<%@ CODEPAGE=65001 'UTF-8%>
<%' certrqma.asp - (CERT)srv web - (R)e(Q)uest, (M)ore (A)dvanced
' Copyright (C) Microsoft Corporation, 1998 - 1999 %>
<!-- #include FILE=certsbrt.inc -->
<!-- #include FILE=certdat.inc -->
<%
On Error Resume Next
' Exporting keys to a pvk file is only used by old code signing tools.
' (This is different from exporting both cert and keys in a pfx file.)
' Set this flag to true if you really need this functionality
bEnableExportKeyToFile = True
Dim bFailed, nError
bFailed=False
nError = 0
If "Enterprise"=sServerType And "IE"=sBrowser Then
' get CA exchange cert and save into this page
Const CR_OUT_BASE64 =&H00000001
Const CR_PROP_CAEXCHGCERT=15
Const PROPTYPE_BINARY=3
Set ICertRequest2=Server.CreateObject("CertificateAuthority.Request")
Public sCAExchangeCert
Dim sCertificate
sCertificate=ICertRequest2.GetCAProperty(sServerConfig, CR_PROP_CAEXCHGCERT, 0, PROPTYPE_BINARY, CR_OUT_BASE64)
sCAExchangeCert=FormatBigString(sCertificate, " sCAExchange=sCAExchange & ")
'&H800B0113, CERT_E_INVALID_POLICY, treat it as OK
If Err.Number<>0 And Err.Number <> &H800B0113 Then
' CA may be down.
bFailed=True
nError=Err.Number
End If
End If
'-----------------------------------------------------------------
' Format the big string as a concatenated VB string, breaking at the embedded newlines
Function FormatBigString(sSource, sLinePrefix)
Dim sResult, bCharsLeft, nStartChar, nStopChar, chQuote
sResult=""
chQuote=chr(34)
bCharsLeft=True
nStopChar=1
While (bCharsLeft)
nStartChar=nStopChar
nStopChar=InStr(nStopChar, sSource, vbNewLine)
If (nStopChar>0) Then
sResult=sResult & sLinePrefix & chQuote & Mid(sSource, nStartChar, nStopChar-nStartChar) & chQuote & " & vbNewLine"
If (nStopChar>=Len(sSource)-Len(vbNewLine)) Then
bCharsLeft=False
End If
Else
bCharsLeft=False
End if
sResult=sResult & vbNewLine
nStopChar=nStopChar+Len(vbNewLine)
Wend
FormatBigString=sResult
End Function
%>
<HTML>
<Head>
<Meta HTTP-Equiv="Content-Type" Content="text/html; charset=UTF-8">
<Title>Microsoft Certificate Services</Title>
</Head>
<%If True=bFailed Then %>
<Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF><Font ID=locPageFont Face="Arial">
<%Else%>
<Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF OnLoad="postLoad();"><Font ID=locPageFont Face="Arial">
<%End If%>
<Table Border=0 CellSpacing=0 CellPadding=4 Width=100% BgColor=#008080>
<TR>
<TD><Font Color=#FFFFFF><LocID ID=locMSCertSrv><Font Face="Arial" Size=-1><B><I>Microsoft</I></B> Certificate Services -- <%=sServerDisplayName%> </Font></LocID></Font></TD>
<TD ID=locHomeAlign Align=Right><A Href="/certsrv"><Font Color=#FFFFFF><LocID ID=locHomeLink><Font Face="Arial" Size=-1><B>Home</B></Font></LocID></Font></A></TD>
</TR>
</Table>
<%If True=bFailed Then %>
<P ID=locPageTitle1><Font Color=#FF0000><B>Error</B></Font>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table>
<P ID=locErrorMsg> An unexpected error has occurred:<BR><BR>
<%If nError=&H800706BA Or nError=&H80070005 Then%>
<LocID ID=locSvcNotStarted>The Certification Authority Service has not been started.</LocID>
<%ElseIf nError=&H800b0101 Then%>
<LocID ID=locSvcNotValidDate>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</LocID>
<%Else%>
<%=ICertRequest.GetErrorMessageText(nError, CR_GEMT_HRESULT_STRING)%>
<%End If%>
<%Else 'True<>bFailed%>
<Form Name=UIForm OnSubmit="goNext();return false;" Action="certlynx.asp" Method=Post>
<Input Type=Hidden Name=SourcePage Value="certrqma">
<P ID=locPageTitle> <B> Advanced Certificate Request </B>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=></TD></TR></Table>
<Span ID=spnFixTxt Style="display:none">
<Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"><TR><TD ID=locBadCharError>
<I>Please correct the fields marked in <B>RED</B>.</I>
The e-mail address may contain the characters A-Z, a-z, 0-9, and some common symbols, but no extended characters.
The country/region field must be a two letter ISO 3166 country/region code.
</TD></TR></Table>
</Span>
<Span ID=spnErrorTxt Style="display:none">
<Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000">
<TR><TD ID=locErrMsgBasic>
<B>An error occurred</B> while creating the certificate request.
Please verify that your CSP supports any settings you have made
and that your input is valid.
</TD></TR><TR><TD>
<LocID ID=locErrorCause><B>Suggested cause:</B></LocID><BR>
<Span ID=spnErrorMsg></Span>
</TD></TR><TR>
<TD ID=locErrorNumber><Font Size=-2>Error: <Span ID=spnErrorNum></Span></Font></TD>
</TR>
</Table>
</Span>
<Table Border=0 CellSpacing=0 CellPadding=0>
<TR> <!-- establish column widths. -->
<TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border -->
<TD RowSpan=59 Width=4></TD> <!-- label spacing column -->
<TD></TD> <!-- field column -->
</TR>
<%If "Enterprise"=sServerType Then%> <!-- Enterprise Options -->
<TR>
<TD ID=locTemplateHead ColSpan=3><Font Size=-1><BR><Label For=lbCertTemplateID><locID ID=locTemplateHead><B>Certificate Template:</B></locID></Label></Font></TD>
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
</TR><TR><TD ColSpan=3 Height=6></TD>
</TR><TR><TD></TD>
<TD><Select Name=lbCertTemplate ID=lbCertTemplateID OnChange="handleTemplateChange();">
<%
Dim nWriteTemplateResult
nWriteTemplateResult=WriteTemplateList()
%>
</Select></TD>
</TR>
<%End If '"Enterprise"=sServerType%>
<TR><TD ColSpan=3>
<%If "Enterprise"=sServerType Then%> <!-- Enterprise Options -->
<Span ID=spnIDInfo Style="display:none">
<%End If '"Enterprise"=sServerType%>
<Table Border=0 CellSpacing=0 CellPadding=0>
<TR> <!-- establish column widths. -->
<TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border -->
<TD RowSpan=59 Width=4></TD> <!-- label spacing column -->
<TD></TD> <!-- field column -->
</TR>
<TR>
<%If "StandAlone"=sServerType Then%>
<TD ID=locIdentHeadStandAlone ColSpan=3><Font Size=-1><BR><B>Identifying Information:</B></Font></TD>
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
<%Else%>
<TD ID=locIdentHeadEnterprise ColSpan=3><Font Size=-1><BR><B>Identifying Information For Offline Template:</B></Font></TD>
</TR><!--<TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>-->
<%End If%>
</TR><TR><TD ColSpan=3 Height=6></TD>
</TR><TR>
<TD ID=locNameAlign Align=Right><Span ID=spnNameLabel><LocID ID=locNameLabel><Font Size=-1>Name:</Font></LocID></Span></TD>
<TD><Input ID=locTbCommonName Type=Text MaxLength=64 Size=42 Name=tbCommonName></TD>
</TR><TR>
<TD ID=locEmailAlign Align=Right><Span ID=spnEmailLabel><LocID ID=locEmailLabel><Font Size=-1>E-Mail:</Font></LocID></Span></TD>
<TD><Input ID=locTbEmail Type=Text MaxLength=128 Size=42 Name=tbEmail></TD>
</TR><TR>
<TD Height=8></TD> <TD></TD>
</TR><TR>
<TD ID=locCompanyAlign Align=Right><Span ID=spnCompanyLabel><LocID ID=locOrgLabel><Font Size=-1>Company:</Font></LocID></Span></TD>
<TD><Input ID=locTbOrg Type=Text MaxLength=64 Size=42 Name=tbOrg Value="<%=sDefaultCompany%>"></TD>
</TR><TR>
<TD ID=locDepartmentAlign Align=Right><Span ID=spnDepartmentLabel><LocID ID=locOrgUnitLabel><Font Size=-1>Department:</Font></LocID></Span></TD>
<TD><Input ID=locTbOrgUnit Type=Text MaxLength=64 Size=42 Name=tbOrgUnit Value="<%=sDefaultOrgUnit%>"></TD>
</TR><TR>
<TD Height=8></TD> <TD></TD>
</TR><TR>
<TD ID=locCityAlign Align=Right><Span ID=spnCityLabel><LocID ID=locLocalityLabel><Font Size=-1>City:</Font></LocID></Span></TD>
<TD><Input ID=locTbLocality Type=Text MaxLength=128 Size=42 Name=tbLocality Value="<%=sDefaultLocality%>"></TD>
</TR><TR>
<TD ID=locStateAlign Align=Right><Span ID=spnStateLabel><LocID ID=locStateLabel><Font Size=-1>State:</Font></LocID></Span></TD>
<TD><Input ID=locTbState Type=Text MaxLength=128 Size=42 Name=tbState Value="<%=sDefaultState%>"></TD>
</TR><TR>
<TD ID=locCountryAlign Align=Right><Span ID=spnCountryLabel><LocID ID=locCountryLabel><Font Size=-1>Country/Region:</Font></LocID></Span></TD>
<TD><Input ID=locTbCountry Type=Text MaxLength=2 Size=2 Name=tbCountry Value="<%=sDefaultCountry%>"></TD>
</TR>
</Table>
<%If "Enterprise"=sServerType Then%>
</Span>
<%End If '"Enterprise"=sServerType%>
</TD></TR>
<%If "StandAlone"=sServerType Then%> <!-- Stand-Alone Options -->
<TR>
<TD ID=locEKUHead ColSpan=3><Font Size=-1><BR><B>Type of Certificate Needed:</B></Font></TD>
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
</TR><TR><TD ColSpan=3 Height=6></TD>
</TR><TR><TD></TD>
<TD><Select Name=lbUsageOID OnChange="handleUsageOID(true);">
<Option ID=locCliAuthCert Selected Value="1.3.6.1.5.5.7.3.2"> Client Authentication Certificate
<Option ID=locEmailCert Value="1.3.6.1.5.5.7.3.4"> E-Mail Protection Certificate
<Option ID=locSrvAuthCert Value="1.3.6.1.5.5.7.3.1"> Server Authentication Certificate
<Option ID=locCodeSgnCert Value="1.3.6.1.5.5.7.3.3"> Code Signing Certificate
<Option ID=locTimStmpCert Value="1.3.6.1.5.5.7.3.8"> Time Stamp Signing Certificate
<Option ID=locIPSecCert Value="1.3.6.1.5.5.8.2.2"> IPSec Certificate
<Option ID=locUserEKUCert Value="**"> Other...
