diff options
| author | Michael Tänzer <neo@nhng.de> | 2013-03-05 23:08:48 +0100 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2013-03-05 23:08:48 +0100 |
| commit | 90dcf899dae9bff3dc9d7e7953e2841dadea178f (patch) | |
| tree | 169a0c8425b41c4a7ac4834c3dd24ccbaddc838c | |
| parent | f7484beb1ecc6d7d8cf8d31eee792bd4ba540aec (diff) | |
| download | cacert-devel-90dcf899dae9bff3dc9d7e7953e2841dadea178f.tar.gz cacert-devel-90dcf899dae9bff3dc9d7e7953e2841dadea178f.tar.xz cacert-devel-90dcf899dae9bff3dc9d7e7953e2841dadea178f.zip | |
Source code taken from cacert-20130227.tar.bz2
| -rw-r--r-- | includes/account.php | 1 | ||||
| -rw-r--r-- | includes/keygen.php | 128 | ||||
| -rw-r--r-- | locale/Makefile | 3 | ||||
| -rw-r--r-- | pages/account/12.php | 8 | ||||
| -rw-r--r-- | pages/account/17.php | 122 | ||||
| -rw-r--r-- | pages/account/4.php | 175 | ||||
| -rw-r--r-- | pages/index/4.php | 8 | ||||
| -rw-r--r-- | www/keygenIE.js | 609 |
8 files changed, 753 insertions, 301 deletions
diff --git a/includes/account.php b/includes/account.php index 8125602..496c7ca 100644 --- a/includes/account.php +++ b/includes/account.php @@ -422,6 +422,7 @@ `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `subject`='".mysql_real_escape_string($csrsubject)."', `codesign`='".$_SESSION['_config']['codesign']."', + `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `rootcert`='".$_SESSION['_config']['rootcert']."'"; mysql_query($query); $emailid = mysql_insert_id(); diff --git a/includes/keygen.php b/includes/keygen.php new file mode 100644 index 0000000..09ec7f9 --- /dev/null +++ b/includes/keygen.php @@ -0,0 +1,128 @@ +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> + + <noscript> + <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p> + <p><?=_('If you don\'t want to do that for any reason, you can use '. + 'manually created certificate requests instead.')?></p> + </noscript> + + <div id="noActiveX" style="color:red"> + <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p> + <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '. + 'later versions you have to add this website to the list of trusted sites '. + 'in the internet settings.')?></p> + <p><?php + printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '. + 'Websites", click on "Custom Level", set "ActiveX control '. + 'elements that are not marked as safe initialized on start in '. + 'scripts" to "Confirm" and click "OK". Now click "Sites", add '. + '"%s" and "%s" to your list of trusted sites and make the '. + 'changes come into effect by clicking "Close" and "OK".'), + 'https://'.$_SESSION['_config']['normalhostname'], + 'https://'.$_SESSION['_config']['securehostname'])?> + </p> + </div> + + <form method="post" style="display:none" action="account.php" + id="CertReqForm"> + <input type="hidden" name="oldid" value="<?=intval($id)?>" /> + <input type="hidden" id="CSR" name="CSR" /> + <input type="hidden" name="keytype" value="MS" /> + + <p><?=_('Security level')?>: + <select id="SecurityLevel"> + <option value="high" selected="selected"><?=_('High')?></option> + <option value="medium"><?=_('Medium')?></option> + <option value="custom"><?=_('Custom')?>…</option> + </select> + </p> + + <fieldset id="customSettings" style="display:none"> + <legend><?=_('Custom Parameters')?></legend> + + <p><?=_('Cryptography Provider')?>: + <select id="CspProvider"></select> + </p> + <p><?=_('Algorithm')?>: <select id="algorithm"></select></p> + <p><?=_('Keysize')?>: + <input id="keySize" type="number" /> + <?=_('Minimum Size')?>: <span id="keySizeMin"></span>, + <?=_('Maximum Size')?>: <span id="keySizeMax"></span>, + <?php + // TRANSLATORS: this specifies the step between two valid key + // sizes. E.g. if the step is 512 and the minimum is 1024 and + // the maximum is 2048, then only 1024, 1536 and 2048 bits may + // be specified as key size. + echo _('Step')?>: <span id="keySizeStep"></span></p> + <p style="color:red"><?php + printf(_('Please note that RSA key sizes smaller than %d bit '. + 'will not be accepted by CAcert.'), + 1024)?> + </p> + </fieldset> + + <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p> + <p id="generatingKeyNotice" style="display:none"> + <?=_('Generating your key. Please wait')?>…</p> + </form> + + <!-- Error messages used in the JavaScript. Defined here so they can be + translated without passing the JavaScript code through PHP --> + <p id="createRequestErrorChooseAlgorithm" style="display:none"> + <?=_('Could not generate certificate request. Probably you need to '. + 'choose a different algorithm.')