPacDWx40wpRQVf4epXamNxy+A0jzEuU0UpM4qeC+gydUak9pFSo8hcFGFfAXFmZJkW0iIolEBlXRbLA=;strCert2=MIIDdTCCAt6gAwIBAgIQAkqRAuIsDVJ2i4A7Q7D/AzANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDcwMzA1MDgwNzEyWhcNMDgwMzA0MDgwNzEyWjCBkzENMAsGA1UEAx4ElkiNOzEbMBkGA1UECxMSMzUwMTExMTk4MjA5MTE0NzQ4MQ8wDQYDVQQKHgaOq079i8ExJTAjBgNVBAceHHmPXvpR73J5T+Fgb1uJUWhigGcvZwmWUFFsU/gxDzANBgNVBAceBnmPXd5eAjEPMA0GA1UECB4GeY9e+ncBMQswCQYDVQQGEwJDTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApDFUde+Ibgq66pSMbpQcfwUkWO9QjwKV0YpQSs9JzFFVDFUTIA0loTNkSI+KV9tCBN2+VxAJ9c/0geifISo1arkPwXQUDwxj8FPP3MkY+yhBX8xI4w+eGgGS1ZpJo19oH3lF1h+D4wUqS4uCNw4tWukxh4Q89hr77ho/xc1K5IcCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQUD1nwVcYEFMmBwmOwAMdyRwKLzH0wCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTELMAkGA1UEBhMCY24xDzANBgNVBAgTBmZ1amlhbjEPMA0GA1UEBxMGZnV6aG91MQ0wCwYDVQQKEwRmamNhMQowCAYDVQQLEwExMQwwCgYDVQQLEwMxMTgxDDAKBgNVBAsTA2NybDENMAsGA1UEAxMEY3JsMjANBgkqhkiG9w0BAQUFAAOBgQC7Hn/VaJUnUkBOqLGdyNHBOsdmgySg29Uf7lZBS5hTD1KDuSeq9ThGOtpsUFZHUCFm9FXATl4a7EzYBNiPiholoarfC+45amhQoZ83j8/kBJoDvs+Q43UGWlhrjN+eqRxkSbX/M8ElJhKVlrOoVcqLGMra5qPV5Stbt5byEUrRig=;5. 參數(shù)傳入安全公文授權證書在程序中，使用ImportCerts方法把證書內(nèi)容傳入，多個證書之間使用“,”分隔。調用代碼例子如下：function ExecOp(srcF,objF) /srcF為需要蓋章的文件地址，可以為遠程地址如：/ABC.doc/也可以為本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 編輯任務;job.Operation = 0x5; /對word文件蓋章，同時輸出紅頭和黑頭job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自動退出var strCerts;var strCert1, strCert2;strCert1 =MIIDkDCCAvmgAwIBAgIQCzKMFmLhOvS6fDsleT0jojANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwODA5MDIyMTIwWhcNMDgwODA5MDIyMTIwWjCBrjEPMA0GA1UEAx4GUhhmU2VPMRgwFgYDVQQLEw8zNTAxMTE4MTA2MTA1MDExDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMSEwHwYDVQQHHhh5j13eXgJmS1uJUzpqH2dRADEAMQA0U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHjAcBgkqhkiG9w0BCQETD2NjdHZidHhAMTYzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8FiUk/Fw7jZos5PAu4iKZLyWAN8HJ/2RIzzF3xT3iBzwz55FOpQQQdYAq8U6XR8er0njOzAqQ+rPbXCTS6LlKNoe4LNki2Sij4QApvHgljTkH7zBAVNERvsqK6Wr9KqJSF97RsyE1ai4bE9w1qypRBHVFLRLh6Y9untUE/WDNikCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQU5p5zenmbmfJxnM/rYyRr2V9LHkswCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTENMAsGA1UEAxMEY3JsMTEMMAoGA1UECxMDY3JsMQwwCgYDVQQLEwMxMTgxCjAIBgNVBAsTATExDTALBgNVBAoTBGZqY2ExDzANBgNVBAcTBmZ1emhvdTEPMA0GA1UECBMGZnVqaWFuMQswCQYDVQQGEwJjbjANBgkqhkiG9w0BAQUFAAOBgQCMzKB+7slIdw1dNY4GOEP8WPVpnHql+er27v4rowoOllfd+24z7RYYrisVwI5pbwfl+0JQ3r+6uLYODhm4O236rktH1HiPacDWx40wpRQVf4epXamNxy+A0jzEuU0UpM4qeC+gydUak9pFSo8hcFGFfAXFmZJkW0iIolEBlXRbLA=;strCert2=MIIDdTCCAt6gAwIBAgIQAkqRAuIsDVJ2i4A7Q7D/AzANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDcwMzA1MDgwNzEyWhcNMDgwMzA0MDgwNzEyWjCBkzENMAsGA1UEAx4ElkiNOzEbMBkGA1UECxMSMzUwMTExMTk4MjA5MTE0NzQ4MQ8wDQYDVQQKHgaOq079i8ExJTAjBgNVBAceHHmPXvpR73J5T+Fgb1uJUWhigGcvZwmWUFFsU/gxDzANBgNVBAceBnmPXd5eAjEPMA0GA1UECB4GeY9e+ncBMQswCQYDVQQGEwJDTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApDFUde+Ibgq66pSMbpQcfwUkWO9QjwKV0YpQSs9JzFFVDFUTIA0loTNkSI+KV9tCBN2+VxAJ9c/0geifISo1arkPwXQUDwxj8FPP3MkY+yhBX8xI4w+eGgGS1ZpJo19oH3lF1h+D4wUqS4uCNw4tWukxh4Q89hr77ho/xc1K5IcCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQUD1nwVcYEFMmBwmOwAMdyRwKLzH0wCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTELMAkGA1UEBhMCY24xDzANBgNVBAgTBmZ1amlhbjEPMA0GA1UEBxMGZnV6aG91MQ0wCwYDVQQKEwRmamNhMQowCAYDVQQLEwExMQwwCgYDVQQLEwMxMTgxDDAKBgNVBAsTA2NybDENMAsGA1UEAxMEY3JsMjANBgkqhkiG9w0BAQUFAAOBgQC7Hn/VaJUnUkBOqLGdyNHBOsdmgySg29Uf7lZBS5hTD1KDuSeq9ThGOtpsUFZHUCFm9FXATl4a7EzYBNiPiholoarfC+45amhQoZ83j8/kBJoDvs+Q43UGWlhrjN+eqRxkSbX/M8ElJhKVlrOoVcqLGMra5qPV5Stbt5byEUrRig=;strCerts = strCert1;strCerts = strCerts + ,;strCerts = strCerts + strCert2;job.ImportCerts(strCerts);if (! job.ExecEdit(srcF) ) alert( 文件蓋章失敗! );return;6. 設定聯(lián)合蓋章權限注意：使用ImportCerts方法導入的證書默認可以進行聯(lián)合蓋章，如果需要控制其中部分用戶不能對公文蓋章和批注，可以有兩種方法：A. 在設置界面手工設置不允許聯(lián)合蓋章B. 使用策略文件制定部分用戶不允許蓋章 蓋章系統(tǒng)默認不允許授權人員對文檔聯(lián)合蓋章，如下圖所示：可以通過雙擊的方式來修改是否允許聯(lián)合蓋章 使用ImportCerts方法導入的證書，默認允許蓋章。使用策略文件設定聯(lián)合蓋章權限 便利function ExecOp(srcF,objF) /srcF為需要蓋章的文件地址，可以為遠程地址如：/ABC.doc/也可以為本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 編輯任務;job.Operation = 0x5; /對word文件蓋章，同時輸出紅頭和黑頭job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自動退出var strCerts;var strCert1, strCert2;strCerts = strCert1 + ,+ strCert2;job.ImportCerts(strCerts);nCertCount = job.GetImportedCertCount();for( nI=0; nInCertCount; nI+ ) nRet = job.SetCertItemValue( nI,_USER_ENABLE_COMBINE_SEAL_STATE, 0); /設置是否允許聯(lián)合蓋章，如果值為0不允許，值為1允許。var strXmlFile;strXmlFile = job.OutCertItemsToXml(); /生成用戶策略文件alert(用戶策略文件: + strXmlFile );job.StrategyFile = strXmlFile; /使用策略文件if (! job.ExecEdit(srcF) ) alert( 文件蓋章失敗! );return;設置完成后，效果如下所示：7. 判斷用戶是否完成操作ExecEdit方法調用蓋章系統(tǒng)，并返回蓋章是否成功，ExecSave方法執(zhí)行保存蓋章形成后的文件。如果這兩個方法調用不返回錯誤，則表示用戶蓋章正常完成；如果返回錯誤，則表示用戶在蓋章過程中取消了操作。調用代碼例子如下：function ExecOp(srcF,objF) /srcF為需要蓋章的文件地址，可以為遠程地址如：/ABC.doc/也可以為本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 編輯任務;job.Operation = 0x5; /對word文件蓋章，同時輸出紅頭和黑頭job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自動退出/證書導入處理方法if (! job.ExecEdit(srcF) ) alert( 文件蓋章失敗! );return;if (! job.ExecSave(objF) ) /objF為要保存的文件名alert( 保存已件蓋章公文失敗! );return;8. 獲取形成文件路徑使用SavedEdcFile和SavedBdcFile屬性，可以獲得蓋章完成后形成的紅頭文件和抄送文件本地保存臨時路徑。調用代碼例子如下：function ExecOp(srcF,objF) /srcF為需要蓋章的文件地址，可以為遠程地址如：/ABC.doc/也可以為本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 編輯任務;job.Operation = 0x5; /對word文件蓋章，同時輸出紅頭和黑頭job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自動退出/證書導入處理方法if (! job.ExecEdit(srcF) ) alert( 文件蓋章失敗! );return;if (! job.ExecSave(objF) ) /objF為要保存的文件名alert( 保存已件蓋章公文失敗! );return;var strEdc = job.SavedEdcFile; /紅頭文件本地保存路徑var strBdc = job.SavedBdcFile; /黑頭文件本地保存路徑document.O