summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/keygen.php291
1 files changed, 96 insertions, 195 deletions
diff --git a/includes/keygen.php b/includes/keygen.php
index fcbc48c..414b087 100644
--- a/includes/keygen.php
+++ b/includes/keygen.php
@@ -16,202 +16,103 @@
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-if (array_key_exists('HTTP_USER_AGENT',$_SERVER) &&
- strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
- <object
- classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
- codebase="/xenroll.cab#Version=5,131,3659,0"
- id="cec"
- >
- <?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?>
- <?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
- </object>
-
- <form method="post" action="account.php" name="CertReqForm">
- <p><input type="hidden" name="session" value="UsedXenroll">
- <?=_("Key Strength:")?> <select name="CspProvider"></select></p>
-
- <p>Select Keysize: <select name="keySize" id="keySize">
- <option value="2048" selected="selected">2048</option>
- <option value="3072">3072</option>
- <option value="4096">4096</option>
- </select></p>
-
- <input type="hidden" name="oldid" value="<?=$id?>">
- <INPUT TYPE=HIDDEN NAME="CSR">
- <input type="hidden" name="keytype" value="MS">
- <p><input type="submit" name="GenReq" value="Create Certificate"></p>
- </form>
-
- <script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
- Dim CspList, cspIndex, ProviderName
- On Error Resume Next
-
- count = 0
- base = 0
- enhanced = 0
- CspList = ""
- ProviderName = ""
-
- // Vista:
- Set csps = CreateObject("X509Enrollment.CCspInformations")
- If IsObject(csps) Then
- csps.AddAvailableCsps()
- Document.CertReqForm.keytype.value="VI"
- For j = 0 to csps.Count-1
- Set oOption = document.createElement("OPTION")
- oOption.text = csps.ItemByIndex(j).Name
- oOption.value = j
- Document.CertReqForm.CspProvider.add(oOption)
- Next
-
- Else
-
- // 2000,XP:
-
- For ProvType = 0 to 13
- cspIndex = 0
- cec.ProviderType = ProvType
- ProviderName = cec.enumProviders(cspIndex,0)
-
- while ProviderName <> ""
- Set oOption = document.createElement("OPTION")
- oOption.text = ProviderName
- oOption.value = ProvType
- Document.CertReqForm.CspProvider.add(oOption)
- if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
- base = count
- end if
- if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- enhanced = count
- end if
- cspIndex = cspIndex +1
- ProviderName = ""
- ProviderName = cec.enumProviders(cspIndex,0)
- count = count + 1
- wend
- Next
- Document.CertReqForm.CspProvider.selectedIndex = base
- if enhanced then
- Document.CertReqForm.CspProvider.selectedIndex = enhanced
- end if
- End If
-End Function
-
-Function CSR(keyflags)
- CSR = ""
- szName = ""
-
-
- // Vista
- if Document.CertReqForm.keytype.value="VI" Then
- Dim g_objClassFactory
- Dim obj
- Dim objPrivateKey
- Dim g_objRequest
- Dim g_objRequestCMC
-
- Set g_objClassFactory = CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
- Set obj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
- Set objPrivateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
- Set objRequest = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
- //Msgbox exit function
- objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
- // "Microsoft Enhanced RSA and AES Cryptographic Provider"
- objPrivateKey.ProviderType = "24"
- objPrivateKey.KeySpec = "1"
- objPrivateKey.ExportPolicy = 1
- select case Document.CertReqForm.keySize
- case "3072"
- objPrivateKey.Length = &h0C000000
- case "4096"
- objPrivateKey.Length = &h10000000
- case else
- objPrivateKey.Length = &h08000000
- end select
- objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
- Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
- objDN.Encode("CN=CAcertRequest")
- objRequest.Subject = objDN
-
- // obj.Initialize(1)
- obj.InitializeFromRequest(objRequest)
- obj.CertificateDescription = "Description"
- obj.CertificateFriendlyName = "FriendlyName"
- CSR = obj.CreateRequest(1)
- If len(CSR)<>0 Then Exit Function
- Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
-
- else
- // XP
- Dim lngAltKeyFlag
-
- cec.HashAlgorithm = "MD5"
- err.clear
- On Error Resume Next
- set options = document.all.CspProvider.options
- index = options.selectedIndex
- cec.providerName = options(index).text
- tmpProviderType = options(index).value
- cec.providerType = tmpProviderType
- cec.KeySpec = 2
- if tmpProviderType < 2 Then
- cec.KeySpec = 1
- end if
-
- select case Document.CertReqForm.keySize
- case "3072"
- cec.GenKeyFlags = &h0C000001
- lngAltKeyFLag = &h0C000000
- case "4096"
- cec.GenKeyFlags = &h10000001
- lngAltKeyFLag = &h10000000
- case else
- cec.GenKeyFlags = &h08000001
- lngAltKeyFLag = &h08000000
- end select
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = lngAltKeyFLag
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
- if MsgBox("<?=_("The high encryption key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
- cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
- else
- Exit Function
- end if
- end if
- cec.GenKeyFlags = 1 OR keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = keyflags
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- if len(CSR)<>0 then Exit Function
- cec.GenKeyFlags = 0
- CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
- End if
-End Function
-
-Sub GenReq_OnClick
- Dim TheForm
- Set TheForm = Document.CertReqForm
- err.clear
- result = CSR(2)
- if len(result)=0 Then
- result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
- Exit Sub
- end if
- TheForm.CSR.Value = result
- TheForm.Submit
- Exit Sub
-End Sub
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) &&
+ strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+
+ <noscript>
+ <p><?=_('You have to enable JavaScript to generate certificates in '.