?> + </p> + <p id="createRequestErrorConfirmDialogue" style="display:none"> + <?=_('Could not generate certificate request. Please confirm the '. + 'dialogue if you are asked if you want to generate the key.')?> + </p> + <p id="createRequestErrorConnectDevice" style="display:none"> + <?=_('Could not generate certificate request. Please make sure the '. + 'cryptography device (e.g. the smartcard) is connected.')?> + </p> + <p id="createRequestError" style="display:none"> + <?=_('Could not generate certificate request.')?> + </p> + <p id="invalidKeySizeError" style="display:none"> + <?=_('You have specified an invalid key size')?> + </p> + <p id="unsupportedPlatformError" style="display:none"> + <?=_('Could not initialize the cryptographic module for your '. + 'platform. Currently we support Microsoft Windows XP, Vista '. + 'and 7. If you\'re using one of these platforms and see this '. + 'error message anyway you might have to enable ActiveX as '. + 'described in the red explanation text and accept loading of '. + 'the module.')?> + </p> + + <script type="text/javascript" src="keygenIE.js"></script> + +<? } else { ?> + <p> + <form method="post" action="account.php"> + <input type="hidden" name="keytype" value="NS"> + <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> + + <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> + <input type="hidden" name="oldid" value="<?=intval($id)?>"> + </form> + </p> +<? } diff --git a/locale/Makefile b/locale/Makefile index 1517066..4215a4f 100644 --- a/locale/Makefile +++ b/locale/Makefile @@ -176,7 +176,8 @@ upload.clean: template.clean messages.pot: $(GETTEXT_FILES) xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \ --package-name "CAcert" --package-version "$(VERSION)" \ - --msgid-bugs-address "translations-admin@cacert.org" $^ | \ + --msgid-bugs-address "translations-admin@cacert.org" \ + --add-comments=TRANSLATORS $^ | \ # replace place holders in the lines before the first msgid\ sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \ > $@ diff --git a/pages/account/12.php b/pages/account/12.php index 44926ca..fa8b41a 100644 --- a/pages/account/12.php +++ b/pages/account/12.php @@ -36,7 +36,7 @@ `domaincerts`.`expire` as `expires`, `revoked` as `revoke`, UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id` from `domaincerts`,`domains` - where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` "; + where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` "; if($viewall != 1) { $query .= "AND `revoked`=0 AND `renewed`=0 "; @@ -49,7 +49,7 @@ { ?> <tr> - <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td> + <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td> </tr> <? } else { while($row = mysql_fetch_assoc($res)) @@ -85,8 +85,10 @@ <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td> </tr> <? } ?> + <tr> + <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td> + </tr> </table> <input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" /> </form> -<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p> diff --git a/pages/account/17.php b/pages/account/17.php index 2ba5390..8ac8b65 100644 --- a/pages/account/17.php +++ b/pages/account/17.php @@ -14,124 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work.")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/account/4.php b/pages/account/4.php index a4d6597..8ac8b65 100644 --- a/pages/account/4.php +++ b/pages/account/4.php @@ -14,177 +14,6 @@ You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -*/ ?> -<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> -<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec"> -<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> -</object> -<form method="post" action="account.php" name="CertReqForm"><p> -<input type="hidden" name="session" value="UsedXenroll"> -<?=_("Key Strength:")?> <select name="CspProvider"></select> -<input type="hidden" name="oldid" value="<?=$id?