diff options
| author | Michael Tänzer <neo@nhng.de> | 2012-07-23 18:36:20 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2012-07-23 18:36:20 +0200 |
| commit | 5b714005859356138690754ae8866c0ede8414d8 (patch) | |
| tree | e7a421dffd0fd9e6584c135d689052529d0daefd | |
| parent | e0f7339704f2e6045774301b0359be3502f4b486 (diff) | |
| download | cacert-devel-5b714005859356138690754ae8866c0ede8414d8.tar.gz cacert-devel-5b714005859356138690754ae8866c0ede8414d8.tar.xz cacert-devel-5b714005859356138690754ae8866c0ede8414d8.zip | |
bug 964: Completely reimplement the IE key generation
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | includes/keygen.php | 291 | ||||
| -rw-r--r-- | locale/Makefile | 3 | ||||
| -rw-r--r-- | www/keygenIE.js | 603 |
3 files changed, 701 insertions, 196 deletions
diff --git a/includes/keygen.php b/includes/keygen.php index fcbc48c..414b087 100644 --- a/includes/keygen.php +++ b/includes/keygen.php @@ -16,202 +16,103 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && - strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> - <object - classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" - codebase="/xenroll.cab#Version=5,131,3659,0" - id="cec" - > - <?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?> - <?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> - </object> - - <form method="post" action="account.php" name="CertReqForm"> - <p><input type="hidden" name="session" value="UsedXenroll"> - <?=_("Key Strength:")?> <select name="CspProvider"></select></p> - - <p>Select Keysize: <select name="keySize" id="keySize"> - <option value="2048" selected="selected">2048</option> - <option value="3072">3072</option> - <option value="4096">4096</option> - </select></p> - - <input type="hidden" name="oldid" value="<?=$id?>"> - <INPUT TYPE=HIDDEN NAME="CSR"> - <input type="hidden" name="keytype" value="MS"> - <p><input type="submit" name="GenReq" value="Create Certificate"></p> - </form> - - <script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next - - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - // Vista: - Set csps = CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) Then - csps.AddAvailableCsps() - Document.CertReqForm.keytype.value="VI" - For j = 0 to csps.Count-1 - Set oOption = document.createElement("OPTION") - oOption.text = csps.ItemByIndex(j).Name - oOption.value = j - Document.CertReqForm.CspProvider.add(oOption) - Next - - Else - - // 2000,XP: - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if - End If -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - - - // Vista - if Document.CertReqForm.keytype.value="VI" Then - Dim g_objClassFactory - Dim obj - Dim objPrivateKey - Dim g_objRequest - Dim g_objRequestCMC - - Set g_objClassFactory = CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - Set obj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - Set objPrivateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - Set objRequest = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - //Msgbox exit function - objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text - // "Microsoft Enhanced RSA and AES Cryptographic Provider" - objPrivateKey.ProviderType = "24" - objPrivateKey.KeySpec = "1" - objPrivateKey.ExportPolicy = 1 - select case Document.CertReqForm.keySize - case "3072" - objPrivateKey.Length = &h0C000000 - case "4096" - objPrivateKey.Length = &h10000000 - case else - objPrivateKey.Length = &h08000000 - end select - objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - objDN.Encode("CN=CAcertRequest") - objRequest.Subject = objDN - - // obj.Initialize(1) - obj.InitializeFromRequest(objRequest) - obj.CertificateDescription = "Description" - obj.CertificateFriendlyName = "FriendlyName" - CSR = obj.CreateRequest(1) - If len(CSR)<>0 Then Exit Function - Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" - - else - // XP - Dim lngAltKeyFlag - - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - - select case Document.CertReqForm.keySize - case "3072" - cec.GenKeyFlags = &h0C000001 - lngAltKeyFLag = &h0C000000 - case "4096" - cec.GenKeyFlags = &h10000001 - lngAltKeyFLag = &h10000000 - case else - cec.GenKeyFlags = &h08000001 - lngAltKeyFLag = &h08000000 - end select - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = lngAltKeyFLag - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The high encryption key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - End if -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub +if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && + strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> + + <noscript> + <p><?