var oldPIN; //用户输入的原PIN码 var newPIN; //用户输入的新PIN码 var newPINcn; //用户输入的确认新PIN码 //Keynet标签定义 var LBL_DISAID = ""; var LBL_DISAIDSIG = ""; var LBL_PINSHAREKEY = ""; var LBL_PINHASH = ""; var LBL_ROOTCACERT = ""; var LBL_USERCERT = ""; //************************************************* //Name: AlertoldPINError //Function: 提示信息 //************************************************* function AlertoldPINError(alertStr) { alert(alertStr); forms.oldPIN.focus(); forms.oldPIN.value = ""; forms.confirm.disabled = false; return -1; } function AlertnewPINError(alertStr) { alert(alertStr); forms.newPIN.focus(); forms.newPIN.value = ""; forms.newPINcn.focus(); forms.newPINcn.value = ""; forms.confirm.disabled = false; return -1; } function InitDisa(temp) { var rt0; rt0 = PkiCom3.OpkiInit(); if (rt0 != 0) { alert("初始化Keynet设备失败,请重试!"); return -1; } rt0 = PkiCom3.OpkiLogin(1, temp); if (rt0 != 0) { alert("登录Keynet失败,请重试!"); return -2; } return 0; } /******************** 效验pin码,不能超过8位字符,只能由数字组成 ********************/ function verifyPin(pin) { var i; if(pin.length>8) { alert("pin码不能超过8位"); return -1; } for(i=0;i'9') { alert("pin码只能由0-9数字构成"); return -1; } } return 0; } //************************************************* //Name: ModifyPIN //Function: Modify User's PIN stored in Keynet //************************************************* function ModifyPIN() { var restatus; //函数返回值 oldPIN = forms.oldPIN.value; newPIN = forms.newPIN.value; newPINcn = forms.newPINcn.value; var flag_cert = 0; restatus = verifyPin(newPIN); if(restatus !=0) { alert("新pin码无法通过效验"); return -1; } if (oldPIN == "") AlertoldPINError("请输入原PIN码!"); else if (newPIN == "") AlertnewPINError("请输入新PIN码!"); else if (newPINcn == "") AlertnewPINError("请输入确认PIN码!"); else if (newPIN != newPINcn) AlertnewPINError("您输入的新PIN码与确认新PIN码不一致,请重试!"); else if (restatus = InitDisa(oldPIN) != 0) AlertoldPINError("请重新输入PIN码!"); else { forms.confirm.disabled = true; forms.cancel.disabled = true; alert("开始修改PIN码请稍后。。。"); //alert("生成PIN码的HASH"); var rt = PkiCom3.OpkiHashData( 0, oldPIN, oldPIN.length); //alert(" Hello 1="+rt); if (rt != 0) AlertoldPINError("生成PIN码的HASH值失败,请重试!"); else { //alert(" 2 生成PIN码的HASH值成功"); var sHash_pin_text = PkiCom3.outData; PkiCom3.CleanOutData(); LBL_PINHASH = getLBL_PINHASH(); rt = PkiCom3.OpkiReadLabel(getLBL_PINHASH(), 3); if (rt==-8){ Disalogout(); //空白KeyNet没有PIN码Hash alert("这是一个空白KeyNet,不能修改PIN码"); return -1; } if (rt!=0) { AlertoldPINError("请先初始化KeyNet后,然后修改PIN码"); } var sHash_pin_disa = PkiCom3.outData; PkiCom3.CleanOutData(); if (rt != 0) AlertoldPINError("从Keynet中获得PIN码HASH值失败,请重试!"); else if (sHash_pin_disa != sHash_pin_text) { //alert(sHash_pin_disa); //alert(sHash_pin_text); AlertoldPINError("您输入的原PIN码不正确,请重试!"); } else { //alert("存在证书"); LBL_PINSHAREKEY = getLBL_PINSHAREKEY(); rt = PkiCom3.OpkiReadLabel(LBL_PINSHAREKEY, 3); if (rt==-8){ Admin_KeyNet(newPIN); Disalogout(); //内部管理员的KeyNet没有ShareKey return 1; } if (rt != 0) AlertnewPINError("从Keynet中获取已加密的共享密钥失败,请重试!"); else //alert("从Keynet中获取已加密的共享密钥成功") //alert("ok5.0"); var sharekey_disa = PkiCom3.outData; //alert("ok5.0"+sharekey_disa); var