SecSeal应用集成方案 V10.doc

SecSeal安全电子印章系统应用集成方案一、 导入用户证书到数据库导入用户公钥证书到数据库，在应用中可以通过接口传入证书执行加密授权。1. 获取证书由凯特信安项目工程师协助，收集应用系统用户证书。2. 证书写入数据库 为用户表新建一列，用于存储证书内容。 读取数字证书内容，把“-BEGIN CERTIFICATE-”和“-END CERTIFICATE-”，去掉，把数字证书内容写入对应的用户表中。保存的证书格式如下：MIIDjjCCAvegAwIBAgIQFAhf/KTWYie5KKR+4AiCjDANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwOTE1MDcwMzIyWhcNMDgwOTE1MDcwMzIyWjCBrDEPMA0GA1UEAx4Ggs+I1W4KMRswGQYDVQQLExIzNTAxMjQxOTgxMDkxMzQ2MTIxDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMRswGQYDVQQHHhJ5j13eXgJuVlJNje8ANQA4U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHzAdBgkqhkiG9w0BCQETEHN1eXlAa2luZC5jb20uY24wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOACPw2XOUDmXjvzrYZPhjKFWIzhswBJ1Z0yAfLe0/lkjrGMPncWuDj6kH0DFimRPaRbBu1sJ3PDSCqPAgEwOrntTJ0JXkRJySPyodoYiUfIXW8AFn7J6H30WF3Jf91airdX+1bmK0sFROIXHOmyUqii8JF59e8Cb2NfRzdsw0WDAgMBAAGjgeowgecwHwYDVR0jBBgwFoAU1r3G/04GA5tRF5LpEIgFQ713SDEwHQYDVR0OBBYEFHcRqLvFaaOWO96wdu9YoauIf2B0MAsGA1UdDwQEAwID+DAMBgNVHRMEBTADAQEAMIGJBgNVHR8EgYEwfzB9oHugeaR3MHUxDTALBgNVBAMTBGNybDExDDAKBgNVBAsTA2NybDEMMAoGA1UECxMDMTE4MQowCAYDVQQLEwExMQ0wCwYDVQQKEwRmamNhMQ8wDQYDVQQHEwZmdXpob3UxDzANBgNVBAgTBmZ1amlhbjELMAkGA1UEBhMCY24wDQYJKoZIhvcNAQEFBQADgYEAWt0pZ7Dex4rdsZZl13RQkikD9JNWMj2qCaajpdX0p183+2f7vd+WuUDWP8FKaCsXKe8wPb0c8mDOwJLx7ajc2Hmd/9nIGqrn+71cvweXaIVHqmvRZ4TdYWD1vXiUuFHT4XAm7Rdj8jgGc4sEUvxUGLBuoj03F1sj07fxi1VxoJQ=二、 应用系统集成1. 增加“盖章”环节在应用系统中增加“盖章”环节，可以是一个页面按钮2. 在盖章页面中申明控件 盖章页面中 标签做如下配置： 在元素内包含有对控件的引用 ，如下所示: 在元素内必须包含有对引用控件的声明,如下所示: 在使用控件的表单中实例化控件，并给予对象ID号：3. 调用SecSeal盖章系统接口为“盖章”环节编写代码，SecSeal接口可以在页面脚本中使用。调用代码例子如下：function ExecOp(srcF,objF) /srcF为需要盖章的文件地址，可以为远程地址如：/ABC.doc/也可以为本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 编辑任务;job.Operation = 0x5; /对word文件盖章，同时输出红头和黑头job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自动退出if (! job.ExecEdit(srcF) ) alert( 文件盖章失败! );return;4. 判断流程中需要盖章的用户 确定流程中需要盖章及查看公文的用户假设流程中张三对文档盖章，李四接收查看文档。因此需要对张三和李四进行授权。 搜索数据库，找到这些用户的证书内容在应用程序中，所有用户表，找到张三和李四用户对应的证书内容，赋值给变量。