|
|
<%@ CODEPAGE=65001 'UTF-8%><%' certrqma.asp - (CERT)srv web - (R)e(Q)uest, (M)ore (A)dvanced ' Copyright (C) Microsoft Corporation, 1998 - 1999 %><!-- #include FILE=certsbrt.inc --><!-- #include FILE=certdat.inc --><% On Error Resume Next
' Exporting keys to a pvk file is only used by old code signing tools. ' (This is different from exporting both cert and keys in a pfx file.) ' Set this flag to true if you really need this functionality bEnableExportKeyToFile = True
Dim bFailed, nError bFailed=False nError = 0
If "Enterprise"=sServerType And "IE"=sBrowser Then
' get CA exchange cert and save into this page
Const CR_OUT_BASE64 =&H00000001 Const CR_PROP_CAEXCHGCERT=15 Const PROPTYPE_BINARY=3
Set ICertRequest2=Server.CreateObject("CertificateAuthority.Request") Public sCAExchangeCert Dim sCertificate sCertificate=ICertRequest2.GetCAProperty(sServerConfig, CR_PROP_CAEXCHGCERT, 0, PROPTYPE_BINARY, CR_OUT_BASE64) sCAExchangeCert=FormatBigString(sCertificate, " sCAExchange=sCAExchange & ")
'&H800B0113, CERT_E_INVALID_POLICY, treat it as OK If Err.Number<>0 And Err.Number <> &H800B0113 Then ' CA may be down. bFailed=True nError=Err.Number End If End If
'----------------------------------------------------------------- ' Format the big string as a concatenated VB string, breaking at the embedded newlines Function FormatBigString(sSource, sLinePrefix) Dim sResult, bCharsLeft, nStartChar, nStopChar, chQuote sResult="" chQuote=chr(34) bCharsLeft=True nStopChar=1
While (bCharsLeft) nStartChar=nStopChar nStopChar=InStr(nStopChar, sSource, vbNewLine)
If (nStopChar>0) Then sResult=sResult & sLinePrefix & chQuote & Mid(sSource, nStartChar, nStopChar-nStartChar) & chQuote & " & vbNewLine"
If (nStopChar>=Len(sSource)-Len(vbNewLine)) Then bCharsLeft=False End If
Else bCharsLeft=False End if sResult=sResult & vbNewLine nStopChar=nStopChar+Len(vbNewLine) Wend FormatBigString=sResult End Function%><HTML><Head> <Meta HTTP-Equiv="Content-Type" Content="text/html; charset=UTF-8"> <Title>Microsoft Certificate Services</Title></Head><%If True=bFailed Then %><Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF><Font ID=locPageFont Face="Arial"><%Else%><Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF OnLoad="postLoad();"><Font ID=locPageFont Face="Arial"><%End If%>
<Table Border=0 CellSpacing=0 CellPadding=4 Width=100% BgColor=#008080><TR> <TD><Font Color=#FFFFFF><LocID ID=locMSCertSrv><Font Face="Arial" Size=-1><B><I>Microsoft</I></B> Certificate Services -- <%=sServerDisplayName%> </Font></LocID></Font></TD> <TD ID=locHomeAlign Align=Right><A Href="/certsrv"><Font Color=#FFFFFF><LocID ID=locHomeLink><Font Face="Arial" Size=-1><B>Home</B></Font></LocID></Font></A></TD></TR></Table>
<%If True=bFailed Then %><P ID=locPageTitle1><Font Color=#FF0000><B>Error</B></Font><!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table>
<P ID=locErrorMsg> An unexpected error has occurred:<BR><BR><%If nError=&H800706BA Or nError=&H80070005 Then%> <LocID ID=locSvcNotStarted>The Certification Authority Service has not been started.</LocID><%ElseIf nError=&H800b0101 Then%> <LocID ID=locSvcNotValidDate>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</LocID><%Else%> <%=ICertRequest.GetErrorMessageText(nError, CR_GEMT_HRESULT_STRING)%><%End If%>
<%Else 'True<>bFailed%>
<Form Name=UIForm OnSubmit="goNext();return false;" Action="certlynx.asp" Method=Post><Input Type=Hidden Name=SourcePage Value="certrqma">
<P ID=locPageTitle> <B> Advanced Certificate Request </B><!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=></TD></TR></Table>
<Span ID=spnFixTxt Style="display:none"> <Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"><TR><TD ID=locBadCharError> <I>Please correct the fields marked in <B>RED</B>.</I> The e-mail address may contain the characters A-Z, a-z, 0-9, and some common symbols, but no extended characters. The country/region field must be a two letter ISO 3166 country/region code. </TD></TR></Table></Span><Span ID=spnErrorTxt Style="display:none"> <Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"> <TR><TD ID=locErrMsgBasic> <B>An error occurred</B> while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid. </TD></TR><TR><TD> <LocID ID=locErrorCause><B>Suggested cause:</B></LocID><BR> <Span ID=spnErrorMsg></Span> </TD></TR><TR> <TD ID=locErrorNumber><Font Size=-2>Error: <Span ID=spnErrorNum></Span></Font></TD> </TR> </Table></Span>
<Table Border=0 CellSpacing=0 CellPadding=0> <TR> <!-- establish column widths. --> <TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border --> <TD RowSpan=59 Width=4></TD> <!-- label spacing column --> <TD></TD> <!-- field column --> </TR> <%If "Enterprise"=sServerType Then%> <!-- Enterprise Options -->
<TR> <TD ID=locTemplateHead ColSpan=3><Font Size=-1><BR><Label For=lbCertTemplateID><locID ID=locTemplateHead><B>Certificate Template:</B></locID></Label></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR><TD></TD> <TD><Select Name=lbCertTemplate ID=lbCertTemplateID OnChange="handleTemplateChange();"><% Dim nWriteTemplateResult nWriteTemplateResult=WriteTemplateList() %> </Select></TD> </TR>
<%End If '"Enterprise"=sServerType%> <TR><TD ColSpan=3><%If "Enterprise"=sServerType Then%> <!-- Enterprise Options --><Span ID=spnIDInfo Style="display:none"><%End If '"Enterprise"=sServerType%><Table Border=0 CellSpacing=0 CellPadding=0> <TR> <!-- establish column widths. --> <TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border --> <TD RowSpan=59 Width=4></TD> <!-- label spacing column --> <TD></TD> <!-- field column --> </TR>
<TR><%If "StandAlone"=sServerType Then%> <TD ID=locIdentHeadStandAlone ColSpan=3><Font Size=-1><BR><B>Identifying Information:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD><%Else%> <TD ID=locIdentHeadEnterprise ColSpan=3><Font Size=-1><BR><B>Identifying Information For Offline Template:</B></Font></TD> </TR><!--<TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>--><%End If%> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locNameAlign Align=Right><Span ID=spnNameLabel><LocID ID=locNameLabel><Font Size=-1>Name:</Font></LocID></Span></TD> <TD><Input ID=locTbCommonName Type=Text MaxLength=64 Size=42 Name=tbCommonName></TD> </TR><TR> <TD ID=locEmailAlign Align=Right><Span ID=spnEmailLabel><LocID ID=locEmailLabel><Font Size=-1>E-Mail:</Font></LocID></Span></TD> <TD><Input ID=locTbEmail Type=Text MaxLength=128 Size=42 Name=tbEmail></TD> </TR><TR> <TD Height=8></TD> <TD></TD> </TR><TR> <TD ID=locCompanyAlign Align=Right><Span ID=spnCompanyLabel><LocID ID=locOrgLabel><Font Size=-1>Company:</Font></LocID></Span></TD> <TD><Input ID=locTbOrg Type=Text MaxLength=64 Size=42 Name=tbOrg Value="<%=sDefaultCompany%>"></TD> </TR><TR> <TD ID=locDepartmentAlign Align=Right><Span ID=spnDepartmentLabel><LocID ID=locOrgUnitLabel><Font Size=-1>Department:</Font></LocID></Span></TD> <TD><Input ID=locTbOrgUnit Type=Text MaxLength=64 Size=42 Name=tbOrgUnit Value="<%=sDefaultOrgUnit%>"></TD> </TR><TR> <TD Height=8></TD> <TD></TD> </TR><TR> <TD ID=locCityAlign Align=Right><Span ID=spnCityLabel><LocID ID=locLocalityLabel><Font Size=-1>City:</Font></LocID></Span></TD> <TD><Input ID=locTbLocality Type=Text MaxLength=128 Size=42 Name=tbLocality Value="<%=sDefaultLocality%>"></TD> </TR><TR> <TD ID=locStateAlign Align=Right><Span ID=spnStateLabel><LocID ID=locStateLabel><Font Size=-1>State:</Font></LocID></Span></TD> <TD><Input ID=locTbState Type=Text MaxLength=128 Size=42 Name=tbState Value="<%=sDefaultState%>"></TD> </TR><TR> <TD ID=locCountryAlign Align=Right><Span ID=spnCountryLabel><LocID ID=locCountryLabel><Font Size=-1>Country/Region:</Font></LocID></Span></TD> <TD><Input ID=locTbCountry Type=Text MaxLength=2 Size=2 Name=tbCountry Value="<%=sDefaultCountry%>"></TD> </TR>
</Table><%If "Enterprise"=sServerType Then%></Span><%End If '"Enterprise"=sServerType%> </TD></TR>
<%If "StandAlone"=sServerType Then%> <!-- Stand-Alone Options -->
<TR> <TD ID=locEKUHead ColSpan=3><Font Size=-1><BR><B>Type of Certificate Needed:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR><TD></TD> <TD><Select Name=lbUsageOID OnChange="handleUsageOID(true);"> <Option ID=locCliAuthCert Selected Value="1.3.6.1.5.5.7.3.2"> Client Authentication Certificate <Option ID=locEmailCert Value="1.3.6.1.5.5.7.3.4"> E-Mail Protection Certificate <Option ID=locSrvAuthCert Value="1.3.6.1.5.5.7.3.1"> Server Authentication Certificate <Option ID=locCodeSgnCert Value="1.3.6.1.5.5.7.3.3"> Code Signing Certificate <Option ID=locTimStmpCert Value="1.3.6.1.5.5.7.3.8"> Time Stamp Signing Certificate <Option ID=locIPSecCert Value="1.3.6.1.5.5.8.2.2"> IPSec Certificate <Option ID=locUserEKUCert Value="**"> Other... </Select></TD> </TR>
