<%@ CODEPAGE=65001 'UTF-8%>
<%' certsces.asp - (CERT)srv web - (S)mart (C)ard (E)nrollment (S)tation
' Copyright (C) Microsoft Corporation, 1998 - 1999 %>
<!-- #include FILE=certdat.inc -->
<HTML>
<Head>
<Meta HTTP-Equiv="Content-Type" Content="text/html; charset=UTF-8">
<Title>Microsoft Smart Card Enrollment Station</Title>
<Script Language="VBScript">
Option Explicit
'---------------------------------------------------------------------
' Page global constants and variables
' page state constants
Const e_ControlLoading=-1
Const e_PageLoading=0
Const e_PageDead=1
Const e_PagePreEnroll=2
Const e_PageEnrolling=3
Const e_PagePostEnrollOK=4
Const e_PagePostEnrollError=5
Const e_PagePostEnrollDisp=6
' special return value for GetTemplateList and UpdateCSPList
Const ERROR_NOITEMS=-1
Const ERROR_NOMATCHEDCSP=-2
' flag constants for SCrdEnrl
' flags for getCertTemplateCount and enumCertTemplateName
Const SCARD_ENROLL_ALL_CERT_TEMPLATE=0 'default
Const SCARD_ENROLL_USER_CERT_TEMPLATE=1
Const SCARD_ENROLL_MACHINE_CERT_TEMPLATE=2
Const SCARD_ENROLL_ENTERPRISE_CERT_TEMPLATE=&H08
Const SCARD_ENROLL_CROSS_CERT_TEMPLATE=&H20
Const SCARD_ENROLL_OFFLINE_CERT_TEMPLATE=&H10
' flags for enumCertTemplateName, getCertTemplateName and setCertTemplateName
Const SCARD_ENROLL_CERT_TEMPLATE_REAL_NAME=0 ' default
Const SCARD_ENROLL_CERT_TEMPLATE_DISPLAY_NAME=4
' flags for enumCAName, getCAName and setCAName
Const SCARD_ENROLL_CA_REAL_NAME=0 'default
Const SCARD_ENROLL_CA_MACHINE_NAME=1
Const SCARD_ENROLL_CA_DISPLAY_NAME=2
Const SCARD_ENROLL_CA_UNIQUE_NAME=3 'machineName\realName
' flags for getSigningCertificateName, getEnrolledCertificateName
Const SCARD_ENROLL_DISPLAY_CERT=0
Const SCARD_ENROLL_NO_DISPLAY_CERT=1
' flags for setUserName and getUserName
Const SCARD_ENROLL_SAM_COMPATIBLE_NAME=0 ' default
Const SCARD_ENROLL_UPN_NAME=1
' flags for setSigningCertificate and selectSigningCertificate
' Const SCARD_SELECT_TEMPLATENAME = 0
Const SCARD_SELECT_EKU = 1
Const FLAGS_NONE=0
' the state of fields that can be invalid
Dim g_bUserNameBad, g_bSigningCertBad, g_bTemplateBad, g_bCSPBad, g_fNewStation
' error string to display for e_PageDead and e_PagePostEnrollError
Dim g_sPageError
' Strings to be localized
Const L_DownloadingControl_Message="Downloading ActiveX control..."
Const L_BadCPU_ErrorMessage="""Your CPU ("" + sError + "") is not supported.""" ' sError will be replaced w/ cpu type
Const L_ControlLoadFailed_ErrorMessage="The proper version of the ActiveX control failed to download and install. You may not have sufficient permissions. Please ask your system administrator for assistance."
Const L_ControlLoadFailedEx_ErrorMessage="""An unexpected error ("" + sError + "") occurred while downloading and installing the proper version of the ActiveX control. Please ask your system administrator for assistance."""
Const L_PageLoading_Message="One moment please. Retrieving CSP list, certificate template list, and CA list."
Const L_ControlLoading_Message="One moment please. Loading ActiveX control."
Const L_PageDead_ErrorMessage="""An unexpected fatal error has occurred: "" + sError"
Const L_MustSelect001_Message="Please select a user to enroll."
Const L_MustSelect010_Message="Please select a signing certificate."
Const L_MustSelect011_Message="Please select a user to enroll and a signing certificate."
Const L_MustSelect100_Message="Please select a template which has a CA."
Const L_MustSelect101_Message="Please select a user to enroll and a template which has a CA."
Const L_MustSelect110_Message="Please select a signing certificate and a template which has a CA."
Const L_MustSelect111_Message="Please select a user to enroll and a signing certificate and a template which has a CA."
Const L_ReadyToEnroll_Message="Please insert the user's smart card into a reader and then press 'Enroll'."
Const L_PageEnrolling_Message="Please wait while the user is enrolled..."
Const L_PagePostEnrollOK_Message="The smart card is ready. Please press 'View Certificate' to make sure the certificate contains the correct personal information about the user."
Const L_PagePostEnrollError_ErrorMessage="""An unexpected error occurred. Error: "" + sError" '"""The smart card enrollment failed: "" + sError"
Const L_PagePostEnrollDisp_ErrorMessage="""Warning: "" + sError" '"""The smart card enrollment failed: "" + sError"
Const L_IntErrBadStatus_ErrorMessage="!! Internal error !! - unknown page status"
Const L_Unexpected_ErrorMessage="Unexpected Error"
Const L_RetrvTemplateList_Message="Retrieving template list..."
Const L_RetrvTemplateList_ErrorMessage="""An error ocurred while retrieving the template list. Error: "" + sError"
Const L_NoTemplates_ErrorMessage="(No templates found!)"
