"<p>\n";
}
-if ($ENV{'HTTP_USER_AGENT'} =~ /MSIE/i) {
- # Special VBscript and ActiveX hacks are needed for IE
- print <<EOF;
-<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" sXEnrollVersion="5,131,3659,0" codebase="xenroll.dll" id=Enroll>
-</OBJECT>
-
-<SCRIPT type="text/vbscript">
-Option Explicit
-
-Function MakeKeyFlags(keysize)
- Dim flags
- ' If CRYPT_EXPORTABLE is set, the generated private key can be exported
- ' from IE in passphrase protected pkcs12 envelope.
- ' If CRYPT_USER_PROTECTED is set, the user is allowed to select security
- ' level for the generated private key. If not set the lowest security
- ' level is set as default. This means that private key is not protected
- ' on local disk and user is not prompted is the key is used to sign data.
- Const CRYPT_EXPORTABLE = 1
- Const CRYPT_USER_PROTECTED = 2
- If document.certform.protectkey.checked = true Then
- flags = CRYPT_EXPORTABLE Or CRYPT_USER_PROTECTED
- Else
- flags = CRYPT_EXPORTABLE
- End If
- MakeKeyFlags = flags Or ( keysize * 65536)
-End Function
-
-Function CreatePKCS10Request(keysize)
- Dim DNName
- Const AT_KEYEXCHANGE = 1
- Const AT_SIGNATURE = 2
- DNName = "CN="+document.requestData.commonName.value+", O="+document.requestData.organizationName.value+", OU="+document.requestData.organizationalUnitName.value+", ST="+document.requestData.stateOrProvinceName.value+", C="+document.requestData.countryName.value+", Email="+document.requestData.emailAddress.value
- Enroll.RequestStoreFlags = &H20000
- ' document.requestData.storeflags.value = "&H20000"
- Enroll.GenKeyFlags = MakeKeyFlags(keysize)
- Enroll.KeySpec = AT_KEYEXCHANGE
- CreatePKCS10Request = Enroll.createPKCS10(DNName, "")
-End Function
-
-
-sub CertRequestSub
- Dim keysize
- keysize = document.certform.keysize.value
- document.requestData.data.value = CreatePKCS10Request(keysize)
- document.requestData.action.value = "submit"
- document.requestData.reqkeysize.value = keysize
- document.requestData.submit()
-end sub
-
-sub CertRequestEdit
- Dim keysize
- keysize = document.certform.keysize.value
- document.requestData.data.value = CreatePKCS10Request(keysize)
- document.requestData.action.value = "edit"
- document.requestData.reqkeysize.value = keysize
- document.requestData.submit()
-end sub
-
-
-'-----------------------------------------------------------------
-' IE SPECIFIC:
-' Get the list of CSPs from Enroll
-' returns error number
-' assumes Enroll is named 'Enroll' and the list box is 'document.certform.lbCSP'
-Function GetCSPList()
- On Error Resume Next
- Dim nProvType, nOrigProvType, nTotCSPs, nDefaultCSP, bNoDssBase, bNoDssDh, sUserAgent
- ' should be >= the number of providers defined in wincrypt.h (~line 431)
- Const nMaxProvType=25
- nTotCSPs=0
- nDefaultCSP=-1
-
- sUserAgent=navigator.userAgent
- If CInt(Mid(sUserAgent, InStr(sUserAgent, "MSIE")+5, 1))<=4 Then
- bNoDssDh=True
- bNoDssBase=True
- Else
- bNoDssDh=False
- If 0<>InStr(sUserAgent, "95") Then
- bNoDssBase=True
- ' NT 4 does not include version num in string.