+ 'the browser.')?></p>
+ <p><?=_('If you don\'t want to do that for any reason, you can use '.
+ 'manually created certificate requests instead.')?></p>
+ </noscript>
+
+ <div id="noActiveX" style="color:red">
+ <p><?=_('Could not initialize ActiveX object required for certificate '.
+ 'generation.')?></p>
+ <p><?=_('You have to enable ActiveX for this to work. On Windows '.
+ 'Vista, Windows 7 and later versions you have to add this '.
+ 'website to the list of trusted sites in the internet '.
+ 'settings.')?></p>
+ <p><?php
+ printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+ 'Websites", click on "Custom Level", set "ActiveX control '.
+ 'elements that are not marked as safe initialized on start in '.
+ 'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+ '"%s" and "%s" to your list of trusted sites and make the '.
+ 'changes come into effect by clicking "Close" and "OK".'),
+ 'https://'.$_SESSION['_config']['normalhostname'],
+ 'https://'.$_SESSION['_config']['securehostname'])?>
+ </p>
+ </div>
+
+ <form method="post" style="display:none" action="account.php"
+ id="CertReqForm">
+ <input type="hidden" name="oldid" value="<?=$id?>" />
+ <input type="hidden" id="CSR" name="CSR" />
+ <input type="hidden" name="keytype" value="MS" />
-GetProviderList()
--->
- </script>
+ <p><?=_('Security level')?>:
+ <select id="SecurityLevel">
+ <option value="high" selected="selected"><?=_('High')?></option>
+ <option value="medium"><?=_('Medium')?></option>
+ <option value="custom"><?=_('Custom')?>&hellip;</option>
+ </select>
+ </p>
+
+ <fieldset id="customSettings" style="display:none">
+ <legend><?=_('Custom Parameters')?></legend>
+
+ <p><?=_('Cryptography Provider')?>:
+ <select id="CspProvider"></select>
+ </p>
+ <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+ <p><?=_('Keysize')?>:
+ <input id="keySize" type="number" />
+ <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+ <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+ <?php
+ // TRANSLATORS: this specifies the step between two valid key
+ // sizes. E.g. if the step is 512 and the minimum is 1024 and
+ // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+ // be specified as key size.
+ _('Step')?>: <span id="keySizeStep"></span></p>
+ <p style="color:red"><?php
+ printf(_('Please note that RSA key sizes smaller than %d bit '.
+ 'will not be accepted by CAcert.'),
+ 1024)?>
+ </p>
+ </fieldset>
+
+ <p><input type="submit" id="GenReq" name="GenReq"
+ value="<?=_('Create Certificate')?>" /></p>
+ <p id="generatingKeyNotice" style="display:none">
+ <?=_('Generating your key. Please wait')?>&hellip;</p>
+ </form>
+
+
+ <!-- Error messages used in the JavaScript. Defined here so they can be
+ translated without passing the JavaScript code through PHP -->
+ <p id="createRequestErrorChooseAlgorithm" style="display:none">
+ <?=_('Could not generate certificate request. Probably you need to '.
+ 'choose a different algorithm.')?>
+ </p>
+ <p id="createRequestError" style="display:none">
+ <?=_('Could not generate certificate request.')?>
+ </p>
+ <p id="invalidKeySizeError" style="display:none">
+ <?=_('You have specified an invalid key size')?>
+ </p>
+ <p id="unsupportedPlatformError" style="display:none">
+ <?=_('Could not initialize the cryptographic module for your '.
+ 'platform. Currently we support Microsoft Windows XP, Vista '.
+ 'and 7. If you\'re using one of these platforms and see this '.
+ 'error message anyway you might have to enable ActiveX as '.
+ 'described in the red explanation text and accept loading of '.
+ 'the module.')?>
+ </p>
+
+ <script type="text/javascript" src="keygenIE.js"></script>
+
<? } else { ?>
<p>
<form method="post" action="account.php">