Const L_NoTemplatesLong_ErrorMessage="No templates could be found. There are no CAs from which you have permission to request a certificate, or an error occurred while accessing the Active Directory."
Const L_RetrvCSPList_Message="Retrieving CSP list..."
Const L_RetrvCSPList_ErrorMessage="""An error occurred while retrieving the CSP list. Error: "" + sError"
Const L_NoCSPs_ErrorMessage="(No CSPs found!)"
Const L_NoMatchedCSP_ErrorMessage="(No matched CSPs!)"
Const L_NoMatchedCSP_Message="The CSPs supported by the current template is not found on this computer. Select different templates or use template management snapin to add CSPs installed on this computer to the template."
Const L_RetrvCAList_Message="Retrieving CA list..."
Const L_NoCAs_ErrorMessage="(No CA available for this template)"
Const L_NoCertSelected_Message="(No certificate selected)"
Const L_SelectSignCert_ErrorMessage="""An unexpected error occurred while selecting the signing certificate. Error: "" + sError"
Const L_SelectUser_ErrorMessage="""An unexpected error occurred while selecting the user. Error: "" + sError"
Const L_NoUserSelected_Message="(No user selected)"
Const L_IntErrBadData_ErrorMessage="!! Internal Error !! - called enroll with invalid data"
Const L_IntErrSCrdEnrlError_ErrorMessage="!! Internal Error !! - the template, CA, or CSP was rejected"
Const L_Enrolling_Message="Enrolling..."
Const L_EnrlErrNotEnoughReaders_ErrorMessage="You do not have enough smart card readers installed on this system. You must have one smart card available after the signing certificate is selected."
Const L_EnrlErrInsertCard_ErrorMessage="Please insert the user's smart card."
Const L_EnrlErrRemoveCard_ErrorMessage="The smart card has been removed, so that further communication is not possible."
Const L_EnrlErrWrongCards_ErrorMessage="Too many smart cards of the same type are inserted. Please insert only one user smart card and try again."
Const L_EnrlErrCryptoError_ErrorMessage="An error has occur while performing a cryptographic operation on the smart card. If this problem persists, try using a different smart card."
Const L_EnrlErrNoSignCert_ErrorMessage="Cannot find the administrator signing smart card. Please insert the administrator smart card."
Const L_EnrlErrCardCSPMismatch_ErrorMessage="The user smart card you inserted does not match the selected cryptographic service provider (CSP). Please insert a different smart card or select the appropriate CSP."
Const L_EnrlErrCantEncode_ErrorMessage="The user's e-mail address cannot be encoded. The e-mail address may not contain extended characters."
Const L_EnrlErrSECURITY_VIOLATION_ErrorMessage="Access was denied because of a security violation."
Const L_EnrlErrCardCommunicate_ErrorMessage="A communications error with the smart card has been detected. Retry the operation."
Const L_EnrlErrUnexpected_ErrorMessage="""An unexpected error occurred. Error: "" + sError"
Const L_DispIncomplete_ErrorMessage="The certificate is not issued. CA incomplete error occurred. Please contact CA administrators."
Const L_DispError_ErrorMessage="The certificate is not issued. CA issuing error occurred. Please contact CA administrators."
Const L_DispDenied_ErrorMessage="The certificate is not issued. CA denied the request. Please contact CA administrators."
Const L_DispOutofband_ErrorMessage="The certificate is not issued. CA required out of band policy. Please contact CA administrators."
Const L_DispPending_ErrorMessage="The certificate is not issued because of pending. Smart Card Certificate Enrollment Station cannot handle pending request. Please select a template with no pending or contact CA administrators."
Const L_DispRevoked_ErrorMessage="The certificate is not issued. CA revoked the certificate. Please contact CA administrators."
'---------------------------------------------------------------------
' Set the dynamic status message and the state of the buttons, etc.
Sub LoadControl(sContinueCmd)
Dim sControlFileName, sCPU, sControl, chQuote
' determine the file name from the CPU type.
sCPU=LCase(navigator.cpuClass)
If 0<>strComp("x86", sCPU) And 0<>strComp("ia64", sCPU) Then
AbortPage evalErrorMessage(L_BadCPU_ErrorMessage, sCPU)
Exit Sub
End If
If Not g_fNewStation Then
'w2k or lower
sCPU = "w2k"
End If
<%
' Determine the appropriate file version for scrdenrl. W2K clients will get the file version of scrdw2k.dll,
' all others will get the file version of scrdenrl.dll
bUseNewControl = False
sHttpUserAgent = Request.ServerVariables("HTTP_USER_AGENT")
nIndex=InStr(sHttpUserAgent, "Windows NT 5.")
If 0 <> nIndex Then
If 0 < CInt(Right(Left(sHttpUserAgent, nIndex+13), 1)) Then
'newer than 5.0
bUseNewControl = True
End If
End If
If Not bUseNewControl Then
sScrdEnrlVersion = sScrdW2KVersion
End If
%>
' load the control
chQuote=chr(34)
sControl="<Object " & vbNewline _
& " ClassID=" & chQuote & "clsid:c2bbea20-1f2b-492f-8a06-b1c5ffeace3b" & chQuote & vbNewline _
& " CodeBase=" & chQuote & "/CertControl/" + sCPU + "/scrdenrl.dll#Version=<%=sScrdEnrlVersion%>" & chQuote & vbNewline _
& " ID=SCrdEnrl " & vbNewline _
& "></Object>"
'Alert "About to create:" & vbNewline & sControl
spnSCrdEnrl.innerHTML=sControl
' begin polling to see if the control is loaded
setTimeout "LoadControlPhase2(" & chQuote & sContinueCmd & chQuote & ")", 1
End Sub
'---------------------------------------------------------------------
' Wait until the corntrol is loaded
Function LoadControlPhase2(sContinueCmd)
' continued from above
Dim chQuote, nResult, sErrorNumber, sErrorMessage
chQuote=chr(34)
'Alert document.SCrdEnrl.readyState
' is the control loaded?
