summaryrefslogtreecommitdiff
path: root/includes/keygen.php
blob: 270a569204419390b070e8b59759b921d9f00226 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
<? /*
    LibreSSL - CAcert web application
    Copyright (C) 2004-2011  CAcert Inc.

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; version 2 of the License.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
*/

if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>

	<noscript>
		<p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
		<p><?=_('If you don\'t want to do that for any reason, you can use '.
			'manually created certificate requests instead.')?></p>
	</noscript>

	<div id="noActiveX" class="error_fatal">
		<p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
		<p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
			'later versions you have to add this website to the list of trusted sites '.
			'in the internet settings.')?></p>
		<p><?php
			printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
				'Websites", click on "Custom Level", set "ActiveX control '.
				'elements that are not marked as safe initialized on start in '.
				'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
				'"%s" and "%s" to your list of trusted sites and make the '.
				'changes come into effect by clicking "Close" and "OK".'),
				'https://'.$_SESSION['_config']['normalhostname'],
				'https://'.$_SESSION['_config']['securehostname'])?>
		</p>
	</div>

	<form method="post" style="display:none;" action="account.php"
			id="CertReqForm">
		<input type="hidden" name="oldid" value="<?=intval($id)?>" />
		<input type="hidden" id="CSR" name="CSR" />
		<input type="hidden" name="keytype" value="MS" />

		<p><?=_('Security level')?>:
			<select id="SecurityLevel">
				<option value="high" selected="selected"><?=_('High')?></option>
				<option value="medium"><?=_('Medium')?></option>
				<option value="custom"><?=_('Custom')?>&hellip;</option>
			</select>
		</p>

		<fieldset id="customSettings" style="display:none">
			<legend><?=_('Custom Parameters')?></legend>

			<p><?=_('Cryptography Provider')?>:
				<select id="CspProvider"></select>
			</p>
			<p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
			<p><?=_('Keysize')?>:
				<input id="keySize" type="number" />
				<?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
				<?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
				<?php
				// TRANSLATORS: this specifies the step between two valid key
				// sizes. E.g. if the step is 512 and the minimum is 1024 and
				// the maximum is 2048, then only 1024, 1536 and 2048 bits may
				// be specified as key size.
				echo _('Step')?>: <span id="keySizeStep"></span></p>
			<p class="error_fatal"><?php
				printf(_('Please note that RSA key sizes smaller than %d bit '.
					'will not be accepted by CAcert.'),
					2048)?>
			</p>
		</fieldset>

		<p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
		<p id="generatingKeyNotice" style="display:none">
			<?=_('Generating your key. Please wait')?>&hellip;</p>
	</form>

	<!-- Error messages used in the JavaScript. Defined here so they can be
	translated without passing the JavaScript code through PHP -->
	<p id="createRequestErrorChooseAlgorithm" style="display:none">
		<?=_('Could not generate certificate request. Probably you need to '.
			'choose a different algorithm.')?>
	</p>
	<p id="createRequestErrorConfirmDialogue" style="display:none">
		<?=_('Could not generate certificate request. Please confirm the '.
			'dialogue if you are asked if you want to generate the key.')?>
	</p>
	<p id="createRequestErrorConnectDevice" style="display:none">
		<?=_('Could not generate certificate request. Please make sure the '.
			'cryptography device (e.g. the smartcard) is connected.')?>
	</p>
	<p id="createRequestError" style="display:none">
		<?=_('Could not generate certificate request.')?>
	</p>
	<p id="invalidKeySizeError" style="display:none">
		<?=_('You have specified an invalid key size')?>
	</p>
	<p id="unsupportedPlatformError" style="display:none">
		<?=_('Could not initialize the cryptographic module for your '.
			'platform. Currently we support Microsoft Windows XP, Vista '.
			'and 7. If you\'re using one of these platforms and see this '.
			'error message anyway you might have to enable ActiveX as '.
			'described in the red explanation text and accept loading of '.
			'the module.')?>
	</p>

	<script type="text/javascript" src="keygenIE.js"></script>

<? } else { ?>
	<p>
		<form method="post" action="account.php">
			<input type="hidden" name="keytype" value="NS">
			<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">

			<input type="submit" name="submit" value="<?=_("Generate key pair within browser")?>">
			<input type="hidden" name="oldid" value="<?=intval($id)?>">
		</form>
	</p>
<? }