summaryrefslogtreecommitdiffstats
path: root/base/ca
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-11-09 03:36:17 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-11-12 12:04:02 -0500
commit46fda5d944772ac62675570037785e39c517002b (patch)
tree667f28137e53f7a5a4f55a7b64f169c69be7513b /base/ca
parentedf9c2273c00b52b0c240bc0c75dc1ba7bdc396e (diff)
downloadpki-46fda5d944772ac62675570037785e39c517002b.tar.gz
pki-46fda5d944772ac62675570037785e39c517002b.tar.xz
pki-46fda5d944772ac62675570037785e39c517002b.zip
Reorganized CA, KRA, OCSP, TKS templates.
All remaining theme files for Tomcat subsystems which include the templates and JS files have been moved from the theme folder at <subsystem>-ui/shared/webapps/<subsystem> into the subsystem webapp folder at base/<subsystem>/shared/webapps/<subsystem>. The deployment tools have been updated to use the new location. Ticket #407
Diffstat (limited to 'base/ca')
-rwxr-xr-xbase/ca/shared/webapps/ca/404.html146
-rwxr-xr-xbase/ca/shared/webapps/ca/500.html139
-rw-r--r--base/ca/shared/webapps/ca/GenUnexpectedError.template68
-rw-r--r--base/ca/shared/webapps/ca/admin/GenUnexpectedError.template68
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template245
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template58
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/ImportCert.template268
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/adminEnroll.html779
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/securitydomainlogin.template114
-rw-r--r--base/ca/shared/webapps/ca/admin/ca/sendCookie.template97
-rw-r--r--base/ca/shared/webapps/ca/admin/cms-funcs.js538
-rw-r--r--base/ca/shared/webapps/ca/admin/helpfun.js35
-rw-r--r--base/ca/shared/webapps/ca/admin/index.html23
-rw-r--r--base/ca/shared/webapps/ca/agent/GenError.template80
-rw-r--r--base/ca/shared/webapps/ca/agent/GenPending.template63
-rw-r--r--base/ca/shared/webapps/ca/agent/GenRejected.template84
-rw-r--r--base/ca/shared/webapps/ca/agent/GenSuccess.template46
-rw-r--r--base/ca/shared/webapps/ca/agent/GenSvcPending.template61
-rw-r--r--base/ca/shared/webapps/ca/agent/GenUnauthorized.template44
-rw-r--r--base/ca/shared/webapps/ca/agent/GenUnexpectedError.template68
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/EnrollSuccess.template219
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ImportCert.template263
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ListRequests.html112
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ProfileApprove.template165
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ProfileList.template75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ProfileProcess.template179
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ProfileReview.template404
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/ProfileSelect.template175
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/SrchCert.html1694
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/SrchRequests.html384
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/SrchRevokeCert.html1137
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/UpdateDir.html367
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/blank.html27
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/bulkissuance.template24
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/cloneRedirect.template41
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/confirmRevocation.template212
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/displayBySerial.template298
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template131
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/displayCRL.template217
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template197
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/error.template56
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameCRL.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameDir.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameDisplayCRL.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameList.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameListReq.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameOCSP.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameProfile.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameRevoke.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameSearch.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameSrchRequests.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/frameStats.html32
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/getOCSPInfo.template117
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/getStats.template140
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/index.html33
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuCRL.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuDir.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuDisplayCRL.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuList.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuListReq.html74
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuOCSP.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuProfile.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuRevoke.html70
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuSearch.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuSrchRequests.html75
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/menuStats.html74
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/monitor.html77
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/monitor.template200
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/notImplemented.html30
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/processCertReq.template228
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/processReq.template1415
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/queryBySerial.html186
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/queryCert.html1543
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/queryCert.template527
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/queryReq.template453
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/reasonToRevoke.template491
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/revocationResult.template190
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/revokeBySerial.template88
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/revokeCert.html1086
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/srchCert.template435
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/toDisplayCRL.template364
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/toUpdateCRL.template386
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/top.html48
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/unrevocationResult.template127
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/updateCRL.html78
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/updateCRL.template180
-rw-r--r--base/ca/shared/webapps/ca/agent/ca/updateDir.template99
-rw-r--r--base/ca/shared/webapps/ca/agent/cms-funcs.js538
-rw-r--r--base/ca/shared/webapps/ca/agent/funcs.js736
-rw-r--r--base/ca/shared/webapps/ca/agent/header.template82
-rw-r--r--base/ca/shared/webapps/ca/agent/helpfun.js35
-rw-r--r--base/ca/shared/webapps/ca/agent/index.html23
-rw-r--r--base/ca/shared/webapps/ca/agent/index.template140
-rw-r--r--base/ca/shared/webapps/ca/agent/ports.template121
-rw-r--r--base/ca/shared/webapps/ca/agent/xenroll.dllbin0 -> 172664 bytes
-rw-r--r--base/ca/shared/webapps/ca/ee/GenError.template72
-rw-r--r--base/ca/shared/webapps/ca/ee/GenPending.template61
-rw-r--r--base/ca/shared/webapps/ca/ee/GenRejected.template82
-rw-r--r--base/ca/shared/webapps/ca/ee/GenSuccess.template44
-rw-r--r--base/ca/shared/webapps/ca/ee/GenSvcPending.template61
-rw-r--r--base/ca/shared/webapps/ca/ee/GenUnauthorized.template42
-rw-r--r--base/ca/shared/webapps/ca/ee/GenUnexpectedError.template62
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html426
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html189
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html66
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html364
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html508
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html510
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html175
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html533
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html517
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html169
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template248
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/GetCAChain.html107
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template58
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ImportCert.template268
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html41
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html162
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html693
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html156
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html167
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html705
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html508
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html156
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html213
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html751
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ProfileList.template71
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template865
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html30
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template137
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template217
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template89
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html472
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/UserRenewal.html98
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/UserRevocation.html118
-rwxr-xr-xbase/ca/shared/webapps/ca/ee/ca/bench2k.html58
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/checkRequest.html76
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/displayBySerial.template224
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template131
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/displayCRL.template227
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/displayCaCert.template111
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template177
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/enrollMenu.html31
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/index.html388
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html556
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html36
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html36
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html31
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html393
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html32
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html36
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html31
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/profileMenu.html32
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/queryBySerial.html190
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/queryCert.html1518
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/queryCert.template499
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template480
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html32
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template74
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/renewalMenu.html32
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/requestStatus.template221
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html36
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/revocationMenu.html31
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/revocationResult.template190
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/srchCert.html1587
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/srchCert.template487
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/tabs.html35
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template231
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template126
-rw-r--r--base/ca/shared/webapps/ca/ee/cms-funcs.js746
-rw-r--r--base/ca/shared/webapps/ca/ee/helpfun.js35
-rw-r--r--base/ca/shared/webapps/ca/ee/index.html23
-rw-r--r--base/ca/shared/webapps/ca/index.html23
-rw-r--r--base/ca/shared/webapps/ca/services.template106
174 files changed, 40286 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/404.html b/base/ca/shared/webapps/ca/404.html
new file mode 100755
index 000000000..49f75a9a3
--- /dev/null
+++ b/base/ca/shared/webapps/ca/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2009 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>CA 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+ <div id="headertitle">
+ <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+ </div>
+ <div id="account">
+ <dl><dt><span></span></dt><dd></dd></dl>
+ </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Error Page
+</font><br>
+<p>
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/500.html b/base/ca/shared/webapps/ca/500.html
new file mode 100755
index 000000000..fe8f8de33
--- /dev/null
+++ b/base/ca/shared/webapps/ca/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2009 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>CA 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+ <div id="headertitle">
+ <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+ </div>
+ <div id="account">
+ <dl><dt><span></span></dt><dd></dd></dl>
+ </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Error Page
+</font><br>
+<p>
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/GenUnexpectedError.template b/base/ca/shared/webapps/ca/GenUnexpectedError.template
new file mode 100644
index 000000000..312559994
--- /dev/null
+++ b/base/ca/shared/webapps/ca/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+ document.write(result.fixed.unexpectedError);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+ 'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/admin/GenUnexpectedError.template b/base/ca/shared/webapps/ca/admin/GenUnexpectedError.template
new file mode 100644
index 000000000..57d118aa5
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Admin Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+ document.write(result.fixed.unexpectedError);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+ 'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template b/base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template
new file mode 100644
index 000000000..d3709831e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/EnrollSuccess.template
@@ -0,0 +1,245 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enrollment Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+document.writeln('Congratulations a certificate has been issued and ' +
+'the administrator now has Certificate Manager Agent privileges.' +
+' You can now go to the <b>Agent Services</b> page' +
+' to process any pending requests.');
+
+document.writeln('<P>');
+document.writeln('Issued Certificates: </font>');
+document.writeln('<P>');
+document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">');
+document.writeln(' <tr> ');
+document.writeln(' <td>&nbsp;</td>');
+document.writeln(' </tr>');
+document.writeln('</table>');
+
+if (result.recordSet == null) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('0');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ // document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+/* document.write('Serial number ');
+ document.write('<B><PRE>');
+ document.writeln(toHex(result.recordSet[i].serialNo));
+ document.write('</B></PRE>');
+ document.writeln('<P>');
+ document.write('Base 64 encoded Cert<BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].base64Cert);
+ document.write('</PRE>');
+ document.writeln('<P>');
+ document.write('Cert Pretty Print<BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE>');
+*/
+
+ document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Serial number ');
+ document.writeln('&nbsp; 0x' + result.recordSet[i].serialNo);
+ document.writeln('</font><br>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate contents</font></td></tr></table>');
+
+ document.writeln('<pre>');
+// document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+ document.write(result.recordSet[i].certPrettyPrint);
+// document.writeln('</font>');
+ document.writeln('</pre>');
+/*
+ document.writeln('<p>');
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate fingerprints</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.write(result.recordSet[i].certFingerprint);
+ document.writeln('</pre>');
+*/
+ document.writeln('<p>');
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Base 64 encoded certificate</font></td></tr></table>');
+ document.writeln('<p><pre>');
+// document.write('<font face="PrimaSans BT, Verdana, sans-serif" >');
+ document.writeln(result.recordSet[i].base64Cert);
+// document.writeln('</font>');
+ document.writeln('</pre>');
+ }
+ }
+ // document.writeln('</UL>');
+
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+
+// import certs if cartman.
+if (navigator.appName == 'Netscape' &&
+ typeof(crypto.version) != "undefined" &&
+ typeof(result.fixed.crmfReqId) != "undefined") {
+
+// window.location = result.fixed.scheme + "://" +
+// result.fixed.host + ":" + result.fixed.port +
+// "/ca/getAdminCertBySerial?serialNumber=" +
+// record.serialNo +
+// "&importCert=true";
+
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+
+ if (errors != '') {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('</font>');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ else {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ document.writeln('</font>');
+ }
+
+ // crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+} else if (navigator.appName == 'Netscape' &&
+ typeof(crypto.version) == "undefined") {
+ // non Cartman
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/ca/getAdminCertBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+}
+
+</SCRIPT>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+
+ ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template b/base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template
new file mode 100644
index 000000000..e52764ec6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/ImportAdminCert.template
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>VBScript Administrator Certificate Enrollment
+</TITLE>
+<CMS_TEMPLATE>
+<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
+ codebase="xenroll.dll"
+ id=Enroll >
+</OBJECT>
+<SCRIPT language="VBScript">
+<!--
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+-->
+</SCRIPT>
+</head>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/admin/ca/ImportCert.template b/base/ca/shared/webapps/ca/admin/ca/ImportCert.template
new file mode 100644
index 000000000..5530cf2d1
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/ImportCert.template
@@ -0,0 +1,268 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host '+result.fixed.host+'<BR>');
+//document.writeln('port '+result.fixed.port+'<BR>');
+//document.writeln('scheme '+result.fixed.scheme+'<BR>');
+//document.writeln('authority '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+ return parseInt(
+ navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln('Importing the following certificate to your browser:');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No more information on your certificate is provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ //document.write('Serial number ');
+ //document.write('<BLOCKQUOTE><B><PRE>');
+ //document.writeln(result.recordSet[i].serialNo);
+ //document.write('</BLOCKQUOTE></B></PRE>');
+ //document.writeln('<P>');
+ //document.write('Your certificate in Base 64 encoded form:<BR>');
+ //document.write('<BLOCKQUOTE><PRE>');
+ //document.writeln(result.recordSet[i].base64Cert);
+ //document.write('</PRE></BLOCKQUOTE>');
+ document.writeln('<P>');
+ document.write('Certificate Content: <BR>');
+ document.write('<BLOCKQUOTE><PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE></BLOCKQUOTE>');
+ }
+ }
+ document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point but
+// it creates a javascript error that clobbers the result variable set in
+// the template.
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined" &&
+ typeof(result.fixed.crmfReqId) != "undefined") {
+ //alert('certNickname is '+result.fixed.certNickname);
+ //alert(result.fixed.cmmfResponse);
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+ // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+
+ // NOTE: Alpha version of cartman always returns a non-empty string
+ // from importUserCertificates() so we can only always assume succcess.
+ // Uncomment the following line and add appropriate javascripts/messages
+ // for use with a later version of cartman.
+ // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below
+ // to check for errors returned from importUserCertificates.
+ if (errors != '') {
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ else {
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ }
+
+// document.writeln(
+// 'NOTE: '+
+// 'The following was returned by the browser when importing '+
+// 'the certificate:');
+// document.writeln('<BLOCKQUOTE><PRE>');
+// document.writeln(errors);
+// document.writeln('</PRE></BLOCKQUOTE>');
+// document.writeln(
+// 'If there was an error message it could be that you do not have '+
+// 'the private key of the certificate you are trying to import. '+
+// 'Please consult your system administrator for assistance.');
+}
+
+//-->
+</SCRIPT>
+
+<!--
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'>
+</OBJECT>
+-->
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ if ((navigator.appVersion).indexOf("NT 6.") > -1) {
+ document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>");
+ } else {
+ document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
+ }
+}
+//-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+
+ 'Get OS Version, works for Vista and below only
+ Function GetOSVersion
+ dim agent
+ dim res
+ dim pos
+
+ agent = Navigator.appVersion
+ pos = InStr(agent,"NT 6.")
+
+ If pos > 0 Then
+ GetOSVersion = 6
+ Exit Function
+ End If
+
+ pos = InStr(agent,"NT 5.")
+
+ If pos > 0 Then
+ GetOSVersion = 5
+ Exit Function
+ End If
+
+ GetOSVersion = 5
+ End Function
+
+ 'Sub ImportCertificate
+ Sub ImportCertificate (pkcs7)
+ 'Dim pkcs7
+ Dim res
+ Dim osVersion
+
+ On Error Resume Next
+ osVersion = GetOSVersion()
+
+ 'Convert the cert to PKCS7 format
+ 'pkcs7 = result.header.pkcs7ChainBase64
+ 'ret = MsgBox(pkcs7, 0, "Import PKCS7 Cert")
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ If osVersion <> 6 Then 'Not Vista
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+ Exit Sub
+ Else 'Vista
+ Dim enrollObj
+
+ Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+ If IsObject(enrollObj) = False Then
+ res = MsgBox("Can't create Enroll Object!")
+ Exit Sub
+ End If
+
+ enrollObj.Initialize(1)
+ enrollObj.InstallResponse 0,pkcs7,6,""
+
+ If Err.number <> 0 Then
+ sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred."
+ res =MsgBox(sz & Err.description)
+ else
+ res = MsgBox("Certificate has been successfully imported.")
+ End If
+ End If
+ End Sub
+
+ 'ImportCertificate()
+-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ var pkcs7 = result.header.pkcs7ChainBase64;
+ //alert("pkcs7="+pkcs7);
+ ImportCertificate(pkcs7);
+}
+//-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/admin/ca/adminEnroll.html b/base/ca/shared/webapps/ca/admin/ca/adminEnroll.html
new file mode 100644
index 000000000..8b6335ab5
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/adminEnroll.html
@@ -0,0 +1,779 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Admin Enrollment form.</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/admin/cms-funcs.js"></script>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/admin/helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/admin/dynamicVars.js"></SCRIPT>
+
+
+<SCRIPT>
+<!--
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function updateUid(f)
+{
+ if (f.uid.value != '') {
+ f.UID1.value = f.uid.value;
+ }
+ formulateDN(f, f.subject);
+}
+
+var crmfObject;
+function validate(form)
+{
+ if (!checkValidity())
+ return false;
+
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ if (isValidCSR(form) == false) {
+ //alert(' is not valid csr');
+ return false;
+ }
+
+ var keyGenAlg = "rsa-ex";
+ // var kraTranCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+ // var keyGenAlg = "rsa-ex";
+
+ var keylen=512;
+
+ // generate keys for cartman.
+ if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined") {
+ certNickname.value = subject.value;
+ crmfObject = crypto.generateCRMFRequest(
+ subject.value,
+ "regToken", "authenticator",
+ null,
+ "setCRMFRequest();",
+ keylen, null, "rsa-dual-use");
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ //alert(crmfObject.request);
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.C.Value <> Empty) Then
+ If doubleQuotes(TheForm.C.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Country field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+ End If
+
+ If (TheForm.O.Value <> Empty) Then
+ If doubleQuotes(TheForm.O.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Organiztion field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+ End If
+
+ If (TheForm.OU.Value <> Empty) Then
+ If doubleQuotes(TheForm.OU.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Org Unit field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+ End If
+
+ If (TheForm.UID1.Value <> Empty) Then
+ If doubleQuotes(TheForm.UID1.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID1.Value)
+ End If
+
+ If (TheForm.CN.Value <> Empty) Then
+ If doubleQuotes(TheForm.CN.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Common Name field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+ End If
+
+ If (TheForm.E.Value <> Empty) Then
+ If doubleQuotes(TheForm.E.Value) = True Then
+ MsgBox "Double quotes are not allowed in the eMail field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+ End If
+
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN("","")
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+ if (navigator.appName == "Netscape" &&
+ navMajorVersion() <= 3) {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="adminEnroll">');
+ } else
+ if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined") {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="adminEnroll">');
+ } else {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="adminEnroll" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Administrator/Agent Certificate Enrollment<br>
+</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ To access the Agent Services pages and approve requests for certificates,
+ you must have a personal client SSL certificate so that Certificate
+ System can authenticate your identity. You must also
+ be designated as an agent, or privileged user.
+ <p>
+ Use this form to request this first personal certificate to be issued
+ by the system. When you submit the form, the certificate is issued
+ immediately and returned to you. The system also adds you
+ automatically to the list of agents. You must import the new
+ certificate into your browser before you can access the Agent Services
+ pages.
+ <p>
+ <b>After you submit this form, it is automatically disabled.</b> To enroll
+ again, or to enroll other users, please see the documentation.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <b>Important:</b>
+ </font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer
+ on which you plan to use the certificate.
+ </font></td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Authentication Information</b><br>
+ Enter the user ID and password for the administrator/agent.
+ </td>
+ </tr>
+ <tr>
+ <td align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ User ID:</font>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30" onchange="updateUid(this.form)">
+ </td>
+ </tr>
+ <tr>
+ <td align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Password:</font>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+
+ <tr>
+ <td VALIGN=TOP COLSPAN="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Subject Name</b><br>
+ Enter values for the DN components you want to have in your certificate.
+ </font>
+ </td>
+ </tr>
+
+ <tr>
+ <td align=right>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Full name:
+ </font>
+ </td>
+ <td VALIGN=TOP>
+ <input type="HIDDEN" name="csrRequestorName">
+ <input type="TEXT" name="CN" value="CS Administrator" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td ALIGN=RIGHT>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Login name:
+ </font>
+ </td>
+ <td VALIGN=TOP>
+ <input type="TEXT" name="UID1" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td ALIGN=RIGHT>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Email address:
+ </font>
+ </td>
+ <td>
+ <input type="TEXT" name="E" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td ALIGN=RIGHT>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Organization unit:
+ </font>
+ </td>
+ <td>
+ <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td ALIGN=RIGHT>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Organization:
+ </font>
+ </td>
+ <td>
+ <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td ALIGN=RIGHT>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Country:
+ </font>
+ </td>
+ <td>
+ <input type="TEXT" name="C" value="US" size=2 maxlength=2 onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+
+ <tr>
+ <td></td>
+
+ <td>
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="false" name="email">
+ <input type="HIDDEN" value="true" name="ssl_client">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ </td>
+ </tr>
+
+<script lang=javascript>
+<!--
+function renderSelectionWithNames(name, from, to, selected, names)
+{
+ document.writeln('<SELECT NAME="'+name+'" onChange="checkValidity()">');
+ for (var i = from; i < to; i++) {
+ if (i == selected) {
+ document.writeln('<OPTION VALUE='+i+' SELECTED>'+names[i]);
+ } else {
+ document.writeln('<OPTION VALUE='+i+'>'+names[i]);
+ }
+ }
+ document.writeln('</SELECT>');
+}
+
+function renderSelection(name, from, to, selected)
+{
+ document.writeln('<SELECT NAME="'+name+'" onChange="checkValidity()">');
+ for (var i = from; i < to; i++) {
+ if (i == selected) {
+ document.writeln('<OPTION VALUE='+i+' SELECTED>'+i);
+ } else {
+ document.writeln('<OPTION VALUE='+i+'>'+i);
+ }
+ }
+ document.writeln('</SELECT>');
+}
+
+function renderValidityInfo()
+{
+ document.writeln('<tr><td valign="top" colspan="2">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Validity</b><br>');
+ document.writeln('Set certificate validity period by selecting dates,');
+ document.writeln('for which certificate is not valid before and not valid after.');
+ document.writeln('</font></td></tr>');
+
+ var months = new Array("January", "February", "March", "April",
+ "May", "June", "July", "August",
+ "September", "October", "November", "December");
+
+ var startDay = new Date(serverdate);
+ var year = startDay.getFullYear();
+ var time1 = startDay.getTime();
+ var time2 = time1 + 31536000000; // 1 Year (365 days)
+ var endDay = new Date(time2);
+
+
+ document.writeln('<tr><td align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Not valid before:</font></td>');
+ document.writeln('<td valign="top">');
+
+ renderSelection("fromDay", 1, 32, startDay.getDate());
+ renderSelectionWithNames("fromMonth", 0, months.length, startDay.getMonth(), months);
+ renderSelection("fromYear", year-2, year+10, year);
+ document.writeln('&nbsp;&nbsp;');
+ renderSelection("fromHour", 0, 24, startDay.getHours());
+ renderSelection("fromMinute", 0, 60, startDay.getMinutes());
+ renderSelection("fromSecond", 0, 60, startDay.getSeconds());
+ document.writeln('</td></tr>');
+
+
+ document.writeln('<tr><td align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Not valid after:</font></td>');
+ document.writeln('<td valign="top">');
+
+ renderSelection("toDay", 1, 32, endDay.getDate());
+ renderSelectionWithNames("toMonth", 0, months.length, endDay.getMonth(), months);
+ renderSelection("toYear", year-2, year+10, endDay.getFullYear());
+ document.writeln('&nbsp;&nbsp;');
+ renderSelection("toHour", 0, 24, endDay.getHours());
+ renderSelection("toMinute", 0, 60, endDay.getMinutes());
+ renderSelection("toSecond", 0, 60, endDay.getSeconds());
+ document.writeln('</td></tr>');
+
+ document.writeln('<tr><td valign="top" colspan="2">');
+ document.writeln('<input type="HIDDEN" name="notValidBefore" value="">');
+ document.writeln('<input type="HIDDEN" name="notValidAfter" value="">');
+ document.writeln('</td></tr>');
+
+ document.forms[0].notValidBefore.value = time1;
+ document.forms[0].notValidAfter.value = time2;
+}
+
+function checkValidity()
+{
+ var i;
+ var fromDate;
+ i = document.forms[0].fromDay.selectedIndex;
+ var day = document.forms[0].fromDay.options[i].value;
+ i = document.forms[0].fromMonth.selectedIndex;
+ var month = document.forms[0].fromMonth.options[i].value;
+ i = document.forms[0].fromYear.selectedIndex;
+ var year = document.forms[0].fromYear.options[i].value;
+ i = document.forms[0].fromHour.selectedIndex;
+ var hour = document.forms[0].fromHour.options[i].value;
+ i = document.forms[0].fromMinute.selectedIndex;
+ var minute = document.forms[0].fromMinute.options[i].value;
+ i = document.forms[0].fromSecond.selectedIndex;
+ var second = document.forms[0].fromSecond.options[i].value;
+
+ fromDate = new Date(year,month,day,hour,minute,second);
+ if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return false;
+ }
+ var fromTime = fromDate.getTime();
+
+ var toDate;
+ i = document.forms[0].toDay.selectedIndex;
+ day = document.forms[0].toDay.options[i].value;
+ i = document.forms[0].toMonth.selectedIndex;
+ month = document.forms[0].toMonth.options[i].value;
+ i = document.forms[0].toYear.selectedIndex;
+ year = document.forms[0].toYear.options[i].value;
+ i = document.forms[0].toHour.selectedIndex;
+ hour = document.forms[0].toHour.options[i].value;
+ i = document.forms[0].toMinute.selectedIndex;
+ minute = document.forms[0].toMinute.options[i].value;
+ i = document.forms[0].toSecond.selectedIndex;
+ second = document.forms[0].toSecond.options[i].value;
+
+ toDate = new Date(year,month,day,hour,minute,second);
+ if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return false;
+ }
+ var toTime = toDate.getTime();
+
+
+ if (fromTime > toTime) {
+ alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+ return false;
+ }
+
+ document.forms[0].notValidBefore.value = fromTime;
+ document.forms[0].notValidAfter.value = toTime;
+
+ return true;
+}
+
+renderValidityInfo();
+//-->
+</script>
+
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Key Information</b><br>
+ When your submit this form, the browser generates a private and
+ public key. The browser retains the private key and submits the
+ public key along with your request for a certificate.
+ The public key becomes part of your certificate. <P>
+<script lang=javascript>
+<!--
+ if (navigator.appName == 'Netscape' && navMajorVersion() <= 3) {
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. ');
+ } else
+ if (navigator.appName == 'Netscape' && typeof(crypto.version) == "undefined") {
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. ');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ }
+//-->
+</script>
+ </font>
+ </td>
+ </tr>
+ <tr>
+<script lang=javascript>
+<!--
+ if (navigator.appName == "Netscape") {
+ if (navMajorVersion() <= 3) {
+ document.write('<td align="right">');
+ document.write('<font size="-1" '+
+ 'face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('Key Length:');
+ document.write('</font>');
+ document.write('</td>');
+ document.write('<td>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ document.write('</td>');
+ } else
+ if (typeof(crypto.version) == "undefined") {
+ //alert('not cartman');
+ document.write('<td align="right">');
+ document.write('<font size="-1" '+
+ 'face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('Key Length:');
+ document.write('</font>');
+ document.write('</td>');
+ document.write('<td>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ document.write('</td>');
+ }
+ else {
+ //alert('cartman');
+ //document.write('<td>');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //document.write('</td>');
+ }
+ }
+//-->
+</script>
+
+ </td>
+ </tr>
+
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+<script lang=javascript>
+<!--
+ if (navigator.appName == "Netscape" &&
+ navMajorVersion() <= 3) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else
+ if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('cartman');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+//-->
+</script>
+
+ <input type="hidden" name="subject" value="" >
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ <img src="/pki/images/spacer.gif" width="9" height="6">
+ <!-- <input type="button" value="Help" onclick=
+ "help('http://www.redhat.com/docs/manuals/cert-system#Administrator/Agent Certificate Enrollment')"
+ name="button" width="72"> -->
+ <input type="hidden" name="certType" value="client">
+
+<script lang=javascript>
+<!--
+ if (navigator.appName == 'Netscape') {
+ if (navMajorVersion() < 4 ||
+ typeof(crypto.version) == "undefined") {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="CRMFRequest" value="">');
+ document.write(
+ '<input type="hidden" name="cmmfResponse" value="on">');
+ document.write(
+ '<input type="hidden" name="certNickname" value="">');
+ }
+ }
+ else {
+ // IE
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+</script>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/admin/ca/securitydomainlogin.template b/base/ca/shared/webapps/ca/admin/ca/securitydomainlogin.template
new file mode 100644
index 000000000..eac3ac476
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/securitydomainlogin.template
@@ -0,0 +1,114 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+ <head>
+
+ <title>CA Admin Security Domain Login</title>
+
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+ </head>
+
+
+<div id="wrap">
+<div id="header">
+ <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+ <div id="headertitle">
+ <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+ </div>
+ <div id="account">
+ <dl><dt><span></span></dt><dd></dd></dl>
+ </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+ <div id="content">
+ <table width="100%" cellspacing="0">
+ <tr>
+ <td width="100%">
+ <h1><img src="/pki/images/icon-software.gif" />
+<script language=javascript>
+document.write('Security Domain ('+result.header.sdname+') Login </h1>');
+</script>
+ <form name=sdForm action="getCookie" method="post">
+
+<script language=javascript>
+document.write('<p>The Enterprise '+result.header.subsystem+' Administrator will register this '+result.header.subsystem+' Subsystem located at '+ result.header.host+' under this Security Domain located at '+result.header.sdhost+'. The credential information will be provided to the Security Domain for authentication.<p>');
+if (result.header.errorString != null)
+document.write('<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">'+result.header.errorString+'</font>');
+document.write('<table class="details">');
+document.write('<tr>');
+document.write('<th>Uid:</th>');
+if (result.header.sd_uid != null)
+document.write('<td><input type="text" length="128" size="40" name="uid" value="'+result.header.sd_uid+'" /></td>');
+else
+document.write('<td><input type="text" length="128" size="40" name="uid" value="" /></td>');
+document.write('</tr>');
+document.write('</tr>');
+document.write('<th>Password:</th>');
+
+if (result.header.sd_pwd != null)
+document.write('<td><input type="password" length="64" size="40" name="pwd" value="'+result.header.sd_pwd+'" autocomplete="off" /></td>');
+else
+document.write('<td><input type="password" length="64" size="40" name="pwd" value="" autocomplete="off" /></td>');
+document.write('</tr>');
+document.write('<input type=hidden name=url value="'+result.header.url+'">');
+document.write('</table>');
+</script>
+
+ <div align="right">
+ <hr />
+ &nbsp;
+ </div>
+
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+ <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login">
+</div>
+ </td>
+</tr>
+</table>
+
+ </form>
+
+ </td>
+ </tr>
+ </table>
+
+ </div> <!-- close content -->
+ </div> <!-- close wrap -->
+
+ </body>
+</html>
diff --git a/base/ca/shared/webapps/ca/admin/ca/sendCookie.template b/base/ca/shared/webapps/ca/admin/ca/sendCookie.template
new file mode 100644
index 000000000..b35881ed6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/ca/sendCookie.template
@@ -0,0 +1,97 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>CA Admin Send Cookie</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/ca/css/rhn-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366" onLoad="document.cookieForm.submit()">
+
+<div id="header">
+ <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+ <div id="headertitle">
+ <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+ </div>
+ <div id="account">
+ <dl><dt><span></span></dt><dd></dd></dl>
+ </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Sending Session ID ...
+</font><br>
+<p>
+</font>
+<p>
+<center>
+<script language=javascript>
+document.write('<form name="cookieForm" method="post" action="'+result.header.url+'">');
+</script>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+ document.write('<tr valign="TOP">');
+ document.write('<td>');
+ document.write('<input type="hidden" name="session_id" value="'+result.header.session_id+'">');
+ document.write('</td></tr>');
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</form>
+</center>
+ <div id="footer">
+ </div>
+
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/admin/cms-funcs.js b/base/ca/shared/webapps/ca/admin/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+ var speed;
+ var server_date = new Date(serverdate);
+ var client_date = new Date();
+ var zone = client_date.getTimezoneOffset();
+ var timediff = 0;
+
+ var serverutc = server_date.getTime();
+ var clientutc = client_date.getTime();
+
+ var offset = clientutc - serverutc;
+ if (offset >0) {
+ speed = 'fast';
+ } else {
+ speed = 'slow';
+ }
+ timediff = Math.round(Math.abs(offset/1000/60));
+
+ if (timediff > 10) {
+ msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed +
+ '\n\nYou may encounter problems using your certificate\n' +
+ 'as your clock is set incorrectly.\n\n' +
+ 'According to the server, the time is:\n ' + server_date +
+ '\n\nPlease correct your clock before proceeding with enrollment'+
+ '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+ 'If you change your timezone, you may need to restart your browser\n'+
+ 'before continuing.';
+ alert(msg);
+ return false;
+ }
+ return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+ for (i=0; i < componentName.length; i++) {
+ if (componentName.charAt(i) == '"') {
+ return true;
+ }
+ }
+ return false;
+}
+
+function escapeDNComponent(str)
+{
+ var outStr = "";
+ var escapeValue = false;
+
+ // Do we need to escape any characters
+ for (i=0; i < str.length; i++) {
+ c = str.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n') {
+ escapeValue = true;
+ break;
+ }
+ }
+
+ if (escapeValue == true) {
+ outStr += '"';
+ outStr += str;
+ outStr += '"';
+ } else {
+ outStr += str;
+ }
+ return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+ // Note: The alerts about double quotes are here to avoid
+ // problems with the code dealing with quoting and escaping in the
+ // Netscape Directory Server 1.0 implementation.