</Select></TD>
</TR>
<TR><TD ID=locEkuAlign Align=Right><Span ID=spnEKUOther1 Style="display:none"><LocID ID=locUserEKULabel><Font Size=-1>OID:</Font></LocID></Span></TD>
<TD><Span ID=spnEKUOther2 Style="display:none"><Input ID=locTbEKUOther Type=Text Name=tbEKUOther Value="1.3.6.1.5.5.7.3."></Span></TD>
</TR>
<%End If%> <!-- common -->
<TR>
<TD ID=locKeyOptHead ColSpan=3><Font Size=-1><BR><B>Key Options:</B></Font></TD>
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
</TR><TR><TD ColSpan=3 Height=6></TD>
</TR>
<TR>
<TD></TD>
<TD><Font Size=-1>
<Input Type=Radio ID=rbKG1 Name=rbKeyGen Value="0" OnClick="handleKeyGen();" Checked><Label For=rbKG1 ID=locNewKeyLabel>Create new key set</Label>
<LocID ID=locSpc3> <LocID>
<Input Type=Radio ID=rbKG2 Name=rbKeyGen Value="1" OnClick="handleKeyGen();"><Label For=rbKG2 ID=locExistKeyLabel>Use existing key set</Label>
</Font></TD>
</TR>
<TR><TD ColSpan=3 Height=4></TD></TR>
<TR>
<TD ID=locCSPLabel Align=Right><Font Size=-1><Label For=lbCSPID><locID ID=locCSPLabel>CSP:</locID></Label></Font></TD>
<TD><Select Name=lbCSP ID=lbCSPID OnChange="handleCSPChange();">
<Option ID=locLoading>Loading...</Option>
</Select></TD>
</TR>
<TR ID=trBadCSPForKeySpec Style="display:none">
<TD></TD>
<TD BgColor=#FFFFE0><LocID ID=locBadCSPForKeySpec><Font Size=-1><Span ID=spnBadCSPForKeySpecMsg></Span></Font></LocID></TD>
</TR>
<TR><TD ColSpan=3 Height=4></TD></TR>
<TR>
<TD ID=locKeyUsageLabel Align=Right><Font Size=-1>Key Usage:</Font></TD>
<TD><Font Size=-1>
<Span ID=spnKeyUsageKeyExchange><Input Type=Radio ID=rbKU1 Name=rbKeyUsage Value="0" Checked OnClick="handleKeyUsageChange(false);"><Label For=rbKU1 ID=locKUExch>Exchange</Label><LocID ID=locSpc1> <LocID></Span>
<Span ID=spnKeyUsageSignature><Input Type=Radio ID=rbKU2 Name=rbKeyUsage Value="1" OnClick="handleKeyUsageChange(false);"><Label For=rbKU2 ID=locKUSig>Signature</Label><LocID ID=locSpc2> <LocID></Span>
<Span ID=spnKeyUsageBoth><Input Type=Radio ID=rbKU3 Name=rbKeyUsage Value="2" OnClick="handleKeyUsageChange(false);"><Label For=rbKU3 ID=locKUBoth>Both</Label></Span></Font></TD>
</TR>
<TR><TD ColSpan=3 Height=4></TD></TR>
<TR>
<TD ID=locKeySizeLabel Align=Right ><Font Size=-1><Label For=locTbKeySize><locID ID=locKeySizeLabel>Key Size:</locID></Label></Font></TD>
<TD><Table Border=0 CellPadding=0 CellSpacing=0>
<TR>
<TD RowSpan=2><Input ID=locTbKeySize Type=Text Name=tbKeySize Value="0" MaxLength=5 Size=4 OnPropertyChange="handleKeySizeChange();"> </TD>
<TD ID=locKeySizeMinLabel Align=Right><Font Size=-2>Min:</Font></TD>
<TD ID=locKeySizeMin Align=Right><Font Size=-2><Span ID=spnKeySizeMin></Span></Font></TD>
<TD ID=locKeySizeCommon RowSpan=2><Font Size=-2> (common key sizes: <Span ID=spnKeySizeCommon></Span>)</Font></TD>
</TR><TR>
<TD ID=locKeySizeMaxLabel Align=Right><Font Size=-2>Max:</Font></TD>
<TD ID=locKeySizeMax Align=Right><Font Size=-2><Span ID=spnKeySizeMax></Span></Font></TD>
</TR>
</Table></TD>
</TR>
<TR ID=trKeySizeBad Style="display:none">
<TD></TD>
<TD BgColor=#FFFFE0><LocID ID=locKeySizeBad><Font Size=-1><Span ID=spnKeySizeBadMsg></Span></Font></LocID></TD>
</TR>
<TR ID=trKeySizeBadSpc Style="display:none"><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trKeySizeWarn Style="display:none">
<TD></TD>
<TD BgColor=#FFFFE0><LocID ID=locKeySizeWarning><Font Size=-1><I>Warning: Large keys can take many hours to generate!</I></Font></LocID></TD>
</TR>
<TR ID=trKeyGenWarn Style="display:none">
<TD></TD>
<TD><LocID ID=locKeyGenWarning><Font Size=-1><I>A key of this size will be generated
</I>only<I> if a key for the <BR> specified usage does not already exist in the specified
container.</I></Font></LocID></TD>
</TR>
<TR ID=trGenContNameSpc><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trGenContName>
<TD></TD>
<TD><Font Size=-1>
<Input Type=Radio ID=rbGCN1 Name=rbGenContName Value="0" OnClick="handleGenContName();" Checked><Label For=rbGCN1 ID=locAutoContNameLabel>Automatic key container name</Label>
<LocID ID=locSpc4> <LocID>
<Input Type=Radio ID=rbGCN2 Name=rbGenContName Value="1" OnClick="handleGenContName();"><Label For=rbGCN2 ID=locUserContNameLabel>User specified key container name</Label>
</Font></TD>
</TR>
<TR ID=trContNameSpc><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trContName Style="display:none">
<TD ID=locContainerNameLabel Align=Right><Font Size=-1>Container Name:</Font></TD>
<TD><Font Size=-1><Input ID=locTbContainerName Type=Text Name=tbContainerName Size=20></Font></TD>
</TR>
<TR ID=trMarkExportSpc><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trMarkExport><TD></TD>
<TD><Font Size=-1><Input Type=Checkbox Name=cbMarkKeyExportable ID=cbMarkKeyExportable OnClick="handleMarkExport(false);"><Label For=cbMarkKeyExportable ID=locMarkExportLabel>Mark keys as exportable</Label>
<%If bEnableExportKeyToFile Then%>
<Span ID=spnMarkKeyExportable Style="display:none">
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><Input Type=Checkbox Name=cbExportKeys ID=cbExportKeys OnClick="handleExportKeys();"><Label For=cbExportKeys ID=locExportToFileLabel>Export keys to file</Label>
<Span ID=spnExportKeys Style="display:none">
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locExpFileNameLabel>Full path name:</LocID> <Input ID=locTbExportKeyFile Type=Text Name=tbExportKeyFile Size=20 Value="*.pvk">
</Span>
</Span>
<%End If%>
</Font></TD>
</TR>
<TR ID=trStrongKeySpc><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trStrongKey>
<TD></TD>
<TD><Font Size=-1><Input Type=Checkbox ID=cbStrongKey Name=cbStrongKey OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbStrongKey ID=locStrongKeyLabel>Enable strong private key protection</Label></Font></TD>
</TR>
<TR ID=trLMStoreSpc><TD ColSpan=3 Height=4></TD></TR>
<TR ID=trLMStore><TD></TD>
<TD><Font Size=-1><Input Type=Checkbox Name=cbLocalMachineStore ID=cbLocalMachineStore OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbLocalMachineStore ID=locLMStoreLabel>Store certificate in the local computer certificate store</Label><BR>
<LocID ID=locAdminWarning><Img Src="certspc.gif" Alt="" Height=1 Width=25><I>Stores the certificate in the local computer store<BR>
<Img Src="certspc.gif" Alt="" Height=1 Width=25>instead of in the user's certificate store. Does not<BR>
<Img Src="certspc.gif" Alt="" Height=1 Width=25>install the root CA's certificate. You must be an<BR>
<Img Src="certspc.gif" Alt="" Height=1 Width=25>administrator to generate or use a key in the local<BR>
<Img Src="certspc.gif" Alt="" Height=1 Width=25>machine store.</I></Font></LocID></TD>
</TR>
<TR>
<TD ID=locAddOptHead ColSpan=3><Font Size=-1><BR><B>Additional Options:</B></Font></TD>
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
</TR><TR><TD ColSpan=3 Height=3></TD>
</TR>
<TR><TD ColSpan=3 Height=6></TD></TR>
<TR>
<TD ID=locRequestFormatLabel Align=Right><Font Size=-1>Request Format:</Font></TD>
<TD>
<Input Type=Radio ID=rbFormatCMC Name=rbRequestFormat Value="0" Checked><Label For=rbFormatCMC ID=locFormatCMCLabel>CMC</Label>
<LocID ID=locSpc5> <LocID>
<Input Type=Radio ID=rbFormatPKCS10 Name=rbRequestFormat Value="1"><Label For=rbFormatPKCS10 ID=locFormatPKCS10Label>PKCS10</Label>
</TD>
</TR>
<TR><TD ColSpan=3 Height=4></TD></TR>
<TR><TD ColSpan=3 Height=4></TD></TR>
<TR>
<TD ID=locHashAlgLabel Align=Right><Font Size=-1><Label For=lbHashAlgorithmID><locID ID=locHashAlgLabel>Hash Algorithm:</locID></Label></Font></TD>
<TD><Select Name=lbHashAlgorithm ID=lbHashAlgorithmID></Select></TD>
</TR>
<TR><TD></TD><TD ID=locHashAlgWarning><Font Size=-1><I>Only used to sign request.</I></Font></TD></TR>
<TR><TD ColSpan=3 Height=8></TD></TR>
<TR><TD></TD>
<TD><Font Size=-1><Input Type=Checkbox Name=cbSaveRequest ID=cbSaveRequest OnClick="handleSaveReq();"><Label For=cbSaveRequest ID=locSaveReqLabel>Save request to a file</Label>
<Span ID=spnSaveRequest Style="display:none">
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locReqFileNameLabel>Full path name:</LocID> <Input ID=locTbSaveReqFile Type=Text Name=tbSaveReqFile Size=20>
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locSaveReqWarning><B>This request will be saved and not submitted.</B></LocID>
</Span>
</Font></TD>
</TR>
<TR><TD ColSpan=3 Height=6></TD>
</TR><TR>
<TD ID=locAttribLabel Align=Right><Font Size=-1><Span ID=spnSubmitAttrLable><Label For=locTaAttrib><locID ID=locAttribLabel>Attributes:</locID></Label></Span></Font></TD>
<TD><Span ID=spnSubmitAttrBox><TextArea ID=locTaAttrib Name=taAttrib Wrap=Off Rows=2 Cols=30></TextArea></SPan></TD>
</TR>
<TR><TD ColSpan=3 Height=6></TD>
</TR><TR>
<TD ID=locFriendlyNameLabel Align=Right><Font Size=-1><Label For=locTbFriendlyName><locID ID=locFriendlyNameLabel>Friendly Name:</locID></Label></Font></TD>
<TD><Font Size=-1><Input ID=locTbFriendlyName Type=Text Name=tbFriendlyName Size=20></Font></TD>
</TR>
<TR><TD ColSpan=3><Font Size=-1><BR></Font></TD></TR>
<TR><TD ColSpan=3 Height=2 BgColor=#008080></TD></TR>
<TR><TD ColSpan=3 Height=3></TD></TR>
<TR>
<TD></TD>
<TD ID=locSubmitAlign Align=Right>
<Input ID=locBtnSubmit Type=Submit Name=btnSubmit Value="Submit >" Style="width:.75in">
<Input ID=locBtnSave Type=Submit Name=btnSave Value="Save" Style="width:.75in; display:none">
