Quick PC 61

home *** CD-ROM | disk | FTP | other *** search

/ Quick PC 61 / Quick PC 61.iso / I386 / CERTRQMA.AS_ / certrqma.asp

Wrap

Text File | 2003-02-21 | 75.7 KB | 1,986 lines

∩╗┐<%@ CODEPAGE=65001 'UTF-8%> <%' certrqma.asp - (CERT)srv web - (R)e(Q)uest, (M)ore (A)dvanced ' Copyright (C) Microsoft Corporation, 1998 - 1999 %>   <% On Error Resume Next ' Exporting keys to a pvk file is only used by old code signing tools. ' (This is different from exporting both cert and keys in a pfx file.) ' Set this flag to true if you really need this functionality bEnableExportKeyToFile = True Dim bFailed, nError bFailed=False nError = 0 If "Enterprise"=sServerType And "IE"=sBrowser Then ' get CA exchange cert and save into this page Const CR_OUT_BASE64 =&H00000001 Const CR_PROP_CAEXCHGCERT=15 Const PROPTYPE_BINARY=3 Set ICertRequest2=Server.CreateObject("CertificateAuthority.Request") Public sCAExchangeCert Dim sCertificate sCertificate=ICertRequest2.GetCAProperty(sServerConfig, CR_PROP_CAEXCHGCERT, 0, PROPTYPE_BINARY, CR_OUT_BASE64) sCAExchangeCert=FormatBigString(sCertificate, " sCAExchange=sCAExchange & ") '&H800B0113, CERT_E_INVALID_POLICY, treat it as OK If Err.Number<>0 And Err.Number <> &H800B0113 Then ' CA may be down. bFailed=True nError=Err.Number End If End If '----------------------------------------------------------------- ' Format the big string as a concatenated VB string, breaking at the embedded newlines Function FormatBigString(sSource, sLinePrefix) Dim sResult, bCharsLeft, nStartChar, nStopChar, chQuote sResult="" chQuote=chr(34) bCharsLeft=True nStopChar=1 While (bCharsLeft) nStartChar=nStopChar nStopChar=InStr(nStopChar, sSource, vbNewLine) If (nStopChar>0) Then sResult=sResult & sLinePrefix & chQuote & Mid(sSource, nStartChar, nStopChar-nStartChar) & chQuote & " & vbNewLine" If (nStopChar>=Len(sSource)-Len(vbNewLine)) Then bCharsLeft=False End If Else bCharsLeft=False End if sResult=sResult & vbNewLine nStopChar=nStopChar+Len(vbNewLine) Wend FormatBigString=sResult End Function %> <HTML> <Head> <Meta HTTP-Equiv="Content-Type" Content="text/html; charset=UTF-8"> <Title>Microsoft Certificate Services</Title> </Head> <%If True=bFailed Then %> <Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF><Font ID=locPageFont Face="Arial"> <%Else%> <Body BgColor=#FFFFFF Link=#0000FF VLink=#0000FF ALink=#0000FF OnLoad="postLoad();"><Font ID=locPageFont Face="Arial"> <%End If%> <Table Border=0 CellSpacing=0 CellPadding=4 Width=100% BgColor=#008080> <TR> <TD><Font Color=#FFFFFF><LocID ID=locMSCertSrv><Font Face="Arial" Size=-1><B><I>Microsoft</I></B> Certificate Services -- <%=sServerDisplayName%> </Font></LocID></Font></TD> <TD ID=locHomeAlign Align=Right><A Href="/certsrv"><Font Color=#FFFFFF><LocID ID=locHomeLink><Font Face="Arial" Size=-1><B>Home</B></Font></LocID></Font></A></TD> </TR> </Table> <%If True=bFailed Then %> <P ID=locPageTitle1><Font Color=#FF0000><B>Error</B></Font> <Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table> <P ID=locErrorMsg> An unexpected error has occurred:<BR><BR> <%If nError=&H800706BA Or nError=&H80070005 Then%> <LocID ID=locSvcNotStarted>The Certification Authority Service has not been started.</LocID> <%ElseIf nError=&H800b0101 Then%> <LocID ID=locSvcNotValidDate>A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.</LocID> <%Else%> <%=ICertRequest.GetErrorMessageText(nError, CR_GEMT_HRESULT_STRING)%> <%End If%> <%Else 'True<>bFailed%> <Form Name=UIForm OnSubmit="goNext();return false;" Action="certlynx.asp" Method=Post> <Input Type=Hidden Name=SourcePage Value="certrqma"> <P ID=locPageTitle> <B> Advanced Certificate Request </B> <Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=></TD></TR></Table> <Span ID=spnFixTxt Style="display:none"> <Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"><TR><TD ID=locBadCharError> <I>Please correct the fields marked in <B>RED</B>.</I> The e-mail address may contain the characters A-Z, a-z, 0-9, and some common symbols, but no extended characters. The country/region field must be a two letter ISO 3166 country/region code. </TD></TR></Table> </Span> <Span ID=spnErrorTxt Style="display:none"> <Table Border=0 CellSpacing=0 CellPadding=4 Style="Color:#FF0000"> <TR><TD ID=locErrMsgBasic> <B>An error occurred</B> while creating the certificate request. Please verify that your CSP supports any settings you have made and that your input is valid. </TD></TR><TR><TD> <LocID ID=locErrorCause><B>Suggested cause:</B></LocID><BR> <Span ID=spnErrorMsg></Span> </TD></TR><TR> <TD ID=locErrorNumber><Font Size=-2>Error: <Span ID=spnErrorNum></Span></Font></TD> </TR> </Table> </Span> <Table Border=0 CellSpacing=0 CellPadding=0> <TR>  <TD Width=<%=L_LabelColWidth_Number%>></TD>  <TD RowSpan=59 Width=4></TD>  <TD></TD>  </TR> <%If "Enterprise"=sServerType Then%>  <TR> <TD ID=locTemplateHead ColSpan=3><Font Size=-1><BR><Label For=lbCertTemplateID><locID ID=locTemplateHead><B>Certificate Template:</B></locID></Label></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR><TD></TD> <TD><Select Name=lbCertTemplate ID=lbCertTemplateID OnChange="handleTemplateChange();"> <% Dim nWriteTemplateResult nWriteTemplateResult=WriteTemplateList() %> </Select></TD> </TR> <%End If '"Enterprise"=sServerType%> <TR><TD ColSpan=3> <%If "Enterprise"=sServerType Then%>  <Span ID=spnIDInfo Style="display:none"> <%End If '"Enterprise"=sServerType%> <Table Border=0 CellSpacing=0 CellPadding=0> <TR>  <TD Width=<%=L_LabelColWidth_Number%>></TD>  <TD RowSpan=59 Width=4></TD>  <TD></TD>  </TR> <TR> <%If "StandAlone"=sServerType Then%> <TD ID=locIdentHeadStandAlone ColSpan=3><Font Size=-1><BR><B>Identifying Information:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> <%Else%> <TD ID=locIdentHeadEnterprise ColSpan=3><Font Size=-1><BR><B>Identifying Information For Offline Template:</B></Font></TD> </TR> <%End If%> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locNameAlign Align=Right><Span ID=spnNameLabel><LocID ID=locNameLabel><Font Size=-1>Name:</Font></LocID></Span></TD> <TD><Input ID=locTbCommonName Type=Text MaxLength=64 Size=42 Name=tbCommonName></TD> </TR><TR> <TD ID=locEmailAlign Align=Right><Span ID=spnEmailLabel><LocID ID=locEmailLabel><Font Size=-1>E-Mail:</Font></LocID></Span></TD> <TD><Input ID=locTbEmail Type=Text MaxLength=128 Size=42 Name=tbEmail></TD> </TR><TR> <TD Height=8></TD> <TD></TD> </TR><TR> <TD ID=locCompanyAlign Align=Right><Span ID=spnCompanyLabel><LocID ID=locOrgLabel><Font Size=-1>Company:</Font></LocID></Span></TD> <TD><Input ID=locTbOrg Type=Text MaxLength=64 Size=42 Name=tbOrg Value="<%=sDefaultCompany%>"></TD> </TR><TR> <TD ID=locDepartmentAlign Align=Right><Span ID=spnDepartmentLabel><LocID ID=locOrgUnitLabel><Font Size=-1>Department:</Font></LocID></Span></TD> <TD><Input ID=locTbOrgUnit Type=Text MaxLength=64 Size=42 Name=tbOrgUnit Value="<%=sDefaultOrgUnit%>"></TD> </TR><TR> <TD Height=8></TD> <TD></TD> </TR><TR> <TD ID=locCityAlign Align=Right><Span ID=spnCityLabel><LocID ID=locLocalityLabel><Font Size=-1>City:</Font></LocID></Span></TD> <TD><Input ID=locTbLocality Type=Text MaxLength=128 Size=42 Name=tbLocality Value="<%=sDefaultLocality%>"></TD> </TR><TR> <TD ID=locStateAlign Align=Right><Span ID=spnStateLabel><LocID ID=locStateLabel><Font Size=-1>State:</Font></LocID></Span></TD> <TD><Input ID=locTbState Type=Text MaxLength=128 Size=42 Name=tbState Value="<%=sDefaultState%>"></TD> </TR><TR> <TD ID=locCountryAlign Align=Right><Span ID=spnCountryLabel><LocID ID=locCountryLabel><Font Size=-1>Country/Region:</Font></LocID></Span></TD> <TD><Input ID=locTbCountry Type=Text MaxLength=2 Size=2 Name=tbCountry Value="<%=sDefaultCountry%>"></TD> </TR> </Table> <%If "Enterprise"=sServerType Then%> </Span> <%End If '"Enterprise"=sServerType%> </TD></TR> <%If "StandAlone"=sServerType Then%>  <TR> <TD ID=locEKUHead ColSpan=3><Font Size=-1><BR><B>Type of Certificate Needed:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR><TR><TD></TD> <TD><Select Name=lbUsageOID OnChange="handleUsageOID(true);"> <Option ID=locCliAuthCert Selected Value="1.3.6.1.5.5.7.3.2"> Client Authentication Certificate <Option ID=locEmailCert Value="1.3.6.1.5.5.7.3.4"> E-Mail Protection Certificate <Option ID=locSrvAuthCert Value="1.3.6.1.5.5.7.3.1"> Server Authentication Certificate <Option ID=locCodeSgnCert Value="1.3.6.1.5.5.7.3.3"> Code Signing Certificate <Option ID=locTimStmpCert Value="1.3.6.1.5.5.7.3.8"> Time Stamp Signing Certificate <Option ID=locIPSecCert Value="1.3.6.1.5.5.8.2.2"> IPSec Certificate <Option ID=locUserEKUCert Value="**"> Other... </Select></TD> </TR> <TR><TD ID=locEkuAlign Align=Right><Span ID=spnEKUOther1 Style="display:none"><LocID ID=locUserEKULabel><Font Size=-1>OID:</Font></LocID></Span></TD> <TD><Span ID=spnEKUOther2 Style="display:none"><Input ID=locTbEKUOther Type=Text Name=tbEKUOther Value="1.3.6.1.5.5.7.3."