You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 lines
4.6 KiB
134 lines
4.6 KiB
<%@ CODEPAGE=65001 'UTF-8%>
|
|
<%' certnew.cer - (CERT)srv web - return a (NEW) certificate
|
|
' Copyright (C) Microsoft Corporation, 1998 - 1999 %>
|
|
<!-- #include FILE=certdat.inc -->
|
|
<!-- #include FILE=certsrck.inc -->
|
|
<% ' ########## BEGIN SERVER SIDE EXECUTION ##########
|
|
|
|
'Process a Certificate Request
|
|
|
|
Dim nDisposition, nResult, sCert, sErrMsg, nEncoding
|
|
On Error Resume Next
|
|
|
|
' from \nt\public\sdk\inc\certcli.h
|
|
Const CR_OUT_BASE64HEADER=&H00000000
|
|
Const CR_OUT_BASE64=&H00000001
|
|
Const CR_OUT_BINARY=&H00000002
|
|
Const CR_OUT_CHAIN=&H00000100
|
|
|
|
'Disposition code ref: \nt\public\sdk\inc\certcli.h
|
|
Const CR_DISP_INCOMPLETE =0
|
|
Const CR_DISP_ERROR =1
|
|
Const CR_DISP_DENIED =2
|
|
Const CR_DISP_ISSUED =3
|
|
Const CR_DISP_ISSUED_OUT_OF_BAND=4
|
|
Const CR_DISP_UNDER_SUBMISSION =5
|
|
Const CR_DISP_REVOKED =6
|
|
Const no_disp=-1
|
|
|
|
Const CR_PROP_CASIGCERT=12
|
|
Const PROPTYPE_BINARY=3
|
|
|
|
'Stop 'debugging breakpoint
|
|
|
|
' determine the requested encoding
|
|
If "bin"=Request.QueryString("Enc") Then
|
|
nEncoding=CR_OUT_BINARY
|
|
Else '"b64"=Request.QueryString("Enc")
|
|
nEncoding=CR_OUT_BASE64HEADER
|
|
End If
|
|
|
|
' create the object to do the request
|
|
Set Session("ICertRequest")=Server.CreateObject("CertificateAuthority.Request")
|
|
Set ICertRequest=Session("ICertRequest")
|
|
nDisposition=no_disp
|
|
|
|
Err.Clear 'make sure we catch the HRESULT and not some earlier error
|
|
|
|
If "CACert"=Request.QueryString("ReqID") Then
|
|
' get the CA cert
|
|
sCert=ICertRequest.GetCAProperty(sServerConfig, CR_PROP_CASIGCERT, Request.QueryString("Renewal"), PROPTYPE_BINARY, nEncoding)
|
|
nResult=Err.Number
|
|
sErrMsg=Err.Description
|
|
|
|
If 0<>nResult Then
|
|
'internal redirect - transfer control to error page
|
|
Session("nResult")=nResult
|
|
Session("sErrMsg")=sErrMsg
|
|
Server.Transfer("certrser.asp")
|
|
End If
|
|
|
|
Else
|
|
' Fetch the user's cert
|
|
nDisposition=ICertRequest.RetrievePending(Request.QueryString("ReqID"), sServerConfig)
|
|
nResult=Err.number
|
|
sErrMsg=Err.Description
|
|
|
|
If nDisposition=CR_DISP_ISSUED Then
|
|
' Remove this request from the user's cookie
|
|
RemoveReq(Request.QueryString("ReqID"))
|
|
|
|
sCert=ICertRequest.GetCertificate(nEncoding)
|
|
Else
|
|
'internal redirect - transfer control to error page
|
|
Session("nDisposition")=nDisposition
|
|
Session("nResult")=nResult
|
|
Session("sErrMsg")=sErrMsg
|
|
Server.Transfer("certrser.asp")
|
|
End If
|
|
End If
|
|
|
|
' Set the MIME type of the data we return. We have two options:
|
|
'
|
|
' 1) Set the MIME type to x-x509-***-cert. This works great for IE,
|
|
' but causes problems for Netscape because it will automatically
|
|
' try to install the cert
|
|
' 2) Set the MIME type to pkix-cert. This gets rid of the automatic
|
|
' installation issue, but may cause 2003 and greater to grey out the
|
|
' "open" button in the file download dialog.
|
|
'
|
|
' Option #1 is implemented here. Option #2 is left commented out, but can
|
|
' easily be substituted
|
|
|
|
'----------------------------------------------------------------------
|
|
' OPTION #1: set the MIME type to x-x509-***-cert in all cases
|
|
'----------------------------------------------------------------------
|
|
|
|
If "CACert"=Request.QueryString("ReqID") Then
|
|
' Netscape installs this type and does not expect to have a private key
|
|
Response.ContentType="application/x-x509-ca-cert"
|
|
Else
|
|
' Netscape installs this type and expects to have a private key
|
|
Response.ContentType="application/x-x509-user-cert"
|
|
End If
|
|
|
|
'----------------------------------------------------------------------
|
|
' OPTION #2: prevent Netscape from automagically installing the cert,
|
|
'----------------------------------------------------------------------
|
|
|
|
' so pick MIME type depending upon what we want the browser to do.
|
|
'If "inst"=Request.QueryString("Mode") Then
|
|
' ' We want Netscape to install
|
|
' If "CACert"=Request.QueryString("ReqID") Then
|
|
' ' Netscape installs this type and does not expect to have a private key
|
|
' Response.ContentType="application/x-x509-ca-cert"
|
|
' Else
|
|
' ' Netscape installs this type and expects to have a private key
|
|
' Response.ContentType="application/x-x509-user-cert"
|
|
' End If
|
|
'
|
|
'Else
|
|
' ' We don't wan't Netscape to install
|
|
' Response.ContentType="application/pkix-cert" ' Netscape does not install this type
|
|
'End If
|
|
|
|
' send the cert to the client
|
|
Response.Clear 'guarantee no extraneous bytes
|
|
If CR_OUT_BINARY=nEncoding Then
|
|
Response.BinaryWrite(sCert)
|
|
Else
|
|
Response.Write(sCert)
|
|
End If
|
|
|
|
' ########## END SERVER SIDE EXECUTION ##########
|
|
%>
|