bug 782: added () for var_dump
[cacert-devel.git] / includes / keygen.php
index fcbc48c..09ec7f9 100644 (file)
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ 
+*/
 
-if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && 
-        strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
-    <object
-        classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
-        codebase="/xenroll.cab#Version=5,131,3659,0"
-        id="cec"
-    >
-        <?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?>
-        <?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
-    </object>
-    
-    <form method="post" action="account.php" name="CertReqForm">
-        <p><input type="hidden" name="session" value="UsedXenroll">
-        <?=_("Key Strength:")?> <select name="CspProvider"></select></p>
-        
-        <p>Select Keysize: <select name="keySize" id="keySize">
-            <option value="2048" selected="selected">2048</option>
-            <option value="3072">3072</option>
-            <option value="4096">4096</option>
-        </select></p>
-        
-        <input type="hidden" name="oldid" value="<?=$id?>">
-        <INPUT TYPE=HIDDEN NAME="CSR">
-        <input type="hidden" name="keytype" value="MS">
-        <p><input type="submit" name="GenReq" value="Create Certificate"></p>
-    </form>
-    
-    <script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
-    Dim CspList, cspIndex, ProviderName
-    On Error Resume Next
-    
-    count = 0
-    base = 0
-    enhanced = 0
-    CspList = ""
-    ProviderName = ""
-    
-    // Vista:
-    Set csps = CreateObject("X509Enrollment.CCspInformations")
-    If IsObject(csps) Then
-        csps.AddAvailableCsps()
-        Document.CertReqForm.keytype.value="VI"
-        For j = 0 to csps.Count-1
-            Set oOption = document.createElement("OPTION")
-            oOption.text = csps.ItemByIndex(j).Name
-            oOption.value = j
-            Document.CertReqForm.CspProvider.add(oOption)
-        Next
-    
-    Else
-        
-        // 2000,XP:
-        
-        For ProvType = 0 to 13
-            cspIndex = 0
-            cec.ProviderType = ProvType
-            ProviderName = cec.enumProviders(cspIndex,0)
-            
-            while ProviderName <> ""
-                Set oOption = document.createElement("OPTION")
-                oOption.text = ProviderName
-                oOption.value = ProvType
-                Document.CertReqForm.CspProvider.add(oOption)
-                if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
-                    base = count
-                end if
-                if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-                    enhanced = count
-                end if
-                cspIndex = cspIndex +1
-                ProviderName = ""
-                ProviderName = cec.enumProviders(cspIndex,0)
-                count = count + 1
-            wend
-        Next
-        Document.CertReqForm.CspProvider.selectedIndex = base
-        if enhanced then
-            Document.CertReqForm.CspProvider.selectedIndex = enhanced
-        end if
-    End If
-End Function
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
 
-Function CSR(keyflags)
-    CSR = ""
-    szName  = ""
-    
-    
-    // Vista
-    if Document.CertReqForm.keytype.value="VI" Then
-        Dim g_objClassFactory
-        Dim obj
-        Dim objPrivateKey
-        Dim g_objRequest
-        Dim g_objRequestCMC
-        
-        Set g_objClassFactory = CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
-        Set obj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
-        Set objPrivateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
-        Set objRequest = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
-        //Msgbox     exit function
-        objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
-        // "Microsoft Enhanced RSA and AES Cryptographic Provider"
-        objPrivateKey.ProviderType = "24"
-        objPrivateKey.KeySpec = "1"
-        objPrivateKey.ExportPolicy = 1
-        select case Document.CertReqForm.keySize
-            case "3072"
-                objPrivateKey.Length = &h0C000000
-            case "4096"
-                objPrivateKey.Length = &h10000000
-            case else
-                objPrivateKey.Length = &h08000000
-        end select
-        objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
-        Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
-        objDN.Encode("CN=CAcertRequest")
-        objRequest.Subject = objDN
-        
-        //  obj.Initialize(1)
-        obj.InitializeFromRequest(objRequest)
-        obj.CertificateDescription = "Description"
-        obj.CertificateFriendlyName = "FriendlyName"
-        CSR = obj.CreateRequest(1)
-        If len(CSR)<>0 Then Exit Function
-        Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
-        
-    else
-        // XP
-        Dim lngAltKeyFlag 
-        
-        cec.HashAlgorithm = "MD5"
-        err.clear
-        On Error Resume Next
-        set options = document.all.CspProvider.options
-        index = options.selectedIndex
-        cec.providerName = options(index).text
-        tmpProviderType = options(index).value
-        cec.providerType = tmpProviderType
-        cec.KeySpec = 2
-        if tmpProviderType < 2 Then
-            cec.KeySpec = 1
-        end if
-        
-        select case Document.CertReqForm.keySize
-            case "3072"
-                cec.GenKeyFlags = &h0C000001
-                lngAltKeyFLag = &h0C000000
-            case "4096"
-                cec.GenKeyFlags = &h10000001
-                lngAltKeyFLag = &h10000000
-            case else
-                cec.GenKeyFlags = &h08000001
-                lngAltKeyFLag = &h08000000
-        end select
-        CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-        if len(CSR)<>0 then Exit Function
-        cec.GenKeyFlags = lngAltKeyFLag
-        CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-        if len(CSR)<>0 then Exit Function
-        if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-            if MsgBox("<?=_("The high encryption key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
-                cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
-            else
-                Exit Function
-            end if
-        end if
-        cec.GenKeyFlags = 1 OR keyflags
-        CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-        if len(CSR)<>0 then Exit Function
-        cec.GenKeyFlags = keyflags
-        CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-        if len(CSR)<>0 then Exit Function
-        cec.GenKeyFlags = 0
-        CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-    End if
-End Function
+       <noscript>
+               <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
+               <p><?=_('If you don\'t want to do that for any reason, you can use '.
+                       'manually created certificate requests instead.')?></p>
+       </noscript>
 