></Span></TD> </TR> <%End If%>  <TR> <TD ID=locKeyOptHead ColSpan=3><Font Size=-1><BR><B>Key Options:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=6></TD> </TR> <TR> <TD></TD> <TD><Font Size=-1> <Input Type=Radio ID=rbKG1 Name=rbKeyGen Value="0" OnClick="handleKeyGen();" Checked><Label For=rbKG1 ID=locNewKeyLabel>Create new key set</Label> <LocID ID=locSpc3> <LocID> <Input Type=Radio ID=rbKG2 Name=rbKeyGen Value="1" OnClick="handleKeyGen();"><Label For=rbKG2 ID=locExistKeyLabel>Use existing key set</Label> </Font></TD> </TR> <TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locCSPLabel Align=Right><Font Size=-1><Label For=lbCSPID><locID ID=locCSPLabel>CSP:</locID></Label></Font></TD> <TD><Select Name=lbCSP ID=lbCSPID OnChange="handleCSPChange();"> <Option ID=locLoading>Loading...</Option> </Select></TD> </TR> <TR ID=trBadCSPForKeySpec Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locBadCSPForKeySpec><Font Size=-1><Span ID=spnBadCSPForKeySpecMsg></Span></Font></LocID></TD> </TR> <TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locKeyUsageLabel Align=Right><Font Size=-1>Key Usage:</Font></TD> <TD><Font Size=-1> <Span ID=spnKeyUsageKeyExchange><Input Type=Radio ID=rbKU1 Name=rbKeyUsage Value="0" Checked OnClick="handleKeyUsageChange(false);"><Label For=rbKU1 ID=locKUExch>Exchange</Label><LocID ID=locSpc1> <LocID></Span> <Span ID=spnKeyUsageSignature><Input Type=Radio ID=rbKU2 Name=rbKeyUsage Value="1" OnClick="handleKeyUsageChange(false);"><Label For=rbKU2 ID=locKUSig>Signature</Label><LocID ID=locSpc2> <LocID></Span> <Span ID=spnKeyUsageBoth><Input Type=Radio ID=rbKU3 Name=rbKeyUsage Value="2" OnClick="handleKeyUsageChange(false);"><Label For=rbKU3 ID=locKUBoth>Both</Label></Span></Font></TD> </TR> <TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locKeySizeLabel Align=Right ><Font Size=-1><Label For=locTbKeySize><locID ID=locKeySizeLabel>Key Size:</locID></Label></Font></TD> <TD><Table Border=0 CellPadding=0 CellSpacing=0> <TR> <TD RowSpan=2><Input ID=locTbKeySize Type=Text Name=tbKeySize Value="0" MaxLength=5 Size=4 OnPropertyChange="handleKeySizeChange();"> </TD> <TD ID=locKeySizeMinLabel Align=Right><Font Size=-2>Min:</Font></TD> <TD ID=locKeySizeMin Align=Right><Font Size=-2><Span ID=spnKeySizeMin></Span></Font></TD> <TD ID=locKeySizeCommon RowSpan=2><Font Size=-2> (common key sizes: <Span ID=spnKeySizeCommon></Span>)</Font></TD> </TR><TR> <TD ID=locKeySizeMaxLabel Align=Right><Font Size=-2>Max:</Font></TD> <TD ID=locKeySizeMax Align=Right><Font Size=-2><Span ID=spnKeySizeMax></Span></Font></TD> </TR> </Table></TD> </TR> <TR ID=trKeySizeBad Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locKeySizeBad><Font Size=-1><Span ID=spnKeySizeBadMsg></Span></Font></LocID></TD> </TR> <TR ID=trKeySizeBadSpc Style="display:none"><TD ColSpan=3 Height=4></TD></TR> <TR ID=trKeySizeWarn Style="display:none"> <TD></TD> <TD BgColor=#FFFFE0><LocID ID=locKeySizeWarning><Font Size=-1><I>Warning: Large keys can take many hours to generate!</I></Font></LocID></TD> </TR> <TR ID=trKeyGenWarn Style="display:none"> <TD></TD> <TD><LocID ID=locKeyGenWarning><Font Size=-1><I>A key of this size will be generated </I>only<I> if a key for the <BR> specified usage does not already exist in the specified container.</I></Font></LocID></TD> </TR> <TR ID=trGenContNameSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trGenContName> <TD></TD> <TD><Font Size=-1> <Input Type=Radio ID=rbGCN1 Name=rbGenContName Value="0" OnClick="handleGenContName();" Checked><Label For=rbGCN1 ID=locAutoContNameLabel>Automatic key container name</Label> <LocID ID=locSpc4> <LocID> <Input Type=Radio ID=rbGCN2 Name=rbGenContName Value="1" OnClick="handleGenContName();"><Label For=rbGCN2 ID=locUserContNameLabel>User specified key container name</Label> </Font></TD> </TR> <TR ID=trContNameSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trContName Style="display:none"> <TD ID=locContainerNameLabel Align=Right><Font Size=-1>Container Name:</Font></TD> <TD><Font Size=-1><Input ID=locTbContainerName Type=Text Name=tbContainerName Size=20></Font></TD> </TR> <TR ID=trMarkExportSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trMarkExport><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbMarkKeyExportable ID=cbMarkKeyExportable OnClick="handleMarkExport(false);"><Label For=cbMarkKeyExportable ID=locMarkExportLabel>Mark keys as exportable</Label> <%If bEnableExportKeyToFile Then%> <Span ID=spnMarkKeyExportable Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><Input Type=Checkbox Name=cbExportKeys ID=cbExportKeys OnClick="handleExportKeys();"><Label For=cbExportKeys ID=locExportToFileLabel>Export keys to file</Label> <Span ID=spnExportKeys Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locExpFileNameLabel>Full path name:</LocID> <Input ID=locTbExportKeyFile Type=Text Name=tbExportKeyFile Size=20 Value="*.pvk"> </Span> </Span> <%End If%> </Font></TD> </TR> <TR ID=trStrongKeySpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trStrongKey> <TD></TD> <TD><Font Size=-1><Input Type=Checkbox ID=cbStrongKey Name=cbStrongKey OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbStrongKey ID=locStrongKeyLabel>Enable strong private key protection</Label></Font></TD> </TR> <TR ID=trLMStoreSpc><TD ColSpan=3 Height=4></TD></TR> <TR ID=trLMStore><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbLocalMachineStore ID=cbLocalMachineStore OnClick="handleStrongKeyAndLMStore(false);"><Label For=cbLocalMachineStore ID=locLMStoreLabel>Store certificate in the local computer certificate store</Label><BR> <LocID ID=locAdminWarning><Img Src="certspc.gif" Alt="" Height=1 Width=25><I>Stores the certificate in the local computer store<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>instead of in the user's certificate store. Does not<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>install the root CA's certificate. You must be an<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>administrator to generate or use a key in the local<BR> <Img Src="certspc.gif" Alt="" Height=1 Width=25>machine store.</I></Font></LocID></TD> </TR> <TR> <TD ID=locAddOptHead ColSpan=3><Font Size=-1><BR><B>Additional Options:</B></Font></TD> </TR><TR><TD ColSpan=3 Height=2 BgColor=#008080></TD> </TR><TR><TD ColSpan=3 Height=3></TD> </TR> <TR><TD ColSpan=3 Height=6></TD></TR> <TR> <TD ID=locRequestFormatLabel Align=Right><Font Size=-1>Request Format:</Font></TD> <TD> <Input Type=Radio ID=rbFormatCMC Name=rbRequestFormat Value="0" Checked><Label For=rbFormatCMC ID=locFormatCMCLabel>CMC</Label> <LocID ID=locSpc5> <LocID> <Input Type=Radio ID=rbFormatPKCS10 Name=rbRequestFormat Value="1"><Label For=rbFormatPKCS10 ID=locFormatPKCS10Label>PKCS10</Label> </TD> </TR> <TR><TD ColSpan=3 Height=4></TD></TR> <TR><TD ColSpan=3 Height=4></TD></TR> <TR> <TD ID=locHashAlgLabel Align=Right><Font Size=-1><Label For=lbHashAlgorithmID><locID ID=locHashAlgLabel>Hash Algorithm:</locID></Label></Font></TD> <TD><Select Name=lbHashAlgorithm ID=lbHashAlgorithmID></Select></TD> </TR> <TR><TD></TD><TD ID=locHashAlgWarning><Font Size=-1><I>Only used to sign request.</I></Font></TD></TR> <TR><TD ColSpan=3 Height=8></TD></TR> <TR><TD></TD> <TD><Font Size=-1><Input Type=Checkbox Name=cbSaveRequest ID=cbSaveRequest OnClick="handleSaveReq();"><Label For=cbSaveRequest ID=locSaveReqLabel>Save request to a file</Label> <Span ID=spnSaveRequest Style="display:none"> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locReqFileNameLabel>Full path name:</LocID> <Input ID=locTbSaveReqFile Type=Text Name=tbSaveReqFile Size=20> <BR><Img Src="certspc.gif" Alt="" Height=1 Width=25><LocID ID=locSaveReqWarning><B>This request will be saved and not submitted.