分类
知识中心

ActiveX控件数字签名

在针对IE浏览器发布ActiveX控件时,需要做到的安全措施为,首先开发控件完成,并且在开发控件过程中需要加入微软安全标记,这个是微软针对IE下的控件的一个安全策略,即必须要吧在IE中安装的控件标记为安全脚本。方法如下:

MFC ActiveX 控件作为安全标记为脚本和初始化

请按照下列步骤将您的 MFC ActiveX 控件标记为已为脚本安全和初始化的安全操作:

1.通过将以下 cathelp.h 和 cathelp.cpp 文件添加到您的项目来实现 CreateComponentCategory 和 RegisterCLSIDInCategory 的 helper 函数。

Cathelp.h

#include “comcat.h”

// Helper function to create a component category and associated

// description

HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription);

// Helper function to register a CLSID as belonging to a component

// category

HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid);

 

Cathelp.cpp

#include “comcat.h”

// Helper function to create a component category and associated

// description

HRESULT CreateComponentCategory(CATID catid, WCHAR* catDescription)

{

ICatRegister* pcr = NULL ;

HRESULT hr = S_OK ;

hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,

NULL,

CLSCTX_INPROC_SERVER,

IID_ICatRegister,

(void**)&pcr);

if (FAILED(hr))

return hr;

// Make sure the HKCR\Component Categories\{..catid…}

// key is registered

CATEGORYINFO catinfo;

catinfo.catid = catid;

catinfo.lcid = 0x0409 ; // english

// Make sure the provided description is not too long.

// Only copy the first 127 characters if it is

int len = wcslen(catDescription);

if (len>127)

len = 127;

wcsncpy(catinfo.szDescription, catDescription, len);

// Make sure the description is null terminated

catinfo.szDescription[len] = ‘\0’;

hr = pcr->RegisterCategories(1, &catinfo);

pcr->Release();

return hr;

}

// Helper function to register a CLSID as belonging to a component

// category

HRESULT RegisterCLSIDInCategory(REFCLSID clsid, CATID catid)

{

// Register your component categories information.

ICatRegister* pcr = NULL ;

HRESULT hr = S_OK ;

hr = CoCreateInstance(CLSID_StdComponentCategoriesMgr,

NULL,

CLSCTX_INPROC_SERVER,

IID_ICatRegister,

(void**)&pcr);

if (SUCCEEDED(hr))

{

// Register this category as being “implemented” by

// the class.

CATID rgcatid[1] ;

rgcatid[0] = catid;

hr = pcr->RegisterClassImplCategories(clsid, 1, rgcatid);

}

if (pcr != NULL)

pcr->Release();

return hr;

}

2.修改要标记为安全控件 DllRegisterServer。在.cpp 文件在您的项目中找到 DllRegisterServer 的实现。您需要将此.cpp 文件中添加几个对象。将实现 CreateComponentCategory 和 RegisterCLSIDInCategory 的文件包括:

#include “CatHelp.h”

定义 GUID 与安全组件类别相关联:

const CATID CATID_SafeForScripting =

{0x7dd95801,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};

const CATID CATID_SafeForInitializing =

{0x7dd95802,0x9882,0x11cf,{0x9f,0xa9,0x00,0xaa,0x00,0x6c,0x42,0xc4}};

定义 GUID 与您的控件相关联。为简单起见,可以通过从在主.cpp 文件中为该控件的 IMPLEMENT_OLECREATE_EX 宏中 GUID 来借用。略有调整格式,以使其外观将是以下:

const GUID CDECL BASED_CODE _ctlid =

{ 0x43bd9e45, 0x328f, 0x11d0,

{ 0xa6, 0xb9, 0x0, 0xaa, 0x0, 0xa7, 0xf, 0xc2 } };

收件人将您的控件标记为这两种安全的脚本和 $ 初始化,修改 DllRegisterServer 函数,如下所示:

STDAPI DllRegisterServer(void)

{

AFX_MANAGE_STATE(_afxModuleAddrThis);

if (!AfxOleRegisterTypeLib(AfxGetInstanceHandle(), _tlid))

return ResultFromScode(SELFREG_E_TYPELIB);

if (!COleObjectFactoryEx::UpdateRegistryAll(TRUE))

return ResultFromScode(SELFREG_E_CLASS);

if (FAILED( CreateComponentCategory(

CATID_SafeForScripting,

L”Controls that are safely scriptable”) ))

return ResultFromScode(SELFREG_E_CLASS);

if (FAILED( CreateComponentCategory(

CATID_SafeForInitializing,

L”Controls safely initializable from persistent data”) ))

return ResultFromScode(SELFREG_E_CLASS);

if (FAILED( RegisterCLSIDInCategory(

_ctlid, CATID_SafeForScripting) ))

return ResultFromScode(SELFREG_E_CLASS);

if (FAILED( RegisterCLSIDInCategory(

_ctlid, CATID_SafeForInitializing) ))

return ResultFromScode(SELFREG_E_CLASS);

return NOERROR;

}

不能将这些原因有两个正常情况下修改 DllUnregisterServer 函数:

•您不希望删除组件类别,因为其他控件可能正在使用它。

•尽管有 UnRegisterCLSIDInCategory 函数定义默认情况下 DllUnregisterServer 控制的项从注册表删除完全。因此,删除从该控件的注册的类别是很少使用。

编译,并注册您的控件后您应在注册表中找到以下项:

HKEY_CLASSES_ROOT\Component

Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKEY_CLASSES_ROOT\Component

Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKEY_CLASSES_ROOT\CLSID\{“your controls GUID”}\Implemented

Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKEY_CLASSES_ROOT\CLSID\{“your controls GUID”}\Implemented

Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}

 

控件开发完成后需要购买如VeriSign代码签名证书对控件进行签名,ocx和dll文件都需要签名,最后将签过名的ocx文件,dll文件与inf文件一起打包为cab文件,再次对cab文件进行数字签名,即可完成发布ActiveX控件的准备工作,然后可以直接在公网发布,并共用户下载安装使用。