-Sub GenReq_OnClick
-    Dim TheForm
-    Set TheForm = Document.CertReqForm
-    err.clear
-    result = CSR(2)
-    if len(result)=0 Then
-        result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
-        Exit Sub
-    end if
-    TheForm.CSR.Value = result
-    TheForm.Submit
-    Exit Sub
-End Sub
+       <div id="noActiveX" style="color:red">
+               <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
+               <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
+                       'later versions you have to add this website to the list of trusted sites '.
+                       'in the internet settings.')?></p>
+               <p><?php
+                       printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+                               'Websites", click on "Custom Level", set "ActiveX control '.
+                               'elements that are not marked as safe initialized on start in '.
+                               'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+                               '"%s" and "%s" to your list of trusted sites and make the '.
+                               'changes come into effect by clicking "Close" and "OK".'),
+                               'https://'.$_SESSION['_config']['normalhostname'],
+                               'https://'.$_SESSION['_config']['securehostname'])?>
+               </p>
+       </div>
+
+       <form method="post" style="display:none" action="account.php"
+                       id="CertReqForm">
+               <input type="hidden" name="oldid" value="<?=intval($id)?>" />
+               <input type="hidden" id="CSR" name="CSR" />
+               <input type="hidden" name="keytype" value="MS" />
+
+               <p><?=_('Security level')?>:
+                       <select id="SecurityLevel">
+                               <option value="high" selected="selected"><?=_('High')?></option>
+                               <option value="medium"><?=_('Medium')?></option>
+                               <option value="custom"><?=_('Custom')?>&hellip;</option>
+                       </select>
+               </p>
+
+               <fieldset id="customSettings" style="display:none">
+                       <legend><?=_('Custom Parameters')?></legend>
+
+                       <p><?=_('Cryptography Provider')?>:
+                               <select id="CspProvider"></select>
+                       </p>
+                       <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+                       <p><?=_('Keysize')?>:
+                               <input id="keySize" type="number" />
+                               <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+                               <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+                               <?php
+                               // TRANSLATORS: this specifies the step between two valid key
+                               // sizes. E.g. if the step is 512 and the minimum is 1024 and
+                               // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+                               // be specified as key size.
+                               echo _('Step')?>: <span id="keySizeStep"></span></p>
+                       <p style="color:red"><?php
+                               printf(_('Please note that RSA key sizes smaller than %d bit '.
+                                       'will not be accepted by CAcert.'),
+                                       1024)?>
+                       </p>
+               </fieldset>
+
+               <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
+               <p id="generatingKeyNotice" style="display:none">
+                       <?=_('Generating your key. Please wait')?>&hellip;</p>
+       </form>
+
+       <!-- Error messages used in the JavaScript. Defined here so they can be
+       translated without passing the JavaScript code through PHP -->
+       <p id="createRequestErrorChooseAlgorithm" style="display:none">
+               <?=_('Could not generate certificate request. Probably you need to '.
+                       'choose a different algorithm.')?>
+       </p>
+       <p id="createRequestErrorConfirmDialogue" style="display:none">
+               <?=_('Could not generate certificate request. Please confirm the '.
+                       'dialogue if you are asked if you want to generate the key.')?>
+       </p>
+       <p id="createRequestErrorConnectDevice" style="display:none">
+               <?=_('Could not generate certificate request. Please make sure the '.
+                       'cryptography device (e.g. the smartcard) is connected.')?>
+       </p>
+       <p id="createRequestError" style="display:none">
+               <?=_('Could not generate certificate request.')?>
+       </p>
+       <p id="invalidKeySizeError" style="display:none">
+               <?=_('You have specified an invalid key size')?>
+       </p>
+       <p id="unsupportedPlatformError" style="display:none">
+               <?=_('Could not initialize the cryptographic module for your '.
+                       'platform. Currently we support Microsoft Windows XP, Vista '.
+                       'and 7. If you\'re using one of these platforms and see this '.
+                       'error message anyway you might have to enable ActiveX as '.
+                       'described in the red explanation text and accept loading of '.
+                       'the module.')?>
+       </p>
+
+       <script type="text/javascript" src="keygenIE.js"></script>
 
-GetProviderList()
--->
-    </script>
 <? } else { ?>
-    <p>
-    <form method="post" action="account.php">
-        <input type="hidden" name="keytype" value="NS">
-        <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-        
-        <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
-        <input type="hidden" name="oldid" value="<?=$id?>">
-    </form>
-    </p>
+       <p>
+               <form method="post" action="account.php">
+                       <input type="hidden" name="keytype" value="NS">
+                       <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+                       <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+                       <input type="hidden" name="oldid" value="<?=intval($id)?>">
+               </form>
+       </p>
 <? }