</TD>
</TR>
<TR><TD ColSpan=3 Height=20></TD></TR>
</Table>
</P>
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table>
<!-- White HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#FFFFFF><Img Src="certspc.gif" Alt="" Height=5 Width=1></TD></TR></Table>
</Form>
</Font>
<!-- ############################################################ -->
<!-- End of standard text. Scripts follow -->
<%bIncludeXEnroll=True%>
<%bIncludeGetCspList=True%>
<%bIncludeTemplateCode=True%>
<%bIncludeCheckClientCode=True%>
<!-- #include FILE=certsgcl.inc -->
<!-- This form we fill in and submit 'by hand'-->
<Span Style="display:none">
<Form Name=SubmittedData Action="certfnsh.asp" Method=Post>
<Input Type=Hidden Name=Mode> <!-- used in request ('newreq'|'chkpnd') -->
<Input Type=Hidden Name=CertRequest> <!-- used in request -->
<Input Type=Hidden Name=CertAttrib> <!-- used in request -->
<Input Type=Hidden Name=FriendlyType> <!-- used on pending -->
<Input Type=Hidden Name=ThumbPrint> <!-- used on pending -->
<Input Type=Hidden Name=TargetStoreFlags> <!-- used on install ('0'|CSSLM)-->
<Input Type=Hidden Name=SaveCert> <!-- used on install ('no'|'yes')-->
</FORM>
</Span>
<Script Language="JavaScript">
//================================================================
// PAGE GLOBAL VARIABLES
//----------------------------------------------------------------
// Strings to be localized
var L_CspLoadErrNoneFound_ErrorMessage="An unexpected error occurred while getting the CSP list:\nNo CSPs could be found!";
var L_CspLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the CSP list.\"";
var L_SetKeySize_Message="\"Set key size to \"+nKeySize";
var L_WarningTemplateKeySize_Message="\"You have selected a certificate template that requires a minimum key size of \" + nKeySize + \"bits, which is larger than the selected CSP maximum.\\nPlease select a different CSP.\"";
var L_RecommendOneKeySize_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key size is \"+sCloseBelow+\".\"";
var L_RecommendTwoKeySizes_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key sizes are \"+sCloseBelow+\" and \"+sCloseAbove+\".\"";
var L_StillLoading_ErrorMessage="This page has not finished loading yet. Please wait a few seconds and try again.";
var L_KeySizeNotNumber_ErrorMessage="Please enter a number for the key size.";
var L_KeySizeBadNumber_ErrorMessage="\"Please enter a valid number for the key size. The key size must be\\nbetween \"+g_nCurKeySizeMin+\" and \"+g_nCurKeySizeMax+\", and be a multiple of \"+g_nCurKeySizeInc+\".\"";
var L_CSPNotSupportTemplateKeySpec_Message="\"You may have selected a CSP that does not support the key type defined in the template. Please modify the key type in the template or select either different CSP or certificate template.\"";
var L_TemplateKeySizeTooBig_ErrorMessage = "\"The certificate type you selected requires minimum key size of \" + g_nCurTemplateKeySizeMin + \".\\nIt is bigger than the maximum size of \" + g_nCurKeySizeMax + \".\\nPlease change the number or select a different CSP.\"";
var L_NoCntnrName_ErrorMessage="Please enter a key container name.";
var L_BadOid_ErrorMessage="Please enter a valid OID, or choose a predefined certificate type.\nMultiple OIDs must be separated with a comma.";
var L_NoExportFileName_ErrorMessage="Please enter a file name for exporting the keys.";
var L_NoSaveReqFileName_ErrorMessage="Please enter a file name for saving the request.";
var L_Generating_Message="Generating request...";
var L_UserEKUCert_Text="\"User-EKU (\"+sCertUsage+\") Certificate\"";
var L_RequestSaved_Message="Request saved to file.";
var L_Waiting_Message="Waiting for server response...";
var L_ErrNameUnknown_ErrorMessage="(unknown)";
var L_SugCauseNone_ErrorMessage="No suggestion.";
var L_SugCauseBadCSP_ErrorMessage="The CSP you chose was unable to process the request. Try a different CSP.";
var L_SugCauseKeysetFull_ErrorMessage="The security token does not have storage space available for an additional container.";
var L_SugCauseBadSetting2_ErrorMessage="The CSP you chose does not support one or more of the settings you have made, such as key size, key spec, hash algorithm, etc. Try using different settings or a different CSP.";
var L_SugCauseBadKeyContainer_ErrorMessage="Either the key container you specified does not exist, or the CSP you chose was unable to process the request. Enter the name of an existing key container; choose 'Create new keyset'; or try a different CSP.";
var L_SugCauseExistKeyContainer_ErrorMessage="The container you named already exists. When creating a new key, you must use a new container name.";
var L_SugCauseBadChar_ErrorMessage="You entered an invalid character. Report a bug, because this should have been caught in validation.";
var L_SugCauseBadHash_ErrorMessage="The hash algorithm you selected cannot be used for signing. Please select a different hash algorithm.";
var L_SugCauseNoFileName_ErrorMessage="You did not enter a file name.";
var L_SugCauseCryptArchivableNotSupp_ErrorMessage="The CSP you chose does not support the creation of keys which can be archived but not exported.";
var L_ErrNameNoFileName_ErrorMessage="(no file name)";
var L_SugCauseNotAdmin_ErrorMessage="You must be an administrator to generate a key in the local machine store.";
var L_ErrNamePermissionDenied_ErrorMessage="Permission Denied";
var L_SugCausePermissionToWrite_ErrorMessage = "You do not have write permission to save the file to the path";
var L_SugCauseBadFileName_ErrorMessage="The file name you specified is not a valid file name. Try a different file name.";
var L_SugCauseBadDrive_ErrorMessage="The drive you specified is not ready. Insert a disk in the drive or try a different file name.";
var L_SugCauseNoProfile_ErrorMessage="The profile for the user is a temporary profile.";
var L_SugCauseCAExSignerNotFound_ErrorMessage="A certificate chain could not be built to a trusted root authority.";
var L_SugCauseCAExNotTrusted_ErrorMessage="A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.";
var L_DownLevelClients_ErrorMessage="This error can be caused by requesting Key Archival for the new private key, which may not be supported on this platform.";
var L_SugCauseCancelled_ErrorMessage="The operation was canceled by the user.";
var L_SCARD_E_NOMEMORYMSG_ErrorMessage="Not enough memory available to complete this command.";
var L_SCARD_F_WAITEDTOOLONG_ErrorMessage="An internal consistency timer has expired.";
var L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage="The data buffer to receive returned data is too small for the returned data.";
var L_SCARD_E_UNKNOWNREADER_ErrorMessage="The specified reader name is not recognized.";
var L_SCARD_E_NOSMARTCARD_ErrorMessage="The operation requires a Smart Card, but no Smart Card is currently in the device.";
var L_SCARD_E_UNKNOWNCARD_ErrorMessage="The specified smart card name is not recognized.";
var L_SCARD_E_NOTREADY_ErrorMessage="The reader or smart card is not ready to accept commands.";
var L_SCARD_F_COMMERROR_ErrorMessage="An internal communications error has been detected.";
var L_SCARD_E_NOSERVICE_ErrorMessage="The Smart card resource manager is not running.";
var L_SCARD_E_SERVICESTOPPED_ErrorMessage="The Smart card resource manager has shut down.";
var L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage="Cannot find a smart card reader.";
var L_SCARD_E_COMMDATALOST_ErrorMessage="A communications error with the smart card has been detected. Retry the operation.";
var L_SCARD_E_NOKEYCONTAINER_ErrorMessage="The requested key container does not exist on the smart card.";
var L_SCARD_W_UNPOWEREDCARD_ErrorMessage="Power has been removed from the smart card, so that further communication is not possible.";
var L_SCARD_W_REMOVEDCARD_ErrorMessage="The smart card has been removed, so that further communication is not possible.";
var L_SCARD_W_WRONGCHV_ErrorMessage="The card cannot be accessed because the wrong PIN was presented.";
var L_SCARD_W_CHVBLOCKED_ErrorMessage="The card cannot be accessed because the maximum number of PIN entry attempts has been reached.";
var L_SCARD_W_EOF_ErrorMessage="The end of the smart card file has been reached.";
var L_SCARD_W_CANCELLEDBYUSER_ErrorMessage="The action was cancelled by the user.";
var L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage="No PIN was presented to the smart card.";
<%If "Enterprise"=sServerType Then%>
;
var L_TemplateLoadErrNoneFound_ErrorMessage="No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.";
var L_TemplateLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the certificate template list.\"";
var L_TemplateCert_Text= "sFriendlyName+\" Certificate\"";
<%End If%>
// IE is not ready until XEnroll has been loaded
var g_bOkToSubmit=false;
var g_bSubmitPending=false;
// some constants defined in wincrypt.h:
var CRYPT_EXPORTABLE=1;
var CRYPT_USER_PROTECTED=2;
var CRYPT_MACHINE_KEYSET=0x20;
var AT_KEYEXCHANGE=1;
var AT_SIGNATURE=2;
var CERT_SYSTEM_STORE_LOCATION_SHIFT=16;
var CERT_SYSTEM_STORE_LOCAL_MACHINE_ID=2;
var CERT_SYSTEM_STORE_LOCAL_MACHINE=CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT;
var ALG_CLASS_ANY=0
var ALG_CLASS_SIGNATURE=1<<13;
