Source code taken from cacert-20130227.tar.bz2
authorMichael Tänzer <neo@nhng.de>
Tue, 5 Mar 2013 22:08:48 +0000 (23:08 +0100)
committerMichael Tänzer <neo@nhng.de>
Tue, 5 Mar 2013 22:08:48 +0000 (23:08 +0100)
includes/account.php
includes/keygen.php [new file with mode: 0644]
locale/Makefile
pages/account/12.php
pages/account/17.php
pages/account/4.php
pages/index/4.php
www/keygenIE.js [new file with mode: 0644]

index 8125602..496c7ca 100644 (file)
                                                `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
                                                `subject`='".mysql_real_escape_string($csrsubject)."',
                                                `codesign`='".$_SESSION['_config']['codesign']."',
+                                               `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
                                                `rootcert`='".$_SESSION['_config']['rootcert']."'";
                        mysql_query($query);
                        $emailid = mysql_insert_id();
diff --git a/includes/keygen.php b/includes/keygen.php
new file mode 100644 (file)
index 0000000..09ec7f9
--- /dev/null
@@ -0,0 +1,128 @@
+<? /*
+    LibreSSL - CAcert web application
+    Copyright (C) 2004-2011  CAcert Inc.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; version 2 of the License.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+if (array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
+
+       <noscript>
+               <p><?=_('You have to enable JavaScript to generate certificates in the browser.')?></p>
+               <p><?=_('If you don\'t want to do that for any reason, you can use '.
+                       'manually created certificate requests instead.')?></p>
+       </noscript>
+
+       <div id="noActiveX" style="color:red">
+               <p><?=_('Could not initialize ActiveX object required for certificate generation.')?></p>
+               <p><?=_('You have to enable ActiveX for this to work. On Windows Vista, Windows 7 and '.
+                       'later versions you have to add this website to the list of trusted sites '.
+                       'in the internet settings.')?></p>
+               <p><?php
+                       printf(_('Go to "Extras -> Internet Options -> Security -> Trusted '.
+                               'Websites", click on "Custom Level", set "ActiveX control '.
+                               'elements that are not marked as safe initialized on start in '.
+                               'scripts" to "Confirm" and click "OK". Now click "Sites", add '.
+                               '"%s" and "%s" to your list of trusted sites and make the '.
+                               'changes come into effect by clicking "Close" and "OK".'),
+                               'https://'.$_SESSION['_config']['normalhostname'],
+                               'https://'.$_SESSION['_config']['securehostname'])?>
+               </p>
+       </div>
+
+       <form method="post" style="display:none" action="account.php"
+                       id="CertReqForm">
+               <input type="hidden" name="oldid" value="<?=intval($id)?>" />
+               <input type="hidden" id="CSR" name="CSR" />
+               <input type="hidden" name="keytype" value="MS" />
+
+               <p><?=_('Security level')?>:
+                       <select id="SecurityLevel">
+                               <option value="high" selected="selected"><?=_('High')?></option>
+                               <option value="medium"><?=_('Medium')?></option>
+                               <option value="custom"><?=_('Custom')?>&hellip;</option>
+                       </select>
+               </p>
+
+               <fieldset id="customSettings" style="display:none">
+                       <legend><?=_('Custom Parameters')?></legend>
+
+                       <p><?=_('Cryptography Provider')?>:
+                               <select id="CspProvider"></select>
+                       </p>
+                       <p><?=_('Algorithm')?>: <select id="algorithm"></select></p>
+                       <p><?=_('Keysize')?>:
+                               <input id="keySize" type="number" />
+                               <?=_('Minimum Size')?>: <span id="keySizeMin"></span>,
+                               <?=_('Maximum Size')?>: <span id="keySizeMax"></span>,
+                               <?php
+                               // TRANSLATORS: this specifies the step between two valid key
+                               // sizes. E.g. if the step is 512 and the minimum is 1024 and
+                               // the maximum is 2048, then only 1024, 1536 and 2048 bits may
+                               // be specified as key size.
+                               echo _('Step')?>: <span id="keySizeStep"></span></p>
+                       <p style="color:red"><?php
+                               printf(_('Please note that RSA key sizes smaller than %d bit '.
+                                       'will not be accepted by CAcert.'),
+                                       1024)?>
+                       </p>
+               </fieldset>
+
+               <p><input type="submit" id="GenReq" name="GenReq" value="<?=_('Create Certificate')?>" /></p>
+               <p id="generatingKeyNotice" style="display:none">
+                       <?=_('Generating your key. Please wait')?>&hellip;</p>
+       </form>
+
+       <!-- Error messages used in the JavaScript. Defined here so they can be
+       translated without passing the JavaScript code through PHP -->
+       <p id="createRequestErrorChooseAlgorithm" style="display:none">
+               <?=_('Could not generate certificate request. Probably you need to '.
+                       'choose a different algorithm.')?>
+       </p>
+       <p id="createRequestErrorConfirmDialogue" style="display:none">
+               <?=_('Could not generate certificate request. Please confirm the '.