+ with (form) {
+ distinguishedName.value = '';
+ if (form.E != null) {
+ if (E.value != '') {
+ if (doubleQuotes(E.value) == true) {
+ alert('Double quotes are not allowed in the E-mail field');
+ E.value = '';
+ E.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+ }
+ }
+ if (form.CN!= null) {
+ if (CN.value != '') {
+ if (doubleQuotes(CN.value) == true) {
+ alert('Double quotes are not allowed in Common Name field');
+ CN.value = '';
+ CN.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+ }
+ }
+ if (form.UID1 != null) {
+ if (UID1.value != '') {
+ if (doubleQuotes(UID1.value) == true) {
+ alert('Double quotes are not allowed in the user id field');
+ UID1.value = '';
+ UID1.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+ }
+ }
+ if (form.OU != null) {
+ if (OU.value != '') {
+ if (doubleQuotes(OU.value) == true) {
+ alert('Double quotes are not allowed in Org Unit field');
+ OU.value = '';
+ OU.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+ }
+ }
+ if (form.O != null) {
+ if (O.value != '') {
+ if (doubleQuotes(O.value) == true) {
+ alert('Double quotes are not allowed in Organization field.');
+ O.value = '';
+ O.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+ }
+ }
+ if (form.L != null) {
+ if (L.value != '') {
+ if (doubleQuotes(L.value) == true) {
+ alert('Double quotes are not allowed in Locality field.');
+ L.value = '';
+ L.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+ }
+ }
+ if (form.ST != null) {
+ if (ST.value != '') {
+ if (doubleQuotes(ST.value) == true) {
+ alert('Double quotes are not allowed in State field.');
+ ST.value = '';
+ ST.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+ }
+ }
+ if (form.C != null) {
+ if (C.value != '') {
+ if (doubleQuotes(C.value) == true) {
+ alert('Double quotes are not allowed in Country field.');
+ C.value = '';
+ C.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+ }
+ }
+ }
+}
+
+function isValidIssuerDN(form)
+{
+ // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+ // that are triggered on formation of the nickname on import of a CA cert if
+ // that cert does not contain an OU or O component.
+ if ((form.OU.value == '') && (form.O.value == '')) {
+ alert("You must enter an Organization Unit or an Organization.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidAdminDN(form)
+{
+ // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+ // that are triggered on formation of the nickname on import of a personal cert if
+ // that cert does not contain a common name.
+
+ if (form.CN.value == '') {
+ alert("You must enter a Common Name.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidCSR(form)
+{
+ // Note: the checks here are of mixed origin. Some are required for Navigator
+ // and Communicator. The CSR field checks are to avoid server side rejection of the
+ // submission. These checks can be split up to be different for different types of
+ // certificates.
+
+ formulateDN(form, form.subject);
+ // DEBUG
+ //alert(form.subject);
+
+ with (form) {
+ if (email != null) {
+ if (E.value == "" && email.checked) {
+ alert("E-mail certificates must include an E-mail address.");
+ return false;
+ }
+ }
+ if (CN.value == "") {
+ alert("You must supply your name for the certificate.");
+ return false;
+ }
+ return true;
+ }
+}
+
+function isNumber(string, radix) {
+ var i = 0;
+ var legalDigits;
+ if (radix == null || radix == 10) {
+ legalDigits = "0123456789";
+ } else if (radix == 16) {
+ legalDigits = "0123456789abcdefABCDEF:";
+ } else {
+ return false;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+ ++i;
+ }
+ if (radix == 16 && i < string.length - 2 &&
+ string.charAt(i) == '0' &&
+ (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+ legalDigits.indexOf(string.charAt(i+2)) != -1) {
+ i += 3;
+ }
+ for(; i < string.length; ++i) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+ return true;
+}
+
+function dateForm(name)
+{
+ var i;
+ document.write('<FORM NAME=\"'+ name +'\">');
+ document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+ for (i=1; i <=31; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('<SELECT NAME=\"month\">'+
+ '<OPTION VALUE=13> '+
+ '<OPTION VALUE=0>January'+
+ '<OPTION VALUE=1>February'+
+ '<OPTION VALUE=2>March'+
+ '<OPTION VALUE=3>April'+
+ '<OPTION VALUE=4>May'+
+ '<OPTION VALUE=5>June'+
+ '<OPTION VALUE=6>July'+
+ '<OPTION VALUE=7>August'+
+ '<OPTION VALUE=8>September'+
+ '<OPTION VALUE=9>October'+
+ '<OPTION VALUE=10>November'+
+ '<OPTION VALUE=11>December'+
+ '</SELECT>'
+ );
+
+ document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+ for (i=1996; i <=2006; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+ return form.day.selectedIndex == 0 &&
+ form.month.selectedIndex == 0 &&
+ form.year.selectedIndex == 0;
+}
+
+
+function convertDate(form, fieldName)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day ) {
+ alert(fieldName + " is invalid");
+ return null;
+ }
+ else
+ return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+ return 3600 * 24 * days;
+}
+
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+ var result;
+ var fromIndex = 0, toIndex = 0;
+
+ // kludgy work-around for indexOf JavaScript bug on empty string
+ if (value == "")
+ return '\"\"';
+
+ result = '\"';
+ while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+ result += value.substring(fromIndex,toIndex);
+ result += '\\"';
+ fromIndex = toIndex + 1;
+ }
+ result += value.substring(fromIndex,value.length);
+ result += '\"';
+ return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+ var last = list.length;
+ if (asPattern) {
+ list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+ }
+ else if (value != "")
+ list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponent(result,"E",E.value,asPattern);
+ makeComponent(result,"CN",CN.value,asPattern);
+ makeComponent(result,"UID",UID.value,asPattern);
+ makeComponent(result,"OU",OU.value,asPattern);
+ makeComponent(result,"O",O.value,asPattern);
+ makeComponent(result,"L",L.value,asPattern);
+ makeComponent(result,"ST",ST.value,asPattern);
+ makeComponent(result,"C",C.value,asPattern);
+ }
+ if (result.length == 0)
+ return asPattern ? "0 == 0" : "0 == 1";
+ else
+ return "subject" + ( asPattern ? " ~= " : " == ") +
+ escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+ for (var i = 0; i < radioArg.length; ++i ){
+ if( radioArg[i].checked ) {
+ if (radioArg[i].value.length != 0) {
+ crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+ }
+ return;
+ }
+ }
+}
+
+function isHTTPEscapeChar(c)
+{
+ if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+ c == '\r' || c == '\t' || c == ';' || c == '&' ||
+ c == '>') {
+ return true;
+ }
+
+ return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+ table = new Object();
+ table["%"] = "25";
+ table["#"] = "23";
+ table["+"] = "2B";
+ table["="] = "3D";
+ table["\n"] = "0A";
+ table["\r"] = "0D";
+ table["\t"] = "09";
+ table[";"] = "3B";
+ table["&"] = "26";
+ table[">"] = "3E";
+
+ outString = "";
+
+ for (i=0; i < inString.length; i++) {
+ if (inString.charAt(i) == ' ') {
+ outString += '+';
+ } else {
+ if (isHTTPEscapeChar(inString.charAt(i))) {
+ outString += "%" + table[inString.substring(i, i+1)];
+ } else {
+ outString += inString.charAt(i);
+ }
+ }
+ }
+
+ return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+ var i;
+ for(i = 0; i < s.length - 1; ++i) {
+ if (s.charAt(i) != ' ' )
+ break;
+ }
+ if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+ return s.substring(i+2,s.length);
+ } else {
+ return s.substring(i,s.length);;
+ }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+ var result = "";
+
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c != ':' ){
+ result += c;
+ }
+ }
+ return result;
+}
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/base/ca/shared/webapps/ca/admin/helpfun.js b/base/ca/shared/webapps/ca/admin/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) {
+
+ var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
+
+ HelpWin.location = helptopic;
+ HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+ window.status = helpline;
+
+ return true;
+
+}
+
diff --git a/base/ca/shared/webapps/ca/admin/index.html b/base/ca/shared/webapps/ca/admin/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/admin/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+ // redirect to 'ROOT'
+ window.location = "/";
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/GenError.template b/base/ca/shared/webapps/ca/agent/GenError.template
new file mode 100644
index 000000000..19f85f7ab
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenError.template
@@ -0,0 +1,80 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Processing Error!</TITLE>
+</HEAD>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+ document.write(result.fixed.errorDetails);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+ document.writeln('<P>');
+ document.write('Additional Information:');
+ document.writeln('<P>');
+ document.write('<BLOCKQUOTE><B><PRE>');
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].errorDescription != null) {
+ document.writeln(result.recordSet[i].errorDescription);
+ }
+ }
+ document.writeln('</UL>');
+ document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/GenPending.template b/base/ca/shared/webapps/ca/agent/GenPending.template
new file mode 100644
index 000000000..50d23ee31
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenPending.template
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Pending</TITLE>
+
+</HEAD>
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null)
+ authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+ document.write('<B>'+result.fixed.requestId+'</B>.');
+ document.writeln('<P>');
+ document.write('Your can check on the status of your request with ');
+ document.write('an authorized agent or local administrator ');
+ document.writeln('by referring to this request ID.');
+} else {
+ document.write('<B>not provided.</B> ');
+ document.write('<P>');
+ document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/GenRejected.template b/base/ca/shared/webapps/ca/agent/GenRejected.template
new file mode 100644
index 000000000..81d12641a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenRejected.template
@@ -0,0 +1,84 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Rejected</TITLE>
+</HEAD>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+ document.writeln('No further details provided.');
+}
+else {
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].policyMessage != null) {
+ document.writeln(result.recordSet[i].policyMessage);
+ }
+ }
+ document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+ document.write('<B>not provided</B>.');
+ document.writeln('<P>');
+ document.write(
+ 'Please consult your local administrator for further assistance.');
+} else {
+ document.write('<B>'+result.fixed.requestId+'</B>. ');
+ document.writeln('<P>');
+ document.write(
+ 'You can contact an authorized agent or local administrator for ');
+ document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/GenSuccess.template b/base/ca/shared/webapps/ca/agent/GenSuccess.template
new file mode 100644
index 000000000..f3531f0b9
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenSuccess.template
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<!-- This template is intended to be replaced by request specific results ! -->
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Generic Request Success</TITLE>
+</HEAD>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null)
+ authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/base/ca/shared/webapps/ca/agent/GenSvcPending.template b/base/ca/shared/webapps/ca/agent/GenSvcPending.template
new file mode 100644
index 000000000..584402c69
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+ document.write(result.fixed.remoteAuthorityName);
+else
+ document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+ document.write('<B>'+result.fixed.requestId+'</B>.');
+ document.write('<P>');
+ document.write('Your can check on status of your request with an '+
+ 'authorized agent or local administrator by referring '+
+ 'to this request ID.');
+} else {
+ document.write('not provided. ');
+ document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/GenUnauthorized.template b/base/ca/shared/webapps/ca/agent/GenUnauthorized.template
new file mode 100644
index 000000000..f0016cdfa
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenUnauthorized.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<!-- This template is intended to be replaced by request specific results ! -->
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Generic Unauthorized</TITLE>
+</head>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/base/ca/shared/webapps/ca/agent/GenUnexpectedError.template b/base/ca/shared/webapps/ca/agent/GenUnexpectedError.template
new file mode 100644
index 000000000..58534e03b
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+ document.write(result.fixed.unexpectedError);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+ 'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/EnrollSuccess.template b/base/ca/shared/webapps/ca/agent/ca/EnrollSuccess.template
new file mode 100644
index 000000000..08bcd5240
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/EnrollSuccess.template
@@ -0,0 +1,219 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+</HEAD>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enrollment Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+
+<SCRIPT type="text/javascript">
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+document.writeln('Congratulations a certificate has been issued and ' +
+'the administrator now has Certificate Manager Agent privileges.' +
+'You can now go to '+
+'<a href="' + result.fixed.scheme + '://' + result.fixed.host +
+':' + result.fixed.port+ '/agent/ca">' + 'the agent page</a>' +
+' to process any pending requests.');
+
+document.writeln('<P>');
+document.writeln('Issued Certificates: </font>');
+document.writeln('<P>');
+document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">');
+document.writeln(' <tr> ');
+document.writeln(' <td>&nbsp;</td>');
+document.writeln(' </tr>');
+document.writeln('</table>');
+
+if (result.recordSet == null) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('0');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+
+ document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Serial number ');
+ document.writeln('&nbsp; 0x' + result.recordSet[i].serialNo);
+ document.writeln('</font><br>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate contents</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.write(result.recordSet[i].certPrettyPrint);
+ document.writeln('</pre>');
+ document.writeln('<p>');
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Base 64 encoded certificate</font></td></tr></table>');
+ document.writeln('<p><pre>');
+ document.writeln(result.recordSet[i].base64Cert);
+ document.writeln('</pre>');
+ }
+ }
+ // document.writeln('</UL>');
+
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+
+// import certs if cartman.
+if (navigator.appName == 'Netscape' &&
+ typeof(crypto.version) != "undefined" &&
+ typeof(result.fixed.crmfReqId) != "undefined") {
+
+// window.location = result.fixed.scheme + "://" +
+// result.fixed.host + ":" + result.fixed.port +
+// "/ca/getAdminCertBySerial?serialNumber=" +
+// record.serialNo +
+// "&importCert=true";
+
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+
+ if (errors != '') {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('</font>');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ else {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ document.writeln('</font>');
+ }
+
+ // crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+} else if (navigator.appName == 'Netscape' &&
+ typeof(crypto.version) == "undefined") {
+ // non Cartman
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/ca/getAdminCertBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+}
+
+</SCRIPT>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+
+ ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/ImportCert.template b/base/ca/shared/webapps/ca/agent/ca/ImportCert.template
new file mode 100644
index 000000000..37ad258c0
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ImportCert.template
@@ -0,0 +1,263 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+</HEAD>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate(s)
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+
+function navMajorVersion()
+{
+ return parseInt(
+ navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<B><PRE>');
+ document.writeln('No more information on your certificate is provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</B></PRE>');
+} else {
+ //document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ document.write('Serial number: ');
+ document.write('<B> 0x'+result.recordSet[i].serialNo+'</B>');
+ document.writeln('<P>');
+ document.write('Certificate in Base 64 encoded form:<BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].base64Cert);
+ document.write('</PRE>');
+ document.writeln('<P>');
+ document.write('Certificate Content: <BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE>');
+ }
+ }
+ //document.writeln('</UL>');
+}
+document.writeln('<P>');
+
+
+// NOTE: importUserCertificate should be done before this point but
+// it creates a javascript error that clobbers the result variable set in
+// the template.
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined" &&
+ typeof(result.fixed.crmfReqId) != "undefined") {
+ //alert('certNickname is '+result.fixed.certNickname);
+ //alert(result.fixed.cmmfResponse);
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+ // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+
+ // NOTE: Alpha-1 version of cartman always returns a non-empty string
+ // from importUserCertificates() so we can only always assume succcess.
+ // Uncomment the following line and add appropriate javascripts/messages
+ // for use with a later version of cartman.
+ // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines
+
+ if (errors != '') {
+
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('<PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE>');
+ }
+ else {
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ }
+ // removed this block for use with cartman Alpha-3.
+ //{
+ //document.writeln(
+ //'NOTE: Although the certificate was issued, the browser '+
+ //'may or may not have successfully imported the certificate. '+
+ //'The following was returned by the browser when importing '+
+ //'the certificate:');
+ //document.writeln('<PRE>');
+ //document.writeln(errors);
+ //document.writeln('</PRE>');
+ //document.writeln(
+ //'If there was an error message you can import the certificate again '+
+ //'by going to the end entity port and list the certificate by '+
+ //'its serial number.');
+ //}
+}
+
+//-->
+</SCRIPT>
+
+<!--
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+-->
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ if ((navigator.appVersion).indexOf("NT 6.") > -1) {
+ document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>");
+ } else {
+ document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
+ }
+}
+//-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+
+ 'Get OS Version, works for Vista and below only
+ Function GetOSVersion
+ dim agent
+ dim res
+ dim pos
+
+ agent = Navigator.appVersion
+ pos = InStr(agent,"NT 6.")
+
+ If pos > 0 Then
+ GetOSVersion = 6
+ Exit Function
+ End If
+
+ pos = InStr(agent,"NT 5.")
+
+ If pos > 0 Then
+ GetOSVersion = 5
+ Exit Function
+ End If
+
+ GetOSVersion = 5
+ End Function
+
+ 'Sub ImportCertificate
+ Sub ImportCertificate (pkcs7)
+ 'Dim pkcs7
+ Dim res
+ Dim osVersion
+
+ On Error Resume Next
+ osVersion = GetOSVersion()
+
+ 'Convert the cert to PKCS7 format
+ 'pkcs7 = result.header.pkcs7ChainBase64
+ 'ret = MsgBox(pkcs7, 0, "Import PKCS7 Cert")
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ If osVersion <> 6 Then 'Not Vista
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+ Exit Sub
+ Else 'Vista
+ Dim enrollObj
+
+ Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+ If IsObject(enrollObj) = False Then
+ res = MsgBox("Can't create Enroll Object!")
+ Exit Sub
+ End If
+
+ enrollObj.Initialize(1)
+ enrollObj.InstallResponse 0,pkcs7,6,""
+
+ If Err.number <> 0 Then
+ sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred."
+ res =MsgBox(sz & Err.description)
+ else
+ res = MsgBox("Certificate has been successfully imported.")
+ End If
+ End If
+ End Sub
+
+ 'ImportCertificate()
+-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ var pkcs7 = result.header.pkcs7ChainBase64;
+ //alert("pkcs7="+pkcs7);
+ ImportCertificate(pkcs7);
+}
+//-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/ListRequests.html b/base/ca/shared/webapps/ca/agent/ca/ListRequests.html
new file mode 100644
index 000000000..882f43ee3
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ListRequests.html
@@ -0,0 +1,112 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>List Certificate Service Requests</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ if (form.lastEntryOnPage.value != "") {
+ if (isDecimalNumber(form.lastEntryOnPage.value) ||
+ isHexNumber(form.lastEntryOnPage.value)) {
+ form.lastEntryOnPage.value = trim(form.lastEntryOnPage.value);
+ } else {
+ alert("You must specify a hexadecimal or decimal number " +
+ "for the starting request identifier.");
+ return;
+ }
+ }
+ form.submit();
+}
+//-->
+</script>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">List Requests<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to show a list of certificate requests.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM ACTION="queryReq" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="top" align="right">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request type:</font>
+ </td>
+ <td valign="top">
+ <SELECT NAME="reqType">
+ <OPTION SELECTED VALUE="enrollment">Show enrollment requests</OPTION>
+ <OPTION VALUE="renewal">Show renewal request</OPTION>
+ <OPTION VALUE="revocation">Show revocation requests</OPTION>
+ <OPTION VALUE="showAll">Show all requests</OPTION>
+ </SELECT>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" align="right">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request status:</font>
+ </td>
+ <td valign="top">
+ <SELECT NAME="reqState">
+ <OPTION SELECTED VALUE="showWaiting">Show pending requests</OPTION>
+ <OPTION VALUE="showCancelled">Show canceled requests</OPTION>
+ <OPTION VALUE="showRejected">Show rejected requests</OPTION>
+ <OPTION VALUE="showCompleted">Show completed requests</OPTION>
+ <OPTION VALUE="showAll">Show all requests</OPTION>
+ </SELECT>
+ </td>
+ </tr>
+ <tr>
+ <td valign="top" align="right">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Starting request number:<br></font>
+ </td>
+ <td><INPUT TYPE="TEXT" NAME="lastEntryOnPage" VALUE="0" SIZE=10 MAXLENGTH=99></td>
+ </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/pki/images/gray90.gif">
+ <TR>
+ <TD align="right" bgcolor="#e5e5e5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+ <INPUT TYPE="hidden" NAME="direction" VALUE="first">
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=7 MAXLENGTH=99 VALUE="20">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ <!-- <INPUT TYPE="button" VALUE="Help" width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Listing Certificate Requests')"> -->
+ </TD>
+ </TR>
+</TABLE>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/ProfileApprove.template b/base/ca/shared/webapps/ca/agent/ca/ProfileApprove.template
new file mode 100644
index 000000000..ff8613b42
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ProfileApprove.template
@@ -0,0 +1,165 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Manage Certificate Profiles<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+<form name="ReqForm" method="post" action="profileApprove">
+<script type="text/javascript">
+if (errorCode == 0) {
+document.writeln('<br>');
+document.writeln('<b><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information:</font></b>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Id:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Name:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<a href="profileSelect?profileId=' + profileId + '">');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</font>');
+document.writeln('</a>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Description:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsEnable);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved By:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+if (profileEnableBy != 'null') {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileEnableBy);
+document.writeln('</font>');
+}
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<input type=hidden name=profileId value="' +
+ profileId + '">');
+document.writeln('<p>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Policy Information:</b>');
+document.writeln('</font>');
+document.writeln('<p>');
+for (var i = 0; i < policySetListSet.length; i++) {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Policy Set: ' + policySetListSet[i].setId);
+document.writeln('</font>');
+document.writeln('<p>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<b>Constraints</b>');
+document.writeln('</td>');
+document.writeln('</tr>');
+ for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].policyId);
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].defDesc);
+ document.writeln('</font>');
+ document.writeln('<br>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].conDesc);
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ } // for
+document.writeln('</table>');
+document.writeln('<p>');
+} // for
+document.writeln('<p>');
+document.writeln('<p>');
+if (profileIsEnable == 'true') {
+ document.writeln('<input type=submit name=Disable value="Disable">');
+} else {
+ document.writeln('<input type=submit name=Approve value="Approve">');
+}
+} else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('Sorry, your operation is not successful. The error code is "' + errorReason + '".');
+ document.writeln('</font>');
+}
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/ProfileList.template b/base/ca/shared/webapps/ca/agent/ca/ProfileList.template
new file mode 100644
index 000000000..42e0f5cb3
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ProfileList.template
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Manage Certificate Profiles<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+<script type="text/javascript">
+document.writeln('<table style="font-family: PrimaSans BT, Verdana, sans-serif; font-size: 75%;">');
+document.writeln('<tr style="font-weight: bold;">');
+document.writeln('<td width=40%>');
+document.writeln('Certificate Profile Name');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('Description');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('End User Certificate Profile');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('Approved');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('By');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td>');
+ document.writeln('<a href="profileSelect?profileId=' +
+ recordSet[i].profileId + '">');
+ document.writeln(recordSet[i].profileName);
+ document.writeln('</a>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln(recordSet[i].profileDesc);
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln(recordSet[i].profileIsVisible);
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln(recordSet[i].profileIsEnable);
+ document.writeln('</td>');
+ document.writeln('<td>');
+ if (recordSet[i].profileEnableBy != 'null') {
+ document.writeln(recordSet[i].profileEnableBy);
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+} // for
+document.writeln('</table>');
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/ProfileProcess.template b/base/ca/shared/webapps/ca/agent/ca/ProfileProcess.template
new file mode 100644
index 000000000..95c38b2f3
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ProfileProcess.template
@@ -0,0 +1,179 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<script type="text/javascript">
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
+if (typeof(requestId) != "undefined") {
+ document.writeln(requestId);
+}
+document.writeln('<br></font>');
+</script>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+
+<script type="text/javascript">
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Information:</b>');
+document.writeln('</FONT>');
+document.writeln('<table border=1 width=100%>');
+if (typeof(requestId) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td width=30%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request ID:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<a href="profileReview?requestId=' + requestId + '">');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestId);
+document.writeln('</FONT>');
+document.writeln('</a>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(requestType) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Type:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestType);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(requestStatus) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Status:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestStatus);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(profileId) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(op) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Operation Requested:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(op);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(errorCode) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Error Code:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(errorCode);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(errorReason) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Error Reason:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(errorReason);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('</table>');
+if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
+ document.writeln('<table width=100%>');
+for (var i = 0; i < outputListSet.length; i++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+ document.writeln('<li>');
+ document.writeln(outputListSet[i].outputName);
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<tr valign=top>');
+ document.writeln('</tr>');
+ document.writeln('<td>');
+ if (outputListSet[i].outputSyntax == 'string') {
+ document.writeln(addEscapes(outputListSet[i].outputVal));
+ } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+ document.writeln('<pre>');
+ document.writeln(addEscapes(outputListSet[i].outputVal));
+ document.writeln('</pre>');
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+}
+ document.writeln('</table>');
+}
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/ProfileReview.template b/base/ca/shared/webapps/ca/agent/ca/ProfileReview.template
new file mode 100644
index 000000000..d3b997026
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ProfileReview.template
@@ -0,0 +1,404 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<style>
+TABLE { border-spacing: 0 0; }
+</style>
+
+<script type="text/javascript">
+function escapeValue(value)
+{
+ return value.replace(/"/g,'&quot;');
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
+document.writeln(requestId);
+document.writeln('<br></font>');
+</script>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
+width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+<script type="text/javascript">
+if (requestStatus == 'pending') {
+ document.writeln('<form method=post action="profileProcess">');
+ document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
+}
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request ID:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Type:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestType);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Status:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestStatus);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Requestor Host:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileRemoteHost);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Assigned To:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestOwner);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Creation Time:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestCreationTime);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Modification Time:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestModificationTime);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Approved By:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileApprovedBy);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Name:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Description:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+if (requestStatus != 'pending') {
+ document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
+ document.writeln('<table width=100% border=1>');
+ document.writeln('<tr>');
+ document.writeln('<td>');
+ document.writeln(requestNotes);
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ document.writeln('</table>');
+ document.writeln('<p>');
+}
+if (profileIsVisible == 'true') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Id</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Input Names</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Input Values</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < inputListSet.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(inputListSet[i].inputId);
+document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(inputListSet[i].inputName);
+document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(addEscapes(inputListSet[i].inputVal));
+document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('</tr>');
+}
+document.writeln('</table>');
+document.writeln('<p>');
+}
+if (requestStatus == 'complete') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
+for (var i = 0; i < outputListSet.length; i++) {
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+ document.writeln('<li>');
+ document.writeln(outputListSet[i].outputName);
+ document.writeln('</FONT>');
+ document.writeln('<p>');
+ if (outputListSet[i].outputSyntax == 'string') {
+ document.writeln(outputListSet[i].outputVal);
+ } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+ document.writeln('<pre>');
+ document.writeln(outputListSet[i].outputVal);
+ document.writeln('</pre>');
+ } else if (outputListSet[i].outputSyntax == 'der_b64') {
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE-----');
+ document.writeln(outputListSet[i].outputVal);
+ document.writeln('-----END CERTIFICATE-----');
+ document.writeln('</pre>');
+ }
+ document.writeln('</p>');
+}
+}
+if (requestStatus == 'pending') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Set Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileSetId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Constraints</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].policyId);
+document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].defDesc);
+document.writeln('</FONT>');
+ document.writeln('<p>');
+ document.writeln('<table width=100%>');
+ for (var j = 0; j < recordSet[i].defListSet.length; j++) {
+ document.writeln('<tr valign=top>');
+ if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
+ document.writeln('<td width=30%><i>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].defListSet[j].defName + ':');
+ document.writeln('</FONT>');
+ document.writeln('</i></td>');
+ document.writeln('<td width=70%>');
+ if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].defListSet[j].defVal);
+ document.writeln('</FONT>');
+ } else {
+ if (recordSet[i].defListSet[j].defSyntax == 'string') {
+ document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
+ } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
+ document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
+ } else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
+ document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
+ } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
+ document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
+ document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
+ } else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
+ document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
+ var c = recordSet[i].defListSet[j].defConstraint.split(',');
+ for(var k = 0; k < c.length; k++) {
+ if (recordSet[i].defListSet[j].defVal == c[k]) {
+ document.writeln('<option selected value=' + c[k] + '>');
+ } else {
+ document.writeln('<option value=' + c[k] + '>');
+ }
+ document.writeln(c[k]);
+ document.writeln('</option>');
+ }
+
+ document.writeln('</select>');
+ } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
+ document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
+ if (recordSet[i].defListSet[j].defVal == 'true') {
+ document.writeln('<option selected value=true>true</option>');
+ document.writeln('<option value=false>false</option>');
+ } else {
+ document.writeln('<option value=true>true</option>');
+ document.writeln('<option selected value=false>false</option>');
+ }
+ document.writeln('</select>');
+ }
+ }
+ document.writeln('</td>');
+ }
+ document.writeln('</tr>');
+ }
+ document.writeln('</table>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].conDesc);
+document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('</tr>');
+} // for
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
+document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
+document.writeln('<p>');
+ document.writeln('<SELECT NAME="op">');
+ document.writeln('<OPTION VALUE="update">Update request</OPTION>');
+ document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
+ document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
+ document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
+ document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
+ document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
+ document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
+ document.writeln('</SELECT>');
+if (typeof(nonce) != "undefined") {
+ document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
+}
+document.writeln('<input type=submit name=submit value=submit>');
+document.writeln('</form>');
+} // if
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/agent/ca/ProfileSelect.template
new file mode 100644
index 000000000..87bf61f45
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/ProfileSelect.template
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Approve Certificate Profile<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+<form name="ReqForm" method="post" action="profileApprove">
+<script type="text/javascript">
+document.writeln('<br>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Information:</b>');
+document.writeln('</font>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Id:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Name:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Description:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('End User Certificate Profile:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsVisible);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsEnable);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved By:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+if (profileEnableBy != 'null') {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileEnableBy);
+document.writeln('</font>');
+}
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<input type=hidden name=profileId value="' +
+ profileId + '">');
+document.writeln('<p>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Policy Information:</b>');
+document.writeln('</font>');
+document.writeln('<p>');
+for (var i = 0; i < policySetListSet.length; i++) {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Policy Set: ' + policySetListSet[i].setId);
+document.writeln('</font>');
+document.writeln('<p>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Constraints</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+ for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].policyId);
+document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].defDesc);
+document.writeln('</font>');
+ document.writeln('<br>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(policySetListSet[i].policySet[j].conDesc);
+document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ } // for
+document.writeln('</table>');
+document.writeln('<p>');
+} // for
+document.writeln('<p>');
+document.writeln('<p>');
+if (profileIsEnable == 'true') {
+ document.writeln('<input type=submit name=Disable value="Disable">');
+} else {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<input type=submit name=Approve value="Approve">');
+document.writeln('</font>');
+}
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/SrchCert.html b/base/ca/shared/webapps/ca/agent/ca/SrchCert.html
new file mode 100644
index 000000000..f3c8db026
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/SrchCert.html
@@ -0,0 +1,1694 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Search for Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search. Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ if (document.serialNumberRangeCritForm.inUse.checked) {
+ document.queryForm.serialNumberRangeInUse.value = 'on';
+ }
+ document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+ document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom,16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo,16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that are
+<select NAME="status">
+<option value="VALID">VALID
+<option value="INVALID">INVALID
+<option value="REVOKED">REVOKED
+<option value="EXPIRED">EXPIRED
+<option value="REVOKED_EXPIRED">REVOKED & EXPIRED
+</select>
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+ if (document.statusCritForm.inUse.checked) {
+ document.queryForm.statusInUse.value = 'on';
+ }
+ document.queryForm.status.value = document.statusCritForm.status.value;
+ return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+ return "(certStatus=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+ if (document.subjectCritForm.inUse.checked) {
+ document.queryForm.subjectInUse.value = 'on';
+ }
+ document.queryForm.eMail.value = document.subjectCritForm.eMail.value; document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+ document.queryForm.userID.value = document.subjectCritForm.userID.value;
+ document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+ document.queryForm.org.value = document.subjectCritForm.org.value; document.queryForm.locality.value = document.subjectCritForm.locality.value; document.queryForm.state.value = document.subjectCritForm.state.value;
+ document.queryForm.country.value = document.subjectCritForm.country.value;
+ if (document.subjectCritForm.match[1].checked) {
+ document.queryForm.match.value = 'partial';
+ } else {
+ document.queryForm.match.value = 'exact';
+ }
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:</font>&nbsp;
+<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.revokedOnCritForm.inUse, document.revokedOnFrom, document.revokedOnTo);">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=8>Remove certificate from CRL
+<OPTION VALUE=9>Privilege withdrawn
+<OPTION VALUE=10>AA key compromised
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function revokedByCritInUse()
+{
+ if (document.revokedByCritForm.inUse.checked) {
+ document.queryForm.revokedByInUse.value = 'on';
+ }
+ document.queryForm.revokedBy.value = document.revokedByCritForm.revokedBy.value;
+ return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+ if (document.revokedByCritForm.revokedBy.value.length == 0) {
+ alert("User id in 'revoked by' filter is empty");
+ return null;
+ }
+ return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+ if (document.revokedOnCritForm.inUse.checked) {
+ document.queryForm.revokedOnInUse.value = 'on';
+ }
+ d = convertToTime(document.revokedOnFrom);
+ if (d != null) {
+ document.queryForm.revokedOnFrom.value = d;
+ }
+ d = convertToTime(document.revokedOnTo);
+ if (d != null) {
+ document.queryForm.revokedOnTo.value = d;
+ }
+ return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.revokedOnFrom)) {
+ from = convertDate(document.revokedOnFrom,
+ "Start date for revocation time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certRevokedOn>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.revokedOnTo)) {
+ to = convertDate(document.revokedOnTo,
+ "End date for revocation time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certRevokedOn<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for revocation time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Revocation time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+ if (document.revocationReasonCritForm.inUse.checked) {
+ document.queryForm.revocationReasonInUse.value = 'on';
+ }
+ var values = new Array();
+ var next = 0; for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) { if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ values[next++] = i;
+ }
+ }
+ document.queryForm.revocationReason.value = values;
+ return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+ var crit = new Array();
+ var sum = null;
+ var next = 0;
+
+ for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+ if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ crit[next++] = "(x509cert.certRevoInfo="+i+")";
+ }
+ }
+ sum = nsjoin(crit,"");
+ if (next > 1) {
+ sum = "(|" + sum + ")"
+ } else if (next < 1) {
+ alert("You must select at least one revocation reason.");
+ return null;
+ }
+ return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="profileCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued according to the profile:</font>&nbsp;
+<INPUT TYPE="text" NAME="profile" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.issuedOnCritForm.inUse, document.issuedOnFrom, document.issuedOnTo);"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+ if (document.issuedByCritForm.inUse.checked) {