var ALG_CLASS_HASH=4<<13;
var PROV_DSS=3;
var PROV_DSS_DH=13;
var PROV_DH_SCHANNEL=18;
// convenience constants, for readability
var KEY_USAGE_EXCH=0;
var KEY_USAGE_SIG=1;
var KEY_USAGE_BOTH=2;
var XEKL_KEYSIZE_MIN=1;
var XEKL_KEYSIZE_MAX=2;
var XEKL_KEYSIZE_INC=3;
var XEKL_KEYSIZE_DEFAULT=4;
var XEKL_KEYSPEC_KEYX=1;
var XEKL_KEYSPEC_SIG=2;
// defaults
var KEY_LEN_MIN_DEFAULT=384;
var KEY_LEN_MAX_DEFAULT=16384;
var KEY_LEN_MY_DEFAULT=1024;
var KEY_LEN_INC_DEFAULT=8;
// for key size
var g_nCurKeySizeMax;
var g_nCurKeySizeMin;
var g_nCurKeySizeDefault;
var g_nCurKeySizeInc;
var g_bCSPUpdate;
var g_nCurTemplateKeySizeMin = 0; //init to 0
var XECR_PKCS10_V2_0=1;
var XECR_PKCS7=2;
var XECR_CMC=3;
var XECT_EXTENSION_V1=1;
var XECT_EXTENSION_V2=2;
//================================================================
// INITIALIZATION ROUTINES
function removeV2KATemplate()
{
var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001;
//downlevel machines, no V2 templates with KA
var nTemplateCount = document.UIForm.lbCertTemplate.length;
var n, sTemplate, sCTEOID;
for (n = nTemplateCount - 1; n > -1 ; --n)
{
sTemplate = document.UIForm.lbCertTemplate.options[n].value;
sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, sTemplate);
var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, sTemplate);
if ("" != sCTEOID && 0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL))
{
//v2 template with KA
document.UIForm.lbCertTemplate.options.remove(n);
}
}
}
//----------------------------------------------------------------
// This contains the functions we want executed immediately after load completes
function postLoad() {
// Load an XEnroll object into the page
loadXEnroll("postLoadPhase2()");
handleSaveReq();
handleCMCFormat();
<%If "Enterprise"=sServerType Then%>
if (!isClientAbleToCreateCMC())
{
//downlevel machines
removeV2KATemplate();
}
<%End If%>
}
function postLoadPhase2() {
// continued from above
var nResult;
// get the CSP list
nResult=GetCSPList();
if (0!=nResult) {
handleLoadError(nResult, L_CspLoadErrNoneFound_ErrorMessage, L_CspLoadErrUnexpected_ErrorMessage);
return;
}
<%If "StandAlone"<>sServerType And 0<>nWriteTemplateResult Then%>
handleLoadError(<%=nWriteTemplateResult%>, L_TemplateLoadErrNoneFound_ErrorMessage, L_TemplateLoadErrUnexpected_ErrorMessage);
return;
<%End If%>
// Now we're ready to go
g_bOkToSubmit=true;
<%If "Enterprise"=sServerType Then%>
handleTemplateChange();
<%Else%>
handleCSPChange();
<%End If%>
// dynamic styles are not preserved so
// make sure dynamic UI is updated after 'back'
handleKeyGen();
handleMarkExport(false);
handleExportKeys();
<%If "StandAlone"=sServerType Then%>
handleUsageOID(false);
<%End If%>
}
//----------------------------------------------------------------
// handle errors from GetCSPList() and GetTemplateList()
function handleLoadError(nResult, sNoneFound, sUnexpected) {
if (-1==nResult) {
alert(sNoneFound);
} else {
var sErrorNumber="0x"+toHex(nResult);
alert(eval(sUnexpected));
}
disableAllControls();
}
//================================================================
// PAGE MANAGEMENT ROUTINES
<%If "StandAlone"=sServerType Then%>
//----------------------------------------------------------------
// handle the appearance of the text box when 'other...' is selected
function handleUsageOID(bFocus) {
if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value) {
spnEKUOther1.style.display='';
spnEKUOther2.style.display='';
if (bFocus) {
document.UIForm.lbUsageOID.blur();
document.UIForm.tbEKUOther.select();
document.UIForm.tbEKUOther.focus();
}
} else {
spnEKUOther1.style.display='none';
spnEKUOther2.style.display='none';
}
}
<%End If%>
<%If "Enterprise"=sServerType Then%>
//----------------------------------------------------------------
function getTemplateValueInfo(nIndex, sTemplate)
{
var sValue=getTemplateStringInfo(nIndex, sTemplate);
return parseInt(sValue);
}
// handle a change in the current template
function isDNNeeded() {
var sValue=getTemplateStringInfo(CTINFO_INDEX_OFFLINE, null);
if ("O"==sValue)
{
//offline template needs DN
return true;
}
//check template subject flag
var lSubjectFlag = getTemplateValueInfo(CTINFO_INDEX_SUBJECTFLAG, null);
var CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT=0x00000001;
return (0x0 != (lSubjectFlag & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT));
}
function isTemplateKeyArchival()
{
var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001;
var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null);
return (0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL));
}
function isSMimeCapabilities()
{
var CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS=0x00000001;
var lFlags=getTemplateValueInfo(CTINFO_INDEX_ENROLLFLAG, null);
return (0x0 != (lFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS));
}
function getTemplateMinKeySize()
{
var lKeyFlags = getTemplateValueInfo(CTINFO_INDEX_KEYFLAG, null);
return (lKeyFlags & 0xFFFF0000) >> 16;
}
function updateCSPList()
{
//get csp list separated from template data
var sCSPList = getTemplateStringInfo(CTINFO_INDEX_CSPLIST, null);
if ("" != sCSPList)
{
updateCSPListFromStrings(sCSPList);
}
else
{
//remove current csps from list
//strange reasons this remove code can't be in GetCSPList
var n;
var nCSP = document.UIForm.lbCSP.length;
for (n = 0; n < nCSP-1; ++n)
{
document.UIForm.lbCSP.remove(0);
}
GetCSPList();
}
}
//----------------------------------------------------------------
// handle a change in the current template
function handleTemplateChange()
{
if (false==isDNNeeded()) {
spnIDInfo.style.display="none";
} else {
spnIDInfo.style.display="";
}
//update csp list from the template
updateCSPList();
handleCSPChange();
//handle key spec
var lKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null);
var fDisabled = true;
if ((0x0 != (AT_KEYEXCHANGE & lKeySpec)) &&
(0x0 != (AT_SIGNATURE & lKeySpec)) )
{
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
}
else if (0x0 != (AT_KEYEXCHANGE & lKeySpec))
{
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true;
}
else if (0x0 != (AT_SIGNATURE & lKeySpec))
{
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true;
}
else
{
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
fDisabled = false;
}
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].disabled=fDisabled;
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].disabled=fDisabled;
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].disabled=fDisabled;
//update exportable control
var lPrivateKeyFlags = getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null);
var CT_FLAG_EXPORTABLE_KEY = 0x10;
document.UIForm.cbMarkKeyExportable.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY));
handleMarkExport(true);
//update strong key protection control
var CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED = 0x20;
document.UIForm.cbStrongKey.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED));
handleStrongKeyAndLMStore(true);
//update template min key size
g_nCurTemplateKeySizeMin = getTemplateMinKeySize();
//update key size
handleKeyUsageChange(false);
//update CMC related
handleCMCFormat();
var lRASignatures = getTemplateValueInfo(CTINFO_INDEX_RASIGNATURE, null);
var fSave = 0 < lRASignatures;
//enforce save to file, can't submit if signing
document.UIForm.cbSaveRequest.checked = fSave;
document.UIForm.cbSaveRequest.disabled = fSave;
handleSaveReq();
}
<%End If%>
//----------------------------------------------------------------
// handle a change in the current CSP
function handleCSPChange() {
if (0 == document.UIForm.lbCSP.length)
{
//no csp, disable submit button
document.UIForm.btnSubmit.disabled = true;
return;
}
else
{
document.UIForm.btnSubmit.disabled = false;
}
var nCSPIndex=document.UIForm.lbCSP.selectedIndex;
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
var nProvType=document.UIForm.lbCSP.options[nCSPIndex].value;
XEnroll.ProviderType=nProvType;
<%If "Enterprise"=sServerType Then%>
var nTemplateKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null);
<%End If%>
// update the key spec options. If we support both, default to key exchange
var nSupportedKeyUsages=XEnroll.GetSupportedKeySpec();
if (0==nSupportedKeyUsages) {
nSupportedKeyUsages=AT_SIGNATURE | AT_KEYEXCHANGE;
}
<%If "Enterprise"=sServerType Then%>
if (0==nTemplateKeySpec) {
nTemplateKeySpec=AT_SIGNATURE | AT_KEYEXCHANGE;
}
nSupportedKeyUsages = nTemplateKeySpec & nSupportedKeyUsages;
<%End If%>
if (PROV_DSS==nProvType || PROV_DSS_DH==nProvType || PROV_DH_SCHANNEL==nProvType) {
nSupportedKeyUsages=AT_SIGNATURE;
}
if (0 == nSupportedKeyUsages)
{
spnBadCSPForKeySpecMsg.innerHTML=eval(L_CSPNotSupportTemplateKeySpec_Message);
trBadCSPForKeySpec.style.display="";
} else {
trBadCSPForKeySpec.style.display="none";
}
if (nSupportedKeyUsages&AT_SIGNATURE) {
spnKeyUsageSignature.style.display="";
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true;
} else {
spnKeyUsageSignature.style.display="none";
}
if (nSupportedKeyUsages&AT_KEYEXCHANGE) {
spnKeyUsageKeyExchange.style.display="";
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true;
} else {
spnKeyUsageKeyExchange.style.display="none";
}