+                       'dialogue if you are asked if you want to generate the key.')?>
+       </p>
+       <p id="createRequestErrorConnectDevice" style="display:none">
+               <?=_('Could not generate certificate request. Please make sure the '.
+                       'cryptography device (e.g. the smartcard) is connected.')?>
+       </p>
+       <p id="createRequestError" style="display:none">
+               <?=_('Could not generate certificate request.')?>
+       </p>
+       <p id="invalidKeySizeError" style="display:none">
+               <?=_('You have specified an invalid key size')?>
+       </p>
+       <p id="unsupportedPlatformError" style="display:none">
+               <?=_('Could not initialize the cryptographic module for your '.
+                       'platform. Currently we support Microsoft Windows XP, Vista '.
+                       'and 7. If you\'re using one of these platforms and see this '.
+                       'error message anyway you might have to enable ActiveX as '.
+                       'described in the red explanation text and accept loading of '.
+                       'the module.')?>
+       </p>
+
+       <script type="text/javascript" src="keygenIE.js"></script>
+
+<? } else { ?>
+       <p>
+               <form method="post" action="account.php">
+                       <input type="hidden" name="keytype" value="NS">
+                       <?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
+
+                       <input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
+                       <input type="hidden" name="oldid" value="<?=intval($id)?>">
+               </form>
+       </p>
+<? }
index 1517066..4215a4f 100644 (file)
@@ -176,7 +176,8 @@ upload.clean: template.clean
 messages.pot: $(GETTEXT_FILES)
        xgettext --output - --sort-by-file --copyright-holder "CAcert Inc." \
                --package-name "CAcert" --package-version "$(VERSION)" \
-               --msgid-bugs-address "translations-admin@cacert.org" $^ | \
+               --msgid-bugs-address "translations-admin@cacert.org" \
+               --add-comments=TRANSLATORS $^ | \
                # replace place holders in the lines before the first msgid\
                sed '1,/^msgid/ { s/SOME DESCRIPTIVE TITLE/$(DESCRITPION)/; s/YEAR/$(COPYRIGHT_YEAR)/; s/PACKAGE/$(PACKAGE)/ }' \
                > $@
index 44926ca..fa8b41a 100644 (file)
@@ -36,7 +36,7 @@
                        `domaincerts`.`expire` as `expires`, `revoked` as `revoke`,
                        UNIX_TIMESTAMP(`revoked`) as `revoked`, `CN`, `domaincerts`.`serial`, `domaincerts`.`id` as `id`
                        from `domaincerts`,`domains`
-                       where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `domaincerts`.`domid`=`domains`.`id` ";
+                       where `memid`='".intval($_SESSION['profile']['id'])."' and `domaincerts`.`domid`=`domains`.`id` ";
        if($viewall != 1)
        {
                $query .= "AND `revoked`=0 AND `renewed`=0 ";
@@ -49,7 +49,7 @@
        {
 ?>
   <tr>
-    <td colspan="6" class="DataTD"><?=_("No domains are currently listed.")?></td>
+    <td colspan="6" class="DataTD"><?=_("No certificates are currently listed.")?></td>
   </tr>
 <? } else {
        while($row = mysql_fetch_assoc($res))
            <input type="submit" name="revoke" value="<?=_("Revoke/Delete")?>"></td>
   </tr>
 <? } ?>
+  <tr>
+    <td class="DataTD" colspan="6"><?=_("From here you can delete pending requests, or revoke valid certificates.")?></td>
+  </tr>
 </table>
 <input type="hidden" name="oldid" value="<?=$id?>">
 <input type="hidden" name="csrf" value="<?=make_csrf('srvcerchange')?>" />
 </form>
-<p><?=_("From here you can delete pending requests, or revoke valid certificates.")?></p>
index 2ba5390..8ac8b65 100644 (file)
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ ?>
-<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
-<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work.")?>
-</object>
-<form method="post" action="account.php" name="CertReqForm"><p>
-<input type="hidden" name="session" value="UsedXenroll">
-<?=_("Key Strength:")?> <select name="CspProvider"></select>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<INPUT TYPE=HIDDEN NAME="CSR">
-<input type="hidden" name="keytype" value="MS">
-<?=_("'Enhanced Provider' is generally the best option, which has a key size of 1024bit. If you need a bigger key size you will need to use a different browser.")?>
-<input type="submit" name="GenReq" value="Create Certificate"><br>
-</p></form>
-<script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
-  Dim CspList, cspIndex, ProviderName
-  On Error Resume Next
+*/
 
-  count = 0
-  base = 0
-  enhanced = 0
-  CspList = ""
-  ProviderName = ""
-
-  For ProvType = 0 to 13
-    cspIndex = 0
-    cec.ProviderType = ProvType
-    ProviderName = cec.enumProviders(cspIndex,0)
-
-    while ProviderName <> ""
-     Set oOption = document.createElement("OPTION")
-     oOption.text = ProviderName
-     oOption.value = ProvType
-     Document.CertReqForm.CspProvider.add(oOption)
-     if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
-       base = count
-     end if
-     if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-       enhanced = count
-     end if
-     cspIndex = cspIndex +1
-     ProviderName = ""
-     ProviderName = cec.enumProviders(cspIndex,0)
-     count = count + 1
-   wend
-  Next
-  Document.CertReqForm.CspProvider.selectedIndex = base
-  if enhanced then
-    Document.CertReqForm.CspProvider.selectedIndex = enhanced
-  end if
-End Function
-
-Function CSR(keyflags)
-  CSR = ""
-  szName  = ""
-  cec.HashAlgorithm = "MD5"
-  err.clear
-  On Error Resume Next
-  set options = document.all.CspProvider.options