If 4<>document.SCrdEnrl.readyState Then ' 4=READYSTATE_COMPLETE
' no, show a message and wait a while
ShowTransientMessage(L_DownloadingControl_Message)
setTimeout "LoadControlPhase2(" & chQuote & sContinueCmd & chQuote & ")", 500
Else
' yes, hide the message and continue.
HideTransientMessage
' smoke test the control
nResult=ConfirmSCrdEnrlLoaded
If 0<>nResult Then
If 438=nResult Then
sErrorMessage=L_ControlLoadFailed_ErrorMessage
Else
sErrorNumber="0x" & Hex(nResult)
sErrorMessage=evalErrorMessage(L_ControlLoadFailedEx_ErrorMessage, sErrorNumber)
End If
AbortPage sErrorMessage
Exit Function
End If
execScript sContinueCmd, "VBScript"
End If
End Function
'-----------------------------------------------------------------
' Test to make sure SCrdEnrl loaded properly by calling a method on it.
' For best results, the method we call should only be available in the
' most recent version of the control, however any method will detect
' failure to create the object.
Function ConfirmSCrdEnrlLoaded()
On Error Resume Next
Dim nTest
nTest=document.SCrdEnrl.CSPCount
ConfirmSCrdEnrlLoaded=Err.Number
End Function
'---------------------------------------------------------------------
' Set the dynamic status message and the state of the buttons, etc.
Sub ChangePageStatusTo(eStatus)
' by default, hide everything
spnRetry.style.display="none"
spnViewCert.style.display="none"
spnNewUser.style.display="none"
spnEnroll.style.display="none"
document.UIForm.btnSelectSigningCert.disabled=True
document.UIForm.btnSelectUserName.disabled=True
document.UIForm.btnRetry.disabled=True
document.UIForm.btnViewCert.disabled=True
document.UIForm.btnNewUser.disabled=True
document.UIForm.btnEnroll.disabled=True
document.UIForm.lbCertTemplate.disabled=True
document.UIForm.lbCA.disabled=True
document.UIForm.lbCSP.disabled=True
If e_PageLoading=eStatus Then
spnStatus.innerText=L_PageLoading_Message
ElseIf e_ControlLoading=eStatus Then
spnStatus.innerText=L_ControlLoading_Message
ElseIf e_PageDead=eStatus Then
spnStatus.innerText=evalErrorMessage(L_PageDead_ErrorMessage, g_sPageError)
ElseIf e_PagePreEnroll=eStatus Then
' enable all the controls
document.UIForm.lbCertTemplate.disabled=False
If False=g_bTemplateBad Then
document.UIForm.lbCA.disabled=False ' don't enable the CA box if there are no CAs
End If
document.UIForm.lbCSP.disabled=False
document.UIForm.btnSelectSigningCert.disabled=False
document.UIForm.btnSelectUserName.disabled=False
' set the status based upon what the user still must select
If True=g_bUserNameBad Or True=g_bSigningCertBad Or True=g_bTemplateBad Or True=g_bCSPBad Then
If True=g_bTemplateBad Then
If True=g_bSigningCertBad Then
If True=g_bUserNameBad Then
spnStatus.innerText=L_MustSelect111_Message
Else
spnStatus.innerText=L_MustSelect110_Message
End If
Else
If True=g_bUserNameBad Then
spnStatus.innerText=L_MustSelect101_Message
Else
spnStatus.innerText=L_MustSelect100_Message
End If
End If
ElseIf True = g_bCSPBad Then
spnStatus.innerText=L_NoMatchedCSP_Message
Else
If True=g_bSigningCertBad Then
If True=g_bUserNameBad Then
spnStatus.innerText=L_MustSelect011_Message
Else
spnStatus.innerText=L_MustSelect010_Message
End If
Else
spnStatus.innerText=L_MustSelect001_Message
End If
End If
Else
spnStatus.innerText=L_ReadyToEnroll_Message
spnEnroll.style.display=""
document.UIForm.btnEnroll.disabled=False
End If
ElseIf e_PageEnrolling=eStatus Then
spnStatus.innerText=L_PageEnrolling_Message
ElseIf e_PagePostEnrollOK=eStatus Then
spnStatus.innerText=L_PagePostEnrollOK_Message
spnViewCert.style.display=""
document.UIForm.btnViewCert.disabled=False
spnNewUser.style.display=""
document.UIForm.btnNewUser.disabled=False
ElseIf e_PagePostEnrollError=eStatus Or e_PagePostEnrollDisp=eStatus Then
' enable all the controls
document.UIForm.lbCertTemplate.disabled=False
If False=g_bTemplateBad Then
document.UIForm.lbCA.disabled=False ' don't enable the CA box if there are no CAs
End If
document.UIForm.lbCSP.disabled=False
document.UIForm.btnSelectSigningCert.disabled=False
document.UIForm.btnSelectUserName.disabled=False
If e_PagePostEnrollError=eStatus Then
spnStatus.innerText=evalErrorMessage(L_PagePostEnrollError_ErrorMessage, g_sPageError)
Else
spnStatus.innerText=evalErrorMessage(L_PagePostEnrollDisp_ErrorMessage, g_sPageError)
End If
spnRetry.style.display=""
document.UIForm.btnRetry.disabled=False
spnNewUser.style.display=""
document.UIForm.btnNewUser.disabled=False
Else
spnStatus.innerText=L_IntErrBadStatus_ErrorMessage
End If
End Sub
Const SCARD_CTINFO_CSPLIST_FIRST=8
Const SCARD_CTINFO_CSPLIST_NEXT=9
'---------------------------------------------------------------------
' Populate the template list
Function GetTemplateList
On Error Resume Next
Const SCARD_CTINFO_EXT_OID=3
Const SCARD_CTINFO_ENROLLMENTFLAGS=11