=_('You have to enable JavaScript to generate certificates in '. + 'the browser.')?></p> + <p><?=_('If you don\'t want to do that for any reason, you can use '. + 'manually created certificate requests instead.')?></p> + </noscript> + + <div id="noActiveX" style="color:red"> + <p><?=_('Could not initialize ActiveX object required for certificate '. + 'generation.')?></p> + <p><?=_('You have to enable ActiveX for this to work. On Windows '. + 'Vista, Windows 7 and later versions you have to add this '. + 'website to the list of trusted sites in the internet '. + 'settings.')?></p> + <p><?php + printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '. + 'Websites", click on "Custom Level", set "ActiveX control '. + 'elements that are not marked as safe initialized on start in '. + 'scripts" to "Confirm" and click "OK". Now click "Sites", add '. + '"%s" and "%s" to your list of trusted sites and make the '. + 'changes come into effect by clicking "Close" and "OK".'), + 'https://'.$_SESSION['_config']['normalhostname'], + 'https://'.$_SESSION['_config']['securehostname'])?> + </p> + </div> + + <form method="post" style="display:none" action="account.php" + id="CertReqForm"> + <input type="hidden" name="oldid" value="<?=$id?>" /> + <input type="hidden" id="CSR" name="CSR" /> + <input type="hidden" name="keytype" value="MS" /> -GetProviderList() ---> - </script> + <p><?=_('Security level')?>: + <select id="SecurityLevel"> + <option value="high" selected="selected"><?=_('High')?></option> + <option value="medium"><?=_('Medium')?></option> + <option value="custom"><?=_('Custom')?>…</option> + </select> + </p> + + <fieldset id="customSettings" style="display:none"> + <legend><?=_('Custom Parameters')?></legend> + + <p><?=_('Cryptography Provider')?>: + <select id="CspProvider"></select> + </p> + <p><?=_('Algorithm')?>: <select id="algorithm"></select></p> + <p><?=_('Keysize')?>: + <input id="keySize" type="number" /> + <?=_('Minimum Size')?>: <span id="keySizeMin"></span>, + <?=_('Maximum Size')?>: <span id="keySizeMax"></span>, + <?php + // TRANSLATORS: this specifies the step between two valid key + // sizes. E.g. if the step is 512 and the minimum is 1024 and + // the maximum is 2048, then only 1024, 1536 and 2048 bits may + // be specified as key size. + _('Step')?>: <span id="keySizeStep"></span></p> + <p style="color:red"><?php + printf(_('Please note that RSA key sizes smaller than %d bit '. + 'will not be accepted by CAcert.'), + 1024)?> + </p> + </fieldset> + + <p><input type="submit" id="GenReq" name="GenReq" + value="<?=_('Create Certificate')?>" /></p> + <p id="generatingKeyNotice" style="display:none"> + <?=_('Generating your key. Please wait')?>…</p> + </form> + + + <!-- Error messages used in the JavaScript. Defined here so they can be + translated without passing the JavaScript code through PHP --> + <p id="createRequestErrorChooseAlgorithm" style="display:none"> + <?=_('Could not generate certificate request. Probably you need to '. + 'choose a different algorithm.')?> + </p> + <p id="createRequestError" style="display:none"> + <?=_('Could not generate certificate request.')?> + </p> + <p id="invalidKeySizeError" style="display:none"> + <?=_('You have specified an invalid key size')?> + </p> + <p id="unsupportedPlatformError" style="display:none"> + <?=_('Could not initialize the cryptographic module for your '. + 'platform. Currently we support Microsoft Windows XP, Vista '. + 'and 7. If you\'re using one of these platforms and see this '. + 'error message anyway you might have to enable ActiveX as '. + 'described in the red explanation text and accept loading of '. + 'the module.')?> + </p> + + <script type="text/javascript" src="keygenIE.js"></script> + <? } else { ?