<TR><TD ID=locEkuAlign Align=Right><Span ID=spnEKUOther1 Style="display:none"><LocID ID=locUserEKULabel><Font Size=-1>OID:</Font></LocID></Span></TD> <TD><Span ID=spnEKUOther2 Style="display:none"><Input ID=locTbEKUOther Type=Text Name=tbEKUOther Value="1.3.6.1.5.5.7.3."></Span></TD> </TR>
<%End If%> <!-- common -->
<TR> <TD ID=locKeyOptHead ColSpan=3><Font Size=-1><BR><B>Key Options:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR>
<TR> <TD></TD> <TD><Font Size=-1> <Input Type=Radio ID=rbKG1 Name=rbKeyGen Value="0" OnClick="handleKeyGen();" Checked><Label For=rbKG1 ID=locNewKeyLabel>Create new key set</Label> <LocID ID=locSpc3> <LocID> <Input Type=Radio ID=rbKG2 Name=rbKeyGen Value="1" OnClick="handleKeyGen();"><Label For=rbKG2 ID=locExistKeyLabel>Use existing key set</Label> </Font></TD> </TR>
<TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locCSPLabel Align=Right><Font Size=-1><Label For=lbCSPID><locID ID=locCSPLabel>CSP:</locID></Label></Font></TD> <TD><Select Name=lbCSP ID=lbCSPID OnChange="handleCSPChange();"> <Option ID=locLoading>Loading...</Option> </Select></TD> </TR> <TR ID=trBadCSPForKeySpec Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locBadCSPForKeySpec><Font Size=-1><Span ID=spnBadCSPForKeySpecMsg></Span></Font></LocID></TD> </TR>
<TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locKeyUsageLabel Align=Right><Font Size=-1>Key Usage:</Font></TD> <TD><Font Size=-1> <Span ID=spnKeyUsageKeyExchange><Input Type=Radio ID=rbKU1 Name=rbKeyUsage Value="0" Checked OnClick="handleKeyUsageChange(false);"><Label For=rbKU1 ID=locKUExch>Exchange</Label><LocID ID=locSpc1> <LocID></Span> <Span ID=spnKeyUsageSignature><Input Type=Radio ID=rbKU2 Name=rbKeyUsage Value="1" OnClick="handleKeyUsageChange(false);"><Label For=rbKU2 ID=locKUSig>Signature</Label><LocID ID=locSpc2> <LocID></Span> <Span ID=spnKeyUsageBoth><Input Type=Radio ID=rbKU3 Name=rbKeyUsage Value="2" OnClick="handleKeyUsageChange(false);"><Label For=rbKU3 ID=locKUBoth>Both</Label></Span></Font></TD> </TR>
<TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locKeySizeLabel Align=Right ><Font Size=-1><Label For=locTbKeySize><locID ID=locKeySizeLabel>Key Size:</locID></Label></Font></TD> <TD><Table Border=0 CellPadding=0 CellSpacing=0> <TR> <TD RowSpan=2><Input ID=locTbKeySize Type=Text Name=tbKeySize Value="0" MaxLength=5 Size=4 OnPropertyChange="handleKeySizeChange();"> </TD> <TD ID=locKeySizeMinLabel Align=Right><Font Size=-2>Min:</Font></TD> <TD ID=locKeySizeMin Align=Right><Font Size=-2><Span ID=spnKeySizeMin></Span></Font></TD> <TD ID=locKeySizeCommon RowSpan=2><Font Size=-2> (common key sizes: <Span ID=spnKeySizeCommon></Span>)</Font></TD> </TR><TR> <TD ID=locKeySizeMaxLabel Align=Right><Font Size=-2>Max:</Font></TD> <TD ID=locKeySizeMax Align=Right><Font Size=-2><Span ID=spnKeySizeMax></Span></Font></TD> </TR> </Table></TD> </TR> <TR ID=trKeySizeBad Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locKeySizeBad><Font Size=-1><Span ID=spnKeySizeBadMsg></Span></Font></LocID></TD> </TR> <TR ID=trKeySizeBadSpc Style="display:none"><TD ColSpan=3 Height=4></TD></TR> <TR ID=trKeySizeWarn Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locKeySizeWarning><Font Size=-1><I>Warning: Large keys can take many hours to generate!</I></Font></LocID></TD> </TR> <TR ID=trKeyGenWarn Style="display:none"> <TD></TD> <TD><LocID ID=locKeyGenWarning><Font Size=-1><I>A key of this size will be generated </I>only<I> if a key for the <BR> specified usage does not already exist in the specified container.</I></Font></LocID></TD> </TR>
<TR ID=trGenContNameSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trGenContName> <TD></TD> <TD><Font Size=-1> <Input Type=Radio ID=rbGCN1 Name=rbGenContName Value="0" OnClick="handleGenContName();" Checked><Label For=rbGCN1 ID=locAutoContNameLabel>Automatic key container name</Label> <LocID ID=locSpc4> <LocID> <Input Type=Radio ID=rbGCN2 Name=rbGenContName Value="1" OnClick="handleGenContName();"><Label For=rbGCN2 ID=locUserContNameLabel>User specified key container name</Label> </Font></TD> </TR>
<TR ID=trContNameSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trContName Style="display:none"> <TD ID=locContainerNameLabel Align=Right><Font Size=-1>Container Name:</Font></TD> <TD><Font Size=-1><Input ID=locTbContainerName Type=Text Name=tbContainerName Size=20></Font></TD> </TR>
<TR ID=trMarkExportSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trMarkExport><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbMarkKeyExportable ID=cbMarkKeyExportable OnClick="handleMarkExport(false);"><Label For=cbMarkKeyExportable ID=locMarkExportLabel>Mark keys as exportable</Label> <%If bEnableExportKeyToFile Then%> <Span ID=spnMarkKeyExportable Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><Input Type=Checkbox Name=cbExportKeys ID=cbExportKeys OnClick="handleExportKeys();"><Label For=cbExportKeys ID=locExportToFileLabel>Export keys to file</Label> <Span ID=spnExportKeys Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locExpFileNameLabel>Full path name:</LocID> <Input ID=locTbExportKeyFile Type=Text Name=tbExportKeyFile Size=20 Value="*.pvk"> </Span> </Span> <%End If%> </Font></TD> </TR>
<TR ID=trStrongKeySpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trStrongKey> <TD></TD> <TD><Font Size=-1><Input Type=Checkbox ID=cbStrongKey Name=cbStrongKey OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbStrongKey ID=locStrongKeyLabel>Enable strong private key protection</Label></Font></TD> </TR>
<TR ID=trLMStoreSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trLMStore><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbLocalMachineStore ID=cbLocalMachineStore OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbLocalMachineStore ID=locLMStoreLabel>Store certificate in the local computer certificate store</Label><BR> <LocID ID=locAdminWarning><Img Src="certspc.gif" Alt="" Height=1 Width=25><I>Stores the certificate in the local computer store<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>instead of in the user's certificate store. Does not<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>install the root CA's certificate. You must be an<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>administrator to generate or use a key in the local<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>machine store.</I></Font></LocID></TD> </TR>
<TR> <TD ID=locAddOptHead ColSpan=3><Font Size=-1><BR><B>Additional Options:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=3></TD> </TR>
<TR><TD ColSpan=3 Height=6></TD></TR> <TR> <TD ID=locRequestFormatLabel Align=Right><Font Size=-1>Request Format:</Font></TD> <TD> <Input Type=Radio ID=rbFormatCMC Name=rbRequestFormat Value="0" Checked><Label For=rbFormatCMC ID=locFormatCMCLabel>CMC</Label> <LocID ID=locSpc5> <LocID> <Input Type=Radio ID=rbFormatPKCS10 Name=rbRequestFormat Value="1"><Label For=rbFormatPKCS10 ID=locFormatPKCS10Label>PKCS10</Label> </TD> </TR> <TR><TD ColSpan=3 Height=4></TD></TR>
<TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locHashAlgLabel Align=Right><Font Size=-1><Label For=lbHashAlgorithmID><locID ID=locHashAlgLabel>Hash Algorithm:</locID></Label></Font></TD> <TD><Select Name=lbHashAlgorithm ID=lbHashAlgorithmID></Select></TD> </TR> <TR><TD></TD><TD ID=locHashAlgWarning><Font Size=-1><I>Only used to sign request.</I></Font></TD></TR>
<TR><TD ColSpan=3 Height=8></TD></TR> <TR><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbSaveRequest ID=cbSaveRequest OnClick="handleSaveReq();"><Label For=cbSaveRequest ID=locSaveReqLabel>Save request to a file</Label> <Span ID=spnSaveRequest Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locReqFileNameLabel>Full path name:</LocID> <Input ID=locTbSaveReqFile Type=Text Name=tbSaveReqFile Size=20> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locSaveReqWarning><B>This request will be saved and not submitted.</B></LocID> </Span> </Font></TD> </TR>
<TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locAttribLabel Align=Right><Font Size=-1><Span ID=spnSubmitAttrLable><Label For=locTaAttrib><locID ID=locAttribLabel>Attributes:</locID></Label></Span></Font></TD> <TD><Span ID=spnSubmitAttrBox><TextArea ID=locTaAttrib Name=taAttrib Wrap=Off Rows=2 Cols=30></TextArea></SPan></TD> </TR>
<TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locFriendlyNameLabel Align=Right><Font Size=-1><Label For=locTbFriendlyName><locID ID=locFriendlyNameLabel>Friendly Name:</locID></Label></Font></TD> <TD><Font Size=-1><Input ID=locTbFriendlyName Type=Text Name=tbFriendlyName Size=20></Font></TD> </TR>