-  index = options.selectedIndex
-  cec.providerName = options(index).text
-  tmpProviderType = options(index).value
-  cec.providerType = tmpProviderType
-  cec.KeySpec = 2
-  if tmpProviderType < 2 Then
-    cec.KeySpec = 1
-  end if
-  cec.GenKeyFlags = &h04000001 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = &h04000000 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-    if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
-      cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
-    else
-      Exit Function
-    end if
-  end if
-  cec.GenKeyFlags = 1 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = 0
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-End Function
-
-Sub GenReq_OnClick
-  Dim TheForm
-  Set TheForm = Document.CertReqForm
-  err.clear
-  result = CSR(2)
-  if len(result)=0 Then
-    result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
-    Exit Sub
-  end if
-  TheForm.CSR.Value = result
-  TheForm.Submit
-  Exit Sub
-End Sub
-
-GetProviderList()
--->
-</script>
-<? } else { ?>
-<p>
-<form method="post" action="account.php">
-<input type="hidden" name="keytype" value="NS">
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-
-
-<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-</p>
-<? } ?>
+require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
index a4d6597..8ac8b65 100644 (file)
     You should have received a copy of the GNU General Public License
     along with this program; if not, write to the Free Software
     Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
-*/ ?>
-<? if(array_key_exists('HTTP_USER_AGENT',$_SERVER) && strstr($_SERVER['HTTP_USER_AGENT'], "MSIE")) { ?>
-<object classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" codebase="/xenroll.cab#Version=5,131,3659,0" id="cec">
-<?=_("You must enable ActiveX for this to work. On Vista you have to add this website to the list of trusted sites in the internet-settings.")?><?=_("Go to Extras->Internet Options->Security->Trusted Websites, click on Custom Level, check ActiveX control elements that are not marked as safe initialized on start in scripts")?>
-</object>
-<form method="post" action="account.php" name="CertReqForm"><p>
-<input type="hidden" name="session" value="UsedXenroll">
-<?=_("Key Strength:")?> <select name="CspProvider"></select>
-<input type="hidden" name="oldid" value="<?=$id?>">
-<INPUT TYPE=HIDDEN NAME="CSR">
-<input type="hidden" name="keytype" value="MS">
-<input type="submit" name="GenReq" value="Create Certificate"><br>
-</p></form>
-<script type="text/vbscript" language="vbscript">
-<!--
-Function GetProviderList()
-  Dim CspList, cspIndex, ProviderName
-  On Error Resume Next
+*/
 
-  count = 0
-  base = 0
-  enhanced = 0
-  CspList = ""
-  ProviderName = ""
-
-  // Vista:
-  Set csps = CreateObject("X509Enrollment.CCspInformations")
-  If IsObject(csps) Then
-    csps.AddAvailableCsps()
-    Document.CertReqForm.keytype.value="VI"
-    For j = 0 to csps.Count-1
-      Set oOption = document.createElement("OPTION")
-      oOption.text = csps.ItemByIndex(j).Name
-      oOption.value = j
-      Document.CertReqForm.CspProvider.add(oOption)
-    Next
-
-  Else
-
-  // 2000,XP:
-
-   For ProvType = 0 to 13
-    cspIndex = 0
-    cec.ProviderType = ProvType
-    ProviderName = cec.enumProviders(cspIndex,0)
-
-    while ProviderName <> ""
-     Set oOption = document.createElement("OPTION")
-     oOption.text = ProviderName
-     oOption.value = ProvType
-     Document.CertReqForm.CspProvider.add(oOption)
-     if ProviderName = "Microsoft Base Cryptographic Provider v1.0" Then
-       base = count
-     end if
-     if ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-       enhanced = count
-     end if
-     cspIndex = cspIndex +1
-     ProviderName = ""
-     ProviderName = cec.enumProviders(cspIndex,0)
-     count = count + 1
-    wend
-   Next
-   Document.CertReqForm.CspProvider.selectedIndex = base
-   if enhanced then
-    Document.CertReqForm.CspProvider.selectedIndex = enhanced
-   end if
-  End If
-End Function
-
-Function CSR(keyflags)
-  CSR = ""
-  szName  = ""
-
-
-  // Vista
-  if Document.CertReqForm.keytype.value="VI" Then
-
-    Dim g_objClassFactory
-    Dim obj
-    Dim objPrivateKey
-    Dim g_objRequest
-    Dim g_objRequestCMC
-  
-    Set g_objClassFactory=CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
-    Set obj=g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
-    Set objPrivateKey=g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
-    Set objRequest=g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
-    //Msgbox     exit function
-    objPrivateKey.ProviderName = Document.CertReqForm.CspProvider(Document.CertReqForm.CspProvider.selectedIndex).text
-    // "Microsoft Enhanced RSA and AES Cryptographic Provider"
-    objPrivateKey.ProviderType = "24"
-    objPrivateKey.KeySpec = "1"
-    objPrivateKey.ExportPolicy = 1
-    objRequest.InitializeFromPrivateKey 1, objPrivateKey, ""
-    Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
-    objDN.Encode("CN=CAcertRequest")
-    objRequest.Subject = objDN
-
-    //  obj.Initialize(1)
-    obj.InitializeFromRequest(objRequest)
-    obj.CertificateDescription="Description"
-    obj.CertificateFriendlyName="FriendlyName"
-    CSR=obj.CreateRequest(1)
-    If len(CSR)<>0 Then Exit Function
-    Msgbox "<?=_("Error while generating the certificate-request. Please make sure that you have added this website to the list of trusted sites in the Internet-Options menu!")?>"
-
-  else
-  // XP
-
-  cec.HashAlgorithm = "MD5"
-  err.clear
-  On Error Resume Next
-  set options = document.all.CspProvider.options
-  index = options.selectedIndex
-  cec.providerName = options(index).text
-  tmpProviderType = options(index).value
-  cec.providerType = tmpProviderType