if ((AT_SIGNATURE|AT_KEYEXCHANGE)==nSupportedKeyUsages) {
spnKeyUsageBoth.style.display="";
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
} else {
spnKeyUsageBoth.style.display="none";
}
handleKeyUsageChange(true);
UpdateHashAlgList(nProvType);
}
//----------------------------------------------------------------
// two cases invoke handleKeyUsageChange:
// 1) csp selection change
// 2) exchange vs. signature change
function handleKeyUsageChange(bCSPChange) {
// get the min, max, and default length from the CSP
var bExchange=document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked || document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked ;
g_nCurKeySizeMax=MyGetKeyLen(XEKL_KEYSIZE_MAX, bExchange);
g_nCurKeySizeMin=MyGetKeyLen(XEKL_KEYSIZE_MIN, bExchange);
<%If "Enterprise"=sServerType Then%>
if (0 != g_nCurTemplateKeySizeMin)
{
g_nCurKeySizeMin=Math.max(g_nCurKeySizeMin, g_nCurTemplateKeySizeMin);
}
<%End If%>
g_nCurKeySizeDefault=MyGetKeyLen(XEKL_KEYSIZE_DEFAULT, bExchange);
g_nCurKeySizeInc=MyGetKeyLen(XEKL_KEYSIZE_INC, bExchange);
// set to default lenth
if ("0"==document.UIForm.tbKeySize.value || true == bCSPChange)
{
//"0" likely init load or typed in, not bad go default
// or csp changed, set to default length
document.UIForm.tbKeySize.value = g_nCurKeySizeDefault;
}
// show the min and max
spnKeySizeMin.innerText=g_nCurKeySizeMin;
spnKeySizeMax.innerText=g_nCurKeySizeMax;
// keep the key size in bounds
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
if (isNaN(nKeySize) || nKeySize>g_nCurKeySizeMax) {
document.UIForm.tbKeySize.value=g_nCurKeySizeMax;
} else if (nKeySize<g_nCurKeySizeMin) { //>
document.UIForm.tbKeySize.value=g_nCurKeySizeMin;
}
// update list of valid common key sizes
var nPowerSize=128;
var sCommonKeys="";
while (nPowerSize<g_nCurKeySizeMin) { //>
nPowerSize*=2;
}
while (nPowerSize<=g_nCurKeySizeMax) {
sCommonKeys+=getKeySizeLinkHtmlString(nPowerSize)+" ";
nPowerSize*=2;
}
spnKeySizeCommon.innerHTML=sCommonKeys;
handleKeySizeChange();
}
//----------------------------------------------------------------
function getKeySizeLinkHtmlString(nKeySize) {
return "<Span tabindex=0 Style=\"cursor:hand; color:#0000FF; text-decoration:underline;\""
+" OnContextMenu=\"return false;\""
+" OnMouseOver=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\""
+" OnMouseOut=\"window.status='';return true;\""
+" OnMouseUp=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\""
+" OnKeyDown=\"if (13==event.keyCode) {document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;} else if (9==event.keyCode) {return true;};return false;\""
+" OnClick=\"document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;\">"
+nKeySize+"</Span>";
}
//----------------------------------------------------------------
// morphing routine
function handleSaveReq() {
if (document.UIForm.cbSaveRequest.checked) {
spnSaveRequest.style.display='';
document.UIForm.btnSubmit.style.display='none';
document.UIForm.btnSave.style.display='';
spnSubmitAttrLable.style.display='none';
spnSubmitAttrBox.style.display='none';
} else {
spnSaveRequest.style.display='none';
document.UIForm.btnSubmit.style.display='';
document.UIForm.btnSave.style.display='none';
spnSubmitAttrLable.style.display='';
spnSubmitAttrBox.style.display='';
}
}
//----------------------------------------------------------------
// morphing routine
function handleMarkExport(fFromTemplate) {
<%If bEnableExportKeyToFile Then%>
if (document.UIForm.cbMarkKeyExportable.checked) {
spnMarkKeyExportable.style.display='';
document.UIForm.cbMarkKeyExportable.disabled = false;
} else {
spnMarkKeyExportable.style.display='none';
if (fFromTemplate)
{
//disable it to enforce template non-exportable
document.UIForm.cbMarkKeyExportable.disabled = true;
}
else
{
//enable
document.UIForm.cbMarkKeyExportable.disabled = false;
}
}
<%End If%>
}
//----------------------------------------------------------------
// morphing routine
function handleExportKeys() {
<%If bEnableExportKeyToFile Then%>
if (document.UIForm.cbExportKeys.checked) {
spnExportKeys.style.display='';
} else {
spnExportKeys.style.display='none';
}
<%End If%>
}
//----------------------------------------------------------------
// morphing routine
function handleKeyGen() {
if (document.UIForm.rbKeyGen[0].checked) {
// create new keyset
trGenContName.style.display='';
trGenContNameSpc.style.display='';
trKeyGenWarn.style.display='none';
handleGenContName();
<%If "Enterprise"=sServerType Then%>
handleTemplateChange();
<%Else%>
handleStrongKeyAndLMStore(false);
<%End If%>
trMarkExport.style.display='';
trMarkExportSpc.style.display='';
} else {
// Use existing key set
trGenContName.style.display='none';
trGenContNameSpc.style.display='none';
trKeyGenWarn.style.display='';
handleGenContName();
handleStrongKeyAndLMStore(false);
document.UIForm.cbMarkKeyExportable.checked=false;
trMarkExport.style.display='none';
trMarkExportSpc.style.display='none';
}
}
//----------------------------------------------------------------
// morphing routine
function handleGenContName() {
if (document.UIForm.rbGenContName[0].checked && document.UIForm.rbKeyGen[0].checked) {
trContName.style.display='none';
trContNameSpc.style.display='none';
} else {
trContName.style.display='';
trContNameSpc.style.display='';
}
}
//----------------------------------------------------------------
// morphing routine
function handleSetContainer() {
if (document.UIForm.cbSetContainer.checked) {
spnNewContainer.style.display='';
} else {
spnNewContainer.style.display='none';
}
}
//----------------------------------------------------------------
// morphing routine
function handleKeySizeChange() {
var sKeySize = document.UIForm.tbKeySize.value;
if (0 == sKeySize.indexOf("0"))
{
//first digit is 0, wipe it out
document.UIForm.tbKeySize.value = "";
return;
}
var nKeySize=parseInt(sKeySize);
if (isNaN(nKeySize)) {
nKeySize=0;
}
if (nKeySize>2048) {
trKeySizeWarn.style.display='';
} else {
trKeySizeWarn.style.display='none';
}
if (nKeySize<g_nCurKeySizeMin || nKeySize>g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) {
// clamp the current key size to be within the range
var nCloseBelow=nKeySize;
if (nCloseBelow<g_nCurKeySizeMin) { //>
nCloseBelow=g_nCurKeySizeMin;
} else if (nCloseBelow>g_nCurKeySizeMax) {
nCloseBelow=g_nCurKeySizeMax;
}
var nCloseAbove=nCloseBelow;
// find closest values above and below
nCloseBelow-=nCloseBelow%g_nCurKeySizeInc;
nCloseAbove+=(g_nCurKeySizeInc-nCloseAbove%g_nCurKeySizeInc)%g_nCurKeySizeInc;
var sCloseAbove=getKeySizeLinkHtmlString(nCloseAbove);
var sCloseBelow=getKeySizeLinkHtmlString(nCloseBelow);
if (g_nCurKeySizeMax < g_nCurTemplateKeySizeMin) {
spnKeySizeBadMsg.innerHTML=eval(L_WarningTemplateKeySize_Message);
} else if (nCloseAbove==nCloseBelow) {
spnKeySizeBadMsg.innerHTML=eval(L_RecommendOneKeySize_Message);
} else {
spnKeySizeBadMsg.innerHTML=eval(L_RecommendTwoKeySizes_Message);
}
trKeySizeBad.style.display="";
trKeySizeBadSpc.style.display="";
} else {
trKeySizeBad.style.display="none";
trKeySizeBadSpc.style.display="none";
}
}
//----------------------------------------------------------------
// morphing routine
function handleStrongKeyAndLMStore(fFromTemplate) {
// If we took the value from the template, and the checkbox is checked, the disable it
if (document.UIForm.cbStrongKey.checked && fFromTemplate) {
//disable it to enforce template non-exportable
document.UIForm.cbStrongKey.disabled = true;
} else {
document.UIForm.cbStrongKey.disabled = false ;
}
if (document.UIForm.cbStrongKey.checked && document.UIForm.rbKeyGen[0].checked) {
trLMStoreSpc.style.display='none';
trLMStore.style.display='none';
document.UIForm.cbLocalMachineStore.checked=false;
} else {
trLMStoreSpc.style.display='';
trLMStore.style.display='';
}
if (document.UIForm.cbLocalMachineStore.checked || !document.UIForm.rbKeyGen[0].checked) {
trStrongKeySpc.style.display='none';
trStrongKey.style.display='none';
document.UIForm.cbStrongKey.checked=false;
} else {
trStrongKeySpc.style.display='';
trStrongKey.style.display='';
}
}
//----------------------------------------------------------------
// handle CMC Format
function handleCMCFormat() {
if (isClientAbleToCreateCMC())
{
<%If "Enterprise"=sServerType Then%>
//change request format controls
if (isTemplateKeyArchival())
{
//enforce CMC
document.UIForm.rbRequestFormat[0].disabled=true;
document.UIForm.rbRequestFormat[0].checked=true;
document.UIForm.rbRequestFormat[1].disabled=true;
}
else
{
document.UIForm.rbRequestFormat[0].disabled=false;
document.UIForm.rbRequestFormat[1].disabled=false;
}
<%End If%>
}
else
{
//no cmc, disable it, only pkcs10
document.UIForm.rbRequestFormat[0].disabled=true;
document.UIForm.rbRequestFormat[1].disabled=true;
document.UIForm.rbRequestFormat[1].checked=true;
}
}
//================================================================
// SUBMIT ROUTINES
//----------------------------------------------------------------
// determine what to do when the submit button is pressed
function goNext() {
if (false==g_bOkToSubmit) {
alert(L_StillLoading_ErrorMessage);
} else if (true==g_bSubmitPending) {
// ignore, because we are already prcessing a request.