<TR><TD ColSpan=3><Font Size=-1><BR></Font></TD></TR> <TR><TD ColSpan=3 Height=2 BgColor=#008080></TD></TR> <TR><TD ColSpan=3 Height=3></TD></TR> <TR> <TD></TD> <TD ID=locSubmitAlign Align=Right> <Input ID=locBtnSubmit Type=Submit Name=btnSubmit Value="Submit >" Style="width:.75in"> <Input ID=locBtnSave Type=Submit Name=btnSave Value="Save" Style="width:.75in; display:none"> </TD> </TR> <TR><TD ColSpan=3 Height=20></TD></TR>
</Table></P>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table><!-- White HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#FFFFFF><Img Src="certspc.gif" Alt="" Height=5 Width=1></TD></TR></Table>
</Form></Font><!-- ############################################################ --><!-- End of standard text. Scripts follow --> <%bIncludeXEnroll=True%><%bIncludeGetCspList=True%><%bIncludeTemplateCode=True%><%bIncludeCheckClientCode=True%><!-- #include FILE=certsgcl.inc -->
<!-- This form we fill in and submit 'by hand'--><Span Style="display:none"><Form Name=SubmittedData Action="certfnsh.asp" Method=Post> <Input Type=Hidden Name=Mode> <!-- used in request ('newreq'|'chkpnd') --> <Input Type=Hidden Name=CertRequest> <!-- used in request --> <Input Type=Hidden Name=CertAttrib> <!-- used in request --> <Input Type=Hidden Name=FriendlyType> <!-- used on pending --> <Input Type=Hidden Name=ThumbPrint> <!-- used on pending --> <Input Type=Hidden Name=TargetStoreFlags> <!-- used on install ('0'|CSSLM)--> <Input Type=Hidden Name=SaveCert> <!-- used on install ('no'|'yes')--></FORM></Span>
<Script Language="JavaScript">
//================================================================ // PAGE GLOBAL VARIABLES
//---------------------------------------------------------------- // Strings to be localized var L_CspLoadErrNoneFound_ErrorMessage="An unexpected error occurred while getting the CSP list:\nNo CSPs could be found!"; var L_CspLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the CSP list.\""; var L_SetKeySize_Message="\"Set key size to \"+nKeySize"; var L_WarningTemplateKeySize_Message="\"You have selected a certificate template that requires a minimum key size of \" + nKeySize + \"bits, which is larger than the selected CSP maximum.\\nPlease select a different CSP.\""; var L_RecommendOneKeySize_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key size is \"+sCloseBelow+\".\""; var L_RecommendTwoKeySizes_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key sizes are \"+sCloseBelow+\" and \"+sCloseAbove+\".\""; var L_StillLoading_ErrorMessage="This page has not finished loading yet. Please wait a few seconds and try again."; var L_KeySizeNotNumber_ErrorMessage="Please enter a number for the key size."; var L_KeySizeBadNumber_ErrorMessage="\"Please enter a valid number for the key size. The key size must be\\nbetween \"+g_nCurKeySizeMin+\" and \"+g_nCurKeySizeMax+\", and be a multiple of \"+g_nCurKeySizeInc+\".\""; var L_CSPNotSupportTemplateKeySpec_Message="\"You may have selected a CSP that does not support the key type defined in the template. Please modify the key type in the template or select either different CSP or certificate template.\""; var L_TemplateKeySizeTooBig_ErrorMessage = "\"The certificate type you selected requires minimum key size of \" + g_nCurTemplateKeySizeMin + \".\\nIt is bigger than the maximum size of \" + g_nCurKeySizeMax + \".\\nPlease change the number or select a different CSP.\""; var L_NoCntnrName_ErrorMessage="Please enter a key container name."; var L_BadOid_ErrorMessage="Please enter a valid OID, or choose a predefined certificate type.\nMultiple OIDs must be separated with a comma."; var L_NoExportFileName_ErrorMessage="Please enter a file name for exporting the keys."; var L_NoSaveReqFileName_ErrorMessage="Please enter a file name for saving the request."; var L_Generating_Message="Generating request..."; var L_UserEKUCert_Text="\"User-EKU (\"+sCertUsage+\") Certificate\""; var L_RequestSaved_Message="Request saved to file."; var L_Waiting_Message="Waiting for server response..."; var L_ErrNameUnknown_ErrorMessage="(unknown)"; var L_SugCauseNone_ErrorMessage="No suggestion."; var L_SugCauseBadCSP_ErrorMessage="The CSP you chose was unable to process the request. Try a different CSP."; var L_SugCauseKeysetFull_ErrorMessage="The security token does not have storage space available for an additional container."; var L_SugCauseBadSetting2_ErrorMessage="The CSP you chose does not support one or more of the settings you have made, such as key size, key spec, hash algorithm, etc. Try using different settings or a different CSP."; var L_SugCauseBadKeyContainer_ErrorMessage="Either the key container you specified does not exist, or the CSP you chose was unable to process the request. Enter the name of an existing key container; choose 'Create new keyset'; or try a different CSP."; var L_SugCauseExistKeyContainer_ErrorMessage="The container you named already exists. When creating a new key, you must use a new container name."; var L_SugCauseBadChar_ErrorMessage="You entered an invalid character. Report a bug, because this should have been caught in validation."; var L_SugCauseBadHash_ErrorMessage="The hash algorithm you selected cannot be used for signing. Please select a different hash algorithm."; var L_SugCauseNoFileName_ErrorMessage="You did not enter a file name."; var L_SugCauseCryptArchivableNotSupp_ErrorMessage="The CSP you chose does not support the creation of keys which can be archived but not exported."; var L_ErrNameNoFileName_ErrorMessage="(no file name)"; var L_SugCauseNotAdmin_ErrorMessage="You must be an administrator to generate a key in the local machine store."; var L_ErrNamePermissionDenied_ErrorMessage="Permission Denied"; var L_SugCausePermissionToWrite_ErrorMessage = "You do not have write permission to save the file to the path"; var L_SugCauseBadFileName_ErrorMessage="The file name you specified is not a valid file name. Try a different file name."; var L_SugCauseBadDrive_ErrorMessage="The drive you specified is not ready. Insert a disk in the drive or try a different file name."; var L_SugCauseNoProfile_ErrorMessage="The profile for the user is a temporary profile."; var L_SugCauseCAExSignerNotFound_ErrorMessage="A certificate chain could not be built to a trusted root authority."; var L_SugCauseCAExNotTrusted_ErrorMessage="A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."; var L_DownLevelClients_ErrorMessage="This error can be caused by requesting Key Archival for the new private key, which may not be supported on this platform."; var L_SugCauseCancelled_ErrorMessage="The operation was canceled by the user."; var L_SCARD_E_NOMEMORYMSG_ErrorMessage="Not enough memory available to complete this command."; var L_SCARD_F_WAITEDTOOLONG_ErrorMessage="An internal consistency timer has expired."; var L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage="The data buffer to receive returned data is too small for the returned data."; var L_SCARD_E_UNKNOWNREADER_ErrorMessage="The specified reader name is not recognized."; var L_SCARD_E_NOSMARTCARD_ErrorMessage="The operation requires a Smart Card, but no Smart Card is currently in the device."; var L_SCARD_E_UNKNOWNCARD_ErrorMessage="The specified smart card name is not recognized."; var L_SCARD_E_NOTREADY_ErrorMessage="The reader or smart card is not ready to accept commands."; var L_SCARD_F_COMMERROR_ErrorMessage="An internal communications error has been detected."; var L_SCARD_E_NOSERVICE_ErrorMessage="The Smart card resource manager is not running."; var L_SCARD_E_SERVICESTOPPED_ErrorMessage="The Smart card resource manager has shut down."; var L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage="Cannot find a smart card reader."; var L_SCARD_E_COMMDATALOST_ErrorMessage="A communications error with the smart card has been detected. Retry the operation."; var L_SCARD_E_NOKEYCONTAINER_ErrorMessage="The requested key container does not exist on the smart card."; var L_SCARD_W_UNPOWEREDCARD_ErrorMessage="Power has been removed from the smart card, so that further communication is not possible."; var L_SCARD_W_REMOVEDCARD_ErrorMessage="The smart card has been removed, so that further communication is not possible."; var L_SCARD_W_WRONGCHV_ErrorMessage="The card cannot be accessed because the wrong PIN was presented."; var L_SCARD_W_CHVBLOCKED_ErrorMessage="The card cannot be accessed because the maximum number of PIN entry attempts has been reached."; var L_SCARD_W_EOF_ErrorMessage="The end of the smart card file has been reached."; var L_SCARD_W_CANCELLEDBYUSER_ErrorMessage="The action was cancelled by the user."; var L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage="No PIN was presented to the smart card.";
