You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1985 lines
76 KiB
1985 lines
76 KiB
<%@ CODEPAGE=65001 'UTF-8%>
|
|
<%' certrqma.asp - (CERT)srv web - (R)e(Q)uest, (M)ore (A)dvanced
|
|
' Copyright (C) Microsoft Corporation, 1998 - 1999 %>
|
|
<!-- #include FILE=certsbrt.inc -->
|
|
<!-- #include FILE=certdat.inc -->
|
|
<%
|
|
On Error Resume Next
|
|
|
|
' Exporting keys to a pvk file is only used by old code signing tools.
|
|
' (This is different from exporting both cert and keys in a pfx file.)
|
|
' Set this flag to true if you really need this functionality
|
|
bEnableExportKeyToFile = True
|
|
|
|
Dim bFailed, nError
|
|
bFailed=False
|
|
nError = 0
|
|
|
|
If "Enterprise"=sServerType And "IE"=sBrowser Then
|
|
|
|
' get CA exchange cert and save into this page
|
|
|
|
Const CR_OUT_BASE64 =&H00000001
|
|
Const CR_PROP_CAEXCHGCERT=15
|
|
Const PROPTYPE_BINARY=3
|
|
|
|
Set ICertRequest2=Server.CreateObject("CertificateAuthority.Request")
|
|
Public sCAExchangeCert
|
|
Dim sCertificate
|
|
sCertificate=ICertRequest2.GetCAProperty(sServerConfig, CR_PROP_CAEXCHGCERT, 0, PROPTYPE_BINARY, CR_OUT_BASE64)
|
|
sCAExchangeCert=FormatBigString(sCertificate, " sCAExchange=sCAExchange & ")
|
|
|
|
'&H800B0113, CERT_E_INVALID_POLICY, treat it as OK
|
|
If Err.Number<>0 And Err.Number <> &H800B0113 Then
|
|
' CA may be down.
|
|
bFailed=True
|
|
nError=Err.Number
|
|
End If
|
|
End If
|
|
|
|
'-----------------------------------------------------------------
|
|
' Format the big string as a concatenated VB string, breaking at the embedded newlines
|
|
Function FormatBigString(sSource, sLinePrefix)
|
|
Dim sResult, bCharsLeft, nStartChar, nStopChar, chQuote
|
|
sResult=""
|
|
chQuote=chr(34)
|
|
bCharsLeft=True
|
|
nStopChar=1
|
|
|
|
While (bCharsLeft)
|
|
nStartChar=nStopChar
|
|
nStopChar=InStr(nStopChar, sSource, vbNewLine)
|
|
|
|
If (nStopChar>0) Then
|
|
sResult=sResult & sLinePrefix & chQuote & Mid(sSource, nStartChar, nStopChar-nStartChar) & chQuote & " & vbNewLine"
|
|
|
|
If (nStopChar>=Len(sSource)-Len(vbNewLine)) Then
|
|
bCharsLeft=False
|
|
End If
|
|
|
|
Else
|
|
bCharsLeft=False
|
|
End if
|
|
sResult=sResult & vbNewLine
|
|
nStopChar=nStopChar+Len(vbNewLine)
|
|
Wend
|
|
FormatBigString=sResult
|
|
End Function
|
|
%>
|
|
<HTML>
|
|
<Head>
|
|
<Meta HTTP-Equiv="Content-Type" Content="text/html; charset=UTF-8">
|
|
<Title>Microsoft Certificate Services</Title>
|
|
</Head>
|
|
<%If True=bFailed Then %>
|
|
<Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF><Font ID=locPageFont Face="Arial">
|
|
<%Else%>
|
|
<Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF OnLoad="postLoad();"><Font ID=locPageFont Face="Arial">
|
|
<%End If%>
|
|
|
|
<Table Border=0 CellSpacing=0 CellPadding=4 Width=100% BgColor=#008080>
|
|
<TR>
|
|
<TD><Font Color=#FFFFFF><LocID ID=locMSCertSrv><Font Face="Arial" Size=-1><B><I>Microsoft</I></B> Certificate Services -- <%=sServerDisplayName%> </Font></LocID></Font></TD>
|
|
<TD ID=locHomeAlign Align=Right><A Href="/certsrv"><Font Color=#FFFFFF><LocID ID=locHomeLink><Font Face="Arial" Size=-1><B>Home</B></Font></LocID></Font></A></TD>
|
|
</TR>
|
|
</Table>
|
|
|
|
<%If True=bFailed Then %>
|
|
<P ID=locPageTitle1><Font Color=#FF0000><B>Error</B></Font>
|
|
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table>
|
|
|
|
<P ID=locErrorMsg> An unexpected error has occurred:<BR><BR>
|
|
<%If nError=&H800706BA Or nError=&H80070005 Then%>
|
|
<LocID ID=locSvcNotStarted>The Certification Authority Service has not been started.</LocID>
|
|
<%ElseIf nError=&H800b0101 Then%>
|
|
<LocID ID=locSvcNotValidDate>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</LocID>
|
|
<%Else%>
|
|
<%=ICertRequest.GetErrorMessageText(nError, CR_GEMT_HRESULT_STRING)%>
|
|
<%End If%>
|
|
|
|
<%Else 'True<>bFailed%>
|
|
|
|
<Form Name=UIForm OnSubmit="goNext();return false;" Action="certlynx.asp" Method=Post>
|
|
<Input Type=Hidden Name=SourcePage Value="certrqma">
|
|
|
|
<P ID=locPageTitle> <B> Advanced Certificate Request </B>
|
|
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=></TD></TR></Table>
|
|
|
|
<Span ID=spnFixTxt Style="display:none">
|
|
<Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"><TR><TD ID=locBadCharError>
|
|
<I>Please correct the fields marked in <B>RED</B>.</I>
|
|
The e-mail address may contain the characters A-Z, a-z, 0-9, and some common symbols, but no extended characters.
|
|
The country/region field must be a two letter ISO 3166 country/region code.
|
|
</TD></TR></Table>
|
|
</Span>
|
|
<Span ID=spnErrorTxt Style="display:none">
|
|
<Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000">
|
|
<TR><TD ID=locErrMsgBasic>
|
|
<B>An error occurred</B> while creating the certificate request.
|
|
Please verify that your CSP supports any settings you have made
|
|
and that your input is valid.
|
|
</TD></TR><TR><TD>
|
|
<LocID ID=locErrorCause><B>Suggested cause:</B></LocID><BR>
|
|
<Span ID=spnErrorMsg></Span>
|
|
</TD></TR><TR>
|
|
<TD ID=locErrorNumber><Font Size=-2>Error: <Span ID=spnErrorNum></Span></Font></TD>
|
|
</TR>
|
|
</Table>
|
|
</Span>
|
|
|
|
|
|
<Table Border=0 CellSpacing=0 CellPadding=0>
|
|
<TR> <!-- establish column widths. -->
|
|
<TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border -->
|
|
<TD RowSpan=59 Width=4></TD> <!-- label spacing column -->
|
|
<TD></TD> <!-- field column -->
|
|
</TR>
|
|
|
|
<%If "Enterprise"=sServerType Then%> <!-- Enterprise Options -->
|
|
|
|
<TR>
|
|
<TD ID=locTemplateHead ColSpan=3><Font Size=-1><BR><Label For=lbCertTemplateID><locID ID=locTemplateHead><B>Certificate Template:</B></locID></Label></Font></TD>
|
|
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
|
|
</TR><TR><TD ColSpan=3 Height=6></TD>
|
|
</TR><TR><TD></TD>
|
|
<TD><Select Name=lbCertTemplate ID=lbCertTemplateID OnChange="handleTemplateChange();">
|
|
<%
|
|
Dim nWriteTemplateResult
|
|
nWriteTemplateResult=WriteTemplateList()
|
|
%>
|
|
</Select></TD>
|
|
</TR>
|
|
|
|
<%End If '"Enterprise"=sServerType%>
|
|
<TR><TD ColSpan=3>
|
|
<%If "Enterprise"=sServerType Then%> <!-- Enterprise Options -->
|
|
<Span ID=spnIDInfo Style="display:none">
|
|
<%End If '"Enterprise"=sServerType%>
|
|
<Table Border=0 CellSpacing=0 CellPadding=0>
|
|
<TR> <!-- establish column widths. -->
|
|
<TD Width=<%=L_LabelColWidth_Number%>></TD> <!-- label column, top border -->
|
|
<TD RowSpan=59 Width=4></TD> <!-- label spacing column -->
|
|
<TD></TD> <!-- field column -->
|
|
</TR>
|
|
|
|
|
|
<TR>
|
|
<%If "StandAlone"=sServerType Then%>
|
|
<TD ID=locIdentHeadStandAlone ColSpan=3><Font Size=-1><BR><B>Identifying Information:</B></Font></TD>
|
|
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
|
|
<%Else%>
|
|
<TD ID=locIdentHeadEnterprise ColSpan=3><Font Size=-1><BR><B>Identifying Information For Offline Template:</B></Font></TD>
|
|
</TR><!--<TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>-->
|
|
<%End If%>
|
|
</TR><TR><TD ColSpan=3 Height=6></TD>
|
|
</TR><TR>
|
|
<TD ID=locNameAlign Align=Right><Span ID=spnNameLabel><LocID ID=locNameLabel><Font Size=-1>Name:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbCommonName Type=Text MaxLength=64 Size=42 Name=tbCommonName></TD>
|
|
</TR><TR>
|
|
<TD ID=locEmailAlign Align=Right><Span ID=spnEmailLabel><LocID ID=locEmailLabel><Font Size=-1>E-Mail:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbEmail Type=Text MaxLength=128 Size=42 Name=tbEmail></TD>
|
|
</TR><TR>
|
|
<TD Height=8></TD> <TD></TD>
|
|
</TR><TR>
|
|
<TD ID=locCompanyAlign Align=Right><Span ID=spnCompanyLabel><LocID ID=locOrgLabel><Font Size=-1>Company:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbOrg Type=Text MaxLength=64 Size=42 Name=tbOrg Value="<%=sDefaultCompany%>"></TD>
|
|
</TR><TR>
|
|
<TD ID=locDepartmentAlign Align=Right><Span ID=spnDepartmentLabel><LocID ID=locOrgUnitLabel><Font Size=-1>Department:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbOrgUnit Type=Text MaxLength=64 Size=42 Name=tbOrgUnit Value="<%=sDefaultOrgUnit%>"></TD>
|
|
</TR><TR>
|
|
<TD Height=8></TD> <TD></TD>
|
|
</TR><TR>
|
|
<TD ID=locCityAlign Align=Right><Span ID=spnCityLabel><LocID ID=locLocalityLabel><Font Size=-1>City:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbLocality Type=Text MaxLength=128 Size=42 Name=tbLocality Value="<%=sDefaultLocality%>"></TD>
|
|
</TR><TR>
|
|
<TD ID=locStateAlign Align=Right><Span ID=spnStateLabel><LocID ID=locStateLabel><Font Size=-1>State:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbState Type=Text MaxLength=128 Size=42 Name=tbState Value="<%=sDefaultState%>"></TD>
|
|
</TR><TR>
|
|
<TD ID=locCountryAlign Align=Right><Span ID=spnCountryLabel><LocID ID=locCountryLabel><Font Size=-1>Country/Region:</Font></LocID></Span></TD>
|
|
<TD><Input ID=locTbCountry Type=Text MaxLength=2 Size=2 Name=tbCountry Value="<%=sDefaultCountry%>"></TD>
|
|
</TR>
|
|
|
|
</Table>
|
|
<%If "Enterprise"=sServerType Then%>
|
|
</Span>
|
|
<%End If '"Enterprise"=sServerType%>
|
|
</TD></TR>
|
|
|
|
<%If "StandAlone"=sServerType Then%> <!-- Stand-Alone Options -->
|
|
|
|
<TR>
|
|
<TD ID=locEKUHead ColSpan=3><Font Size=-1><BR><B>Type of Certificate Needed:</B></Font></TD>
|
|
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
|
|
</TR><TR><TD ColSpan=3 Height=6></TD>
|
|
</TR><TR><TD></TD>
|
|
<TD><Select Name=lbUsageOID OnChange="handleUsageOID(true);">
|
|
<Option ID=locCliAuthCert Selected Value="1.3.6.1.5.5.7.3.2"> Client Authentication Certificate
|
|
<Option ID=locEmailCert Value="1.3.6.1.5.5.7.3.4"> E-Mail Protection Certificate
|
|
<Option ID=locSrvAuthCert Value="1.3.6.1.5.5.7.3.1"> Server Authentication Certificate
|
|
<Option ID=locCodeSgnCert Value="1.3.6.1.5.5.7.3.3"> Code Signing Certificate
|
|
<Option ID=locTimStmpCert Value="1.3.6.1.5.5.7.3.8"> Time Stamp Signing Certificate
|
|
<Option ID=locIPSecCert Value="1.3.6.1.5.5.8.2.2"> IPSec Certificate
|
|
<Option ID=locUserEKUCert Value="**"> Other...
