本文主要通过简单实例，展示javascript调用微软CertEnroll及相关控件，实现对CSP数字证书的申请操作。

1. CSP读取及列表展示

...
var providerList = document.getElementById("cspprovider");
var certEnrollFactory = document.getElementById("oCertEnrollFactory");
var csps = certEnrollFactory.CreateObject("X509Enrollment.CCspInformations");
var csp = certEnrollFactory.CreateObject("X509Enrollment.CCspInformation");
var providerName = "";
var index = 0;
	
csps.AddAvailableCsps();
while (csps.Count > index) {
    csp = csps.ItemByIndex(index);
    providerName = csp.Name;
    option = new Option(providerName, index, false, true);
    providerList.add(option);

    providerName = "";
    index++;
}
...

2. 生成P10

...
var pkcs10 = "";
var dn = <dn>;
var csp = <csp>;
var keysize = <keysize>;

var certEnrollFactory = document.getElementById("oCertEnrollFactory");
var csp = certEnrollFactory.CreateObject("X509Enrollment.CCspInformation");
var csps = certEnrollFactory.CreateObject("X509Enrollment.CCspInformations");
var privateKey = certEnrollFactory.CreateObject("X509Enrollment.CX509PrivateKey");
var request = certEnrollFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
var objectIds = certEnrollFactory.CreateObject("X509Enrollment.CObjectIds");
var objectId = certEnrollFactory.CreateObject("X509Enrollment.CObjectId");
var x509ExtensionEnhancedKeyUsage = certEnrollFactory.CreateObject("X509Enrollment.CX509ExtensionEnhancedKeyUsage");
var extensionTemplate = certEnrollFactory.CreateObject("X509Enrollment.CX509ExtensionTemplateName");
var distinguishedName = certEnrollFactory.CreateObject("X509Enrollment.CX500DistinguishedName");
var enroll = certEnrollFactory.CreateObject("X509Enrollment.CX509Enrollment");

csp.InitializeFromName(csp);
csps.Add(objCSP);

privateKey.Length = parseInt(keysize, 10);
privateKey.KeySpec = 2;
privateKey.ExportPolicy = 1;
privateKey.ProviderName = objCSP.Name;
privateKey.ProviderType = objCSP.Type;
privateKey.KeyUsage = 16777215;
privateKey.MachineContext = 0;
privateKey.CspInformations = csps;
request.InitializeFromPrivateKey(1, privateKey, "");
objectId.InitializeFromValue("1.3.6.1.5.5.7.3.2");
extensionTemplate.InitializeEncode("1.3.6.1.5.5.7.3.2,1.3.6.1.4.1.311.20.2.2,1.3.6.1.4.1.311.10.3.12,1.3.6.1.5.5.7.3.4");
request.X509Extensions.Add(extensionTemplate);
distinguishedName.Encode(dn, 0);
request.Subject = distinguishedName;
enroll.InitializeFromRequest(request);
pkcs10 = enroll.CreateRequest(1);
pkcs10 = pkcs10.replace(/\r\n/g, "");
...

3. 安装证书

...	
var certEnrollFactory = document.getElementById("oCertEnrollFactory");
var enroll = certEnrollFactory.CreateObject("X509Enrollment.CX509Enrollment");
enroll.Initialize(1)
enroll.InstallResponse(4, pkcs7, 0x7, "")
...

4. 证书读取

...
var certSN = <certsn>;
var commonName = <commonname>;
var myStore = new ActiveXObject("CAPICOM.Store");
var certificate;
	
myStore.Open(2, "My", 0);
var filteredCertificates = myStore.Certificates.Find(1, commonName);
for (i = 1; i <= filteredCertificates.Count; i++) {
    certificate = filteredCertificates.Item(i);
    if (certificate.SerialNumber == certSN) {
        break;
    }
}

...

5. 数字证书选择与签名

...
var plainText = "HELLO";
var signedData = "";
var signedData = new ActiveXObject("CAPICOM.SignedData");
var timeAttribute = new ActiveXObject("CAPICOM.Attribute");
var signer = new ActiveXObject("CAPICOM.Signer");
var myStore = new ActiveXObject("CAPICOM.Store");
    
myStore.Open(2, "My", 0);
var today = new Date();
var filteredCertificates = myStore.Certificates;
var selectedCertificate = filteredCertificates.Select();
signedData.Content = plainText;
signer.Certificate = selectedCertificate;
signer.Options = 2;
timeAttribute.Name = 0;
timeAttribute.Value = today.getVarDate();
signer.AuthenticatedAttributes.Add(timeAttribute);
signedData = signedData.Sign(signer, false, 0);
...