<%If "Enterprise"=sServerType Then%> ; var L_TemplateLoadErrNoneFound_ErrorMessage="No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory."; var L_TemplateLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the certificate template list.\""; var L_TemplateCert_Text= "sFriendlyName+\" Certificate\""; <%End If%>
// IE is not ready until XEnroll has been loaded var g_bOkToSubmit=false; var g_bSubmitPending=false;
// some constants defined in wincrypt.h: var CRYPT_EXPORTABLE=1; var CRYPT_USER_PROTECTED=2; var CRYPT_MACHINE_KEYSET=0x20; var AT_KEYEXCHANGE=1; var AT_SIGNATURE=2; var CERT_SYSTEM_STORE_LOCATION_SHIFT=16; var CERT_SYSTEM_STORE_LOCAL_MACHINE_ID=2; var CERT_SYSTEM_STORE_LOCAL_MACHINE=CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT; var ALG_CLASS_ANY=0 var ALG_CLASS_SIGNATURE=1<<13; var ALG_CLASS_HASH=4<<13; var PROV_DSS=3; var PROV_DSS_DH=13; var PROV_DH_SCHANNEL=18;
// convenience constants, for readability var KEY_USAGE_EXCH=0; var KEY_USAGE_SIG=1; var KEY_USAGE_BOTH=2;
var XEKL_KEYSIZE_MIN=1; var XEKL_KEYSIZE_MAX=2; var XEKL_KEYSIZE_INC=3; var XEKL_KEYSIZE_DEFAULT=4; var XEKL_KEYSPEC_KEYX=1; var XEKL_KEYSPEC_SIG=2;
// defaults var KEY_LEN_MIN_DEFAULT=384; var KEY_LEN_MAX_DEFAULT=16384; var KEY_LEN_MY_DEFAULT=1024; var KEY_LEN_INC_DEFAULT=8;
// for key size var g_nCurKeySizeMax; var g_nCurKeySizeMin; var g_nCurKeySizeDefault; var g_nCurKeySizeInc; var g_bCSPUpdate;
var g_nCurTemplateKeySizeMin = 0; //init to 0
var XECR_PKCS10_V2_0=1; var XECR_PKCS7=2; var XECR_CMC=3;
var XECT_EXTENSION_V1=1; var XECT_EXTENSION_V2=2;
//================================================================ // INITIALIZATION ROUTINES
function removeV2KATemplate() { var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001; //downlevel machines, no V2 templates with KA var nTemplateCount = document.UIForm.lbCertTemplate.length; var n, sTemplate, sCTEOID; for (n = nTemplateCount - 1; n > -1 ; --n) { sTemplate = document.UIForm.lbCertTemplate.options[n].value; sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, sTemplate); var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, sTemplate); if ("" != sCTEOID && 0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL)) { //v2 template with KA document.UIForm.lbCertTemplate.options.remove(n); } } }
//---------------------------------------------------------------- // This contains the functions we want executed immediately after load completes function postLoad() { // Load an XEnroll object into the page loadXEnroll("postLoadPhase2()"); handleSaveReq(); handleCMCFormat(); <%If "Enterprise"=sServerType Then%> if (!isClientAbleToCreateCMC()) { //downlevel machines removeV2KATemplate(); } <%End If%> } function postLoadPhase2() { // continued from above var nResult;
// get the CSP list nResult=GetCSPList(); if (0!=nResult) { handleLoadError(nResult, L_CspLoadErrNoneFound_ErrorMessage, L_CspLoadErrUnexpected_ErrorMessage); return; }
<%If "StandAlone"<>sServerType And 0<>nWriteTemplateResult Then%> handleLoadError(<%=nWriteTemplateResult%>, L_TemplateLoadErrNoneFound_ErrorMessage, L_TemplateLoadErrUnexpected_ErrorMessage); return; <%End If%>
// Now we're ready to go g_bOkToSubmit=true;
<%If "Enterprise"=sServerType Then%> handleTemplateChange(); <%Else%> handleCSPChange(); <%End If%> // dynamic styles are not preserved so // make sure dynamic UI is updated after 'back' handleKeyGen(); handleMarkExport(false); handleExportKeys(); <%If "StandAlone"=sServerType Then%> handleUsageOID(false); <%End If%> }
//---------------------------------------------------------------- // handle errors from GetCSPList() and GetTemplateList() function handleLoadError(nResult, sNoneFound, sUnexpected) { if (-1==nResult) { alert(sNoneFound); } else { var sErrorNumber="0x"+toHex(nResult); alert(eval(sUnexpected)); } disableAllControls(); }
//================================================================ // PAGE MANAGEMENT ROUTINES
<%If "StandAlone"=sServerType Then%> //---------------------------------------------------------------- // handle the appearance of the text box when 'other...' is selected function handleUsageOID(bFocus) { if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value) { spnEKUOther1.style.display=''; spnEKUOther2.style.display=''; if (bFocus) { document.UIForm.lbUsageOID.blur(); document.UIForm.tbEKUOther.select(); document.UIForm.tbEKUOther.focus(); } } else { spnEKUOther1.style.display='none'; spnEKUOther2.style.display='none'; } } <%End If%>
<%If "Enterprise"=sServerType Then%> //----------------------------------------------------------------
function getTemplateValueInfo(nIndex, sTemplate) { var sValue=getTemplateStringInfo(nIndex, sTemplate); return parseInt(sValue); }
// handle a change in the current template function isDNNeeded() { var sValue=getTemplateStringInfo(CTINFO_INDEX_OFFLINE, null); if ("O"==sValue) { //offline template needs DN return true; }
//check template subject flag var lSubjectFlag = getTemplateValueInfo(CTINFO_INDEX_SUBJECTFLAG, null); var CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT=0x00000001; return (0x0 != (lSubjectFlag & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT)); }
function isTemplateKeyArchival() { var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001; var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null); return (0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL)); }
function isSMimeCapabilities() { var CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS=0x00000001; var lFlags=getTemplateValueInfo(CTINFO_INDEX_ENROLLFLAG, null); return (0x0 != (lFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS)); }
function getTemplateMinKeySize() { var lKeyFlags = getTemplateValueInfo(CTINFO_INDEX_KEYFLAG, null); return (lKeyFlags & 0xFFFF0000) >> 16; }
function updateCSPList() { //get csp list separated from template data var sCSPList = getTemplateStringInfo(CTINFO_INDEX_CSPLIST, null); if ("" != sCSPList) { updateCSPListFromStrings(sCSPList); } else { //remove current csps from list //strange reasons this remove code can't be in GetCSPList var n; var nCSP = document.UIForm.lbCSP.length; for (n = 0; n < nCSP-1; ++n) { document.UIForm.lbCSP.remove(0); } GetCSPList(); } }
//---------------------------------------------------------------- // handle a change in the current template function handleTemplateChange() { if (false==isDNNeeded()) { spnIDInfo.style.display="none"; } else { spnIDInfo.style.display=""; }
//update csp list from the template updateCSPList(); handleCSPChange();
//handle key spec var lKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null); var fDisabled = true; if ((0x0 != (AT_KEYEXCHANGE & lKeySpec)) && (0x0 != (AT_SIGNATURE & lKeySpec)) ) { document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; } else if (0x0 != (AT_KEYEXCHANGE & lKeySpec)) { document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true; } else if (0x0 != (AT_SIGNATURE & lKeySpec)) { document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true; } else { document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; fDisabled = false; } document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].disabled=fDisabled; document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].disabled=fDisabled; document.UIForm.rbKeyUsage[KEY_USAGE_SIG].disabled=fDisabled;
//update exportable control var lPrivateKeyFlags = getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null); var CT_FLAG_EXPORTABLE_KEY = 0x10; document.UIForm.cbMarkKeyExportable.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY)); handleMarkExport(true);
//update strong key protection control var CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED = 0x20; document.UIForm.cbStrongKey.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED)); handleStrongKeyAndLMStore(true);
//update template min key size g_nCurTemplateKeySizeMin = getTemplateMinKeySize();
//update key size handleKeyUsageChange(false);
//update CMC related handleCMCFormat();
var lRASignatures = getTemplateValueInfo(CTINFO_INDEX_RASIGNATURE, null); var fSave = 0 < lRASignatures; //enforce save to file, can't submit if signing document.UIForm.cbSaveRequest.checked = fSave; document.UIForm.cbSaveRequest.disabled = fSave; handleSaveReq();
} <%End If%>
//---------------------------------------------------------------- // handle a change in the current CSP function handleCSPChange() {