|
|
</Select></TD>
|
|
</TR>
|
|
|
|
<TR><TD ID=locEkuAlign Align=Right><Span ID=spnEKUOther1 Style="display:none"><LocID ID=locUserEKULabel><Font Size=-1>OID:</Font></LocID></Span></TD>
|
|
<TD><Span ID=spnEKUOther2 Style="display:none"><Input ID=locTbEKUOther Type=Text Name=tbEKUOther Value="1.3.6.1.5.5.7.3."></Span></TD>
|
|
</TR>
|
|
|
|
<%End If%> <!-- common -->
|
|
|
|
<TR>
|
|
<TD ID=locKeyOptHead ColSpan=3><Font Size=-1><BR><B>Key Options:</B></Font></TD>
|
|
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
|
|
</TR><TR><TD ColSpan=3 Height=6></TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD></TD>
|
|
<TD><Font Size=-1>
|
|
<Input Type=Radio ID=rbKG1 Name=rbKeyGen Value="0" OnClick="handleKeyGen();" Checked><Label For=rbKG1 ID=locNewKeyLabel>Create new key set</Label>
|
|
<LocID ID=locSpc3> <LocID>
|
|
<Input Type=Radio ID=rbKG2 Name=rbKeyGen Value="1" OnClick="handleKeyGen();"><Label For=rbKG2 ID=locExistKeyLabel>Use existing key set</Label>
|
|
</Font></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR>
|
|
<TD ID=locCSPLabel Align=Right><Font Size=-1><Label For=lbCSPID><locID ID=locCSPLabel>CSP:</locID></Label></Font></TD>
|
|
<TD><Select Name=lbCSP ID=lbCSPID OnChange="handleCSPChange();">
|
|
<Option ID=locLoading>Loading...</Option>
|
|
</Select></TD>
|
|
</TR>
|
|
<TR ID=trBadCSPForKeySpec Style="display:none">
|
|
<TD></TD>
|
|
<TD BgColor=#FFFFE0><LocID ID=locBadCSPForKeySpec><Font Size=-1><Span ID=spnBadCSPForKeySpecMsg></Span></Font></LocID></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR>
|
|
<TD ID=locKeyUsageLabel Align=Right><Font Size=-1>Key Usage:</Font></TD>
|
|
<TD><Font Size=-1>
|
|
<Span ID=spnKeyUsageKeyExchange><Input Type=Radio ID=rbKU1 Name=rbKeyUsage Value="0" Checked OnClick="handleKeyUsageChange(false);"><Label For=rbKU1 ID=locKUExch>Exchange</Label><LocID ID=locSpc1> <LocID></Span>
|
|
<Span ID=spnKeyUsageSignature><Input Type=Radio ID=rbKU2 Name=rbKeyUsage Value="1" OnClick="handleKeyUsageChange(false);"><Label For=rbKU2 ID=locKUSig>Signature</Label><LocID ID=locSpc2> <LocID></Span>
|
|
<Span ID=spnKeyUsageBoth><Input Type=Radio ID=rbKU3 Name=rbKeyUsage Value="2" OnClick="handleKeyUsageChange(false);"><Label For=rbKU3 ID=locKUBoth>Both</Label></Span></Font></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR>
|
|
<TD ID=locKeySizeLabel Align=Right ><Font Size=-1><Label For=locTbKeySize><locID ID=locKeySizeLabel>Key Size:</locID></Label></Font></TD>
|
|
<TD><Table Border=0 CellPadding=0 CellSpacing=0>
|
|
<TR>
|
|
<TD RowSpan=2><Input ID=locTbKeySize Type=Text Name=tbKeySize Value="0" MaxLength=5 Size=4 OnPropertyChange="handleKeySizeChange();"> </TD>
|
|
<TD ID=locKeySizeMinLabel Align=Right><Font Size=-2>Min:</Font></TD>
|
|
<TD ID=locKeySizeMin Align=Right><Font Size=-2><Span ID=spnKeySizeMin></Span></Font></TD>
|
|
<TD ID=locKeySizeCommon RowSpan=2><Font Size=-2> (common key sizes: <Span ID=spnKeySizeCommon></Span>)</Font></TD>
|
|
</TR><TR>
|
|
<TD ID=locKeySizeMaxLabel Align=Right><Font Size=-2>Max:</Font></TD>
|
|
<TD ID=locKeySizeMax Align=Right><Font Size=-2><Span ID=spnKeySizeMax></Span></Font></TD>
|
|
</TR>
|
|
</Table></TD>
|
|
</TR>
|
|
<TR ID=trKeySizeBad Style="display:none">
|
|
<TD></TD>
|
|
<TD BgColor=#FFFFE0><LocID ID=locKeySizeBad><Font Size=-1><Span ID=spnKeySizeBadMsg></Span></Font></LocID></TD>
|
|
</TR>
|
|
<TR ID=trKeySizeBadSpc Style="display:none"><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trKeySizeWarn Style="display:none">
|
|
<TD></TD>
|
|
<TD BgColor=#FFFFE0><LocID ID=locKeySizeWarning><Font Size=-1><I>Warning: Large keys can take many hours to generate!</I></Font></LocID></TD>
|
|
</TR>
|
|
<TR ID=trKeyGenWarn Style="display:none">
|
|
<TD></TD>
|
|
<TD><LocID ID=locKeyGenWarning><Font Size=-1><I>A key of this size will be generated
|
|
</I>only<I> if a key for the <BR> specified usage does not already exist in the specified
|
|
container.</I></Font></LocID></TD>
|
|
</TR>
|
|
|
|
<TR ID=trGenContNameSpc><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trGenContName>
|
|
<TD></TD>
|
|
<TD><Font Size=-1>
|
|
<Input Type=Radio ID=rbGCN1 Name=rbGenContName Value="0" OnClick="handleGenContName();" Checked><Label For=rbGCN1 ID=locAutoContNameLabel>Automatic key container name</Label>
|
|
<LocID ID=locSpc4> <LocID>
|
|
<Input Type=Radio ID=rbGCN2 Name=rbGenContName Value="1" OnClick="handleGenContName();"><Label For=rbGCN2 ID=locUserContNameLabel>User specified key container name</Label>
|
|
</Font></TD>
|
|
</TR>
|
|
|
|
<TR ID=trContNameSpc><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trContName Style="display:none">
|
|
<TD ID=locContainerNameLabel Align=Right><Font Size=-1>Container Name:</Font></TD>
|
|
<TD><Font Size=-1><Input ID=locTbContainerName Type=Text Name=tbContainerName Size=20></Font></TD>
|
|
</TR>
|
|
|
|
<TR ID=trMarkExportSpc><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trMarkExport><TD></TD>
|
|
<TD><Font Size=-1><Input Type=Checkbox Name=cbMarkKeyExportable ID=cbMarkKeyExportable OnClick="handleMarkExport(false);"><Label For=cbMarkKeyExportable ID=locMarkExportLabel>Mark keys as exportable</Label>
|
|
<%If bEnableExportKeyToFile Then%>
|
|
<Span ID=spnMarkKeyExportable Style="display:none">
|
|
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><Input Type=Checkbox Name=cbExportKeys ID=cbExportKeys OnClick="handleExportKeys();"><Label For=cbExportKeys ID=locExportToFileLabel>Export keys to file</Label>
|
|
<Span ID=spnExportKeys Style="display:none">
|
|
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locExpFileNameLabel>Full path name:</LocID> <Input ID=locTbExportKeyFile Type=Text Name=tbExportKeyFile Size=20 Value="*.pvk">
|
|
</Span>
|
|
</Span>
|
|
<%End If%>
|
|
</Font></TD>
|
|
</TR>
|
|
|
|
<TR ID=trStrongKeySpc><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trStrongKey>
|
|
<TD></TD>
|
|
<TD><Font Size=-1><Input Type=Checkbox ID=cbStrongKey Name=cbStrongKey OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbStrongKey ID=locStrongKeyLabel>Enable strong private key protection</Label></Font></TD>
|
|
</TR>
|
|
|
|
<TR ID=trLMStoreSpc><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR ID=trLMStore><TD></TD>
|
|
<TD><Font Size=-1><Input Type=Checkbox Name=cbLocalMachineStore ID=cbLocalMachineStore OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbLocalMachineStore ID=locLMStoreLabel>Store certificate in the local computer certificate store</Label><BR>
|
|
<LocID ID=locAdminWarning><Img Src="certspc.gif" Alt="" Height=1 Width=25><I>Stores the certificate in the local computer store<BR>
|
|
<Img Src="certspc.gif" Alt="" Height=1 Width=25>instead of in the user's certificate store. Does not<BR>
|
|
<Img Src="certspc.gif" Alt="" Height=1 Width=25>install the root CA's certificate. You must be an<BR>
|
|
<Img Src="certspc.gif" Alt="" Height=1 Width=25>administrator to generate or use a key in the local<BR>
|
|
<Img Src="certspc.gif" Alt="" Height=1 Width=25>machine store.</I></Font></LocID></TD>
|
|
</TR>
|
|
|
|
<TR>
|
|
<TD ID=locAddOptHead ColSpan=3><Font Size=-1><BR><B>Additional Options:</B></Font></TD>
|
|
</TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD>
|
|
</TR><TR><TD ColSpan=3 Height=3></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=6></TD></TR>
|
|
<TR>
|
|
<TD ID=locRequestFormatLabel Align=Right><Font Size=-1>Request Format:</Font></TD>
|
|
<TD>
|
|
<Input Type=Radio ID=rbFormatCMC Name=rbRequestFormat Value="0" Checked><Label For=rbFormatCMC ID=locFormatCMCLabel>CMC</Label>
|
|
<LocID ID=locSpc5> <LocID>
|
|
<Input Type=Radio ID=rbFormatPKCS10 Name=rbRequestFormat Value="1"><Label For=rbFormatPKCS10 ID=locFormatPKCS10Label>PKCS10</Label>
|
|
</TD>
|
|
</TR>
|
|
<TR><TD ColSpan=3 Height=4></TD></TR>
|
|
|
|
<TR><TD ColSpan=3 Height=4></TD></TR>
|
|
<TR>
|
|
<TD ID=locHashAlgLabel Align=Right><Font Size=-1><Label For=lbHashAlgorithmID><locID ID=locHashAlgLabel>Hash Algorithm:</locID></Label></Font></TD>
|
|
<TD><Select Name=lbHashAlgorithm ID=lbHashAlgorithmID></Select></TD>
|
|
</TR>
|
|
<TR><TD></TD><TD ID=locHashAlgWarning><Font Size=-1><I>Only used to sign request.</I></Font></TD></TR>
|
|
|
|
<TR><TD ColSpan=3 Height=8></TD></TR>
|
|
<TR><TD></TD>
|
|
<TD><Font Size=-1><Input Type=Checkbox Name=cbSaveRequest ID=cbSaveRequest OnClick="handleSaveReq();"><Label For=cbSaveRequest ID=locSaveReqLabel>Save request to a file</Label>
|
|
<Span ID=spnSaveRequest Style="display:none">
|
|
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locReqFileNameLabel>Full path name:</LocID> <Input ID=locTbSaveReqFile Type=Text Name=tbSaveReqFile Size=20>
|
|
<BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locSaveReqWarning><B>This request will be saved and not submitted.</B></LocID>
|
|
</Span>
|
|
</Font></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=6></TD>
|
|
</TR><TR>
|
|
<TD ID=locAttribLabel Align=Right><Font Size=-1><Span ID=spnSubmitAttrLable><Label For=locTaAttrib><locID ID=locAttribLabel>Attributes:</locID></Label></Span></Font></TD>
|
|
<TD><Span ID=spnSubmitAttrBox><TextArea ID=locTaAttrib Name=taAttrib Wrap=Off Rows=2 Cols=30></TextArea></SPan></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3 Height=6></TD>
|
|
</TR><TR>
|
|
<TD ID=locFriendlyNameLabel Align=Right><Font Size=-1><Label For=locTbFriendlyName><locID ID=locFriendlyNameLabel>Friendly Name:</locID></Label></Font></TD>
|
|
<TD><Font Size=-1><Input ID=locTbFriendlyName Type=Text Name=tbFriendlyName Size=20></Font></TD>
|
|
</TR>
|
|
|
|
<TR><TD ColSpan=3><Font Size=-1><BR></Font></TD></TR>
|
|
<TR><TD ColSpan=3 Height=2 BgColor=#008080></TD></TR>
|
|
<TR><TD ColSpan=3 Height=3></TD></TR>
|
|
<TR>
|
|
<TD></TD>
|
|
<TD ID=locSubmitAlign Align=Right>
|
|
<Input ID=locBtnSubmit Type=Submit Name=btnSubmit Value="Submit >" Style="width:.75in">
|
|
<Input ID=locBtnSave Type=Submit Name=btnSave Value="Save" Style="width:.75in; display:none">
|
|
|
|
</TD>
|
|
</TR>
|
|