</B></LocID> </Span> </Font></TD> </TR> <TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locAttribLabel Align=Right><Font Size=-1><Span ID=spnSubmitAttrLable><Label For=locTaAttrib><locID ID=locAttribLabel>Attributes:</locID></Label></Span></Font></TD> <TD><Span ID=spnSubmitAttrBox><TextArea ID=locTaAttrib Name=taAttrib Wrap=Off Rows=2 Cols=30></TextArea></SPan></TD> </TR> <TR><TD ColSpan=3 Height=6></TD> </TR><TR> <TD ID=locFriendlyNameLabel Align=Right><Font Size=-1><Label For=locTbFriendlyName><locID ID=locFriendlyNameLabel>Friendly Name:</locID></Label></Font></TD> <TD><Font Size=-1><Input ID=locTbFriendlyName Type=Text Name=tbFriendlyName Size=20></Font></TD> </TR> <TR><TD ColSpan=3><Font Size=-1><BR></Font></TD></TR> <TR><TD ColSpan=3 Height=2 BgColor=#008080></TD></TR> <TR><TD ColSpan=3 Height=3></TD></TR> <TR> <TD></TD> <TD ID=locSubmitAlign Align=Right> <Input ID=locBtnSubmit Type=Submit Name=btnSubmit Value="Submit >" Style="width:.75in"> <Input ID=locBtnSave Type=Submit Name=btnSave Value="Save" Style="width:.75in; display:none"> </TD> </TR> <TR><TD ColSpan=3 Height=20></TD></TR> </Table> </P> <Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#008080><Img Src="certspc.gif" Alt="" Height=2 Width=1></TD></TR></Table> <Table Border=0 CellSpacing=0 CellPadding=0 Width=100%><TR><TD BgColor=#FFFFFF><Img Src="certspc.gif" Alt="" Height=5 Width=1></TD></TR></Table> </Form> </Font>   <%bIncludeXEnroll=True%> <%bIncludeGetCspList=True%> <%bIncludeTemplateCode=True%> <%bIncludeCheckClientCode=True%>   <Span Style="display:none"> <Form Name=SubmittedData Action="certfnsh.asp" Method=Post> <Input Type=Hidden Name=Mode>  <Input Type=Hidden Name=CertRequest>  <Input Type=Hidden Name=CertAttrib>  <Input Type=Hidden Name=FriendlyType>  <Input Type=Hidden Name=ThumbPrint>  <Input Type=Hidden Name=TargetStoreFlags>  <Input Type=Hidden Name=SaveCert>  </FORM> </Span> <Script Language="JavaScript"> //================================================================ // PAGE GLOBAL VARIABLES //---------------------------------------------------------------- // Strings to be localized var L_CspLoadErrNoneFound_ErrorMessage="An unexpected error occurred while getting the CSP list:\nNo CSPs could be found!"; var L_CspLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the CSP list.\""; var L_SetKeySize_Message="\"Set key size to \"+nKeySize"; var L_WarningTemplateKeySize_Message="\"You have selected a certificate template that requires a minimum key size of \" + nKeySize + \"bits, which is larger than the selected CSP maximum.\\nPlease select a different CSP.\""; var L_RecommendOneKeySize_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key size is \"+sCloseBelow+\".\""; var L_RecommendTwoKeySizes_Message="\"\"+nKeySize+\" is a bad key size. The closest valid key sizes are \"+sCloseBelow+\" and \"+sCloseAbove+\".\""; var L_StillLoading_ErrorMessage="This page has not finished loading yet. Please wait a few seconds and try again."; var L_KeySizeNotNumber_ErrorMessage="Please enter a number for the key size."; var L_KeySizeBadNumber_ErrorMessage="\"Please enter a valid number for the key size. The key size must be\\nbetween \"+g_nCurKeySizeMin+\" and \"+g_nCurKeySizeMax+\", and be a multiple of \"+g_nCurKeySizeInc+\".\""; var L_CSPNotSupportTemplateKeySpec_Message="\"You may have selected a CSP that does not support the key type defined in the template. Please modify the key type in the template or select either different CSP or certificate template.\""; var L_TemplateKeySizeTooBig_ErrorMessage = "\"The certificate type you selected requires minimum key size of \" + g_nCurTemplateKeySizeMin + \".\\nIt is bigger than the maximum size of \" + g_nCurKeySizeMax + \".\\nPlease change the number or select a different CSP.\""; var L_NoCntnrName_ErrorMessage="Please enter a key container name."; var L_BadOid_ErrorMessage="Please enter a valid OID, or choose a predefined certificate type.\nMultiple OIDs must be separated with a comma."; var L_NoExportFileName_ErrorMessage="Please enter a file name for exporting the keys."; var L_NoSaveReqFileName_ErrorMessage="Please enter a file name for saving the request."; var L_Generating_Message="Generating request..."; var L_UserEKUCert_Text="\"User-EKU (\"+sCertUsage+\") Certificate\""; var L_RequestSaved_Message="Request saved to file."; var L_Waiting_Message="Waiting for server response..."; var L_ErrNameUnknown_ErrorMessage="(unknown)"; var L_SugCauseNone_ErrorMessage="No suggestion."; var L_SugCauseBadCSP_ErrorMessage="The CSP you chose was unable to process the request. Try a different CSP."; var L_SugCauseKeysetFull_ErrorMessage="The security token does not have storage space available for an additional container."; var L_SugCauseBadSetting2_ErrorMessage="The CSP you chose does not support one or more of the settings you have made, such as key size, key spec, hash algorithm, etc. Try using different settings or a different CSP."; var L_SugCauseBadKeyContainer_ErrorMessage="Either the key container you specified does not exist, or the CSP you chose was unable to process the request. Enter the name of an existing key container; choose 'Create new keyset'; or try a different CSP."; var L_SugCauseExistKeyContainer_ErrorMessage="The container you named already exists. When creating a new key, you must use a new container name."; var L_SugCauseBadChar_ErrorMessage="You entered an invalid character. Report a bug, because this should have been caught in validation."; var L_SugCauseBadHash_ErrorMessage="The hash algorithm you selected cannot be used for signing. Please select a different hash algorithm."; var L_SugCauseNoFileName_ErrorMessage="You did not enter a file name."; var L_SugCauseCryptArchivableNotSupp_ErrorMessage="The CSP you chose does not support the creation of keys which can be archived but not exported."; var L_ErrNameNoFileName_ErrorMessage="(no file name)"; var L_SugCauseNotAdmin_ErrorMessage="You must be an administrator to generate a key in the local machine store."; var L_ErrNamePermissionDenied_ErrorMessage="Permission Denied"; var L_SugCausePermissionToWrite_ErrorMessage = "You do not have write permission to save the file to the path"; var L_SugCauseBadFileName_ErrorMessage="The file name you specified is not a valid file name. Try a different file name."; var L_SugCauseBadDrive_ErrorMessage="The drive you specified is not ready. Insert a disk in the drive or try a different file name."; var L_SugCauseNoProfile_ErrorMessage="The profile for the user is a temporary profile."; var L_SugCauseCAExSignerNotFound_ErrorMessage="A certificate chain could not be built to a trusted root authority."; var L_SugCauseCAExNotTrusted_ErrorMessage="A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider."; var L_DownLevelClients_ErrorMessage="This error can be caused by requesting Key Archival for the new private key, which may not be supported on this platform."; var L_SugCauseCancelled_ErrorMessage="The operation was canceled by the user."; var L_SCARD_E_NOMEMORYMSG_ErrorMessage="Not enough memory available to complete this command."; var L_SCARD_F_WAITEDTOOLONG_ErrorMessage="An internal consistency timer has expired."; var L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage="The data buffer to receive returned data is too small for the returned data."; var L_SCARD_E_UNKNOWNREADER_ErrorMessage="The specified reader name is not recognized."; var L_SCARD_E_NOSMARTCARD_ErrorMessage="The operation requires a Smart Card, but no Smart Card is currently in the device."; var L_SCARD_E_UNKNOWNCARD_ErrorMessage="The specified smart card name is not recognized."; var L_SCARD_E_NOTREADY_ErrorMessage="The reader or smart card is not ready to accept commands."; var L_SCARD_F_COMMERROR_ErrorMessage="An internal communications error has been detected."; var L_SCARD_E_NOSERVICE_ErrorMessage="The Smart card resource manager is not running."; var L_SCARD_E_SERVICESTOPPED_ErrorMessage="The Smart card resource manager has shut down."; var L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage="Cannot find a smart card reader."; var L_SCARD_E_COMMDATALOST_ErrorMessage="A communications error with the smart card has been detected. Retry the operation."; var L_SCARD_E_NOKEYCONTAINER_ErrorMessage="The requested key container does not exist on the smart card."; var L_SCARD_W_UNPOWEREDCARD_ErrorMessage="Power has been removed from the smart card, so that further communication is not possible."; var L_SCARD_W_REMOVEDCARD_ErrorMessage="The smart card has been removed, so that further communication is not possible."; var L_SCARD_W_WRONGCHV_ErrorMessage="The card cannot be accessed because the wrong PIN was presented."; var L_SCARD_W_CHVBLOCKED_ErrorMessage="The card cannot be accessed because the maximum number of PIN entry attempts has been reached."; var L_SCARD_W_EOF_ErrorMessage="The end of the smart card file has been reached."; var L_SCARD_W_CANCELLEDBYUSER_ErrorMessage="The action was cancelled by the user."; var L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage="No PIN was presented to the smart card."; <%If "Enterprise"=sServerType Then%> ; var L_TemplateLoadErrNoneFound_ErrorMessage="No certificate templates could be found. You do not have permission to request a certificate from this CA, or an error occurred while accessing the Active Directory."; var L_TemplateLoadErrUnexpected_ErrorMessage="\"An unexpected error (\"+sErrorNumber+\") occurred while getting the certificate template list.