>"> -<INPUT TYPE=HIDDEN NAME="CSR"> -<input type="hidden" name="keytype" value="MS"> -<input type="submit" name="GenReq" value="Create Certificate"><br> -</p></form> -<script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next +*/ - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - // Vista: - Set csps = CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) Then - csps.AddAvailableCsps() - Document.CertReqForm.keytype.value="VI" - For j = 0 to csps.Count-1 - Set oOption = document.createElement("OPTION") - oOption.text = csps.ItemByIndex(j).Name - oOption.value = j - Document.CertReqForm.CspProvider.add(oOption) - Next - - Else - - // 2000,XP: - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if - End If -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - - - // Vista - if Document.CertReqForm.keytype.value="VI" Then - - Dim g_objClassFactory - Dim obj - Dim objPrivateKey - Dim g_objRequest - Dim g_objRequestCMC - - Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - //Msgbox exit function - objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text - // "Microsoft Enhanced RSA and AES Cryptographic Provider" - objPrivateKey.ProviderType = "24" - objPrivateKey.KeySpec = "1" - objPrivateKey.ExportPolicy = 1 - objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - objDN.Encode("CN=CAcertRequest") - objRequest.Subject = objDN - - // obj.Initialize(1) - obj.InitializeFromRequest(objRequest) - obj.CertificateDescription="Description" - obj.CertificateFriendlyName="FriendlyName" - CSR=obj.CreateRequest(1) - If len(CSR)<>0 Then Exit Function - Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" - - else - // XP - - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - cec.GenKeyFlags = &h04000001 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = &h04000000 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - End if -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub - -GetProviderList() ---> -</script> -<? } else { ?> -<p> -<form method="post" action="account.php"> -<input type="hidden" name="keytype" value="NS"> -<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>"> - -<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>"> -<input type="hidden" name="oldid" value="<?=$id?>"> -</form> -</p> -<? } ?> +require_once($_SESSION['_config']['filepath'].'/includes/keygen.php'); diff --git a/pages/index/4.php b/pages/index/4.php index ffbfe26..9eb90af 100644 --- a/pages/index/4.php +++ b/pages/index/4.php @@ -29,7 +29,7 @@ <? } else { ?> <style> .box2 {width:100%;text-align:center;} -.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:250px;width:300px;padding:1em;} +.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;} .smalltext {font-size:10px;} label {width:100px;display:block;float:left;} text {width:166px;display:block;float:left;} @@ -45,15 +45,15 @@ h1 {font-size:1.9em;text-align:center;} <label for="email"><?=_("Email Address")?>:</label><input type='text' name="email" value="<?=sanitizeHTML(array_key_exists("email",$_REQUEST)?$_REQUEST['email']:"")?>" <? if(array_key_exists('notauto',$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>/><br /> <label for="pword"><?=_("Pass Phrase")?>:</label><input type='password' name='pword' autocomplete="off"/><br /> <input type='submit' name="process" value="<?=_("Login")?>" /><br /><br /> -<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> - -<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> - +<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> - +<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> - <a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&noauto=1'><?=_("Net Cafe Login")?></a><br /> <p class='smalltext'><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p> <input type="hidden" name="oldid" value="<?=$id?>"> </form> </div> </div> -<? } +<? } if(array_key_exists("oldlocation",$_SESSION['_config']) && $_SESSION['_config']['oldlocation']!="") { echo "<br/><center>"._("If you want to use certificate login instead of username+password, please")." <a href='https://secure.cacert.org/".sanitizeHTML($_SESSION['_config']['oldlocation'])."'>"._("click here")."</a></center>"; diff --git a/www/keygenIE.js b/www/keygenIE.js new file mode 100644 index 0000000..be2d184 --- /dev/null +++ b/www/keygenIE.js @@ -0,0 +1,609 @@ +/* +LibreSSL - CAcert web application +Copyright (C) 2004-2012 CAcert Inc. + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; version 2 of the License. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +*/ + +var CAcert_keygen_IE = function () { + + /// Makes a new DOM text node + var textnode = function (text) { + return document.createTextNode(text); + } + + /// makes a new <p> element + var paragraph = function (text) { + var paragraph = document.createElement("p"); + paragraph.appendChild(textnode(text)); + return paragraph; + } + + /// makes a new <pre> elemtent + var pre = function (text) { + var pre = document.createElement("pre"); + pre.appendChild(textnode(text)); + return pre; + } + + /// makes a new <option> element + var option = function (text, value) { + var option = document.createElement("option"); + if (value !