<TR><TD ColSpan=3 Height=20></TD></TR>
|
|
|
|
|
|
</Table>
|
|
</P>
|
|
|
|
|
|
<!-- Green HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table>
|
|
<!-- White HR --><Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#FFFFFF><Img Src="certspc.gif" Alt="" Height=5 Width=1></TD></TR></Table>
|
|
|
|
</Form>
|
|
</Font>
|
|
<!-- ############################################################ -->
|
|
<!-- End of standard text. Scripts follow -->
|
|
|
|
<%bIncludeXEnroll=True%>
|
|
<%bIncludeGetCspList=True%>
|
|
<%bIncludeTemplateCode=True%>
|
|
<%bIncludeCheckClientCode=True%>
|
|
<!-- #include FILE=certsgcl.inc -->
|
|
|
|
<!-- This form we fill in and submit 'by hand'-->
|
|
<Span Style="display:none">
|
|
<Form Name=SubmittedData Action="certfnsh.asp" Method=Post>
|
|
<Input Type=Hidden Name=Mode> <!-- used in request ('newreq'|'chkpnd') -->
|
|
<Input Type=Hidden Name=CertRequest> <!-- used in request -->
|
|
<Input Type=Hidden Name=CertAttrib> <!-- used in request -->
|
|
<Input Type=Hidden Name=FriendlyType> <!-- used on pending -->
|
|
<Input Type=Hidden Name=ThumbPrint> <!-- used on pending -->
|
|
<Input Type=Hidden Name=TargetStoreFlags> <!-- used on install ('0'|CSSLM)-->
|
|
<Input Type=Hidden Name=SaveCert> <!-- used on install ('no'|'yes')-->
|
|
</FORM>
|
|
</Span>
|
|
|
|
<Script Language="JavaScript">
|
|
|
|
//================================================================
|
|
// PAGE GLOBAL VARIABLES
|
|
|
|
//----------------------------------------------------------------
|
|
// Strings to be localized
|
|
var L_CspLoadErrNoneFound_ErrorMessage="An unexpected error occurred while getting the CSP list:\nNo CSPs could be found!";
|
|
var L_CspLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the CSP list.\"";
|
|
var L_SetKeySize_Message="\"Set key size to \"+nKeySize";
|
|
var L_WarningTemplateKeySize_Message="\"You have selected a certificate template that requires a minimum key size of \" + nKeySize + \"bits, which is larger than the selected CSP maximum.\\nPlease select a different CSP.\"";
|
|
var L_RecommendOneKeySize_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key size is \"+sCloseBelow+\".\"";
|
|
var L_RecommendTwoKeySizes_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key sizes are \"+sCloseBelow+\" and \"+sCloseAbove+\".\"";
|
|
var L_StillLoading_ErrorMessage="This page has not finished loading yet. Please wait a few seconds and try again.";
|
|
var L_KeySizeNotNumber_ErrorMessage="Please enter a number for the key size.";
|
|
var L_KeySizeBadNumber_ErrorMessage="\"Please enter a valid number for the key size. The key size must be\\nbetween \"+g_nCurKeySizeMin+\" and \"+g_nCurKeySizeMax+\", and be a multiple of \"+g_nCurKeySizeInc+\".\"";
|
|
var L_CSPNotSupportTemplateKeySpec_Message="\"You may have selected a CSP that does not support the key type defined in the template. Please modify the key type in the template or select either different CSP or certificate template.\"";
|
|
var L_TemplateKeySizeTooBig_ErrorMessage = "\"The certificate type you selected requires minimum key size of \" + g_nCurTemplateKeySizeMin + \".\\nIt is bigger than the maximum size of \" + g_nCurKeySizeMax + \".\\nPlease change the number or select a different CSP.\"";
|
|
var L_NoCntnrName_ErrorMessage="Please enter a key container name.";
|
|
var L_BadOid_ErrorMessage="Please enter a valid OID, or choose a predefined certificate type.\nMultiple OIDs must be separated with a comma.";
|
|
var L_NoExportFileName_ErrorMessage="Please enter a file name for exporting the keys.";
|
|
var L_NoSaveReqFileName_ErrorMessage="Please enter a file name for saving the request.";
|
|
var L_Generating_Message="Generating request...";
|
|
var L_UserEKUCert_Text="\"User-EKU (\"+sCertUsage+\") Certificate\"";
|
|
var L_RequestSaved_Message="Request saved to file.";
|
|
var L_Waiting_Message="Waiting for server response...";
|
|
var L_ErrNameUnknown_ErrorMessage="(unknown)";
|
|
var L_SugCauseNone_ErrorMessage="No suggestion.";
|
|
var L_SugCauseBadCSP_ErrorMessage="The CSP you chose was unable to process the request. Try a different CSP.";
|
|
var L_SugCauseKeysetFull_ErrorMessage="The security token does not have storage space available for an additional container.";
|
|
var L_SugCauseBadSetting2_ErrorMessage="The CSP you chose does not support one or more of the settings you have made, such as key size, key spec, hash algorithm, etc. Try using different settings or a different CSP.";
|
|
var L_SugCauseBadKeyContainer_ErrorMessage="Either the key container you specified does not exist, or the CSP you chose was unable to process the request. Enter the name of an existing key container; choose 'Create new keyset'; or try a different CSP.";
|
|
var L_SugCauseExistKeyContainer_ErrorMessage="The container you named already exists. When creating a new key, you must use a new container name.";
|
|
var L_SugCauseBadChar_ErrorMessage="You entered an invalid character. Report a bug, because this should have been caught in validation.";
|
|
var L_SugCauseBadHash_ErrorMessage="The hash algorithm you selected cannot be used for signing. Please select a different hash algorithm.";
|
|
var L_SugCauseNoFileName_ErrorMessage="You did not enter a file name.";
|
|
var L_SugCauseCryptArchivableNotSupp_ErrorMessage="The CSP you chose does not support the creation of keys which can be archived but not exported.";
|
|
var L_ErrNameNoFileName_ErrorMessage="(no file name)";
|
|
var L_SugCauseNotAdmin_ErrorMessage="You must be an administrator to generate a key in the local machine store.";
|
|
var L_ErrNamePermissionDenied_ErrorMessage="Permission Denied";
|
|
var L_SugCausePermissionToWrite_ErrorMessage = "You do not have write permission to save the file to the path";
|
|
var L_SugCauseBadFileName_ErrorMessage="The file name you specified is not a valid file name. Try a different file name.";
|
|
var L_SugCauseBadDrive_ErrorMessage="The drive you specified is not ready. Insert a disk in the drive or try a different file name.";
|
|
var L_SugCauseNoProfile_ErrorMessage="The profile for the user is a temporary profile.";
|
|
var L_SugCauseCAExSignerNotFound_ErrorMessage="A certificate chain could not be built to a trusted root authority.";
|
|
var L_SugCauseCAExNotTrusted_ErrorMessage="A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.";
|
|
var L_DownLevelClients_ErrorMessage="This error can be caused by requesting Key Archival for the new private key, which may not be supported on this platform.";
|
|
var L_SugCauseCancelled_ErrorMessage="The operation was canceled by the user.";
|
|
var L_SCARD_E_NOMEMORYMSG_ErrorMessage="Not enough memory available to complete this command.";
|
|
var L_SCARD_F_WAITEDTOOLONG_ErrorMessage="An internal consistency timer has expired.";
|
|
var L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage="The data buffer to receive returned data is too small for the returned data.";
|
|
var L_SCARD_E_UNKNOWNREADER_ErrorMessage="The specified reader name is not recognized.";
|
|
var L_SCARD_E_NOSMARTCARD_ErrorMessage="The operation requires a Smart Card, but no Smart Card is currently in the device.";
|
|
var L_SCARD_E_UNKNOWNCARD_ErrorMessage="The specified smart card name is not recognized.";
|
|
var L_SCARD_E_NOTREADY_ErrorMessage="The reader or smart card is not ready to accept commands.";
|
|
var L_SCARD_F_COMMERROR_ErrorMessage="An internal communications error has been detected.";
|
|
var L_SCARD_E_NOSERVICE_ErrorMessage="The Smart card resource manager is not running.";
|
|
var L_SCARD_E_SERVICESTOPPED_ErrorMessage="The Smart card resource manager has shut down.";
|
|
var L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage="Cannot find a smart card reader.";
|
|
var L_SCARD_E_COMMDATALOST_ErrorMessage="A communications error with the smart card has been detected. Retry the operation.";
|
|
var L_SCARD_E_NOKEYCONTAINER_ErrorMessage="The requested key container does not exist on the smart card.";
|
|
var L_SCARD_W_UNPOWEREDCARD_ErrorMessage="Power has been removed from the smart card, so that further communication is not possible.";
|
|
var L_SCARD_W_REMOVEDCARD_ErrorMessage="The smart card has been removed, so that further communication is not possible.";
|
|
var L_SCARD_W_WRONGCHV_ErrorMessage="The card cannot be accessed because the wrong PIN was presented.";
|
|
var L_SCARD_W_CHVBLOCKED_ErrorMessage="The card cannot be accessed because the maximum number of PIN entry attempts has been reached.";
|
|
var L_SCARD_W_EOF_ErrorMessage="The end of the smart card file has been reached.";
|
|
var L_SCARD_W_CANCELLEDBYUSER_ErrorMessage="The action was cancelled by the user.";
|
|
var L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage="No PIN was presented to the smart card.";
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
;
|
|
var L_TemplateLoadErrNoneFound_ErrorMessage="No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory.";
|
|
var L_TemplateLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the certificate template list.\"";
|
|
var L_TemplateCert_Text= "sFriendlyName+\" Certificate\"";
|
|
<%End If%>
|
|
|
|
// IE is not ready until XEnroll has been loaded
|
|
var g_bOkToSubmit=false;
|
|
var g_bSubmitPending=false;
|
|
|
|
// some constants defined in wincrypt.h:
|
|
var CRYPT_EXPORTABLE=1;
|
|
var CRYPT_USER_PROTECTED=2;
|
|
var CRYPT_MACHINE_KEYSET=0x20;
|
|
var AT_KEYEXCHANGE=1;
|
|
var AT_SIGNATURE=2;
|
|
var CERT_SYSTEM_STORE_LOCATION_SHIFT=16;
|
|
var CERT_SYSTEM_STORE_LOCAL_MACHINE_ID=2;
|
|
var CERT_SYSTEM_STORE_LOCAL_MACHINE=CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT;
|
|
var ALG_CLASS_ANY=0
|
|
var ALG_CLASS_SIGNATURE=1<<13;
|
|
var ALG_CLASS_HASH=4<<13;
|
|
var PROV_DSS=3;
|
|
var PROV_DSS_DH=13;
|
|
var PROV_DH_SCHANNEL=18;
|
|
|
|
|
|
// convenience constants, for readability
|
|
var KEY_USAGE_EXCH=0;
|
|
var KEY_USAGE_SIG=1;
|
|
var KEY_USAGE_BOTH=2;
|
|
|
|
var XEKL_KEYSIZE_MIN=1;
|
|
var XEKL_KEYSIZE_MAX=2;