+ document.queryForm.issuedByInUse.value = 'on';
+ }
+ document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function profileCritInUse()
+{
+ if (document.profileCritForm.inUse.checked) {
+ document.queryForm.profileInUse.value = 'on';
+ }
+ document.queryForm.profile.value = document.profileCritForm.profile.value;
+ return document.profileCritForm.inUse.checked;
+}
+function profileCrit()
+{
+ if (document.profileCritForm.profile.value.length == 0) {
+ alert("Profile id in 'issued according to the profile' filter is empty");
+ return null;
+ }
+ return "(certMetaInfo=profileId:"+ document.profileCritForm.profile.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ if (document.issuedOnCritForm.inUse.checked) {
+ document.queryForm.issuedOnInUse.value = 'on';
+ }
+ d = convertToTime(document.issuedOnFrom);
+ if (d != null) {
+ document.queryForm.issuedOnFrom.value = d;
+ }
+ d = convertToTime(document.issuedOnTo);
+ if (d != null) {
+ document.queryForm.issuedOnTo.value = d;
+ }
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Issue time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotBeforeCritForm.inUse, document.validNotBeforeFrom, document.validNotBeforeTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+ if (document.validNotBeforeCritForm.inUse.checked) {
+ document.queryForm.validNotBeforeInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotBeforeFrom);
+ if (d != null) {
+ document.queryForm.validNotBeforeFrom.value = d;
+ }
+ d = convertToTime(document.validNotBeforeTo);
+ if (d != null) {
+ document.queryForm.validNotBeforeTo.value = d;
+ }
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Validity beginning time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotAfterCritForm.inUse, document.validNotAfterFrom, document.validNotAfterTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+ if (document.validNotAfterCritForm.inUse.checked) {
+ document.queryForm.validNotAfterInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotAfterFrom);
+ if (d != null) {
+ document.queryForm.validNotAfterFrom.value = d;
+ }
+ d = convertToTime(document.validNotAfterTo);
+ if (d != null) {
+ document.queryForm.validNotAfterTo.value = d;
+ }
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a validity period:</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+ if (document.validityLengthCritForm.inUse.checked) {
+ document.queryForm.validityLengthInUse.value = 'on';
+ }
+ document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+ document.queryForm.count.value = document.validityLengthCritForm.count.value;
+ document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+ if(!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Basic Constraints</b></font>
+
+<FORM NAME="basicConstraintsForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show CA certificates (based on Basic Constraints extension).</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function basicConstraintsInUse()
+{
+ if (document.basicConstraintsForm.inUse.checked) {
+ document.queryForm.basicConstraintsInUse.value = 'on';
+ }
+ return document.basicConstraintsForm.inUse.checked;
+}
+
+function basicConstraints()
+{
+ var result = '(x509cert.BasicConstraints.isCA=on)';
+
+ return result;
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function certTypeCritInUse()
+{
+ if (document.certTypeCritForm.inUse.checked) {
+ document.queryForm.certTypeInUse.value = 'on';
+ }
+ document.queryForm.SSLClient.value = document.certTypeCritForm.SSLClient.value;
+ document.queryForm.SSLServer.value = document.certTypeCritForm.SSLServer.value;
+ document.queryForm.SecureEmail.value = document.certTypeCritForm.SecureEmail.value;
+ document.queryForm.SubordinateSSLCA.value = document.certTypeCritForm.SubordinateSSLCA.value;
+ document.queryForm.SubordinateEmailCA.value = document.certTypeCritForm.SubordinateEmailCA.value;
+ return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+ var result = '';
+ var count = 0;
+
+ for (var i = 1; i < document.certTypeCritForm.length; i++) {
+ var sel = document.certTypeCritForm[i].selectedIndex;
+ if (sel > 0) {
+ count++;
+ result += '(x509cert.nsExtension.' +
+ document.certTypeCritForm[i].name + '='+
+ document.certTypeCritForm[i].options[sel].value + ')';
+ }
+ }
+ if (count == 0) {
+ alert("At least one of the certificate types must be selected");
+ return null;
+ }
+
+ return result;
+}
+//-->
+</SCRIPT>
+
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (statusCritInUse()) {
+ if ((andFilter[critCount++] = statusRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+
+ if (revokedOnCritInUse()) {
+ if ((andFilter[critCount++] = revokedOnCrit()) == null)
+ return;
+ }
+ if (revokedByCritInUse()) {
+ if ((andFilter[critCount++] = revokedByCrit()) == null)
+ return;
+ }
+ if (revocationReasonCritInUse()) {
+ if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (profileCritInUse()) {
+ if ((andFilter[critCount++] = profileCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+ if (certTypeCritInUse()) {
+ if ((andFilter[critCount++] = certTypeCrit()) == null)
+ return;
+ }
+ if (basicConstraintsInUse()) {
+ if ((andFilter[critCount++] = basicConstraints()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ var f = nsjoin(andFilter,"");
+ if (f.length == 0) f = "(certRecordId=*)";
+ form.queryCertFilter.value = "(&"+f+")";
+
+ form.op.value = "srchCerts";
+
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="statusInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="status" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReasonInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReason" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="profileInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="profile" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="basicConstraintsInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="certTypeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateEmailCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateSSLCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SecureEmail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLClient" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLServer" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Maximum results:</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Time limit (in seconds):</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Advanced Certificate Search')"> -->
+ </td>
+ </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/SrchRequests.html b/base/ca/shared/webapps/ca/agent/ca/SrchRequests.html
new file mode 100644
index 000000000..08433aa7d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/SrchRequests.html
@@ -0,0 +1,384 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Search for Requests</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Requests
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the request.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search. Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request ID Range</font></b>
+<FORM NAME="requestNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest request id:</font></td>
+<td><INPUT TYPE="TEXT" NAME="requestFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest request id:</font></td>
+<td><INPUT TYPE="TEXT" NAME="requestTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of request IDs in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function requestNumberRangeCritInUse()
+{
+ return document.requestNumberRangeCritForm.inUse.checked;
+}
+
+function requestNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.requestNumberRangeCritForm.requestFrom.value != "") {
+ canonicalFrom =
+ trim(document.requestNumberRangeCritForm.requestFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ alert("You must specify a decimal value " +
+ "for the low end of the request number range.");
+ return null;
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the request number range.");
+ return null;
+ }
+ crit[next++] = "(requestId>=" + canonicalFrom + ")";
+ }
+
+ if (document.requestNumberRangeCritForm.requestTo.value != "") {
+ canonicalTo =
+ trim(document.requestNumberRangeCritForm.requestTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ alert("You must specify a decimal value " +
+ "for the high end of the request number range.");
+ return null;
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the request number range.");
+ return null;
+ }
+ crit[next++] = "(requestId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.requestNumberRangeCritForm.requestFrom.value != "" &&
+ document.requestNumberRangeCritForm.requestTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request Type</font></b>
+<FORM NAME="typeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that are of
+<select NAME="type">
+<option value="ENROLLMENT">enrollment
+<option value="RENEWAL">renewal
+<option value="REVOCATION">revocation
+<option value="ALL">any
+</select>
+type
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function typeCritInUse()
+{
+ return document.typeCritForm.inUse.checked;
+}
+function typeRangeCrit()
+{
+ if (document.typeCritForm.type.options[document.typeCritForm.type.selectedIndex].value == "ALL")
+ return "(requesttype=*)";
+ else
+ return "(requesttype=" + document.typeCritForm.type.options[document.typeCritForm.type.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" CHECKED NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that are in
+<select NAME="status">
+<option value="PENDING">pending
+<option value="CANCELED">canceled
+<option value="REJECTED">rejected
+<option value="COMPLETE">completed
+<option value="ALL">any
+</select>
+status
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+ return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+ if (document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value == "ALL")
+ return "(requeststate=*)";
+ else
+ return "(requeststate=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ if (requestNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = requestNumberRangeCrit()) == null)
+ return;
+ }
+ if (typeCritInUse()) {
+ if ((andFilter[critCount++] = typeRangeCrit()) == null)
+ return;
+ }
+ if (statusCritInUse()) {
+ if ((andFilter[critCount++] = statusRangeCrit()) == null)
+ return;
+ }
+
+ if (ownerCritInUse()) {
+ critCount++;
+ if (checkEmptyField() == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ var f = nsjoin(andFilter,"");
+ if (f.length == 0) f = "(requestId=*)";
+ form.queryRequestFilter.value = "(&"+f+")";
+
+ form.op.value = "srchRequests";
+
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="searchReqs" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryRequestFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Request Owner</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" CHECKED NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that belong to the user specified as below:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="owner" VALUE="self"> self </font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="owner" VALUE="others"> uid=
+<INPUT TYPE="TEXT" NAME="uid" SIZE=10 MAXLENGTH=99></font>
+</td>
+</tr>
+</table>
+<br>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Maximum results:</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Time limit (in seconds):</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+</table>
+<br>
+
+
+
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+
+</form>
+<SCRIPT type="text/javascript">
+//<!--
+function ownerCritInUse()
+{
+ if (!document.queryForm.inUse.checked) {
+ document.queryForm.owner[0].value = "";
+ document.queryForm.owner[1].value = "";
+ document.queryForm.uid.value = "";
+ }
+ return document.queryForm.inUse.checked;
+}
+function checkEmptyField()
+{
+ if (document.queryForm.owner[1].checked) {
+ if (document.queryForm.uid.value.length == 0) {
+ alert("uid field cannot be empty.");
+ return null;
+ }
+ }
+
+ return "";
+}
+
+</SCRIPT>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/SrchRevokeCert.html b/base/ca/shared/webapps/ca/agent/ca/SrchRevokeCert.html
new file mode 100644
index 000000000..4f11ddf33
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/SrchRevokeCert.html
@@ -0,0 +1,1137 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Revoke Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke Certificates</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to revoke a set of certificates determined by one
+or more properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the set of certificates to be revoked.
+Check the box at the top of the section if you want to use that
+filter in your search, then complete the fields. Leave a box
+unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+<p>
+You will be given a chance to examine the certificates before
+they are revoked.
+</font>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ if (document.serialNumberRangeCritForm.inUse.checked) {
+ document.queryForm.serialNumberRangeInUse.value = 'on';
+ }
+ document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+ document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom,16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo,16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method revokes certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method revokes certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+ if (document.subjectCritForm.inUse.checked) {
+ document.queryForm.subjectInUse.value = 'on';
+ }
+ document.queryForm.eMail.value = document.subjectCritForm.eMail.value;
+ document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+ document.queryForm.userID.value = document.subjectCritForm.userID.value;
+ document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+ document.queryForm.org.value = document.subjectCritForm.org.value;
+ document.queryForm.locality.value = document.subjectCritForm.locality.value;
+ document.queryForm.state.value = document.subjectCritForm.state.value;
+ document.queryForm.country.value = document.subjectCritForm.country.value;
+ if (document.subjectCritForm.match[1].checked) {
+ document.queryForm.match.value = 'partial';
+ } else {
+ document.queryForm.match.value = 'exact';
+ }
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse">
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.issuedOnCritForm.inUse, document.issuedOnFrom, document.issuedOnTo);"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued during the period:</font>
+</td>
+</FORM>
+<tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+ if (document.issuedByCritForm.inUse.checked) {
+ document.queryForm.issuedByInUse.value = 'on';
+ }
+ document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ if (document.issuedOnCritForm.inUse.checked) {
+ document.queryForm.issuedOnInUse.value = 'on';
+ }
+ d = convertToTime(document.issuedOnFrom);
+ if (d != null) {
+ document.queryForm.issuedOnFrom.value = d;
+ }
+ d = convertToTime(document.issuedOnTo);
+ if (d != null) {
+ document.queryForm.issuedOnTo.value = d;
+ }
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Invalid issuance time range");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotBeforeCritForm.inUse, document.validNotBeforeFrom, document.validNotBeforeTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates effective during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+ if (document.validNotBeforeCritForm.inUse.checked) {
+ document.queryForm.validNotBeforeInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotBeforeFrom);
+ if (d != null) {
+ document.queryForm.validNotBeforeFrom.value = d;
+ }
+ d = convertToTime(document.validNotBeforeTo);
+ if (d != null) {
+ document.queryForm.validNotBeforeTo.value = d;
+ }
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Invalid effective time range");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotAfterCritForm.inUse, document.validNotAfterFrom, document.validNotAfterTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates expire during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+ if (document.validNotAfterCritForm.inUse.checked) {
+ document.queryForm.validNotAfterInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotAfterFrom);
+ if (d != null) {
+ document.queryForm.validNotAfterFrom.value = d;
+ }
+ d = convertToTime(document.validNotAfterTo);
+ if (d != null) {
+ document.queryForm.validNotAfterTo.value = d;
+ }
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for the expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a validity period:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+ if (document.validityLengthCritForm.inUse.checked) {
+ document.queryForm.validityLengthInUse.value = 'on';
+ }
+ document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+ document.queryForm.count.value = document.validityLengthCritForm.count.value;
+ document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+
+ if (!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+//-->
+</SCRIPT>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ andFilter[critCount++] = "(certStatus=VALID)";
+
+ form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+ form.revokeAll.value = form.queryCertFilter.value;
+
+ form.op.value = "srchCerts";
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+<br>&nbsp;
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokeAll" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="statusInUse" VALUE="on">
+<INPUT TYPE="HIDDEN" NAME="status" VALUE="VALID">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Maximum results:</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Time limit (in seconds):</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Searching for Certificates to Revoke')"> -->
+ </td>
+ </tr>
+</table>
+
+</form>
+
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/UpdateDir.html b/base/ca/shared/webapps/ca/agent/ca/UpdateDir.html
new file mode 100644
index 000000000..1fb9541cd
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/UpdateDir.html
@@ -0,0 +1,367 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+ <TITLE>Update Directory Server</TITLE>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ if ((!form.updateAll.checked) && (!form.updateCRL.checked) &&
+ (!form.updateCA.checked) && (!form.updateValid.checked) &&
+ (!form.updateExpired.checked) && (!form.updateRevoked.checked)) {
+ alert("You must choose at least one updating selection on this form.");
+ return;
+ }
+
+ if (form.updateAll.checked || form.updateValid.checked) {
+ var canonicalFrom = "", canonicalTo = "";
+
+ if ( form.validFrom.value!= "") {
+ canonicalFrom =
+ trim(form.validFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom, 16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range of valid certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range of valid certificates.");
+ return;
+ }
+ form.validFrom.value = canonicalFrom;
+ }
+
+ if ( form.validTo.value!= "") {
+ canonicalTo =
+ trim(form.validTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo, 16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range of valid certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range of valid certificates.");
+ return;
+ }
+ form.validTo.value = canonicalTo;
+ }
+
+ /* Can't do this using parseInt*/
+ /*
+ if (form.validFrom.value != "" && form.validTo.value != "" ) {
+ if (parseInt(form.validFrom.value) > parseInt(form.validTo.value)) {
+ alert("The low end of the range is larger than the high end.");
+ return;
+ }
+ }
+ */
+ }
+
+ if (form.updateAll.checked || form.updateExpired.checked) {
+ var canonicalFrom = "", canonicalTo = "";
+
+ if ( form.expiredFrom.value!= "") {
+ canonicalFrom =
+ trim(form.expiredFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom, 16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range of expired certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range of expired certificates.");
+ return;
+ }
+ form.expiredFrom.value = canonicalFrom;
+ }
+
+ if ( form.expiredTo.value!= "") {
+ canonicalTo =
+ trim(form.expiredTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo, 16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range of expired certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range of expired certificates.");
+ return;
+ }
+ form.expiredTo.value = canonicalTo;
+ }
+
+ /* Can't do this using parseInt*/
+ /*
+ if (form.expiredFrom.value != "" && form.expiredTo.value != "") {
+ if (parseInt(form.expiredFrom.value) > parseInt(form.expiredTo.value)) {
+ alert("The low end of the range for expired certificates " +
+ "is larger than the high end.");
+ return;
+ }
+ }
+ */
+ }
+
+ if (form.updateAll.checked || form.updateRevoked.checked) {
+ var canonicalFrom = "", canonicalTo = "";
+
+ if ( form.revokedFrom.value!= "") {
+ canonicalFrom =
+ trim(form.revokedFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom, 16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range of revoked certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range of revoked certificates.");
+ return;
+ }
+ form.revokedFrom.value = canonicalFrom;
+ }
+
+ if ( form.revokedTo.value!= "") {
+ canonicalTo =
+ trim(form.revokedTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo, 16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range of revoked certificates.");
+ return;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range of revoked certificates.");
+ return;
+ }
+ form.revokedTo.value = canonicalTo;
+ }
+
+ /* Can't do this using parseInt*/
+ /*
+ if (form.revokedFrom.value != "" && form.revokedTo.value != "") {
+ if (parseInt(form.revokedFrom.value) > parseInt(form.revokedTo.value)) {
+ alert("The low end of the range for revoked certificates " +
+ "is larger than the high end.");
+ return;
+ }
+ }
+ */
+ }
+
+ form.submit();
+}
+//-->
+</script>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Directory Server</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the directory is updated automatically with
+the latest changes to certificates and certificate revocation lists.
+In a few situations, however, you may need to update the directory manually.
+Use this form to make updates manually.
+<p>
+<b>Note:</b>&nbsp; Any certificates issued or revoked during
+the update may not be reflected in the directory.
+You can use this form again to update those certificates.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM ACTION="updateDir" METHOD=POST>
+<table>
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="checkFlag" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Skip certificates already marked as updated.</font></td>
+</tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Check one or more of these boxes.</font>
+
+<table>
+<tr>
+<td VALIGN=topline><INPUT TYPE="CHECKBOX" NAME="updateAll" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update everything in the database to the directory.
+<br>(This will include all selections below.)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateCRL" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update the certificate revocation list to the directory.</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateCA" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Manager certificate to the directory.</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateValid" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update valid certificates to the directory.</font></td>
+</tr>
+
+<tr> <td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=validFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+
+<tr> <td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=validTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateExpired" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Remove expired certificates from the directory.</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=expiredFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=expiredTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateRevoked" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Remove revoked certificates from the directory.</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=revokedFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=revokedTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Update Directory" width="72" onClick="doSubmit(this.form);">&nbsp;
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Manual Directory Updates')"> -->
+ </td>
+ </tr>
+</table>
+
+</form>
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/blank.html b/base/ca/shared/webapps/ca/agent/ca/blank.html
new file mode 100644
index 000000000..e41af69c4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/blank.html
@@ -0,0 +1,27 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC">
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/bulkissuance.template b/base/ca/shared/webapps/ca/agent/ca/bulkissuance.template
new file mode 100644
index 000000000..01f57455d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/bulkissuance.template
@@ -0,0 +1,24 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+</HEAD>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/cloneRedirect.template b/base/ca/shared/webapps/ca/agent/ca/cloneRedirect.template
new file mode 100644
index 000000000..0f1ad7812
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/cloneRedirect.template
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Feature Unavailable to Clones</TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Feature Unavailable to Clones
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<SCRIPT LANGUAUGE="JavaScript">
+ document.writeln('This is a clone CA. The feature you want is not available.<br>');
+ document.writeln('You might find the information on the \<a href=\"'+result.header.masterURL+'\" target=\"_top\"\>master CA\<\/a\>');
+</SCRIPT>
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/confirmRevocation.template b/base/ca/shared/webapps/ca/agent/ca/confirmRevocation.template
new file mode 100644
index 000000000..c1061affa
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/confirmRevocation.template
@@ -0,0 +1,212 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript">
+//<!--
+function validate(form)
+{
+ with (form) {
+ return true;
+ }
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Please confirm certificate revocation by selecting appropriate revocation reason(s) and submitting the form.</font><br><br>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+ request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+ </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+<br><br>
+
+<table border="0" cellspacing="2">
+ <tr valign="TOP">
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Serial Number:</font></td>
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+ document.write(toHex(result.header.serialNumber));
+</SCRIPT>
+ </font></td>
+ </tr>
+ <tr valign="TOP">
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Subject Name:</font></td>
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+ document.write( result.header.subjectName);
+</SCRIPT>
+ </font></td>
+ </tr>
+ <tr valign="TOP">
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Valid:</font></td>
+ <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+document.write('not before: '+ renderDateFromSecs(result.header.validNotBefore) +' and not after' + renderDateFromSecs(result.header.validNotAfter));
+</SCRIPT>
+ </font></td>
+ </tr>
+</table>
+
+
+<form method="post" action="doRevoke" onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP" colspan="2"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Select Revocation Reason<br>
+ </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Please select one or more reasons for revocation.</font></td>
+ </tr>
+ <tr>
+ <td>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td width="1%">
+ <input type="RADIO" checked name="revocationReason" value="0">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Unspecified</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="1">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key compromised</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="2">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">CA Key Compromised</font></td>
+ </tr>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="3">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Affiliation changed</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="4">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate superceded</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="5">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Cessation of operation</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="6">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate is on hold</font></td>
+ </tr>
+ <tr>
+ <td width="1%">
+ <input type="RADIO" name="revocationReason" value="9">
+ </td>
+ <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Privilege withdrawn</font></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional
+ comments if any, regarding this request</b><br>
+ Please write any additional comments directed to the person who will process
+ your certificate request. </font></td>
+ </tr>
+ <tr>
+ <td>
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc">
+ <tr>
+ <td>
+ <div>
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="op" value="DoRevocation">
+ <input type="hidden" name="templateType" value="RevocationSuccess">
+ <input type="reset" value="Reset" name="reset" width="72">
+ <!-- <input type="button" value="Help"
+ onclick="help('http://www.redhat.com/docs/manuals/cert-system#Confirming a Revocation')" name="button" width="72"> -->
+<SCRIPT type="text/javascript">
+document.write("<INPUT TYPE=hidden name=serialNumber value=\"" +
+result.header.serialNumber +"\">");
+</SCRIPT>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/displayBySerial.template b/base/ca/shared/webapps/ca/agent/ca/displayBySerial.template
new file mode 100644
index 000000000..5d994cd43
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/displayBySerial.template
@@ -0,0 +1,298 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display Certificate</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<CMS_TEMPLATE>
+</head>
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+function getReason(reasonId)
+{
+ var reason = "";
+ reasonDescription = new Array("unspecified",
+ "key compromised",
+ "CA key compromised",
+ "affiliation changed",
+ "certificate superceded",
+ "cessation of operation",
+ "certificate is on hold",
+ "unspecified",
+ "remove from CRL",
+ "privilege withdrawn",
+ "AA key compromised");
+
+ if (reasonId >= 0 && reasonId < reasonDescription.length) {
+ reason = reasonDescription[reasonId];
+ } else {
+ reason = "Unknown reason";
+ }
+
+ return reason;
+}
+
+function doReload()
+{
+ if (navigator.appName == "Netscape") {
+ document.reloadForm.submit();
+ }
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+//-->
+</SCRIPT>
+
+<body onResize=doReload() bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT type="text/javascript">
+//<!--
+document.write('&nbsp; 0x0' + result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+ typeof(crypto.version) != "undefined") {
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT type="text/javascript">
+document.write(addEscapes(result.header.certPrettyPrint));
+</SCRIPT>
+</pre>
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.header.revocationReason != null) {
+ Reason = new Array("Unspecified", "Key Compromise", "CA Compromise", "Affiliation Changed");
+ document.write('<p>\n');
+ document.write('<table border="0" cellspacing="2" cellpadding="2" width="100%">\n');
+ document.write('<tr align="left" bgcolor="#e5e5e5"><td align="left">\n');
+ document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">\n');
+ document.write('Certificate revocation reason</font></td></tr></table>\n');
+ document.write('<p><font size=-1 face="PrimaSans BT, Verdana, sans-serif">\n');
+ document.write('This certificate is revoked from the following reason:&nbsp;');
+ document.write('</font>\n');
+ document.write('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="red">\n');
+ document.write(getReason(result.header.revocationReason)+'\n');
+ document.write('</font>\n');
+
+ if (result.header.revocationReason == 6) { // on hold
+ document.write("<center>");
+ var loc = 'doUnrevoke?serialNumber=0x'+ result.header.serialNumber;
+ loc = loc + '&cmmfResponse=true';
+ document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Take Certificate Off Hold\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+ document.write("</center><br>");
+ } else {
+ document.write('<br>&nbsp;\n');
+ }
+}
+//-->
+</SCRIPT>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT type="text/javascript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<p>
+Base 64 encoded certificate with CA certificate chain in pkcs7 format
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE CHAIN-----
+<SCRIPT type="text/javascript">
+document.write(result.header.pkcs7ChainBase64);
+</SCRIPT>
+-----END CERTIFICATE CHAIN-----
+</pre>
+
+<br><p>
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.header.noCertImport != null && result.header.noCertImport == false) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Importing this certificate</font></td></tr></table>');
+ document.writeln('<p><font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('To import the certificate into your client, click the following button.');
+ document.writeln('</font><p>');
+}
+//-->
+</SCRIPT>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate_OnClick
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+-->
+</SCRIPT>
+
+<SCRIPT type="text/javascript">
+document.write("<center>");
+var loc = 'getBySerial?serialNumber='+ result.header.serialNumber;
+if (navigator.appName == "Netscape") {
+ loc = loc + '&importCert=true';
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+ loc = loc + '&cmmfResponse=true';
+ }
+}
+if (result.header.noCertImport != null && result.header.noCertImport == false) {
+ document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import Your Certificate\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+}
+
+if (navigator.appName == "Netscape" &&
+ result.header.emailCert != null &&
+ result.header.emailCert == true &&
+ result.header.noCertImport != null &&
+ result.header.noCertImport == false) {
+ var loc1 = '/ca/getBySerial?serialNumber='+ result.header.serialNumber;
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+ loc1 = loc1 + '&cmmfResponse=true';
+ }
+ else {
+ loc1 = loc1 + '&importCert=true&emailCert=true';
+ }
+ document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+ ' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+ '</form>\n');
+}
+
+document.write("</center>");
+
+document.write('<form name=reloadForm action=displayBySerial>\n'+
+ '<INPUT TYPE="HIDDEN" NAME="serialNumber" VALUE="'+
+ '0x'+result.header.serialNumber+'">\n</form>\n');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template b/base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template
new file mode 100644
index 000000000..4a193e324
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/displayBySerial2.template
@@ -0,0 +1,131 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display Certificate</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<CMS_TEMPLATE>
+</head>
+
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT type="text/javascript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+ navMajorVersion() > 3 &&
+ typeof(crypto.version) != "undefined") {
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT type="text/javascript">
+document.write(result.header.certPrettyPrint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE CHAIN-----
+<SCRIPT type="text/javascript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE CHAIN-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Downloading this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To download the certificate into your system, click the following button.
+</font>
+<p>
+
+<SCRIPT type="text/javascript">
+document.write("<center>");
+var loc = '/ca/getBySerial?serialNumber='+ result.header.serialNumber;
+document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/displayCRL.template b/base/ca/shared/webapps/ca/agent/ca/displayCRL.template
new file mode 100644
index 000000000..988c6db51
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/displayCRL.template
@@ -0,0 +1,217 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display CRL</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Certificate Revocation List
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+if (result.header.crlNumber != null &&
+ result.header.crlSize != null &&
+ result.header.crlIssuingPoint != null) {
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list summary</font></td></tr></table>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL issuing point:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlIssuingPoint+'</font></td></tr>');
+
+ if (result.header.crlDisplayType != null &&
+ result.header.crlDisplayType == "deltaCRL" &&
+ result.header.deltaCRLSize == null &&
+ result.header.error != null) {
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Status:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.error+'</font></td></tr>');
+ } else {
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL number:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlNumber+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Number of CRL entries:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.deltaCRLSize != null) {
+ document.writeln(result.header.deltaCRLSize+'</font></td></tr>');
+ } else {
+ document.writeln(result.header.crlSize+'</font></td></tr>');
+ }
+ if (result.header.crlDescription != null) {
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL issuing point description:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlDescription+'</font></td></tr>');
+ }
+ }
+ document.writeln('</table><br>');
+
+ if (result.header.crlPrettyPrint != null) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list contents</font></td></tr></table>');
+ document.writeln('<pre>');
+ document.writeln(result.header.crlPrettyPrint);
+ document.writeln('</pre>');
+ }
+ if (result.recordSet.length > 0) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ document.writeln(result.recordSet[i].crlBase64Encoded);
+ }
+ document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+ document.writeln('</pre>');
+ } else if (result.header.crlBase64 != null) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+ document.writeln(result.header.crlBase64);
+ document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+ document.writeln('</pre>');
+ }
+} else {
+ document.writeln('Certificate revocation list is not found');
+ if (result.header.error != null) {
+ document.write('\nAdditional information:\n ');
+ document.writeln(result.header.error);
+ }
+}
+
+function doNext()
+{
+ var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+ result.header.crlIssuingPoint: "MasterCRL";
+ var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+ result.header.crlDisplayType: "entireCRL";
+ var loc = location.protocol + '//' + location.hostname + ':' +
+ location.port + '/ca/agent/ca/displayCRL?crlIssuingPoint='+ip+
+ '&crlDisplayType='+dt+'&pageStart='+
+ (parseInt(result.header.pageStart)+parseInt(document.displayCRLForm.pageSize.value))+
+ '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+ location.href = loc;
+}
+
+function doPrevious()
+{
+ var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+ result.header.crlIssuingPoint: "MasterCRL";
+ var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+ result.header.crlDisplayType: "entireCRL";
+ var loc = location.protocol + '//' + location.hostname + ':' +
+ location.port + '/ca/agent/ca/displayCRL?crlIssuingPoint='+ip+
+ '&crlDisplayType='+dt+'&pageStart='+
+ (parseInt(result.header.pageStart)-parseInt(document.displayCRLForm.pageSize.value))+
+ '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+ location.href = loc;
+}
+
+if (result.header.crlSize != null &&
+ result.header.pageSize != null &&
+ result.header.pageStart != null &&
+ (parseInt(result.header.crlSize) > parseInt(result.header.pageSize))) {
+ document.writeln('<FORM NAME="displayCRLForm" ACTION="/ca/agent/ca/displayCRL" METHOD=POST>');
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+ document.writeln('<tr><td ALIGN=LEFT BGCOLOR="#E5E5E5">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ var upperLimit = 0;
+ if (parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1 >
+ parseInt(result.header.crlSize)) {
+ upperLimit = parseInt(result.header.crlSize);
+ } else {
+ upperLimit = parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1;
+ }
+ document.writeln(result.header.pageStart+'-'+upperLimit+
+ ' of '+result.header.crlSize+' CRL entries');
+ document.writeln('</font></td>');
+ document.writeln('<td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+ var n = 0;
+ if (parseInt(result.header.pageStart) > 1) {
+ document.writeln('<INPUT TYPE="button" VALUE="Previous" width="72"'+
+ ' onClick="doPrevious();">&nbsp;');
+ n++;
+ }
+ if (parseInt(result.header.pageStart) + parseInt(result.header.pageSize) - 1 <
+ parseInt(result.header.crlSize)) {
+ document.writeln('<INPUT TYPE="button" VALUE="Next" width="72"'+
+ ' onClick="doNext();">&nbsp;');
+ n++;
+ }
+ if (n > 0) {
+ document.writeln('<INPUT TYPE=text SIZE=4 MAXLENGTH=8 NAME=pageSize VALUE='+
+ result.header.pageSize+'>&nbsp;');
+ }
+
+ document.writeln('</td></tr></table>');
+ document.writeln('</FORM>');
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template b/base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template
new file mode 100644
index 000000000..f1148570c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/displayCertFromRequest.template
@@ -0,0 +1,197 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<script type="text/javascript">
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+function displayCert(cert)
+{
+ document.writeln(
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'+
+ 'Certificate 0x'+cert.serialNo+
+ '</font><br>');
+ document.writeln(
+ '<table border="0" cellspacing="0" cellpadding="0" '+
+ 'background="/pki/images/hr.gif" width="100%">'+
+ '<tr>'+
+ '<td>&nbsp;</td>'+
+ '</tr>'+
+ '</table>');
+
+ document.writeln(
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Certificate contents</font></td></tr></table>'+
+ '<pre>'+
+ cert.certPrettyPrint+
+ '</pre>');
+
+ document.writeln('<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Certificate fingerprint</font></td></tr></table>'+
+ '<pre>'+
+ cert.certFingerprint+
+ '</pre>'+
+ '</font>');
+
+ document.writeln('<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Installing this certificate in a server</font></td></tr></table>'+
+ '<p>'+
+ '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+ 'The following format can be used to install this certificate '+
+ 'into a server.'+
+ '<p>' +
+ 'Base 64 encoded certificate'+
+ '</font>'+
+ '<p><pre>'+
+ //'-----BEGIN CERTIFICATE-----'+
+ cert.base64Cert+
+ //'-----END CERTIFICATE-----'+
+ '</pre>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+ '<p>'+
+ 'Base 64 encoded certificate with CA certificate chain in pkcs7 format'+
+ '</font>'+
+ '<p><pre>'+
+ '-----BEGIN CERTIFICATE CHAIN-----');
+ document.writeln(cert.pkcs7ChainBase64);
+ document.writeln('-----END CERTIFICATE CHAIN-----'+
+ '</pre>');
+
+}
+
+function importCertificates(numCerts, requestId)
+{
+ var grammar = 'this';
+ var plural = '';
+ if (numCerts > 1) {
+ grammar = 'these';
+ plural = 's'
+ }
+ document.writeln( '<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Importing certificate</font></td></tr></table>'+
+ '<p>'+
+ '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+ 'To import '+grammar+' certificate'+plural+' into your client, '+
+ 'click the following button.'+
+ '</font>'+
+ '<p>');
+
+ var loc = '/ca/getCertFromRequest?requestId='+result.header.requestId;
+ if (navigator.appName == "Netscape") {
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined")
+ loc = loc+'&cmmfResponse=true';
+ else
+ loc = loc + '&importCert=true';
+ }
+
+ document.writeln('<center>');
+ document.writeln('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import Certificate(s)\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+
+ if (navigator.appName == "Netscape" &&
+ result.header.emailCert != null &&
+ result.header.emailCert == true) {
+ var loc1 = '/ca/getCertFromRequest?requestId='+result.header.requestId;
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+ loc1 = loc1 + '&cmmfResponse=true';
+ }
+ else {
+ loc1 = loc1 + '&importCert=true&emailCert=true';
+ }
+
+ document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+ ' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+ '</form>\n');
+ }
+
+ document.writeln('</center>');
+}
+</script>
+
+<!--BODY bgcolor="white"-->
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+
+
+<SCRIPT type="text/javascript">
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ displayCert(result.recordSet[i]);
+ }
+ }
+ if (result.header.noCertImport != null &&
+ result.header.noCertImport == false) {
+ importCertificates(result.recordSet.length, result.header.requestId);
+ }
+
+}
+document.writeln('<P>');
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/error.template b/base/ca/shared/webapps/ca/agent/ca/error.template
new file mode 100644
index 000000000..b1940a820
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/error.template
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+<TITLE>Certificate Service Error</TITLE>
+</HEAD>
+<BODY bgcolor="white">
+<center><h2><b>Problem Processing Your Request</b></h2></center>
+<p>
+The certificate service encountered a problem when processing your
+request. This problem may indicate a flaw in the form used to
+submit your request or the values that were entered into the form.