Const SCARD_CTINFO_RA_SIGNATURES=13
Const CT_FLAG_PEND_ALL_REQUESTS=&H00000002
Dim nIndex, sRealName, sDisplayName, nTemplateCount, oElem, bDefaultSet, nRequestedTemplateFlags
Dim sCTEOid, nPendingFlags, fShowTemplate
Dim sSmartCardCSPs, sCSP
ShowTransientMessage L_RetrvTemplateList_Message
nRequestedTemplateFlags=SCARD_ENROLL_USER_CERT_TEMPLATE Or SCARD_ENROLL_ENTERPRISE_CERT_TEMPLATE Or SCARD_ENROLL_CROSS_CERT_TEMPLATE
' get the number of available templates
nTemplateCount=document.SCrdEnrl.getCertTemplateCount(nRequestedTemplateFlags)
If 0<>Err.Number Then
' unexpected error
GetTemplateList=Err.Number
AddOption document.UIForm.lbCertTemplate, "(" & L_Unexpected_ErrorMessage & " 0x" & HEX(Err.Number) & ")", ""
document.UIForm.lbCertTemplate.selectedIndex=0
HideTransientMessage
Exit Function
ElseIf 0=nTemplateCount Then
' No templates found
GetTemplateList=ERROR_NOITEMS 'our own error number
AddOption document.UIForm.lbCertTemplate, L_NoTemplates_ErrorMessage, ""
document.UIForm.lbCertTemplate.selectedIndex=0
HideTransientMessage
Exit Function
End If
If g_fNewStation Then
'get list of smart card csps
For nIndex=1 To document.SCrdEnrl.CSPCount
If 1 = nIndex Then
sSmartCardCSPs = document.SCrdEnrl.enumCSPName(nIndex-1, FLAGS_NONE)
End If
If 1 <> nIndex Then
sSmartCardCSPs = sSmartCardCSPs & "?" & document.SCrdEnrl.enumCSPName(nIndex-1, FLAGS_NONE)
End If
Next
End If
' set the default template to be the first one which has a CA
bDefaultSet=False
' loop over all the available templates and add them to the list box
For nIndex=1 To nTemplateCount
fShowTemplate = True
' add this template to the list box
sRealName = document.SCrdEnrl.enumCertTemplateName(nIndex-1, nRequestedTemplateFlags Or SCARD_ENROLL_CERT_TEMPLATE_REAL_NAME)
'check to see if V2 template
sCTEOid = document.ScrdEnrl.getCertTemplateInfo(sRealName, SCARD_CTINFO_EXT_OID)
If "" <> sCTEOid Then
'check to see if pending
nPendingFlags = document.ScrdEnrl.getCertTemplateInfo(sRealName, SCARD_CTINFO_ENROLLMENTFLAGS)
nPendingFlags = CT_FLAG_PEND_ALL_REQUESTS And nPendingFlags
If 0 <> nPendingFlags Then
'don't teake pending template
fShowTemplate = False
End If
If True=fShowTemplate Then
If 1 <> document.ScrdEnrl.getCertTemplateInfo(sRealName, SCARD_CTINFO_RA_SIGNATURES) Then
fShowTemplate = False
End If
End If
End If
If g_fNewStation Then
sCSP = Empty
sCSP = document.SCrdEnrl.getCertTemplateInfo(sRealName, SCARD_CTINFO_CSPLIST_FIRST)
If True = fShowTemplate And Not IsEmpty(sCSP) Then
fShowTemplate = False
'check to see if any matched CSP
While Not fShowTemplate And Not IsEmpty(sCSP)
If 0 <> InStr(sSmartCardCSPs, sCSP) Then
fShowTemplate = True
End If
If False = fShowTemplate Then
sCSP = Empty
sCSP = document.SCrdEnrl.getCertTemplateInfo(sRealName, SCARD_CTINFO_CSPLIST_NEXT)
End If
Wend
End If
End If
If True = fShowTemplate Then
sDisplayName=document.SCrdEnrl.enumCertTemplateName(nIndex-1, nRequestedTemplateFlags Or SCARD_ENROLL_CERT_TEMPLATE_DISPLAY_NAME)
'Alert "r:" & sRealName & " d:" & sDisplay Name
AddOption document.UIForm.lbCertTemplate, sDisplayName, sRealName
' if we haven't set the default and this template has a CA, make it the default
If False=bDefaultSet And 0<>document.SCrdEnrl.getCACount(sRealName) Then
document.UIForm.lbCertTemplate.selectedIndex=nIndex-1
bDefaultSet=True
End If
End If
Next
'just select the first template
document.UIForm.lbCertTemplate.selectedIndex=0
' we were successful
GetTemplateList=0
HideTransientMessage
End Function
'---------------------------------------------------------------------
' Populate the CSP list
Function UpdateCSPList
On Error Resume Next
Dim nIndex, sName, nCSPCount, oElem
Dim nListLength, sTemplateSupportedCSPs, sCSP, sCurrentTemplate
'init
g_bCSPBad = False
ShowTransientMessage L_RetrvCSPList_Message
'remove the current csp list
nListLength=document.UIForm.lbCSP.Options.length
For nIndex=1 To nListLength
' note that we keep deleting element 0 since
' the other options are automatically moved up one
document.UIForm.lbCSP.Options.remove(0)
Next
' get the number of available CSPs
nCSPCount=document.SCrdEnrl.CSPCount
If 0<>Err.Number Then
' unexpected error
g_bCSPBad = True
UpdateCSPList=Err.Number
AddOption document.UIForm.lbCSP, "(" & L_Unexpected_ErrorMessage & " 0x" & HEX(Err.Number) & ")", ""
document.UIForm.lbCSP.selectedIndex=0
HideTransientMessage
Exit Function
ElseIf 0=nCSPCount Then
' No CSPs found
g_bCSPBad = True
UpdateCSPList=ERROR_NOITEMS
AddOption document.UIForm.lbCSP, L_NoCSPs_ErrorMessage, ""
document.UIForm.lbCSP.selectedIndex=0
HideTransientMessage
Exit Function
End If
If g_fNewStation Then
'template change, update csp list
sTemplateSupportedCSPs = Empty
sCurrentTemplate=document.UIForm.lbCertTemplate.value
'get csp list separated by ?