|
|
var XEKL_KEYSIZE_INC=3;
|
|
var XEKL_KEYSIZE_DEFAULT=4;
|
|
var XEKL_KEYSPEC_KEYX=1;
|
|
var XEKL_KEYSPEC_SIG=2;
|
|
|
|
// defaults
|
|
var KEY_LEN_MIN_DEFAULT=384;
|
|
var KEY_LEN_MAX_DEFAULT=16384;
|
|
var KEY_LEN_MY_DEFAULT=1024;
|
|
var KEY_LEN_INC_DEFAULT=8;
|
|
|
|
// for key size
|
|
var g_nCurKeySizeMax;
|
|
var g_nCurKeySizeMin;
|
|
var g_nCurKeySizeDefault;
|
|
var g_nCurKeySizeInc;
|
|
var g_bCSPUpdate;
|
|
|
|
var g_nCurTemplateKeySizeMin = 0; //init to 0
|
|
|
|
var XECR_PKCS10_V2_0=1;
|
|
var XECR_PKCS7=2;
|
|
var XECR_CMC=3;
|
|
|
|
var XECT_EXTENSION_V1=1;
|
|
var XECT_EXTENSION_V2=2;
|
|
|
|
//================================================================
|
|
// INITIALIZATION ROUTINES
|
|
|
|
function removeV2KATemplate()
|
|
{
|
|
var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001;
|
|
//downlevel machines, no V2 templates with KA
|
|
var nTemplateCount = document.UIForm.lbCertTemplate.length;
|
|
var n, sTemplate, sCTEOID;
|
|
for (n = nTemplateCount - 1; n > -1 ; --n)
|
|
{
|
|
sTemplate = document.UIForm.lbCertTemplate.options[n].value;
|
|
sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, sTemplate);
|
|
var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, sTemplate);
|
|
if ("" != sCTEOID && 0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL))
|
|
{
|
|
//v2 template with KA
|
|
document.UIForm.lbCertTemplate.options.remove(n);
|
|
}
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// This contains the functions we want executed immediately after load completes
|
|
function postLoad() {
|
|
// Load an XEnroll object into the page
|
|
loadXEnroll("postLoadPhase2()");
|
|
handleSaveReq();
|
|
handleCMCFormat();
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (!isClientAbleToCreateCMC())
|
|
{
|
|
//downlevel machines
|
|
removeV2KATemplate();
|
|
}
|
|
<%End If%>
|
|
}
|
|
function postLoadPhase2() {
|
|
// continued from above
|
|
var nResult;
|
|
|
|
// get the CSP list
|
|
nResult=GetCSPList();
|
|
if (0!=nResult) {
|
|
handleLoadError(nResult, L_CspLoadErrNoneFound_ErrorMessage, L_CspLoadErrUnexpected_ErrorMessage);
|
|
return;
|
|
}
|
|
|
|
<%If "StandAlone"<>sServerType And 0<>nWriteTemplateResult Then%>
|
|
handleLoadError(<%=nWriteTemplateResult%>, L_TemplateLoadErrNoneFound_ErrorMessage, L_TemplateLoadErrUnexpected_ErrorMessage);
|
|
return;
|
|
<%End If%>
|
|
|
|
// Now we're ready to go
|
|
g_bOkToSubmit=true;
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
handleTemplateChange();
|
|
<%Else%>
|
|
handleCSPChange();
|
|
<%End If%>
|
|
// dynamic styles are not preserved so
|
|
// make sure dynamic UI is updated after 'back'
|
|
handleKeyGen();
|
|
handleMarkExport(false);
|
|
handleExportKeys();
|
|
<%If "StandAlone"=sServerType Then%>
|
|
handleUsageOID(false);
|
|
<%End If%>
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// handle errors from GetCSPList() and GetTemplateList()
|
|
function handleLoadError(nResult, sNoneFound, sUnexpected) {
|
|
if (-1==nResult) {
|
|
alert(sNoneFound);
|
|
} else {
|
|
var sErrorNumber="0x"+toHex(nResult);
|
|
alert(eval(sUnexpected));
|
|
}
|
|
disableAllControls();
|
|
}
|
|
|
|
//================================================================
|
|
// PAGE MANAGEMENT ROUTINES
|
|
|
|
<%If "StandAlone"=sServerType Then%>
|
|
//----------------------------------------------------------------
|
|
// handle the appearance of the text box when 'other...' is selected
|
|
function handleUsageOID(bFocus) {
|
|
if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value) {
|
|
spnEKUOther1.style.display='';
|
|
spnEKUOther2.style.display='';
|
|
if (bFocus) {
|
|
document.UIForm.lbUsageOID.blur();
|
|
document.UIForm.tbEKUOther.select();
|
|
document.UIForm.tbEKUOther.focus();
|
|
}
|
|
} else {
|
|
spnEKUOther1.style.display='none';
|
|
spnEKUOther2.style.display='none';
|
|
}
|
|
}
|
|
<%End If%>
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
//----------------------------------------------------------------
|
|
|
|
|
|
function getTemplateValueInfo(nIndex, sTemplate)
|
|
{
|
|
var sValue=getTemplateStringInfo(nIndex, sTemplate);
|
|
return parseInt(sValue);
|
|
}
|
|
|
|
// handle a change in the current template
|
|
function isDNNeeded() {
|
|
var sValue=getTemplateStringInfo(CTINFO_INDEX_OFFLINE, null);
|
|
if ("O"==sValue)
|
|
{
|
|
//offline template needs DN
|
|
return true;
|
|
}
|
|
|
|
//check template subject flag
|
|
var lSubjectFlag = getTemplateValueInfo(CTINFO_INDEX_SUBJECTFLAG, null);
|
|
var CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT=0x00000001;
|
|
return (0x0 != (lSubjectFlag & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT));
|
|
}
|
|
|
|
function isTemplateKeyArchival()
|
|
{
|
|
var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001;
|
|
var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null);
|
|
return (0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL));
|
|
}
|
|
|
|
function isSMimeCapabilities()
|
|
{
|
|
var CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS=0x00000001;
|
|
var lFlags=getTemplateValueInfo(CTINFO_INDEX_ENROLLFLAG, null);
|
|
return (0x0 != (lFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS));
|
|
}
|
|
|
|
function getTemplateMinKeySize()
|
|
{
|
|
var lKeyFlags = getTemplateValueInfo(CTINFO_INDEX_KEYFLAG, null);
|
|
return (lKeyFlags & 0xFFFF0000) >> 16;
|
|
}
|
|
|
|
function updateCSPList()
|
|
{
|
|
//get csp list separated from template data
|
|
var sCSPList = getTemplateStringInfo(CTINFO_INDEX_CSPLIST, null);
|
|
if ("" != sCSPList)
|
|
{
|
|
updateCSPListFromStrings(sCSPList);
|
|
}
|
|
else
|
|
{
|
|
//remove current csps from list
|
|
//strange reasons this remove code can't be in GetCSPList
|
|
var n;
|
|
var nCSP = document.UIForm.lbCSP.length;
|
|
for (n = 0; n < nCSP-1; ++n)
|
|
{
|
|
document.UIForm.lbCSP.remove(0);
|
|
}
|
|
GetCSPList();
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// handle a change in the current template
|
|
function handleTemplateChange()
|
|
{
|
|
if (false==isDNNeeded()) {
|
|
spnIDInfo.style.display="none";
|
|
} else {
|
|
spnIDInfo.style.display="";
|
|
}
|
|
|
|
//update csp list from the template
|
|
updateCSPList();
|
|
handleCSPChange();
|
|
|
|
//handle key spec
|
|
var lKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null);
|
|
var fDisabled = true;
|
|
if ((0x0 != (AT_KEYEXCHANGE & lKeySpec)) &&
|
|
(0x0 != (AT_SIGNATURE & lKeySpec)) )
|
|
{
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
|
|
}
|
|
else if (0x0 != (AT_KEYEXCHANGE & lKeySpec))
|
|
{
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true;
|
|
}
|
|
else if (0x0 != (AT_SIGNATURE & lKeySpec))
|
|
{
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true;
|
|
}
|
|
else
|
|
{
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
|
|
fDisabled = false;
|
|
}
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].disabled=fDisabled;
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].disabled=fDisabled;
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].disabled=fDisabled;
|
|
|
|
//update exportable control
|
|
var lPrivateKeyFlags = getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null);
|
|
var CT_FLAG_EXPORTABLE_KEY = 0x10;
|
|
document.UIForm.cbMarkKeyExportable.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY));
|
|
handleMarkExport(true);
|
|
|
|
//update strong key protection control
|
|
var CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED = 0x20;
|
|
document.UIForm.cbStrongKey.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED));
|
|
handleStrongKeyAndLMStore(true);
|
|
|
|
//update template min key size
|
|
g_nCurTemplateKeySizeMin = getTemplateMinKeySize();
|
|
|
|
//update key size
|
|
handleKeyUsageChange(false);
|
|
|
|
//update CMC related
|
|
handleCMCFormat();
|
|
|
|
var lRASignatures = getTemplateValueInfo(CTINFO_INDEX_RASIGNATURE, null);
|
|
var fSave = 0 < lRASignatures;
|
|
//enforce save to file, can't submit if signing
|
|
document.UIForm.cbSaveRequest.checked = fSave;
|
|
document.UIForm.cbSaveRequest.disabled = fSave;
|
|
handleSaveReq();
|
|
|
|
}
|
|
<%End If%>
|
|
|
|
//----------------------------------------------------------------
|
|
// handle a change in the current CSP
|
|
function handleCSPChange() {
|
|
|
|
if (0 == document.UIForm.lbCSP.length)
|
|
{
|
|
//no csp, disable submit button
|
|
document.UIForm.btnSubmit.disabled = true;
|
|
return;
|
|
}
|
|
else
|
|
{
|
|
document.UIForm.btnSubmit.disabled = false;
|
|
}
|
|
var nCSPIndex=document.UIForm.lbCSP.selectedIndex;
|
|
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
|
|
var nProvType=document.UIForm.lbCSP.options[nCSPIndex].value;
|
|
XEnroll.ProviderType=nProvType;
|
|
<%If "Enterprise"=sServerType Then%>
|
|
var nTemplateKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null);
|
|
<%End If%>
|
|
|
|
// update the key spec options. If we support both, default to key exchange
|
|
var nSupportedKeyUsages=XEnroll.GetSupportedKeySpec();
|
|
if (0==nSupportedKeyUsages) {
|
|
nSupportedKeyUsages=AT_SIGNATURE | AT_KEYEXCHANGE;
|
|
}
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (0==nTemplateKeySpec) {
|
|
nTemplateKeySpec=AT_SIGNATURE | AT_KEYEXCHANGE;
|
|
}
|
|
nSupportedKeyUsages = nTemplateKeySpec & nSupportedKeyUsages;
|
|
<%End If%>
|
|
|
|
if (PROV_DSS==nProvType || PROV_DSS_DH==nProvType || PROV_DH_SCHANNEL==nProvType) {
|
|
nSupportedKeyUsages=AT_SIGNATURE;
|
|
}
|
|
|
|
if (0 == nSupportedKeyUsages)
|
|
{
|
|
spnBadCSPForKeySpecMsg.innerHTML=eval(L_CSPNotSupportTemplateKeySpec_Message);
|
|
trBadCSPForKeySpec.style.display="";
|
|
} else {
|
|
trBadCSPForKeySpec.style.display="none";
|
|
}
|
|
|
|
if (nSupportedKeyUsages&AT_SIGNATURE) {
|
|
spnKeyUsageSignature.style.display="";
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true;
|
|
} else {
|
|
spnKeyUsageSignature.style.display="none";
|
|
}
|
|
|
|
if (nSupportedKeyUsages&AT_KEYEXCHANGE) {
|
|