+The following message supplies more information about the error
+that occurred.
+<p>
+<blockquote><b><pre>
+<SCRIPT type="text/javascript">
+if (result.header.errorDetails != null) {
+ document.write(result.header.errorDetails);
+} else {
+ document.write('Unable to provide details. Contact Administrator.');
+}
+</SCRIPT>
+</pre></b></blockquote>
+
+<SCRIPT type="text/javascript">
+if (result.header.errorDescription != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(result.header.errorDescription);
+ document.write('</b></blockquote>');
+}
+</SCRIPT>
+<p>
+Please consult your local administrator for further assistance.
+The certificate server's log may provide further information.
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameCRL.html b/base/ca/shared/webapps/ca/agent/ca/frameCRL.html
new file mode 100644
index 000000000..a0483c7e4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameCRL.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuCRL.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="getInfo?template=/agent/ca/toUpdateCRL" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameDir.html b/base/ca/shared/webapps/ca/agent/ca/frameDir.html
new file mode 100644
index 000000000..bcf5df10e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameDir.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuDir.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="updateDir.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameDisplayCRL.html b/base/ca/shared/webapps/ca/agent/ca/frameDisplayCRL.html
new file mode 100644
index 000000000..79a11aab6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameDisplayCRL.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuDisplayCRL.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="getInfo?template=/agent/ca/toDisplayCRL" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameList.html b/base/ca/shared/webapps/ca/agent/ca/frameList.html
new file mode 100644
index 000000000..98f514696
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameList.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuList.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="queryBySerial.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameListReq.html b/base/ca/shared/webapps/ca/agent/ca/frameListReq.html
new file mode 100644
index 000000000..c4b3d1e62
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameListReq.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuListReq.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="listRequests.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameOCSP.html b/base/ca/shared/webapps/ca/agent/ca/frameOCSP.html
new file mode 100644
index 000000000..8cc976d02
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameOCSP.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuOCSP.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="getOCSPInfo" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameProfile.html b/base/ca/shared/webapps/ca/agent/ca/frameProfile.html
new file mode 100644
index 000000000..2a15bae4c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameProfile.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuProfile.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameRevoke.html b/base/ca/shared/webapps/ca/agent/ca/frameRevoke.html
new file mode 100644
index 000000000..ebaee6df8
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameRevoke.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuRevoke.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="srchRevokeCert.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameSearch.html b/base/ca/shared/webapps/ca/agent/ca/frameSearch.html
new file mode 100644
index 000000000..b75a6272b
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameSearch.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuSearch.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="srchCert.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameSrchRequests.html b/base/ca/shared/webapps/ca/agent/ca/frameSrchRequests.html
new file mode 100644
index 000000000..0e73ea82f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameSrchRequests.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuSrchRequests.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="SrchRequests.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/frameStats.html b/base/ca/shared/webapps/ca/agent/ca/frameStats.html
new file mode 100644
index 000000000..75a4dbebb
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/frameStats.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="menuStats.html" scrolling="NO" noresize frameborder="NO" name="left">
+ <frame src="getStats" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/getOCSPInfo.template b/base/ca/shared/webapps/ca/agent/ca/getOCSPInfo.template
new file mode 100644
index 000000000..cfafd6208
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/getOCSPInfo.template
@@ -0,0 +1,117 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display CRL</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+<CMS_TEMPLATE>
+</head>
+
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+OCSP Service
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Detailed Information (Since Startup)</font></td></tr></table>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('OCSP Responses:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.numReq+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Total Signed Response Data (in bytes):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.totalData+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Processing Time (in ms):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln((result.header.totalSec-result.header.totalSignSec)+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Signing Time (in ms):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.totalSignSec+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Total Time (in ms):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.totalSec+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Signing Time Per Response (in ms):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.numReq == '0') {
+ document.writeln(result.header.numReq+'</font></td></tr>');
+ } else {
+ document.writeln((result.header.totalSignSec/result.header.numReq)+'</font></td></tr>');
+ }
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Total Time Per Response (in ms):</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.numReq == '0') {
+ document.writeln(result.header.numReq+'</font></td></tr>');
+ } else {
+ document.writeln((result.header.totalSec/result.header.numReq)+'</font></td></tr>');
+ }
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Responses Per Second:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.ReqSec+'</font></td></tr>');
+ document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/getStats.template b/base/ca/shared/webapps/ca/agent/ca/getStats.template
new file mode 100644
index 000000000..0af670816
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/getStats.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display CRL</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+<CMS_TEMPLATE>
+</head>
+
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Statistics
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+ document.writeln('<table border="0" cellspacing="0" cellpadding="0" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Detailed Information (Start Time <b>' + header.startTime + '</b>, Current Time: <b>' + header.curTime + '</b>)</font></td><td align=right><a href="getStats?op=clear">Clear Statistics</a></td></tr></table>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr>');
+ document.writeln('<td width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Action</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b># of operations</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Time Taken (in msec)</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Min</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Max</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Std Dev</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Avg</b></font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<b>Percentage</b></font></td>');
+ document.writeln('</tr>');
+ for (var i = 0; i <= recordCount; i++) {
+ if (result.recordSet[i].name.charAt(0) == '-') {
+ document.writeln('<tr><td>');
+ } else {
+ document.writeln('<tr bgcolor="#cccccc"><td>');
+ }
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.recordSet[i].name + '</font></td>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.recordSet[i].noOfOp+'</font></td>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.recordSet[i].timeTaken+'</font></td>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].max == -1) {
+ document.writeln('-</font></td>');
+ } else {
+ document.writeln(result.recordSet[i].min+'</font></td>');
+ }
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].max == -1) {
+ document.writeln('-</font></td>');
+ } else {
+ document.writeln(result.recordSet[i].max+'</font></td>');
+ }
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].stddev == -1) {
+ document.writeln('-</font></td>');
+ } else {
+ document.writeln(result.recordSet[i].stddev+'</font></td>');
+ }
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].noOfOp == 0) {
+ document.writeln('-');
+ } else {
+ document.writeln(Math.round(100*(result.recordSet[i].avg))/100);
+ }
+ document.writeln('</font></td>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].noOfOp == 0) {
+ document.writeln('-');
+ } else {
+ document.writeln(Math.round(100*(result.recordSet[i].percentage))/100 + '%');
+ }
+ document.writeln('</font></td>');
+ document.writeln('</tr>');
+ }
+ document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/index.html b/base/ca/shared/webapps/ca/agent/ca/index.html
new file mode 100644
index 000000000..9dc579977
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/index.html
@@ -0,0 +1,33 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+</head>
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*">
+ <frame src="/ca/agent/header?selected=ca" name="top" frameborder="NO" noresize scrolling="NO" marginwidth="0" marginheight="0">
+ <frame src="frameListReq.html" scrolling="NO" noresize frameborder="NO" marginwidth="0" marginheight="0" name="middle">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuCRL.html b/base/ca/shared/webapps/ca/agent/ca/menuCRL.html
new file mode 100644
index 000000000..2c4984e9e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuCRL.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b><font color=black>Update Revocation List</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuDir.html b/base/ca/shared/webapps/ca/agent/ca/menuDir.html
new file mode 100644
index 000000000..7fa9f658d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuDir.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b><font color=black>Update Directory Server</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuDisplayCRL.html b/base/ca/shared/webapps/ca/agent/ca/menuDisplayCRL.html
new file mode 100644
index 000000000..de76603c4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuDisplayCRL.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b><font color=black>Display Revocation List</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuList.html b/base/ca/shared/webapps/ca/agent/ca/menuList.html
new file mode 100644
index 000000000..21452599d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuList.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><font color=black><b>List Certificates</b></font></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuListReq.html b/base/ca/shared/webapps/ca/agent/ca/menuListReq.html
new file mode 100644
index 000000000..f3b541962
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuListReq.html
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b><font color=black>List Requests</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuOCSP.html b/base/ca/shared/webapps/ca/agent/ca/menuOCSP.html
new file mode 100644
index 000000000..0b73aa60e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuOCSP.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b><font color=black>OCSP Service</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuProfile.html b/base/ca/shared/webapps/ca/agent/ca/menuProfile.html
new file mode 100644
index 000000000..a7bcd66df
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuProfile.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b><font color=black>Manage Certificate Profiles</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuRevoke.html b/base/ca/shared/webapps/ca/agent/ca/menuRevoke.html
new file mode 100644
index 000000000..1148bf7c4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuRevoke.html
@@ -0,0 +1,70 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b><font color=black>Revoke Certificates</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuSearch.html b/base/ca/shared/webapps/ca/agent/ca/menuSearch.html
new file mode 100644
index 000000000..a088ef030
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuSearch.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b><font color=black>Search for Certificates</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuSrchRequests.html b/base/ca/shared/webapps/ca/agent/ca/menuSrchRequests.html
new file mode 100644
index 000000000..3b16a1a20
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuSrchRequests.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b><font color=black>Search for Requests</font></b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+ </tr>
+
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/menuStats.html b/base/ca/shared/webapps/ca/agent/ca/menuStats.html
new file mode 100644
index 000000000..c251356bd
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/menuStats.html
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+ <table border="0" cellspacing="4" cellpadding="4" width="100%">
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+ </tr>
+ <tr>
+ <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <a href="frameStats.html" target="middle"><font color="black"><b>Statistics</b></font></a></font></td>
+ </tr>
+ </table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/monitor.html b/base/ca/shared/webapps/ca/agent/ca/monitor.html
new file mode 100644
index 000000000..59e2f4078
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/monitor.html
@@ -0,0 +1,77 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Performance Monitor</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Performance Monitor</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to query performance of this authority within a specified time range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<form ACTION="monitor" METHOD=POST>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+ <tr>
+ <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Start time:&nbsp;</font>
+ </td>
+ <td><input TYPE="TEXT" NAME="startTime" SIZE=15 MAXLENGTH=14></td>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ &nbsp;(use one of two formats YYYYMMDDHHMMSS or -S)</font>
+ </td>
+ </tr>
+ <tr>
+ <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Interval length:&nbsp;</font>
+ </td>
+ <td><input TYPE="TEXT" NAME="interval" SIZE=15 MAXLENGTH=14></td>
+ <td>&nbsp;</td>
+ </tr>
+ <tr>
+ <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ &nbsp;&nbsp;&nbsp;&nbsp;Number of intervals:&nbsp;</font>
+ </td>
+ <td><input TYPE="TEXT" NAME="numberOfIntervals" SIZE=15 MAXLENGTH=14></td>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input TYPE="submit" VALUE="Display" width="72">&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+</form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/monitor.template b/base/ca/shared/webapps/ca/agent/ca/monitor.template
new file mode 100644
index 000000000..73c3eb736
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/monitor.template
@@ -0,0 +1,200 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE>Monitor</TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Monitor
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('CS monitor encountered the following error:'+result.header.error);
+ document.writeln('</font>');
+} else if (result.header.issuerName != null &&
+ result.header.startDate != null &&
+ result.header.interval != null &&
+ result.header.numberOfIntervals != null &&
+ result.header.totalNumberOfRequests != null &&
+ result.header.totalNumberOfCertificates != null) {
+ var timeRange = result.header.interval * result.header.numberOfIntervals;
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+
+ document.write('The following authority: '+result.header.issuerName+
+ ' during <b>'+timeRange+' seconds</b>, starting from '+
+ result.header.startDate+', processed <b>'+
+ result.header.totalNumberOfRequests+' requests</b>');
+ if (result.header.totalNumberOfCertificates > 0)
+ document.write(' and generated <b>'+result.header.totalNumberOfCertificates+
+ ' certificates</b>');
+ document.writeln('.<br>&nbsp;');
+ document.writeln('</font>');
+
+ if ((typeof(result.recordSet) != "undefined") && (result.recordSet.length > 0)) {
+ var addCerts = 0;
+ if (result.recordSet[0].numberOfCertificates != null)
+ addCerts = 1;
+
+ document.writeln('<table BORDER=1 CELLSPACING=0 CELLPADDING=4 align="center">');
+ document.writeln('<tr>');
+ document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Interval number</font></td>');
+ document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Number of requests</font></td>');
+ if (addCerts == 1) {
+ document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Number of certificates</font></td>');
+ }
+ document.writeln('</tr>');
+
+ var maxCerts = 0;
+ var maxReqs = 0;
+ for (var i = 0; i < result.recordSet.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td align="center">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(' '+(i+1)+' </font></td>');
+ document.writeln('<td align="center">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.recordSet[i].numberOfRequests != null &&
+ result.recordSet[i].numberOfRequests > 0 &&
+ result.recordSet[i].firstRequest != null) {
+ document.write('<a href="queryReq?seqNumFrom='+result.recordSet[i].firstRequest+
+ '&reqType=showAll&reqState=showAll&maxCount='+
+ result.recordSet[i].numberOfRequests+
+ '&totalRecordCount='+result.recordSet[i].numberOfRequests+'">'+
+ result.recordSet[i].numberOfRequests+'</a>');
+ } else if (result.recordSet[i].numberOfRequests != null) {
+ document.write(' '+result.recordSet[i].numberOfRequests);
+ } else {
+ document.write(' 0');
+ }
+ document.writeln('</font></td>');
+ if (result.recordSet[i].numberOfRequests > maxReqs)
+ maxReqs = result.recordSet[i].numberOfRequests;
+ if (addCerts == 1) {
+ document.writeln('<td align="center">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.recordSet[i].numberOfCertificates != null &&
+ result.recordSet[i].numberOfCertificates > 0 &&
+ result.recordSet[i].startTime != null &&
+ result.recordSet[i].endTime != null) {
+ document.write('<a href="srchCerts?queryCertFilter=(%26(requestCreateTime%3e%3d'+
+ result.recordSet[i].startTime+
+ ')(requestCreateTime%3c%3d'+
+ result.recordSet[i].endTime+'))&maxResults='+
+ (result.recordSet[i].numberOfCertificates+1)+'">'+
+ result.recordSet[i].numberOfCertificates+'</a>');
+ if (result.recordSet[i].numberOfCertificates > maxCerts)
+ maxCerts = result.recordSet[i].numberOfCertificates;
+ } else if (result.recordSet[i].numberOfCertificates != null) {
+ document.write(' '+result.recordSet[i].numberOfCertificates);
+ } else {
+ document.write(' 0');
+ }
+ document.writeln('</font></td>');
+ }
+ document.writeln('</tr>');
+ }
+ if (result.header.totalNumberOfRequests != null) {
+ document.writeln('<tr>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Total</font></td>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(' '+result.header.totalNumberOfRequests+' </font></td>');
+ if (addCerts == 1) {
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.totalNumberOfCertificates != null) {
+ document.write(' '+result.header.totalNumberOfCertificates);
+ } else {
+ document.write('0');
+ }
+ document.writeln('</font></td>');
+ }
+ document.writeln('</tr>');
+ }
+ if (result.recordSet.length > 0) {
+ document.writeln('<tr>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Average</font></td>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(' '+result.header.totalNumberOfRequests+' / '+timeRange+'s = '+
+ (result.header.totalNumberOfRequests/timeRange)+'</font></td>');
+ if (addCerts == 1) {
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write(' '+result.header.totalNumberOfCertificates+' / '+timeRange+'s = '+
+ (result.header.totalNumberOfCertificates/timeRange)+'</font></td>');
+ }
+ document.writeln('</tr>');
+
+ document.writeln('<tr>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Max</font></td>');
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(' '+maxReqs+' / '+result.header.interval+'s = '+
+ (maxReqs/result.header.interval)+'</font></td>');
+ if (addCerts == 1) {
+ document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write(' '+maxCerts+' / '+result.header.interval+'s = '+
+ (maxCerts/result.header.interval)+'</font></td>');
+ }
+ document.writeln('</tr>');
+ }
+ document.writeln('</table><br>');
+
+ document.writeln('<DIV ALIGN="CENTER">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('This table presents authority activity in the time range of '+
+ timeRange+' seconds divided into '+result.header.numberOfIntervals+
+ ' intervals ('+result.header.interval+' seconds each).');
+ document.writeln('</font>');
+ document.writeln('</DIV>');
+ }
+} else {
+ document.writeln('Error');
+}
+
+
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/notImplemented.html b/base/ca/shared/webapps/ca/agent/ca/notImplemented.html
new file mode 100644
index 000000000..cbdd43f6a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/notImplemented.html
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Not implemented</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Not Implemented</font><br>
+<!--
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">This will be completed on next beta release.</font><br><br>
+-->
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/processCertReq.template b/base/ca/shared/webapps/ca/agent/ca/processCertReq.template
new file mode 100644
index 000000000..4d263fefd
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/processCertReq.template
@@ -0,0 +1,228 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+<!--
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + number;
+}
+
+function renderFoot()
+{
+ document.writeln("");
+ document.writeln('<FORM ACTION= 'processCertReq?seqNum='+result.header.seqNum+
+ ' METHOD=POST>');
+ document.writeln('<INPUT TYPE="HIDDEN" NAME="seqNum" VALUE="'+result.header.seqNum +'">');
+
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+ document.writeln('<tr><td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+ if (result.header.assignedTo == null ||
+ result.header.assignedTo == result.header.callerName) {
+ document.writeln('<SELECT NAME="toDo">');
+ document.writeln('<OPTION VALUE="clone">Clone this request</OPTION>');
+ document.writeln('</SELECT>&nbsp;&nbsp;');
+ document.writeln('<INPUT TYPE="submit" Value="Do It" width="72">&nbsp;&nbsp;');
+ //document.writeln('<INPUT TYPE="reset" VALUE="Reset" width="72">&nbsp;&nbsp;');
+ }
+ // document.writeln('<INPUT TYPE="button" VALUE="Help" width="72"');
+ // document.writeln('onClick="help(\'http://www.redhat.com/docs/manuals/cert-system#1005417\')">');
+ document.writeln('</td></tr></table>');
+ document.writeln('</form>');
+}
+
+if (result.header.seqNum == null) {
+ document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Problem Processing Your Request</font>');
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif">');
+ agent/document.writeln('<tr><td>&nbsp;</td></tr></table>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('<P>The Certificate Manager encountered a problem while processing your request.');
+ document.writeln('&nbsp;&nbsp;The following is a detailed message of the error that occurred.');
+ if (result.header.errors != null || result.header.errorDetails != null) {
+ document.writeln('<blockquote><B><pre>');
+ if (result.header.errors != null) document.writeln(result.header.errors);
+ if (result.header.errorDetails != null) document.writeln(result.header.errorDetails);
+ document.writeln('</pre></B></blockquote>');
+ }
+ document.write('<P>Please consult your local administrator for further assistance.');
+ document.write('&nbsp;&nbsp;The Certificate System logs may provide further information.');
+ document.writeln('</font>');
+} else {
+ document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Request <b>' + result.header.seqNum + '</b></font>');
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif">');
+ document.writeln('<tr><td>&nbsp;</td></tr></table>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+
+ if ((result.header.toDo == 'accept' || result.header.toDo == 'reject' ||
+ result.header.toDo == 'cancel') && result.header.status == 'pending') {
+ if (result.header.toDo == 'accept') {
+ document.writeln('<P>Request has not been accepted.');
+ }
+ if (result.header.toDo == 'reject') {
+ document.writeln('<P>Request has not been rejected.');
+ }
+ if (result.header.toDo == 'cancel') {
+ document.writeln('<P>Request has not been canceled.');
+ }
+ if (result.header.errors != null) {
+ document.writeln('<P>Additional information:');
+ document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+ }
+ }
+
+ if ((result.header.toDo == 'accept' || result.header.toDo == 'reject' ||
+ result.header.toDo == 'cancel') &&
+ (result.header.status == 'approved' || result.header.status == 'svc_pending')) {
+ document.writeln('<P>Request has been submitted.');
+ }
+
+ if ((result.header.toDo == 'accept' || result.header.toDo == 'reject') &&
+ result.header.status == 'rejected') {
+ document.writeln('<P>Request has been rejected.');
+ if (result.header.toDo == 'accept' && result.header.errors != null) {
+ document.writeln('<P>Additional information:');
+ document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+ }
+ }
+ if ((result.header.toDo == 'accept' || result.header.toDo == 'cancel') &&
+ result.header.status == 'canceled') {
+ document.writeln('<P>Request has been canceled.');
+ if (result.header.toDo == 'accept' && result.header.errors != null) {
+ document.writeln('<P>Additional information:');
+ document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+ }
+ }
+
+ if (result.header.toDo == 'clone') {
+ var cloneRequestLoc = '/' + result.header.authorityid +
+ '/processReq?seqNum='+
+ result.header.clonedRequestId;
+ var backRequestLoc = '/' + result.header.authorityid +
+ '/processReq?seqNum='+
+ result.header.seqNum;
+ document.writeln('<P>Request has been cloned as '+
+ '<a href="'+cloneRequestLoc+'">request '+
+ result.header.clonedRequestId+'</a>.');
+ document.writeln('<P>Go back to '+
+ '<a href="'+backRequestLoc+'">request '+
+ result.header.seqNum+'</a>.');
+ }
+
+ // XXX set repeat record of issued certs.