-  cec.KeySpec = 2
-  if tmpProviderType < 2 Then
-    cec.KeySpec = 1
-  end if
-  cec.GenKeyFlags = &h04000001 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = &h04000000 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  if cec.providerName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
-    if MsgBox("<?=_("The 1024-bit key generation failed. Would you like to try 512 instead?")?>", vbOkCancel)=vbOk Then
-      cec.providerName = "Microsoft Base Cryptographic Provider v1.0"
-    else
-      Exit Function
-    end if
-  end if
-  cec.GenKeyFlags = 1 OR keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = keyflags
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  if len(CSR)<>0 then Exit Function
-  cec.GenKeyFlags = 0
-  CSR = cec.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
-  End if
-End Function
-
-Sub GenReq_OnClick
-  Dim TheForm
-  Set TheForm = Document.CertReqForm
-  err.clear
-  result = CSR(2)
-  if len(result)=0 Then
-    result = MsgBox("Unable to generate PKCS#10.", 0, "Alert")
-    Exit Sub
-  end if
-  TheForm.CSR.Value = result
-  TheForm.Submit
-  Exit Sub
-End Sub
-
-GetProviderList()
--->
-</script>
-<? } else { ?>
-<p>
-<form method="post" action="account.php">
-<input type="hidden" name="keytype" value="NS">
-<?=_("Keysize:")?> <keygen name="SPKAC" challenge="<? $_SESSION['spkac_hash']=make_hash(); echo $_SESSION['spkac_hash']; ?>">
-
-<input type="submit" name="submit" value="<?=_("Create Certificate Request")?>">
-<input type="hidden" name="oldid" value="<?=$id?>">
-</form>
-</p>
-<? } ?>
+require_once($_SESSION['_config']['filepath'].'/includes/keygen.php');
index ffbfe26..9eb90af 100644 (file)
@@ -29,7 +29,7 @@
 <? } else { ?>
 <style>
 .box2 {width:100%;text-align:center;}
-.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:250px;width:300px;padding:1em;}
+.box {background:#F5F7F7;border:2px solid #cccccc;margin:0px auto;height:auto;width:300px;padding:1em;}
 .smalltext {font-size:10px;}
 label {width:100px;display:block;float:left;}
 text {width:166px;display:block;float:left;}
@@ -45,15 +45,15 @@ h1 {font-size:1.9em;text-align:center;}
 <label for="email"><?=_("Email Address")?>:</label><input type='text' name="email" value="<?=sanitizeHTML(array_key_exists("email",$_REQUEST)?$_REQUEST['email']:"")?>" <? if(array_key_exists('notauto',$_REQUEST) && $_REQUEST['noauto'] == 1) echo " autocomplete='off'"; ?>/><br />
 <label for="pword"><?=_("Pass Phrase")?>:</label><input type='password' name='pword' autocomplete="off"/><br />
 <input type='submit' name="process" value="<?=_("Login")?>" /><br /><br />
-<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> - 
-<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> - 
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4'><?=_("Password Login")?></a> -
+<a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=5'><?=_("Lost Password")?></a> -
 <a href='https://<?=$_SESSION['_config']['normalhostname']?>/index.php?id=4&amp;noauto=1'><?=_("Net Cafe Login")?></a><br />
 <p class='smalltext'><?=sprintf(_("If you are having trouble with your username or password, please visit our %swiki page%s for more information"), "<a href='http://wiki.cacert.org/wiki/FAQ/LostPasswordOrAccount' target='_new'>", "</a>");?></p>
 <input type="hidden" name="oldid" value="<?=$id?>">
 </form>
 </div>
 </div>
-<? } 
+<? }
 if(array_key_exists("oldlocation",$_SESSION['_config']) && $_SESSION['_config']['oldlocation']!="")
 {
   echo "<br/><center>"._("If you want to use certificate login instead of username+password, please")." <a href='https://secure.cacert.org/".sanitizeHTML($_SESSION['_config']['oldlocation'])."'>"._("click here")."</a></center>";
diff --git a/www/keygenIE.js b/www/keygenIE.js
new file mode 100644 (file)
index 0000000..be2d184
--- /dev/null
@@ -0,0 +1,609 @@
+/*
+LibreSSL - CAcert web application
+Copyright (C) 2004-2012  CAcert Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; version 2 of the License.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with this program; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+*/
+
+var CAcert_keygen_IE = function () {
+
+       /// Makes a new DOM text node
+       var textnode = function (text) {
+               return document.createTextNode(text);
+       }
+
+       /// makes a new <p> element
+       var paragraph = function (text) {
+               var paragraph = document.createElement("p");
+               paragraph.appendChild(textnode(text));
+               return paragraph;
+       }
+
+       /// makes a new <pre> elemtent
+       var pre = function (text) {
+               var pre = document.createElement("pre");
+               pre.appendChild(textnode(text));
+               return pre;
+       }
+
+       /// makes a new <option> element
+       var option = function (text, value) {
+               var option = document.createElement("option");
+               if (value !== undefined) {
+                       option.setAttribute("value", value);
+               }
+               option.appendChild(textnode(text));
+               return option;
+       }
+
+       /// Removes all child nodes from the element
+       var removeChildren = function (element) {
+               element.innerHTML = "";
+       }
+
+       /// Show error message to user from exception
+       var showError = function (message, exception) {
+               window.alert(
+                       message +
+                       "\n\nError: " + exception.message +
+                       " (0x" + (0xFFFFFFFF + exception.number + 1).toString(16) +
+                       " / " + exception.number + ")"
+                       );
+       }
+
+       // Get important elements from the DOM
+       var form = document.getElementById("CertReqForm");