spnKeyUsageKeyExchange.style.display="";
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true;
|
|
} else {
|
|
spnKeyUsageKeyExchange.style.display="none";
|
|
}
|
|
|
|
if ((AT_SIGNATURE|AT_KEYEXCHANGE)==nSupportedKeyUsages) {
|
|
spnKeyUsageBoth.style.display="";
|
|
document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true;
|
|
} else {
|
|
spnKeyUsageBoth.style.display="none";
|
|
}
|
|
|
|
handleKeyUsageChange(true);
|
|
UpdateHashAlgList(nProvType);
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// two cases invoke handleKeyUsageChange:
|
|
// 1) csp selection change
|
|
// 2) exchange vs. signature change
|
|
function handleKeyUsageChange(bCSPChange) {
|
|
// get the min, max, and default length from the CSP
|
|
var bExchange=document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked || document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked ;
|
|
|
|
g_nCurKeySizeMax=MyGetKeyLen(XEKL_KEYSIZE_MAX, bExchange);
|
|
g_nCurKeySizeMin=MyGetKeyLen(XEKL_KEYSIZE_MIN, bExchange);
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (0 != g_nCurTemplateKeySizeMin)
|
|
{
|
|
g_nCurKeySizeMin=Math.max(g_nCurKeySizeMin, g_nCurTemplateKeySizeMin);
|
|
}
|
|
<%End If%>
|
|
g_nCurKeySizeDefault=MyGetKeyLen(XEKL_KEYSIZE_DEFAULT, bExchange);
|
|
g_nCurKeySizeInc=MyGetKeyLen(XEKL_KEYSIZE_INC, bExchange);
|
|
|
|
// set to default lenth
|
|
if ("0"==document.UIForm.tbKeySize.value || true == bCSPChange)
|
|
{
|
|
//"0" likely init load or typed in, not bad go default
|
|
// or csp changed, set to default length
|
|
document.UIForm.tbKeySize.value = g_nCurKeySizeDefault;
|
|
}
|
|
|
|
// show the min and max
|
|
spnKeySizeMin.innerText=g_nCurKeySizeMin;
|
|
spnKeySizeMax.innerText=g_nCurKeySizeMax;
|
|
|
|
// keep the key size in bounds
|
|
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
|
|
if (isNaN(nKeySize) || nKeySize>g_nCurKeySizeMax) {
|
|
document.UIForm.tbKeySize.value=g_nCurKeySizeMax;
|
|
} else if (nKeySize<g_nCurKeySizeMin) { //>
|
|
document.UIForm.tbKeySize.value=g_nCurKeySizeMin;
|
|
}
|
|
|
|
// update list of valid common key sizes
|
|
var nPowerSize=128;
|
|
var sCommonKeys="";
|
|
while (nPowerSize<g_nCurKeySizeMin) { //>
|
|
nPowerSize*=2;
|
|
}
|
|
while (nPowerSize<=g_nCurKeySizeMax) {
|
|
sCommonKeys+=getKeySizeLinkHtmlString(nPowerSize)+" ";
|
|
nPowerSize*=2;
|
|
}
|
|
spnKeySizeCommon.innerHTML=sCommonKeys;
|
|
handleKeySizeChange();
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
function getKeySizeLinkHtmlString(nKeySize) {
|
|
return "<Span tabindex=0 Style=\"cursor:hand; color:#0000FF; text-decoration:underline;\""
|
|
+" OnContextMenu=\"return false;\""
|
|
+" OnMouseOver=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\""
|
|
+" OnMouseOut=\"window.status='';return true;\""
|
|
+" OnMouseUp=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\""
|
|
+" OnKeyDown=\"if (13==event.keyCode) {document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;} else if (9==event.keyCode) {return true;};return false;\""
|
|
+" OnClick=\"document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;\">"
|
|
+nKeySize+"</Span>";
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleSaveReq() {
|
|
if (document.UIForm.cbSaveRequest.checked) {
|
|
spnSaveRequest.style.display='';
|
|
document.UIForm.btnSubmit.style.display='none';
|
|
document.UIForm.btnSave.style.display='';
|
|
spnSubmitAttrLable.style.display='none';
|
|
spnSubmitAttrBox.style.display='none';
|
|
} else {
|
|
spnSaveRequest.style.display='none';
|
|
document.UIForm.btnSubmit.style.display='';
|
|
document.UIForm.btnSave.style.display='none';
|
|
spnSubmitAttrLable.style.display='';
|
|
spnSubmitAttrBox.style.display='';
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleMarkExport(fFromTemplate) {
|
|
<%If bEnableExportKeyToFile Then%>
|
|
if (document.UIForm.cbMarkKeyExportable.checked) {
|
|
spnMarkKeyExportable.style.display='';
|
|
document.UIForm.cbMarkKeyExportable.disabled = false;
|
|
} else {
|
|
spnMarkKeyExportable.style.display='none';
|
|
if (fFromTemplate)
|
|
{
|
|
//disable it to enforce template non-exportable
|
|
document.UIForm.cbMarkKeyExportable.disabled = true;
|
|
}
|
|
else
|
|
{
|
|
//enable
|
|
document.UIForm.cbMarkKeyExportable.disabled = false;
|
|
}
|
|
}
|
|
<%End If%>
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleExportKeys() {
|
|
<%If bEnableExportKeyToFile Then%>
|
|
if (document.UIForm.cbExportKeys.checked) {
|
|
spnExportKeys.style.display='';
|
|
} else {
|
|
spnExportKeys.style.display='none';
|
|
}
|
|
<%End If%>
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleKeyGen() {
|
|
if (document.UIForm.rbKeyGen[0].checked) {
|
|
// create new keyset
|
|
trGenContName.style.display='';
|
|
trGenContNameSpc.style.display='';
|
|
trKeyGenWarn.style.display='none';
|
|
|
|
handleGenContName();
|
|
<%If "Enterprise"=sServerType Then%>
|
|
handleTemplateChange();
|
|
<%Else%>
|
|
handleStrongKeyAndLMStore(false);
|
|
<%End If%>
|
|
|
|
trMarkExport.style.display='';
|
|
trMarkExportSpc.style.display='';
|
|
} else {
|
|
// Use existing key set
|
|
trGenContName.style.display='none';
|
|
trGenContNameSpc.style.display='none';
|
|
trKeyGenWarn.style.display='';
|
|
|
|
handleGenContName();
|
|
handleStrongKeyAndLMStore(false);
|
|
|
|
document.UIForm.cbMarkKeyExportable.checked=false;
|
|
trMarkExport.style.display='none';
|
|
trMarkExportSpc.style.display='none';
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleGenContName() {
|
|
if (document.UIForm.rbGenContName[0].checked && document.UIForm.rbKeyGen[0].checked) {
|
|
trContName.style.display='none';
|
|
trContNameSpc.style.display='none';
|
|
} else {
|
|
trContName.style.display='';
|
|
trContNameSpc.style.display='';
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleSetContainer() {
|
|
if (document.UIForm.cbSetContainer.checked) {
|
|
spnNewContainer.style.display='';
|
|
} else {
|
|
spnNewContainer.style.display='none';
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleKeySizeChange() {
|
|
var sKeySize = document.UIForm.tbKeySize.value;
|
|
if (0 == sKeySize.indexOf("0"))
|
|
{
|
|
//first digit is 0, wipe it out
|
|
document.UIForm.tbKeySize.value = "";
|
|
return;
|
|
}
|
|
var nKeySize=parseInt(sKeySize);
|
|
if (isNaN(nKeySize)) {
|
|
nKeySize=0;
|
|
}
|
|
if (nKeySize>2048) {
|
|
trKeySizeWarn.style.display='';
|
|
} else {
|
|
trKeySizeWarn.style.display='none';
|
|
}
|
|
if (nKeySize<g_nCurKeySizeMin || nKeySize>g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) {
|
|
// clamp the current key size to be within the range
|
|
var nCloseBelow=nKeySize;
|
|
if (nCloseBelow<g_nCurKeySizeMin) { //>
|
|
nCloseBelow=g_nCurKeySizeMin;
|
|
} else if (nCloseBelow>g_nCurKeySizeMax) {
|
|
nCloseBelow=g_nCurKeySizeMax;
|
|
}
|
|
var nCloseAbove=nCloseBelow;
|
|
// find closest values above and below
|
|
nCloseBelow-=nCloseBelow%g_nCurKeySizeInc;
|
|
nCloseAbove+=(g_nCurKeySizeInc-nCloseAbove%g_nCurKeySizeInc)%g_nCurKeySizeInc;
|
|
var sCloseAbove=getKeySizeLinkHtmlString(nCloseAbove);
|
|
var sCloseBelow=getKeySizeLinkHtmlString(nCloseBelow);
|
|
if (g_nCurKeySizeMax < g_nCurTemplateKeySizeMin) {
|
|
spnKeySizeBadMsg.innerHTML=eval(L_WarningTemplateKeySize_Message);
|
|
} else if (nCloseAbove==nCloseBelow) {
|
|
spnKeySizeBadMsg.innerHTML=eval(L_RecommendOneKeySize_Message);
|
|
} else {
|
|
spnKeySizeBadMsg.innerHTML=eval(L_RecommendTwoKeySizes_Message);
|
|
}
|
|
trKeySizeBad.style.display="";
|
|
trKeySizeBadSpc.style.display="";
|
|
} else {
|
|
trKeySizeBad.style.display="none";
|
|
trKeySizeBadSpc.style.display="none";
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// morphing routine
|
|
function handleStrongKeyAndLMStore(fFromTemplate) {
|
|
// If we took the value from the template, and the checkbox is checked, the disable it
|
|
if (document.UIForm.cbStrongKey.checked && fFromTemplate) {
|
|
//disable it to enforce template non-exportable
|
|
document.UIForm.cbStrongKey.disabled = true;
|
|
} else {
|
|
document.UIForm.cbStrongKey.disabled = false ;
|
|
}
|
|
|
|
if (document.UIForm.cbStrongKey.checked && document.UIForm.rbKeyGen[0].checked) {
|
|
trLMStoreSpc.style.display='none';
|
|
trLMStore.style.display='none';
|
|
document.UIForm.cbLocalMachineStore.checked=false;
|
|
} else {
|
|
trLMStoreSpc.style.display='';
|
|
trLMStore.style.display='';
|
|
}
|
|
|
|
if (document.UIForm.cbLocalMachineStore.checked || !document.UIForm.rbKeyGen[0].checked) {
|
|
trStrongKeySpc.style.display='none';
|
|
trStrongKey.style.display='none';
|
|
document.UIForm.cbStrongKey.checked=false;
|
|
} else {
|
|
trStrongKeySpc.style.display='';
|
|
trStrongKey.style.display='';
|
|
}
|
|
}
|
|
//----------------------------------------------------------------
|
|
// handle CMC Format
|
|
function handleCMCFormat() {
|
|
if (isClientAbleToCreateCMC())
|
|
{
|
|
<%If "Enterprise"=sServerType Then%>
|
|
//change request format controls
|
|
if (isTemplateKeyArchival())
|
|
{
|
|
//enforce CMC
|
|
document.UIForm.rbRequestFormat[0].disabled=true;
|
|
document.UIForm.rbRequestFormat[0].checked=true;
|
|
document.UIForm.rbRequestFormat[1].disabled=true;
|
|
}
|
|
else
|
|
{
|
|
document.UIForm.rbRequestFormat[0].disabled=false;
|
|
document.UIForm.rbRequestFormat[1].disabled=false;
|
|
}
|
|
<%End If%>
|
|
}
|
|
else
|
|
{
|
|
//no cmc, disable it, only pkcs10
|
|
document.UIForm.rbRequestFormat[0].disabled=true;
|
|
document.UIForm.rbRequestFormat[1].disabled=true;
|
|
document.UIForm.rbRequestFormat[1].checked=true;
|
|
}
|
|
}
|
|
|
|
//================================================================
|
|
// SUBMIT ROUTINES
|
|
|
|
//----------------------------------------------------------------
|
|
// determine what to do when the submit button is pressed
|
|
function goNext() {
|
|
if (false==g_bOkToSubmit) {
|
|
alert(L_StillLoading_ErrorMessage);
|
|
} else if (true==g_bSubmitPending) {
|
|
// ignore, because we are already prcessing a request.