+ if (result.header.toDo == 'accept' &&
+ result.header.status == 'complete') {
+ if (result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') {
+ if (result.header.serialNumber != null &&
+ result.header.authorityid != null) {
+ document.write('<P>Generated certificate(s) with serial number(s): ');
+ document.writeln('0x'+result.header.serialNumber+'&nbsp;&nbsp;&nbsp;');
+ if (typeof(result.header.grantError) != "undefined") {
+ document.writeln('<P>');
+ if (result.header.grantError == 'SUCCESS') {
+ document.writeln('User ID '+result.header.grantUID+
+ ' has been created using this certificate with '+
+ result.header.grantPrivilege+
+ ' privileges.');
+ }
+ else {
+ var grantAccess = "trusted manager or agent";
+ if (typeof(result.header.grantPrivilege) != "undefined")
+ grantAccess = result.header.grantPrivilege;
+
+ document.writeln('However, a '+grantAccess+
+ ' was not created from this request in the'+
+ ' user and group database.<br>');
+ document.writeln(
+ 'Error details: <b>'+result.header.grantError+'</b>');
+ document.writeln(
+ '<p>You can still create a '+grantAccess+
+ ' with this certificate through the Console.');
+ }
+ }
+
+ document.writeln('<FORM METHOD=post ACTION="/'+ result.header.authorityid +
+ '/displayCertFromRequest">\n');
+ document.writeln('<INPUT TYPE=hidden NAME="requestId" VALUE="'+
+ result.header.seqNum +'">\n');
+ document.writeln('<INPUT TYPE=hidden NAME="op" VALUE="displayBySerial">\n');
+ document.writeln('<INPUT TYPE=hidden NAME="serialNumber" VALUE="'+
+ '0x'+result.header.serialNumber +'">\n');
+ document.writeln('<INPUT TYPE=submit VALUE="Show Certificate" width="72"></FORM>\n');
+/*
+ if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ if (result.header.certsUpdated > 0) {
+ document.writeln('<P>The certificate(s) have been successfully published.');
+ } else {
+ document.writeln('<P>One or more certificates could not be published. See log files for more details.');
+ }
+ }
+*/
+ } else {
+ document.writeln('<P>Request has been completed but no certificate has been generated.');
+ if (result.header.errors != null) {
+ document.writeln('<P>Additional information:');
+ document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+ }
+ document.write('<P>The Certificate System logs may provide further information.');
+ document.write('<P>');
+ renderFoot();
+ }
+ } else {
+ document.writeln('<P>Request has been completed.');
+ if (result.header.errors != null) {
+ document.writeln('<P>Additional information:');
+ document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+ document.write('<P>The Certificate System logs may provide further information.');
+ }
+ }
+ }
+
+ document.writeln('</font>');
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/processReq.template b/base/ca/shared/webapps/ca/agent/ca/processReq.template
new file mode 100644
index 000000000..172125e38
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/processReq.template
@@ -0,0 +1,1415 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display Request</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/dynamicVars.js"></SCRIPT>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+<!--
+if (header.profile == 'true') {
+ document.location="profileReview?requestId=" + header.seqNum;
+}
+var lengthOptions = new Array(0, "",
+ 86400, "1 Day",
+ 604800, "1 Week",
+ 1209600, "2 Weeks",
+ 2592000, "1 Month (30 days)",
+ 15552000, "6 Months (180 days)",
+ 31536000, "1 Year (365 days)",
+ 46656000, "18 Months (540 days)",
+ 63072000, "2 Years (730 days)");
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var str0 = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ str0 += str.substring(i0, i1);
+ str0 += " ";
+ i0 = i1;
+ } else {
+ str0 += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ i0 = 0;
+ i1 = 0;
+ while (i1 < str0.length) {
+ i1 = str0.indexOf('+', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str0.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str0.substring(i0, str0.length);
+ i1 = str0.length;
+ }
+ }
+
+ return outStr;
+}
+
+function renderRequestInfo()
+{
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Request</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Status:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.status + '</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Type:</font></td>');
+ document.write('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.requestType != null) {
+ document.write(result.header.requestType);
+ } else {
+ document.write('unknown');
+ }
+ document.writeln('</font></td></tr>');
+
+ if (result.header.status == 'pending') {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Assigned to:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ((result.header.assignedTo != null)? result.header.assignedTo: 'unassigned')+
+ '&nbsp;&nbsp;&nbsp;');
+ if (result.header.assignedTo == null) {
+ document.write('<a href="processReq?doAssign=toMe&seqNum='+
+ result.header.seqNum + '"' +
+ 'onMouseOver="return helpstatus(\'Click to assign the '+
+ 'request to yourself\')" '+
+ 'onMouseOut="return helpstatus(\'\')">'+
+ 'assign to me</a>');
+ } else if (result.header.assignedTo != result.header.callerName) {
+ document.write('<a href="processReq?doAssign=reassignToMe&seqNum=' +
+ result.header.seqNum + '"' +
+ 'onMouseOver=" return helpstatus(\'Click to re-assign the '+
+ 'request to yourself\')" '+
+ 'onMouseOut="return helpstatus(\'\')">'+
+ 're-assign to me</a>');
+ } else if (result.header.assignedTo == result.header.callerName) {
+ document.write('<a href="processReq?doAssign=reassignToNobody&seqNum=' +
+ result.header.seqNum + '"' +
+ 'onMouseOver=" return helpstatus(\'Click to cancel request '+
+ 'assignment\')" '+
+ 'onMouseOut="return helpstatus(\'\')">'+
+ 'cancel request assignment</a>');
+ }
+ document.writeln('</font></td></tr>');
+
+// document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+// ((result.header.assignedTo != null)? result.header.assignedTo: 'unassigned')+
+// '</font></td></tr>');
+ }
+
+ if (result.header.certType != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Certificate type:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.certType + '</font></td></tr>');
+ }
+
+ if (result.header.status == 'complete' && result.header.Result != null &&
+ result.header.Result == '2' && result.header.errors != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Error:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.errors + '</font></td></tr>');
+ }
+}
+
+function renderRequesterInfo()
+{
+ if (result.header.requestType != 'revocation' &&
+ result.header.requestType != 'unrevocation' &&
+ result.header.requestType != 'getCertificates' &&
+ (result.header.csrRequestorName != null ||
+ result.header.csrRequestorEmail != null ||
+ result.header.csrRequestorPhone != null ||
+ result.header.subject != null)) {
+
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Subject (requester)</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Subject name:</font></td>');
+ if (result.header.status == 'pending') {
+ document.writeln('<td valign="top" colspan="2">'+
+ '<INPUT TYPE="TEXT" NAME="subject" SIZE=40 MAXLENGTH=254 VALUE="'+
+ ((result.header.subject != null)? result.header.subject: '') +
+ '"></font></td></tr>');
+ } else {
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ((result.header.subject != null)? addSpaces(result.header.subject): '') +
+ '</font></td></tr>');
+ }
+
+ if (result.header.csrRequestorName != null &&
+ result.header.csrRequestorName != "") {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Name:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.csrRequestorName + '</font></td></tr>');
+ }
+
+ if (result.header.csrRequestorEmail != null &&
+ result.header.csrRequestorEmail != "") {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Email:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.csrRequestorEmail + '</font></td></tr>');
+ }
+
+ if (result.header.csrRequestorPhone != null &&
+ result.header.csrRequestorPhone != "") {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Phone:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.csrRequestorPhone + '</font></td></tr>');
+ }
+ }
+
+ if (result.header.csrRequestorComments != null &&
+ result.header.csrRequestorComments != "") {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Comments:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.csrRequestorComments + '</font></td></tr>');
+ }
+}
+
+function renderPublicKeyInfo()
+{
+ if (result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Subject public key</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Algorithm:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.subjectPublicKeyInfo + '</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Public key:</font></td>');
+ document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.subjectPublicKey.replace(/\n/g, "<br>") + '</font></td></tr>');
+
+ //if (result.header.status == 'pending') {
+ //document.writeln('<tr><td valign="top" align="right"></td>');
+ //document.writeln('<td valign="top">'+
+ //'<INPUT TYPE="checkbox" NAME="checkPubKeyUniqueness" VALUE="no">'+
+ //'</td>');
+ //document.writeln('<td valign="top" align=left>'+
+ //'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ //'Override public key uniqueness requirement'+
+ //'</font></td>');
+ //}
+ }
+}
+
+function renderSelectionWithNames(name, from, to, selected, names)
+{
+ document.writeln('<SELECT NAME="'+name+'" onChange="checkValidityLength()">');
+ for (var i = from; i < to; i++) {
+ if (i == selected) {
+ document.writeln('<OPTION VALUE='+i+' SELECTED>'+names[i]);
+ } else {
+ document.writeln('<OPTION VALUE='+i+'>'+names[i]);
+ }
+ }
+ document.writeln('</SELECT>');
+}
+
+function renderSelection(name, from, to, selected)
+{
+ document.writeln('<SELECT NAME="'+name+'" onChange="checkValidityLength()">');
+ for (var i = from; i < to; i++) {
+ if (i == selected) {
+ document.writeln('<OPTION VALUE='+i+' SELECTED>'+i);
+ } else {
+ document.writeln('<OPTION VALUE='+i+'>'+i);
+ }
+ }
+ document.writeln('</SELECT>');
+}
+
+function checkValidityLength()
+{
+ var i;
+ var fromDate;
+ i = document.forms[0].fromDay.selectedIndex;
+ var day = document.forms[0].fromDay.options[i].value;
+ i = document.forms[0].fromMonth.selectedIndex;
+ var month = document.forms[0].fromMonth.options[i].value;
+ i = document.forms[0].fromYear.selectedIndex;
+ var year = document.forms[0].fromYear.options[i].value;
+ i = document.forms[0].fromHour.selectedIndex;
+ var hour = document.forms[0].fromHour.options[i].value;
+ i = document.forms[0].fromMinute.selectedIndex;
+ var minute = document.forms[0].fromMinute.options[i].value;
+ i = document.forms[0].fromSecond.selectedIndex;
+ var second = document.forms[0].fromSecond.options[i].value;
+
+ fromDate = new Date(year,month,day,hour,minute,second);
+ if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return;
+ }
+ var fromTime = fromDate.getTime();
+
+ var toDate;
+ i = document.forms[0].toDay.selectedIndex;
+ day = document.forms[0].toDay.options[i].value;
+ i = document.forms[0].toMonth.selectedIndex;
+ month = document.forms[0].toMonth.options[i].value;
+ i = document.forms[0].toYear.selectedIndex;
+ year = document.forms[0].toYear.options[i].value;
+ i = document.forms[0].toHour.selectedIndex;
+ hour = document.forms[0].toHour.options[i].value;
+ i = document.forms[0].toMinute.selectedIndex;
+ minute = document.forms[0].toMinute.options[i].value;
+ i = document.forms[0].toSecond.selectedIndex;
+ second = document.forms[0].toSecond.options[i].value;
+
+ toDate = new Date(year,month,day,hour,minute,second);
+ if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return;
+ }
+ var toTime = toDate.getTime();
+
+ var len = (toTime - fromTime)/1000;
+
+ for (i=2; i < lengthOptions.length; i+=2) {
+ if (lengthOptions[i] == len) {
+ document.forms[0].validityLength.selectedIndex = i/2;
+ break;
+ }
+ }
+
+ if (i >= lengthOptions.length)
+ document.forms[0].validityLength.selectedIndex = 0;
+
+ if (len < 0)
+ alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+
+ return;
+}
+
+function updateEndDate()
+{
+ var i;
+ var fromDate;
+ i = document.forms[0].fromDay.selectedIndex;
+ var day = document.forms[0].fromDay.options[i].value;
+ i = document.forms[0].fromMonth.selectedIndex;
+ var month = document.forms[0].fromMonth.options[i].value;
+ i = document.forms[0].fromYear.selectedIndex;
+ var year = document.forms[0].fromYear.options[i].value;
+ i = document.forms[0].fromHour.selectedIndex;
+ var hour = document.forms[0].fromHour.options[i].value;
+ i = document.forms[0].fromMinute.selectedIndex;
+ var minute = document.forms[0].fromMinute.options[i].value;
+ i = document.forms[0].fromSecond.selectedIndex;
+ var second = document.forms[0].fromSecond.options[i].value;
+
+ fromDate = new Date(year,month,day,hour,minute,second);
+ if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return;
+ }
+ var fromTime = fromDate.getTime();
+
+ i = document.forms[0].validityLength.selectedIndex;
+ var len = document.forms[0].validityLength.options[i].value;
+ var toDate = new Date(fromTime + len*1000);
+
+ document.forms[0].toDay.selectedIndex = toDate.getDate() - 1;
+ document.forms[0].toMonth.selectedIndex = toDate.getMonth();
+ document.forms[0].toHour.selectedIndex = toDate.getHours();
+ document.forms[0].toMinute.selectedIndex = toDate.getMinutes();
+ document.forms[0].toSecond.selectedIndex = toDate.getSeconds();
+ i = document.forms[0].fromYear.options[0].value;
+ document.forms[0].toYear.selectedIndex = toDate.getFullYear() - i;
+}
+
+function getNotValidBefore()
+{
+ var i;
+ var fromDate;
+ i = document.forms[0].fromDay.selectedIndex;
+ var day = document.forms[0].fromDay.options[i].value;
+ i = document.forms[0].fromMonth.selectedIndex;
+ var month = document.forms[0].fromMonth.options[i].value;
+ i = document.forms[0].fromYear.selectedIndex;
+ var year = document.forms[0].fromYear.options[i].value;
+ i = document.forms[0].fromHour.selectedIndex;
+ var hour = document.forms[0].fromHour.options[i].value;
+ i = document.forms[0].fromMinute.selectedIndex;
+ var minute = document.forms[0].fromMinute.options[i].value;
+ i = document.forms[0].fromSecond.selectedIndex;
+ var second = document.forms[0].fromSecond.options[i].value;
+
+ fromDate = new Date(year,month,day,hour,minute,second);
+ if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return null;
+ }
+ return (fromDate.getTime())/1000;
+}
+
+function getNotValidAfter()
+{
+ var i;
+ var toDate;
+ i = document.forms[0].toDay.selectedIndex;
+ var day = document.forms[0].toDay.options[i].value;
+ i = document.forms[0].toMonth.selectedIndex;
+ var month = document.forms[0].toMonth.options[i].value;
+ i = document.forms[0].toYear.selectedIndex;
+ var year = document.forms[0].toYear.options[i].value;
+ i = document.forms[0].toHour.selectedIndex;
+ var hour = document.forms[0].toHour.options[i].value;
+ i = document.forms[0].toMinute.selectedIndex;
+ var minute = document.forms[0].toMinute.options[i].value;
+ i = document.forms[0].toSecond.selectedIndex;
+ var second = document.forms[0].toSecond.options[i].value;
+
+ toDate = new Date(year,month,day,hour,minute,second);
+ if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+ alert((++month)+"/"+day+"/"+year+" is invalid");
+ return null;
+ }
+ return (toDate.getTime())/1000;
+}
+
+function renderValidityInfo()
+{
+ if ((result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') &&
+ result.header.status == 'pending') {
+
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Validity</font></td></tr>');
+
+
+ var months = new Array("January", "February", "March", "April",
+ "May", "June", "July", "August",
+ "September", "October", "November", "December");
+
+ var sel = -1;
+ if (result.header.validityLength != null) {
+ if (result.header.validityLength == 0 &&
+ result.header.defaultValidityLength != null &&
+ result.header.defaultValidityLength > 0) {
+ result.header.validityLength = result.header.defaultValidityLength;
+ }
+ for (i=0; i < lengthOptions.length; i+=2) {
+ if (lengthOptions[i] == result.header.validityLength) {
+ sel = i;
+ break;
+ }
+ }
+ }
+ if (sel <= 0 && result.header.validityLength == 0) {
+ sel = 10; // 6 Months (180 days)
+ result.header.validityLength = lengthOptions[sel];
+ } else if (sel < 0 && result.header.validityLength > 0) {
+ sel = 0;
+ }
+
+ var startDay = new Date(serverdate);
+ var year = startDay.getFullYear();
+ var time = startDay.getTime();
+ time += 1000*result.header.validityLength;
+ var endDay = new Date(time);
+
+
+ document.writeln('<tr><td align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Not valid before:</font></td>');
+ document.writeln('<td valign="top" colspan="2">');
+
+ renderSelection("fromDay", 1, 32, startDay.getDate());
+ renderSelectionWithNames("fromMonth", 0, months.length, startDay.getMonth(), months);
+ renderSelection("fromYear", year-2, year+10, year);
+ document.writeln('&nbsp;&nbsp;');
+ renderSelection("fromHour", 0, 24, startDay.getHours());
+ renderSelection("fromMinute", 0, 60, startDay.getMinutes());
+ renderSelection("fromSecond", 0, 60, startDay.getSeconds());
+
+ document.writeln('</td></tr>');
+
+
+ document.writeln('<tr><td align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Not valid after:</font></td>');
+
+ document.writeln('<td valign="top" colspan="2">');
+
+ renderSelection("toDay", 1, 32, endDay.getDate());
+ renderSelectionWithNames("toMonth", 0, months.length, endDay.getMonth(), months);
+ renderSelection("toYear", year-2, year+10, endDay.getFullYear());
+ document.writeln('&nbsp;&nbsp;');
+ renderSelection("toHour", 0, 24, endDay.getHours());
+ renderSelection("toMinute", 0, 60, endDay.getMinutes());
+ renderSelection("toSecond", 0, 60, endDay.getSeconds());
+
+ document.writeln('</td></tr>');
+
+
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Length of validity period:</font></td>');
+
+ document.writeln('<td valign="top" colspan="2">');
+
+
+
+ // Output a selection menu with the requested value selected
+ document.writeln('<SELECT NAME="validityLength" onChange="updateEndDate()">');
+ for (i=0; i < lengthOptions.length; i+=2) {
+ if (i == sel) {
+ document.writeln('<OPTION VALUE='+lengthOptions[i]+' SELECTED>'+lengthOptions[i+1]);
+ } else {
+ document.writeln('<OPTION VALUE='+lengthOptions[i]+'>'+lengthOptions[i+1]);
+ }
+ }
+ document.writeln('</SELECT>');
+
+ document.writeln('</td></tr>');
+
+
+// document.writeln('<tr><td valign="top" align="right"></td>');
+// document.writeln('<td valign="top">'+
+// '<INPUT TYPE="checkbox" NAME="checkValidityNesting" VALUE="no">'+
+// '</td>');
+// document.writeln('<td valign="top" aligh=left>'+
+// '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+// 'Override validity nesting requirement'+
+// '</font></td></tr>');
+ }
+}
+
+function renderExtensionsInfo()
+{
+ if ((result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') &&
+ result.header.status == 'pending') {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Extensions</font></td></tr>');
+
+ // NS Cert Type Extension
+
+ var clientcert = "";
+ var servercert = "";
+ var emailcert = "";
+ var objectsigningcert = "";
+ var cacert = "";
+ var sslcacert = "";
+ var emailcacert = "";
+ var objectsigningcacert = "";
+
+ if (result.header.ext_ssl_client != null && result.header.ext_ssl_client == "true") {
+ clientcert = "CHECKED";
+ }
+ if (result.header.ext_ssl_server != null && result.header.ext_ssl_server == "true") {
+ servercert = "CHECKED";
+ }
+ if (result.header.ext_email != null && result.header.ext_email == "true") {
+ emailcert = "CHECKED";
+ }
+ if (result.header.ext_object_signing != null && result.header.ext_object_signing == "true") {
+ objectsigningcert = "CHECKED";
+ }
+ if (result.header.ext_ssl_ca != null && result.header.ext_ssl_ca == "true") {
+ sslcacert = "CHECKED";
+ }
+ if (result.header.ext_email_ca != null && result.header.ext_email_ca == "true") {
+ emailcacert = "CHECKED";
+ }
+ if (result.header.ext_object_signing_ca != null && result.header.ext_object_signing_ca == "true") {
+ objectsigningcacert = "CHECKED";
+ }
+ if (result.header.certType == 'ca') {
+ cacert = "CHECKED";
+ }
+
+ if (result.header.certType == "ca") {
+ document.writeln('<tr><td valign="top" align="right" rowspan="7">');
+ } else {
+ document.writeln('<tr><td valign="top" align="right" rowspan="4">');
+ }
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Netscape certificate type (usage):</font></td>');
+
+ document.writeln('<td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + clientcert +
+ ' NAME="certTypeSSLClient" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' SSL Client</font></td></tr>');
+ document.writeln('<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + servercert +
+ ' NAME="certTypeSSLServer" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' SSL Server</font></td></tr>');
+ document.writeln('<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + emailcert +
+ ' NAME="certTypeEmail" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' Secure Email</font></td></tr>');
+ if (result.header.certType == "client") {
+ document.writeln(
+ '<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + objectsigningcert +
+ ' NAME="certTypeObjSigning" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' Object Signing</font></td></tr>');
+ }
+
+ if (result.header.certType == "ca") {
+ document.writeln('<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + sslcacert +
+ ' NAME="certTypeSSLCA" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' Subordinate SSL CA</font></td></tr>');
+ document.writeln('<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + emailcacert +
+ ' NAME="certTypeEmailCA" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' Subordinate Email CA</font></td></tr>');
+ document.writeln('<tr><td valign="top">'+
+ '<INPUT TYPE=CHECKBOX ' + objectsigningcacert +
+ ' NAME="certTypeObjSigningCA" VALUE="yes">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' Subordinate Executable Object Signing CA</font></td></tr>');
+ }
+ document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+
+
+ // Basic Constraints Extension
+ if (result.header.pathLenBasicConstraints != null) {
+ document.writeln('<tr><td valign="top" align="right">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Basic Constraints:</font></td>');
+ document.write('<td valign="top" colspan="2">' +
+ '<INPUT TYPE="TEXT" NAME="pathLenBasicConstraint" SIZE=8 MAXLENGTH=10');
+ if (result.header.pathLenBasicConstraints >= 0 &&
+ result.header.caPathLen != null && (result.header.caPathLen < 0 ||
+ (result.header.caPathLen > 0 &&
+ result.header.pathLenBasicConstraints < result.header.caPathLen))) {
+ document.writeln(' VALUE="'+ result.header.pathLenBasicConstraints + '">');
+ } else if (result.header.caPathLen != null && result.header.caPathLen > 0) {
+ document.writeln(' VALUE="'+ (result.header.caPathLen-1) + '">');
+ } else if (result.header.caPathLen != null && result.header.caPathLen == 0) {
+ document.writeln(' VALUE="0">');
+ } else {
+ document.writeln(' VALUE="">');
+ }
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '&nbsp;Path Length Constraint</font>');
+ document.writeln('<INPUT TYPE="HIDDEN" NAME="pathLenConstraint" VALUE="">');
+ document.writeln('</td></tr>');
+ }
+ document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+
+
+ // handle Presence Server Extension
+ if (result.header.PresenceServerExtension != null) {
+ document.writeln('<tr><td valign="top" align="right">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ 'Presence Server Extension:</font></td>');
+ document.write('<td valign="top" colspan="2">');
+ document.write('<input type=checkbox name="PSE_Enable" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Enable</font><br>');
+ document.write('<input type=checkbox name="PSE_Critical" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Critical</font><br>');
+ document.write('<input type=text name="PSE_Version" value=""><font size= "-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Version (Integer)</font><br>');
+ document.write('<input type=text name="PSE_StreetAddress" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Street Address (String)</font><br>');
+ document.write('<input type=text name="PSE_TelephoneNumber" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Telephone Number (String)</font><br>');
+ document.write('<input type=text name="PSE_RFC822Name" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;RFC822 Name (String)</font><br>');
+ document.write('<input type=text name="PSE_IMID" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;IM ID (String)</font><br>');
+ document.write('<input type=text name="PSE_HostName" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Host Name (String)</font><br>');
+ document.write('<input type=text name="PSE_PortNumber" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Port Number (Integer)</font><br>');
+ document.write('<input type=text name="PSE_MaxUsers" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Max Users (Integer)</font><br>');
+ document.write('<input type=text name="PSE_ServiceLevel" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Service Level (Integer)</font><br>');
+ document.write('</td>');
+ document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+ }
+ // Other extensions
+
+ if (result.recordSet.length > 0) {
+ var nRows = 0;
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (typeof(result.recordSet[i].ext_prettyprint) == "undefined")
+ continue;
+ else
+ nRows++;
+ }
+ nRows++;
+ document.writeln('<tr><td valign="top" align="right" rowspan="'+nRows+'">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Other Extensions:</font></td></tr>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (typeof(result.recordSet[i].ext_prettyprint) == "undefined")
+ continue;
+ document.writeln('<tr><td valign="top" align="left" >'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<pre>'+ result.recordSet[i].ext_prettyprint+
+ '</pre></font></td><td></td><td></td></tr>');
+ }
+ }
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Additional Extensions:</font></td>\n<td valign="top" colspan="2">'+
+ '<textarea name="addExts" rows="5" cols="40"></textarea></td></tr>');
+ }
+}
+
+function renderSignatureInfo()
+{
+ if ((result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') &&
+ result.header.status == 'pending' &&
+ result.header.validAlgorithms != null) {
+
+ algorithmName = result.header.validAlgorithms.split('+');
+ if (algorithmName.length > 0) {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Signature</font></td></tr>');
+
+ document.writeln('<tr><td align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Algorithm:</font></td>');
+
+ document.writeln('<td valign="top" colspan="2">');
+ document.writeln('<SELECT NAME="signatureAlgorithm">');
+
+ var signingAlgorithm;
+ if (result.header.caSigningAlgorithm != null)
+ signingAlgorithm = result.header.caSigningAlgorithm;
+ else
+ signingAlgorithm = result.header.signatureAlgorithmName;
+
+ var i;
+ for (i = 0; i < algorithmName.length; i++) {
+ document.write('<OPTION VALUE="' + algorithmName[i] + '"');
+ if (signingAlgorithm == algorithmName[i])
+ document.write(' SELECTED');
+ document.writeln('>' + algorithmName[i] + '</OPTION>');
+ }
+
+ document.writeln('</SELECT>');
+ document.writeln('</td></tr>');
+ }
+ }
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderCertificateInfo()
+{
+ if ((result.header.status == 'complete' &&
+ (result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal')) ||
+ result.header.requestType == 'getRevocationInfo') {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.requestType == 'getRevocationInfo') {
+ document.writeln('Certificate</font></td></tr>');
+ } else {
+ document.writeln('Issued certificate</font></td></tr>');
+ }
+
+ if (result.header.serialNumber != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Serial number:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<a href="displayBySerial?serialNumber='+
+ '0x'+result.header.serialNumber + '"' +
+ ' onMouseOver=" return helpstatus(\'Click to display this '+
+ 'certificate \')" onMouseOut="return helpstatus(\'\')">');
+ document.write(renderHexNumber(result.header.serialNumber,8));
+ if (result.header.serialNumber2 != null) {
+ document.writeln('</a>&nbsp;');
+ document.writeln('<a href="displayBySerial?serialNumber='+
+ '0x'+result.header.serialNumber2 + '"' +
+ ' onMouseOver=" return helpstatus(\'Click to display this '+
+ 'certificate \')" onMouseOut="return helpstatus(\'\')">');
+ document.write(renderHexNumber(result.header.serialNumber2,8));
+ }
+ document.writeln('</a></font></td></tr>');
+
+ if (result.header.requestType == 'getRevocationInfo' &&
+ result.header.status == 'complete') {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Verified</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.reason == null) {
+ document.writeln('as not revoked');
+ } else {
+ document.write('as revoked with the reason:&nbsp;'+
+ result.header.reason);
+ }
+ document.writeln('</font></td></tr>');
+ }
+ } else {
+ if (result.header.requestType == 'getRevocationInfo') {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('');
+ } else {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Error:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Certificate not issued');
+ }
+ document.writeln('</font></td></tr>');
+
+ if (result.header.errors != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Additional information:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.errors + '</font></td></tr>');
+ }
+ }
+ }
+
+ if (result.header.requestType == 'revocation' ||
+ result.header.requestType == 'unrevocation' ||
+ result.header.requestType == 'getCertificates' ||
+ result.header.requestType == 'getCAChain') {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet.length > 0) {
+ if (result.header.requestType == 'getCAChain') {
+ document.writeln('Certificate Chain</font></td></tr>');
+ } else if (result.recordSet.length > 1) {
+ document.writeln('Certificates</font></td></tr>');
+ } else {
+ document.writeln('Certificate</font></td></tr>');
+ }
+ for (var i = 0; i < result.recordSet.length; i++) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Serial number:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.requestType != 'getCAChain') {
+ document.writeln('<a href="displayBySerial?serialNumber='+
+ '0x'+result.recordSet[i].serialNumber + '"' +
+ ' onMouseOver=" return helpstatus(\'Click to display this '+
+ 'certificate \')" onMouseOut="return helpstatus(\'\')">');
+ }
+ document.writeln(renderHexNumber(result.recordSet[i].serialNumber,8) +
+ '</font></a></td></tr>');
+ if (result.recordSet[i].reason != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Reason:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.recordSet[i].reason +'</font></a></td></tr>');
+ }
+ }
+ } else {
+ if (result.header.requestType == 'getCAChain') {
+ document.writeln('Certificate Chain</font></td></tr>');
+ } else {
+ document.writeln('Certificates</font></td></tr>');
+ }
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Error:</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Request contains no certificate to revoke.</font></a></td></tr>');
+ }
+ }
+}
+
+function renderFingerprints()
+{
+ if (result.header.fingerprints != null) {
+
+ fingerprintValues = result.header.fingerprints.split('+');
+ if (fingerprintValues.length > 0) {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Fingerprints</font></td></tr>');
+
+ var i;
+ for (i = 0; i < fingerprintValues.length; i += 2) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ fingerprintValues[i] + ':</font></td>');
+ document.writeln('<td valign="top" colspan="2">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(fingerprintValues[i+1] +'</font></a></td></tr>');
+ }
+ }
+ }
+}
+
+function renderPolicyInfo()
+{
+ if ((result.header.status == 'rejected' || result.header.status == 'canceled') &&
+ result.header.errors != null) {
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Policy information</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="left" colspan="3">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><pre>');
+ document.writeln(result.header.errors);
+ document.writeln('</pre></font></td></tr>');
+ }
+}
+
+function renderLongStrings(value)
+{
+ var len = value.toString().length;
+ if (len > 64 && value.toString().indexOf("\n") > 0) {
+ document.writeln(value.toString().replace(/\n/g, "<br>"));
+ } else if (len > 64) {
+ for (var i = 0; i < len; i += 64) {
+ var n = len;
+ var b = "";
+ if (i+64 < len) {
+ n = i + 64;
+ b = "<br>";
+ }
+ document.writeln(value.toString().substring(i, n)+b);
+ }
+ } else {
+ document.writeln(value);
+ }
+}
+
+function renderNameAndValue(name, value)
+{
+ document.writeln('<tr><td valign="top" align="right">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(name);
+ document.writeln('</font></td>');
+ document.writeln('<td valign="top" align="left" colspan="2">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ renderLongStrings(value);
+ document.writeln('</font></td></tr>');
+}
+
+function renderRequestAttrs()
+{
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Unauthenticated Request Attributes</font></td></tr>');
+
+ if (result.header.HTTP_PARAMS.length > 0) {
+ for (var i = 0; i < result.header.HTTP_PARAMS.length; i++) {
+ renderNameAndValue("HTTP_PARAMS."+result.header.HTTP_PARAMS[i].name+":", result.header.HTTP_PARAMS[i].value);
+ }
+ }
+ if (result.header.HTTP_HEADERS.length > 0) {
+ document.writeln("");
+ for (var j = 0; j < result.header.HTTP_HEADERS.length; j++) {
+ renderNameAndValue("HTTP_HEADERS."+result.header.HTTP_HEADERS[j].name+":", result.header.HTTP_HEADERS[j].value);
+ }
+ }
+
+ document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Authenticate Request Attributes (from authentication, policy and other server modules)</font></td></tr>');
+ if (result.header.AUTH_TOKEN.length > 0) {
+ document.writeln("");
+ for (var k = 0; k < result.header.AUTH_TOKEN.length; k++) {
+ if (result.header.AUTH_TOKEN[k].name == 'authtime') {
+ renderNameAndValue("AUTH_TOKEN."+result.header.AUTH_TOKEN[k].name+":",
+ new Date(parseInt(result.header.AUTH_TOKEN[k].value)));
+ } else if (result.header.AUTH_TOKEN[k].name == 'authTime') {
+ continue;
+ } else {
+ renderNameAndValue("AUTH_TOKEN."+result.header.AUTH_TOKEN[k].name+":",
+ result.header.AUTH_TOKEN[k].value);
+ }
+ }
+ }
+ if (result.header.SERVER_ATTRS.length > 0) {
+ document.writeln("");
+ for (var l = 0; l < result.header.SERVER_ATTRS.length; l++) {
+ //if (result.header.SERVER_ATTRS[l].name != 'CERT_INFO')
+ renderNameAndValue(result.header.SERVER_ATTRS[l].name+":", result.header.SERVER_ATTRS[l].value);
+ }
+ }
+
+}
+
+
+function getValue(str, name)
+{
+ var i = str.indexOf(name);
+ var s = "";
+ if (i > -1) {
+ var j = str.indexOf(",", i);
+ if (j > -1) {
+ s += str.substring(i+name.length, j);
+ } else {
+ s += str.substring(i+name.length);
+ }
+ j = s.indexOf("@");
+ if (j > -1) {
+ s = s.substring(0, j);
+ }
+ }
+ return s;
+}
+
+function renderGrantPrivileges()
+{
+ if ((result.header.requestType != 'Enrollment' &&
+ result.header.requestType != 'enrollment') ||
+ result.header.status != 'pending' ||
+ (result.header.ext_ssl_client != "true" &&
+ result.header.ext_ssl_server != "true" &&
+ result.header.ext_email != "true" &&
+ result.header.ext_object_signing != null &&
+ result.header.ext_object_signing == "true"))
+ return;
+
+ var id = "";
+ if (result.header.subject != null) {
+ id = getValue(result.header.subject, "UID=");
+ if (id.length < 1)
+ id = getValue(result.header.subject, "E=");
+ }
+
+ if (result.header.certType == 'ra') {
+ if (result.header.requestTrustedManagerPrivilege != "undefined" &&
+ result.header.requestTrustedManagerPrivilege == "true")
+ checked = "CHECKED";
+ else
+ checked = "UNCHECKED";
+
+ document.writeln(
+ '<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln(
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Privileges</font></td></tr>');
+ document.writeln('<tr><td valign=top align=right></td>');
+ document.writeln('<td valign="top">'+
+ '<input type=checkbox '+checked+
+ ' name="grantTrustedManagerPrivilege">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' This certificate is for a Trusted Manager'+
+ '</font></td></tr>');
+ if (id.length < 1) id = "ra" + result.header.seqNum;
+ document.writeln('<tr>'+
+ '<td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'New User ID for the Trusted Manager:'+'</font></td>'+
+ '<td valign="top" align="left">'+
+ '<input type=text name=grantUID size=15 value="'+id+'">'+
+ '</td></tr>');
+ }
+ else if (result.header.certType == 'client') {
+ document.writeln(
+ '<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+ document.writeln(
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Privileges</font></td></tr>');
+ if (typeof(result.header.localca) != "undefined") {
+ document.writeln('<tr><td valign=top align=right></td>'+
+ '<td valign="top">'+
+ '<input type=checkbox name="grantCMAgentPrivilege">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' This certificate is for a Certificate Manager agent'+
+ '</font></td></tr>');
+ }
+ if (typeof(result.header.localkra) != "undefined") {
+ document.writeln('<tr><td valign=top align=right></td>'+
+ '<td valign="top">'+
+ '<input type=checkbox name="grantDRMAgentPrivilege">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' This certificate is for a Data Recovery Manager agent'+
+ '</font></td></tr>');
+ }
+ if (typeof(result.header.localra) != "undefined") {
+ document.writeln('<tr><td valign=top align=right></td>'+
+ '<td valign="top">'+
+ '<input type=checkbox name="grantRMAgentPrivilege">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ ' This certificate is for a Registration Manager agent'+
+ '</font></td></tr>');
+ }
+ if (id.length < 1) id = "u" + result.header.seqNum;
+ document.writeln('<tr>'+
+ '<td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'New User ID for the agent:'+'</font></td>'+
+ '<td valign="top" align="left">'+
+ '<input type=text name="grantUID" size=30 value="'+id+'">'+
+ '</td></tr>');
+ }
+}
+
+function renderFoot()
+{
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+ document.writeln('<tr><td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+
+ document.writeln('<SELECT NAME="toDo">');
+ if (result.header.status == 'pending' &&
+ (result.header.assignedTo == null ||
+ result.header.assignedTo == result.header.callerName)) {
+ document.writeln('<OPTION VALUE="accept">Accept this request</OPTION>');
+ document.writeln('<OPTION VALUE="cancel">Cancel this request</OPTION>');
+ document.writeln('<OPTION VALUE="reject">Reject this request</OPTION>');
+ } else if (result.header.status == 'svc_pending') {
+ document.writeln('<OPTION VALUE="cancel">Cancel this request</OPTION>');
+ }
+ document.writeln('<OPTION VALUE="clone">Clone this request</OPTION>');
+ document.writeln('</SELECT>&nbsp;&nbsp;');
+
+ document.writeln('<INPUT TYPE="submit" Value="Do It" width="72">&nbsp;&nbsp;');
+
+ // document.writeln('<INPUT TYPE="button" VALUE="Help" width="72"');
+ // document.writeln('onClick="help(\'http://www.redhat.com/docs/manuals/cert-system#Approving Requests\')">');
+ document.writeln('</td></tr></table>');
+}
+
+
+function isblank(s)
+{
+ for (var i=0; i<s.length; i++) {
+ var c = s.charAt(i)
+ if ((c != ' ') && (c != '\n') && (c != '\t') ) return false
+ }
+ return true
+}
+
+function checkSubject()
+{
+ if (document.forms[0].subject != null &&
+ document.forms[0].subject.value != null &&
+ document.forms[0].subject.value.length > 0) {
+
+ var outStr = "";
+ var str = "";
+ var subject = document.forms[0].subject.value;
+ var i0 = subject.indexOf('=');
+ var i1 = 0;
+ var i2 = 0;
+ var i3 = 0;
+ var i4 = 0;
+
+ if (i0 > -1) i0++;
+
+ while (i0 > -1 && i1 > -1) {
+ i1 = subject.indexOf('=', i0+1);
+ if (i1 > -1) {
+ str = subject.substring(i0, i1);
+ i2 = str.indexOf(',');
+ i3 = 0;
+ while (i2 > -1 && i3 > -1) {
+ i3 = str.indexOf(',', i2+1);
+ if (i3 > -1 && (i2 < 1 || str.charAt(i2-1) != "\\")) {
+ outStr += subject.substring(i4, i0+i2);
+ outStr += "\\";
+ i4 = i0+i2;
+ }
+ i2 = i3;
+ }
+ i0 = i1++;
+ } else {
+ str = subject.substring(i0, subject.length);
+ i2 = str.indexOf(',');
+ while (i2 > -1) {
+ if (i2 < 1 || str.charAt(i2-1) != "\\") {
+ outStr += subject.substring(i4, i0+i2);
+ outStr += "\\";
+ i4 = i0+i2;
+ }
+ i2++;
+ i2 = str.indexOf(',', i2);
+ }
+ }
+ }
+
+ if (i4 > 0) {
+ outStr += subject.substring(i4, subject.length);
+ document.forms[0].subject.value = outStr;
+ }
+ }
+}
+
+
+function uid_check()
+{
+ if ((result.header.requestType == 'Enrollment' ||
+ result.header.requestType == 'enrollment' ||
+ result.header.requestType == 'renewal') &&
+ result.header.status == 'pending') {
+
+ var t1 = getNotValidBefore();
+ if (t1 == null) return false;
+ var t2 = getNotValidAfter();
+ if (t2 == null) return false;
+ if (t1 > t2) {
+ alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+ return false;
+ }
+ document.forms[0].notValidBefore.value = t1;
+ document.forms[0].notValidAfter.value = t2;
+
+ if (result.header.pathLenBasicConstraints != null) {
+ if (result.header.caPathLen != null && result.header.caPathLen == 0 &&
+ document.forms[0].toDo.selectedIndex == 0) {
+ alert("This CA is not allowed to sign subordinate CA certificate. "+
+ "This request has to be canceled or rejected.")