sCSP = document.SCrdEnrl.getCertTemplateInfo(sCurrentTemplate, SCARD_CTINFO_CSPLIST_FIRST)
While Not IsEmpty(sCSP)
If IsEmpty(sTemplateSupportedCSPs) Then
sTemplateSupportedCSPs = sCSP
Else
sTemplateSupportedCSPs = sTemplateSupportedCSPs & "?" & sCSP
End If
sCSP = Empty
sCSP = document.SCrdEnrl.getCertTemplateInfo(sCurrentTemplate, SCARD_CTINFO_CSPLIST_NEXT)
Wend
End If
' loop over all the available CSPs and add them to the list box
For nIndex=1 To nCSPCount
sName=document.SCrdEnrl.enumCSPName(nIndex-1, FLAGS_NONE)
If Not g_fNewStation Then
AddOption document.UIForm.lbCSP, sName, sName
End If
If g_fNewStation Then
If IsEmpty(sTemplateSupportedCSPs) Then
AddOption document.UIForm.lbCSP, sName, sName
End If
If Not IsEmpty(sTemplateSupportedCSPs) Then
If 0 <> InStr(stemplateSupportedCSPs, sName) Then
AddOption document.UIForm.lbCSP, sName, sName
End If
End If
End If
Next
If 0 = document.UIForm.lbCSP.Options.length Then
' No macthed CSP
g_bCSPBad = True
UpdateCSPList = ERROR_NOMATCHEDCSP
AddOption document.UIForm.lbCSP, L_NoMatchedCSP_ErrorMessage, ""
document.UIForm.lbCSP.selectedIndex = 0
HideTransientMessage
Exit Function
End If
'set the default CSP selection
document.UIForm.lbCSP.selectedIndex=0
' we were successful
UpdateCSPList=0
HideTransientMessage
End Function
'---------------------------------------------------------------------
' Update the CA list based upon the currently selected cert template
Sub HandleTemplateChange
On Error Resume Next
Dim sCurrentTemplate, nListLength, nIndex, nCACount, sUniqueName, sDisplayName
Dim nResult
ShowTransientMessage L_RetrvCAList_Message
sCurrentTemplate=document.UIForm.lbCertTemplate.value
' delete the current CA selection list
nListLength=document.UIForm.lbCA.Options.length
For nIndex=1 To nListLength
' note that we keep deleting element 0 since
' the other options are automatically moved up one
document.UIForm.lbCA.Options.remove(0)
Next
'update the CA list based on the CertType
nCACount=document.SCrdEnrl.getCACount(sCurrentTemplate)
If 0=nCACount Then
AddOption document.UIForm.lbCA, L_NoCAs_ErrorMessage, ""
g_bTemplateBad=True
Else
' loop over all the available CAs and add them to the list box
For nIndex=1 To nCACount
sUniqueName=document.SCrdEnrl.enumCAName(nIndex-1, SCARD_ENROLL_CA_UNIQUE_NAME, sCurrentTemplate)
sDisplayName=document.SCrdEnrl.enumCAName(nIndex-1, SCARD_ENROLL_CA_DISPLAY_NAME, sCurrentTemplate)
'alert "r:" & sRealName & " d:" & sDisplayName
AddOption document.UIForm.lbCA, sDisplayName, sUniqueName
Next
g_bTemplateBad=False
End If
'set the default CertType selection
document.UIForm.lbCA.selectedIndex=0
' get the CSP list
nResult=UpdateCSPList()
' make sure focus stays put
document.UIForm.lbCertTemplate.focus
If ERROR_NOMATCHEDCSP = nResult Then
'don't abort the page
nResult = 0
End If
If 0<>nResult Then
AbortPage evalErrorMessage(L_RetrvCSPList_ErrorMessage, "(0x" & HEX(nResult) & ")")
Exit Sub
End If
HideTransientMessage
' refresh the state - may now be able to enroll
ChangePageStatusTo e_PagePreEnroll
End Sub
'---------------------------------------------------------------------
' Create a new select option add it to the list box
Sub AddOption(lbTarget, sText, sValue)
Dim oElem
Set oElem=document.createElement("Option")
oElem.text=sText
oElem.value=sValue
lbTarget.Options.Add oElem
End Sub
'---------------------------------------------------------------------
' Indicate a catastrophic error and don't let the user do anything further
Sub AbortPage(sMessage)
g_sPageError=sMessage
ChangePageStatusTo e_PageDead
Alert sMessage
End Sub
'---------------------------------------------------------------------
' Show a transient message
Sub ShowTransientMessage(sMessage)
window.status=sMessage
End Sub
'---------------------------------------------------------------------
' Hide the last transient message
Sub HideTransientMessage
window.status=""
End Sub
'---------------------------------------------------------------------
' Set up everything after the page loads
Sub PostLoad
' set the page status message and disable the controls
ChangePageStatusTo e_ControlLoading
' set the page-global variables
g_bUserNameBad=True
g_bSigningCertBad=True
g_bTemplateBad=True
g_bCSPBad = True
g_fNewStation = False
Dim sUserAgent, nIndex
sUserAgent=navigator.userAgent
nIndex=InStr(sUserAgent, "Windows NT 5.")