+       var securityLevel = document.getElementById("SecurityLevel");
+       var customSettings = document.getElementById("customSettings");
+       var provider = document.getElementById("CspProvider");
+       var algorithm = document.getElementById("algorithm");
+       var algorithmParagraph = document.getElementById("algorithmParagraph");
+       var keySize = document.getElementById("keySize");
+       var keySizeMin = document.getElementById("keySizeMin");
+       var keySizeMax = document.getElementById("keySizeMax");
+       var keySizeStep = document.getElementById("keySizeStep");
+       var genReq = document.getElementById("GenReq");
+       var csr = document.getElementById("CSR");
+       var noActiveX = document.getElementById("noActiveX");
+       var generatingKeyNotice = document.getElementById("generatingKeyNotice");
+       var createRequestErrorChooseAlgorithm = document.getElementById("createRequestErrorChooseAlgorithm");
+       var createRequestErrorConfirmDialogue = document.getElementById("createRequestErrorConfirmDialogue");
+       var createRequestErrorConnectDevice = document.getElementById("createRequestErrorConnectDevice");
+       var createRequestError = document.getElementById("createRequestError");
+       var invalidKeySizeError = document.getElementById("invalidKeySizeError");
+       var unsupportedPlatformError = document.getElementById("unsupportedPlatformError");
+
+       /// Initialise the CertEnroll code (Vista and higher)
+       /// returns false if initialisation fails
+       var initCertEnroll = function () {
+               var factory = null;
+               var providerList = null;
+               var cspStats = null;
+
+               // Try to initialise the ActiveX element. Requires permissions by the user
+               try {
+                       factory = new ActiveXObject("X509Enrollment.CX509EnrollmentWebClassFactory");
+                       if (!factory) {
+                               throw {
+                                       name: "NoObjectError",
+                                       message: "Got null at object creation"
+                                       };
+                       }
+
+                       // also try to create a useless object here so the library gets
+                       // initialised and we don't need to check everytime later
+                       factory.CreateObject("X509Enrollment.CObjectId");
+
+                       form.style.display = "";
+                       noActiveX.style.display = "none";
+               } catch (e) {
+                       return false;
+               }
+
+               /// Get the selected provider
+               var getProvider = function () {
+                       var providerIndex = provider.options[provider.selectedIndex].value;
+                       return providerList.ItemByIndex(providerIndex);
+               }
+
+               /// Get the selected algorithm
+               var getAlgorithm = function () {
+                       var algorithmIndex = algorithm.options[algorithm.selectedIndex].value;
+                       return alg = cspStats.ItemByIndex(algorithmIndex).CspAlgorithm;
+               }
+
+               /// Get the selected key size
+               var getKeySize = function () {
+                       var alg = getAlgorithm();
+
+                       var bits = parseInt(keySize.value, 10);
+                       if (
+                               (bits < alg.MinLength) ||
+                               (bits > alg.MaxLength) ||
+                               (
+                                       alg.IncrementLength &&
+                                       ((bits - alg.MinLength) % alg.IncrementLength !== 0)
+                               )
+                       ) {
+                               return false;
+                       }
+
+                       return bits;
+               }
+
+               /// Fill the key size list
+               var getKeySizeList = function () {
+                       if (!cspStats) {
+                               return false;
+                       }
+
+                       var alg = getAlgorithm();
+
+                       // HTML5 attributes
+                       keySize.setAttribute("min", alg.MinLength);
+                       keySize.setAttribute("max", alg.MaxLength);
+                       keySize.setAttribute("step", alg.IncrementLength);
+                       keySize.setAttribute("value", alg.DefaultLength);
+                       keySize.value = ""+alg.DefaultLength;
+
+                       // ugly, but buggy otherwise if done with text nodes
+                       keySizeMin.innerHTML = alg.MinLength;
+                       keySizeMax.innerHTML = alg.MaxLength;
+                       keySizeStep.innerHTML = alg.IncrementLength;
+
+                       return true;
+               }
+
+               /// Fill the algorithm list
+               var getAlgorithmList = function () {
+                       var i;
+                       
+                       if (!providerList) {
+                               return false;
+                       }
+
+                       var csp = getProvider();
+
+                       cspStats = providerList.GetCspStatusesFromOperations(
+                               0x1c, //XCN_NCRYPT_ANY_ASYMMETRIC_OPERATION
+                               //0x10, //XCN_NCRYPT_SIGNATURE_OPERATION
+                               //0x8, //XCN_NCRYPT_SECRET_AGREEMENT_OPERATION
+                               //0x4, //XCN_NCRYPT_ASYMMETRIC_ENCRYPTION_OPERATION
+                               csp
+                               );
+
+                       removeChildren(algorithm);