+ return false
+ }
+ if (typeof(document.forms[0].pathLenBasicConstraint) != "undefined") {
+ document.forms[0].pathLenConstraint.value =
+ document.forms[0].pathLenBasicConstraint.value;
+ if (document.forms[0].pathLenConstraint.value != "") {
+ if (isDecimalNumber(document.forms[0].pathLenConstraint.value)) {
+ document.forms[0].pathLenConstraint.value =
+ trim(document.forms[0].pathLenConstraint.value);
+ if (result.header.caPathLen != null && result.header.caPathLen > 0 &&
+ parseInt(document.forms[0].pathLenConstraint.value) >= result.header.caPathLen) {
+ alert("Choose integer number from 0 to "+
+ (result.header.caPathLen-1)+" for Path Length Constraint")
+ return false
+ }
+ } else {
+ alert("You must provide non-negative integer number for "+
+ "Path Length Constraint or leave it empty")
+ return false
+ }
+ } else {
+ if (result.header.caPathLen != null && result.header.caPathLen > 0) {
+ alert("Choose integer number from 0 to "+
+ (result.header.caPathLen-1)+" for Path Length Constraint")
+ return false
+ } else {
+ document.forms[0].pathLenConstraint.value = "-1";
+ }
+ }
+ }
+ }
+
+ checkSubject();
+
+ if ( result.header.certType == 'ra') {
+ if (typeof(document.forms[0].grantTrustedManagerPrivilege.checked) !=
+ "undefined" &&
+ document.forms[0].grantTrustedManagerPrivilege.checked &&
+ (document.forms[0].grantUID.value == "" ||
+ document.forms[0].grantUID.value == null ||
+ isblank(document.forms[0].grantUID.value)) ) {
+ alert("You must provide a non-empty UID for the new trusted manager!")
+ return false
+ }
+ } else if (result.header.certType == 'client') {
+ if (typeof(result.header.localca) != "undefined") {
+ if (
+ typeof(document.forms[0].grantCMAgentPrivilege) != "undefined" &&
+ document.forms[0].grantCMAgentPrivilege.checked &&
+ (document.forms[0].grantUID.value == "" ||
+ document.forms[0].grantUID.value == null ||
+ isblank(document.forms[0].grantUID.value)) ) {
+ alert("You must provide a non-empty UID for the new Certificate Manager agent!")
+ return false
+ }
+ }
+ if (typeof(result.header.localkra) != "undefined") {
+ if (
+ typeof(document.forms[0].grantDRMAgentPrivilege) != "undefined" &&
+ document.forms[0].grantDRMAgentPrivilege.checked &&
+ (document.forms[0].grantUID.value == "" ||
+ document.forms[0].grantUID.value == null ||
+ isblank(document.forms[0].grantUID.value)) ) {
+ alert("You must provide a non-empty UID for the new Data Recovery Manager agent!")
+ return false
+ }
+ }
+ if (typeof(result.header.localra) != "undefined") {
+ if (
+ typeof(document.forms[0].grantRMAgentPrivilege) != "undefined" &&
+ document.forms[0].grantRMAgentPrivilege.checked &&
+ document.forms[0].grantRMAgentPrivilege.checked &&
+ (document.forms[0].grantUID.value == "" ||
+ document.forms[0].grantUID.value == null ||
+ isblank(document.forms[0].grantUID.value)) ) {
+ alert("You must provide a non-empty UID for the new Registration Manager agent!")
+ return false
+ }
+ }
+ }
+ }
+
+ return true
+}
+document.writeln('<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">');
+document.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Request <a href="/ca/agent/ca/processReq?seqNum='+
+ result.header.seqNum + '"' +
+ 'onMouseOver=" return helpstatus(\'Click to redisplay this '+
+ 'request \')" onMouseOut="return helpstatus(\'\')">'+
+ result.header.seqNum + '</a></font>');
+
+document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif">');
+document.writeln('<tr><td>&nbsp;</td></tr></table>');
+
+document.writeln('<FORM ACTION=/ca/processCertReq METHOD=POST ' +
+'onSubmit="return uid_check()">');
+
+document.writeln('<INPUT TYPE="HIDDEN" NAME="seqNum" VALUE="' +
+ result.header.seqNum + '">');
+
+document.writeln('<INPUT TYPE="HIDDEN" NAME="notValidBefore" VALUE="">');
+document.writeln('<INPUT TYPE="HIDDEN" NAME="notValidAfter" VALUE="">');
+
+if (result.header.csrRequestorName != null) {
+ document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorName" VALUE="' +
+ result.header.csrRequestorName + '">');
+}
+if (result.header.csrRequestorEmail != null) {
+ document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorEmail" VALUE="' +
+ result.header.csrRequestorEmail + '">');
+}
+if (result.header.csrRequestorPhone != null) {
+ document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorPhone" VALUE="' +
+ result.header.csrRequestorPhone + '">');
+}
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr align="left">'+
+ '<td width="15%"></td>'+
+ '<td width="1%"></td>'+
+ '<td width="60%"></td></tr>');
+
+renderRequestInfo();
+
+renderRequesterInfo();
+
+renderPublicKeyInfo();
+
+renderValidityInfo();
+
+renderExtensionsInfo();
+
+renderSignatureInfo();
+
+renderFingerprints();
+
+renderRequestAttrs();
+
+renderGrantPrivileges();
+
+renderCertificateInfo();
+
+renderPolicyInfo();
+
+document.writeln('</table><br>&nbsp;');
+
+//renderFoot();
+
+
+document.writeln('</FORM>');
+document.writeln('</BODY>');
+
+//-->
+</SCRIPT>
+
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html b/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
new file mode 100644
index 000000000..4cc7b9163
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/queryBySerial.html
@@ -0,0 +1,186 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>List Certificates Within a Serial Number Range</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ var canonicalFrom = "", canonicalTo = "";
+
+ if ( form.serialFrom.value!= "") {
+ canonicalFrom =
+ trim(form.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom, 16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return;
+ }
+ form.serialFrom.value = canonicalFrom;
+ }
+
+ if ( form.serialTo.value!= "") {
+ canonicalTo =
+ trim(form.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo, 16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return;
+ }
+ form.serialTo.value = canonicalTo;
+ }
+
+ /* Can't do this using parseInt*/
+ /*
+ if (form.serialFrom.value != "" && form.serialTo.value != "" ) {
+ if (parseInt(form.serialFrom.value) > parseInt(form.serialTo.value)) {
+ alert("The low end of the range is larger than the high end.");
+ return;
+ }
+ }
+ */
+
+ if (!form.skipRevoked.checked && !form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(certStatus=*)";
+ } else if (form.skipRevoked.checked && form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(certStatus=VALID)";
+ } else if (form.skipRevoked.checked) {
+ form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+ } else if (form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
+ }
+
+ if (form.serialFrom.value == "") {
+ form.querySentinelDown.value = "0";
+ } else {
+ form.querySentinelDown.value = form.serialFrom.value;
+ form.querySentinelUp.value = form.serialFrom.value;
+ form.direction.value = "down";
+ }
+ form.op.value = "listCerts";
+ form.submit();
+}
+//-->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">List Certificates</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to list certificates whose serial numbers fall within a specified range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<form ACTION="listCerts" METHOD=POST>
+ <input TYPE="HIDDEN" NAME="op" VALUE="">
+ <input TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<p>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+ <tr>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Lowest serial number</font>
+ </td>
+ <td><input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ (leave blank for no lower limit)</font>
+ </td>
+ </tr>
+ <tr>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Highest serial number</font></font></td>
+ <td><input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ (leave blank for no upper limit)</font>
+ </td>
+ </tr>
+</table>
+
+<p>
+<input TYPE="CHECKBOX" NAME="skipRevoked">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have been revoked</font>
+<br>
+<input TYPE="CHECKBOX" CHECKED NAME="skipNonValid">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have expired or are not yet valid</font>
+<br>&nbsp;
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+ <INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
+ <INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
+ <INPUT TYPE="hidden" NAME="direction" VALUE="begin">
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="20">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ <!-- <input TYPE="button" VALUE="Help" width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Basic Certificate Listing')"> -->
+ </td>
+ </tr>
+</table>
+</form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ca/queryCert.html b/base/ca/shared/webapps/ca/agent/ca/queryCert.html
new file mode 100644
index 000000000..a7ba0d045
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/queryCert.html
@@ -0,0 +1,1543 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Search for Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search. Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom,16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo,16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that are
+<select NAME="status">
+<option value="VALID">VALID
+<option value="INVALID">INVALID
+<option value="REVOKED">REVOKED
+<option value="EXPIRED">EXPIRED
+<option value="REVOKED_EXPIRED">REVOKED & EXPIRED
+</select>
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+ return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+ return "(certStatus=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:</font>&nbsp;
+<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=8>Remove certificate from CRL
+<OPTION VALUE=9>Privilege withdrawn
+<OPTION VALUE=10>AA key compromised
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function revokedByCritInUse()
+{
+ return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+ if (document.revokedByCritForm.revokedBy.value.length == 0) {
+ alert("User id in 'revoked by' filter is empty");
+ return null;
+ }
+ return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+ return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.revokedOnFrom)) {
+ from = convertDate(document.revokedOnFrom,
+ "Start date for revocation time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certRevokedOn>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.revokedOnTo)) {
+ to = convertDate(document.revokedOnTo,
+ "End date for revocation time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certRevokedOn<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for revocation time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Revocation time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+ return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+ var crit = new Array();
+ var sum = null;
+ var next = 0;
+
+ for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+ if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ crit[next++] = "(x509cert.certRevoInfo="+i+")";
+ }
+ }
+ sum = nsjoin(crit,"");
+ if (next > 1) {
+ sum = "(|" + sum + ")"
+ } else if (next < 1) {
+ alert("You must select at least one revocation reason.");
+ return null;
+ }
+ return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Issue time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Validity beginning time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a validity period:</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+ if(!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function certTypeCritInUse()
+{
+ return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+ var result = '';
+ var count = 0;
+
+ for (var i = 1; i < document.certTypeCritForm.length; i++) {
+ var sel = document.certTypeCritForm[i].selectedIndex;
+ if (sel > 0) {
+ count++;
+ result += '(x509cert.nsExtension.' +
+ document.certTypeCritForm[i].name + '='+
+ document.certTypeCritForm[i].options[sel].value + ')';
+ }
+ }
+ if (count == 0) {
+ alert("At least one of the certificate types must be selected");
+ return null;
+ }
+
+ return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ andFilter[critCount++] = "(certRecordId=*)";
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (statusCritInUse()) {
+ if ((andFilter[critCount++] = statusRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+
+ if (revokedOnCritInUse()) {
+ if ((andFilter[critCount++] = revokedOnCrit()) == null)
+ return;
+ }
+ if (revokedByCritInUse()) {
+ if ((andFilter[critCount++] = revokedByCrit()) == null)
+ return;
+ }
+ if (revocationReasonCritInUse()) {
+ if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+ if (certTypeCritInUse()) {
+ if ((andFilter[critCount++] = certTypeCrit()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+
+ form.op.value = "listCerts";
+
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#1009897')"> -->
+ </td>
+ </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/queryCert.template b/base/ca/shared/webapps/ca/agent/ca/queryCert.template
new file mode 100644
index 000000000..40ee64b0c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/queryCert.template
@@ -0,0 +1,527 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Query Certificate</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+ position: absolute;
+ left: 300px;
+ top: 50px;
+ width: 400px;
+ padding: 3px;
+ border: solid;
+ border-width: 2px;
+ background: white;
+ display: none;
+ margin: 5px;
+}
+
+
+table#t td {
+ font-size: 0.8em;
+ padding: 0px;
+ margin: 0px;
+}
+
+.r {
+ visibility: visible;
+ background-color: pink;
+}
+
+
+.h {
+ background-color: #eeeeee;
+ font-color: #606060;
+ font-weight: bold;
+}
+
+</STYLE>
+
+<CMS_TEMPLATE>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+
+ renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+ if (oid == "1.2.840.113549.1.1.1")
+ return "PKCS #1 RSA";
+ else if (oid == "1.2.840.113549.1.1.4")
+ return "PKCS #1 MD5 With RSA";
+ else if (oid == "1.2.840.10040.4.1")
+ return "DSA";
+ else
+ return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+ (dateTmp.getHours()<10?" ;":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+"ACTION='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumberDecimal)
+{
+ return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumberDecimal+");' "+
+"ACTION='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumberDecimal +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumberDecimal+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+function renderOffHoldButton(serialNumberDecimal)
+{
+ return "<FORM METHOD=post "+
+"ACTION='"+ "doUnrevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "doUnrevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumberDecimal +"'>\n"+
+"<INPUT TYPE=hidden NAME='cmmfResponse' VALUE='true'>\n"+
+"<INPUT TYPE=submit VALUE='Off Hold' width='72'></FORM>\n";
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+ var reasons = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superceded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Unspecified", // value 7 is not used
+ "Remove from CRL",
+ "Privilege withdrawn",
+ "AA key compromise");
+ if (revocationReason < 0 || revocationReason >= reasons.length)
+ revocationReason = 0;
+ return reasons[revocationReason];
+}
+
+function isRevoked(index)
+{
+ return (recordSet[index].revokedOn != null);
+}
+
+function setNode(table,desc,content,style)
+{
+ var row = table.insertRow(-1);
+ if (style) {
+ row.className = style;
+ }
+ var cell1 = row.insertCell(-1);
+ var desc_text = document.createTextNode(desc);
+ cell1.appendChild(desc_text);
+ var cell2 = row.insertCell(-1);
+ var content_text = document.createTextNode(content);
+ cell2.appendChild(content_text);
+}
+
+
+
+function mouseover(element,event)
+{
+ var x = event.clientX;
+ var y = event.clientY;
+
+ var index= element.getAttribute("index");
+ if (index == null) { return false; }
+ var cert = recordSet[index];
+
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+ var v;
+ var e = document.getElementById("certMetaDatadiv");
+
+ var t = document.getElementById("t");
+
+ // delete all the rows in the table
+ var i=0;
+ while (i < t.rows.length) {
+ t.deleteRow(0);
+ }
+
+ setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+ setNode(t,"Version:", cert.version+1);
+ setNode(t,"Certificate Type:",cert.type);
+ setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+ " with "+ cert.subjectPublicKeyLength+"-bit key");
+ setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+ setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+ setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+ setNode(t,"Issued By:", cert.issuedBy);
+
+ if (isRevoked(index)) {
+ setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+ setNode(t,"Revoked by:", cert.revokedBy, "r");
+ setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+ assumedheight = 210;
+ } else {
+ assumedheight = 180;
+ }
+
+ e.style.left = x+30 + 'px'; // x-offset of floating div
+
+ var offset = 20; // extra y-offset of floating div
+ var bottom = y + offset + assumedheight;
+ if (bottom > window.innerHeight) {
+ offset = 0 - (2*offset) - assumedheight;
+ }
+
+ e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+ // unhide the window
+ e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+// window.setTimeout("hide",1);
+ var index= element.getAttribute("index");
+ if (recordSet[index].revokedOn != null) {
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+ } else {
+// element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+ }
+ hide();
+}
+
+function hide()
+{
+ document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+
+function displayCertificateRecord(i, cert)
+{
+ document.write(
+ "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+// "<td width=10%>"+
+// ((cert.serialNumber == result.header.caSerialNumber)? "":
+// "<input TYPE='CHECKBOX' NAME=" + cert.serialNumber + ">")+
+// "</td>" +
+ "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ renderHexNumber(cert.serialNumber,0) +
+ "</font></td>\n"+
+ "<td width=16%>"+(cert.revokedOn != null ?"revoked":"valid")+"</td>\n"+
+ "<td style='overflow: hidden; white-space: nowrap;'>"+
+ " <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ " <div style='overflow: hidden; white-space: nowrap;'>"+
+ " <a index='"+i+"' href='displayBySerial?op=displayBySerial&serialNumber=0x"+
+ cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+ "onmouseout='mouseout(this);'>"+
+ cert.subject+"</a></div></font>"+
+ "</td>"+
+ "</tr>\n"
+
+ );
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+ );
+} else {
+
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+ );
+
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+ displayNextForm();
+
+ document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%><td width=16%>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor='#e5e5e5' style='font-weight: bold'>"+
+"<td>\n"+
+//"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+// "Select</font></td>\n"+
+//"<td>\n"+
+ "<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ "Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td>"+
+"</tr>\n");
+
+
+
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayCertificateRecord(i, result.recordSet[i]);
+ }
+document.write("</table>\n");
+
+ if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+ (result.header.querySentinelDown != null)) {
+ document.write("<br>&nbsp;\n" +
+ "<table border='0' cellspacing='0' cellpadding='0' background='/pki/images/hr.gif' width='100%'>\n"+
+ "<tr><td>&nbsp;</td></tr></table>\n");
+ }
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+
+ if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+ displayRevokeAllForm(result.header.totalRecordCount);
+ document.write("</td><td>\n");
+ }
+
+// if (result.header.querySentinel != null) {
+ displayNextForm();
+// }
+
+ document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+ return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+/*
+* begin - scroll to beginning
+* end - scroll to end
+* down - page down
+* up - page up
+*/
+function doNext(element)
+{
+ var form = element.form;
+// form.action = "/"+result.header.op;
+ form.action = "/ca/agent/ca/listCerts";
+ form.op.value = result.header.op;
+ form.queryCertFilter.value = result.header.queryCertFilter;
+ form.direction.value= "down";
+
+ if (element.name == "begin") {
+ form.querySentinelDown.value = 0;
+ form.direction.value = "begin";
+ } else if (element.name == "end") {
+ form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
+ form.direction.value = "end";
+ } else if (element.name == "down") {
+ form.querySentinelDown.value = result.header.querySentinelDown;
+ form.querySentinelUp.value = result.header.querySentinelUp;
+ form.direction.value = "down";
+ } else if (element.name == "up") {
+ form.querySentinelUp.value = result.header.querySentinelUp;
+ form.querySentinelDown.value = result.header.querySentinelDown;
+ form.direction.value = "up";
+ }
+
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ if (result.header.revokeAll != null) {
+ form.revokeAll.value = result.header.revokeAll;
+ }
+ if (result.header.queryFilterHash != null) {
+ form.queryFilterHash.value = result.header.queryFilterHash;
+ }
+ form.submit();
+}
+
+function displayNextForm()
+{
+ document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+ document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+ document.write(renderHidden("queryFilterHash"));
+}
+var disabledDown = ((result.header.querySentinelDown == null) ||
+ (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
+var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME=up onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
+result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
+result.header.querySentinelUp+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=hidden NAME=direction VALUE='"+
+result.header.direction+ "'>\n"+
+"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+
+"<button "+disabledDown+" NAME=down onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME=end onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+
+function doRevokeAll(form)
+{
+// form.action = result.header.serviceURL;
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ form.revokeAll.value = result.header.revokeAll;
+ form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+// document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+ document.write("<FORM NAME ='revokeAllForm' "+
+ "METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+ "ACTION='"+ "/ca/reasonToRevoke" +"'>\n"+
+ "<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+ "<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+ "<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+ "<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+ "</FORM>\n");
+// "</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/queryReq.template b/base/ca/shared/webapps/ca/agent/ca/queryReq.template
new file mode 100644
index 000000000..ed8285bb6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/queryReq.template
@@ -0,0 +1,453 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Request Queue</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+ position: absolute;
+ left: 300px;
+ top: 50px;
+ width: 400px;
+ padding: 3px;
+ border: solid;
+ border-width: 2px;
+ background: white;
+ display: none;
+ margin: 5px;
+}
+
+
+table#t td {
+ font-size: 0.8em;
+ padding: 0px;
+ margin: 0px;
+}
+
+DIV.subject A:link {text-decoration: none;}
+DIV.subject A:visited {text-decoration: none;}
+DIV.subject A:hover {text-decoration: underline;}
+
+.h {
+ background-color: #eeeeee;
+ font-color: #606060;
+ font-weight: bold;
+}
+
+</STYLE>
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Request Queue</font>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = toHex(number);
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+ (dateTmp.getHours()<10?" ;":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function stateCodeToColor(code)
+{
+ if (code == "waiting")
+ return "darkgreen";
+ else if (code == "cancelled" || code == "rejected")
+ return "red";
+ else if (code == "complete")
+ return "black";
+ else
+ return "magenta";
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var str0 = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ str0 += str.substring(i0, i1);
+ str0 += " ";
+ i0 = i1;
+ } else {
+ str0 += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ i0 = 0;
+ i1 = 0;
+ while (i1 < str0.length) {
+ i1 = str0.indexOf('+', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str0.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str0.substring(i0, str0.length);
+ i1 = str0.length;
+ }
+ }
+
+ return outStr;
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function renderDetailsButtonForProfile(serialNumber)
+{
+ return '<form method=post '+
+ 'action="'+
+ 'profileReview' +'">\n'+
+ '<input type=hidden name="requestId" value="'+
+ serialNumber +
+ '">\n'+
+ '<input type=submit value="Details"></form>\n';
+}
+
+function renderDetailsButton(serialNumber)
+{
+ return '<form method=post '+
+ 'action="'+
+ '/ca/agent/ca/processReq' +'">\n'+
+ '<input type=hidden name="seqNum" value="'+
+ serialNumber +
+ '">\n'+
+ '<input type=submit value="Details"></form>\n';
+}
+
+function setNode(table,desc,content,style)
+{
+ var row = table.insertRow(-1);
+ if (style) {
+ row.className = style;
+ }
+ var cell1 = row.insertCell(-1);
+ var desc_text = document.createTextNode(desc);
+ cell1.appendChild(desc_text);
+ var cell2 = row.insertCell(-1);
+ var content_text = document.createTextNode(content);
+ cell2.appendChild(content_text);
+}
+
+function mouseover(element,event)
+{
+ var x = event.clientX;
+ var y = event.clientY;
+
+ var index= element.getAttribute("index");
+ if (index == null) { return false; }
+ var req = recordSet[index];
+
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+ var v;
+ var e = document.getElementById("reqMetaDatadiv");
+
+ var t = document.getElementById("t");
+
+ // delete all the rows in the table
+ var i=0;
+ while (i < t.rows.length) {
+ t.deleteRow(0);
+ }
+
+ setNode(t,"Request details for request #", req.seqNum,"h");
+ setNode(t,"Request Type:",req.requestType);
+ setNode(t,"Submitted On:", renderDateFromSecs(req.createdOn));
+ setNode(t,"Updated On:", renderDateFromSecs(req.updatedOn));
+ setNode(t,"Updated By:", req.updatedBy);
+ assumedheight = 120;
+ e.style.left = x+30 + 'px'; // x-offset of floating div
+
+ var offset = 20; // extra y-offset of floating div
+ var bottom = y + offset + assumedheight;
+ if (bottom > window.innerHeight) {
+ offset = 0 - (2*offset) - assumedheight;
+ }
+
+ e.style.top = y+ offset + window.pageYOffset+ document.body.scrollTop + 'px';
+
+ // unhide the window
+ e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+// window.setTimeout("hide",1);
+ var index= element.getAttribute("index");
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+
+ hide();
+}
+
+function hide()
+{
+ document.getElementById("reqMetaDatadiv").style.display ="none";
+}
+
+
+function displayRequest(i, req)
+{
+ // request table items
+
+ var url= "";
+ if (req.profile != null && req.profile == 'true') {
+ // profile
+ url = "profileReview?requestId=";
+ } else {
+ // policy
+ url = "/ca/agent/ca/processReq?seqNum=";
+ }
+
+ var link = "<a index='"+i+"' href='"+url+ req.seqNum + "'" +
+ " onmouseover='mouseover(this,event);' "+
+ "onmouseout='mouseout(this);'>";
+
+ // request number
+ document.write("<tr><td align=right>"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">"+
+ link + req.seqNum +"</a></font></td>\n");
+
+ //State
+ document.write("<td>"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\" color=\""+
+ stateCodeToColor(req.status) +"\">"+req.status);
+ if (req.status == "complete" && req.Result != null && req.Result != "1") {
+ document.write("d with error");
+ }
+ document.write("</font></td>\n");
+
+ // Assigned to
+ document.write("<td><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\""+
+ (req.assignedTo == null? " color=\"magenta\"": "")+ ">\n"+
+ ((req.status != "pending")? "":
+ (req.assignedTo == null? "unassigned":req.assignedTo))+
+ "</font></td>");
+
+ //Subject
+ if (req.subject != null) {
+ document.write("<TD colspan=2>\n"+
+ "<div class='subject'><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+ link+
+ addSpaces(addEscapes(req.subject)) + "</a></font></div></td></tr>\n");
+ } else {
+ document.write("<TD></TD><TD></TD></tr>\n");
+ }
+
+// document.write("</table>\n");
+}
+
+function displayRequestList()
+{
+ document.write("<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+ if (result.header.error != null) {
+ document.write(result.header.error + "</font>\n");
+ } else if (result.recordSet.length == 0) {
+ document.write("No Matching Request Records Found</font>\n");
+ } else {
+ document.write("Total Number of Records Found : " +
+ result.header.totalRecordCount + "</font></br>\n");
+// result.header.totalRecordCount + "</font></br>&nbsp;\n");
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+ displayNextForm();
+
+ document.write(
+ "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+ "<tr><td width=10%>&nbsp;</td>"+
+ "<td width=10%>&nbsp;</td>"+
+ "<td width=20%>&nbsp;</td>"+
+ "<td width=60%>&nbsp;</td>"+
+ "</tr>\n");
+
+ document.write(
+// "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+// "<tr><td width=5%>&nbsp;</td><td width=25%>&nbsp;</td><td width=25%>&nbsp;</td>\n"+
+// "<td width=25%>&nbsp;</td><td width=20%>&nbsp;</td></tr>\n"+
+ "<TR BGCOLOR=\"#E5E5E5\">\n"+
+ "<TD align=right width=10%>\n"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+ "#</font></TD>\n"+
+ "<TD width=10%>\n"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+ "Status</font></TD>\n"+
+ "<TD width=20%>\n"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+ "Assigned to</font></TD>\n"+
+ "<TD width=60%>\n"+
+ "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+ "Subject</font></TD></TR>\n"
+ );
+
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayRequest(i, result.recordSet[i]);
+ }
+ document.write("</table>");
+ displayNextForm();
+}
+}
+
+function renderHidden(name,value)
+{
+ return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+
+function doNext(element)
+{
+ var form = element.form;
+ form.action = "queryReq";
+ form.op.value = result.header.op;
+
+ form.direction.value = element.name;
+ form.firstEntryOnPage.value = result.header.firstEntryOnPage;
+ form.lastEntryOnPage.value = result.header.lastEntryOnPage;
+ form.totalRecordCount.value = result.header.totalRecordCount;
+
+ form.submit();
+}
+
+function displayNextForm()
+{
+if (typeof(result.fixed.maxCount) != "undefined") {
+var seqNum=parseInt(result.recordSet[result.recordSet.length-1].seqNum) + 1;
+//alert("in displayNextForm seqNum="+seqNum);
+ document.write(
+//"<div align=center> \n"+
+"<FORM NAME='nextForm' METHOD='POST' ACTION=''>\n"+ renderHidden("op"));
+
+var disabledDown = ((result.fixed.maxCount > result.header.currentRecordCount) ||
+ (result.header.currentRecordCount == result.header.totalRecordCount)) ?
+ "disabled='true'" : "";
+var disabledUp = (result.header.firstEntryOnPage != null &&
+ result.header.firstEntryOnPage <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME='begin' onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME='previous' onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE='hidden' NAME='totalRecordCount' VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='op' VALUE='"+ "queryReq"+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelDown' VALUE='"+
+ result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelUp' VALUE='"+
+ result.header.querySentinelUp+ "'>\n"+
+
+"<INPUT TYPE='hidden' NAME='firstEntryOnPage' VALUE='"+
+ result.header.querySentinelUp +"'>\n"+
+"<INPUT TYPE='hidden' NAME='lastEntryOnPage' VALUE='"+
+ result.header.querySentinelDown +"'>\n"+
+"<INPUT TYPE='hidden' NAME='direction' VALUE='"+
+ result.header.direction+ "'>\n");
+
+ if (result.fixed.reqType != null)
+ document.write("<INPUT TYPE='hidden' NAME='reqType' VALUE='" + result.fixed.reqType + "'>\n");
+
+ if (result.fixed.reqState != null)
+ document.write("<INPUT TYPE='hidden' NAME='reqState' VALUE='" + result.fixed.reqState + "'>\n");
+
+ document.write("<INPUT TYPE=\"hidden\" NAME=\"totalRecordCount\" VALUE=\"" +
+ result.header.totalRecordCount + "\">\n");
+
+ document.write("<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.fixed.maxCount+ "'>\n"+
+"<button "+disabledDown+" NAME='next' onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME='end' onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+}
+
+
+displayRequestList();
+
+//-->
+</SCRIPT>
+
+<div id="reqMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/reasonToRevoke.template b/base/ca/shared/webapps/ca/agent/ca/reasonToRevoke.template
new file mode 100644
index 000000000..ffb648beb
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/reasonToRevoke.template
@@ -0,0 +1,491 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+
+<SCRIPT type="text/javascript">
+//<!--
+function validate()
+{
+ var caCert = -1;
+ var filter = "(|";
+ var n = 0;
+
+ if (document.forms[0].invalidityEnabled.checked) {
+ var d = convertDate(document.forms[0], "Invalidity Date");
+ if (d == null) return false;
+ document.forms[0].invalidityDate.value = d;
+ }
+
+ for (var i = 0; i < result.recordSet.length; ++i ) {
+ if (result.recordSet[i].serialNumber != null) {
+ for (var j = 0; j < document.forms[0].length; j++) {
+ if (result.recordSet[i].serialNumber ==
+ document.forms[0].elements[j].name) {
+ if (document.forms[0].elements[j].checked) {
+ n++;
+ filter += "(certRecordId="+
+ result.recordSet[i].serialNumberDecimal+")";
+ if (result.header.caSerialNumber != null &&
+ result.recordSet[i].serialNumber ==
+ result.header.caSerialNumber) {
+ caCert = result.header.caSerialNumber;
+ }
+ }
+ break;
+ }
+ }
+ }
+ }
+ if (n > 0) {
+ filter += ")";
+ document.forms[0].revokeAll.value = filter;
+ } else {
+ alert("No certificate has been selected.");
+ return false;
+ }
+
+ if (caCert > -1) {
+ return confirm("WARNING!!!\n"+
+ "You are about to do an irreversible operation.\n"+
+ "Certificate #"+toHex(caCert)+
+ " belongs to your Certificate Authority.\n"+
+ "Do you really want to revoke this certificate?");
+ }
+ return true;
+}
+
+function clickedOnInvalidityEnabled()
+{
+ if (document.forms[0].invalidityEnabled.checked) {
+ var date = new Date();
+ if (document.forms[0].day.options[document.forms[0].day.selectedIndex].value == 0) {
+ document.forms[0].day.selectedIndex = date.getDate();
+ }
+ if (document.forms[0].month.options[document.forms[0].month.selectedIndex].value == 13) {
+ document.forms[0].month.selectedIndex = date.getMonth() +1;
+ }
+ if (document.forms[0].year.options[document.forms[0].year.selectedIndex].value == 0) {
+ for (var i = 0; i < document.forms[0].year.options.length; i++) {
+ if (document.forms[0].year.options[i].value == date.getFullYear()) {
+ document.forms[0].year.selectedIndex = i;
+ }
+ }
+ }
+ }
+}
+
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + '0' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + '0' + number;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+
+function renderCell(cellData)
+{
+ return ("<td><font size=\"-2\" face=\"PrimaSans BT, Verdana, sans-serif\">"+
+ cellData+ "</font></td>\n");
+}
+
+function renderRow(cell1, cell2)
+{
+ var twoCells = renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + twoCells + "</tr>\n");
+}
+
+function renderRowWithCheckbox(serialNumber, cell1, cell2)
+{
+ var allCells = "<td rowspan=4><input TYPE=\"CHECKBOX\" checked NAME=" +
+ serialNumber + "></td>\n" +
+ renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function renderRowWithoutCheckbox(cell1, cell2)
+{
+ var allCells = "<td rowspan=4>&nbsp;</td>\n" +
+ renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ return outStr;
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function displayCertInfo()
+{
+ document.write("<table border=\"0\" cellspacing=\"2\">");
+ for (var i = 0; i < result.recordSet.length; ++i ) {
+ if (result.recordSet[i].serialNumber != null) {
+ if (result.header.caSerialNumber != null &&
+ result.recordSet[i].serialNumber ==
+ result.header.caSerialNumber) {
+ document.write(renderRowWithoutCheckbox("Serial Number:",
+ toHex(result.recordSet[i].serialNumber)));
+ } else {
+ document.write(renderRowWithCheckbox(
+ result.recordSet[i].serialNumber,
+ "Serial Number:",
+ toHex(result.recordSet[i].serialNumber)));
+ }
+ }
+ if (result.recordSet[i].subject != null) {
+ document.write(renderRow("Subject Name:",
+ addSpaces(addEscapes(result.recordSet[i].subject))));
+ }
+ if ((result.recordSet[i].validNotBefore != null) &&
+ (result.recordSet[i].validNotAfter != null)) {
+ validity = 'not before: '+
+ renderDateFromSecs(result.recordSet[i].validNotBefore) +
+ '&nbsp;&nbsp;and not after: ' +
+ renderDateFromSecs(result.recordSet[i].validNotAfter);
+ document.write(renderRow("Valid:", validity));
+ }
+ document.write(renderRow(" ", " "));
+ }
+ document.write("</table>");
+}
+
+function renderReason()
+{
+ var reason = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superseded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Privilege Withdrawn");
+ document.write("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");
+ for (var i = 0; i < reason.length; i++) {
+ document.write("<tr><td width=\"1%\">\n");
+ document.write("<input type=\"RADIO\"");
+ if ((result.header.reason != null && result.header.reason == i) ||
+ (i == 0 && result.header.reason == null)) {
+ document.write(" checked");
+ }
+ if (i > 6) { // value 7 is not used
+ document.write(" name=\"revocationReason\" value=\""+(i+2)+"\">\n");
+ } else {
+ document.write(" name=\"revocationReason\" value=\""+i+"\">\n");
+ }
+ document.write("</td><td width=\"99%\">\n");
+ document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+ document.write(reason[i]+"</font></td></tr>\n");
+ }
+ document.write("</table>\n");
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to confirm certificate revocation by selecting appropriate
+revocation reason and submitting the form.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+ request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+ </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+
+<form method="post" action="doRevoke" onSubmit="return validate()">
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.recordSet.length == 0) {
+ document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+ "No Matching Certificates Found</font><br><br>\n");
+} else {
+ displayCertInfo();
+}
+//-->
+</SCRIPT>
+<br>
+
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP" colspan="2">
+ <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select Invalidity Date</font></b><br>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Please select the date on which it is known or suspected that the private key
+ was compromised or that the certificate otherwise became invalid.</font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <INPUT TYPE="CHECKBOX" NAME="invalidityEnabled" onClick="clickedOnInvalidityEnabled();">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Invalidity date:&nbsp;
+ <SELECT NAME="day">
+ <OPTION VALUE=0>
+ <OPTION VALUE=1>1
+ <OPTION VALUE=2>2
+ <OPTION VALUE=3>3
+ <OPTION VALUE=4>4
+ <OPTION VALUE=5>5
+ <OPTION VALUE=6>6
+ <OPTION VALUE=7>7
+ <OPTION VALUE=8>8
+ <OPTION VALUE=9>9
+ <OPTION VALUE=10>10
+ <OPTION VALUE=11>11
+ <OPTION VALUE=12>12
+ <OPTION VALUE=13>13
+ <OPTION VALUE=14>14
+ <OPTION VALUE=15>15
+ <OPTION VALUE=16>16
+ <OPTION VALUE=17>17
+ <OPTION VALUE=18>18
+ <OPTION VALUE=19>19
+ <OPTION VALUE=20>20
+ <OPTION VALUE=21>21
+ <OPTION VALUE=22>22
+ <OPTION VALUE=23>23
+ <OPTION VALUE=24>24
+ <OPTION VALUE=25>25
+ <OPTION VALUE=26>26
+ <OPTION VALUE=27>27
+ <OPTION VALUE=28>28
+ <OPTION VALUE=29>29
+ <OPTION VALUE=30>30
+ <OPTION VALUE=31>31
+ </SELECT>
+ <SELECT NAME="month">
+ <OPTION VALUE=13>
+ <OPTION VALUE=0>January
+ <OPTION VALUE=1>February
+ <OPTION VALUE=2>March
+ <OPTION VALUE=3>April
+ <OPTION VALUE=4>May
+ <OPTION VALUE=5>June
+ <OPTION VALUE=6>July
+ <OPTION VALUE=7>August
+ <OPTION VALUE=8>September
+ <OPTION VALUE=9>October
+ <OPTION VALUE=10>November
+ <OPTION VALUE=11>December
+ </SELECT>
+ <SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 2);
+//-->
+</SCRIPT>
+ </SELECT>
+ <br>&nbsp;
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select Revocation Reason</font></b><br>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Please select reason for revocation.</font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<SCRIPT type="text/javascript">
+//<!--
+ renderReason();
+//-->
+</SCRIPT>
+<br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Additional Comments</b><br>
+ If you want to include any additional comments in your revocation request, write them here.
