fcbc48cf857c5e8d53415cf1ab9155aca17e132a
[cacert-devel.git] / includes / keygen.php
1 <? /*
2 LibreSSL - CAcert web application
3 Copyright (C) 2004-2011 CAcert Inc.
4
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; version 2 of the License.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software
16 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18
19 if (array_key_exists('HTTP_USER_AGENT',$_SERVER) &&
20 strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
21 <object
22 classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
23 codebase="/xenroll.cab#Version=5,131,3659,0"
24 id="cec"
25 >
26 <?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?>
27 <?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
28 </object>
29
30 <form method="post" action="account.php" name="CertReqForm">
31 <p><input type="hidden" name="session" value="UsedXenroll">
32 <?=_("Key Strength:")?> <select name="CspProvider"></select></p>
33
34 <p>Select Keysize: <select name="keySize" id="keySize">
35 <option value="2048" selected="selected">2048</option>
36 <option value="3072">3072</option>
37 <option value="4096">4096</option>
38 </select></p>
39
40 <input type="hidden" name="oldid" value="<?=$id?>">
41 <INPUT TYPE=HIDDEN NAME="CSR">
42 <input type="hidden" name="keytype" value="MS">
43 <p><input type="submit" name="GenReq" value="Create Certificate"></p>
44 </form>
45
46 <script type="text/vbscript" language="vbscript">
47 <!--
48 Function GetProviderList()
49 Dim CspList, cspIndex, ProviderName
50 On Error Resume Next
51
52 count = 0
53 base = 0
54 enhanced = 0
55 CspList = ""
56 ProviderName = ""
57
58 // Vista:
59 Set csps = CreateObject("X509Enrollment.CCspInformations")
60 If IsObject(csps) Then
61 csps.AddAvailableCsps()
62 Document.CertReqForm.keytype.value="VI"
63 For j = 0 to csps.Count-1
64 Set oOption = document.createElement("OPTION")
65 oOption.text = csps.ItemByIndex(j).Name
66 oOption.value = j
67 Document.CertReqForm.CspProvider.add(oOption)
68 Next
69
70 Else
71
72 // 2000,XP:
73
74 For ProvType = 0 to 13
75 cspIndex = 0
76 cec.ProviderType = ProvType
77 ProviderName = cec.enumProviders(cspIndex,0)
78
79 while ProviderName <> ""
80 Set oOption = document.createElement("OPTION")
81 oOption.text = ProviderName
82 oOption.value = ProvType
83 Document.CertReqForm.CspProvider.add(oOption)
84 if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
85 base = count
86 end if
87 if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
88 enhanced = count
89 end if
90 cspIndex = cspIndex +1
91 ProviderName = ""
92 ProviderName = cec.enumProviders(cspIndex,0)
93 count = count + 1
94 wend
95 Next
96 Document.CertReqForm.CspProvider.selectedIndex = base
97 if enhanced then
98 Document.CertReqForm.CspProvider.selectedIndex = enhanced
99 end if
100 End If
101 End Function
102
103 Function CSR(keyflags)
104 CSR = ""
105 szName = ""
106
107
108 // Vista
109 if Document.CertReqForm.keytype.value="VI" Then
110 Dim g_objClassFactory
111 Dim obj
112 Dim objPrivateKey
113 Dim g_objRequest
114 Dim g_objRequestCMC
115
116 Set g_objClassFactory = CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
117 Set obj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
118 Set objPrivateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
119 Set objRequest = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
120 //Msgbox exit function
121 objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
122 // "Microsoft Enhanced RSA and AES Cryptographic Provider"
123 objPrivateKey.ProviderType = "24"
124 objPrivateKey.KeySpec = "1"
125 objPrivateKey.ExportPolicy = 1
126 select case Document.CertReqForm.keySize
127 case "3072"
128 objPrivateKey.Length = &h0C000000
129 case "4096"
130 objPrivateKey.Length = &h10000000
131 case else
132 objPrivateKey.Length = &h08000000
133 end select
134 objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
135 Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
136 objDN.Encode("CN=CAcertRequest")
137 objRequest.Subject = objDN
138
139 // obj.Initialize(1)
140 obj.InitializeFromRequest(objRequest)
141 obj.CertificateDescription = "Description"
142 obj.CertificateFriendlyName = "FriendlyName"
143 CSR = obj.CreateRequest(1)
144 If len(CSR)<>0 Then Exit Function
145 Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
146
147 else
148 // XP
149 Dim lngAltKeyFlag
150
151 cec.HashAlgorithm = "MD5"
152 err.clear
153 On Error Resume Next
154 set options = document.all.CspProvider.options
155 index = options.selectedIndex
156 cec.providerName = options(index).text
157 tmpProviderType = options(index).value
158 cec.providerType = tmpProviderType
159 cec.KeySpec = 2
160 if tmpProviderType < 2 Then
161 cec.KeySpec = 1
162 end if
163
164 select case Document.CertReqForm.keySize
165 case "3072"
166 cec.GenKeyFlags = &h0C000001
167 lngAltKeyFLag = &h0C000000
168 case "4096"
169 cec.GenKeyFlags = &h10000001
170 lngAltKeyFLag = &h10000000
171 case else
172 cec.GenKeyFlags = &h08000001
173 lngAltKeyFLag = &h08000000
174 end select
175 CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
176 if len(CSR)<>0 then Exit Function
177 cec.GenKeyFlags = lngAltKeyFLag
178 CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
179 if len(CSR)<>0 then Exit Function
180 if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
181 if MsgBox("<?=_("The high encryption key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
182 cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
183 else
184 Exit Function
185 end if
186 end if
187 cec.GenKeyFlags = 1 OR keyflags
188 CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
189 if len(CSR)<>0 then Exit Function
190 cec.GenKeyFlags = keyflags
191 CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
192 if len(CSR)<>0 then Exit Function
193 cec.GenKeyFlags = 0
194 CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
195 End if
196 End Function
197
198 Sub GenReq_OnClick
199 Dim TheForm
200 Set TheForm = Document.CertReqForm
201 err.clear
202 result = CSR(2)
203 if len(result)=0 Then
204 result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
205 Exit Sub
206 end if
207 TheForm.CSR.Value = result
208 TheForm.Submit
209 Exit Sub
210 End Sub
211
212 GetProviderList()
213 -->
214 </script>
215 <? } else { ?>
216 <p>
217 <form method="post" action="account.php">
218 <input type="hidden" name="keytype" value="NS">
219 <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
220
221 <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
222 <input type="hidden" name="oldid" value="<?=$id?>">
223 </form>
224 </p>
225 <? }