} else {
SubmitRequest();
}
}
//----------------------------------------------------------------
// check for invalid characters and empty strings
function isValidIA5String(sSource) {
var nIndex;
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
if (sSource.charCodeAt(nIndex)>127) { // NOTE: this is better, but not compatible with old browsers.
return false;
}
};
return true;
}
//----------------------------------------------------------------
// check for invalid characters
function isValidCountryField(tbCountry) {
tbCountry.value=tbCountry.value.toUpperCase();
var sSource=tbCountry.value;
var nIndex, ch;
if (0!=sSource.length && 2!=sSource.length) {
return false;
}
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
ch=sSource.charAt(nIndex)
if (ch<"A" || ch>"Z") {
return false;
}
};
return true;
}
//----------------------------------------------------------------
// check for invalid characters in an OID
function isValidOid(sSource) {
var nIndex, ch;
if (0==sSource.length) {
return true;
}
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
ch=sSource.charAt(nIndex)
if (ch!="." && ch!="," && (ch<"0" || ch>"9")) {
return false;
}
}
return true;
}
//----------------------------------------------------------------
// set a label to normal style
function markLabelNormal(spn) {
spn.style.color="#000000";
spn.style.fontWeight='normal';
}
//----------------------------------------------------------------
// set a label to error state
function markLabelError(spn) {
spn.style.color='#FF0000';
spn.style.fontWeight='bold';
}
//----------------------------------------------------------------
// check that the form has data in it
function validateRequest() {
markLabelNormal(spnNameLabel);
markLabelNormal(spnEmailLabel);
markLabelNormal(spnCompanyLabel);
markLabelNormal(spnDepartmentLabel);
markLabelNormal(spnCityLabel);
markLabelNormal(spnStateLabel);
markLabelNormal(spnCountryLabel);
var bOK=true;
<%If "Enterprise"=sServerType Then%>
if (true==isDNNeeded()) {
<%End If%>
var fldFocusMe=null;
if (false==isValidCountryField(document.UIForm.tbCountry)) {
bOK=false;
fldFocusMe=document.UIForm.tbCountry;
markLabelError(spnCountryLabel);
}
// document.UIForm.tbState.value OK
// document.UIForm.tbLocality.value OK
// document.UIForm.tbOrgUnit.value OK
// document.UIForm.tbOrg.value OK
if (false==isValidIA5String(document.UIForm.tbEmail.value))
{
bOK=false;
fldFocusMe=document.UIForm.tbEmail;
markLabelError(spnEmailLabel);
}
<%If "StandAlone"=sServerType Then%>
if ("1.3.6.1.5.5.7.3.4"==document.UIForm.lbUsageOID.value && ""==document.UIForm.tbEmail.value)
{
bOK=false;
fldFocusMe=document.UIForm.tbEmail;
markLabelError(spnEmailLabel);
}
if (""==document.UIForm.tbCommonName.value)
{
bOK=false;
fldFocusMe=document.UIForm.tbCommonName;
markLabelError(spnNameLabel);
}
<%End If%>
if (false==bOK) {
spnFixTxt.style.display='';
window.scrollTo(0,0);
fldFocusMe.focus();
}
<%If "Enterprise"=sServerType Then%>
} // <- End if offline template
<%End If%>
<%If "StandAlone"=sServerType Then%>
// Check the OID field
if (true==bOK) {
if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value
&& false==isValidOid(document.UIForm.tbEKUOther.value)) {
alert(L_BadOid_ErrorMessage);
document.UIForm.tbEKUOther.focus();
bOK=false;
}
}
<%End If%>
// Check the keysize field
if (true==bOK) {
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
var sMessage;
if (isNaN(nKeySize)) {
sMessage=L_KeySizeNotNumber_ErrorMessage;
bOK=false;
} else if (g_nCurTemplateKeySizeMin > g_nCurKeySizeMax) {
sMessage=eval(L_TemplateKeySizeTooBig_ErrorMessage);
bOK = false;
} else if (nKeySize < g_nCurKeySizeMin || nKeySize > g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) {
sMessage=eval(L_KeySizeBadNumber_ErrorMessage);
bOK=false;
}
if (false==bOK) {
alert (sMessage);
document.UIForm.tbKeySize.focus();
}
}
// Check the container name
if (true==bOK) {
if (document.UIForm.rbKeyGen[1].checked
|| (document.UIForm.rbKeyGen[0].checked && document.UIForm.rbGenContName[1].checked)) {
if (""==document.UIForm.tbContainerName.value) {
bOK=false;
alert(L_NoCntnrName_ErrorMessage);
document.UIForm.tbContainerName.focus();
}
}
}
<%If bEnableExportKeyToFile Then%>
// Check the exported private key file name
if (true==bOK) {
if (document.UIForm.rbKeyGen[0].checked
&& document.UIForm.cbMarkKeyExportable.checked
&& document.UIForm.cbExportKeys.checked) {
if (""==document.UIForm.tbExportKeyFile.value) {
bOK=false;
alert(L_NoExportFileName_ErrorMessage);
document.UIForm.tbExportKeyFile.focus();
}
}
}
<%End If%>
// Check the saved-request file name
if (true==bOK) {
if (document.UIForm.cbSaveRequest.checked) {
if (""==document.UIForm.tbSaveReqFile.value) {
bOK=false;
alert(L_NoSaveReqFileName_ErrorMessage);
document.UIForm.tbSaveReqFile.focus();
}
}
}
return bOK;
}
//----------------------------------------------------------------
function SubmitRequest() {
g_bSubmitPending=true;
// check that the form is filled in
spnErrorTxt.style.display='none';
spnFixTxt.style.display='none';
if (false==validateRequest()) {
g_bSubmitPending=false;
return;
}
// show a nice message since request creation can take a while
ShowTransientMessage(L_Generating_Message);
// Make the message show up on the screen,
// then continue with 'SubmitRequest':
// Pause 10 mS before executing phase 2,
// so screen will have time to repaint.