\""; var L_TemplateCert_Text= "sFriendlyName+\" Certificate\""; <%End If%> // IE is not ready until XEnroll has been loaded var g_bOkToSubmit=false; var g_bSubmitPending=false; // some constants defined in wincrypt.h: var CRYPT_EXPORTABLE=1; var CRYPT_USER_PROTECTED=2; var CRYPT_MACHINE_KEYSET=0x20; var AT_KEYEXCHANGE=1; var AT_SIGNATURE=2; var CERT_SYSTEM_STORE_LOCATION_SHIFT=16; var CERT_SYSTEM_STORE_LOCAL_MACHINE_ID=2; var CERT_SYSTEM_STORE_LOCAL_MACHINE=CERT_SYSTEM_STORE_LOCAL_MACHINE_ID << CERT_SYSTEM_STORE_LOCATION_SHIFT; var ALG_CLASS_ANY=0 var ALG_CLASS_SIGNATURE=1<<13; var ALG_CLASS_HASH=4<<13; var PROV_DSS=3; var PROV_DSS_DH=13; var PROV_DH_SCHANNEL=18; // convenience constants, for readability var KEY_USAGE_EXCH=0; var KEY_USAGE_SIG=1; var KEY_USAGE_BOTH=2; var XEKL_KEYSIZE_MIN=1; var XEKL_KEYSIZE_MAX=2; var XEKL_KEYSIZE_INC=3; var XEKL_KEYSIZE_DEFAULT=4; var XEKL_KEYSPEC_KEYX=1; var XEKL_KEYSPEC_SIG=2; // defaults var KEY_LEN_MIN_DEFAULT=384; var KEY_LEN_MAX_DEFAULT=16384; var KEY_LEN_MY_DEFAULT=1024; var KEY_LEN_INC_DEFAULT=8; // for key size var g_nCurKeySizeMax; var g_nCurKeySizeMin; var g_nCurKeySizeDefault; var g_nCurKeySizeInc; var g_bCSPUpdate; var g_nCurTemplateKeySizeMin = 0; //init to 0 var XECR_PKCS10_V2_0=1; var XECR_PKCS7=2; var XECR_CMC=3; var XECT_EXTENSION_V1=1; var XECT_EXTENSION_V2=2; //================================================================ // INITIALIZATION ROUTINES function removeV2KATemplate() { var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001; //downlevel machines, no V2 templates with KA var nTemplateCount = document.UIForm.lbCertTemplate.length; var n, sTemplate, sCTEOID; for (n = nTemplateCount - 1; n > -1 ; --n) { sTemplate = document.UIForm.lbCertTemplate.options[n].value; sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, sTemplate); var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, sTemplate); if ("" != sCTEOID && 0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL)) { //v2 template with KA document.UIForm.lbCertTemplate.options.remove(n); } } } //---------------------------------------------------------------- // This contains the functions we want executed immediately after load completes function postLoad() { // Load an XEnroll object into the page loadXEnroll("postLoadPhase2()"); handleSaveReq(); handleCMCFormat(); <%If "Enterprise"=sServerType Then%> if (!isClientAbleToCreateCMC()) { //downlevel machines removeV2KATemplate(); } <%End If%> } function postLoadPhase2() { // continued from above var nResult; // get the CSP list nResult=GetCSPList(); if (0!=nResult) { handleLoadError(nResult, L_CspLoadErrNoneFound_ErrorMessage, L_CspLoadErrUnexpected_ErrorMessage); return; } <%If "StandAlone"<>sServerType And 0<>nWriteTemplateResult Then%> handleLoadError(<%=nWriteTemplateResult%>, L_TemplateLoadErrNoneFound_ErrorMessage, L_TemplateLoadErrUnexpected_ErrorMessage); return; <%End If%> // Now we're ready to go g_bOkToSubmit=true; <%If "Enterprise"=sServerType Then%> handleTemplateChange(); <%Else%> handleCSPChange(); <%End If%> // dynamic styles are not preserved so // make sure dynamic UI is updated after 'back' handleKeyGen(); handleMarkExport(false); handleExportKeys(); <%If "StandAlone"=sServerType Then%> handleUsageOID(false); <%End If%> } //---------------------------------------------------------------- // handle errors from GetCSPList() and GetTemplateList() function handleLoadError(nResult, sNoneFound, sUnexpected) { if (-1==nResult) { alert(sNoneFound); } else { var sErrorNumber="0x"+toHex(nResult); alert(eval(sUnexpected)); } disableAllControls(); } //================================================================ // PAGE MANAGEMENT ROUTINES <%If "StandAlone"=sServerType Then%> //---------------------------------------------------------------- // handle the appearance of the text box when 'other...' is selected function handleUsageOID(bFocus) { if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value) { spnEKUOther1.style.display=''; spnEKUOther2.style.display=''; if (bFocus) { document.UIForm.lbUsageOID.blur(); document.UIForm.tbEKUOther.select(); document.UIForm.tbEKUOther.focus(); } } else { spnEKUOther1.style.display='none'; spnEKUOther2.style.display='none'; } } <%End If%> <%If "Enterprise"=sServerType Then%> //---------------------------------------------------------------- function getTemplateValueInfo(nIndex, sTemplate) { var sValue=getTemplateStringInfo(nIndex, sTemplate); return parseInt(sValue); } // handle a change in the current template function isDNNeeded() { var sValue=getTemplateStringInfo(CTINFO_INDEX_OFFLINE, null); if ("O"==sValue) { //offline template needs DN return true; } //check template subject flag var lSubjectFlag = getTemplateValueInfo(CTINFO_INDEX_SUBJECTFLAG, null); var CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT=0x00000001; return (0x0 != (lSubjectFlag & CT_FLAG_ENROLLEE_SUPPLIES_SUBJECT)); } function isTemplateKeyArchival() { var CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL=0x00000001; var lFlags=getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null); return (0x0 != (lFlags & CT_FLAG_ALLOW_PRIVATE_KEY_ARCHIVAL)); } function isSMimeCapabilities() { var CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS=0x00000001; var lFlags=getTemplateValueInfo(CTINFO_INDEX_ENROLLFLAG, null); return (0x0 != (lFlags & CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS)); } function getTemplateMinKeySize() { var lKeyFlags = getTemplateValueInfo(CTINFO_INDEX_KEYFLAG, null); return (lKeyFlags & 0xFFFF0000) >> 16; } function updateCSPList() { //get csp list separated from template data var sCSPList = getTemplateStringInfo(CTINFO_INDEX_CSPLIST, null); if ("" != sCSPList) { updateCSPListFromStrings(sCSPList); } else { //remove current csps from list //strange reasons this remove code can't be in GetCSPList var n; var nCSP = document.UIForm.lbCSP.length; for (n = 0; n < nCSP-1; ++n) { document.UIForm.lbCSP.remove(0); } GetCSPList(); } } //---------------------------------------------------------------- // handle a change in the current template function handleTemplateChange() { if (false==isDNNeeded()) { spnIDInfo.style.display="none"; } else { spnIDInfo.style.display=""; } //update csp list from the template updateCSPList(); handleCSPChange(); //handle key spec var lKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null); var fDisabled = true; if ((0x0 != (AT_KEYEXCHANGE & lKeySpec)) && (0x0 != (AT_SIGNATURE & lKeySpec)) ) { document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; } else if (0x0 != (AT_KEYEXCHANGE & lKeySpec)) { document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true; } else if (0x0 != (AT_SIGNATURE & lKeySpec)) { document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true; } else { document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; fDisabled = false; } document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].disabled=fDisabled; document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].disabled=fDisabled; document.UIForm.rbKeyUsage[KEY_USAGE_SIG].disabled=fDisabled; //update exportable control var lPrivateKeyFlags = getTemplateValueInfo(CTINFO_INDEX_PRIVATEKEYFLAG, null); var CT_FLAG_EXPORTABLE_KEY = 0x10; document.UIForm.cbMarkKeyExportable.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_EXPORTABLE_KEY)); handleMarkExport(true); //update strong key protection control var CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED = 0x20; document.UIForm.cbStrongKey.checked = (0x0 != (lPrivateKeyFlags & CT_FLAG_STRONG_KEY_PROTECTION_REQUIRED)); handleStrongKeyAndLMStore(true); //update template min key size g_nCurTemplateKeySizeMin = getTemplateMinKeySize(); //update key size handleKeyUsageChange(false); //update CMC related handleCMCFormat(); var lRASignatures = getTemplateValueInfo(CTINFO_INDEX_RASIGNATURE, null); var fSave = 0 < lRASignatures; //enforce save to file, can't submit if signing document.UIForm.cbSaveRequest.checked = fSave; document.UIForm.cbSaveRequest.disabled = fSave; handleSaveReq(); } <%End If%> //---------------------------------------------------------------- // handle a change in the current CSP function handleCSPChange() { if (0 == document.UIForm.lbCSP.length) { //no csp, disable submit button document.UIForm.btnSubmit.disabled = true; return; } else { document.UIForm.btnSubmit.disabled = false; } var nCSPIndex=document.UIForm.lbCSP.selectedIndex; XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; var nProvType=document.UIForm.lbCSP.options[nCSPIndex].value; XEnroll.ProviderType=nProvType; <%If "Enterprise"=sServerType Then%> var nTemplateKeySpec = getTemplateValueInfo(CTINFO_INDEX_KEYSPEC, null); <%End If%> // update the key spec options. If we support both, default to key exchange var nSupportedKeyUsages=XEnroll.GetSupportedKeySpec(); if (0==nSupportedKeyUsages) { nSupportedKeyUsages=AT_SIGNATURE | AT_KEYEXCHANGE; } <%If "Enterprise"=sServerType Then%> if (0==nTemplateKeySpec) { nTemplateKeySpec=AT_SIGNATURE | AT_KEYEXCHANGE; } nSupportedKeyUsages = nTemplateKeySpec & nSupportedKeyUsages; <%End If%> if (PROV_DSS==nProvType || PROV_DSS_DH==nProvType || PROV_DH_SCHANNEL==nProvType) { nSupportedKeyUsages=AT_SIGNATURE; } if (0 == nSupportedKeyUsages) { spnBadCSPForKeySpecMsg.innerHTML=eval(L_CSPNotSupportTemplateKeySpec_Message); trBadCSPForKeySpec.style.display=""; } else { trBadCSPForKeySpec.style.display="none"; } if (nSupportedKeyUsages&AT_SIGNATURE) { spnKeyUsageSignature.