== undefined) { + option.setAttribute("value", value); + } + option.appendChild(textnode(text)); + return option; + } + + /// Removes all child nodes from the element + var removeChildren = function (element) { + element.innerHTML = ""; + } + + /// Show error message to user from exception + var showError = function (message, exception) { + window.alert( + message + + "\n\nError: " + exception.message + + " (0x" + (0xFFFFFFFF + exception.number + 1).toString(16) + + " / " + exception.number + ")" + ); + } + + // Get important elements from the DOM + var form = document.getElementById("CertReqForm"); + var securityLevel = document.getElementById("SecurityLevel"); + var customSettings = document.getElementById("customSettings"); + var provider = document.getElementById("CspProvider"); + var algorithm = document.getElementById("algorithm"); + var algorithmParagraph = document.getElementById("algorithmParagraph"); + var keySize = document.getElementById("keySize"); + var keySizeMin = document.getElementById("keySizeMin"); + var keySizeMax = document.getElementById("keySizeMax"); + var keySizeStep = document.getElementById("keySizeStep"); + var genReq = document.getElementById("GenReq"); + var csr = document.getElementById("CSR"); + var noActiveX = document.getElementById("noActiveX"); + var generatingKeyNotice = document.getElementById("generatingKeyNotice"); + var createRequestErrorChooseAlgorithm = document.getElementById("createRequestErrorChooseAlgorithm"); + var createRequestErrorConfirmDialogue = document.getElementById("createRequestErrorConfirmDialogue"); + var createRequestErrorConnectDevice = document.getElementById("createRequestErrorConnectDevice"); + var createRequestError = document.getElementById("createRequestError"); + var invalidKeySizeError = document.getElementById("invalidKeySizeError"); + var unsupportedPlatformError = document.getElementById("unsupportedPlatformError"); + + /// Initialise the CertEnroll code (Vista and higher) + /// returns false if initialisation fails + var initCertEnroll = function () { + var factory = null; + var providerList = null; + var cspStats = null; + + // Try to initialise the ActiveX element. Requires permissions by the user + try { + factory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory"); + if (!factory) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + // also try to create a useless object here so the library gets + // initialised and we don't need to check everytime later + factory.CreateObject("X509Enrollment.CObjectId"); + + form.style.display = ""; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + /// Get the selected provider + var getProvider = function () { + var providerIndex = provider.options[provider.selectedIndex].value; + return providerList.ItemByIndex(providerIndex); + } + + /// Get the selected algorithm + var getAlgorithm = function () { + var algorithmIndex = algorithm.options[algorithm.selectedIndex].value; + return alg = cspStats.ItemByIndex(algorithmIndex).CspAlgorithm; + } + + /// Get the selected key size + var getKeySize = function () { + var alg = getAlgorithm(); + + var bits = parseInt(keySize.value, 10); + if ( + (bits < alg.MinLength) || + (bits > alg.MaxLength) || + ( + alg.IncrementLength && + ((bits - alg.MinLength) % alg.IncrementLength !== 0) + ) + ) { + return false; + } + + return bits; + } + + /// Fill the key size list + var getKeySizeList = function () { + if (!cspStats) { + return false; + } + + var alg = getAlgorithm(); + + // HTML5 attributes + keySize.setAttribute("min", alg.MinLength); + keySize.setAttribute("max", alg.MaxLength); + keySize.setAttribute("step", alg.IncrementLength); + keySize.setAttribute("value", alg.DefaultLength); + keySize.value = ""+alg.DefaultLength; + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = alg.MinLength; + keySizeMax.innerHTML = alg.MaxLength; + keySizeStep.innerHTML = alg.IncrementLength; + + return true; + } + + /// Fill the algorithm list + var getAlgorithmList = function () { + var i; + + if (!providerList) { + return false; + } + + var csp = getProvider(); + + cspStats = providerList.GetCspStatusesFromOperations( + 0x1c, //XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION + //0x10, //XCN_NCRYPT_SIGNATURE_OPERATION + //0x8, //XCN_NCRYPT_SECRET_AGREEMENT_OPERATION + //0x4, //XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION + csp + ); + + removeChildren(algorithm); + for (i = 0; i < cspStats.Count; i++) { + var alg = cspStats.ItemByIndex(i).CspAlgorithm; + algorithm.appendChild(option(alg.Name, i)); + } + + return getKeySizeList(); + } + + /// Fill the crypto provider list + var getProviderList = function () { + var i; + + var csps = factory.CreateObject("X509Enrollment.CCspInformations"); + + // Get provider information + csps.AddAvailableCsps(); + + removeChildren(provider); + + for (i = 0; i < csps.Count; i++) { + var csp = csps.ItemByIndex(i); + provider.appendChild(option(csp.Name, i)); + } + + providerList = csps; + + return getAlgorithmList(); + } + + /// Generate a key and create and submit the actual CSR + var createCSR = function () { + var providerName, algorithmOid, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + providerName = getProvider().Name; + var alg = getAlgorithm(); + algorithmOid = alg.GetAlgorithmOid(0, 0) + bits = getKeySize(); + if (!bits) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + } else { + providerName = "Microsoft Software Key Storage Provider"; + + algorithmOid = factory.CreateObject("X509Enrollment.CObjectId"); + algorithmOid.InitializeFromValue("1.2.840.113549.1.1.1"); // RSA + // "1.2.840.10040.4.1" == DSA + // "1.2.840.10046.2.1" == DH + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + var privateKey = factory.CreateObject("X509Enrollment.CX509PrivateKey"); + privateKey.ProviderName = providerName; + privateKey.Algorithm = algorithmOid; + privateKey.Length = bits; + privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES + + var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10"); + request.InitializeFromPrivateKey( + 1, // ContextUser + privateKey, + "" // don't use a template + ); + + var enroll = factory.CreateObject("X509Enrollment.CX509Enrollment"); + enroll.InitializeFromRequest(request); + + generatingKeyNotice.style.display = ""; + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = enroll.CreateRequest(0x1); //XCN_CRYPT_STRING_BASE64 + form.submit(); + } catch (e) { + showError(createRequestErrorChooseAlgorithm.innerHTML, e); + } + + generatingKeyNotice.style.display = "none"; + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + algorithm.onchange = getKeySizeList; + genReq.onclick = createCSR; + + return true; + } // end of initCertEnroll() + + /// Initialise Xenroll code (XP and lower) + /// returns false if initialisation fails + var initXEnroll = function () { + cenroll = null; + + providerTypes = Array( + 1, //PROV_RSA_FULL + 2, //PROV_RSA_SIG + 3, //PROV_DSS + 4, //PROV_FORTEZZA + 5, //PROV_MS_EXCHANGE + 6, //PROV_SSL + 12, //PROV_RSA_SCHANNEL + 13, //PROV_DSS_DH + 14, //PROV_EC_ECDSA_SIG + 15, //PROV_EC_ECNRA_SIG + 16, //PROV_EC_ECDSA_FULL + 17, //PROV_EC_ECNRA_FULL + 18, //PROV_DH_SCHANNEL + 20, //PROV_SPYRUS_LYNKS + 21, //PROV_RNG + 22, //PROV_INTEL_SEC + 23, //PROV_REPLACE_OWF + 24 //PROV_RSA_AES + ); + + algClasses = Array( + 1 << 13, //ALG_CLASS_SIGNATURE + //2 << 13, //ALG_CLASS_MSG_ENCRYPT + //3 << 13, //ALG_CLASS_DATA_ENCRYPT + //4 << 13, //ALG_CLASS_HASH + 5 << 13 //ALG_CLASS_KEY_EXCHANGE + ); + + // Try to initialise the ActiveX element. + try { + cenroll = new ActiveXObject("CEnroll.CEnroll"); + + if (!cenroll) { + throw { + name: "NoObjectError", + message: "Got null at object creation" + }; + } + + form.style.display = ""; + algorithm.disabled = true; + noActiveX.style.display = "none"; + } catch (e) { + return false; + } + + /// Get the name of the selected provider + var getProviderName = function () { + return provider.options[provider.selectedIndex].text; + } + + /// Get the type of the selected provider + var getProviderType = function () { + return parseInt(provider.options[provider.selectedIndex].value, 10); + } + + var refreshProvider = function () { + cenroll.ProviderName = getProviderName(); + cenroll.ProviderType = getProviderType(); + } + + /// Get the ID of the selected algorithm + var getAlgorithmId = function () { + return parseInt(algorithm.options[algorithm.selectedIndex].value, 10); + } + + /// Minimum bit length for exchange keys + var getMinExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, true); + } catch (e) { + return false; + } + } + + /// Maximum bit length for exchange keys + var getMaxExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, true); + } catch (e) { + return false; + } + } + + /// Step size for exchange keys + /// This might not be available on older platforms + var getStepExKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 1); + } catch (e) { + return false; + } + } + + /// Minimum bit length for signature keys + var getMinSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(true, false); + } catch (e) { + return false; + } + } + + /// Maximum bit length for signature keys + var getMaxSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLen(false, false); + } catch (e) { + return false; + } + } + + /// Step size for signature keys + /// This might not be available on older platforms + var getStepSigKeyLength = function () { + refreshProvider(); + + try { + return cenroll.GetKeyLenEx(3, 2); + } catch (e) { + return false; + } + } + + /// Get the selected key size + var getKeySize = function () { + var bits = parseInt(keySize.value, 10); + if ( + (bits < getMinSigKeyLength()) || + (bits > getMaxSigKeyLength()) || + ( + getStepSigKeyLength() && + ((bits - getMinSigKeyLength()) % getStepSigKeyLength() !== 0) + ) + ) { + return false; + } + + return bits; + } + + var getKeySizeLimits = function () { + // HTML5 attributes + keySize.setAttribute("min", getMinSigKeyLength()); + keySize.setAttribute("max", getMaxSigKeyLength()); + if (getStepSigKeyLength()) { + keySize.setAttribute("step", getStepSigKeyLength()); + } + + // ugly, but buggy otherwise if done with text nodes + keySizeMin.innerHTML = getMinSigKeyLength(); + keySizeMax.innerHTML = getMaxSigKeyLength(); + keySizeStep.innerHTML = getStepSigKeyLength(); + + if (getMinSigKeyLength() === getMaxSigKeyLength()) { + keySize.value = getMaxSigKeyLength(); + } + + return true; + } + + /// Fill the algorithm selection box + var getAlgorithmList = function () { + var i, j; + + refreshProvider(); + + removeChildren(algorithm); + + for (i = 0; i < algClasses.length; ++i) { + for (j = 0; true; ++j) { + try { + var algId = cenroll.EnumAlgs(j, algClasses[i]); + var algName = cenroll.GetAlgName(algId); + algorithm.appendChild(option(algName, algId)); + } catch (e) { + break; + } + } + } + + getKeySizeLimits(); + } + + /// Fill the provider selection box + var getProviderList = function () { + var i, j; + + removeChildren(provider); + + for (i = 0; i < providerTypes.length; ++i) { + cenroll.providerType = providerTypes[i]; + + var providerName = "invalid"; + for (j = 0; true; ++j) { + try { + providerName = cenroll.enumProviders(j, 0); + provider.appendChild(option(providerName, providerTypes[i])); + } catch (e) { + break; + } + } + } + + return getAlgorithmList(); + } + + var createCSR = function () { + var providerName, bits; + + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + refreshProvider(); + + bits = getKeySize(); + if (bits === false) { + window.alert(invalidKeySizeError.innerHTML); + return false; + } + } else { + cenroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; + cenroll.ProviderType = 1; //PROV_RSA_FULL + + if (level.value === "high") { + bits = 4096; + } else { // medium + bits = 2048; + } + } + + cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits + //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE + + generatingKeyNotice.style.display = ""; + + // The request needs to be created after we return so the "please wait" + // message gets rendered + var createCSRHandler = function () { + try { + csr.value = cenroll.createPKCS10("", "1.3.6.1.5.5.7.3.2"); + form.submit(); + } catch (e) { + if (e.number === -2147023673) { + // 0x800704c7 => dialogue declined + showError(createRequestErrorConfirmDialogue.innerHTML, e); + } else if (e.number === -2146435043) { + // 0x8010001d => crypto-device not connected + showError(createRequestErrorConnectDevice.innerHTML, e); + } else { + showError(createRequestError.innerHTML, e); + } + } + + generatingKeyNotice.style.display = "none"; + cenroll.Reset(); + } + + window.setTimeout(createCSRHandler, 0); + + // Always return false, form is submitted by deferred method + return false; + } + + /// Call if securityLevel has changed + var refreshSecurityLevel = function () { + var level = securityLevel.options[securityLevel.selectedIndex]; + if (level.value === "custom") { + getProviderList(); + customSettings.style.display = ""; + } else { + customSettings.style.display = "none"; + } + } + + securityLevel.onchange = refreshSecurityLevel; + provider.onchange = getAlgorithmList; + algorithm.onchange = getKeySizeLimits; + genReq.onclick = createCSR; + + return true; + }; + + // Run the init functions until one is successful + if (initCertEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else if (initXEnroll()) { + form.style.display = ""; + noActiveX.style.display = "none"; + } else { + window.alert(unsupportedPlatformError.innerHTML); + } +} (); |