if (0 == document.UIForm.lbCSP.length) { //no csp, disable submit button document.UIForm.btnSubmit.disabled = true; return; } else { document.UIForm.btnSubmit.disabled = false; } var nCSPIndex=document.UIForm.lbCSP.selectedIndex; XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; var nProvType=document.UIForm.lbCSP.options[nCSPIndex].value; XEnroll.ProviderType=nProvType; <%If "Enterprise"=sServerType Then%> var nTemplateKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null); <%End If%>
// update the key spec options. If we support both, default to key exchange var nSupportedKeyUsages=XEnroll.GetSupportedKeySpec(); if (0==nSupportedKeyUsages) { nSupportedKeyUsages=AT_SIGNATURE | AT_KEYEXCHANGE; }
<%If "Enterprise"=sServerType Then%> if (0==nTemplateKeySpec) { nTemplateKeySpec=AT_SIGNATURE | AT_KEYEXCHANGE; } nSupportedKeyUsages = nTemplateKeySpec & nSupportedKeyUsages; <%End If%>
if (PROV_DSS==nProvType || PROV_DSS_DH==nProvType || PROV_DH_SCHANNEL==nProvType) { nSupportedKeyUsages=AT_SIGNATURE; }
if (0 == nSupportedKeyUsages) { spnBadCSPForKeySpecMsg.innerHTML=eval(L_CSPNotSupportTemplateKeySpec_Message); trBadCSPForKeySpec.style.display=""; } else { trBadCSPForKeySpec.style.display="none"; }
if (nSupportedKeyUsages&AT_SIGNATURE) { spnKeyUsageSignature.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true; } else { spnKeyUsageSignature.style.display="none"; }
if (nSupportedKeyUsages&AT_KEYEXCHANGE) { spnKeyUsageKeyExchange.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true; } else { spnKeyUsageKeyExchange.style.display="none"; }
if ((AT_SIGNATURE|AT_KEYEXCHANGE)==nSupportedKeyUsages) { spnKeyUsageBoth.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; } else { spnKeyUsageBoth.style.display="none"; }
handleKeyUsageChange(true); UpdateHashAlgList(nProvType); }
//---------------------------------------------------------------- // two cases invoke handleKeyUsageChange: // 1) csp selection change // 2) exchange vs. signature change function handleKeyUsageChange(bCSPChange) { // get the min, max, and default length from the CSP var bExchange=document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked || document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked ;
g_nCurKeySizeMax=MyGetKeyLen(XEKL_KEYSIZE_MAX, bExchange); g_nCurKeySizeMin=MyGetKeyLen(XEKL_KEYSIZE_MIN, bExchange); <%If "Enterprise"=sServerType Then%> if (0 != g_nCurTemplateKeySizeMin) { g_nCurKeySizeMin=Math.max(g_nCurKeySizeMin, g_nCurTemplateKeySizeMin); } <%End If%> g_nCurKeySizeDefault=MyGetKeyLen(XEKL_KEYSIZE_DEFAULT, bExchange); g_nCurKeySizeInc=MyGetKeyLen(XEKL_KEYSIZE_INC, bExchange);
// set to default lenth if ("0"==document.UIForm.tbKeySize.value || true == bCSPChange) { //"0" likely init load or typed in, not bad go default // or csp changed, set to default length document.UIForm.tbKeySize.value = g_nCurKeySizeDefault; }
// show the min and max spnKeySizeMin.innerText=g_nCurKeySizeMin; spnKeySizeMax.innerText=g_nCurKeySizeMax;
// keep the key size in bounds var nKeySize=parseInt(document.UIForm.tbKeySize.value); if (isNaN(nKeySize) || nKeySize>g_nCurKeySizeMax) { document.UIForm.tbKeySize.value=g_nCurKeySizeMax; } else if (nKeySize<g_nCurKeySizeMin) { //> document.UIForm.tbKeySize.value=g_nCurKeySizeMin; }
// update list of valid common key sizes var nPowerSize=128; var sCommonKeys=""; while (nPowerSize<g_nCurKeySizeMin) { //> nPowerSize*=2; } while (nPowerSize<=g_nCurKeySizeMax) { sCommonKeys+=getKeySizeLinkHtmlString(nPowerSize)+" "; nPowerSize*=2; } spnKeySizeCommon.innerHTML=sCommonKeys; handleKeySizeChange(); }
//---------------------------------------------------------------- function getKeySizeLinkHtmlString(nKeySize) { return "<Span tabindex=0 Style=\"cursor:hand; color:#0000FF; text-decoration:underline;\"" +" OnContextMenu=\"return false;\"" +" OnMouseOver=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\"" +" OnMouseOut=\"window.status='';return true;\"" +" OnMouseUp=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\"" +" OnKeyDown=\"if (13==event.keyCode) {document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;} else if (9==event.keyCode) {return true;};return false;\"" +" OnClick=\"document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;\">" +nKeySize+"</Span>"; }
//---------------------------------------------------------------- // morphing routine function handleSaveReq() { if (document.UIForm.cbSaveRequest.checked) { spnSaveRequest.style.display=''; document.UIForm.btnSubmit.style.display='none'; document.UIForm.btnSave.style.display=''; spnSubmitAttrLable.style.display='none'; spnSubmitAttrBox.style.display='none'; } else { spnSaveRequest.style.display='none'; document.UIForm.btnSubmit.style.display=''; document.UIForm.btnSave.style.display='none'; spnSubmitAttrLable.style.display=''; spnSubmitAttrBox.style.display=''; } }
//---------------------------------------------------------------- // morphing routine function handleMarkExport(fFromTemplate) { <%If bEnableExportKeyToFile Then%> if (document.UIForm.cbMarkKeyExportable.checked) { spnMarkKeyExportable.style.display=''; document.UIForm.cbMarkKeyExportable.disabled = false; } else { spnMarkKeyExportable.style.display='none'; if (fFromTemplate) { //disable it to enforce template non-exportable document.UIForm.cbMarkKeyExportable.disabled = true; } else { //enable document.UIForm.cbMarkKeyExportable.disabled = false; } } <%End If%> }
//---------------------------------------------------------------- // morphing routine function handleExportKeys() { <%If bEnableExportKeyToFile Then%> if (document.UIForm.cbExportKeys.checked) { spnExportKeys.style.display=''; } else { spnExportKeys.style.display='none'; } <%End If%> }
//---------------------------------------------------------------- // morphing routine function handleKeyGen() { if (document.UIForm.rbKeyGen[0].checked) { // create new keyset trGenContName.style.display=''; trGenContNameSpc.style.display=''; trKeyGenWarn.style.display='none';
handleGenContName(); <%If "Enterprise"=sServerType Then%> handleTemplateChange(); <%Else%> handleStrongKeyAndLMStore(false); <%End If%>
trMarkExport.style.display=''; trMarkExportSpc.style.display=''; } else { // Use existing key set trGenContName.style.display='none'; trGenContNameSpc.style.display='none'; trKeyGenWarn.style.display='';
handleGenContName(); handleStrongKeyAndLMStore(false);
document.UIForm.cbMarkKeyExportable.checked=false; trMarkExport.style.display='none'; trMarkExportSpc.style.display='none'; } }
//---------------------------------------------------------------- // morphing routine function handleGenContName() { if (document.UIForm.rbGenContName[0].checked && document.UIForm.rbKeyGen[0].checked) { trContName.style.display='none'; trContNameSpc.style.display='none'; } else { trContName.style.display=''; trContNameSpc.style.display=''; } }
//---------------------------------------------------------------- // morphing routine function handleSetContainer() { if (document.UIForm.cbSetContainer.checked) { spnNewContainer.style.display=''; } else { spnNewContainer.style.display='none'; } }
//---------------------------------------------------------------- // morphing routine function handleKeySizeChange() { var sKeySize = document.UIForm.tbKeySize.value; if (0 == sKeySize.indexOf("0")) { //first digit is 0, wipe it out document.UIForm.tbKeySize.value = ""; return; } var nKeySize=parseInt(sKeySize); if (isNaN(nKeySize)) { nKeySize=0; } if (nKeySize>2048) { trKeySizeWarn.style.display=''; } else { trKeySizeWarn.style.display='none'; } if (nKeySize<g_nCurKeySizeMin || nKeySize>g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) { // clamp the current key size to be within the range var nCloseBelow=nKeySize; if (nCloseBelow<g_nCurKeySizeMin) { //> nCloseBelow=g_nCurKeySizeMin; } else if (nCloseBelow>g_nCurKeySizeMax) { nCloseBelow=g_nCurKeySizeMax; } var nCloseAbove=nCloseBelow; // find closest values above and below nCloseBelow-=nCloseBelow%g_nCurKeySizeInc; nCloseAbove+=(g_nCurKeySizeInc-nCloseAbove%g_nCurKeySizeInc)%g_nCurKeySizeInc; var sCloseAbove=getKeySizeLinkHtmlString(nCloseAbove); var sCloseBelow=getKeySizeLinkHtmlString(nCloseBelow); if (g_nCurKeySizeMax < g_nCurTemplateKeySizeMin) { spnKeySizeBadMsg.innerHTML=eval(L_WarningTemplateKeySize_Message); } else if (nCloseAbove==nCloseBelow) { spnKeySizeBadMsg.innerHTML=eval(L_RecommendOneKeySize_Message); } else { spnKeySizeBadMsg.innerHTML=eval(L_RecommendTwoKeySizes_Message); } trKeySizeBad.style.display=""; trKeySizeBadSpc.style.display=""; } else { trKeySizeBad.style.display="none"; trKeySizeBadSpc.style.display="none"; } }