strCert1 =MIIDkDCCAvmgAwIBAgIQCzKMFmLhOvS6fDsleT0jojANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwODA5MDIyMTIwWhcNMDgwODA5MDIyMTIwWjCBrjEPMA0GA1UEAx4GUhhmU2VPMRgwFgYDVQQLEw8zNTAxMTE4MTA2MTA1MDExDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMSEwHwYDVQQHHhh5j13eXgJmS1uJUzpqH2dRADEAMQA0U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHjAcBgkqhkiG9w0BCQETD2NjdHZidHhAMTYzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8FiUk/Fw7jZos5PAu4iKZLyWAN8HJ/2RIzzF3xT3iBzwz55FOpQQQdYAq8U6XR8er0njOzAqQ+rPbXCTS6LlKNoe4LNki2Sij4QApvHgljTkH7zBAVNERvsqK6Wr9KqJSF97RsyE1ai4bE9w1qypRBHVFLRLh6Y9untUE/WDNikCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQU5p5zenmbmfJxnM/rYyRr2V9LHkswCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTENMAsGA1UEAxMEY3JsMTEMMAoGA1UECxMDY3JsMQwwCgYDVQQLEwMxMTgxCjAIBgNVBAsTATExDTALBgNVBAoTBGZqY2ExDzANBgNVBAcTBmZ1emhvdTEPMA0GA1UECBMGZnVqaWFuMQswCQYDVQQGEwJjbjANBgkqhkiG9w0BAQUFAAOBgQCMzKB+7slIdw1dNY4GOEP8WPVpnHql+er27v4rowoOllfd+24z7RYYrisVwI5pbwfl+0JQ3r+6uLYODhm4O236rktH1HiPacDWx40wpRQVf4epXamNxy+A0jzEuU0UpM4qeC+gydUak9pFSo8hcFGFfAXFmZJkW0iIolEBlXRbLA=;strCert2=MIIDdTCCAt6gAwIBAgIQAkqRAuIsDVJ2i4A7Q7D/AzANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDcwMzA1MDgwNzEyWhcNMDgwMzA0MDgwNzEyWjCBkzENMAsGA1UEAx4ElkiNOzEbMBkGA1UECxMSMzUwMTExMTk4MjA5MTE0NzQ4MQ8wDQYDVQQKHgaOq079i8ExJTAjBgNVBAceHHmPXvpR73J5T+Fgb1uJUWhigGcvZwmWUFFsU/gxDzANBgNVBAceBnmPXd5eAjEPMA0GA1UECB4GeY9e+ncBMQswCQYDVQQGEwJDTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApDFUde+Ibgq66pSMbpQcfwUkWO9QjwKV0YpQSs9JzFFVDFUTIA0loTNkSI+KV9tCBN2+VxAJ9c/0geifISo1arkPwXQUDwxj8FPP3MkY+yhBX8xI4w+eGgGS1ZpJo19oH3lF1h+D4wUqS4uCNw4tWukxh4Q89hr77ho/xc1K5IcCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQUD1nwVcYEFMmBwmOwAMdyRwKLzH0wCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTELMAkGA1UEBhMCY24xDzANBgNVBAgTBmZ1amlhbjEPMA0GA1UEBxMGZnV6aG91MQ0wCwYDVQQKEwRmamNhMQowCAYDVQQLEwExMQwwCgYDVQQLEwMxMTgxDDAKBgNVBAsTA2NybDENMAsGA1UEAxMEY3JsMjANBgkqhkiG9w0BAQUFAAOBgQC7Hn/VaJUnUkBOqLGdyNHBOsdmgySg29Uf7lZBS5hTD1KDuSeq9ThGOtpsUFZHUCFm9FXATl4a7EzYBNiPiholoarfC+45amhQoZ83j8/kBJoDvs+Q43UGWlhrjN+eqRxkSbX/M8ElJhKVlrOoVcqLGMra5qPV5Stbt5byEUrRig=;5. 参数传入安全公文授权证书在程序中，使用ImportCerts方法把证书内容传入，多个证书之间使用“,”分隔。