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+ </td>
+ </tr>
+ </table>
+ <br>
+
+<SCRIPT type="text/javascript">
+//<!--
+//var caCert = isOnTheListToBeRevoked(result.header.caSerialNumber);
+var caCert = -1;
+if (caCert > -1) {
+ document.write("<font size=\"-1\" color=\"red\" "+
+ "face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+ "<b>WARNING!!!</b><br>"+
+ "You are about to do an irreversible operation.<br>"+
+ "Certificate #"+toHex(caCert)+
+ " belongs to your Certificate Authority.<br>"+
+ "Do you really want to revoke this certificate?"+
+ "</font><br>&nbsp;<br>&nbsp;\n");
+}
+
+function isOnTheListToBeRevoked(serialNumber)
+{
+ if (result.recordSet.length > 0 && serialNumber != null) {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNumber != null) {
+ if (result.recordSet[i].serialNumber == serialNumber) {
+ return serialNumber;
+ }
+ }
+ }
+ }
+ return (-1);
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!!! You are about to do an irreversible operation.\n"+
+ "Certificate # "+ toHex(serialNumber)+
+ " belongs to your Certificate Authority."+
+ "Do you really want to revoke this certificate ?");
+}
+//-->
+</SCRIPT>
+
+ <table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input type="submit" value="Submit" name="submit" width="72">&nbsp;&nbsp;
+ <input type="hidden" name="op" value="doRevoke">
+ <input type="hidden" name="templateType" value="RevocationSuccess">
+ <input type="reset" value="Reset" name="reset" width="72">&nbsp;&nbsp;
+ <!-- <input type="button" value="Help" width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Confirming a Revocation')"> -->
+<SCRIPT type="text/javascript">
+//<!--
+
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNumber != null) {
+ document.writeln("<INPUT TYPE=hidden name=serialNumber value=\"" +
+ result.recordSet[i].serialNumber +"\">");
+ }
+ }
+ document.writeln("<INPUT TYPE=hidden name=revokeAll value=\"" +
+ result.header.revokeAll +"\">");
+ document.writeln("<INPUT TYPE=hidden name=totalRecordCount value=\"" +
+ result.header.totalRecordCount +"\">");
+ document.writeln("<INPUT TYPE=hidden name=verifiedRecordCount value=\"" +
+ result.header.verifiedRecordCount +"\">");
+ document.writeln("<INPUT TYPE=hidden name=invalidityDate value=\"0\">");
+ if (result.header.request != null) {
+ document.writeln("<INPUT TYPE=hidden name=requestId value=\"" +
+ result.header.request +"\">");
+ }
+ if (result.header.b64eCertificate != null) {
+ document.writeln("<INPUT TYPE=hidden name=b64eCertificate value=\"" +
+ result.header.b64eCertificate +"\">");
+ }
+ if (typeof(result.header.nonce) != "undefined") {
+ document.writeln("<INPUT TYPE=hidden name=nonce value=\"" +
+ result.header.nonce +"\">");
+ }
+//-->
+</SCRIPT>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/revocationResult.template b/base/ca/shared/webapps/ca/agent/ca/revocationResult.template
new file mode 100644
index 000000000..bd356841d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/revocationResult.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Revocation Result</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+//<!--
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + number;
+}
+
+if (result.header.revoked == 'yes') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate Revocation Has Been Completed</font><br><br>');
+ if (result.recordSet.length == 0 && result.header.totalRecordCount > 0) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('All requested certificates were already revoked.');
+ document.writeln('</font><br>');
+ } else if (result.recordSet.length == 1) {
+ if (result.recordSet[0].error == null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate with serial number <b>' +
+ toHex(result.recordSet[0].serialNumber) +
+ '</b> has been revoked.');
+ document.writeln('</font><br>');
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ } else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ } else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('</font><br>');
+/*
+ if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.certsUpdated > 0) {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+ document.writeln('</font><br>');
+ }
+*/
+ } else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate with serial number <b>' +
+ toHex(result.recordSet[0].serialNumber) +
+ '</b> is not revoked.<br><br>');
+ document.writeln('Additional Information:');
+ document.writeln('</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.recordSet[0].error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+ } else if (result.recordSet.length > 1) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('The following certificates were processed to complete revocation request:');
+ document.writeln('</font>');
+
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ var revokedCerts = 0;
+ for(var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].error == null) {
+ revokedCerts++;
+ document.writeln(toHex(result.recordSet[i].serialNumber) + ' - revoked<BR>\n');
+ } else {
+ document.write(toHex(result.recordSet[i].serialNumber) + ' - failed');
+ if (result.recordSet[i].error != null)
+ document.write(': ' + result.recordSet[i].error);
+ document.writeln('<BR>\n');
+ }
+ }
+ document.writeln('</font>');
+ document.write('</blockquote>');
+
+ if (revokedCerts > 0 && result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ } else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+
+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ } else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('<br>');
+/*
+ if (result.header.certsUpdated > 0) {
+ if (result.header.certsUpdated == result.header.certsToUpdate) {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has been partially updated. See log files for more details.');
+ }
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+*/
+ document.writeln('</font><br>');
+ }
+ }
+} else if (result.header.revoked == 'pending') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Revocation Request Has Been Submitted</font><br><br>');
+} else if (result.header.revoked == 'rejected') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate Revocation Has Been Rejected</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+} else {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Revocation Request Cannot Be Completed</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/revokeBySerial.template b/base/ca/shared/webapps/ca/agent/ca/revokeBySerial.template
new file mode 100644
index 000000000..cae2a93da
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/revokeBySerial.template
@@ -0,0 +1,88 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Certificate Revocation Result </TITLE></HEAD>
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<center><h2><b> Certificate Revocation Result</b></h2></center>
+<p>
+<SCRIPT type="text/javascript">
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+with (result.header) {
+ if (revoked == 'yes') {
+ document.write('Certificate with serial number ' + toHex(serialNumber) + ' has been marked revoked.');
+ if (updateCRL == 'yes') {
+ if (updateCRLSuccess == 'yes') {
+ document.write('<p>The Certificate Revocation List has also been updated.');
+ } else {
+ document.write('<p><b> Note: Update of Certificate Revocation List Failed!.</b>');
+ }
+ } else {
+ document.write('<p><b> Note: Certificate Revocation List was not updated.</b>');
+ }
+ } else {
+ document.write('<p><b>Certificate with serial number ' + toHex(serialNumber) + ' has not been revoked.</b>');
+ if (error != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(error);
+ document.write('</b></blockquote>');
+ }
+ }
+
+ if (dirConfigured == 'yes') {
+ document.write('<h4>Update Directory Server Result</h4>');
+ document.write('<b>'+numRevUpdated+'</b> out of ');
+ document.write('<b>'+numRevToUpdate+'</b> revoked certificates ');
+ document.write('were removed from the Directory Server.<br>');
+ if (numRevUpdated != numRevToUpdate) {
+ document.write('<b>Note:</b> The Certificate System logs may contain more information on ones that could not be removed.<p>');
+ }
+ if (updateCRL == 'yes') {
+ if (dirUpdateCrlStatus == 'Success') {
+ document.write('The new Certificate Revocation List has been published in the Directory Server.<p>');
+ } else {
+ document.write('<b>Note:</b> The new Certificate Revocation List could not be published in the Directory Server. <br><b>Error returned:</b> ');
+ document.write(dirUpdateCrlStatus);
+ document.write('<p>');
+ }
+ } else {
+ document.write('<b>Note:</b> No new Certificate Revocation List to update the Directory Server.');
+ }
+ }
+}
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/revokeCert.html b/base/ca/shared/webapps/ca/agent/ca/revokeCert.html
new file mode 100644
index 000000000..7bfc6f6ef
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/revokeCert.html
@@ -0,0 +1,1086 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Revoke Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke Certificates</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to revoke a set of certificates determined by one
+or more properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the set of certificates to be revoked.
+Check the box at the top of the section if you want to use that
+filter in your search, then complete the fields. Leave a box
+unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+<p>
+You will be given a chance to examine the certificates before
+they are revoked.
+</font>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isNumber(canonicalFrom,16)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isNumber(canonicalTo,16)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method revokes certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method revokes certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse">
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued during the period:</font>
+</td>
+</FORM>
+<tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Invalid issuance time range");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates effective during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Invalid effective time range");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates expire during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for the expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a validity period:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+
+ if (!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ andFilter[critCount++] = "(certRecordId=*)";
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ andFilter[critCount++] = "(certStatus=VALID)";
+
+ form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+ form.revokeAll.value = form.queryCertFilter.value;
+
+ form.op.value = "listCerts";
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+<br>&nbsp;
+
+<FORM NAME="queryForm" ACTION="listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokeAll" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#1011030')"> -->
+ </td>
+ </tr>
+</table>
+
+</form>
+
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/srchCert.template b/base/ca/shared/webapps/ca/agent/ca/srchCert.template
new file mode 100644
index 000000000..001b0e3b5
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/srchCert.template
@@ -0,0 +1,435 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+//<!--
+var onHoldCounter = 0;
+var onHoldList = "";
+var canRevokeCounter = 0;
+var canRevokeList = "";
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+
+ renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+ if (oid == "1.2.840.113549.1.1.1")
+ return "PKCS #1 RSA";
+ else if (oid == "1.2.840.113549.1.1.4")
+ return "PKCS #1 MD5 With RSA";
+ else if (oid == "1.2.840.10040.4.1")
+ return "DSA";
+ else
+ return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+"&nbsp;"+
+ (dateTmp.getHours()<10?"&nbsp;":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+"ACTION=\""+ "displayBySerial" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "displayBySerial" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ "0x"+serialNumber +"\">\n"+
+"<INPUT TYPE=submit VALUE=\"Details\" width=\"72\"></FORM>\n";
+}
+
+function renderRevokeButton(serialNumberDecimal)
+{
+ canRevokeList += "(certRecordId="+serialNumberDecimal+")";
+ canRevokeCounter++;
+ return "<FORM METHOD=post "+
+//"onSubmit=\"return revokeCert("+serialNumberDecimal+");\" "+
+"ACTION=\""+ "reasonToRevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "reasonToRevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ serialNumberDecimal +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"revokeAll\" VALUE=\"(&(certRecordId="+serialNumberDecimal+"))\">\n"+
+"<INPUT TYPE=hidden NAME=\"totalRecordCount\" VALUE=\"1\">\n"+
+"<INPUT TYPE=hidden NAME=\"commit\" VALUE=\"yes\">"+
+"<INPUT TYPE=hidden NAME=\"updateCRL\" VALUE=\"yes\">"+
+"<INPUT TYPE=submit VALUE=\"Revoke\" width=\"72\">"+
+"</FORM>\n";
+}
+
+function renderOffHoldButton(serialNumberDecimal)
+{
+ if (onHoldCounter > 0) onHoldList += " ";
+ onHoldCounter++;
+ onHoldList += serialNumberDecimal;
+ return "<FORM METHOD=post "+
+"ACTION=\""+ "doUnrevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "doUnrevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ serialNumberDecimal +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"cmmfResponse\" VALUE=\"true\">\n"+
+"<INPUT TYPE=submit VALUE=\"Off Hold\" width=\"72\"></FORM>\n";
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ return outStr;
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+ var reasons = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superceded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Unspecified", // value 7 is not used
+ "Remove from CRL",
+ "Privilege withdrawn",
+ "AA key compromise");
+ if (revocationReason < 0 || revocationReason >= reasons.length)
+ revocationReason = 0;
+ return reasons[revocationReason];
+}
+
+function displayCertificateRecord(cert)
+{
+ document.write(
+"<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+"<tr><td width=18%>&nbsp;</td><td width=41%>&nbsp;</td><td width=41%>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor=\"#e5e5e5\"><td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Serial number</font></td>\n"+
+"<td colspan=\"2\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Subject name</font></td></tr>\n"+
+"<tr><td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"<a href=\"displayBySerial?op=displayBySerial&serialNumber=0x"+ cert.serialNumber + "\">"+renderHexNumber(cert.serialNumber,8) +"</a></font></td>\n"+
+"<td colspan=\"2\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+addSpaces(addEscapes(cert.subject)) +"</font></td></tr>\n"+
+
+"<tr bgcolor=\"#e5e5e5\"><td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Version</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Certificate Type</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Subject public key algorithm</font></td></tr>\n"+
+"<tr><td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+(cert.version+1) +"</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+(cert.type) +"</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderOidName(cert.subjectPublicKeyAlgorithm) +
+(cert.subjectPublicKeyLength != null ?
+ " with "+cert.subjectPublicKeyLength+"-bit key" : "")+
+"</font></td></tr>\n"+
+
+"<tr><td rowspan=\"2\">" +renderDetailsButton(cert.serialNumber)+ "</td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Not valid before</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Not valid after</font></td></tr>\n"+
+
+"<tr>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.validNotBefore) + "</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.validNotAfter)+ "</font></td></tr>\n"+
+
+"<tr><td rowspan=\"2\">"+
+(cert.revokedOn == null && cert.serialNumber != result.header.caSerialNumber?
+ renderRevokeButton(cert.serialNumberDecimal):
+ (cert.revocationReason != null && cert.revocationReason == 6?
+ renderOffHoldButton(cert.serialNumberDecimal): "&nbsp;"))+
+"</td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Issued on</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Issued by</font></td></tr>\n"+
+
+"<tr>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.issuedOn) + "</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+cert.issuedBy + "</font></td></tr>\n"+
+
+(cert.revokedOn != null ?
+ "<tr><td></td>\n"+
+ "<td bgcolor=\"#e5e5e5\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ "Revoked on</font></td>\n"+
+ "<td bgcolor=\"#e5e5e5\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ "Revoked by</font></td></tr>\n"+
+ "<tr><td></td>\n"+
+ "<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ renderDateFromSecs(cert.revokedOn)+ "</font></td>\n"+
+ "<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ cert.revokedBy + "</font></td></tr>\n" : "") +
+(cert.revocationReason != null ?
+ "<tr><td></td>\n"+
+ "<td bgcolor=\"#e5e5e5\" colspan=\"2\">"+
+ "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ "Revocation Reason</font></td></tr>\n"+
+ "<tr><td></td>\n"+
+ "<td colspan=\"2\">"+
+ "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+ getRevocationReason(cert.revocationReason)+"</font></td></tr>\n" : "") +
+
+"</table>\n"
+ );
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+ document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">No Matching Certificates Found</font>\n"
+ );
+} else {
+
+ document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+ );
+ if (result.header.totalRecordCount == result.header.maxSize) {
+ document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"(Maximum size reached)"+
+"</font>\n"
+ );
+ }
+
+
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayCertificateRecord(result.recordSet[i]);
+ }
+ if (((result.header.revokeAll != null || onHoldCounter > 1 || canRevokeCounter > 1) &&
+ result.header.totalRecordCount > 1) ||
+ (result.header.querySentinel != null)) {
+ document.write("<br>&nbsp;\n" +
+ "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" background=\"/pki/images/hr.gif\" width=\"100%\">\n"+
+ "<tr><td>&nbsp;</td></tr></table>\n");
+ }
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH=\"100%\">\n"+
+ "<tr align=center><td>\n");
+
+ if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+ displayRevokeAllForm(result.header.totalRecordCount, result.header.revokeAll);
+ } else if (result.header.totalRecordCount > 1) {
+ if (canRevokeCounter > 1) {
+ canRevokeList = "(|"+canRevokeList+")";
+ displayRevokeAllForm(canRevokeCounter, canRevokeList);
+ }
+ if (onHoldCounter > 1) {
+ displayReleaseAllForm();
+ }
+ }
+
+ if (result.header.querySentinel != null) {
+ displayNextForm();
+ }
+
+ document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+ return "<INPUT TYPE=\"hidden\" NAME=\""+ name +"\" VALUE=\"\">\n";
+}
+
+function doNext(form)
+{
+ //form.action = "/ca"+result.header.op;
+ form.action = "listCerts";
+ form.op.value = result.header.op;
+ form.queryCertFilter.value = result.header.queryCertFilter;
+ if (result.header.revokeAll != null) {
+ form.revokeAll.value = result.header.revokeAll;
+ }
+ if (result.header.queryFilterHash != null) {
+ form.queryFilterHash.value = result.header.queryFilterHash;
+ }
+ // form.submit();
+}
+
+function displayNextForm()
+{
+ document.write(
+//"<div align=center> \n"+
+"<FORM NAME =\"nextForm\" METHOD=POST onSubmit=\"doNext(nextForm);\" "+
+"ACTION=\"\">\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+ document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+ document.write(renderHidden("queryFilterHash"));
+}
+
+document.write("<INPUT TYPE=submit VALUE=\"Find\" width=\"72\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"&nbsp;next</font>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE=\""+
+result.header.totalRecordCount+ "\">\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE=\""+
+result.header.queryCertFilter+ "\">\n"+
+"<INPUT TYPE=hidden NAME=querySentinel VALUE=\""+
+result.header.querySentinel+ "\">\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE=\""+
+result.header.serialTo+ "\">\n"+
+"<INPUT TYPE=text SIZE=4 MAXLENGTH=99 NAME=maxCount VALUE=\""+
+result.header.maxCount+ "\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"&nbsp;record(s)</font>\n"+
+"</FORM>\n");
+//"</FORM></DIV>\n");
+}
+
+function displayRevokeAllForm(recordCount, revokeAllFilter)
+{
+// document.write("<DIV align=center><FORM NAME =\"revokeAllForm\" "+
+ document.write("<FORM NAME =\"revokeAllForm\" "+
+ "METHOD=POST "+
+ "ACTION=\""+ "/ca/agent/ca/reasonToRevoke" +"\">\n"+
+ "<INPUT TYPE=hidden NAME=\"op\" VALUE=\"reasonToRevoke\">\n"+
+ "<INPUT TYPE=hidden NAME=\"revokeAll\" VALUE=\""+ revokeAllFilter +"\">\n"+
+ "<INPUT TYPE=hidden NAME=\"totalRecordCount\" VALUE=\""+ recordCount +"\">\n"+
+ "<INPUT TYPE=submit VALUE=\"Revoke ALL "+ recordCount +" Certificates\">\n"+
+ "</FORM>\n");
+// "</FORM></DIV>\n");
+}
+
+function displayReleaseAllForm()
+{
+ document.write("<FORM NAME =\"releaseAllForm\" "+
+ "METHOD=post "+
+ "ACTION=\""+ "/ca/agent/ca/doUnrevoke" +"\">\n"+
+ "<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "doUnrevoke" +"\">\n"+
+ "<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ onHoldList +"\">\n"+
+ "<INPUT TYPE=hidden NAME=\"cmmfResponse\" VALUE=\"true\">\n"+
+ "<INPUT TYPE=submit VALUE=\"Release ALL "+ onHoldCounter +
+ " Certificates From Hold\" width=\"72\"></FORM>\n");
+}
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/toDisplayCRL.template b/base/ca/shared/webapps/ca/agent/ca/toDisplayCRL.template
new file mode 100644
index 000000000..a2a30dd64
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/toDisplayCRL.template
@@ -0,0 +1,364 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Display Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<CMS_TEMPLATE>
+
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Display Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to view a certificate revocation list.<br>
+The numbers displayed in the recent changes column are
+representing newly revoked, taken off hold, and expired certificates.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM NAME="displayCRLForm" ACTION="displayCRL" METHOD=POST>
+
+<!-- <table border="0" cellspacing="2" cellpadding="2" width="100%"> -->
+
+<SCRIPT type="text/javascript">
+<!--
+var splitLabel = new Array("Copying delta CRL cache:",
+ "Preparing data for delta CRL generation:",
+ "Signing and encoding delta CRL:",
+ "Storing delta CRL:",
+ "Delta CRL publishing:",
+ "Preparing data for CRL generation:",
+ "Adding extensions:",
+ "Signing and encoding CRL:",
+ "Storing CRL:",
+ "Publishing CRL:");
+var i;
+
+function write_new_window(timeSplits) {
+ var new_window = window.open('', 'TestWindow',
+ 'width=400,height=410,status=no,location=no,menubar=no,toolbar=no,personalbar=no,resizable=yes,scrollbars=no');
+ new_window.focus();
+ var new_doc = new_window.document;
+ new_doc.writeln('<HTML><HEAD><TITLE>Newly Opened Window</TITLE></HEAD><BODY>\n');
+
+ var crlTime;
+ if (timeSplits != null && timeSplits.length > 0) {
+ crlTime = timeSplits.split(',');
+ } else {
+ crlTime = null;
+ }
+
+ if (crlTime != null && crlTime.length > 0) {
+ new_doc.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('CRL split times</font><br>&nbsp;');
+ new_doc.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ new_doc.writeln('<tr>');
+ new_doc.writeln('<td width="75%" bgcolor="#e0e0e0">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Operation</font></td>');
+ new_doc.writeln('<td bgcolor="#e0e0e0">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Time in ms</font></td>');
+
+ var total = 0;
+ var deltaTotal = 0;
+ var crlTotal = 0;
+ var deltaColor;
+ for (i = 0; i < splitLabel.length; i++) {
+ if (i > 0 && i < 5) {
+ deltaColor = ' bgcolor="#eeeeee"';
+ deltaTotal += parseInt(crlTime[i]);
+ } else {
+ deltaColor = '';
+ crlTotal += parseInt(crlTime[i]);
+ }
+ new_doc.writeln('<tr><td align="right"'+deltaColor+'>');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln(splitLabel[i]+'</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right"'+deltaColor+'>');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (i < crlTime.length) {
+ if (crlTime[i].charAt(0) == '-') {
+ var d = new Date(parseInt(crlTime[i].substr(1)));
+ new_doc.writeln((d.getMonth()+1)+'/'+d.getDate()+'/'+
+ d.getFullYear()+"&nbsp;"+d.getHours()+':'+
+ (d.getMinutes()<10?"0":"")+d.getMinutes()+':'+
+ (d.getSeconds()<10?"0":"")+d.getSeconds());
+ } else {
+ new_doc.writeln(crlTime[i]);
+ }
+ total += parseInt(crlTime[i]);
+ } else {
+ new_doc.writeln('&nbsp;');
+ }
+ new_doc.writeln('</font></td></tr>');
+ }
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Delta CRL total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (deltaTotal < 0) deltaTotal = "incomplete";
+ new_doc.writeln(deltaTotal+'</font></td></tr>');
+
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('CRL total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlTotal < 0) crlTotal = "incomplete";
+ new_doc.writeln(crlTotal+'</font></td></tr>');
+
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (total < 0) total = "incomplete";
+ new_doc.writeln(total+'</font></td></tr>');
+
+ new_doc.writeln('</table>');
+ } else {
+ new_doc.writeln('CRL split times are not available.');
+ }
+ new_doc.writeln('</BODY></HTML>');
+ new_doc.close();
+}
+
+var issuingPoint;
+var crlNumber;
+var deltaNumber;
+var crlSize;
+var deltaSize;
+var crlTesting;
+var recentChanges;
+var crlTimeSplits;
+
+if (result.header.crlIssuingPoints != null &&
+ result.header.crlIssuingPoints.length > 0) {
+ issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+ issuingPoint = null;
+}
+
+if (result.header.crlNumbers != null &&
+ result.header.crlNumbers.length > 0) {
+ crlNumber = result.header.crlNumbers.split('+');
+} else {
+ crlNumber = null;
+}
+
+if (result.header.deltaNumbers != null &&
+ result.header.deltaNumbers.length > 0) {
+ deltaNumber = result.header.deltaNumbers.split('+');
+} else {
+ deltaNumber = null;
+}
+
+if (result.header.crlSizes != null &&
+ result.header.crlSizes.length > 0) {
+ crlSize = result.header.crlSizes.split('+');
+} else {
+ crlSize = null;
+}
+
+if (result.header.deltaSizes != null &&
+ result.header.deltaSizes.length > 0) {
+ deltaSize = result.header.deltaSizes.split('+');
+} else {
+ deltaSize = null;
+}
+
+if (result.header.crlTesting != null &&
+ result.header.crlTesting.length > 0) {
+ crlTesting = result.header.crlTesting.split('+');
+} else {
+ crlTesting = null;
+}
+
+if (result.header.recentChanges != null &&
+ result.header.recentChanges.length > 0) {
+ recentChanges = result.header.recentChanges.split('+');
+} else {
+ recentChanges = null;
+}
+
+if (result.header.crlSplits != null &&
+ result.header.crlSplits.length > 0) {
+ crlTimeSplits = result.header.crlSplits.split('+');
+} else {
+ crlTimeSplits = null;
+}
+
+if (issuingPoint != null && issuingPoint.length > 0) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Issuing point:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<SELECT NAME="crlIssuingPoint">');
+ for (i = 0; i < issuingPoint.length; i++) {
+ document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+ if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+ document.write(' SELECTED');
+ document.writeln('>' + issuingPoint[i] + '</OPTION>');
+ }
+ document.writeln('</SELECT></td></tr>');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(' Display type:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<SELECT NAME="crlDisplayType">');
+ if (result.header.master_host != null && result.header.master_host.length &&
+ result.header.master_port != null && result.header.master_port.length) {
+ document.write('<OPTION VALUE="entireCRL" SELECTED>Entire CRL');
+ } else {
+ document.write('<OPTION VALUE="cachedCRL" SELECTED>Cached CRL');
+ document.write('<OPTION VALUE="entireCRL">Entire CRL');
+ }
+ document.write('<OPTION VALUE="crlHeader">CRL header');
+ document.write('<OPTION VALUE="base64Encoded">Base64 encoded');
+ if (result.header.isDeltaCRLEnabled != null &&
+ result.header.isDeltaCRLEnabled == true) {
+ document.write('<OPTION VALUE="deltaCRL">Delta CRL');
+ }
+ document.writeln('</SELECT></td></tr>');
+ document.writeln('</table><br>&nbsp;');
+
+ if (crlNumber != null && crlNumber.length == issuingPoint.length &&
+ crlSize != null && crlSize.length == issuingPoint.length &&
+ recentChanges != null && recentChanges.length == issuingPoint.length) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Issuing point</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL numbers</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Number of entries</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Recent changes</font></td>');
+ document.writeln('</tr>');
+ for (i = 0; i < issuingPoint.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(issuingPoint[i]+'</font>');
+ document.writeln('</td>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlTimeSplits != null &&
+ crlTimeSplits.length == issuingPoint.length &&
+ crlTimeSplits[i] != "0,0,0,0,0,0,0,0,0,0") {
+ if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+ result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaNumber != null && deltaNumber.length > i) {
+ document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+', '+deltaNumber[i]+'</A>');
+ } else {
+ document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+'</A>');
+ }
+ } else {
+ document.write(crlNumber[i]);
+ if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+ result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaNumber != null && deltaNumber.length > i) {
+ document.write(', '+deltaNumber[i]);
+ }
+ }
+ document.writeln('</font></td>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlSize[i] == '-1') {
+ document.writeln('unknown');
+ } else {
+ document.write(crlSize[i]);
+ if (result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1') {
+ document.write(', '+deltaSize[i]);
+ }
+ }
+ document.writeln('</font></td>');
+ document.writeln('<td align="right">');
+ if (crlTesting[i] == '1') {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="gray">');
+ } else {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ }
+ if (crlNumber[i] == '0' && crlSize[i] == '-1') {
+ document.writeln('CRL is not built</font>');
+ } else {
+ document.writeln(recentChanges[i]+'</font>');
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ }
+ document.writeln('</table><br>');
+ }
+} else {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'+
+ 'CRL issuing points are not available.');
+ document.writeln('</font><br><br>&nbsp;');
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+<SCRIPT type="text/javascript">
+<!--
+ if (issuingPoint != null && issuingPoint.length > 0) {
+ document.writeln('<INPUT TYPE="submit" VALUE="Display" width="72">&nbsp;');
+ }
+//-->
+</SCRIPT>
+ <INPUT TYPE="hidden" NAME="pageStart" VALUE="1">
+ <INPUT TYPE="hidden" NAME="pageSize" VALUE="50">
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Viewing or Examining CRLs')"> -->
+ </td>
+ </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/toUpdateCRL.template b/base/ca/shared/webapps/ca/agent/ca/toUpdateCRL.template
new file mode 100644
index 000000000..8f7e1990c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/toUpdateCRL.template
@@ -0,0 +1,386 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Update Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+ </HEAD>
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the certificate revocation list (CRL) is updated automatically.
+In a few situations, however, you may want to update the CRL manually.