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked=true; } else { spnKeyUsageSignature.style.display="none"; } if (nSupportedKeyUsages&AT_KEYEXCHANGE) { spnKeyUsageKeyExchange.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked=true; } else { spnKeyUsageKeyExchange.style.display="none"; } if ((AT_SIGNATURE|AT_KEYEXCHANGE)==nSupportedKeyUsages) { spnKeyUsageBoth.style.display=""; document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked=true; } else { spnKeyUsageBoth.style.display="none"; } handleKeyUsageChange(true); UpdateHashAlgList(nProvType); } //---------------------------------------------------------------- // two cases invoke handleKeyUsageChange: // 1) csp selection change // 2) exchange vs. signature change function handleKeyUsageChange(bCSPChange) { // get the min, max, and default length from the CSP var bExchange=document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked || document.UIForm.rbKeyUsage[KEY_USAGE_BOTH].checked ; g_nCurKeySizeMax=MyGetKeyLen(XEKL_KEYSIZE_MAX, bExchange); g_nCurKeySizeMin=MyGetKeyLen(XEKL_KEYSIZE_MIN, bExchange); <%If "Enterprise"=sServerType Then%> if (0 != g_nCurTemplateKeySizeMin) { g_nCurKeySizeMin=Math.max(g_nCurKeySizeMin, g_nCurTemplateKeySizeMin); } <%End If%> g_nCurKeySizeDefault=MyGetKeyLen(XEKL_KEYSIZE_DEFAULT, bExchange); g_nCurKeySizeInc=MyGetKeyLen(XEKL_KEYSIZE_INC, bExchange); // set to default lenth if ("0"==document.UIForm.tbKeySize.value || true == bCSPChange) { //"0" likely init load or typed in, not bad go default // or csp changed, set to default length document.UIForm.tbKeySize.value = g_nCurKeySizeDefault; } // show the min and max spnKeySizeMin.innerText=g_nCurKeySizeMin; spnKeySizeMax.innerText=g_nCurKeySizeMax; // keep the key size in bounds var nKeySize=parseInt(document.UIForm.tbKeySize.value); if (isNaN(nKeySize) || nKeySize>g_nCurKeySizeMax) { document.UIForm.tbKeySize.value=g_nCurKeySizeMax; } else if (nKeySize<g_nCurKeySizeMin) { //> document.UIForm.tbKeySize.value=g_nCurKeySizeMin; } // update list of valid common key sizes var nPowerSize=128; var sCommonKeys=""; while (nPowerSize<g_nCurKeySizeMin) { //> nPowerSize*=2; } while (nPowerSize<=g_nCurKeySizeMax) { sCommonKeys+=getKeySizeLinkHtmlString(nPowerSize)+" "; nPowerSize*=2; } spnKeySizeCommon.innerHTML=sCommonKeys; handleKeySizeChange(); } //---------------------------------------------------------------- function getKeySizeLinkHtmlString(nKeySize) { return "<Span tabindex=0 Style=\"cursor:hand; color:#0000FF; text-decoration:underline;\"" +" OnContextMenu=\"return false;\"" +" OnMouseOver=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\"" +" OnMouseOut=\"window.status='';return true;\"" +" OnMouseUp=\"window.status='"+eval(L_SetKeySize_Message)+"';return true;\"" +" OnKeyDown=\"if (13==event.keyCode) {document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;} else if (9==event.keyCode) {return true;};return false;\"" +" OnClick=\"document.UIForm.tbKeySize.value='"+nKeySize+"';blur();return false;\">" +nKeySize+"</Span>"; } //---------------------------------------------------------------- // morphing routine function handleSaveReq() { if (document.UIForm.cbSaveRequest.checked) { spnSaveRequest.style.display=''; document.UIForm.btnSubmit.style.display='none'; document.UIForm.btnSave.style.display=''; spnSubmitAttrLable.style.display='none'; spnSubmitAttrBox.style.display='none'; } else { spnSaveRequest.style.display='none'; document.UIForm.btnSubmit.style.display=''; document.UIForm.btnSave.style.display='none'; spnSubmitAttrLable.style.display=''; spnSubmitAttrBox.style.display=''; } } //---------------------------------------------------------------- // morphing routine function handleMarkExport(fFromTemplate) { <%If bEnableExportKeyToFile Then%> if (document.UIForm.cbMarkKeyExportable.checked) { spnMarkKeyExportable.style.display=''; document.UIForm.cbMarkKeyExportable.disabled = false; } else { spnMarkKeyExportable.style.display='none'; if (fFromTemplate) { //disable it to enforce template non-exportable document.UIForm.cbMarkKeyExportable.disabled = true; } else { //enable document.UIForm.cbMarkKeyExportable.disabled = false; } } <%End If%> } //---------------------------------------------------------------- // morphing routine function handleExportKeys() { <%If bEnableExportKeyToFile Then%> if (document.UIForm.cbExportKeys.checked) { spnExportKeys.style.display=''; } else { spnExportKeys.style.display='none'; } <%End If%> } //---------------------------------------------------------------- // morphing routine function handleKeyGen() { if (document.UIForm.rbKeyGen[0].checked) { // create new keyset trGenContName.style.display=''; trGenContNameSpc.style.display=''; trKeyGenWarn.style.display='none'; handleGenContName(); <%If "Enterprise"=sServerType Then%> handleTemplateChange(); <%Else%> handleStrongKeyAndLMStore(false); <%End If%> trMarkExport.style.display=''; trMarkExportSpc.style.display=''; } else { // Use existing key set trGenContName.style.display='none'; trGenContNameSpc.style.display='none'; trKeyGenWarn.style.display=''; handleGenContName(); handleStrongKeyAndLMStore(false); document.UIForm.cbMarkKeyExportable.checked=false; trMarkExport.style.display='none'; trMarkExportSpc.style.display='none'; } } //---------------------------------------------------------------- // morphing routine function handleGenContName() { if (document.UIForm.rbGenContName[0].checked && document.UIForm.rbKeyGen[0].checked) { trContName.style.display='none'; trContNameSpc.style.display='none'; } else { trContName.style.display=''; trContNameSpc.style.display=''; } } //---------------------------------------------------------------- // morphing routine function handleSetContainer() { if (document.UIForm.cbSetContainer.checked) { spnNewContainer.style.display=''; } else { spnNewContainer.style.display='none'; } } //---------------------------------------------------------------- // morphing routine function handleKeySizeChange() { var sKeySize = document.UIForm.tbKeySize.value; if (0 == sKeySize.indexOf("0")) { //first digit is 0, wipe it out document.UIForm.tbKeySize.value = ""; return; } var nKeySize=parseInt(sKeySize); if (isNaN(nKeySize)) { nKeySize=0; } if (nKeySize>2048) { trKeySizeWarn.style.display=''; } else { trKeySizeWarn.style.display='none'; } if (nKeySize<g_nCurKeySizeMin || nKeySize>g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) { // clamp the current key size to be within the range var nCloseBelow=nKeySize; if (nCloseBelow<g_nCurKeySizeMin) { //> nCloseBelow=g_nCurKeySizeMin; } else if (nCloseBelow>g_nCurKeySizeMax) { nCloseBelow=g_nCurKeySizeMax; } var nCloseAbove=nCloseBelow; // find closest values above and below nCloseBelow-=nCloseBelow%g_nCurKeySizeInc; nCloseAbove+=(g_nCurKeySizeInc-nCloseAbove%g_nCurKeySizeInc)%g_nCurKeySizeInc; var sCloseAbove=getKeySizeLinkHtmlString(nCloseAbove); var sCloseBelow=getKeySizeLinkHtmlString(nCloseBelow); if (g_nCurKeySizeMax < g_nCurTemplateKeySizeMin) { spnKeySizeBadMsg.innerHTML=eval(L_WarningTemplateKeySize_Message); } else if (nCloseAbove==nCloseBelow) { spnKeySizeBadMsg.innerHTML=eval(L_RecommendOneKeySize_Message); } else { spnKeySizeBadMsg.innerHTML=eval(L_RecommendTwoKeySizes_Message); } trKeySizeBad.style.display=""; trKeySizeBadSpc.style.display=""; } else { trKeySizeBad.style.display="none"; trKeySizeBadSpc.style.display="none"; } } //---------------------------------------------------------------- // morphing routine function handleStrongKeyAndLMStore(fFromTemplate) { // If we took the value from the template, and the checkbox is checked, the disable it if (document.UIForm.cbStrongKey.checked && fFromTemplate) { //disable it to enforce template non-exportable document.UIForm.cbStrongKey.disabled = true; } else { document.UIForm.cbStrongKey.disabled = false ; } if (document.UIForm.cbStrongKey.checked && document.UIForm.rbKeyGen[0].checked) { trLMStoreSpc.style.display='none'; trLMStore.style.display='none'; document.UIForm.cbLocalMachineStore.checked=false; } else { trLMStoreSpc.style.display=''; trLMStore.style.display=''; } if (document.UIForm.cbLocalMachineStore.checked || !document.UIForm.rbKeyGen[0].checked) { trStrongKeySpc.style.display='none'; trStrongKey.style.display='none'; document.UIForm.cbStrongKey.checked=false; } else { trStrongKeySpc.style.display=''; trStrongKey.style.display=''; } } //---------------------------------------------------------------- // handle CMC Format function handleCMCFormat() { if (isClientAbleToCreateCMC()) { <%If "Enterprise"=sServerType Then%> //change request format controls if (isTemplateKeyArchival()) { //enforce CMC document.UIForm.rbRequestFormat[0].disabled=true; document.UIForm.rbRequestFormat[0].checked=true; document.UIForm.rbRequestFormat[1].disabled=true; } else { document.UIForm.rbRequestFormat[0].disabled=false; document.UIForm.rbRequestFormat[1].disabled=false; } <%End If%> } else { //no cmc, disable it, only pkcs10 document.UIForm.rbRequestFormat[0].disabled=true; document.UIForm.rbRequestFormat[1].disabled=true; document.UIForm.rbRequestFormat[1].checked=true; } } //================================================================ // SUBMIT ROUTINES //---------------------------------------------------------------- // determine what to do when the submit button is pressed function goNext() { if (false==g_bOkToSubmit) { alert(L_StillLoading_ErrorMessage); } else if (true==g_bSubmitPending) { // ignore, because we are already prcessing a request. } else { SubmitRequest(); } } //---------------------------------------------------------------- // check for invalid characters and empty strings function isValidIA5String(sSource) { var nIndex; for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { if (sSource.charCodeAt(nIndex)>127) { // NOTE: this is better, but not compatible with old browsers. return false; } }; return true; } //---------------------------------------------------------------- // check for invalid characters function isValidCountryField(tbCountry) { tbCountry.value=tbCountry.value.toUpperCase(); var sSource=tbCountry.value; var nIndex, ch; if (0!=sSource.length && 2!=sSource.length) { return false; } for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { ch=sSource.charAt(nIndex) if (ch<"A" || ch>"Z") { return false; } }; return true; } //---------------------------------------------------------------- // check for invalid characters in an OID function isValidOid(sSource) { var nIndex, ch; if (0==sSource.length) { return true; } for (nIndex=sSource.length-1; nIndex>=0; nIndex--) { ch=sSource.charAt(nIndex) if (ch!="." && ch!="," && (ch<"0" || ch>"9")) { return false; } } return true; } //---------------------------------------------------------------- // set a label to normal style function markLabelNormal(spn) { spn.style.color="#000000"; spn.style.fontWeight='normal'; } //---------------------------------------------------------------- // set a label to error state function markLabelError(spn) { spn.style.color='#FF0000'; spn.style.fontWeight='bold'; } //---------------------------------------------------------------- // check that the form has data in it function validateRequest() { markLabelNormal(spnNameLabel); markLabelNormal(spnEmailLabel); markLabelNormal(spnCompanyLabel); markLabelNormal(spnDepartmentLabel); markLabelNormal(spnCityLabel); markLabelNormal(spnStateLabel); markLabelNormal(spnCountryLabel); var bOK=true; <%If "Enterprise"=sServerType Then%> if (true==isDNNeeded()) { <%End If%> var fldFocusMe=null; if (false==isValidCountryField(document.UIForm.tbCountry)) { bOK=false; fldFocusMe=document.UIForm.tbCountry; markLabelError(spnCountryLabel); } // document.UIForm.tbState.value OK // document.UIForm.tbLocality.value OK // document.UIForm.tbOrgUnit.value OK // document.UIForm.tbOrg.value OK if (false==isValidIA5String(document.UIForm.tbEmail.value)) { bOK=false; fldFocusMe=document.UIForm.tbEmail; markLabelError(spnEmailLabel); } <%If "StandAlone"=sServerType Then%> if ("1.3.6.1.5.5.7.3.4"==document.UIForm.lbUsageOID.value && ""==document.UIForm.tbEmail.value) { bOK=false; fldFocusMe=document.UIForm.tbEmail; markLabelError(spnEmailLabel); } if (""==document.UIForm.tbCommonName.value) { bOK=false; fldFocusMe=document.UIForm.tbCommonName; markLabelError(spnNameLabel); } <%End If%> if (false==bOK) { spnFixTxt.style.display=''; window.scrollTo(0,0); fldFocusMe.focus(); } <%If "Enterprise"=sServerType Then%> } // <- End if offline template <%End If%> <%If "StandAlone"=sServerType Then%> // Check the OID field if (true==bOK) { if ("**"==document.UIForm.lbUsageOID.options[document.UIForm.lbUsageOID.selectedIndex].value && false==isValidOid(document.UIForm.tbEKUOther.value)) { alert(L_BadOid_ErrorMessage); document.UIForm.tbEKUOther.focus(); bOK=false; } } <%End If%> // Check the keysize field if (true==bOK) { var nKeySize=parseInt(document.UIForm.tbKeySize.value); var sMessage; if (isNaN(nKeySize)) { sMessage=L_KeySizeNotNumber_ErrorMessage; bOK=false; } else if (g_nCurTemplateKeySizeMin > g_nCurKeySizeMax) { sMessage=eval(L_TemplateKeySizeTooBig_ErrorMessage); bOK = false; } else if (nKeySize < g_nCurKeySizeMin || nKeySize > g_nCurKeySizeMax || 0!=nKeySize%g_nCurKeySizeInc) { sMessage=eval(L_KeySizeBadNumber_ErrorMessage); bOK=false; } if (false==bOK) { alert (sMessage); document.UIForm.tbKeySize.focus(); } } // Check the container name if (true==bOK) { if (document.UIForm.rbKeyGen[1].checked || (document.UIForm.rbKeyGen[0].checked && document.UIForm.rbGenContName[1].checked)) { if (""==document.UIForm.tbContainerName.value) { bOK=false; alert(L_NoCntnrName_ErrorMessage); document.UIForm.tbContainerName.focus(); } } } <%If bEnableExportKeyToFile Then%> // Check the exported private key file name if (true==bOK) { if (document.UIForm.rbKeyGen[0].checked && document.UIForm.cbMarkKeyExportable.checked && document.UIForm.cbExportKeys.checked) { if (""==document.UIForm.tbExportKeyFile.value) { bOK=false; alert(L_NoExportFileName_ErrorMessage); document.UIForm.tbExportKeyFile.focus(); } } } <%End If%> // Check the saved-request file name if (true==bOK) { if (document.UIForm.cbSaveRequest.checked) { if (""==document.UIForm.tbSaveReqFile.value) { bOK=false; alert(L_NoSaveReqFileName_ErrorMessage); document.UIForm.tbSaveReqFile.focus(); } } } return bOK; } //---------------------------------------------------------------- function SubmitRequest() { g_bSubmitPending=true; // check that the form is filled in spnErrorTxt.style.display='none'; spnFixTxt.style.display='none'; if (false==validateRequest()) { g_bSubmitPending=false; return; } // show a nice message since request creation can take a while ShowTransientMessage(L_Generating_Message); // Make the message show up on the screen, // then continue with 'SubmitRequest': // Pause 10 mS before executing phase 2, // so screen will have time to repaint. setTimeout("SubmitRequestPhase2();", 10); } function SubmitRequestPhase2() { // continued from above <%If "StandAlone"=sServerType Then%> // // Stand-Alone Options // // set the extended key usage and certificate request 'friendly type' var nUsageIndex=document.UIForm.lbUsageOID.selectedIndex; var sCertUsage; if ("**"==document.UIForm.lbUsageOID.options[nUsageIndex].value) { sCertUsage=document.UIForm.tbEKUOther.value; document.SubmittedData.FriendlyType.value=eval(L_UserEKUCert_Text); } else { sCertUsage=document.UIForm.lbUsageOID.options[nUsageIndex].value; document.SubmittedData.FriendlyType.value=document.UIForm.lbUsageOID.options[nUsageIndex].text; } <%Else 'Enterprise%> // // Enterprise Options // // get cert template info var lCTEVer = XECT_EXTENSION_V1; var lCTEMajor = 0; var bCTEfMinor = false; var lCTEMinor = 0; var sRealName = getTemplateStringInfo(CTINFO_INDEX_REALNAME, null); var sFriendlyName = getTemplateStringInfo(CTINFO_INDEX_FRIENDLYNAME, null); var sCTEOID = getTemplateStringInfo(CTINFO_INDEX_EXTOID, null); if ("" == sCTEOID) { //must v1 template, get template name sCTEOID = sRealName; } else { // v2 template lCTEVer = XECT_EXTENSION_V2; lCTEMajor = getTemplateValueInfo(CTINFO_INDEX_EXTMAJ, null); bCTEfMinor = getTemplateValueInfo(CTINFO_INDEX_EXTFMIN, null); lCTEMinor = getTemplateValueInfo(CTINFO_INDEX_EXTMIN, null); } // set the cert template vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor); document.SubmittedData.FriendlyType.value=eval(L_TemplateCert_Text); var sCertUsage=""; // ignored <%End If 'StandAlone or Enterprise%> // // Common // // set the identifying info var sDistinguishedName=""; if (""!