setTimeout("SubmitRequestPhase2();", 10);
}
function SubmitRequestPhase2() {
// continued from above
<%If "StandAlone"=sServerType Then%>
//
// Stand-Alone Options
//
// set the extended key usage and certificate request 'friendly type'
var nUsageIndex=document.UIForm.lbUsageOID.selectedIndex;
var sCertUsage;
if ("**"==document.UIForm.lbUsageOID.options[nUsageIndex].value) {
sCertUsage=document.UIForm.tbEKUOther.value;
document.SubmittedData.FriendlyType.value=eval(L_UserEKUCert_Text);
} else {
sCertUsage=document.UIForm.lbUsageOID.options[nUsageIndex].value;
document.SubmittedData.FriendlyType.value=document.UIForm.lbUsageOID.options[nUsageIndex].text;
}
<%Else 'Enterprise%>
//
// Enterprise Options
//
// get cert template info
var lCTEVer = XECT_EXTENSION_V1;
var lCTEMajor = 0;
var bCTEfMinor = false;
var lCTEMinor = 0;
var sRealName = getTemplateStringInfo(CTINFO_INDEX_REALNAME, null);
var sFriendlyName = getTemplateStringInfo(CTINFO_INDEX_FRIENDLYNAME, null);
var sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, null);
if ("" == sCTEOID) {
//must v1 template, get template name
sCTEOID = sRealName;
} else {
// v2 template
lCTEVer = XECT_EXTENSION_V2;
lCTEMajor = getTemplateValueInfo(CTINFO_INDEX_EXTMAJ, null);
bCTEfMinor = getTemplateValueInfo(CTINFO_INDEX_EXTFMIN, null);
lCTEMinor = getTemplateValueInfo(CTINFO_INDEX_EXTMIN, null);
}
// set the cert template
vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor);
document.SubmittedData.FriendlyType.value=eval(L_TemplateCert_Text);
var sCertUsage=""; // ignored
<%End If 'StandAlone or Enterprise%>
//
// Common
//
// set the identifying info
var sDistinguishedName="";
if (""!=document.UIForm.tbCountry.value) {
sDistinguishedName+="C=\""+document.UIForm.tbCountry.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbState.value) {
sDistinguishedName+="S=\""+document.UIForm.tbState.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbLocality.value) {
sDistinguishedName+="L=\""+document.UIForm.tbLocality.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbOrg.value) {
sDistinguishedName+="O=\""+document.UIForm.tbOrg.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbOrgUnit.value) {
sDistinguishedName+="OU=\""+document.UIForm.tbOrgUnit.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbEmail.value) {
sDistinguishedName+="E=\""+document.UIForm.tbEmail.value.replace(/"/g, "\"\"") +"\";";
}
if (""!=document.UIForm.tbCommonName.value) {
sDistinguishedName+="CN=\""+document.UIForm.tbCommonName.value.replace(/"/g, "\"\"")+"\";";
}
<%If "Enterprise"=sServerType Then%>
if (false==isDNNeeded()) {
sDistinguishedName="";
}
<%End If%>
// append the local date to the type
document.SubmittedData.FriendlyType.value+=" ("+(new Date()).toLocaleString()+")";
//
// Key Options subheading:
//
// set the 'SaveCert' flag to install the cert instead of saving
document.SubmittedData.SaveCert.value="no";
// set the CSP
var nCSPIndex=document.UIForm.lbCSP.selectedIndex;
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
// set the key size (the upper 16 bits of GenKeyFlags)
// note: this value has already been validated
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
XEnroll.GenKeyFlags=nKeySize<<16;
// set the KeyUsage
if (document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked) {
XEnroll.KeySpec=AT_KEYEXCHANGE;
XEnroll.LimitExchangeKeyToEncipherment=true;
} else if (document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked) {
XEnroll.KeySpec=AT_SIGNATURE;
XEnroll.LimitExchangeKeyToEncipherment=false;
} else { // KEY_USAGE_BOTH
XEnroll.KeySpec=AT_KEYEXCHANGE;
XEnroll.LimitExchangeKeyToEncipherment=false;
}
// set the 'use existing key set' flag
if (document.UIForm.rbKeyGen[0].checked) {
XEnroll.UseExistingKeySet=false;
if (document.UIForm.rbGenContName[1].checked) {
XEnroll.ContainerName=document.UIForm.tbContainerName.value;
}
// set 'Strong private key protection'
// note: upper 16 bits already set as key size
if (document.UIForm.cbStrongKey.checked) {
XEnroll.GenKeyFlags|=CRYPT_USER_PROTECTED;
}
// mark the keys as exportable
if (document.UIForm.cbMarkKeyExportable.checked) {
XEnroll.GenKeyFlags|=CRYPT_EXPORTABLE;
<%If bEnableExportKeyToFile Then%>
// set the key export file (.pvk) and save the cert instead of installing
if (document.UIForm.cbExportKeys.checked) {
XEnroll.PVKFileName=document.UIForm.tbExportKeyFile.value;
document.SubmittedData.SaveCert.value="yes";
}
<%End If%>
}
} else {
// set the 'use existing key set' flag
XEnroll.UseExistingKeySet=true;
XEnroll.ContainerName=document.UIForm.tbContainerName.value;
}
// place the keys in the local machine store
if (document.UIForm.cbLocalMachineStore.checked) {
// the keys attached to the dummy request cert go in the local machine store
XEnroll.RequestStoreFlags=CERT_SYSTEM_STORE_LOCAL_MACHINE;
// used in CryptAcquireContext
XEnroll.ProviderFlags=CRYPT_MACHINE_KEYSET;
// the keys attached to the final cert also go in the local machine store
document.SubmittedData.TargetStoreFlags.value=CERT_SYSTEM_STORE_LOCAL_MACHINE;
} else {
// the keys attached to the final cert also go in the user store
document.SubmittedData.TargetStoreFlags.value=0; // 0=Use default (=user store)
}
var dwCreateRequestFlag = XECR_CMC;
if (document.UIForm.rbRequestFormat[1].checked)
{
dwCreateRequestFlag = XECR_PKCS10_V2_0;
}
<%If "Enterprise"=sServerType Then%>
//SMIME capabilities
XEnroll.EnableSMIMECapabilities = isSMimeCapabilities();
//Key archival
if (isTemplateKeyArchival())
{
var nResult = SetPrivateKeyArchiveCertificate(); //call VB
if (0 != nResult)
{
handleError(nResult);
return;
}
}
<%End If%>
if ("" != document.UIForm.tbFriendlyName.value)
{
//set friendly name property
var CERT_FRIENDLY_NAME_PROP_ID=11;
var XECP_STRING_PROPERTY=1;
XEnroll.addBlobPropertyToCertificate(CERT_FRIENDLY_NAME_PROP_ID, XECP_STRING_PROPERTY, document.UIForm.tbFriendlyName.value);
}
//
// Additional Options subheading:
//
// set the hash algorithm
var nHashIndex=document.UIForm.lbHashAlgorithm.selectedIndex;
XEnroll.HashAlgID=document.UIForm.lbHashAlgorithm.options[nHashIndex].value;
// set any extra attributes
var sAttrib=document.UIForm.taAttrib.value;
if (sAttrib.lastIndexOf("\r\n")!=sAttrib.length-2 && sAttrib.length>0) {
sAttrib=sAttrib+"\r\n";
}
// for interop debug purposes
sAttrib+="UserAgent:<%=Request.ServerVariables("HTTP_USER_AGENT")%>\r\n";
document.SubmittedData.CertAttrib.value=sAttrib;
// we are submitting a new request
document.SubmittedData.Mode.value='newreq';
//
// Create the request
//
var nResult;
var HRESULT_ERROR_CANCELLED=0x800704c7;
var SCARD_W_CANCELLED_BY_USER=0x8010006e;
var PVK_HELPER_PASSWORD_CANCEL=0x80097004;
if (document.UIForm.cbSaveRequest.checked) {
// build and save the certificate request
var sSaveReqFile=document.UIForm.tbSaveReqFile.value;
nResult=CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile); // ask VB to do it, since it can handle errors
} else {
// build the certificate request
nResult=CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage); // ask VB to do it, since it can handle errors
}
if (0 == nResult)
{
//always get thumbprint in case of pending
document.SubmittedData.ThumbPrint.value=XEnroll.ThumbPrint;
}
// hide the message box
HideTransientMessage();
// reset XEnroll so the user can select a different CSP, etc.
XEnroll.reset();
// however, make sure it still matches the UI.
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
// deal with an error if there was one
if (0!=nResult) {
g_bSubmitPending=false;
if (0==(SCARD_W_CANCELLED_BY_USER^nResult) ||
0==(PVK_HELPER_PASSWORD_CANCEL^nResult))
{
//cancelled
nResult=0;
return;
}
<%If "Enterprise"=sServerType Then%>
if (isTemplateKeyArchival() && !document.UIForm.cbMarkKeyExportable.checked)
{
//they've tried to create an archivable key
handleError2(nResult, L_SugCauseCryptArchivableNotSupp_ErrorMessage);
} else {
// use the regular error handling
handleError(nResult);
}
<%Else%>
// just use the regular error handling in the standalone case
handleError(nResult);
<%End If%>
return;
}
// check for special "no submit" case
if (document.UIForm.cbSaveRequest.checked) {
// just inform the user that it went OK, but don't submit
alert(L_RequestSaved_Message);
g_bSubmitPending=false;
} else {
// put up a new wait message
ShowTransientMessage(L_Waiting_Message);
// Submit the cert request and move forward in the wizard
document.SubmittedData.submit();
}
}
//----------------------------------------------------------------
function handleError(nResult) {
handleError2(nResult, 0);
}
//----------------------------------------------------------------
function handleError2(nResult, sSugCauseIN) {
var sSugCause=L_SugCauseNone_ErrorMessage;
var sErrorName=L_ErrNameUnknown_ErrorMessage;
// analyze the error - funny use of XOR ('^') because obvious choice '==' doesn't work
if (0==(0x80090008^nResult)) {
sErrorName="NTE_BAD_ALGID";
sSugCause=L_SugCauseBadSetting2_ErrorMessage;
} else if (0==(0x80090016^nResult)) {
sErrorName="NTE_BAD_KEYSET";
if (document.UIForm.rbKeyGen[0].checked) {
sSugCause=L_SugCauseBadCSP_ErrorMessage;
} else {
sSugCause=L_SugCauseBadKeyContainer_ErrorMessage;
}
} else if (0==(0x80090019^nResult)) {
sErrorName="NTE_KEYSET_NOT_DEF";
sSugCause=L_SugCauseBadCSP_ErrorMessage;
} else if (0==(0x80090020^nResult)) {
sErrorName="NTE_FAIL";
