diff options
Diffstat (limited to 'includes/keygen.php')
| -rw-r--r-- | includes/keygen.php | 291 |
1 files changed, 96 insertions, 195 deletions
diff --git a/includes/keygen.php b/includes/keygen.php index fcbc48c..414b087 100644 --- a/includes/keygen.php +++ b/includes/keygen.php @@ -16,202 +16,103 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ -if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && - strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> - <object - classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" - codebase="/xenroll.cab#Version=5,131,3659,0" - id="cec" - > - <?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?> - <?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?> - </object> - - <form method="post" action="account.php" name="CertReqForm"> - <p><input type="hidden" name="session" value="UsedXenroll"> - <?=_("Key Strength:")?> <select name="CspProvider"></select></p> - - <p>Select Keysize: <select name="keySize" id="keySize"> - <option value="2048" selected="selected">2048</option> - <option value="3072">3072</option> - <option value="4096">4096</option> - </select></p> - - <input type="hidden" name="oldid" value="<?=$id?>"> - <INPUT TYPE=HIDDEN NAME="CSR"> - <input type="hidden" name="keytype" value="MS"> - <p><input type="submit" name="GenReq" value="Create Certificate"></p> - </form> - - <script type="text/vbscript" language="vbscript"> -<!-- -Function GetProviderList() - Dim CspList, cspIndex, ProviderName - On Error Resume Next - - count = 0 - base = 0 - enhanced = 0 - CspList = "" - ProviderName = "" - - // Vista: - Set csps = CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) Then - csps.AddAvailableCsps() - Document.CertReqForm.keytype.value="VI" - For j = 0 to csps.Count-1 - Set oOption = document.createElement("OPTION") - oOption.text = csps.ItemByIndex(j).Name - oOption.value = j - Document.CertReqForm.CspProvider.add(oOption) - Next - - Else - - // 2000,XP: - - For ProvType = 0 to 13 - cspIndex = 0 - cec.ProviderType = ProvType - ProviderName = cec.enumProviders(cspIndex,0) - - while ProviderName <> "" - Set oOption = document.createElement("OPTION") - oOption.text = ProviderName - oOption.value = ProvType - Document.CertReqForm.CspProvider.add(oOption) - if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then - base = count - end if - if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - enhanced = count - end if - cspIndex = cspIndex +1 - ProviderName = "" - ProviderName = cec.enumProviders(cspIndex,0) - count = count + 1 - wend - Next - Document.CertReqForm.CspProvider.selectedIndex = base - if enhanced then - Document.CertReqForm.CspProvider.selectedIndex = enhanced - end if - End If -End Function - -Function CSR(keyflags) - CSR = "" - szName = "" - - - // Vista - if Document.CertReqForm.keytype.value="VI" Then - Dim g_objClassFactory - Dim obj - Dim objPrivateKey - Dim g_objRequest - Dim g_objRequestCMC - - Set g_objClassFactory = CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - Set obj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - Set objPrivateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - Set objRequest = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - //Msgbox exit function - objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text - // "Microsoft Enhanced RSA and AES Cryptographic Provider" - objPrivateKey.ProviderType = "24" - objPrivateKey.KeySpec = "1" - objPrivateKey.ExportPolicy = 1 - select case Document.CertReqForm.keySize - case "3072" - objPrivateKey.Length = &h0C000000 - case "4096" - objPrivateKey.Length = &h10000000 - case else - objPrivateKey.Length = &h08000000 - end select - objRequest.InitializeFromPrivateKey 1, objPrivateKey, "" - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - objDN.Encode("CN=CAcertRequest") - objRequest.Subject = objDN - - // obj.Initialize(1) - obj.InitializeFromRequest(objRequest) - obj.CertificateDescription = "Description" - obj.CertificateFriendlyName = "FriendlyName" - CSR = obj.CreateRequest(1) - If len(CSR)<>0 Then Exit Function - Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>" - - else - // XP - Dim lngAltKeyFlag - - cec.HashAlgorithm = "MD5" - err.clear - On Error Resume Next - set options = document.all.CspProvider.options - index = options.selectedIndex - cec.providerName = options(index).text - tmpProviderType = options(index).value - cec.providerType = tmpProviderType - cec.KeySpec = 2 - if tmpProviderType < 2 Then - cec.KeySpec = 1 - end if - - select case Document.CertReqForm.keySize - case "3072" - cec.GenKeyFlags = &h0C000001 - lngAltKeyFLag = &h0C000000 - case "4096" - cec.GenKeyFlags = &h10000001 - lngAltKeyFLag = &h10000000 - case else - cec.GenKeyFlags = &h08000001 - lngAltKeyFLag = &h08000000 - end select - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = lngAltKeyFLag - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then - if MsgBox("<?