If 0 <> nIndex Then
If 0 < CInt(Right(Left(sUserAgent, nIndex+13), 1)) Then
'newer than 5.0
g_fNewStation = True
End If
End If
' load the ActiveX control
LoadControl "PostLoadPhase2()"
End Sub
'---------------------------------------------------------------------
' set the status message and continue setting up
Sub PostLoadPhase2
' set the page status message and disable the controls
ChangePageStatusTo e_PageLoading
' allow IE to update the screen
setTimeout "PostLoadPhase3", 1
End Sub
'---------------------------------------------------------------------
' Set up the CSP list and the template list
Sub PostLoadPhase3
On Error Resume Next
Dim nResult
' get the template list
nResult=GetTemplateList()
If 0<>nResult Then
If ERROR_NOITEMS=nResult Then
AbortPage L_NoTemplatesLong_ErrorMessage
Else
AbortPage evalErrorMessage(L_RetrvTemplateList_ErrorMessage, "(0x" & HEX(nResult) & ")")
End If
Exit Sub
End If
' update the CA list to reflect the currently selected template
HandleTemplateChange
' set the default signing certificate
If g_fNewStation Then
document.SCrdEnrl.setSigningCertificate SCARD_SELECT_EKU, "1.3.6.1.4.1.311.20.2.1"
Else
document.SCrdEnrl.setSigningCertificate FLAGS_NONE, "EnrollmentAgent"
End If
' ignore errors: if no default signing certificate, the user must pick one.
Err.Clear
' make the page reflect the default signing certificate
document.UIForm.tbSigningCert.value=document.SCrdEnrl.getSigningCertificateName(SCARD_ENROLL_NO_DISPLAY_CERT)
g_bSigningCertBad=False
If 0<>Err.Number Or ""=document.UIForm.tbSigningCert.value Then
document.UIForm.tbSigningCert.value=L_NoCertSelected_Message
g_bSigningCertBad=True
End If
' finished setting up, enable controls
ChangePageStatusTo e_PagePreEnroll
End Sub
'---------------------------------------------------------------------
' Select a signing certificate
Sub SelectSigningCert
On Error Resume Next
' ask SCrdEnrl to throw up UI to pick a signing cert
If g_fNewStation Then
document.SCrdEnrl.selectSigningCertificate SCARD_SELECT_EKU, "1.3.6.1.4.1.311.20.2.1"
Else
document.SCrdEnrl.selectSigningCertificate FLAGS_NONE, "EnrollmentAgent"
End If
'check error but skip cancel
If 0<>Err.Number And &H8010006E<>Err.Number And &H800704c7<>Err.Number Then
Alert evalErrorMessage(L_SelectSignCert_ErrorMessage, "(0x" & HEX(Err.Number) & ")")
End If
' make the page reflect what the user picked
document.UIForm.tbSigningCert.value=document.SCrdEnrl.getSigningCertificateName(SCARD_ENROLL_NO_DISPLAY_CERT)
g_bSigningCertBad=False
If 0<>Err.Number Or ""=document.UIForm.tbSigningCert.value Then
document.UIForm.tbSigningCert.value=L_NoCertSelected_Message
g_bSigningCertBad=True
End If
' refresh the state - may now be able to enroll
ChangePageStatusTo e_PagePreEnroll
End Sub
'---------------------------------------------------------------------
' Select a user name
Sub SelectUserName
On Error Resume Next
' ask SCrdEnrl to throw up UI to pick a user
document.SCrdEnrl.selectUserName(FLAGS_NONE)
If 0<>Err.Number Then
Alert evalErrorMessage(L_SelectUser_ErrorMessage, "(0x" & HEX(Err.Number) & ")")
End If
' make the page reflect what the user picked
document.UIForm.tbUserName.value=document.SCrdEnrl.getUserName(SCARD_ENROLL_UPN_NAME)
If 0<>Err.Number Then
'If we can not get the UPN name, get the SAM compatible name
Err.Clear
document.UIForm.tbUserName.value=document.SCrdEnrl.getUserName(SCARD_ENROLL_SAM_COMPATIBLE_NAME)
End If
g_bUserNameBad=False
If 0<>Err.Number Or ""=document.UIForm.tbUserName.value Then
document.UIForm.tbUserName.value=L_NoUserSelected_Message
g_bUserNameBad=True
End If
' refresh the state - may now be able to enroll
ChangePageStatusTo e_PagePreEnroll
End Sub
'---------------------------------------------------------------------
' Verify all the user input and begin the enrollment process
Sub Enroll
On Error Resume Next
Dim sTemplateName, sCAName, sCSPName, UserName, LenResult
' check to make sure all the fields are OK
If True=g_bUserNameBad Or True=g_bSigningCertBad Or True=g_bTemplateBad Or True = g_bCSPBad Then
AbortPage L_IntErrBadData_ErrorMessage
Exit Sub
End If
' tell SCrdEnrl what the user picked from the list boxes
' these should all be OK, since SCrdEnrl gave us these options
' set the template
sTemplateName=document.UIForm.lbCertTemplate.value