sharekey_disa_length = PkiCom3.outDataLen; //alert("ok5.0"+sharekey_disa_length); PkiCom3.CleanOutData(); //PkiCom3.OwriteFile(sharekey_disa,"c:\\Mencsk_decode.txt"); //PkiCom3.WriteFile("c:\\Mencsk_encode.txt",sharekey_disa,sharekey_disa_length); rt = PkiCom3.OpkiPBKCryptData( 0, 0, oldPIN, sharekey_disa, sharekey_disa_length); //alert("ok5.2"); if (rt != 0) AlertnewPINError("对SHAREKEY解密获得SHAREKEY明文失败,请重试!"); else { //alert(" 6 对SHAREKEY解密获得SHAREKEY明文成功"); var sharekey_text = PkiCom3.outData; var sharekey_text_length = PkiCom3.outDataLen; //PkiCom3.OwriteFile(sharekey_text,"c:\\Msk_decode.txt"); //PkiCom3.WriteFile("c:\\Msk_encode.txt",sharekey_text,sharekey_text.length); //PkiCom3.OwriteFile(shareKey1,"C:\\FY_download.txt"); PkiCom3.CleanOutData(); rt = PkiCom3.OpkiPBKCryptData( 1, 0, newPIN, sharekey_text, sharekey_text_length); if (rt != 0) AlertnewPINError("加密SHAREKEY失败,请重试!"); else { //alert(" 7 加密SHAREKEY成功"); var sharekey_text_new = PkiCom3.outData; var sharekey_text_length_new = PkiCom3.outDataLen; PkiCom3.CleanOutData(); rt = PkiCom3.OpkiWriteLabel( getLBL_PINSHAREKEY(), 3, 2, sharekey_text_new); if (rt != 0) AlertnewPINError("将SHAREKEY写入Keynet失败,请重试!"); else { //alert(" 8 将SHAREKEY写入Keynet成功"); rt = PkiCom3.OpkiReadLabel(getLBL_USERCERT(), 2); if (rt != 0 && rt != -8) AlertoldPINError("读取私钥错误,请重试!"); else if (rt == 0) { //alert("读取私钥成功"); var private_key = PkiCom3.outData; var private_key_length = PkiCom3.outDataLen; PkiCom3.CleanOutData(); //alert(private_key); //存在证书,修改私钥保护口令 rt = PkiCom3.OpkiChangePrivkeyPasswd( getLBL_USERCERT(), oldPIN, newPIN); if (rt != 0) { AlertnewPINError("修改私钥保护口令失败,请重试!"); flag_cert = -1; } //alert("修改私钥保护口令成功") } //不存在证书 if (flag_cert != 0) { return -1; alert("不存在证书") } var rt = PkiCom3.OpkiHashData( 0, newPIN, newPIN.length); var Hash_pin_new = PkiCom3.outData; PkiCom3.CleanOutData(); if (rt != 0) AlertnewPINError("将新PIN码HASH失败,请重试!"); else { //alert("将新PIN码HASH成功"); rt = PkiCom3.OpkiWriteLabel( getLBL_PINHASH(), 3, 2, Hash_pin_new); if (rt != 0) AlertnewPINError("将新PIN码的HASH值写入Keynet失败,请重试!"); else { //alert("将新PIN码的HASH值写入Keynet成功"); rt = PkiCom3.OpkiSetPin(1, newPIN); if (rt != 0) AlertnewPINError("修改PIN码失败,请重试!"); } } } } } } } } rt = PkiCom3.OpkiLogout(); if (rt != 0) { //alert("退出Keynet失败!"); forms.confirm.disabled = false; return -1; } rt = PkiCom3.OpkiEnd(); if (rt != 0) { alert("PKI操作结束失败!"); forms.confirm.disabled = false; return -1; } forms.confirm.disabled = false; forms.cancel.disabled = false; return 1; } function Disalogout() { var rt0; rt0=PkiCom3.OpkiLogout(); if (rt0!=0){ alert("PKI控件退出失败"); return -1; } rt0=PkiCom3.OpkiEnd(); if (rt0!=0) { alert("PKI控件结束失败"); return -1; } return 1; } function Admin_KeyNet(newPIN){ var rt = PkiCom3.OpkiHashData( 0, newPIN, newPIN.length); var Hash_pin_new = PkiCom3.outData; PkiCom3.CleanOutData(); if (rt != 0) AlertnewPINError("将新PIN码HASH失败,请重试!"); else { rt = PkiCom3.OpkiWriteLabel( getLBL_PINHASH(), 3, 2, Hash_pin_new); if (rt != 0) AlertnewPINError("将新PIN码的HASH值写入Keynet失败,请重试!"); else { rt = PkiCom3.OpkiSetPin(1, newPIN); if (rt != 0) AlertnewPINError("修改PIN码失败,请重试!"); } } }