> <p> <form method="post" action="account.php"> diff --git a/locale/Makefile b/locale/Makefile index 1517066..4215a4f 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -176,7 +176,8 @@ upload.clean: template.clean messages.pot: $(GETTEXT_FILES) xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \ --package-name "CAcert" --package-version "$(VERSION)" \ - --msgid-bugs-address "translations-admin@cacert.org" $^ | \ + --msgid-bugs-address "translations-admin@cacert.org" \ + --add-comments=TRANSLATORS $^ | \ # replace place holders in the lines before the first msgid\ sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \ > $@ diff --git a/www/keygenIE.js b/www/keygenIE.js new file mode 100644 index 0000000..fa4bce6 --- /dev/null +++ b/www/keygenIE.js @@ -0,0 +1,603 @@ +var CAcert_keygen_IE = function () { + + /// Makes a new DOM text node + var textnode = function (text) { + return document.createTextNode(text); + } + + + /// makes a new <p> element + var paragraph = function (text) { + var paragraph = document.createElement("p"); + paragraph.appendChild(textnode(text)); + return paragraph; + } + + + /// makes a new <pre> elemtent + var pre = function (text) { + var pre = document.createElement("pre"); + pre.appendChild(textnode(text)); + return pre; + } + + + /// makes a new <option> element + var option = function (text, value) { + var option = document.createElement("option"); + if (value !== undefined) { + option.setAttribute("value", value); + } + option.appendChild(textnode(text)); + return option; + } + + + /// Removes all child nodes from the element + var removeChildren = function (element) { + element.innerHTML = ""; + } + + + // Get important elements from the DOM + var form = document.getElementById("CertReqForm"); + var securityLevel = document.getElementById("SecurityLevel"); + var customSettings = document.getElementById("customSettings"); + var provider = document.getElementById("CspProvider"); + var algorithm = document.getElementById("algorithm"); + var algorithmParagraph = document.getElementById("algorithmParagraph"); + var keySize = document.getElementById("keySize"); + var keySizeMin = document.getElementById("keySizeMin"); + var keySizeMax = document.getElementById("keySizeMax"); + var keySizeStep = document.getElementById("keySizeStep"); + var genReq = document.getElementById("GenReq"); + var csr = document.getElementById("CSR"); + var noActiveX = document.getElementById("noActiveX"); + var generatingKeyNotice = document.getElementById("generatingKeyNotice"); + var createRequestErrorChooseAlgorithm = document.getElementById("createRequestErrorChooseAlgorithm"); + var createRequestError = document.getElementById("createRequestError"); + var invalidKeySizeError = document.getElementById("invalidKeySizeError"); + var unsupportedPlatformError = document.getElementById("unsupportedPlatformError"); + + + /// Initialise the CertEnroll code (Vista and higher) + /// returns false if initialisation fails + var initCertEnroll = function () { + var factory = null; + var providerList = null; + var cspStats = null; + + // Try to initialise the ActiveX element. Requires permissions by the user + try { + factory = new ActiveXObject( + "X509Enrollment.CX509EnrollmentWebClassFactory"); + if (!factory) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + // also try to create a useless object here so the library gets + // initialised and we don't need to check everytime later + factory.CreateObject("X509Enrollment.CObjectId"); + + form.style.display = ""; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + + /// Get the selected provider + var getProvider = function () { + var providerIndex = provider.options[provider.selectedIndex].value; + return providerList.ItemByIndex(providerIndex); + } + + + /// Get the selected algorithm + var getAlgorithm = function () { + var algorithmIndex = algorithm.options[algorithm.selectedIndex].value; + return alg = cspStats.ItemByIndex(algorithmIndex).CspAlgorithm; + } + + + /// Get the selected key size + var getKeySize = function () { + var alg = getAlgorithm(); + + var bits = parseInt(keySize.value, 10); + if ( bits < alg.MinLength || bits > alg.MaxLength || + (alg.IncrementLength && + (bits - alg.MinLength) % alg.IncrementLength !