document.SCrdEnrl.setCertTemplateName SCARD_ENROLL_CERT_TEMPLATE_REAL_NAME, sTemplateName
' set the CA name
sCAName=document.UIForm.lbCA.value
document.SCrdEnrl.setCAName SCARD_ENROLL_CA_UNIQUE_NAME, sTemplateName, sCAName
' set the CSP
sCSPName=document.UIForm.lbCSP.value
document.SCrdEnrl.CSPName=sCSPName
' make sure SCrdEnrl is still happy so far
If 0<>Err.Number Then
AbortPage L_IntErrSCrdEnrlError_ErrorMessage
Exit Sub
End If
' signing cert is already set
' user name is already set
' everything looks great
' change the status
ChangePageStatusTo e_PageEnrolling
ShowTransientMessage L_Enrolling_Message
' give IE time to repaint the screen, then continue enrolling
setTimeout "EnrollPhase2", 1
End Sub
'---------------------------------------------------------------------
' Finish the enrollment process
Sub EnrollPhase2
On Error Resume Next
Const CR_DISP_INCOMPLETE =0
Const CR_DISP_ERROR =1
Const CR_DISP_DENIED =2
Const CR_DISP_ISSUED =3
Const CR_DISP_ISSUED_OUT_OF_BAND=4
Const CR_DISP_UNDER_SUBMISSION =5
Const CR_DISP_REVOKED =6
Dim nDisposition
Dim EnrollErr, sErrDescription
' actually do the enrollment
document.SCrdEnrl.enroll(FLAGS_NONE)
EnrollErr = Err.Number
If 0 <> EnrollErr Then
sErrDescription = Err.Description
End If
If g_fNewStation Then
nDisposition = document.ScrdEnrl.EnrollmentStatus
Else
nDisposition = CR_DISP_ISSUED
End If
' check for errors
If 0=EnrollErr And CR_DISP_ISSUED=nDisposition Then
' No errors. Yay!
ChangePageStatusTo e_PagePostEnrollOK
ElseIf 0=EnrollErr And CR_DISP_ISSUED<>nDisposition Then
'cert is not issued for some reasons
If CR_DISP_INCOMPLETE=nDisposition Then
g_sPageError=L_DispIncomplete_ErrorMessage
ElseIf CR_DISP_ERROR=nDisposition Then
g_sPageError=L_DispError_ErrorMessage
ElseIf CR_DISP_DENIED=nDisposition Then
g_sPageError=L_DispDenied_ErrorMessage
ElseIf CR_DISP_ISSUED_OUT_OF_BAND=nDisposition Then
g_sPageError=L_DispOutofband_ErrorMessage
ElseIf CR_DISP_UNDER_SUBMISSION=nDisposition Then
g_sPageError=L_DispPending_ErrorMessage
ElseIf CR_DISP_REVOKED=nDisposition Then
g_sPageError=L_DispRevoked_ErrorMessage
End If
'not issued
ChangePageStatusTo e_PagePostEnrollDisp
Alert g_sPageError
Else
' ERROR:
' determine what went wrong, by known error numbers
Dim sError, fCancel
fCancel = False
sError=Hex(EnrollErr)
If 0=strComp(sError, "80100017") Then
g_sPageError=L_EnrlErrNotEnoughReaders_ErrorMessage
ElseIf 0=strComp(sError, "8010000C") Then
g_sPageError=L_EnrlErrInsertCard_ErrorMessage
ElseIf 0=strComp(sError, "80070004") Then
g_sPageError=L_EnrlErrWrongCards_ErrorMessage
ElseIf 0=strComp(sError, "8010001C") Then
g_sPageError=L_EnrlErrCryptoError_ErrorMessage
ElseIf 0=strComp(sError, "8010002C") Then
g_sPageError=L_EnrlErrNoSignCert_ErrorMessage
ElseIf 0=strComp(sError, "8010000F") Then
g_sPageError=L_EnrlErrCardCSPMismatch_ErrorMessage
ElseIf 0=strComp(sError, "80100069") Then
g_sPageError=L_EnrlErrRemoveCard_ErrorMessage
ElseIf 0=strComp(sError, "80092022") Then
g_sPageError=L_EnrlErrCantEncode_ErrorMessage
ElseIf 0=strComp(sError, "8010002F") Then
g_sPageError=L_EnrlErrCardCommunicate_ErrorMessage
ElseIf 0=strComp(sError, "8010006A") Then
g_sPageError=L_EnrlErrSECURITY_VIOLATION_ErrorMessage
ElseIf 0=strComp(sError, "8010006E") Or 0=strComp(sError, "800704C7") Then
'skip cancel
fCancel = True
Else
g_sPageError=evalErrorMessage(L_EnrlErrUnexpected_ErrorMessage, "(0x" & sError & ")." & vbNewLine & sErrDescription)
End If
If fCancel Then
ChangePageStatusTo e_PagePreEnroll
Else
' Throw an alert box and change the page to show the error
ChangePageStatusTo e_PagePostEnrollError
Alert g_sPageError
End If
End If
HideTransientMessage
End Sub
'---------------------------------------------------------------------
' View the enrolled certificate
Sub ViewCert
On Error Resume Next
document.SCrdEnrl.getEnrolledCertificateName(SCARD_ENROLL_DISPLAY_CERT)
End Sub
'---------------------------------------------------------------------
' Reset a new user
Sub NewUser
On Error Resume Next
' get rid of the old user name
document.SCrdEnrl.resetUser()
document.UIForm.tbUserName.value=L_NoUserSelected_Message
g_bUserNameBad=True
' refresh the state
ChangePageStatusTo e_PagePreEnroll
End Sub
</Script>
<Script Language="JavaScript">
//--------------------------------------------------------------------
// perform substitution on the error string, because VBScript cannot