=_("The high encryption key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then - cec.providerName = "Microsoft Base Cryptographic Provider v1.0" - else - Exit Function - end if - end if - cec.GenKeyFlags = 1 OR keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = keyflags - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - if len(CSR)<>0 then Exit Function - cec.GenKeyFlags = 0 - CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - End if -End Function - -Sub GenReq_OnClick - Dim TheForm - Set TheForm = Document.CertReqForm - err.clear - result = CSR(2) - if len(result)=0 Then - result = MsgBox("Unable to generate PKCS#10.", 0, "Alert") - Exit Sub - end if - TheForm.CSR.Value = result - TheForm.Submit - Exit Sub -End Sub +if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && + strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?> + + <noscript> + <p><?=_('You have to enable JavaScript to generate certificates in '. + 'the browser.')?></p> + <p><?=_('If you don\'t want to do that for any reason, you can use '. + 'manually created certificate requests instead.')?></p> + </noscript> + + <div id="noActiveX" style="color:red"> + <p><?=_('Could not initialize ActiveX object required for certificate '. + 'generation.')?></p> + <p><?=_('You have to enable ActiveX for this to work. On Windows '. + 'Vista, Windows 7 and later versions you have to add this '. + 'website to the list of trusted sites in the internet '. + 'settings.')?></p> + <p><?php + printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '. + 'Websites", click on "Custom Level", set "ActiveX control '. + 'elements that are not marked as safe initialized on start in '. + 'scripts" to "Confirm" and click "OK". Now click "Sites", add '. + '"%s" and "%s" to your list of trusted sites and make the '. + 'changes come into effect by clicking "Close" and "OK".'), + 'https://'.$_SESSION['_config']['normalhostname'], + 'https://'.$_SESSION['_config']['securehostname'])?> + </p> + </div> + + <form method="post" style="display:none" action="account.php" + id="CertReqForm"> + <input type="hidden" name="oldid" value="<?=$id?>" /> + <input type="hidden" id="CSR" name="CSR" /> + <input type="hidden" name="keytype" value="MS" /> -GetProviderList() ---> - </script> + <p><?=_('Security level')?>: + <select id="SecurityLevel"> + <option value="high" selected="selected"><?=_('High')?></option> + <option value="medium"><?=_('Medium')?></option> + <option value="custom"><?=_('Custom')?>…</option> + </select> + </p> + + <fieldset id="customSettings" style="display:none"> + <legend><?=_('Custom Parameters')?></legend> + + <p><?=_('Cryptography Provider')?>: + <select id="CspProvider"></select> + </p> + <p><?=_('Algorithm')?>: <select id="algorithm"></select></p> + <p><?=_('Keysize')?>: + <input id="keySize" type="number" /> + <?=_('Minimum Size')?>: <span id="keySizeMin"></span>, + <?=_('Maximum Size')?>: <span id="keySizeMax"></span>, + <?php + // TRANSLATORS: this specifies the step between two valid key + // sizes. E.g. if the step is 512 and the minimum is 1024 and + // the maximum is 2048, then only 1024, 1536 and 2048 bits may + // be specified as key size. + _('Step')?>: <span id="keySizeStep"></span></p> + <p style="color:red"><?php + printf(_('Please note that RSA key sizes smaller than %d bit '. + 'will not be accepted by CAcert.'), + 1024)?> + </p> + </fieldset> + + <p><input type="submit" id="GenReq" name="GenReq" + value="<?=_('Create Certificate')?>" /></p> + <p id="generatingKeyNotice" style="display:none"> + <?=_('Generating your key. Please wait')?>…</p> + </form> + + + <!-- Error messages used in the JavaScript. Defined here so they can be + translated without passing the JavaScript code through PHP --> + <p id="createRequestErrorChooseAlgorithm" style="display:none"> + <?=_('Could not generate certificate request. Probably you need to '. + 'choose a different algorithm.')?> + </p> + <p id="createRequestError" style="display:none"> + <?=_('Could not generate certificate request.')?> + </p> + <p id="invalidKeySizeError" style="display:none"> + <?=_('You have specified an invalid key size')?> + </p> + <p id="unsupportedPlatformError" style="display:none"> + <?=_('Could not initialize the cryptographic module for your '. + 'platform. Currently we support Microsoft Windows XP, Vista '. + 'and 7. If you\'re using one of these platforms and see this '. + 'error message anyway you might have to enable ActiveX as '. + 'described in the red explanation text and accept loading of '. + 'the module.')?> + </p> + + <script type="text/javascript" src="keygenIE.js"></script> + <? } else { ?> <p> <form method="post" action="account.php"> |