=document.UIForm.tbCountry.value) { sDistinguishedName+="C=\""+document.UIForm.tbCountry.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbState.value) { sDistinguishedName+="S=\""+document.UIForm.tbState.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbLocality.value) { sDistinguishedName+="L=\""+document.UIForm.tbLocality.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbOrg.value) { sDistinguishedName+="O=\""+document.UIForm.tbOrg.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbOrgUnit.value) { sDistinguishedName+="OU=\""+document.UIForm.tbOrgUnit.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbEmail.value) { sDistinguishedName+="E=\""+document.UIForm.tbEmail.value.replace(/"/g, "\"\"") +"\";"; } if (""!=document.UIForm.tbCommonName.value) { sDistinguishedName+="CN=\""+document.UIForm.tbCommonName.value.replace(/"/g, "\"\"")+"\";"; } <%If "Enterprise"=sServerType Then%> if (false==isDNNeeded()) { sDistinguishedName=""; } <%End If%> // append the local date to the type document.SubmittedData.FriendlyType.value+=" ("+(new Date()).toLocaleString()+")"; // // Key Options subheading: // // set the 'SaveCert' flag to install the cert instead of saving document.SubmittedData.SaveCert.value="no"; // set the CSP var nCSPIndex=document.UIForm.lbCSP.selectedIndex; XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value; // set the key size (the upper 16 bits of GenKeyFlags) // note: this value has already been validated var nKeySize=parseInt(document.UIForm.tbKeySize.value); XEnroll.GenKeyFlags=nKeySize<<16; // set the KeyUsage if (document.UIForm.rbKeyUsage[KEY_USAGE_EXCH].checked) { XEnroll.KeySpec=AT_KEYEXCHANGE; XEnroll.LimitExchangeKeyToEncipherment=true; } else if (document.UIForm.rbKeyUsage[KEY_USAGE_SIG].checked) { XEnroll.KeySpec=AT_SIGNATURE; XEnroll.LimitExchangeKeyToEncipherment=false; } else { // KEY_USAGE_BOTH XEnroll.KeySpec=AT_KEYEXCHANGE; XEnroll.LimitExchangeKeyToEncipherment=false; } // set the 'use existing key set' flag if (document.UIForm.rbKeyGen[0].checked) { XEnroll.UseExistingKeySet=false; if (document.UIForm.rbGenContName[1].checked) { XEnroll.ContainerName=document.UIForm.tbContainerName.value; } // set 'Strong private key protection' // note: upper 16 bits already set as key size if (document.UIForm.cbStrongKey.checked) { XEnroll.GenKeyFlags|=CRYPT_USER_PROTECTED; } // mark the keys as exportable if (document.UIForm.cbMarkKeyExportable.checked) { XEnroll.GenKeyFlags|=CRYPT_EXPORTABLE; <%If bEnableExportKeyToFile Then%> // set the key export file (.pvk) and save the cert instead of installing if (document.UIForm.cbExportKeys.checked) { XEnroll.PVKFileName=document.UIForm.tbExportKeyFile.value; document.SubmittedData.SaveCert.value="yes"; } <%End If%> } } else { // set the 'use existing key set' flag XEnroll.UseExistingKeySet=true; XEnroll.ContainerName=document.UIForm.tbContainerName.value; } // place the keys in the local machine store if (document.UIForm.cbLocalMachineStore.checked) { // the keys attached to the dummy request cert go in the local machine store XEnroll.RequestStoreFlags=CERT_SYSTEM_STORE_LOCAL_MACHINE; // used in CryptAcquireContext XEnroll.ProviderFlags=CRYPT_MACHINE_KEYSET; // the keys attached to the final cert also go in the local machine store document.SubmittedData.TargetStoreFlags.value=CERT_SYSTEM_STORE_LOCAL_MACHINE; } else { // the keys attached to the final cert also go in the user store document.SubmittedData.TargetStoreFlags.value=0; // 0=Use default (=user store) } var dwCreateRequestFlag = XECR_CMC; if (document.UIForm.rbRequestFormat[1].checked) { dwCreateRequestFlag = XECR_PKCS10_V2_0; } <%If "Enterprise"=sServerType Then%> //SMIME capabilities XEnroll.EnableSMIMECapabilities = isSMimeCapabilities(); //Key archival if (isTemplateKeyArchival()) { var nResult = SetPrivateKeyArchiveCertificate(); //call VB if (0 != nResult) { handleError(nResult); return; } } <%End If%> if ("" != document.UIForm.tbFriendlyName.value) { //set friendly name property var CERT_FRIENDLY_NAME_PROP_ID=11; var XECP_STRING_PROPERTY=1; XEnroll.addBlobPropertyToCertificate(CERT_FRIENDLY_NAME_PROP_ID, XECP_STRING_PROPERTY, document.UIForm.tbFriendlyName.value); } // // Additional Options subheading: // // set the hash algorithm var nHashIndex=document.UIForm.lbHashAlgorithm.selectedIndex; XEnroll.HashAlgID=document.UIForm.lbHashAlgorithm.options[nHashIndex].value; // set any extra attributes var sAttrib=document.UIForm.taAttrib.value; if (sAttrib.lastIndexOf("\r\n")!=sAttrib.length-2 && sAttrib.length>0) { sAttrib=sAttrib+"\r\n"; } // for interop debug purposes sAttrib+="UserAgent:<%=Request.ServerVariables("HTTP_USER_AGENT")%>\r\n"; document.SubmittedData.CertAttrib.value=sAttrib; // we are submitting a new request document.SubmittedData.Mode.value='newreq'; // // Create the request // var nResult; var HRESULT_ERROR_CANCELLED=0x800704c7; var SCARD_W_CANCELLED_BY_USER=0x8010006e; var PVK_HELPER_PASSWORD_CANCEL=0x80097004; if (document.UIForm.cbSaveRequest.checked) { // build and save the certificate request var sSaveReqFile=document.UIForm.tbSaveReqFile.value; nResult=CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile); // ask VB to do it, since it can handle errors } else { // build the certificate request nResult=CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage); // ask VB to do it, since it can handle errors } if (0 == nResult) { //always get thumbprint in case of pending document.SubmittedData.ThumbPrint.value=XEnroll.ThumbPrint; } // hide the message box HideTransientMessage(); // reset XEnroll so the user can select a different CSP, etc. XEnroll.reset(); // however, make sure it still matches the UI. XEnroll.ProviderName=document.UIForm.lbCSP.options[nCSPIndex].text; XEnroll.ProviderType=document.UIForm.lbCSP.options[nCSPIndex].value; // deal with an error if there was one if (0!=nResult) { g_bSubmitPending=false; if (0==(SCARD_W_CANCELLED_BY_USER^nResult) || 0==(PVK_HELPER_PASSWORD_CANCEL^nResult)) { //cancelled nResult=0; return; } <%If "Enterprise"=sServerType Then%> if (isTemplateKeyArchival() && !document.UIForm.cbMarkKeyExportable.checked) { //they've tried to create an archivable key handleError2(nResult, L_SugCauseCryptArchivableNotSupp_ErrorMessage); } else { // use the regular error handling handleError(nResult); } <%Else%> // just use the regular error handling in the standalone case handleError(nResult); <%End If%> return; } // check for special "no submit" case if (document.UIForm.cbSaveRequest.checked) { // just inform the user that it went OK, but don't submit alert(L_RequestSaved_Message); g_bSubmitPending=false; } else { // put up a new wait message ShowTransientMessage(L_Waiting_Message); // Submit the cert request and move forward in the wizard document.SubmittedData.submit(); } } //---------------------------------------------------------------- function handleError(nResult) { handleError2(nResult, 0); } //---------------------------------------------------------------- function handleError2(nResult, sSugCauseIN) { var sSugCause=L_SugCauseNone_ErrorMessage; var sErrorName=L_ErrNameUnknown_ErrorMessage; // analyze the error - funny use of XOR ('^') because obvious choice '==' doesn't work if (0==(0x80090008^nResult)) { sErrorName="NTE_BAD_ALGID"; sSugCause=L_SugCauseBadSetting2_ErrorMessage; } else if (0==(0x80090016^nResult)) { sErrorName="NTE_BAD_KEYSET"; if (document.UIForm.rbKeyGen[0].checked) { sSugCause=L_SugCauseBadCSP_ErrorMessage; } else { sSugCause=L_SugCauseBadKeyContainer_ErrorMessage; } } else if (0==(0x80090019^nResult)) { sErrorName="NTE_KEYSET_NOT_DEF"; sSugCause=L_SugCauseBadCSP_ErrorMessage; } else if (0==(0x80090020^nResult)) { sErrorName="NTE_FAIL"; sSugCause=L_SugCauseBadCSP_ErrorMessage; } else if (0==(0x80090023^nResult)) { sErrorName="NTE_TOKEN_KEYSET_STORAGE_FULL"; sSugCause=L_SugCauseKeysetFull_ErrorMessage; } else if (0==(0x80090009^nResult)) { sErrorName="NTE_BAD_FLAGS"; sSugCause=L_SugCauseBadSetting2_ErrorMessage; } else if (0==(0x8009000F^nResult)) { sErrorName="NTE_EXISTS"; sSugCause=L_SugCauseExistKeyContainer_ErrorMessage; } else if (0==(0x80092002^nResult)) { sErrorName="CRYPT_E_BAD_ENCODE"; //sSugCause=""; } else if (0==(0x80092022^nResult)) { sErrorName="CRYPT_E_INVALID_IA5_STRING"; sSugCause=L_SugCauseBadChar_ErrorMessage; } else if (0==(0x80092023^nResult)) { sErrorName="CRYPT_E_INVALID_X500_STRING"; sSugCause=L_SugCauseBadChar_ErrorMessage; } else