//---------------------------------------------------------------- // morphing routine function handleStrongKeyAndLMStore(fFromTemplate) { // If we took the value from the template, and the checkbox is checked, the disable it if (document.UIForm.cbStrongKey.checked && fFromTemplate) { //disable it to enforce template non-exportable document.UIForm.cbStrongKey.disabled = true; } else { document.UIForm.cbStrongKey.disabled = false ; }
if (document.UIForm.cbStrongKey.checked && document.UIForm.rbKeyGen[0].checked) { trLMStoreSpc.style.display='none'; trLMStore.style.display='none'; document.UIForm.cbLocalMachineStore.checked=false; } else { trLMStoreSpc.style.display=''; trLMStore.style.display=''; }
if (document.UIForm.cbLocalMachineStore.checked || !document.UIForm.rbKeyGen[0].checked) { trStrongKeySpc.style.display='none'; trStrongKey.style.display='none'; document.UIForm.cbStrongKey.checked=false; } else { trStrongKeySpc.style.display=''; trStrongKey.style.display=''; } } //---------------------------------------------------------------- // handle CMC Format function handleCMCFormat() { if (isClientAbleToCreateCMC()) { <%If "Enterprise"=sServerType Then%> //change request format controls if (isTemplateKeyArchival()) { //enforce CMC document.UIForm.rbRequestFormat[0].disabled=true; document.UIForm.rbRequestFormat[0].checked=true; document.UIForm.rbRequestFormat[1].disabled=true; } else { document.UIForm.rbRequestFormat[0].disabled=false; document.UIForm.rbRequestFormat[1].disabled=false; } <%End If%> } else { //no cmc, disable it, only pkcs10 document.UIForm.rbRequestFormat[0].disabled=true; document.UIForm.rbRequestFormat[1].disabled=true; document.UIForm.rbRequestFormat[1].checked=true; } }
//================================================================ // SUBMIT ROUTINES
//---------------------------------------------------------------- // determine what to do when the submit button is pressed function goNext() { if (false==g_bOkToSubmit) { alert(L_StillLoading_ErrorMessage); } else if (true==g_bSubmitPending) { // ignore, because we are already prcessing a request. } else { SubmitRequest(); } } //---------------------------------------------------------------- // check for invalid characters and empty strings function isValidIA5String(sSource) { var nIndex; for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { if (sSource.charCodeAt(nIndex)>127) { // NOTE: this is better, but not compatible with old browsers. return false; } }; return true; }
//---------------------------------------------------------------- // check for invalid characters function isValidCountryField(tbCountry) { tbCountry.value=tbCountry.value.toUpperCase(); var sSource=tbCountry.value; var nIndex, ch; if (0!=sSource.length && 2!=sSource.length) { return false; } for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { ch=sSource.charAt(nIndex) if (ch<"A" || ch>"Z") { return false; } }; return true; }
//---------------------------------------------------------------- // check for invalid characters in an OID function isValidOid(sSource) { var nIndex, ch; if (0==sSource.length) { return true; } for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { ch=sSource.charAt(nIndex) if (ch!="." && ch!="," && (ch<"0" || ch>"9")) { return false; } } return true; }
//---------------------------------------------------------------- // set a label to normal style function markLabelNormal(spn) { spn.style.color="#000000"; spn.style.fontWeight='normal'; }
//---------------------------------------------------------------- // set a label to error state function markLabelError(spn) { spn.style.color='#FF0000'; spn.style.fontWeight='bold'; }
//---------------------------------------------------------------- // check that the form has data in it function validateRequest() { markLabelNormal(spnNameLabel); markLabelNormal(spnEmailLabel); markLabelNormal(spnCompanyLabel); markLabelNormal(spnDepartmentLabel); markLabelNormal(spnCityLabel); markLabelNormal(spnStateLabel); markLabelNormal(spnCountryLabel); var bOK=true;
<%If "Enterprise"=sServerType Then%> if (true==isDNNeeded()) { <%End If%> var fldFocusMe=null; if (false==isValidCountryField(document.UIForm.tbCountry)) { bOK=false; fldFocusMe=document.UIForm.tbCountry; markLabelError(spnCountryLabel); } // document.UIForm.tbState.value OK // document.UIForm.tbLocality.value OK // document.UIForm.tbOrgUnit.value OK // document.UIForm.tbOrg.value OK if (false==isValidIA5String(document.UIForm.tbEmail.value)) { bOK=false; fldFocusMe=document.UIForm.tbEmail; markLabelError(spnEmailLabel); } <%If "StandAlone"=sServerType Then%> if ("1.3.6.1.5.5.7.3.4"==document.UIForm.lbUsageOID.value && ""==document.UIForm.tbEmail.value) { bOK=false; fldFocusMe=document.UIForm.tbEmail; markLabelError(spnEmailLabel); } if (""==document.UIForm.tbCommonName.value) { bOK=false; fldFocusMe=document.UIForm.tbCommonName; markLabelError(spnNameLabel); } <%End If%>
if (false==bOK) { spnFixTxt.style.display=''; window.scrollTo(0,0); fldFocusMe.focus(); } <%If "Enterprise"=sServerType Then%> } // <- End if offline template <%End If%>
<%If "StandAlone"=sServerType Then%> // Check the OID field if (true==bOK) { if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value && false==isValidOid(document.UIForm.tbEKUOther.value)) { alert(L_BadOid_ErrorMessage); document.UIForm.tbEKUOther.focus(); bOK=false; } } <%End If%>
// Check the keysize field if (true==bOK) { var nKeySize=parseInt(document.UIForm.tbKeySize.value); var sMessage; if (isNaN(nKeySize)) { sMessage=L_KeySizeNotNumber_ErrorMessage; bOK=false; } else if (g_nCurTemplateKeySizeMin > g_nCurKeySizeMax) { sMessage=eval(L_TemplateKeySizeTooBig_ErrorMessage); bOK = false; } else if (nKeySize < g_nCurKeySizeMin || nKeySize > g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) { sMessage=eval(L_KeySizeBadNumber_ErrorMessage); bOK=false; } if (false==bOK) { alert (sMessage); document.UIForm.tbKeySize.focus(); } }
// Check the container name if (true==bOK) { if (document.UIForm.rbKeyGen[1].checked || (document.UIForm.rbKeyGen[0].checked && document.UIForm.rbGenContName[1].checked)) { if (""==document.UIForm.tbContainerName.value) { bOK=false; alert(L_NoCntnrName_ErrorMessage); document.UIForm.tbContainerName.focus(); } } }
<%If bEnableExportKeyToFile Then%> // Check the exported private key file name if (true==bOK) { if (document.UIForm.rbKeyGen[0].checked && document.UIForm.cbMarkKeyExportable.checked && document.UIForm.cbExportKeys.checked) { if (""==document.UIForm.tbExportKeyFile.value) { bOK=false; alert(L_NoExportFileName_ErrorMessage); document.UIForm.tbExportKeyFile.focus(); } } } <%End If%>
// Check the saved-request file name if (true==bOK) { if (document.UIForm.cbSaveRequest.checked) { if (""==document.UIForm.tbSaveReqFile.value) { bOK=false; alert(L_NoSaveReqFileName_ErrorMessage); document.UIForm.tbSaveReqFile.focus(); } } }
return bOK; }
//---------------------------------------------------------------- function SubmitRequest() { g_bSubmitPending=true;
// check that the form is filled in spnErrorTxt.style.display='none'; spnFixTxt.style.display='none'; if (false==validateRequest()) { g_bSubmitPending=false; return; }
// show a nice message since request creation can take a while ShowTransientMessage(L_Generating_Message);
// Make the message show up on the screen, // then continue with 'SubmitRequest': // Pause 10 mS before executing phase 2, // so screen will have time to repaint. setTimeout("SubmitRequestPhase2();", 10); } function SubmitRequestPhase2() { // continued from above
<%If "StandAlone"=sServerType Then%> // // Stand-Alone Options //
// set the extended key usage and certificate request 'friendly type' var nUsageIndex=document.UIForm.lbUsageOID.selectedIndex; var sCertUsage; if ("**"==document.UIForm.lbUsageOID.options[nUsageIndex].value) { sCertUsage=document.UIForm.tbEKUOther.value; document.SubmittedData.FriendlyType.value=eval(L_UserEKUCert_Text); } else { sCertUsage=document.UIForm.lbUsageOID.options[nUsageIndex].value; document.SubmittedData.FriendlyType.value=document.UIForm.lbUsageOID.options[nUsageIndex].text; }
<%Else 'Enterprise%> // // Enterprise Options //
// get cert template info var lCTEVer = XECT_EXTENSION_V1; var lCTEMajor = 0; var bCTEfMinor = false; var lCTEMinor = 0; var sRealName = getTemplateStringInfo(CTINFO_INDEX_REALNAME, null); var sFriendlyName = getTemplateStringInfo(CTINFO_INDEX_FRIENDLYNAME, null); var sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, null); if ("" == sCTEOID) { //must v1 template, get template name sCTEOID = sRealName; } else { // v2 template lCTEVer = XECT_EXTENSION_V2; lCTEMajor = getTemplateValueInfo(CTINFO_INDEX_EXTMAJ, null); bCTEfMinor = getTemplateValueInfo(CTINFO_INDEX_EXTFMIN, null); lCTEMinor = getTemplateValueInfo(CTINFO_INDEX_EXTMIN, null); } // set the cert template vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor); document.SubmittedData.FriendlyType.value=eval(L_TemplateCert_Text);