- ElseIf 0<>InStr(sUserAgent, "NT)") Then
- bNoDssBase=True
- Else
- bNoDssBase=False
- End If
- End If
-
- ' save the original provider type
- nOrigProvType=Enroll.ProviderType
- If 0 <> Err.Number Then
- ' something wrong with Enroll
- GetCSPList=Err.Number
- Exit Function
- End If
-
- ' enumerate through each of the provider types
- For nProvType=0 To nMaxProvType
- Dim nCSPIndex
- nCSPIndex=0
- Enroll.ProviderType=nProvType
-
- ' enumerate through each of the providers for this type
- Do
- Dim sProviderName
- 'get the name
- sProviderName=Enroll.enumProviders(nCSPIndex, 0)
-
- If &H80070103=Err.Number Then
- ' no more providers
- Err.Clear
- Exit Do
- ElseIf 0<>Err.Number Then
- ' something wrong with Enroll
- ' - ex, Win16 IE4 Enroll doesn't support this call.
- GetCSPList=Err.Number
- Exit Function
- End If
-
- If ("Microsoft Base DSS Cryptographic Provider"=sProviderName And True=bNoDssBase) _
- Or ("Microsoft Base DSS and Diffie-Hellman Cryptographic Provider"=sProviderName And True=bNoDssDh) Then
- ' skip this provider
- Else
- ' For each provider, add an element to the list box.
- Dim oOption
- Set oOption=document.createElement("Option")
- oOption.text=sProviderName
- oOption.Value=nProvType
- document.certform.lbCSP.add(oOption)
- If InStr(sProviderName, "Microsoft Enhanced Cryptographic Provider") <> 0 Then
- oOption.selected=True
- nDefaultCSP=nTotCSPs
- End If
- nTotCSPs=nTotCSPs+1
- End If
-
- ' get the next provider
- nCSPIndex=nCSPIndex+1
- Loop
- Next
-
- ' if there are no CSPs, we're kinda stuck
- If 0=nTotCSPs Then
- Set oElement=document.createElement("Option")
- oElement.text="-- No CSP's found --"
- document.certform.lbCSP.Options.Add(oElement)
- End If
-
- ' remove the 'loading' text
- document.certform.lbCSP.remove(0)
-
- ' select the default provider
- If -1 <> nDefaultCSP Then
- document.certform.lbCSP.selectedIndex=nDefaultCSP
- End If
-
- ' restore the original provider type
- Enroll.ProviderType=nOrigProvType
-
- ' set the return value and exit
- If 0 <> Err.Number Then
- GetCSPList=Err.Number
- ElseIf 0 = nTotCSPs Then
- ' signal no elements with -1
- GetCSPList=-1
- Else
- GetCSPList=0
- End If
-End Function
-
-
-Function postLoad()
- On Error Resume Next
- Dim nResult
- nResult = 0
- ' get the CSP list
- nResult = GetCSPList()
- if 0 <> nResult Then
- Exit Function
- end if
- handleCSPChange()
-End Function
-
-Function handleCSPChange()
- Dim g_bOkToSubmit, nCSPIndex, nProvType, nSupportedKeyUsages
- Dim keymax, keymin
-
- ' IE is not ready until Enroll has been loaded
- g_bOkToSubmit = false
-
- ' some constants defined in wincrypt.h:
- Const CRYPT_EXPORTABLE = 1
- Const CRYPT_USER_PROTECTED = 2
- Const CRYPT_MACHINE_KEYSET = &H20
- Const AT_KEYEXCHANGE = 1
- Const AT_SIGNATURE = 2
- Const CERT_SYSTEM_STORE_LOCAL_MACHINE = &H20000
- Const ALG_CLASS_ANY = 0
- Const ALG_CLASS_SIGNATURE = &H2000
- Const ALG_CLASS_HASH = &H4000
- Const PROV_DSS=3
- Const PROV_DSS_DH=13
-
- ' convenience constants, for readability