if (0==(0x80070003^nResult)) { sErrorName="ERROR_PATH_NOT_FOUND"; sSugCause=L_SugCauseBadFileName_ErrorMessage; } else if (0==(0x80070103^nResult)) { sErrorName="ERROR_NO_MORE_ITEMS"; sSugCause=L_SugCauseBadHash_ErrorMessage; } else if (0==(0x8007007B^nResult)) { sErrorName="ERROR_INVALID_NAME"; sSugCause=L_SugCauseBadFileName_ErrorMessage; } else if (0==(0x80070015^nResult)) { sErrorName="ERROR_NOT_READY"; sSugCause=L_SugCauseBadDrive_ErrorMessage; } else if (0==(0x8007007F^nResult)) { sErrorName="ERROR_PROC_NOT_FOUND"; sSugCause=L_DownLevelClients_ErrorMessage; } else if (0==(0x800704C7^nResult)) { sErrorNamge="ERROR_CANCELLED"; sSugCause=L_SugCauseCancelled_ErrorMessage; } else if (0==(0x80100006^nResult)) { sErrorName = "SCARD_E_NO_MEMORY"; sSugCause = L_SCARD_E_NOMEMORYMSG_ErrorMessage; } else if (0==(0x80100007^nResult)) { sErrorName = "SCARD_F_WAITED_TOO_LONG"; sSugCause = L_SCARD_F_WAITEDTOOLONG_ErrorMessage; } else if (0==(0x80100008^nResult)) { sErrorName = "SCARD_E_INSUFFICIENT_BUFFER"; sSugCause = L_SCARD_E_INSUFFICIENTBUFFER_ErrorMessage; } else if (0==(0x80100009^nResult)) { sErrorName = "SCARD_E_UNKNOWN_READER"; sSugCause = L_SCARD_E_UNKNOWNREADER_ErrorMessage; } else if (0==(0x8010000C^nResult)) { sErrorName = "SCARD_E_NO_SMARTCARD"; sSugCause = L_SCARD_E_NOSMARTCARD_ErrorMessage; } else if (0==(0x8010000D^nResult)) { sErrorName = "SCARD_E_UNKNOWN_CARD"; sSugCause = L_SCARD_E_UNKNOWNCARD_ErrorMessage; } else if (0==(0x80100010^nResult)) { sErrorName = "SCARD_E_NOT_READY"; sSugCause = L_SCARD_E_NOTREADY_ErrorMessage; } else if (0==(0x80100013^nResult)) { sErrorName = "SCARD_F_COMM_ERROR"; sSugCause = L_SCARD_F_COMMERROR_ErrorMessage; } else if (0==(0x8010001D^nResult)) { sErrorName = "SCARD_E_NO_SERVICE"; sSugCause = L_SCARD_E_NOSERVICE_ErrorMessage; } else if (0==(0x8010001E^nResult)) { sErrorName = "SCARD_E_SERVICE_STOPPED"; sSugCause = L_SCARD_E_SERVICESTOPPED_ErrorMessage; } else if (0==(0x8010002E^nResult)) { sErrorName = "SCARD_E_NO_READERS_AVAILABLE"; sSugCause = L_SCARD_E_NOREADERSAVAILABLE_ErrorMessage; } else if (0==(0x8010002F^nResult)) { sErrorName = "SCARD_E_COMM_DATA_LOST"; sSugCause = L_SCARD_E_COMMDATALOST_ErrorMessage; } else if (0==(0x80100030^nResult)) { sErrorName = "SCARD_E_NO_KEY_CONTAINER"; sSugCause = L_SCARD_E_NOKEYCONTAINER_ErrorMessage; } else if (0==(0x80100067^nResult)) { sErrorName = "SCARD_W_UNPOWERED_CARD"; sSugCause = L_SCARD_W_UNPOWEREDCARD_ErrorMessage; } else if (0==(0x80100069^nResult)) { sErrorName = "SCARD_W_REMOVED_CARD"; sSugCause = L_SCARD_W_REMOVEDCARD_ErrorMessage; } else if (0==(0x8010006B^nResult)) { sErrorName = "SCARD_W_WRONG_CHV"; sSugCause = L_SCARD_W_WRONGCHV_ErrorMessage; } else if (0==(0x8010006C^nResult)) { sErrorName = "SCARD_W_CHV_BLOCKED"; sSugCause = L_SCARD_W_CHVBLOCKED_ErrorMessage; } else if (0==(0x8010006D^nResult)) { sErrorName = "SCARD_W_EOF"; sSugCause = L_SCARD_W_EOF_ErrorMessage; } else if (0==(0x8010006E^nResult)) { sErrorName = "SCARD_W_CANCELLED_BY_USER"; sSugCause = L_SCARD_W_CANCELLEDBYUSER_ErrorMessage; } else if (0==(0x8010006F^nResult)) { sErrorName = "SCARD_W_CARD_NOT_AUTHENTICATED"; sSugCause = L_SCARD_W_CARDNOTAUTHENTICATED_ErrorMessage; } else if (0==(0x80090024^nResult)) { sErrorName = "NTE_TEMPORARY_PROFILE"; sSugCause = L_SugCauseNoProfile_ErrorMessage; } else if (0==(0xFFFFFFFF^nResult)) { sErrorName=L_ErrNameNoFileName_ErrorMessage; sSugCause=L_SugCauseNoFileName_ErrorMessage; } else if (0==(0x800B010A^nResult)) { sErrorName = "CERT_E_CHAINING"; sSugCause=L_SugCauseCAExSignerNotFound_ErrorMessage; } else if (0==(0x800B0109^nResult)) { sErrorName = "CERT_E_UNTRUSTEDROOT"; sSugCause=L_SugCauseCAExNotTrusted_ErrorMessage; } else if (0==(0x8000FFFF^nResult)) { sErrorName="E_UNEXPECTED"; } else if (0==(0x00000046^nResult)) { sErrorName=L_ErrNamePermissionDenied_ErrorMessage; if (document.UIForm.cbSaveRequest.checked) { sSugCause=L_SugCausePermissionToWrite_ErrorMessage; } else { sSugCause=L_SugCausePermissionToWrite_ErrorMessage; } } // modify the document text and appearance to show the error message spnErrorNum.innerText="0x"+toHex(nResult)+" - "+sErrorName; if (0 == sSugCauseIN) { spnErrorMsg.innerText=sSugCause; } else { spnErrorMsg.innerText=sSugCauseIN; } spnFixTxt.style.display='none'; spnErrorTxt.style.display=''; // back to the top so the messages show window.scrollTo(0,0); } </Script> <Script Language="VBScript"> ' The current CA exchange certificate Public sCAExchangeCert sCAExchange="" <%=sCAExchangeCert%> '----------------------------------------------------------------- ' call XEnroll to create a request, since javascript has no error handling Function CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage) On Error Resume Next XEnroll.ReuseHardwareKeyIfUnableToGenNew=False document.SubmittedData.CertRequest.value= _ XEnroll.CreateRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage) CreateRequest=Err.Number End Function '----------------------------------------------------------------- ' call XEnroll to create and save a request, since javascript has no error handling Function CreateAndSaveRequest(dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile) On Error Resume Next XEnroll.ReuseHardwareKeyIfUnableToGenNew=False XEnroll.createFileRequest dwCreateRequestFlag, sDistinguishedName, sCertUsage, sSaveReqFile CreateAndSaveRequest=Err.Number End Function '---------------------------------------------------------------- ' handle a change in the current CSP, since javascript has no error handling Sub UpdateHashAlgList(nProvType) On Error Resume Next Dim nIndex, nAlgID, oElem, bList, lCSPType Const CALG_SSL3_SHAMD5=32776 Const CALG_MAC=32773 Const CALG_HMAC=32777 Const CALG_MD5=32771 'really strange, I can't use nProvType in following If compare 'so I have to fetch from xenroll which is the same as nProvType:( lCSPType=XEnroll.ProviderType ' clear the list While document.UIForm.lbHashAlgorithm.length>0 document.UIForm.lbHashAlgorithm.options.remove(0) Wend ' retrieve the list from XEnroll nIndex=0 Do ' get the next AlgID nAlgID=XEnroll.EnumAlgs(nIndex, ALG_CLASS_HASH) If 0<>Err.Number Then ' no more algs Err.Clear Exit Do End If bList = True 'GetAlgName is not cheap, try to reduce the call, check ID to filter out some unwanted hash 'can't use the following hash If CALG_SSL3_SHAMD5=nAlgID Or CALG_MAC=nAlgID Or CALG_HMAC=nAlgID Then bList = False End If 'DSS or DH won't work with MD5 If CALG_MD5=nAlgID And PROV_DSS=lCSPType Or CALG_MD5=nAlgID And PROV_DSS_DH=lCSPType or CALG_MD5=nAlgID And PROV_DH_SCHANNEL=lCSPType Then bList = False End If If True=bList Then ' get the corresponding name and create an option in the list box sName=XEnroll.GetAlgName(nAlgID) Set oElem=document.createElement("Option") oElem.text=sName oElem.value=nAlgID document.UIForm.lbHashAlgorithm.options.add(oElem) End If nIndex=nIndex+1 Loop ' <- End alg enumeration loop ' make sure the first one is selectd document.UIForm.lbHashAlgorithm.selectedIndex=0 End Sub '---------------------------------------------------------------- ' call XEnroll to get the key length, since javascript has no error handling Function MyGetKeyLen(nSizeSpec, bExchange) On Error Resume Next Dim nKeySpec If True=bExchange Then nKeySpec=XEKL_KEYSPEC_KEYX Else nKeySpec=XEKL_KEYSPEC_SIG End If MyGetKeyLen=XEnroll.GetKeyLenEx(nSizeSpec, nKeySpec) If 0<>Err.Number Then If XEKL_KEYSIZE_MIN=nSizeSpec Then MyGetKeyLen=KEY_LEN_MIN_DEFAULT ElseIf XEKL_KEYSIZE_MAX=nSizeSpec Then MyGetKeyLen=KEY_LEN_MAX_DEFAULT ElseIf XEKL_KEYSIZE_DEFAULT=nSizeSpec Then MyGetKeyLen=KEY_LEN_MY_DEFAULT 'try 1024 Else 'assume XEKL_KEYSIZE_INC=nSizeSpec MyGetKeyLen=KEY_LEN_INC_DEFAULT End If End If If XEKL_KEYSIZE_INC=nSizeSpec And 0=MyGetKeyLen Then MyGetKeyLen=KEY_LEN_INC_DEFAULT End If End Function '---------------------------------------------------- ' set a certificate for key archive Function SetPrivateKeyArchiveCertificate() On Error Resume Next XEnroll.PrivateKeyArchiveCertificate=sCAExchange SetPrivateKeyArchiveCertificate = Err.Number End Function '---------------------------------------------------- ' set request template extension Function vbAddCertTypeToRequestEx(lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor) On Error Resume Next XEnroll.addCertTypeToRequestEx lCTEVer, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor If 0 <> Err.Number Then 'possible on downlevel not supporting v2 encoding, change to v1 XEnroll.addCertTypeToRequestEx XECT_EXTENSION_V1, sCTEOID, lCTEMajor, bCTEfMinor, lCTEMinor End If vbAddCertTypeToRequestEx=Err.Number End Function </Script> <%End If 'bFailed%> </Body> </HTML>