var sCertUsage=""; // ignored
<%End If 'StandAlone or Enterprise%> // // Common //
// set the identifying info var sDistinguishedName=""; if (""!=document.UIForm.tbCountry.value) { sDistinguishedName+="C=\""+document.UIForm.tbCountry.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbState.value) { sDistinguishedName+="S=\""+document.UIForm.tbState.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbLocality.value) { sDistinguishedName+="L=\""+document.UIForm.tbLocality.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbOrg.value) { sDistinguishedName+="O=\""+document.UIForm.tbOrg.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbOrgUnit.value) { sDistinguishedName+="OU=\""+document.UIForm.tbOrgUnit.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbEmail.value) { sDistinguishedName+="E=\""+document.UIForm.tbEmail.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbCommonName.value) { sDistinguishedName+="CN=\""+document.UIForm.tbCommonName.value.replace(/"/g, "\"\"")+"\";"; } <%If "Enterprise"=sServerType Then%> if (false==isDNNeeded()) { sDistinguishedName=""; } <%End If%>
// append the local date to the type document.SubmittedData.FriendlyType.value+=" ("+(new Date()).toLocaleString()+")";
// // Key Options subheading: //
// set the 'SaveCert' flag to install the cert instead of saving document.SubmittedData.SaveCert.value="no"; // set the CSP var nCSPIndex=document.UIForm.lbCSP.selectedIndex; XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
// set the key size (the upper 16 bits of GenKeyFlags) // note: this value has already been validated var nKeySize=parseInt(document.UIForm.tbKeySize.value); XEnroll.GenKeyFlags=nKeySize<<16;
// set the KeyUsage if (document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked) { XEnroll.KeySpec=AT_KEYEXCHANGE; XEnroll.LimitExchangeKeyToEncipherment=true; } else if (document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked) { XEnroll.KeySpec=AT_SIGNATURE; XEnroll.LimitExchangeKeyToEncipherment=false; } else { // KEY_USAGE_BOTH XEnroll.KeySpec=AT_KEYEXCHANGE; XEnroll.LimitExchangeKeyToEncipherment=false; }
// set the 'use existing key set' flag if (document.UIForm.rbKeyGen[0].checked) { XEnroll.UseExistingKeySet=false; if (document.UIForm.rbGenContName[1].checked) { XEnroll.ContainerName=document.UIForm.tbContainerName.value; }
// set 'Strong private key protection' // note: upper 16 bits already set as key size if (document.UIForm.cbStrongKey.checked) { XEnroll.GenKeyFlags|=CRYPT_USER_PROTECTED; }
// mark the keys as exportable if (document.UIForm.cbMarkKeyExportable.checked) { XEnroll.GenKeyFlags|=CRYPT_EXPORTABLE;
<%If bEnableExportKeyToFile Then%> // set the key export file (.pvk) and save the cert instead of installing if (document.UIForm.cbExportKeys.checked) { XEnroll.PVKFileName=document.UIForm.tbExportKeyFile.value; document.SubmittedData.SaveCert.value="yes"; } <%End If%> }
} else { // set the 'use existing key set' flag XEnroll.UseExistingKeySet=true; XEnroll.ContainerName=document.UIForm.tbContainerName.value; }
// place the keys in the local machine store if (document.UIForm.cbLocalMachineStore.checked) {
// the keys attached to the dummy request cert go in the local machine store XEnroll.RequestStoreFlags=CERT_SYSTEM_STORE_LOCAL_MACHINE;
// used in CryptAcquireContext XEnroll.ProviderFlags=CRYPT_MACHINE_KEYSET;
// the keys attached to the final cert also go in the local machine store document.SubmittedData.TargetStoreFlags.value=CERT_SYSTEM_STORE_LOCAL_MACHINE; } else {
// the keys attached to the final cert also go in the user store document.SubmittedData.TargetStoreFlags.value=0; // 0=Use default (=user store) }
var dwCreateRequestFlag = XECR_CMC; if (document.UIForm.rbRequestFormat[1].checked) { dwCreateRequestFlag = XECR_PKCS10_V2_0; }
<%If "Enterprise"=sServerType Then%> //SMIME capabilities XEnroll.EnableSMIMECapabilities = isSMimeCapabilities();
//Key archival if (isTemplateKeyArchival()) { var nResult = SetPrivateKeyArchiveCertificate(); //call VB if (0 != nResult) { handleError(nResult); return; } } <%End If%>
if ("" != document.UIForm.tbFriendlyName.value) { //set friendly name property var CERT_FRIENDLY_NAME_PROP_ID=11; var XECP_STRING_PROPERTY=1; XEnroll.addBlobPropertyToCertificate(CERT_FRIENDLY_NAME_PROP_ID, XECP_STRING_PROPERTY, document.UIForm.tbFriendlyName.value); }
// // Additional Options subheading: //
// set the hash algorithm var nHashIndex=document.UIForm.lbHashAlgorithm.selectedIndex; XEnroll.HashAlgID=document.UIForm.lbHashAlgorithm.options[nHashIndex].value;
// set any extra attributes var sAttrib=document.UIForm.taAttrib.value; if (sAttrib.lastIndexOf("\r\n")!=sAttrib.length-2 && sAttrib.length>0) { sAttrib=sAttrib+"\r\n"; }
// for interop debug purposes sAttrib+="UserAgent:<%=Request.ServerVariables("HTTP_USER_AGENT")%>\r\n";
document.SubmittedData.CertAttrib.value=sAttrib;
// we are submitting a new request document.SubmittedData.Mode.value='newreq';
// // Create the request //
var nResult; var HRESULT_ERROR_CANCELLED=0x800704c7; var SCARD_W_CANCELLED_BY_USER=0x8010006e; var PVK_HELPER_PASSWORD_CANCEL=0x80097004;
if (document.UIForm.cbSaveRequest.checked) {
// build and save the certificate request var sSaveReqFile=document.UIForm.tbSaveReqFile.value; nResult=CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile); // ask VB to do it, since it can handle errors
} else { // build the certificate request nResult=CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage); // ask VB to do it, since it can handle errors } if (0 == nResult) { //always get thumbprint in case of pending document.SubmittedData.ThumbPrint.value=XEnroll.ThumbPrint; }
// hide the message box HideTransientMessage();
// reset XEnroll so the user can select a different CSP, etc. XEnroll.reset(); // however, make sure it still matches the UI. XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
// deal with an error if there was one if (0!=nResult) { g_bSubmitPending=false; if (0==(SCARD_W_CANCELLED_BY_USER^nResult) || 0==(PVK_HELPER_PASSWORD_CANCEL^nResult)) { //cancelled nResult=0; return; }
<%If "Enterprise"=sServerType Then%> if (isTemplateKeyArchival() && !document.UIForm.cbMarkKeyExportable.checked) { //they've tried to create an archivable key handleError2(nResult, L_SugCauseCryptArchivableNotSupp_ErrorMessage); } else { // use the regular error handling handleError(nResult); } <%Else%> // just use the regular error handling in the standalone case handleError(nResult); <%End If%>
return; }
// check for special "no submit" case if (document.UIForm.cbSaveRequest.checked) {
// just inform the user that it went OK, but don't submit alert(L_RequestSaved_Message); g_bSubmitPending=false;
} else {
// put up a new wait message ShowTransientMessage(L_Waiting_Message);
// Submit the cert request and move forward in the wizard document.SubmittedData.submit(); } }
//---------------------------------------------------------------- function handleError(nResult) { handleError2(nResult, 0); }
//---------------------------------------------------------------- function handleError2(nResult, sSugCauseIN) { var sSugCause=L_SugCauseNone_ErrorMessage; var sErrorName=L_ErrNameUnknown_ErrorMessage; // analyze the error - funny use of XOR ('^') because obvious choice '==' doesn't work if (0==(0x80090008^nResult)) { sErrorName="NTE_BAD_ALGID"; sSugCause=L_SugCauseBadSetting2_ErrorMessage; } else if (0==(0x80090016^nResult)) { sErrorName="NTE_BAD_KEYSET"; if (document.UIForm.rbKeyGen[0].checked) { sSugCause=L_SugCauseBadCSP_ErrorMessage; } else { sSugCause=L_SugCauseBadKeyContainer_ErrorMessage; } } else if (0==(0x80090019^nResult)) { sErrorName="NTE_KEYSET_NOT_DEF"; sSugCause=L_SugCauseBadCSP_ErrorMessage; } else if (0==(0x80090020^nResult)) { sErrorName="NTE_FAIL"; sSugCause=L_SugCauseBadCSP_ErrorMessage; } else if (0==(0x80090023^nResult)) { sErrorName="NTE_TOKEN_KEYSET_STORAGE_FULL"; sSugCause=L_SugCauseKeysetFull_ErrorMessage; } else if (0==(0x80090009^nResult)) { sErrorName="NTE_BAD_FLAGS"; sSugCause=L_SugCauseBadSetting2_ErrorMessage; } else if (0==(0x8009000F^nResult)) { sErrorName="NTE_EXISTS"; sSugCause=L_SugCauseExistKeyContainer_ErrorMessage; } else if (0==(0x80092002^nResult)) { sErrorName="CRYPT_E_BAD_ENCODE"; //sSugCause=""; } else if (0==(0x80092022^nResult)) { sErrorName="CRYPT_E_INVALID_IA5_STRING"; sSugCause=L_SugCauseBadChar_ErrorMessage; } else if (0==(0x80092023^nResult)) { sErrorName="CRYPT_E_INVALID_X500_STRING"; sSugCause=L_SugCauseBadChar_ErrorMessage; } else