调用代码例子如下：function ExecOp(srcF,objF) /srcF为需要盖章的文件地址，可以为远程地址如：/ABC.doc/也可以为本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 编辑任务;job.Operation = 0x5; /对word文件盖章，同时输出红头和黑头job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自动退出var strCerts;var strCert1, strCert2;strCert1 =MIIDkDCCAvmgAwIBAgIQCzKMFmLhOvS6fDsleT0jojANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDYwODA5MDIyMTIwWhcNMDgwODA5MDIyMTIwWjCBrjEPMA0GA1UEAx4GUhhmU2VPMRgwFgYDVQQLEw8zNTAxMTE4MTA2MTA1MDExDzANBgNVBAoeBo6rTv2LwTEPMA0GA1UEBx4GeY9d3l4CMSEwHwYDVQQHHhh5j13eXgJmS1uJUzpqH2dRADEAMQA0U/cxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04xHjAcBgkqhkiG9w0BCQETD2NjdHZidHhAMTYzLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA8FiUk/Fw7jZos5PAu4iKZLyWAN8HJ/2RIzzF3xT3iBzwz55FOpQQQdYAq8U6XR8er0njOzAqQ+rPbXCTS6LlKNoe4LNki2Sij4QApvHgljTkH7zBAVNERvsqK6Wr9KqJSF97RsyE1ai4bE9w1qypRBHVFLRLh6Y9untUE/WDNikCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQU5p5zenmbmfJxnM/rYyRr2V9LHkswCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTENMAsGA1UEAxMEY3JsMTEMMAoGA1UECxMDY3JsMQwwCgYDVQQLEwMxMTgxCjAIBgNVBAsTATExDTALBgNVBAoTBGZqY2ExDzANBgNVBAcTBmZ1emhvdTEPMA0GA1UECBMGZnVqaWFuMQswCQYDVQQGEwJjbjANBgkqhkiG9w0BAQUFAAOBgQCMzKB+7slIdw1dNY4GOEP8WPVpnHql+er27v4rowoOllfd+24z7RYYrisVwI5pbwfl+0JQ3r+6uLYODhm4O236rktH1HiPacDWx40wpRQVf4epXamNxy+A0jzEuU0UpM4qeC+gydUak9pFSo8hcFGFfAXFmZJkW0iIolEBlXRbLA=;strCert2=MIIDdTCCAt6gAwIBAgIQAkqRAuIsDVJ2i4A7Q7D/AzANBgkqhkiG9w0BAQUFADBxMRcwFQYDVQQDHg55j176dwGP0IQlAEMAQTEnMCUGA1UECh4eeY9e+ncBZXBbV1uJUWiLwU5me6F0BmcJllBRbFP4MQ8wDQYDVQQHHgZ5j13eXgIxDzANBgNVBAgeBnmPXvp3ATELMAkGA1UEBhMCQ04wHhcNMDcwMzA1MDgwNzEyWhcNMDgwMzA0MDgwNzEyWjCBkzENMAsGA1UEAx4ElkiNOzEbMBkGA1UECxMSMzUwMTExMTk4MjA5MTE0NzQ4MQ8wDQYDVQQKHgaOq079i8ExJTAjBgNVBAceHHmPXvpR73J5T+Fgb1uJUWhigGcvZwmWUFFsU/gxDzANBgNVBAceBnmPXd5eAjEPMA0GA1UECB4GeY9e+ncBMQswCQYDVQQGEwJDTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApDFUde+Ibgq66pSMbpQcfwUkWO9QjwKV0YpQSs9JzFFVDFUTIA0loTNkSI+KV9tCBN2+VxAJ9c/0geifISo1arkPwXQUDwxj8FPP3MkY+yhBX8xI4w+eGgGS1ZpJo19oH3lF1h+D4wUqS4uCNw4tWukxh4Q89hr77ho/xc1K5IcCAwEAAaOB6jCB5zAfBgNVHSMEGDAWgBTWvcb/TgYDm1EXkukQiAVDvXdIMTAdBgNVHQ4EFgQUD1nwVcYEFMmBwmOwAMdyRwKLzH0wCwYDVR0PBAQDAgP4MAwGA1UdEwQFMAMBAQAwgYkGA1UdHwSBgTB/MH2ge6B5pHcwdTELMAkGA1UEBhMCY24xDzANBgNVBAgTBmZ1amlhbjEPMA0GA1UEBxMGZnV6aG91MQ0wCwYDVQQKEwRmamNhMQowCAYDVQQLEwExMQwwCgYDVQQLEwMxMTgxDDAKBgNVBAsTA2NybDENMAsGA1UEAxMEY3JsMjANBgkqhkiG9w0BAQUFAAOBgQC7Hn/VaJUnUkBOqLGdyNHBOsdmgySg29Uf7lZBS5hTD1KDuSeq9ThGOtpsUFZHUCFm9FXATl4a7EzYBNiPiholoarfC+45amhQoZ83j8/kBJoDvs+Q43UGWlhrjN+eqRxkSbX/M8ElJhKVlrOoVcqLGMra5qPV5Stbt5byEUrRig=;strCerts = strCert1;strCerts = strCerts + ,;strCerts = strCerts + strCert2;job.ImportCerts(strCerts);if (! job.ExecEdit(srcF) ) alert( 文件盖章失败! );return;6. 