|
|
} else {
|
|
SubmitRequest();
|
|
}
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// check for invalid characters and empty strings
|
|
function isValidIA5String(sSource) {
|
|
var nIndex;
|
|
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
|
|
if (sSource.charCodeAt(nIndex)>127) { // NOTE: this is better, but not compatible with old browsers.
|
|
return false;
|
|
}
|
|
};
|
|
return true;
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// check for invalid characters
|
|
function isValidCountryField(tbCountry) {
|
|
tbCountry.value=tbCountry.value.toUpperCase();
|
|
var sSource=tbCountry.value;
|
|
var nIndex, ch;
|
|
if (0!=sSource.length && 2!=sSource.length) {
|
|
return false;
|
|
}
|
|
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
|
|
ch=sSource.charAt(nIndex)
|
|
if (ch<"A" || ch>"Z") {
|
|
return false;
|
|
}
|
|
};
|
|
return true;
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// check for invalid characters in an OID
|
|
function isValidOid(sSource) {
|
|
var nIndex, ch;
|
|
if (0==sSource.length) {
|
|
return true;
|
|
}
|
|
for (nIndex=sSource.length-1; nIndex>=0; nIndex--) {
|
|
ch=sSource.charAt(nIndex)
|
|
if (ch!="." && ch!="," && (ch<"0" || ch>"9")) {
|
|
return false;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// set a label to normal style
|
|
function markLabelNormal(spn) {
|
|
spn.style.color="#000000";
|
|
spn.style.fontWeight='normal';
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// set a label to error state
|
|
function markLabelError(spn) {
|
|
spn.style.color='#FF0000';
|
|
spn.style.fontWeight='bold';
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
// check that the form has data in it
|
|
function validateRequest() {
|
|
markLabelNormal(spnNameLabel);
|
|
markLabelNormal(spnEmailLabel);
|
|
markLabelNormal(spnCompanyLabel);
|
|
markLabelNormal(spnDepartmentLabel);
|
|
markLabelNormal(spnCityLabel);
|
|
markLabelNormal(spnStateLabel);
|
|
markLabelNormal(spnCountryLabel);
|
|
|
|
var bOK=true;
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (true==isDNNeeded()) {
|
|
<%End If%>
|
|
var fldFocusMe=null;
|
|
if (false==isValidCountryField(document.UIForm.tbCountry)) {
|
|
bOK=false;
|
|
fldFocusMe=document.UIForm.tbCountry;
|
|
markLabelError(spnCountryLabel);
|
|
}
|
|
// document.UIForm.tbState.value OK
|
|
// document.UIForm.tbLocality.value OK
|
|
// document.UIForm.tbOrgUnit.value OK
|
|
// document.UIForm.tbOrg.value OK
|
|
if (false==isValidIA5String(document.UIForm.tbEmail.value))
|
|
{
|
|
bOK=false;
|
|
fldFocusMe=document.UIForm.tbEmail;
|
|
markLabelError(spnEmailLabel);
|
|
}
|
|
<%If "StandAlone"=sServerType Then%>
|
|
if ("1.3.6.1.5.5.7.3.4"==document.UIForm.lbUsageOID.value && ""==document.UIForm.tbEmail.value)
|
|
{
|
|
bOK=false;
|
|
fldFocusMe=document.UIForm.tbEmail;
|
|
markLabelError(spnEmailLabel);
|
|
}
|
|
if (""==document.UIForm.tbCommonName.value)
|
|
{
|
|
bOK=false;
|
|
fldFocusMe=document.UIForm.tbCommonName;
|
|
markLabelError(spnNameLabel);
|
|
}
|
|
<%End If%>
|
|
|
|
if (false==bOK) {
|
|
spnFixTxt.style.display='';
|
|
window.scrollTo(0,0);
|
|
fldFocusMe.focus();
|
|
}
|
|
<%If "Enterprise"=sServerType Then%>
|
|
} // <- End if offline template
|
|
<%End If%>
|
|
|
|
<%If "StandAlone"=sServerType Then%>
|
|
// Check the OID field
|
|
if (true==bOK) {
|
|
if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value
|
|
&& false==isValidOid(document.UIForm.tbEKUOther.value)) {
|
|
alert(L_BadOid_ErrorMessage);
|
|
document.UIForm.tbEKUOther.focus();
|
|
bOK=false;
|
|
}
|
|
}
|
|
<%End If%>
|
|
|
|
// Check the keysize field
|
|
if (true==bOK) {
|
|
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
|
|
var sMessage;
|
|
if (isNaN(nKeySize)) {
|
|
sMessage=L_KeySizeNotNumber_ErrorMessage;
|
|
bOK=false;
|
|
} else if (g_nCurTemplateKeySizeMin > g_nCurKeySizeMax) {
|
|
sMessage=eval(L_TemplateKeySizeTooBig_ErrorMessage);
|
|
bOK = false;
|
|
} else if (nKeySize < g_nCurKeySizeMin || nKeySize > g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) {
|
|
sMessage=eval(L_KeySizeBadNumber_ErrorMessage);
|
|
bOK=false;
|
|
}
|
|
if (false==bOK) {
|
|
alert (sMessage);
|
|
document.UIForm.tbKeySize.focus();
|
|
}
|
|
}
|
|
|
|
// Check the container name
|
|
if (true==bOK) {
|
|
if (document.UIForm.rbKeyGen[1].checked
|
|
|| (document.UIForm.rbKeyGen[0].checked && document.UIForm.rbGenContName[1].checked)) {
|
|
if (""==document.UIForm.tbContainerName.value) {
|
|
bOK=false;
|
|
alert(L_NoCntnrName_ErrorMessage);
|
|
document.UIForm.tbContainerName.focus();
|
|
}
|
|
}
|
|
}
|
|
|
|
<%If bEnableExportKeyToFile Then%>
|
|
// Check the exported private key file name
|
|
if (true==bOK) {
|
|
if (document.UIForm.rbKeyGen[0].checked
|
|
&& document.UIForm.cbMarkKeyExportable.checked
|
|
&& document.UIForm.cbExportKeys.checked) {
|
|
if (""==document.UIForm.tbExportKeyFile.value) {
|
|
bOK=false;
|
|
alert(L_NoExportFileName_ErrorMessage);
|
|
document.UIForm.tbExportKeyFile.focus();
|
|
}
|
|
}
|
|
}
|
|
<%End If%>
|
|
|
|
// Check the saved-request file name
|
|
if (true==bOK) {
|
|
if (document.UIForm.cbSaveRequest.checked) {
|
|
if (""==document.UIForm.tbSaveReqFile.value) {
|
|
bOK=false;
|
|
alert(L_NoSaveReqFileName_ErrorMessage);
|
|
document.UIForm.tbSaveReqFile.focus();
|
|
}
|
|
}
|
|
}
|
|
|
|
return bOK;
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
function SubmitRequest() {
|
|
g_bSubmitPending=true;
|
|
|
|
// check that the form is filled in
|
|
spnErrorTxt.style.display='none';
|
|
spnFixTxt.style.display='none';
|
|
if (false==validateRequest()) {
|
|
g_bSubmitPending=false;
|
|
return;
|
|
}
|
|
|
|
// show a nice message since request creation can take a while
|
|
ShowTransientMessage(L_Generating_Message);
|
|
|
|
// Make the message show up on the screen,
|
|
// then continue with 'SubmitRequest':
|
|
// Pause 10 mS before executing phase 2,
|
|
// so screen will have time to repaint.
|
|
setTimeout("SubmitRequestPhase2();", 10);
|
|
}
|
|
function SubmitRequestPhase2() {
|
|
// continued from above
|
|
|
|
<%If "StandAlone"=sServerType Then%>
|
|
//
|
|
// Stand-Alone Options
|
|
//
|
|
|
|
// set the extended key usage and certificate request 'friendly type'
|
|
var nUsageIndex=document.UIForm.lbUsageOID.selectedIndex;
|
|
var sCertUsage;
|
|
if ("**"==document.UIForm.lbUsageOID.options[nUsageIndex].value) {
|
|
sCertUsage=document.UIForm.tbEKUOther.value;
|
|
document.SubmittedData.FriendlyType.value=eval(L_UserEKUCert_Text);
|
|
} else {
|
|
sCertUsage=document.UIForm.lbUsageOID.options[nUsageIndex].value;
|
|
document.SubmittedData.FriendlyType.value=document.UIForm.lbUsageOID.options[nUsageIndex].text;
|
|
}
|
|
|
|
<%Else 'Enterprise%>
|
|
//
|
|
// Enterprise Options
|
|
//
|
|
|
|
// get cert template info
|
|
var lCTEVer = XECT_EXTENSION_V1;
|
|
var lCTEMajor = 0;
|
|
var bCTEfMinor = false;
|
|
var lCTEMinor = 0;
|
|
var sRealName = getTemplateStringInfo(CTINFO_INDEX_REALNAME, null);
|
|
var sFriendlyName = getTemplateStringInfo(CTINFO_INDEX_FRIENDLYNAME, null);
|
|
var sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, null);
|
|
if ("" == sCTEOID) {
|
|
//must v1 template, get template name
|
|
sCTEOID = sRealName;
|
|
} else {
|
|
// v2 template
|
|
lCTEVer = XECT_EXTENSION_V2;
|
|
lCTEMajor = getTemplateValueInfo(CTINFO_INDEX_EXTMAJ, null);
|
|
bCTEfMinor = getTemplateValueInfo(CTINFO_INDEX_EXTFMIN, null);
|
|
lCTEMinor = getTemplateValueInfo(CTINFO_INDEX_EXTMIN, null);
|
|
}
|
|
// set the cert template
|
|
vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor);
|
|
document.SubmittedData.FriendlyType.value=eval(L_TemplateCert_Text);
|
|
|
|
var sCertUsage=""; // ignored
|
|
|
|
<%End If 'StandAlone or Enterprise%>
|
|
//
|
|
// Common
|
|
//
|
|
|
|
// set the identifying info
|
|
var sDistinguishedName="";
|
|
if (""!=document.UIForm.tbCountry.value) {
|
|
sDistinguishedName+="C=\""+document.UIForm.tbCountry.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbState.value) {
|
|
sDistinguishedName+="S=\""+document.UIForm.tbState.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbLocality.value) {
|
|
sDistinguishedName+="L=\""+document.UIForm.tbLocality.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbOrg.value) {
|
|
sDistinguishedName+="O=\""+document.UIForm.tbOrg.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbOrgUnit.value) {
|
|
sDistinguishedName+="OU=\""+document.UIForm.tbOrgUnit.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbEmail.value) {
|
|
sDistinguishedName+="E=\""+document.UIForm.tbEmail.value.replace(/"/g, "\"\"") +"\";";
|
|
}
|
|
if (""!=document.UIForm.tbCommonName.value) {
|
|
sDistinguishedName+="CN=\""+document.UIForm.tbCommonName.value.replace(/"/g, "\"\"")+"\";";
|
|
}
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (false==isDNNeeded()) {
|
|
sDistinguishedName="";
|
|
}
|
|
<%End If%>
|
|
|
|
// append the local date to the type
|
|
document.SubmittedData.FriendlyType.value+=" ("+(new Date()).toLocaleString()+")";
|
|
|
|
//
|
|