== 0) + ) + { + return false; + } + + return bits; + } + + + /// Fill the key size list + var getKeySizeList = function () { + if (!cspStats) { + return false; + } + + var alg = getAlgorithm(); + + // HTML5 attributes + keySize.setAttribute("min", alg.MinLength); + keySize.setAttribute("max", alg.MaxLength); + keySize.setAttribute("step", alg.IncrementLength); + keySize.setAttribute("value", alg.DefaultLength); + keySize.value = ""+alg.DefaultLength; + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = alg.MinLength; + keySizeMax.innerHTML = alg.MaxLength; + keySizeStep.innerHTML = alg.IncrementLength; + + return true; + } + + + /// Fill the algorithm list + var getAlgorithmList = function () { + var i; + + if (!providerList) { + return false; + } + + var csp = getProvider(); + + cspStats = providerList.GetCspStatusesFromOperations( + 0x1c, //XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION + //0x10, //XCN_NCRYPT_SIGNATURE_OPERATION + //0x8, //XCN_NCRYPT_SECRET_AGREEMENT_OPERATION + //0x4, //XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION + csp + ); + + removeChildren(algorithm); + for (i = 0; i < cspStats.Count; i++) { + var alg = cspStats.ItemByIndex(i).CspAlgorithm; + algorithm.appendChild(option(alg.Name, i)); + } + + return getKeySizeList(); + } + + + /// Fill the crypto provider list + var getProviderList = function () { + var i; + + var csps = factory.CreateObject("X509Enrollment.CCspInformations"); + + // Get provider information + csps.AddAvailableCsps(); + + removeChildren(provider); + + for (i = 0; i < csps.Count; i++) { + var csp = csps.ItemByIndex(i); + provider.appendChild(option(csp.Name, i)); + } + + providerList = csps; + + return getAlgorithmList(); + } + + + /// Generate a key and create and submit the actual CSR + var createCSR = function () { + var providerName, algorithmOid, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + providerName = getProvider().Name; + var alg = getAlgorithm(); + algorithmOid = alg.GetAlgorithmOid(0, 0) + bits = getKeySize(); + if (!bits) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + + } else { + + providerName = "Microsoft Software Key Storage Provider"; + + algorithmOid = factory.CreateObject("X509Enrollment.CObjectId"); + algorithmOid.InitializeFromValue("1.2.840.113549.1.1.1"); // RSA + //"1.2.840.10040.4.1" == DSA + //"1.2.840.10046.2.1" == DH + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + + var privateKey = factory.CreateObject("X509Enrollment.CX509PrivateKey"); + privateKey.ProviderName = providerName; + privateKey.Algorithm = algorithmOid; + privateKey.Length = bits; + privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES + + var request = factory.CreateObject( + "X509Enrollment.CX509CertificateRequestPkcs10"); + request.InitializeFromPrivateKey( + 1, // ContextUser + privateKey, + "" // don't use a template + ); + + var enroll = factory.CreateObject("X509Enrollment.CX509Enrollment"); + enroll.InitializeFromRequest(request); + + generatingKeyNotice.style.display = ""; + + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = enroll.CreateRequest(0x1); //XCN_CRYPT_STRING_BASE64 + form.submit(); + } catch (e) { + window.alert(createRequestErrorChooseAlgorithm.innerHTML + "\n\nError: " + e.message); + } + + generatingKeyNotice.style.display = "none"; + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + algorithm.onchange = getKeySizeList; + genReq.onclick = createCSR; + + return true; + } // end of initCertEnroll() + + + /// Initialise Xenroll code (XP and lower) + /// returns false if initialisation fails + var initXEnroll = function () { + cenroll = null; + + providerTypes = Array( + 1, //PROV_RSA_FULL + 2, //PROV_RSA_SIG + 3, //PROV_DSS + 4, //PROV_FORTEZZA + 5, //PROV_MS_EXCHANGE + 6, //PROV_SSL + 12, //PROV_RSA_SCHANNEL + 13, //PROV_DSS_DH + 14, //PROV_EC_ECDSA_SIG + 15, //PROV_EC_ECNRA_SIG + 16, //PROV_EC_ECDSA_FULL + 17, //PROV_EC_ECNRA_FULL + 18, //PROV_DH_SCHANNEL + 20, //PROV_SPYRUS_LYNKS + 21, //PROV_RNG + 22, //PROV_INTEL_SEC + 23, //PROV_REPLACE_OWF + 24 //PROV_RSA_AES + ); + + algClasses = Array( + 1 << 13, //ALG_CLASS_SIGNATURE + //2 << 13, //ALG_CLASS_MSG_ENCRYPT + //3 << 13, //ALG_CLASS_DATA_ENCRYPT + //4 << 13, //ALG_CLASS_HASH + 5 << 13 //ALG_CLASS_KEY_EXCHANGE + ); + + // Try to initialise the ActiveX element. + try { + cenroll = new ActiveXObject("CEnroll.CEnroll"); + + if (!cenroll) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + form.style.display = ""; + //algorithmParagraph.style.display = "none"; + algorithm.disabled = true; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + + /// Get the name of the selected provider + var getProviderName = function () { + return provider.options[provider.selectedIndex].text; + } + + + /// Get the type of the selected provider + var getProviderType = function () { + return parseInt(provider.options[provider.selectedIndex].value, 10); + } + + + var refreshProvider = function () { + cenroll.ProviderName = getProviderName(); + cenroll.ProviderType = getProviderType(); + } + + + /// Get the ID of the selected algorithm + var getAlgorithmId = function () { + return parseInt( + algorithm.options[algorithm.selectedIndex].value, 10); + } + + + /// Minimum bit length for exchange keys + var getMinExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, true); + } catch (e) { + return false; + } + } + + + /// Maximum bit length for exchange keys + var getMaxExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, true); + } catch (e) { + return false; + } + } + + + /// Step size for exchange keys + /// This might not be available on older platforms + var getStepExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 1); + } catch (e) { + return false; + } + } + + + /// Minimum bit length for signature keys + var getMinSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, false); + } catch (e) { + return false; + } + } + + + /// Maximum bit length for signature keys + var getMaxSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, false); + } catch (e) { + return false; + } + } + + + /// Step size for signature keys + /// This might not be available on older platforms + var getStepSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 2); + } catch (e) { + return false; + } + } + + + /// Get the selected key size + var getKeySize = function () { + var bits = parseInt(keySize.value, 10); + //TODO: check if the bits are sane + return bits; + } + + + var getKeySizeLimits = function () { + // HTML5 attributes + keySize.setAttribute("min", getMinSigKeyLength()); + keySize.setAttribute("max", getMaxSigKeyLength()); + if (getStepSigKeyLength()) { + keySize.setAttribute("step", getStepSigKeyLength()); + } + //keySize.setAttribute("value", alg.DefaultLength); + //keySize.value = ""+alg.DefaultLength; + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = getMinSigKeyLength(); + keySizeMax.innerHTML = getMaxSigKeyLength(); + keySizeStep.innerHTML = getStepSigKeyLength(); + + return true; + } + + + /// Fill the algorithm selection box + var getAlgorithmList = function () { + var i, j; + + refreshProvider(); + + removeChildren(algorithm); + + for (i = 0; i < algClasses.length; ++i) { + for (j = 0; true; ++j) { + try { + var algId = cenroll.EnumAlgs(j, algClasses[i]); + var algName = cenroll.GetAlgName(algId); + algorithm.appendChild(option(algName, algId)); + } catch (e) { + break; + } + } + } + + getKeySizeLimits(); + } + + + /// Fill the provider selection box + var getProviderList = function () { + var i, j; + + removeChildren(provider); + + for (i = 0; i < providerTypes.length; ++i) { + cenroll.providerType = providerTypes[i]; + + var providerName = "invalid"; + for (j = 0; true; ++j) { + try { + providerName = cenroll.enumProviders(j, 0); + provider.appendChild( + option(providerName, providerTypes[i])); + } catch (e) { + break; + } + } + } + + return getAlgorithmList(); + //return getKeySizeLimits(); + } + + + var createCSR = function () { + var providerName, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + + refreshProvider(); + + bits = getKeySize(); + if (bits === false) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + + } else { + + cenroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; + cenroll.ProviderType = 1; //PROV_RSA_FULL + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits + //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE + + generatingKeyNotice.style.display = ""; + + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = cenroll.createPKCS10("", "1.3.6.1.5.5.7.3.2"); + form.submit(); + } catch (e) { + window.alert(createRequestError.innerHTML + "\n\nError: " + e.message + " (" + e.number + ")"); + } + + generatingKeyNotice.style.display = "none"; + cenroll.Reset(); + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + //provider.onchange = getKeySizeLimits; + algorithm.onchange = getKeySizeLimits; + genReq.onclick = createCSR; + + return true; + }; + + + // Run the init functions until one is successful + if (initCertEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else if (initXEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else { + window.alert(unsupportedPlatformError.innerHTML); + } +} (); |