function evalErrorMessage(sMessage, sError) {
return eval(sMessage);
}
</Script>
</Head>
<Body Language="VBScript" OnLoad="PostLoad" BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF><Font ID=locPageFont Face="Arial">
<Table Border=0 CellSpacing=0 CellPadding=4 Width=100% BgColor=#008080>
<TR>
<TD><Font Color=#FFFFFF><LocID ID=locMSCertSrv><Font Face="Arial" Size=-1><B><I>Microsoft</I></B> Certificate Services</Font></LocID></Font></TD>
<TD ID=locHomeAlign Align=Right><A Href="/certsrv"><Font Color=#FFFFFF><LocID ID=locHomeLink><Font Face="Arial" Size=-1><B>Home</B></Font></LocID></Font></A></TD>
</TR>
</Table>
<P ID=locPageTitle> <B> Smart Card Certificate Enrollment Station </B>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=0></TD></TR></Table>
<Form Name=UIForm>
<Table Border=0 Width=100%>
<!-- subheading -->
<TR><TD Colspan=2>
<Table Border=0 CellPadding=0 CellSpacing=0 Width=100%>
<TR><TD ID=locOptHead><Font Size=-1><B>Enrollment Options:</B></Font></TD></TR>
<TR><TD Height=2 BgColor=#008080></TD></TR>
</Table>
</TD></TR>
<TR>
<TD ID=locTemplateLabel Align=Right><Font Size=-1><Label For=lbCertTemplateID><locID ID=locTemplateLabel>Certificate Template:</locID></Label></Font></TD>
<TD><Select Name=lbCertTemplate ID=lbCertTemplateID OnChange="HandleTemplateChange" Language="VBScript"></Select></TD>
</TR>
<TR>
<TD ID=locCALabel Align=Right><Font Size=-1><Label For=lbCAID><locID ID=locCALabel>Certification Authority:</locID></Label></Font></TD>
<TD><Select Name=lbCA ID=lbCAID></Select></TD>
</TR>
<TR>
<TD ID=locCSPLabel Align=Right><Font Size=-1><Label For=lbCSPID><locID ID=locCSPLabel>Cryptographic <BR>Service Provider:</locID></Label></Font></TD>
<TD><Select Name=lbCSP ID=lbCSPID></Select></TD>
</TR>
<TR>
<TD ID=locSigningCertLabel Align=Right><Font Size=-1><Label For=locTbSigningCert><locID ID=locSigningCertLabel>Administrator <BR>Signing Certificate:</locID></Label></Font></TD>
<TD><Input ID=locTbSigningCert Type=Text Size=45 Name=tbSigningCert ReadOnly Disabled Value="(No certificate selected)" Title="Please click on the Select Certificate button to select a signing certificate">
<Input ID=locBtnSelectSigningCert Type=Button Name=btnSelectSigningCert Value="Select Certificate..." OnClick="SelectSigningCert" Language="VBScript"></TD>
</TR>
<!-- subheading -->
<TR><TD ColSpan=2>
<Table Border=0 CellPadding=0 CellSpacing=0 Width=100%>
<TR><TD ID=locUserHead><Font Size=-1><BR><B>User To Enroll:</B></Font></TD></TR>
<TR><TD Height=2 BgColor=#008080></TD></TR>
</Table>
</TD></TR>
<TR>
<TD ID=locUsrAlign Align=Right></TD>
<TD><Input ID=locTbUserName Type=Text Size=45 Name=tbUserName ReadOnly Disabled Value="(No user selected)" Title="Please click on the Select User button to select a user">
<Input ID=locBtnSelectUserName Type=Button Name=btnSelectUserName Value="Select User..." OnClick="SelectUserName" Language="VBScript"></TD>
</TR>
</Table>
<!-- status area -->
<Table Border=0 CellPadding=0 CellSpacing=0 Width=100%>
<TR><TD ID=locStatusHead><Font Size=-1><BR><B>Status:</B></Font></TD></TR>
<TR><TD Height=2 BgColor=#008080></TD></TR>
</Table>
<P><Span ID=spnStatus></Span></P>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=0></TD></TR></Table>
<!-- White HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#FFFFFF><Img Src="certspc.gif" Alt="" Height=5 Width=0></TD></TR></Table>
<Table Width=100% Border=0 CellPadding=0 CellSpacing=0><TR><TD ID=locButtonAlign Align=Right>
<Span ID=spnRetry Style="display:none">
<LocID><Input ID=locBtnRetry Type=Button Name=btnRetry Value="Retry" OnClick="Enroll" Language="VBScript">
</LocID>
</Span>
<Span ID=spnViewCert Style="display:none">
<LocID><Input ID=locBtnViewCert Type=Button Name=btnViewCert Value="View Certificate" OnClick="ViewCert" Language="VBScript">
</LocID>
</Span>
<Span ID=spnNewUser Style="display:none">
<LocID><Input ID=locBtnNewUser Type=Button Name=btnNewUser Value="New User" OnClick="NewUser" Language="VBScript">
</LocID>
</Span>
<Span ID=spnEnroll Style="display:none">
<LocID><Input ID=locBtnEnroll Type=Button Name=btnEnroll Value="Enroll" OnClick="Enroll" Language="VBScript">
</LocID>
</Span>
<LocID ID=locSpc1> <LocID>
</TD></TR></Table>
<Span ID=spnSCrdEnrl Style="display:none"><!-- The control will be placed here --></Span>
</Form>
</Font>
</Body>
</HTML>