// Key Options subheading:
|
|
//
|
|
|
|
// set the 'SaveCert' flag to install the cert instead of saving
|
|
document.SubmittedData.SaveCert.value="no";
|
|
|
|
// set the CSP
|
|
var nCSPIndex=document.UIForm.lbCSP.selectedIndex;
|
|
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
|
|
XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
|
|
|
|
// set the key size (the upper 16 bits of GenKeyFlags)
|
|
// note: this value has already been validated
|
|
var nKeySize=parseInt(document.UIForm.tbKeySize.value);
|
|
XEnroll.GenKeyFlags=nKeySize<<16;
|
|
|
|
// set the KeyUsage
|
|
if (document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked) {
|
|
XEnroll.KeySpec=AT_KEYEXCHANGE;
|
|
XEnroll.LimitExchangeKeyToEncipherment=true;
|
|
} else if (document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked) {
|
|
XEnroll.KeySpec=AT_SIGNATURE;
|
|
XEnroll.LimitExchangeKeyToEncipherment=false;
|
|
} else { // KEY_USAGE_BOTH
|
|
XEnroll.KeySpec=AT_KEYEXCHANGE;
|
|
XEnroll.LimitExchangeKeyToEncipherment=false;
|
|
}
|
|
|
|
// set the 'use existing key set' flag
|
|
if (document.UIForm.rbKeyGen[0].checked) {
|
|
XEnroll.UseExistingKeySet=false;
|
|
if (document.UIForm.rbGenContName[1].checked) {
|
|
XEnroll.ContainerName=document.UIForm.tbContainerName.value;
|
|
}
|
|
|
|
// set 'Strong private key protection'
|
|
// note: upper 16 bits already set as key size
|
|
if (document.UIForm.cbStrongKey.checked) {
|
|
XEnroll.GenKeyFlags|=CRYPT_USER_PROTECTED;
|
|
}
|
|
|
|
// mark the keys as exportable
|
|
if (document.UIForm.cbMarkKeyExportable.checked) {
|
|
XEnroll.GenKeyFlags|=CRYPT_EXPORTABLE;
|
|
|
|
<%If bEnableExportKeyToFile Then%>
|
|
// set the key export file (.pvk) and save the cert instead of installing
|
|
if (document.UIForm.cbExportKeys.checked) {
|
|
XEnroll.PVKFileName=document.UIForm.tbExportKeyFile.value;
|
|
document.SubmittedData.SaveCert.value="yes";
|
|
}
|
|
<%End If%>
|
|
}
|
|
|
|
} else {
|
|
// set the 'use existing key set' flag
|
|
XEnroll.UseExistingKeySet=true;
|
|
XEnroll.ContainerName=document.UIForm.tbContainerName.value;
|
|
}
|
|
|
|
|
|
// place the keys in the local machine store
|
|
if (document.UIForm.cbLocalMachineStore.checked) {
|
|
|
|
// the keys attached to the dummy request cert go in the local machine store
|
|
XEnroll.RequestStoreFlags=CERT_SYSTEM_STORE_LOCAL_MACHINE;
|
|
|
|
// used in CryptAcquireContext
|
|
XEnroll.ProviderFlags=CRYPT_MACHINE_KEYSET;
|
|
|
|
// the keys attached to the final cert also go in the local machine store
|
|
document.SubmittedData.TargetStoreFlags.value=CERT_SYSTEM_STORE_LOCAL_MACHINE;
|
|
} else {
|
|
|
|
// the keys attached to the final cert also go in the user store
|
|
document.SubmittedData.TargetStoreFlags.value=0; // 0=Use default (=user store)
|
|
}
|
|
|
|
var dwCreateRequestFlag = XECR_CMC;
|
|
if (document.UIForm.rbRequestFormat[1].checked)
|
|
{
|
|
dwCreateRequestFlag = XECR_PKCS10_V2_0;
|
|
}
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
//SMIME capabilities
|
|
XEnroll.EnableSMIMECapabilities = isSMimeCapabilities();
|
|
|
|
//Key archival
|
|
if (isTemplateKeyArchival())
|
|
{
|
|
var nResult = SetPrivateKeyArchiveCertificate(); //call VB
|
|
if (0 != nResult)
|
|
{
|
|
handleError(nResult);
|
|
return;
|
|
}
|
|
}
|
|
<%End If%>
|
|
|
|
if ("" != document.UIForm.tbFriendlyName.value)
|
|
{
|
|
//set friendly name property
|
|
var CERT_FRIENDLY_NAME_PROP_ID=11;
|
|
var XECP_STRING_PROPERTY=1;
|
|
XEnroll.addBlobPropertyToCertificate(CERT_FRIENDLY_NAME_PROP_ID, XECP_STRING_PROPERTY, document.UIForm.tbFriendlyName.value);
|
|
}
|
|
|
|
//
|
|
// Additional Options subheading:
|
|
//
|
|
|
|
// set the hash algorithm
|
|
var nHashIndex=document.UIForm.lbHashAlgorithm.selectedIndex;
|
|
XEnroll.HashAlgID=document.UIForm.lbHashAlgorithm.options[nHashIndex].value;
|
|
|
|
// set any extra attributes
|
|
var sAttrib=document.UIForm.taAttrib.value;
|
|
if (sAttrib.lastIndexOf("\r\n")!=sAttrib.length-2 && sAttrib.length>0) {
|
|
sAttrib=sAttrib+"\r\n";
|
|
}
|
|
|
|
// for interop debug purposes
|
|
sAttrib+="UserAgent:<%=Request.ServerVariables("HTTP_USER_AGENT")%>\r\n";
|
|
|
|
document.SubmittedData.CertAttrib.value=sAttrib;
|
|
|
|
// we are submitting a new request
|
|
document.SubmittedData.Mode.value='newreq';
|
|
|
|
//
|
|
// Create the request
|
|
//
|
|
|
|
var nResult;
|
|
var HRESULT_ERROR_CANCELLED=0x800704c7;
|
|
var SCARD_W_CANCELLED_BY_USER=0x8010006e;
|
|
var PVK_HELPER_PASSWORD_CANCEL=0x80097004;
|
|
|
|
if (document.UIForm.cbSaveRequest.checked) {
|
|
|
|
// build and save the certificate request
|
|
var sSaveReqFile=document.UIForm.tbSaveReqFile.value;
|
|
nResult=CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile); // ask VB to do it, since it can handle errors
|
|
|
|
} else {
|
|
// build the certificate request
|
|
nResult=CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage); // ask VB to do it, since it can handle errors
|
|
}
|
|
if (0 == nResult)
|
|
{
|
|
//always get thumbprint in case of pending
|
|
document.SubmittedData.ThumbPrint.value=XEnroll.ThumbPrint;
|
|
}
|
|
|
|
// hide the message box
|
|
HideTransientMessage();
|
|
|
|
// reset XEnroll so the user can select a different CSP, etc.
|
|
XEnroll.reset();
|
|
// however, make sure it still matches the UI.
|
|
XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text;
|
|
XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value;
|
|
|
|
// deal with an error if there was one
|
|
if (0!=nResult) {
|
|
g_bSubmitPending=false;
|
|
if (0==(SCARD_W_CANCELLED_BY_USER^nResult) ||
|
|
0==(PVK_HELPER_PASSWORD_CANCEL^nResult))
|
|
{
|
|
//cancelled
|
|
nResult=0;
|
|
return;
|
|
}
|
|
|
|
|
|
<%If "Enterprise"=sServerType Then%>
|
|
if (isTemplateKeyArchival() && !document.UIForm.cbMarkKeyExportable.checked)
|
|
{
|
|
//they've tried to create an archivable key
|
|
handleError2(nResult, L_SugCauseCryptArchivableNotSupp_ErrorMessage);
|
|
} else {
|
|
// use the regular error handling
|
|
handleError(nResult);
|
|
}
|
|
<%Else%>
|
|
// just use the regular error handling in the standalone case
|
|
handleError(nResult);
|
|
<%End If%>
|
|
|
|
return;
|
|
}
|
|
|
|
// check for special "no submit" case
|
|
if (document.UIForm.cbSaveRequest.checked) {
|
|
|
|
// just inform the user that it went OK, but don't submit
|
|
alert(L_RequestSaved_Message);
|
|
g_bSubmitPending=false;
|
|
|
|
} else {
|
|
|
|
// put up a new wait message
|
|
ShowTransientMessage(L_Waiting_Message);
|
|
|
|
// Submit the cert request and move forward in the wizard
|
|
document.SubmittedData.submit();
|
|
}
|
|
}
|
|
|
|
|
|
//----------------------------------------------------------------
|
|
function handleError(nResult) {
|
|
handleError2(nResult, 0);
|
|
}
|
|
|
|
//----------------------------------------------------------------
|
|
function handleError2(nResult, sSugCauseIN) {
|
|
var sSugCause=L_SugCauseNone_ErrorMessage;
|
|
var sErrorName=L_ErrNameUnknown_ErrorMessage;
|
|
// analyze the error - funny use of XOR ('^') because obvious choice '==' doesn't work
|
|
if (0==(0x80090008^nResult)) {
|
|
sErrorName="NTE_BAD_ALGID";
|
|
sSugCause=L_SugCauseBadSetting2_ErrorMessage;
|
|
} else if (0==(0x80090016^nResult)) {
|
|
sErrorName="NTE_BAD_KEYSET";
|
|
if (document.UIForm.rbKeyGen[0].checked) {
|
|
sSugCause=L_SugCauseBadCSP_ErrorMessage;
|
|
} else {
|
|
sSugCause=L_SugCauseBadKeyContainer_ErrorMessage;
|
|
}
|
|
} else if (0==(0x80090019^nResult)) {
|
|
sErrorName="NTE_KEYSET_NOT_DEF";
|
|
sSugCause=L_SugCauseBadCSP_ErrorMessage;
|
|
} else if (0==(0x80090020^nResult)) {
|
|
sErrorName="NTE_FAIL";
|
|
sSugCause=L_SugCauseBadCSP_ErrorMessage;
|
|
} else if (0==(0x80090023^nResult)) {
|
|
sErrorName="NTE_TOKEN_KEYSET_STORAGE_FULL";
|
|
sSugCause=L_SugCauseKeysetFull_ErrorMessage;
|
|
} else if (0==(0x80090009^nResult)) {
|
|
sErrorName="NTE_BAD_FLAGS";
|
|
sSugCause=L_SugCauseBadSetting2_ErrorMessage;
|
|
} else if (0==(0x8009000F^nResult)) {
|
|
sErrorName="NTE_EXISTS";
|
|
sSugCause=L_SugCauseExistKeyContainer_ErrorMessage;
|
|
} else if (0==(0x80092002^nResult)) {
|
|
sErrorName="CRYPT_E_BAD_ENCODE";
|
|
//sSugCause="";
|
|
} else if (0==(0x80092022^nResult)) {
|
|
sErrorName="CRYPT_E_INVALID_IA5_STRING";
|
|
sSugCause=L_SugCauseBadChar_ErrorMessage;
|
|
} else if (0==(0x80092023^nResult)) {
|
|
sErrorName="CRYPT_E_INVALID_X500_STRING";
|
|
sSugCause=L_SugCauseBadChar_ErrorMessage;
|
|
} else if (0==(0x80070003^nResult)) {
|
|
sErrorName="ERROR_PATH_NOT_FOUND";
|
|
sSugCause=L_SugCauseBadFileName_ErrorMessage;
|
|
} else if (0==(0x80070103^nResult)) {
|
|
sErrorName="ERROR_NO_MORE_ITEMS";
|
|
sSugCause=L_SugCauseBadHash_ErrorMessage;
|
|
} else if (0==(0x8007007B^nResult)) {
|
|
sErrorName="ERROR_INVALID_NAME";
|
|
sSugCause=L_SugCauseBadFileName_ErrorMessage;
|
|
} else if (0==(0x80070015^nResult)) {
|
|
sErrorName="ERROR_NOT_READY";
|
|
sSugCause=L_SugCauseBadDrive_ErrorMessage;
|
|
} else if (0==(0x8007007F^nResult)) {
|
|
sErrorName="ERROR_PROC_NOT_FOUND";
|
|
sSugCause=L_DownLevelClients_ErrorMessage;