+                       for (i = 0; i < cspStats.Count; i++) {
+                               var alg = cspStats.ItemByIndex(i).CspAlgorithm;
+                               algorithm.appendChild(option(alg.Name, i));
+                       }
+
+                       return getKeySizeList();
+               }
+
+               /// Fill the crypto provider list
+               var getProviderList = function () {
+                       var i;
+                       
+                       var csps = factory.CreateObject("X509Enrollment.CCspInformations");
+
+                       // Get provider information
+                       csps.AddAvailableCsps();
+
+                       removeChildren(provider);
+
+                       for (i = 0; i < csps.Count; i++) {
+                               var csp = csps.ItemByIndex(i);
+                               provider.appendChild(option(csp.Name, i));
+                       }
+
+                       providerList = csps;
+
+                       return getAlgorithmList();
+               }
+
+               /// Generate a key and create and submit the actual CSR
+               var createCSR = function () {
+                       var providerName, algorithmOid, bits;
+
+                       var level = securityLevel.options[securityLevel.selectedIndex];
+                       if (level.value === "custom") {
+                               providerName = getProvider().Name;
+                               var alg = getAlgorithm();
+                               algorithmOid = alg.GetAlgorithmOid(0, 0)
+                               bits = getKeySize();
+                               if (!bits) {
+                                       window.alert(invalidKeySizeError.innerHTML);
+                                       return false;
+                               }
+                       } else {
+                               providerName = "Microsoft Software Key Storage Provider";
+
+                               algorithmOid = factory.CreateObject("X509Enrollment.CObjectId");
+                               algorithmOid.InitializeFromValue("1.2.840.113549.1.1.1"); // RSA
+                               // "1.2.840.10040.4.1" == DSA
+                               // "1.2.840.10046.2.1" == DH
+
+                               if (level.value === "high") {
+                                       bits = 4096;
+                               } else { // medium
+                                       bits = 2048;
+                               }
+                       }
+
+                       var privateKey = factory.CreateObject("X509Enrollment.CX509PrivateKey");
+                       privateKey.ProviderName = providerName;
+                       privateKey.Algorithm = algorithmOid;
+                       privateKey.Length = bits;
+                       privateKey.KeyUsage = 0xffffff; // XCN_NCRYPT_ALLOW_ALL_USAGES
+
+                       var request = factory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
+                       request.InitializeFromPrivateKey(
+                               1, // ContextUser
+                               privateKey,
+                               "" // don't use a template
+                               );
+
+                       var enroll = factory.CreateObject("X509Enrollment.CX509Enrollment");
+                       enroll.InitializeFromRequest(request);
+
+                       generatingKeyNotice.style.display = "";
+
+                       // The request needs to be created after we return so the "please wait"
+                       // message gets rendered
+                       var createCSRHandler = function () {
+                               try {
+                                       csr.value = enroll.CreateRequest(0x1); //XCN_CRYPT_STRING_BASE64
+                                       form.submit();
+                               } catch (e) {
+                                       showError(createRequestErrorChooseAlgorithm.innerHTML, e);
+                               }
+
+                               generatingKeyNotice.style.display = "none";
+                       }
+
+                       window.setTimeout(createCSRHandler, 0);
+
+                       // Always return false, form is submitted by deferred method
+                       return false;
+               }
+
+               /// Call if securityLevel has changed
+               var refreshSecurityLevel = function () {
+                       var level = securityLevel.options[securityLevel.selectedIndex];
+                       if (level.value === "custom") {
+                               getProviderList();
+                               customSettings.style.display = "";
+                       } else {
+                               customSettings.style.display = "none";
+                       }
+               }
+
+               securityLevel.onchange = refreshSecurityLevel;
+               provider.onchange = getAlgorithmList;
+               algorithm.onchange = getKeySizeList;
+               genReq.onclick = createCSR;
+
+               return true;
+       } // end of initCertEnroll()
+
+       /// Initialise Xenroll code (XP and lower)
+       /// returns false if initialisation fails
+       var initXEnroll = function () {
+               cenroll = null;
+
+               providerTypes = Array(
+                                1, //PROV_RSA_FULL
+                                2, //PROV_RSA_SIG
+                                3, //PROV_DSS
+                                4, //PROV_FORTEZZA
+                                5, //PROV_MS_EXCHANGE
+                                6, //PROV_SSL
+                               12, //PROV_RSA_SCHANNEL
+                               13, //PROV_DSS_DH