sSugCause=L_SugCauseBadCSP_ErrorMessage;
} else if (0==(0x80090023^nResult)) {
sErrorName="NTE_TOKEN_KEYSET_STORAGE_FULL";
sSugCause=L_SugCauseKeysetFull_ErrorMessage;
} else if (0==(0x80090009^nResult)) {
sErrorName="NTE_BAD_FLAGS";
sSugCause=L_SugCauseBadSetting2_ErrorMessage;
} else if (0==(0x8009000F^nResult)) {
sErrorName="NTE_EXISTS";
sSugCause=L_SugCauseExistKeyContainer_ErrorMessage;
} else if (0==(0x80092002^nResult)) {
sErrorName="CRYPT_E_BAD_ENCODE";
//sSugCause="";
} else if (0==(0x80092022^nResult)) {
sErrorName="CRYPT_E_INVALID_IA5_STRING";
sSugCause=L_SugCauseBadChar_ErrorMessage;
} else if (0==(0x80092023^nResult)) {
sErrorName="CRYPT_E_INVALID_X500_STRING";
sSugCause=L_SugCauseBadChar_ErrorMessage;
} else if (0==(0x80070003^nResult)) {
sErrorName="ERROR_PATH_NOT_FOUND";
sSugCause=L_SugCauseBadFileName_ErrorMessage;
} else if (0==(0x80070103^nResult)) {
sErrorName="ERROR_NO_MORE_ITEMS";
sSugCause=L_SugCauseBadHash_ErrorMessage;
} else if (0==(0x8007007B^nResult)) {
sErrorName="ERROR_INVALID_NAME";
sSugCause=L_SugCauseBadFileName_ErrorMessage;
} else if (0==(0x80070015^nResult)) {
sErrorName="ERROR_NOT_READY";
sSugCause=L_SugCauseBadDrive_ErrorMessage;
} else if (0==(0x8007007F^nResult)) {
sErrorName="ERROR_PROC_NOT_FOUND";
sSugCause=L_DownLevelClients_ErrorMessage;
} else if (0==(0x800704C7^nResult)) {
sErrorNamge="ERROR_CANCELLED";
sSugCause=L_SugCauseCancelled_ErrorMessage;
} else if (0==(0x80100006^nResult)) {
sErrorName = "SCARD_E_NO_MEMORY";
sSugCause = L_SCARD_E_NOMEMORYMSG_ErrorMessage;
} else if (0==(0x80100007^nResult)) {
sErrorName = "SCARD_F_WAITED_TOO_LONG";
sSugCause = L_SCARD_F_WAITEDTOOLONG_ErrorMessage;
} else if (0==(0x80100008^nResult)) {
sErrorName = "SCARD_E_INSUFFICIENT_BUFFER";
sSugCause = L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage;
} else if (0==(0x80100009^nResult)) {
sErrorName = "SCARD_E_UNKNOWN_READER";
sSugCause = L_SCARD_E_UNKNOWNREADER_ErrorMessage;
} else if (0==(0x8010000C^nResult)) {
sErrorName = "SCARD_E_NO_SMARTCARD";
sSugCause = L_SCARD_E_NOSMARTCARD_ErrorMessage;
} else if (0==(0x8010000D^nResult)) {
sErrorName = "SCARD_E_UNKNOWN_CARD";
sSugCause = L_SCARD_E_UNKNOWNCARD_ErrorMessage;
} else if (0==(0x80100010^nResult)) {
sErrorName = "SCARD_E_NOT_READY";
sSugCause = L_SCARD_E_NOTREADY_ErrorMessage;
} else if (0==(0x80100013^nResult)) {
sErrorName = "SCARD_F_COMM_ERROR";
sSugCause = L_SCARD_F_COMMERROR_ErrorMessage;
} else if (0==(0x8010001D^nResult)) {
sErrorName = "SCARD_E_NO_SERVICE";
sSugCause = L_SCARD_E_NOSERVICE_ErrorMessage;
} else if (0==(0x8010001E^nResult)) {
sErrorName = "SCARD_E_SERVICE_STOPPED";
sSugCause = L_SCARD_E_SERVICESTOPPED_ErrorMessage;
} else if (0==(0x8010002E^nResult)) {
sErrorName = "SCARD_E_NO_READERS_AVAILABLE";
sSugCause = L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage;
} else if (0==(0x8010002F^nResult)) {
sErrorName = "SCARD_E_COMM_DATA_LOST";
sSugCause = L_SCARD_E_COMMDATALOST_ErrorMessage;
} else if (0==(0x80100030^nResult)) {
sErrorName = "SCARD_E_NO_KEY_CONTAINER";
sSugCause = L_SCARD_E_NOKEYCONTAINER_ErrorMessage;
} else if (0==(0x80100067^nResult)) {
sErrorName = "SCARD_W_UNPOWERED_CARD";
sSugCause = L_SCARD_W_UNPOWEREDCARD_ErrorMessage;
} else if (0==(0x80100069^nResult)) {
sErrorName = "SCARD_W_REMOVED_CARD";
sSugCause = L_SCARD_W_REMOVEDCARD_ErrorMessage;
} else if (0==(0x8010006B^nResult)) {
sErrorName = "SCARD_W_WRONG_CHV";
sSugCause = L_SCARD_W_WRONGCHV_ErrorMessage;
} else if (0==(0x8010006C^nResult)) {
sErrorName = "SCARD_W_CHV_BLOCKED";
sSugCause = L_SCARD_W_CHVBLOCKED_ErrorMessage;
} else if (0==(0x8010006D^nResult)) {
sErrorName = "SCARD_W_EOF";
sSugCause = L_SCARD_W_EOF_ErrorMessage;
} else if (0==(0x8010006E^nResult)) {
sErrorName = "SCARD_W_CANCELLED_BY_USER";
sSugCause = L_SCARD_W_CANCELLEDBYUSER_ErrorMessage;
} else if (0==(0x8010006F^nResult)) {
sErrorName = "SCARD_W_CARD_NOT_AUTHENTICATED";
sSugCause = L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage;
} else if (0==(0x80090024^nResult)) {
sErrorName = "NTE_TEMPORARY_PROFILE";
sSugCause = L_SugCauseNoProfile_ErrorMessage;
} else if (0==(0xFFFFFFFF^nResult)) {
sErrorName=L_ErrNameNoFileName_ErrorMessage;
sSugCause=L_SugCauseNoFileName_ErrorMessage;
} else if (0==(0x800B010A^nResult)) {
sErrorName = "CERT_E_CHAINING";
sSugCause=L_SugCauseCAExSignerNotFound_ErrorMessage;
} else if (0==(0x800B0109^nResult)) {
sErrorName = "CERT_E_UNTRUSTEDROOT";
sSugCause=L_SugCauseCAExNotTrusted_ErrorMessage;
} else if (0==(0x8000FFFF^nResult)) {
sErrorName="E_UNEXPECTED";
} else if (0==(0x00000046^nResult)) {
sErrorName=L_ErrNamePermissionDenied_ErrorMessage;
if (document.UIForm.cbSaveRequest.checked) {
sSugCause=L_SugCausePermissionToWrite_ErrorMessage;
}
else {
sSugCause=L_SugCausePermissionToWrite_ErrorMessage;
}
}
// modify the document text and appearance to show the error message
spnErrorNum.innerText="0x"+toHex(nResult)+" - "+sErrorName;
if (0 == sSugCauseIN) {
spnErrorMsg.innerText=sSugCause;
} else {
spnErrorMsg.innerText=sSugCauseIN;
}
spnFixTxt.style.display='none';
spnErrorTxt.style.display='';
// back to the top so the messages show
window.scrollTo(0,0);
}
</Script>
<Script Language="VBScript">
' The current CA exchange certificate
Public sCAExchangeCert
sCAExchange=""
<%=sCAExchangeCert%>
'-----------------------------------------------------------------
' call XEnroll to create a request, since javascript has no error handling
Function CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage)
On Error Resume Next
XEnroll.ReuseHardwareKeyIfUnableToGenNew=False
document.SubmittedData.CertRequest.value= _
XEnroll.CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage)
CreateRequest=Err.Number
End Function
'-----------------------------------------------------------------
' call XEnroll to create and save a request, since javascript has no error handling
Function CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile)
On Error Resume Next
XEnroll.ReuseHardwareKeyIfUnableToGenNew=False
XEnroll.createFileRequest dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile
CreateAndSaveRequest=Err.Number
End Function
'----------------------------------------------------------------
' handle a change in the current CSP, since javascript has no error handling
Sub UpdateHashAlgList(nProvType)
On Error Resume Next
Dim nIndex, nAlgID, oElem, bList, lCSPType
Const CALG_SSL3_SHAMD5=32776
Const CALG_MAC=32773
Const CALG_HMAC=32777
Const CALG_MD5=32771
'really strange, I can't use nProvType in following If compare
'so I have to fetch from xenroll which is the same as nProvType:(
lCSPType=XEnroll.ProviderType
' clear the list
While document.UIForm.lbHashAlgorithm.length>0
document.UIForm.lbHashAlgorithm.options.remove(0)
Wend
' retrieve the list from XEnroll
nIndex=0
Do
' get the next AlgID
nAlgID=XEnroll.EnumAlgs(nIndex, ALG_CLASS_HASH)
If 0<>Err.Number Then
' no more algs
Err.Clear
Exit Do
End If
bList = True
'GetAlgName is not cheap, try to reduce the call, check ID to filter out some unwanted hash
'can't use the following hash
If CALG_SSL3_SHAMD5=nAlgID Or CALG_MAC=nAlgID Or CALG_HMAC=nAlgID Then
bList = False
End If
'DSS or DH won't work with MD5
If CALG_MD5=nAlgID And PROV_DSS=lCSPType Or CALG_MD5=nAlgID And PROV_DSS_DH=lCSPType or CALG_MD5=nAlgID And PROV_DH_SCHANNEL=lCSPType Then
bList = False
End If
If True=bList Then
' get the corresponding name and create an option in the list box
sName=XEnroll.GetAlgName(nAlgID)
Set oElem=document.createElement("Option")
oElem.text=sName
oElem.value=nAlgID
document.UIForm.lbHashAlgorithm.options.add(oElem)
End If
nIndex=nIndex+1
Loop ' <- End alg enumeration loop
' make sure the first one is selectd
document.UIForm.lbHashAlgorithm.selectedIndex=0
End Sub
'----------------------------------------------------------------
' call XEnroll to get the key length, since javascript has no error handling
Function MyGetKeyLen(nSizeSpec, bExchange)
On Error Resume Next
Dim nKeySpec
If True=bExchange Then
nKeySpec=XEKL_KEYSPEC_KEYX
Else
nKeySpec=XEKL_KEYSPEC_SIG
End If
MyGetKeyLen=XEnroll.GetKeyLenEx(nSizeSpec, nKeySpec)
If 0<>Err.Number Then
If XEKL_KEYSIZE_MIN=nSizeSpec Then
MyGetKeyLen=KEY_LEN_MIN_DEFAULT
ElseIf XEKL_KEYSIZE_MAX=nSizeSpec Then
MyGetKeyLen=KEY_LEN_MAX_DEFAULT
ElseIf XEKL_KEYSIZE_DEFAULT=nSizeSpec Then
MyGetKeyLen=KEY_LEN_MY_DEFAULT 'try 1024
Else 'assume XEKL_KEYSIZE_INC=nSizeSpec
MyGetKeyLen=KEY_LEN_INC_DEFAULT
End If
End If
If XEKL_KEYSIZE_INC=nSizeSpec And 0=MyGetKeyLen Then
MyGetKeyLen=KEY_LEN_INC_DEFAULT
End If
End Function
'----------------------------------------------------
' set a certificate for key archive
Function SetPrivateKeyArchiveCertificate()
On Error Resume Next
XEnroll.PrivateKeyArchiveCertificate=sCAExchange
SetPrivateKeyArchiveCertificate = Err.Number
End Function
'----------------------------------------------------
' set request template extension
Function vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor)
On Error Resume Next
XEnroll.addCertTypeToRequestEx lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor
If 0 <> Err.Number Then
'possible on downlevel not supporting v2 encoding, change to v1
XEnroll.addCertTypeToRequestEx XECT_EXTENSION_V1, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor
End If
vbAddCertTypeToRequestEx=Err.Number
End Function
</Script>
<%End If 'bFailed%>
</Body>
</HTML>