if (0==(0x80070003^nResult)) { sErrorName="ERROR_PATH_NOT_FOUND"; sSugCause=L_SugCauseBadFileName_ErrorMessage; } else if (0==(0x80070103^nResult)) { sErrorName="ERROR_NO_MORE_ITEMS"; sSugCause=L_SugCauseBadHash_ErrorMessage; } else if (0==(0x8007007B^nResult)) { sErrorName="ERROR_INVALID_NAME"; sSugCause=L_SugCauseBadFileName_ErrorMessage; } else if (0==(0x80070015^nResult)) { sErrorName="ERROR_NOT_READY"; sSugCause=L_SugCauseBadDrive_ErrorMessage; } else if (0==(0x8007007F^nResult)) { sErrorName="ERROR_PROC_NOT_FOUND"; sSugCause=L_DownLevelClients_ErrorMessage; } else if (0==(0x800704C7^nResult)) { sErrorNamge="ERROR_CANCELLED"; sSugCause=L_SugCauseCancelled_ErrorMessage; } else if (0==(0x80100006^nResult)) { sErrorName = "SCARD_E_NO_MEMORY"; sSugCause = L_SCARD_E_NOMEMORYMSG_ErrorMessage; } else if (0==(0x80100007^nResult)) { sErrorName = "SCARD_F_WAITED_TOO_LONG"; sSugCause = L_SCARD_F_WAITEDTOOLONG_ErrorMessage; } else if (0==(0x80100008^nResult)) { sErrorName = "SCARD_E_INSUFFICIENT_BUFFER"; sSugCause = L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage; } else if (0==(0x80100009^nResult)) { sErrorName = "SCARD_E_UNKNOWN_READER"; sSugCause = L_SCARD_E_UNKNOWNREADER_ErrorMessage; } else if (0==(0x8010000C^nResult)) { sErrorName = "SCARD_E_NO_SMARTCARD"; sSugCause = L_SCARD_E_NOSMARTCARD_ErrorMessage; } else if (0==(0x8010000D^nResult)) { sErrorName = "SCARD_E_UNKNOWN_CARD"; sSugCause = L_SCARD_E_UNKNOWNCARD_ErrorMessage; } else if (0==(0x80100010^nResult)) { sErrorName = "SCARD_E_NOT_READY"; sSugCause = L_SCARD_E_NOTREADY_ErrorMessage; } else if (0==(0x80100013^nResult)) { sErrorName = "SCARD_F_COMM_ERROR"; sSugCause = L_SCARD_F_COMMERROR_ErrorMessage; } else if (0==(0x8010001D^nResult)) { sErrorName = "SCARD_E_NO_SERVICE"; sSugCause = L_SCARD_E_NOSERVICE_ErrorMessage; } else if (0==(0x8010001E^nResult)) { sErrorName = "SCARD_E_SERVICE_STOPPED"; sSugCause = L_SCARD_E_SERVICESTOPPED_ErrorMessage; } else if (0==(0x8010002E^nResult)) { sErrorName = "SCARD_E_NO_READERS_AVAILABLE"; sSugCause = L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage; } else if (0==(0x8010002F^nResult)) { sErrorName = "SCARD_E_COMM_DATA_LOST"; sSugCause = L_SCARD_E_COMMDATALOST_ErrorMessage; } else if (0==(0x80100030^nResult)) { sErrorName = "SCARD_E_NO_KEY_CONTAINER"; sSugCause = L_SCARD_E_NOKEYCONTAINER_ErrorMessage; } else if (0==(0x80100067^nResult)) { sErrorName = "SCARD_W_UNPOWERED_CARD"; sSugCause = L_SCARD_W_UNPOWEREDCARD_ErrorMessage; } else if (0==(0x80100069^nResult)) { sErrorName = "SCARD_W_REMOVED_CARD"; sSugCause = L_SCARD_W_REMOVEDCARD_ErrorMessage; } else if (0==(0x8010006B^nResult)) { sErrorName = "SCARD_W_WRONG_CHV"; sSugCause = L_SCARD_W_WRONGCHV_ErrorMessage; } else if (0==(0x8010006C^nResult)) { sErrorName = "SCARD_W_CHV_BLOCKED"; sSugCause = L_SCARD_W_CHVBLOCKED_ErrorMessage; } else if (0==(0x8010006D^nResult)) { sErrorName = "SCARD_W_EOF"; sSugCause = L_SCARD_W_EOF_ErrorMessage; } else if (0==(0x8010006E^nResult)) { sErrorName = "SCARD_W_CANCELLED_BY_USER"; sSugCause = L_SCARD_W_CANCELLEDBYUSER_ErrorMessage; } else if (0==(0x8010006F^nResult)) { sErrorName = "SCARD_W_CARD_NOT_AUTHENTICATED"; sSugCause = L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage; } else if (0==(0x80090024^nResult)) { sErrorName = "NTE_TEMPORARY_PROFILE"; sSugCause = L_SugCauseNoProfile_ErrorMessage; } else if (0==(0xFFFFFFFF^nResult)) { sErrorName=L_ErrNameNoFileName_ErrorMessage; sSugCause=L_SugCauseNoFileName_ErrorMessage; } else if (0==(0x800B010A^nResult)) { sErrorName = "CERT_E_CHAINING"; sSugCause=L_SugCauseCAExSignerNotFound_ErrorMessage; } else if (0==(0x800B0109^nResult)) { sErrorName = "CERT_E_UNTRUSTEDROOT"; sSugCause=L_SugCauseCAExNotTrusted_ErrorMessage; } else if (0==(0x8000FFFF^nResult)) { sErrorName="E_UNEXPECTED"; } else if (0==(0x00000046^nResult)) { sErrorName=L_ErrNamePermissionDenied_ErrorMessage; if (document.UIForm.cbSaveRequest.checked) { sSugCause=L_SugCausePermissionToWrite_ErrorMessage; } else { sSugCause=L_SugCausePermissionToWrite_ErrorMessage; } } // modify the document text and appearance to show the error message spnErrorNum.innerText="0x"+toHex(nResult)+" - "+sErrorName; if (0 == sSugCauseIN) { spnErrorMsg.innerText=sSugCause; } else { spnErrorMsg.innerText=sSugCauseIN; } spnFixTxt.style.display='none'; spnErrorTxt.style.display='';
// back to the top so the messages show window.scrollTo(0,0); }
</Script> <Script Language="VBScript"> ' The current CA exchange certificate Public sCAExchangeCert sCAExchange=""<%=sCAExchangeCert%>
'----------------------------------------------------------------- ' call XEnroll to create a request, since javascript has no error handling Function CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage) On Error Resume Next XEnroll.ReuseHardwareKeyIfUnableToGenNew=False document.SubmittedData.CertRequest.value= _ XEnroll.CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage) CreateRequest=Err.Number End Function
'----------------------------------------------------------------- ' call XEnroll to create and save a request, since javascript has no error handling Function CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile) On Error Resume Next XEnroll.ReuseHardwareKeyIfUnableToGenNew=False XEnroll.createFileRequest dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile CreateAndSaveRequest=Err.Number End Function
'---------------------------------------------------------------- ' handle a change in the current CSP, since javascript has no error handling Sub UpdateHashAlgList(nProvType) On Error Resume Next Dim nIndex, nAlgID, oElem, bList, lCSPType Const CALG_SSL3_SHAMD5=32776 Const CALG_MAC=32773 Const CALG_HMAC=32777 Const CALG_MD5=32771
'really strange, I can't use nProvType in following If compare 'so I have to fetch from xenroll which is the same as nProvType:( lCSPType=XEnroll.ProviderType
' clear the list While document.UIForm.lbHashAlgorithm.length>0 document.UIForm.lbHashAlgorithm.options.remove(0) Wend
' retrieve the list from XEnroll nIndex=0 Do ' get the next AlgID nAlgID=XEnroll.EnumAlgs(nIndex, ALG_CLASS_HASH) If 0<>Err.Number Then ' no more algs Err.Clear Exit Do End If
bList = True
'GetAlgName is not cheap, try to reduce the call, check ID to filter out some unwanted hash
'can't use the following hash If CALG_SSL3_SHAMD5=nAlgID Or CALG_MAC=nAlgID Or CALG_HMAC=nAlgID Then bList = False End If
'DSS or DH won't work with MD5 If CALG_MD5=nAlgID And PROV_DSS=lCSPType Or CALG_MD5=nAlgID And PROV_DSS_DH=lCSPType or CALG_MD5=nAlgID And PROV_DH_SCHANNEL=lCSPType Then bList = False End If
If True=bList Then ' get the corresponding name and create an option in the list box sName=XEnroll.GetAlgName(nAlgID) Set oElem=document.createElement("Option") oElem.text=sName oElem.value=nAlgID document.UIForm.lbHashAlgorithm.options.add(oElem) End If nIndex=nIndex+1
Loop ' <- End alg enumeration loop
' make sure the first one is selectd document.UIForm.lbHashAlgorithm.selectedIndex=0
End Sub
'---------------------------------------------------------------- ' call XEnroll to get the key length, since javascript has no error handling Function MyGetKeyLen(nSizeSpec, bExchange) On Error Resume Next Dim nKeySpec If True=bExchange Then nKeySpec=XEKL_KEYSPEC_KEYX Else nKeySpec=XEKL_KEYSPEC_SIG End If MyGetKeyLen=XEnroll.GetKeyLenEx(nSizeSpec, nKeySpec) If 0<>Err.Number Then If XEKL_KEYSIZE_MIN=nSizeSpec Then MyGetKeyLen=KEY_LEN_MIN_DEFAULT ElseIf XEKL_KEYSIZE_MAX=nSizeSpec Then MyGetKeyLen=KEY_LEN_MAX_DEFAULT ElseIf XEKL_KEYSIZE_DEFAULT=nSizeSpec Then MyGetKeyLen=KEY_LEN_MY_DEFAULT 'try 1024 Else 'assume XEKL_KEYSIZE_INC=nSizeSpec MyGetKeyLen=KEY_LEN_INC_DEFAULT End If End If If XEKL_KEYSIZE_INC=nSizeSpec And 0=MyGetKeyLen Then MyGetKeyLen=KEY_LEN_INC_DEFAULT End If End Function
'---------------------------------------------------- ' set a certificate for key archive Function SetPrivateKeyArchiveCertificate() On Error Resume Next
XEnroll.PrivateKeyArchiveCertificate=sCAExchange SetPrivateKeyArchiveCertificate = Err.Number End Function
'---------------------------------------------------- ' set request template extension Function vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor) On Error Resume Next
XEnroll.addCertTypeToRequestEx lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor If 0 <> Err.Number Then 'possible on downlevel not supporting v2 encoding, change to v1 XEnroll.addCertTypeToRequestEx XECT_EXTENSION_V1, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor End If vbAddCertTypeToRequestEx=Err.Number End Function
</Script>
<%End If 'bFailed%>
</Body></HTML>
|