+                               14, //PROV_EC_ECDSA_SIG
+                               15, //PROV_EC_ECNRA_SIG
+                               16, //PROV_EC_ECDSA_FULL
+                               17, //PROV_EC_ECNRA_FULL
+                               18, //PROV_DH_SCHANNEL
+                               20, //PROV_SPYRUS_LYNKS
+                               21, //PROV_RNG
+                               22, //PROV_INTEL_SEC
+                               23, //PROV_REPLACE_OWF
+                               24  //PROV_RSA_AES
+                       );
+
+               algClasses = Array(
+                       1 << 13, //ALG_CLASS_SIGNATURE
+                       //2 << 13, //ALG_CLASS_MSG_ENCRYPT
+                       //3 << 13, //ALG_CLASS_DATA_ENCRYPT
+                       //4 << 13, //ALG_CLASS_HASH
+                       5 << 13  //ALG_CLASS_KEY_EXCHANGE
+                       );
+
+               // Try to initialise the ActiveX element.
+               try {
+                       cenroll = new ActiveXObject("CEnroll.CEnroll");
+
+                       if (!cenroll) {
+                               throw {
+                                       name: "NoObjectError",
+                                       message: "Got null at object creation"
+                               };
+                       }
+
+                       form.style.display = "";
+                       algorithm.disabled = true;
+                       noActiveX.style.display = "none";
+               } catch (e) {
+                       return false;
+               }
+
+               /// Get the name of the selected provider
+               var getProviderName = function () {
+                       return provider.options[provider.selectedIndex].text;
+               }
+
+               /// Get the type of the selected provider
+               var getProviderType = function () {
+                       return parseInt(provider.options[provider.selectedIndex].value, 10);
+               }
+
+               var refreshProvider = function () {
+                       cenroll.ProviderName = getProviderName();
+                       cenroll.ProviderType = getProviderType();
+               }
+
+               /// Get the ID of the selected algorithm
+               var getAlgorithmId = function () {
+                       return parseInt(algorithm.options[algorithm.selectedIndex].value, 10);
+               }
+
+               /// Minimum bit length for exchange keys
+               var getMinExKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLen(true, true);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Maximum bit length for exchange keys
+               var getMaxExKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLen(false, true);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Step size for exchange keys
+               /// This might not be available on older platforms
+               var getStepExKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLenEx(3, 1);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Minimum bit length for signature keys
+               var getMinSigKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLen(true, false);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Maximum bit length for signature keys
+               var getMaxSigKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLen(false, false);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Step size for signature keys
+               /// This might not be available on older platforms
+               var getStepSigKeyLength = function () {
+                       refreshProvider();
+
+                       try {
+                               return cenroll.GetKeyLenEx(3, 2);
+                       } catch (e) {
+                               return false;
+                       }
+               }
+
+               /// Get the selected key size
+               var getKeySize = function () {
+                       var bits = parseInt(keySize.value, 10);
+                       if (
+                               (bits < getMinSigKeyLength()) ||
+                               (bits > getMaxSigKeyLength()) ||
+                               (
+                                       getStepSigKeyLength() &&
+                                       ((bits - getMinSigKeyLength()) % getStepSigKeyLength() !== 0)
+                               )
+                       ) {
+                               return false;
+                       }
+
+                       return bits;
+               }
+
+               var getKeySizeLimits = function () {
+                       // HTML5 attributes
+                       keySize.setAttribute("min", getMinSigKeyLength());
+                       keySize.setAttribute("max", getMaxSigKeyLength());
+                       if (getStepSigKeyLength()) {
+                               keySize.setAttribute("step", getStepSigKeyLength());
+                       }
+
+                       // ugly, but buggy otherwise if done with text nodes
+                       keySizeMin.innerHTML = getMinSigKeyLength();
+                       keySizeMax.innerHTML = getMaxSigKeyLength();
+                       keySizeStep.innerHTML = getStepSigKeyLength();
+
+                       if (getMinSigKeyLength() === getMaxSigKeyLength()) {
+                               keySize.value = getMaxSigKeyLength();
+                       }
+
+                       return true;
+               }
+
+               /// Fill the algorithm selection box
+               var getAlgorithmList = function () {
+                       var i, j;
+                       
+                       refreshProvider();
+
+                       removeChildren(algorithm);