|
|
} else if (0==(0x800704C7^nResult)) {
|
|
sErrorNamge="ERROR_CANCELLED";
|
|
sSugCause=L_SugCauseCancelled_ErrorMessage;
|
|
} else if (0==(0x80100006^nResult)) {
|
|
sErrorName = "SCARD_E_NO_MEMORY";
|
|
sSugCause = L_SCARD_E_NOMEMORYMSG_ErrorMessage;
|
|
} else if (0==(0x80100007^nResult)) {
|
|
sErrorName = "SCARD_F_WAITED_TOO_LONG";
|
|
sSugCause = L_SCARD_F_WAITEDTOOLONG_ErrorMessage;
|
|
} else if (0==(0x80100008^nResult)) {
|
|
sErrorName = "SCARD_E_INSUFFICIENT_BUFFER";
|
|
sSugCause = L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage;
|
|
} else if (0==(0x80100009^nResult)) {
|
|
sErrorName = "SCARD_E_UNKNOWN_READER";
|
|
sSugCause = L_SCARD_E_UNKNOWNREADER_ErrorMessage;
|
|
} else if (0==(0x8010000C^nResult)) {
|
|
sErrorName = "SCARD_E_NO_SMARTCARD";
|
|
sSugCause = L_SCARD_E_NOSMARTCARD_ErrorMessage;
|
|
} else if (0==(0x8010000D^nResult)) {
|
|
sErrorName = "SCARD_E_UNKNOWN_CARD";
|
|
sSugCause = L_SCARD_E_UNKNOWNCARD_ErrorMessage;
|
|
} else if (0==(0x80100010^nResult)) {
|
|
sErrorName = "SCARD_E_NOT_READY";
|
|
sSugCause = L_SCARD_E_NOTREADY_ErrorMessage;
|
|
} else if (0==(0x80100013^nResult)) {
|
|
sErrorName = "SCARD_F_COMM_ERROR";
|
|
sSugCause = L_SCARD_F_COMMERROR_ErrorMessage;
|
|
} else if (0==(0x8010001D^nResult)) {
|
|
sErrorName = "SCARD_E_NO_SERVICE";
|
|
sSugCause = L_SCARD_E_NOSERVICE_ErrorMessage;
|
|
} else if (0==(0x8010001E^nResult)) {
|
|
sErrorName = "SCARD_E_SERVICE_STOPPED";
|
|
sSugCause = L_SCARD_E_SERVICESTOPPED_ErrorMessage;
|
|
} else if (0==(0x8010002E^nResult)) {
|
|
sErrorName = "SCARD_E_NO_READERS_AVAILABLE";
|
|
sSugCause = L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage;
|
|
} else if (0==(0x8010002F^nResult)) {
|
|
sErrorName = "SCARD_E_COMM_DATA_LOST";
|
|
sSugCause = L_SCARD_E_COMMDATALOST_ErrorMessage;
|
|
} else if (0==(0x80100030^nResult)) {
|
|
sErrorName = "SCARD_E_NO_KEY_CONTAINER";
|
|
sSugCause = L_SCARD_E_NOKEYCONTAINER_ErrorMessage;
|
|
} else if (0==(0x80100067^nResult)) {
|
|
sErrorName = "SCARD_W_UNPOWERED_CARD";
|
|
sSugCause = L_SCARD_W_UNPOWEREDCARD_ErrorMessage;
|
|
} else if (0==(0x80100069^nResult)) {
|
|
sErrorName = "SCARD_W_REMOVED_CARD";
|
|
sSugCause = L_SCARD_W_REMOVEDCARD_ErrorMessage;
|
|
} else if (0==(0x8010006B^nResult)) {
|
|
sErrorName = "SCARD_W_WRONG_CHV";
|
|
sSugCause = L_SCARD_W_WRONGCHV_ErrorMessage;
|
|
} else if (0==(0x8010006C^nResult)) {
|
|
sErrorName = "SCARD_W_CHV_BLOCKED";
|
|
sSugCause = L_SCARD_W_CHVBLOCKED_ErrorMessage;
|
|
} else if (0==(0x8010006D^nResult)) {
|
|
sErrorName = "SCARD_W_EOF";
|
|
sSugCause = L_SCARD_W_EOF_ErrorMessage;
|
|
} else if (0==(0x8010006E^nResult)) {
|
|
sErrorName = "SCARD_W_CANCELLED_BY_USER";
|
|
sSugCause = L_SCARD_W_CANCELLEDBYUSER_ErrorMessage;
|
|
} else if (0==(0x8010006F^nResult)) {
|
|
sErrorName = "SCARD_W_CARD_NOT_AUTHENTICATED";
|
|
sSugCause = L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage;
|
|
} else if (0==(0x80090024^nResult)) {
|
|
sErrorName = "NTE_TEMPORARY_PROFILE";
|
|
sSugCause = L_SugCauseNoProfile_ErrorMessage;
|
|
} else if (0==(0xFFFFFFFF^nResult)) {
|
|
sErrorName=L_ErrNameNoFileName_ErrorMessage;
|
|
sSugCause=L_SugCauseNoFileName_ErrorMessage;
|
|
} else if (0==(0x800B010A^nResult)) {
|
|
sErrorName = "CERT_E_CHAINING";
|
|
sSugCause=L_SugCauseCAExSignerNotFound_ErrorMessage;
|
|
} else if (0==(0x800B0109^nResult)) {
|
|
sErrorName = "CERT_E_UNTRUSTEDROOT";
|
|
sSugCause=L_SugCauseCAExNotTrusted_ErrorMessage;
|
|
} else if (0==(0x8000FFFF^nResult)) {
|
|
sErrorName="E_UNEXPECTED";
|
|
} else if (0==(0x00000046^nResult)) {
|
|
sErrorName=L_ErrNamePermissionDenied_ErrorMessage;
|
|
if (document.UIForm.cbSaveRequest.checked) {
|
|
sSugCause=L_SugCausePermissionToWrite_ErrorMessage;
|
|
}
|
|
else {
|
|
sSugCause=L_SugCausePermissionToWrite_ErrorMessage;
|
|
}
|
|
}
|
|
|
|
// modify the document text and appearance to show the error message
|
|
spnErrorNum.innerText="0x"+toHex(nResult)+" - "+sErrorName;
|
|
if (0 == sSugCauseIN) {
|
|
spnErrorMsg.innerText=sSugCause;
|
|
} else {
|
|
spnErrorMsg.innerText=sSugCauseIN;
|
|
}
|
|
spnFixTxt.style.display='none';
|
|
spnErrorTxt.style.display='';
|
|
|
|
// back to the top so the messages show
|
|
window.scrollTo(0,0);
|
|
}
|
|
|
|
|
|
</Script>
|
|
<Script Language="VBScript">
|
|
' The current CA exchange certificate
|
|
Public sCAExchangeCert
|
|
sCAExchange=""
|
|
<%=sCAExchangeCert%>
|
|
|
|
'-----------------------------------------------------------------
|
|
' call XEnroll to create a request, since javascript has no error handling
|
|
Function CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage)
|
|
On Error Resume Next
|
|
XEnroll.ReuseHardwareKeyIfUnableToGenNew=False
|
|
document.SubmittedData.CertRequest.value= _
|
|
XEnroll.CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage)
|
|
CreateRequest=Err.Number
|
|
End Function
|
|
|
|
'-----------------------------------------------------------------
|
|
' call XEnroll to create and save a request, since javascript has no error handling
|
|
Function CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile)
|
|
On Error Resume Next
|
|
XEnroll.ReuseHardwareKeyIfUnableToGenNew=False
|
|
XEnroll.createFileRequest dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile
|
|
CreateAndSaveRequest=Err.Number
|
|
End Function
|
|
|
|
'----------------------------------------------------------------
|
|
' handle a change in the current CSP, since javascript has no error handling
|
|
Sub UpdateHashAlgList(nProvType)
|
|
On Error Resume Next
|
|
Dim nIndex, nAlgID, oElem, bList, lCSPType
|
|
Const CALG_SSL3_SHAMD5=32776
|
|
Const CALG_MAC=32773
|
|
Const CALG_HMAC=32777
|
|
Const CALG_MD5=32771
|
|
|
|
'really strange, I can't use nProvType in following If compare
|
|
'so I have to fetch from xenroll which is the same as nProvType:(
|
|
lCSPType=XEnroll.ProviderType
|
|
|
|
' clear the list
|
|
While document.UIForm.lbHashAlgorithm.length>0
|
|
document.UIForm.lbHashAlgorithm.options.remove(0)
|
|
Wend
|
|
|
|
' retrieve the list from XEnroll
|
|
nIndex=0
|
|
Do
|
|
' get the next AlgID
|
|
nAlgID=XEnroll.EnumAlgs(nIndex, ALG_CLASS_HASH)
|
|
If 0<>Err.Number Then
|
|
' no more algs
|
|
Err.Clear
|
|
Exit Do
|
|
End If
|
|
|
|
bList = True
|
|
|
|
'GetAlgName is not cheap, try to reduce the call, check ID to filter out some unwanted hash
|
|
|
|
'can't use the following hash
|
|
If CALG_SSL3_SHAMD5=nAlgID Or CALG_MAC=nAlgID Or CALG_HMAC=nAlgID Then
|
|
bList = False
|
|
End If
|
|
|
|
'DSS or DH won't work with MD5
|
|
If CALG_MD5=nAlgID And PROV_DSS=lCSPType Or CALG_MD5=nAlgID And PROV_DSS_DH=lCSPType or CALG_MD5=nAlgID And PROV_DH_SCHANNEL=lCSPType Then
|
|
bList = False
|
|
End If
|
|
|
|
If True=bList Then
|
|
' get the corresponding name and create an option in the list box
|
|
sName=XEnroll.GetAlgName(nAlgID)
|
|
Set oElem=document.createElement("Option")
|
|
oElem.text=sName
|
|
oElem.value=nAlgID
|
|
document.UIForm.lbHashAlgorithm.options.add(oElem)
|
|
End If
|
|
nIndex=nIndex+1
|
|
|
|
Loop ' <- End alg enumeration loop
|
|
|
|
' make sure the first one is selectd
|
|
document.UIForm.lbHashAlgorithm.selectedIndex=0
|
|
|
|
End Sub
|
|
|
|
'----------------------------------------------------------------
|
|
' call XEnroll to get the key length, since javascript has no error handling
|
|
Function MyGetKeyLen(nSizeSpec, bExchange)
|
|
On Error Resume Next
|
|
Dim nKeySpec
|
|
If True=bExchange Then
|
|
nKeySpec=XEKL_KEYSPEC_KEYX
|
|
Else
|
|
nKeySpec=XEKL_KEYSPEC_SIG
|
|
End If
|
|
MyGetKeyLen=XEnroll.GetKeyLenEx(nSizeSpec, nKeySpec)
|
|
If 0<>Err.Number Then
|
|
If XEKL_KEYSIZE_MIN=nSizeSpec Then
|
|
MyGetKeyLen=KEY_LEN_MIN_DEFAULT
|
|
ElseIf XEKL_KEYSIZE_MAX=nSizeSpec Then
|
|
MyGetKeyLen=KEY_LEN_MAX_DEFAULT
|
|
ElseIf XEKL_KEYSIZE_DEFAULT=nSizeSpec Then
|
|
MyGetKeyLen=KEY_LEN_MY_DEFAULT 'try 1024
|
|
Else 'assume XEKL_KEYSIZE_INC=nSizeSpec
|
|
MyGetKeyLen=KEY_LEN_INC_DEFAULT
|
|
End If
|
|
End If
|
|
If XEKL_KEYSIZE_INC=nSizeSpec And 0=MyGetKeyLen Then
|
|
MyGetKeyLen=KEY_LEN_INC_DEFAULT
|
|
End If
|
|
End Function
|
|
|
|
'----------------------------------------------------
|
|
' set a certificate for key archive
|
|
Function SetPrivateKeyArchiveCertificate()
|
|
On Error Resume Next
|
|
|
|
XEnroll.PrivateKeyArchiveCertificate=sCAExchange
|
|
SetPrivateKeyArchiveCertificate = Err.Number
|
|
End Function
|
|
|
|
'----------------------------------------------------
|
|
' set request template extension
|
|
Function vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor)
|
|
On Error Resume Next
|
|
|
|
XEnroll.addCertTypeToRequestEx lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor
|
|
If 0 <> Err.Number Then
|
|
'possible on downlevel not supporting v2 encoding, change to v1
|
|
XEnroll.addCertTypeToRequestEx XECT_EXTENSION_V1, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor
|
|
End If
|
|
vbAddCertTypeToRequestEx=Err.Number
|
|
End Function
|
|
|
|
</Script>
|
|
|
|
<%End If 'bFailed%>
|
|
|
|
</Body>
|
|
</HTML>
|