设定联合盖章权限注意：使用ImportCerts方法导入的证书默认可以进行联合盖章，如果需要控制其中部分用户不能对公文盖章和批注，可以有两种方法：A. 在设置界面手工设置不允许联合盖章B. 使用策略文件制定部分用户不允许盖章 盖章系统默认不允许授权人员对文档联合盖章，如下图所示：可以通过双击的方式来修改是否允许联合盖章 使用ImportCerts方法导入的证书，默认允许盖章。使用策略文件设定联合盖章权限 便利function ExecOp(srcF,objF) /srcF为需要盖章的文件地址，可以为远程地址如：/ABC.doc/也可以为本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 编辑任务;job.Operation = 0x5; /对word文件盖章，同时输出红头和黑头job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自动退出var strCerts;var strCert1, strCert2;strCerts = strCert1 + ,+ strCert2;job.ImportCerts(strCerts);nCertCount = job.GetImportedCertCount();for( nI=0; nInCertCount; nI+ ) nRet = job.SetCertItemValue( nI,_USER_ENABLE_COMBINE_SEAL_STATE, 0); /设置是否允许联合盖章，如果值为0不允许，值为1允许。var strXmlFile;strXmlFile = job.OutCertItemsToXml(); /生成用户策略文件alert(用户策略文件: + strXmlFile );job.StrategyFile = strXmlFile; /使用策略文件if (! job.ExecEdit(srcF) ) alert( 文件盖章失败! );return;设置完成后，效果如下所示：7. 判断用户是否完成操作ExecEdit方法调用盖章系统，并返回盖章是否成功，ExecSave方法执行保存盖章形成后的文件。如果这两个方法调用不返回错误，则表示用户盖章正常完成；如果返回错误，则表示用户在盖章过程中取消了操作。调用代码例子如下：function ExecOp(srcF,objF) /srcF为需要盖章的文件地址，可以为远程地址如：/ABC.doc/也可以为本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 编辑任务;job.Operation = 0x5; /对word文件盖章，同时输出红头和黑头job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自动退出/证书导入处理方法if (! job.ExecEdit(srcF) ) alert( 文件盖章失败! );return;if (! job.ExecSave(objF) ) /objF为要保存的文件名alert( 保存已件盖章公文失败! );return;8. 获取形成文件路径使用SavedEdcFile和SavedBdcFile属性，可以获得盖章完成后形成的红头文件和抄送文件本地保存临时路径。调用代码例子如下：function ExecOp(srcF,objF) /srcF为需要盖章的文件地址，可以为远程地址如：/ABC.doc/也可以为本地地址，如：file:/c:/Temp/ABC.docvar job = null;job = OAFormEdcProxy.CreateJob();job.JobName = 编辑任务;job.Operation = 0x5; /对word文件盖章，同时输出红头和黑头job.ReadOnly = true;job.AutoExit = true; /操作完成后是否自动退出/证书导入处理方法if (! job.ExecEdit(srcF) ) alert( 文件盖章失败! );return;if (! job.ExecSave(objF) ) /objF为要保存的文件名alert( 保存已件盖章公文失败! );return;var strEdc = job.SavedEdcFile; /红头文件本地保存路径var strBdc = job.SavedBdcFile; /黑头文件本地保存路径document.O