- Const KEY_LEN_MIN=true
- Const KEY_LEN_MAX=false
- Const KEY_USAGE_EXCH=0
- Const KEY_USAGE_SIG=1
- Const KEY_USAGE_BOTH=2
-
- ' defaults
- Const KEY_LEN_MIN_DEFAULT=384
- Const KEY_LEN_MAX_DEFAULT=16384
-
- nCSPIndex = document.certform.lbCSP.selectedIndex
- Enroll.ProviderName = document.certform.lbCSP.options(nCSPIndex).text
- nProvType = document.certform.lbCSP.options(nCSPIndex).value
- Enroll.ProviderType = nProvType
-
-
-
- nSupportedKeyUsages = AT_KEYEXCHANGE
-
-
-
- if (PROV_DSS = nProvType OR PROV_DSS_DH = nProvType) then
- nSupportedKeyUsages = AT_SIGNATURE
- end if
-
- document.certform.keyusage.value="both"
-
-
-End Function
-</SCRIPT>
-
-<form name="requestData" action="cert_issue_ie.cgi" method=post>
-
-<input type="hidden" name="data">
-<input type="hidden" name="action" value="">
-<input type="hidden" name="reqkeysize" value="">
-
-<table border>
-<tr $tb> <td><b>$text{'cert_header'}</b></td> </tr>
-<tr $cb> <td><table>
-<tr> <td> <b>$text{'cert_cn'}</b> </td>
-<td> <input type="text" size=30 name="commonName" value="">
-</td> </tr>
-<tr> <td> <b>$text{'cert_email'}</b> </td>
-<td> <input type="text" size=30 name="emailAddress" value="">
-</td> </tr>
-<tr> <td> <b>$text{'cert_ou'}</b> </td>
-<td> <input type="text" size=30 name="organizationalUnitName" value="">
-</td> </tr>
-<tr> <td> <b>$text{'cert_o'}</b> </td>
-<td> <input type="text" size=30 name="organizationName" value="">
-</td> </tr>
-<tr> <td> <b>$text{'cert_sp'}</b> </td>
-<td> <input type="text" size=15 name="stateOrProvinceName" value="">
-</td> </tr>
-<tr> <td> <b>$text{'cert_c'}</b> </td>
-<td> <input type="text" size=2 name="countryName" value="">
-</td> </tr>
-
-<input type="hidden" name="storeflags" value="">
-</form>
-
-<form name="certform">
-
-<tr><td><b>CSP</b></td>
-<td><select name="lbCSP" onchange="handleCSPChange()" language="VBSCRIPT">
-<option id=locLoading selected>Loading...
-</select></td></tr>
-
-<tr>
-<td><b>Key size</b></td>
-<td><select name=keysize>
-<option value=512> 512
-<option value=1024 selected> 1024
-<option value=2048> 2048
-</select>
-bits.
-<em> Please note that not all CSP's support all key sizes. </em>
-</td></tr>
-<input type=hidden name=keyusage value="signature">
-
-<input type="hidden" name="storeflags" value="">
-
-<tr> <td><b>Private key protection</b></td>
-<td><input type="checkbox" name="protectkey" value="protectkey" checked>
-<em>Adds additional security options to private key storage.</em></td> </tr>
-
-</table></td></tr></table>
-
-<input type="button" name="request" value="Submit Request"
- onClick="CertRequestSub" language="VBSCRIPT"
- src="icons/submitrequest.gif" border=0>
-</form>
-
-EOF
- }
-elsif ($ENV{'HTTP_USER_AGENT'} =~ /Mozilla/i) {
+if ($ENV{'HTTP_USER_AGENT'} =~ /Mozilla/i) {
# Output a form that works for netscape and mozilla
print "<form action=cert_issue.cgi>\n";
print "<table border>\n";
+++ /dev/null
-#!/usr/local/bin/perl
-# cert_issue_ie.cgi
-
-require './acl-lib.pl';
-&ReadParse();
-
-&error_setup($text{'cert_err'});