+
+                       for (i = 0; i < algClasses.length; ++i) {
+                               for (j = 0; true; ++j) {
+                                       try {
+                                               var algId = cenroll.EnumAlgs(j, algClasses[i]);
+                                               var algName = cenroll.GetAlgName(algId);
+                                               algorithm.appendChild(option(algName, algId));
+                                       } catch (e) {
+                                               break;
+                                       }
+                               }
+                       }
+
+                       getKeySizeLimits();
+               }
+
+               /// Fill the provider selection box
+               var getProviderList = function () {
+                       var i, j;
+                       
+                       removeChildren(provider);
+
+                       for (i = 0; i < providerTypes.length; ++i) {
+                               cenroll.providerType = providerTypes[i];
+
+                               var providerName = "invalid";
+                               for (j = 0; true; ++j) {
+                                       try {
+                                               providerName = cenroll.enumProviders(j, 0);
+                                               provider.appendChild(option(providerName, providerTypes[i]));
+                                       } catch (e) {
+                                               break;
+                                       }
+                               }
+                       }
+
+                       return getAlgorithmList();
+               }
+
+               var createCSR = function () {
+                       var providerName, bits;
+
+                       var level = securityLevel.options[securityLevel.selectedIndex];
+                       if (level.value === "custom") {
+                               refreshProvider();
+
+                               bits = getKeySize();
+                               if (bits === false) {
+                                       window.alert(invalidKeySizeError.innerHTML);
+                                       return false;
+                               }
+                       } else {
+                               cenroll.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0";
+                               cenroll.ProviderType = 1; //PROV_RSA_FULL
+
+                               if (level.value === "high") {
+                                       bits = 4096;
+                               } else { // medium
+                                       bits = 2048;
+                               }
+                       }
+
+                       cenroll.GenKeyFlags = bits << 16; // keysize is encoded in the uper 16 bits
+                       //cenroll.GenKeyFlags = cenroll.GenKeyFlags | 0x1; //CRYPT_EXPORTABLE
+
+                       generatingKeyNotice.style.display = "";
+
+                       // The request needs to be created after we return so the "please wait"
+                       // message gets rendered
+                       var createCSRHandler = function () {
+                               try {
+                                       csr.value = cenroll.createPKCS10("", "1.3.6.1.5.5.7.3.2");
+                                       form.submit();
+                               } catch (e) {
+                                       if (e.number === -2147023673) {
+                                               // 0x800704c7 => dialogue declined
+                                               showError(createRequestErrorConfirmDialogue.innerHTML, e);
+                                       } else if (e.number === -2146435043) {
+                                               // 0x8010001d => crypto-device not connected
+                                               showError(createRequestErrorConnectDevice.innerHTML, e);
+                                       } else {
+                                               showError(createRequestError.innerHTML, e);
+                                       }
+                               }
+
+                               generatingKeyNotice.style.display = "none";
+                               cenroll.Reset();
+                       }
+
+                       window.setTimeout(createCSRHandler, 0);
+
+                       // Always return false, form is submitted by deferred method
+                       return false;
+               }
+
+               /// Call if securityLevel has changed
+               var refreshSecurityLevel = function () {
+                       var level = securityLevel.options[securityLevel.selectedIndex];
+                       if (level.value === "custom") {
+                               getProviderList();
+                               customSettings.style.display = "";
+                       } else {
+                               customSettings.style.display = "none";
+                       }
+               }
+
+               securityLevel.onchange = refreshSecurityLevel;
+               provider.onchange = getAlgorithmList;
+               algorithm.onchange = getKeySizeLimits;
+               genReq.onclick = createCSR;
+
+               return true;
+       };
+
+       // Run the init functions until one is successful
+       if (initCertEnroll()) {
+               form.style.display = "";
+               noActiveX.style.display = "none";
+       } else if (initXEnroll()) {
+               form.style.display = "";
+               noActiveX.style.display = "none";
+       } else {
+               window.alert(unsupportedPlatformError.innerHTML);
+       }
+} ();