-&get_miniserv_config(\%miniserv);
-
-# Save certificate request to a file
-$req = $in{'data'};
-$req =~ s/\r|\n//g;
-$temp = &transname();
-open(TEMP, ">$temp");
-print TEMP "-----BEGIN CERTIFICATE REQUEST-----\n";
-$result = 1;
-while($result) {
- $result = substr($req, 0, 72);
- if($result) {
- print TEMP "$result\n";
- $req = substr($req, 72);
- }
-}
-print TEMP "-----END CERTIFICATE REQUEST-----\n";
-close(TEMP);
-
-# Call the openssl CA command to process the request
-$temp2 = &transname();
-$cmd = &get_ssleay();
-$out = &backquote_logged("yes | $cmd ca -in $temp -out $temp2 -config $module_config_directory/openssl.cnf -days 1095 2>&1");
-if ($?) {
- unlink($temp);
- &error("<pre>$out</pre>");
- }
-unlink($temp);
-
-# Create CRL if needed
-$crl = "$module_config_directory/crl.pem";
-if (!-r $crl_file) {
- $out = &backquote_logged("$config{'ssleay'} ca -gencrl -out $crl -config $module_config_directory/openssl.cnf 2>&1");
- if ($?) {
- &error("<pre>$out</pre>");
- }
- }
-
-# Call the openssl crl2pkcs7 command to add to the CRL
-$temp3 = &transname();
-$out = &backquote_logged("$config{'ssleay'} crl2pkcs7 -certfile $temp2 -in $crl -out $temp3 2>&1");
-if ($?) {
- unlink($temp2);
- &error("<pre>$out</pre>");
- }
-unlink($temp2);
-open(OUT, $temp3);
-while(<OUT>) {
- s/\r|\n//g;
- if (/BEGIN PKCS7/) {
- $started++;
- }
- elsif (/END PKCS7/) {
- last;
- }
- elsif ($started) {
- $certificate .= $_;
- }
- }
-close(OUT);
-unlink($temp3);
-
-# Output HTML for IE to install the new cert
-$certdone = &text('cert_done', $in{'commonName'});
-&ui_print_header(undef, $text{'cert_title'}, "");
-print <<EOF;
-<OBJECT classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" sXEnrollVersion="5,131,3659,0" id=Enroll>
-</OBJECT>
-
- <SCRIPT type="text/vbscript">
- sub CertAcceptSub()
-
- on error resume next
-
- Enroll.MyStoreFlags=&H10000
- Enroll.RequestStoreFlags=&H10000
- Enroll.acceptPKCS7(document.resultData.result.value)
- if err.Number <> 0 then
- msgbox "Error: Could not insert the PKCS7 envelope"
- else
- msgbox "Installed certificate OK"
- end if
- end sub
- </SCRIPT>
-
- <form name="resultData">
- <input type="hidden" name="result" value="$certificate">
-
- <p>$certdone<p>
- <input type=hidden name=storeflags value="&H10000">
- <input type="button" name="accept" value="$text{'cert_install'}"
- onClick="CertAcceptSub" language="vbscript">
-
- </form>
-EOF
-
-&ui_print_footer("", $text{'index_return'});
-
-# Update the miniserv users file
-&lock_file($miniserv{'userfile'});
-$lref = &read_file_lines($miniserv{'userfile'});
-foreach $l (@$lref) {
- @u = split(/:/, $l);
- if ($u[0] eq $base_remote_user) {
- $l = "$u[0]:$u[1]:$u[2]:/C=$in{'countryName'}/ST=$in{'stateOrProvinceName'}/O=$in{'organizationName'}/OU=$in{'organizationalUnitName'}/CN=$in{'commonName'}/Email=$in{'emailAddress'}";
- }
- }
-&flush_file_lines();
-&unlock_file($miniserv{'userfile'});
-
-sleep(1);
-&restart_miniserv();
-&webmin_log("cert", undef, $base_remote_user, \%in);
-