+Use this form to update the CRL manually.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+
+if (result.header.master_host == null) {
+ document.write('<FORM NAME="updateCRLForm" ACTION="updateCRL" METHOD=POST>');
+} else {
+ document.write('<FORM NAME="updateCRLForm" ACTION="https://' + result.header.master_host + ':' + result.header.master_port + '/ca/agent/ca/updateCRL" METHOD=POST>');
+}
+
+//-->
+</SCRIPT>
+
+
+<SCRIPT type="text/javascript">
+<!--
+var splitLabel = new Array("Copying delta CRL cache:",
+ "Preparing data for delta CRL generation:",
+ "Signing and encoding delta CRL:",
+ "Storing delta CRL:",
+ "Delta CRL publishing:",
+ "Preparing data for CRL generation:",
+ "Adding extensions:",
+ "Signing and encoding CRL:",
+ "Storing CRL:",
+ "Publishing CRL:");
+var i;
+
+function write_new_window(timeSplits) {
+ var new_window = window.open('', 'TestWindow',
+ 'width=400,height=410,status=no,location=no,menubar=no,toolbar=no,personalbar=no,resizable=yes,scrollbars=no');
+ new_window.focus();
+ var new_doc = new_window.document;
+ new_doc.writeln('<HTML><HEAD><TITLE>Newly Opened Window</TITLE></HEAD><BODY>\n');
+
+ var crlTime;
+ if (timeSplits != null && timeSplits.length > 0) {
+ crlTime = timeSplits.split(',');
+ } else {
+ crlTime = null;
+ }
+
+ if (crlTime != null && crlTime.length > 0) {
+ new_doc.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('CRL split times</font><br>&nbsp;');
+ new_doc.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ new_doc.writeln('<tr>');
+ new_doc.writeln('<td width="75%" bgcolor="#e0e0e0">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Operation</font></td>');
+ new_doc.writeln('<td bgcolor="#e0e0e0">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Time in ms</font></td>');
+
+ var total = 0;
+ var deltaTotal = 0;
+ var crlTotal = 0;
+ var deltaColor;
+ for (i = 0; i < splitLabel.length; i++) {
+ if (i > 0 && i < 5) {
+ deltaColor = ' bgcolor="#eeeeee"';
+ deltaTotal += parseInt(crlTime[i]);
+ } else {
+ deltaColor = '';
+ crlTotal += parseInt(crlTime[i]);
+ }
+ new_doc.writeln('<tr><td align="right"'+deltaColor+'>');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln(splitLabel[i]+'</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right"'+deltaColor+'>');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (i < crlTime.length) {
+ if (crlTime[i].charAt(0) == '-') {
+ var d = new Date(parseInt(crlTime[i].substr(1)));
+ new_doc.writeln((d.getMonth()+1)+'/'+d.getDate()+'/'+
+ d.getFullYear()+"&nbsp;"+d.getHours()+':'+
+ (d.getMinutes()<10?"0":"")+d.getMinutes()+':'+
+ (d.getSeconds()<10?"0":"")+d.getSeconds());
+ } else {
+ new_doc.writeln(crlTime[i]);
+ }
+ total += parseInt(crlTime[i]);
+ } else {
+ new_doc.writeln('&nbsp;');
+ }
+ new_doc.writeln('</font></td></tr>');
+ }
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Delta CRL total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (deltaTotal < 0) deltaTotal = "incomplete";
+ new_doc.writeln(deltaTotal+'</font></td></tr>');
+
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('CRL total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlTotal < 0) crlTotal = "incomplete";
+ new_doc.writeln(crlTotal+'</font></td></tr>');
+
+ new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ new_doc.writeln('Total:</font>');
+ new_doc.writeln('</td>');
+ new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+ new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (total < 0) total = "incomplete";
+ new_doc.writeln(total+'</font></td></tr>');
+
+ new_doc.writeln('</table>');
+ } else {
+ new_doc.writeln('CRL split times are not available.');
+ }
+ new_doc.writeln('</BODY></HTML>');
+ new_doc.close();
+}
+
+var algorithmName;
+var issuingPoint;
+var crlNumber;
+var deltaNumber;
+var crlSize;
+var deltaSize;
+var crlTesting;
+var recentChanges;
+
+if (result.header.crlIssuingPoints != null &&
+ result.header.crlIssuingPoints.length > 0) {
+ issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+ issuingPoint = null;
+}
+
+if (result.header.validAlgorithms != null) {
+ algorithmName = result.header.validAlgorithms.split('+');
+} else {
+ validAlgorithms = "SHA1withRSA+MD5withRSA+SHA1withDSA+SHA1withEC";
+ algorithmName = validAlgorithms.split('+');
+}
+
+if (result.header.crlNumbers != null &&
+ result.header.crlNumbers.length > 0) {
+ crlNumber = result.header.crlNumbers.split('+');
+} else {
+ crlNumber = null;
+}
+
+if (result.header.deltaNumbers != null &&
+ result.header.deltaNumbers.length > 0) {
+ deltaNumber = result.header.deltaNumbers.split('+');
+} else {
+ deltaNumber = null;
+}
+
+if (result.header.crlSizes != null &&
+ result.header.crlSizes.length > 0) {
+ crlSize = result.header.crlSizes.split('+');
+} else {
+ crlSize = null;
+}
+
+if (result.header.deltaSizes != null &&
+ result.header.deltaSizes.length > 0) {
+ deltaSize = result.header.deltaSizes.split('+');
+} else {
+ deltaSize = null;
+}
+
+if (result.header.crlTesting != null &&
+ result.header.crlTesting.length > 0) {
+ crlTesting = result.header.crlTesting.split('+');
+} else {
+ crlTesting = null;
+}
+
+if (result.header.recentChanges != null &&
+ result.header.recentChanges.length > 0) {
+ recentChanges = result.header.recentChanges.split('+');
+} else {
+ recentChanges = null;
+}
+
+if (result.header.crlSplits != null &&
+ result.header.crlSplits.length > 0) {
+ crlTimeSplits = result.header.crlSplits.split('+');
+} else {
+ crlTimeSplits = null;
+}
+
+if (issuingPoint != null && issuingPoint.length > 0) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Issuing point:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<SELECT NAME="crlIssuingPoint">');
+ for (i = 0; i < issuingPoint.length; i++) {
+ document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+ if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+ document.write(' SELECTED');
+ document.writeln('>' + issuingPoint[i] + '</OPTION>');
+ }
+ document.writeln('</SELECT></td></tr>');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Signature algorithm:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<SELECT NAME="signatureAlgorithm">');
+ for (i = 0; i < algorithmName.length; i++) {
+ document.write('<OPTION VALUE="' + algorithmName[i] + '"');
+ if (result.header.defaultAlgorithm == algorithmName[i])
+ document.write(' SELECTED');
+ document.writeln('>' + algorithmName[i] + '</OPTION>');
+ }
+ document.writeln('</SELECT></td></tr>');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Wait for update:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<input TYPE="CHECKBOX" NAME="waitForUpdate" VALUE="true">');
+ document.writeln('</td></tr>');
+
+ document.writeln('<tr><td align="right" width="30%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Clear CRL cache:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<input TYPE="CHECKBOX" NAME="clearCRLCache" VALUE="true">');
+ document.writeln('</td></tr>');
+
+ document.writeln('</table><br>&nbsp;');
+
+
+ if (crlNumber != null && crlNumber.length == issuingPoint.length &&
+ crlSize != null && crlSize.length == issuingPoint.length &&
+ recentChanges != null && recentChanges.length == issuingPoint.length) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Issuing point</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL numbers</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Number of entries</font></td>');
+ document.writeln('<td align="right" bgcolor="#e5e5e5">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Recent changes</font></td>');
+ document.writeln('</tr>');
+ for (i = 0; i < issuingPoint.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(issuingPoint[i]+'</font>');
+ document.writeln('</td>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlTimeSplits != null &&
+ crlTimeSplits.length == issuingPoint.length &&
+ crlTimeSplits[i] != "0,0,0,0,0,0,0,0,0,0") {
+ if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+ result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaNumber != null && deltaNumber.length > i) {
+ document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+', '+deltaNumber[i]+'</A>');
+ } else {
+ document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+'</A>');
+ }
+ } else {
+ document.write(crlNumber[i]);
+ if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+ result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaNumber != null && deltaNumber.length > i) {
+ document.write(', '+deltaNumber[i]);
+ }
+ }
+ document.writeln('</font></td>');
+ document.writeln('<td align="right">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (crlSize[i] == '-1') {
+ document.writeln('unknown');
+ } else {
+ document.write(crlSize[i]);
+ if (result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+ deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1') {
+ document.write(', '+deltaSize[i]);
+ }
+ }
+ document.writeln('</font></td>');
+ document.writeln('<td align="right">');
+ if (crlTesting[i] == '1') {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="gray">');
+ } else {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ }
+ if (crlNumber[i] == '0' && crlSize[i] == '-1') {
+ document.writeln('CRL is not built</font>');
+ } else {
+ document.writeln(recentChanges[i]+'</font>');
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ }
+ document.writeln('</table><br>');
+ }
+} else {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'+
+ 'CRL issuing points are not available.');
+ document.writeln('</font><br><br>&nbsp;');
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+<SCRIPT type="text/javascript">
+<!--
+ if (issuingPoint != null && issuingPoint.length > 0) {
+ document.writeln('<INPUT TYPE="submit" VALUE="Update" width="72">&nbsp;');
+ }
+//-->
+</SCRIPT>
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#Updating the CRL')"> -->
+ </td>
+ </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/top.html b/base/ca/shared/webapps/ca/agent/ca/top.html
new file mode 100644
index 000000000..f4033d0f4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/top.html
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">
+ <tr>
+ <td>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td>
+ <table border="0" cellspacing="12" cellpadding="0" width="100%">
+ <tr>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<font color="#999999" size="-2">&reg;</font><b><br>
+ Certificate System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>
+ <td></td>
+ <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Certificate Authority Agent Services</font> </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/ca/unrevocationResult.template b/base/ca/shared/webapps/ca/agent/ca/unrevocationResult.template
new file mode 100644
index 000000000..8080ce0d2
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/unrevocationResult.template
@@ -0,0 +1,127 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+//<!--
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + number;
+}
+
+if (result.header.unrevoked == 'yes') {
+ var s = (result.header.serialNumber.indexOf(",") > 0)? "s": "";
+ var ve = (result.header.serialNumber.indexOf(",") > 0)? "ve": "s";
+
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' Ha'+ve+' Been Released From Hold</font><br><br>');
+
+
+ if (result.header.error == null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+ result.header.serialNumber +
+ '</b> ha'+ve+' been released from hold.');
+ document.writeln('</font><br>');
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ }
+ else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+
+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ }
+ else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('</font><br>');
+/*
+ if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.dirUpdated == 'yes') {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+ document.writeln('</font><br>');
+ }
+*/
+ } else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+ result.header.serialNumber +
+ '</b> ha'+ve+' not been released from hold..<br><br>');
+ document.writeln('Additional Information:');
+ document.writeln('</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+} else if (result.header.unrevoked == 'pending') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Unrevocation Request Has Been Submitted</font><br><br>');
+} else {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Unrevocation Request Cannot Be Completed</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Addition information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/updateCRL.html b/base/ca/shared/webapps/ca/agent/ca/updateCRL.html
new file mode 100644
index 000000000..700d167cf
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/updateCRL.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Update Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+ </HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the certificate revocation list (CRL) is updated automatically.
+In a few situations, however, you may want to update the CRL manually.
+Use this form to update the CRL manually.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM ACTION="updateCRL" METHOD=POST>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Signature algorithm:</font>
+<SELECT NAME="signatureAlgorithm">
+SHA1withRSA+MD5withRSA+MD2withRSA
+<OPTION VALUE="SHA1withRSA">SHA1withRSA</OPTION>
+<OPTION VALUE="MD5withRSA">MD5withRSA</OPTION>
+<OPTION VALUE="SHA1withDSA">SHA1withDSA</OPTION>
+</SELECT>
+
+<br>&nbsp;<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input TYPE="HIDDEN" NAME="crlIssuingPoint" VALUE="MasterCRL">
+ <INPUT TYPE="submit" VALUE="Update" width="72">&nbsp;
+<SCRIPT type="text/javascript">
+<!--
+ var loc = location.protocol + '//' + location.hostname + ':' +
+ location.port + '/agent/ca/displayCRL?crlIssuingPoint=MasterCRL';
+ document.writeln('<INPUT TYPE=\"button\" VALUE=\"Display\" width=\"72\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">&nbsp;');
+//-->
+</SCRIPT>
+ <!-- <INPUT TYPE="button" VALUE=Help width="72"
+ onClick="help('http://www.redhat.com/docs/manuals/cert-system#1008945')"> -->
+ </td>
+ </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/updateCRL.template b/base/ca/shared/webapps/ca/agent/ca/updateCRL.template
new file mode 100644
index 000000000..2b05486b4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/updateCRL.template
@@ -0,0 +1,180 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Update Certificate Revocation List </TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Update Certificate Revocation List Result
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.crlPublished == 'Success') {
+ document.write('The Certificate Revocation List has been updated and published successfully');
+// if (result.header.time != null) {
+// var sec = result.header.time / 1000;
+// document.write(' in '+sec+' seconds');
+// }
+ document.writeln('.');
+} else if (result.header.crlPublished == 'Failure') {
+ document.writeln('The Certificate Revocation List has been updated successfully.<br>');
+ document.writeln('The Certificate Revocation List has not been published successfully.<br>');
+ if (result.header.error != null) {
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:<br>');
+ document.writeln('<blockquote><b><pre>'+result.header.error+'</pre></b></blockquote>');
+ }
+} else if (result.header.crlUpdate == 'Success') {
+ document.writeln('The Certificate Revocation List has been updated successfully.');
+ if (result.recordSet.length > 0) {i
+ var fontStr = '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">';
+ document.writeln('<br>&nbsp;<br>&nbsp;<br>The Certificate Revocation List test statistics:<br>&nbsp;<br>');
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<td align="right" bgcolor="#eeeeee">&nbsp;</td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL Numbers</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL Sizes</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Total Time</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Cache</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Full</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Delta</font></td>');
+ var cols = 0;
+ if (result.recordSet[0].crlSplits != null && result.recordSet[0].crlSplits.length > 0) {
+ cols = result.recordSet[0].crlSplits.split(',').length;
+ }
+ if (cols > 0) {
+ document.writeln('<td bgcolor="#eeeeee" colspan="'+cols+'">'+fontStr+'&nbsp;&nbsp;CRL Generation Split Times</font></td>');
+ //document.writeln('<td align="right" bgcolor="#eeeeee" colspan="'+cols+'">'+fontStr+'CRL Generation Split Times</font></td>');
+ } else {
+ document.writeln('<td bgcolor="#eeeeee">'+fontStr+'&nbsp;&nbsp;CRL Generation Split Times</font></td>');
+ }
+ var t0 = 0;
+ var t1 = 0;
+ var t2 = 0;
+ var t3 = 0;
+ var t4 = 0;
+ var t5 = 0;
+ for (var i = 0; i < result.recordSet.length; i++) {
+ var crlTime;
+ if (result.recordSet[i].crlSplits != null && result.recordSet[i].crlSplits.length > 0) {
+ crlTime = result.recordSet[i].crlSplits.split(',');
+ } else {
+ crlTime = null;
+ }
+ var total = 0;
+ var crlTotal = 0;
+ var deltaCrlTotal = 0;
+ var fullCrlTotal = 0;
+ for (k = 0; crlTime != null && k < crlTime.length; k++) {
+ if (k > 0 && k < 5) {
+ deltaCrlTotal += parseInt(crlTime[k]);
+ } else {
+ fullCrlTotal += parseInt(crlTime[k]);
+ }
+ crlTotal += parseInt(crlTime[k]);
+ }
+ t0 = parseInt(result.recordSet[i].cacheUpdate);
+ total += t0 + crlTotal;
+ t1 += total;
+ t2 += t0;
+ t3 += crlTotal;
+ t4 += fullCrlTotal;
+ t5 += deltaCrlTotal;
+ document.writeln('<tr>');
+ document.writeln('<td align="right">'+fontStr+(i+1)+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+result.recordSet[i].crlNumbers+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+result.recordSet[i].crlSizes+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+total+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+result.recordSet[i].cacheUpdate+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+crlTotal+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+fullCrlTotal+'</font></td>');
+ document.writeln('<td align="right">'+fontStr+deltaCrlTotal+'</font></td>');
+ if (cols > 0) {
+ for (k = 0; crlTime != null && k < crlTime.length; k++) {
+ document.writeln('<td align="right">'+fontStr+crlTime[k]+'</font></td>');
+ }
+ } else {
+ document.writeln('<td>'+fontStr+'&nbsp;&nbsp;'+result.recordSet[i].crlSplits+'</font></td>');
+ }
+ document.writeln('</tr>');
+ }
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Totals</td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t1+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t2+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t3+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t4+'</font></td>');
+ document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t5+'</font></td>');
+ if (cols > 0) {
+ for (k = 0; crlTime != null && k < crlTime.length; k++) {
+ document.writeln('<td bgcolor="#eeeeee">'+fontStr+'</font></td>');
+ }
+ } else {
+ document.writeln('<td bgcolor="#eeeeee">'+fontStr+'</font></td>');
+ }
+
+ document.writeln('</table>');
+ }
+} else if (result.header.crlUpdate == 'Failure') {
+ document.writeln('The Certificate Revocation List has not been updated successfully.<br>');
+ if (result.header.error != null) {
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:<br>');
+ document.writeln('<blockquote><b><pre>'+result.header.error+'</pre></b></blockquote>');
+ }
+} else if (result.header.crlUpdate == 'missingParameters') {
+ document.writeln('The Certificate Revocation List test cannot be performed because some parameters are defined.');
+} else if (result.header.crlUpdate == 'testingNotEnabled') {
+ document.writeln('The Certificate Revocation List testing is not enabled.');
+} else if (result.header.crlUpdate == 'testingInProgress') {
+ document.writeln('The Certificate Revocation List testing is in progress.');
+} else if (result.header.crlUpdate == 'Scheduled') {
+ document.writeln('The Certificate Revocation List update has been scheduled.<br>');
+ document.writeln('Check the CS logs to see results.');
+} else if (result.header.crlUpdate == 'inProgress') {
+ document.writeln('The Certificate Revocation List update is in progress.<br>');
+ document.writeln('Check the CS logs to see results.');
+} else if (result.header.crlUpdate == 'Disabled') {
+ document.writeln('The Certificate Revocation List updates are disabled.<br>');
+} else if (result.header.crlUpdate == 'notInitialized') {
+ document.write('CRL Issuing Point');
+ if (result.header.crlIssuingPoint != null) {
+ document.write(' <i>'+result.header.crlIssuingPoint+'</i>');
+ }
+ document.writeln(' has not been initialized.<br>');
+ document.writeln('Check the CS logs to see results.');
+} else {
+ document.write('The Certificate Revocation List has been updated successfully');
+// if (result.header.time != null) {
+// var sec = result.header.time / 1000;
+// document.write(' in '+sec+' seconds');
+// }
+ document.writeln('.');
+}
+</SCRIPT>
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/ca/updateDir.template b/base/ca/shared/webapps/ca/agent/ca/updateDir.template
new file mode 100644
index 000000000..942db568d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ca/updateDir.template
@@ -0,0 +1,99 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Update Directory Server Results </TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Update Directory Server Results
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<UL>
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.crlPublished != null) {
+ if (result.header.crlPublished == 'Success') {
+ document.write('<LI>The Certificate Revocation List has been published in the directory.\n');
+ } else if (result.header.crlPublished == 'Failure') {
+ document.write('<LI>The Certificate Revocation List could not be published in the directory.\n');
+ if (result.header.crlError != null) {
+ document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.crlError+'\n');
+ }
+ }
+}
+
+if (result.header.caCertPublished != null) {
+ if (result.header.caCertPublished == 'Success') {
+ document.write('<LI>The Certificate Manager certificate has been published in the directory.\n');
+ } else if (result.header.caCertPublished == 'Failure') {
+ document.write('<LI>The Certificate Manager certificate could not be published in the directory.\n');
+ if (result.header.caCertError != null) {
+ document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.caCertError+'\n');
+ }
+ }
+}
+
+if (result.header.validCertsPublished != null) {
+ if (result.header.validCertsPublished == 'Success') {
+ document.write('<LI>'+result.header.validCertsError+'\n');
+ } else if (result.header.validCertsPublished == 'No') {
+ document.write('<LI>All valid certificates have already been published in the directory or there is no valid certificate. Nothing to update at this time.\n');
+ } else if (result.header.validCertsPublished == 'Failure') {
+ document.write('<LI>Error publishing valid certificates in the directory. See log files for more details.\n');
+ if (result.header.validCertsError != null) {
+ document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.validCertsError+'\n');
+ }
+ }
+}
+
+if (result.header.expiredCertsUnpublished != null) {
+ if (result.header.expiredCertsUnpublished == 'Success') {
+ document.write('<LI>'+result.header.expiredCertsError+'\n');
+ } else if (result.header.expiredCertsUnpublished == 'No') {
+ document.write('<LI>All expired certificates have already been unpublished in the directory or there is no expired certificate. Nothing to update at this time.\n');
+ } else if (result.header.expiredCertsUnpublished == 'Failure') {
+ document.write('<LI>Error unpublishing expired certificates in the directory. See log files for more details.\n');
+ if (result.header.expiredCertsError != null) {
+ document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.expiredCertsError+'\n');
+ }
+ }
+}
+
+if (result.header.revokedCertsUnpublished != null) {
+ if (result.header.revokedCertsUnpublished == 'Success') {
+ document.write('<LI>'+result.header.revokedCertsError+'\n');
+ } else if (result.header.revokedCertsUnpublished == 'No') {
+ document.write('<LI>All revoked certificates have already been unpublished in the directory or there is no revoked certificate. Nothing to update at this time.\n');
+ } else if (result.header.revokedCertsUnpublished == 'Failure') {
+ document.write('<LI>Error unpublishing revoked certificates in the directory. See log files for more details.\n');
+ if (result.header.revokedCertsError != null) {
+ document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.revokedCertsError+'\n');
+ }
+ }
+}
+</SCRIPT>
+</UL>
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/agent/cms-funcs.js b/base/ca/shared/webapps/ca/agent/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+ var speed;
+ var server_date = new Date(serverdate);
+ var client_date = new Date();
+ var zone = client_date.getTimezoneOffset();
+ var timediff = 0;
+
+ var serverutc = server_date.getTime();
+ var clientutc = client_date.getTime();
+
+ var offset = clientutc - serverutc;
+ if (offset >0) {
+ speed = 'fast';
+ } else {
+ speed = 'slow';
+ }
+ timediff = Math.round(Math.abs(offset/1000/60));
+
+ if (timediff > 10) {
+ msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed +
+ '\n\nYou may encounter problems using your certificate\n' +
+ 'as your clock is set incorrectly.\n\n' +
+ 'According to the server, the time is:\n ' + server_date +
+ '\n\nPlease correct your clock before proceeding with enrollment'+
+ '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+ 'If you change your timezone, you may need to restart your browser\n'+
+ 'before continuing.';
+ alert(msg);
+ return false;
+ }
+ return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+ for (i=0; i < componentName.length; i++) {
+ if (componentName.charAt(i) == '"') {
+ return true;
+ }
+ }
+ return false;
+}
+
+function escapeDNComponent(str)
+{
+ var outStr = "";
+ var escapeValue = false;
+
+ // Do we need to escape any characters
+ for (i=0; i < str.length; i++) {
+ c = str.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n') {
+ escapeValue = true;
+ break;
+ }
+ }
+
+ if (escapeValue == true) {
+ outStr += '"';
+ outStr += str;
+ outStr += '"';
+ } else {
+ outStr += str;
+ }
+ return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+ // Note: The alerts about double quotes are here to avoid
+ // problems with the code dealing with quoting and escaping in the
+ // Netscape Directory Server 1.0 implementation.
+ with (form) {
+ distinguishedName.value = '';
+ if (form.E != null) {
+ if (E.value != '') {
+ if (doubleQuotes(E.value) == true) {
+ alert('Double quotes are not allowed in the E-mail field');
+ E.value = '';
+ E.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+ }
+ }
+ if (form.CN!= null) {
+ if (CN.value != '') {
+ if (doubleQuotes(CN.value) == true) {
+ alert('Double quotes are not allowed in Common Name field');
+ CN.value = '';
+ CN.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+ }
+ }
+ if (form.UID1 != null) {
+ if (UID1.value != '') {
+ if (doubleQuotes(UID1.value) == true) {
+ alert('Double quotes are not allowed in the user id field');
+ UID1.value = '';
+ UID1.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+ }
+ }
+ if (form.OU != null) {
+ if (OU.value != '') {
+ if (doubleQuotes(OU.value) == true) {
+ alert('Double quotes are not allowed in Org Unit field');
+ OU.value = '';
+ OU.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+ }
+ }
+ if (form.O != null) {
+ if (O.value != '') {
+ if (doubleQuotes(O.value) == true) {
+ alert('Double quotes are not allowed in Organization field.');
+ O.value = '';
+ O.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+ }
+ }
+ if (form.L != null) {
+ if (L.value != '') {
+ if (doubleQuotes(L.value) == true) {
+ alert('Double quotes are not allowed in Locality field.');
+ L.value = '';
+ L.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+ }
+ }
+ if (form.ST != null) {
+ if (ST.value != '') {
+ if (doubleQuotes(ST.value) == true) {
+ alert('Double quotes are not allowed in State field.');
+ ST.value = '';
+ ST.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+ }
+ }
+ if (form.C != null) {
+ if (C.value != '') {
+ if (doubleQuotes(C.value) == true) {
+ alert('Double quotes are not allowed in Country field.');
+ C.value = '';
+ C.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+ }
+ }
+ }
+}
+
+function isValidIssuerDN(form)
+{
+ // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+ // that are triggered on formation of the nickname on import of a CA cert if
+ // that cert does not contain an OU or O component.
+ if ((form.OU.value == '') && (form.O.value == '')) {
+ alert("You must enter an Organization Unit or an Organization.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidAdminDN(form)
+{
+ // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+ // that are triggered on formation of the nickname on import of a personal cert if
+ // that cert does not contain a common name.
+
+ if (form.CN.value == '') {
+ alert("You must enter a Common Name.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidCSR(form)
+{
+ // Note: the checks here are of mixed origin. Some are required for Navigator
+ // and Communicator. The CSR field checks are to avoid server side rejection of the
+ // submission. These checks can be split up to be different for different types of
+ // certificates.
+
+ formulateDN(form, form.subject);
+ // DEBUG
+ //alert(form.subject);
+
+ with (form) {
+ if (email != null) {
+ if (E.value == "" && email.checked) {
+ alert("E-mail certificates must include an E-mail address.");
+ return false;
+ }
+ }
+ if (CN.value == "") {
+ alert("You must supply your name for the certificate.");
+ return false;
+ }
+ return true;
+ }
+}
+
+function isNumber(string, radix) {
+ var i = 0;
+ var legalDigits;
+ if (radix == null || radix == 10) {
+ legalDigits = "0123456789";
+ } else if (radix == 16) {
+ legalDigits = "0123456789abcdefABCDEF:";
+ } else {
+ return false;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+ ++i;
+ }
+ if (radix == 16 && i < string.length - 2 &&
+ string.charAt(i) == '0' &&
+ (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+ legalDigits.indexOf(string.charAt(i+2)) != -1) {
+ i += 3;
+ }
+ for(; i < string.length; ++i) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+ return true;
+}
+
+function dateForm(name)
+{
+ var i;
+ document.write('<FORM NAME=\"'+ name +'\">');
+ document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+ for (i=1; i <=31; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('<SELECT NAME=\"month\">'+
+ '<OPTION VALUE=13> '+
+ '<OPTION VALUE=0>January'+
+ '<OPTION VALUE=1>February'+
+ '<OPTION VALUE=2>March'+
+ '<OPTION VALUE=3>April'+
+ '<OPTION VALUE=4>May'+
+ '<OPTION VALUE=5>June'+
+ '<OPTION VALUE=6>July'+
+ '<OPTION VALUE=7>August'+
+ '<OPTION VALUE=8>September'+
+ '<OPTION VALUE=9>October'+
+ '<OPTION VALUE=10>November'+
+ '<OPTION VALUE=11>December'+
+ '</SELECT>'
+ );
+
+ document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+ for (i=1996; i <=2006; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+ return form.day.selectedIndex == 0 &&
+ form.month.selectedIndex == 0 &&
+ form.year.selectedIndex == 0;
+}
+
+
+function convertDate(form, fieldName)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day ) {
+ alert(fieldName + " is invalid");
+ return null;
+ }
+ else
+ return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+ return 3600 * 24 * days;
+}
+
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+ var result;
+ var fromIndex = 0, toIndex = 0;
+
+ // kludgy work-around for indexOf JavaScript bug on empty string
+ if (value == "")
+ return '\"\"';
+
+ result = '\"';
+ while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+ result += value.substring(fromIndex,toIndex);
+ result += '\\"';
+ fromIndex = toIndex + 1;
+ }
+ result += value.substring(fromIndex,value.length);
+ result += '\"';
+ return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+ var last = list.length;
+ if (asPattern) {
+ list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+ }
+ else if (value != "")
+ list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponent(result,"E",E.value,asPattern);
+ makeComponent(result,"CN",CN.value,asPattern);
+ makeComponent(result,"UID",UID.value,asPattern);
+ makeComponent(result,"OU",OU.value,asPattern);
+ makeComponent(result,"O",O.value,asPattern);
+ makeComponent(result,"L",L.value,asPattern);
+ makeComponent(result,"ST",ST.value,asPattern);
+ makeComponent(result,"C",C.value,asPattern);
+ }
+ if (result.length == 0)
+ return asPattern ? "0 == 0" : "0 == 1";
+ else
+ return "subject" + ( asPattern ? " ~= " : " == ") +
+ escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+ for (var i = 0; i < radioArg.length; ++i ){
+ if( radioArg[i].checked ) {
+ if (radioArg[i].value.length != 0) {
+ crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+ }
+ return;
+ }
+ }
+}
+
+function isHTTPEscapeChar(c)
+{
+ if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+ c == '\r' || c == '\t' || c == ';' || c == '&' ||
+ c == '>') {
+ return true;
+ }
+
+ return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+ table = new Object();
+ table["%"] = "25";
+ table["#"] = "23";
+ table["+"] = "2B";
+ table["="] = "3D";
+ table["\n"] = "0A";
+ table["\r"] = "0D";
+ table["\t"] = "09";
+ table[";"] = "3B";
+ table["&"] = "26";
+ table[">"] = "3E";
+
+ outString = "";
+
+ for (i=0; i < inString.length; i++) {
+ if (inString.charAt(i) == ' ') {
+ outString += '+';
+ } else {
+ if (isHTTPEscapeChar(inString.charAt(i))) {
+ outString += "%" + table[inString.substring(i, i+1)];
+ } else {
+ outString += inString.charAt(i);
+ }
+ }
+ }
+
+ return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+ var i;
+ for(i = 0; i < s.length - 1; ++i) {
+ if (s.charAt(i) != ' ' )
+ break;
+ }
+ if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+ return s.substring(i+2,s.length);
+ } else {
+ return s.substring(i,s.length);;
+ }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+ var result = "";
+
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c != ':' ){
+ result += c;
+ }
+ }
+ return result;
+}
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/base/ca/shared/webapps/ca/agent/funcs.js b/base/ca/shared/webapps/ca/agent/funcs.js
new file mode 100644
index 000000000..958612d20
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/funcs.js
@@ -0,0 +1,736 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+function doubleQuotes(componentName)
+{
+ for (i=0; i < componentName.length; i++) {
+ if (componentName.charAt(i) == '"') {
+ return true;
+ }
+ }
+ return false;
+}
+
+function escapeDNComponent(str)
+{
+ var outStr = "";
+ var escapeValue = false;
+
+ // Do we need to escape any characters
+ for (i=0; i < str.length; i++) {
+ c = str.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n') {
+ escapeValue = true;
+ break;
+ }
+ }
+
+ if (escapeValue == true) {
+ outStr += '"';
+ outStr += str;
+ outStr += '"';
+ } else {
+ outStr += str;
+ }
+ return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+ with (form) {
+ distinguishedName.value = '';
+ if (form.eMail != null) {
+ if (eMail.value != '') {
+ if (doubleQuotes(eMail.value) == true) {
+ alert('Double quotes are not allowed in the E-mail field');
+ eMail.value = '';
+ eMail.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'E=' + escapeDNComponent(eMail.value);
+ }
+ }
+ if (form.commonName != null) {
+ if (commonName.value != '') {
+ if (doubleQuotes(commonName.value) == true) {
+ alert('Double quotes are not allowed in Common Name field');
+ commonName.value = '';
+ commonName.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'CN=' + escapeDNComponent(commonName.value);
+ }
+ }
+ if (form.userID != null) {
+ if (userID.value != '') {
+ if (doubleQuotes(userID.value) == true) {
+ alert('Double quotes are not allowed in the user id field');
+ userID.value = '';
+ userID.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'UID=' + escapeDNComponent(userID.value);
+ }
+ }
+ if (form.orgUnit != null) {
+ if (orgUnit.value != '') {
+ if (doubleQuotes(orgUnit.value) == true) {
+ alert('Double quotes are not allowed in Org Unit field');
+ orgUnit.value = '';
+ orgUnit.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'OU=' + escapeDNComponent(orgUnit.value);
+ }
+ }
+ if (form.org != null) {
+ if (org.value != '') {
+ if (doubleQuotes(org.value) == true) {
+ alert('Double quotes are not allowed in Organization field.');
+ org.value = '';
+ org.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'O=' + escapeDNComponent(org.value);
+ }
+ }
+ if (form.locality != null) {
+ if (locality.value != '') {
+ if (doubleQuotes(locality.value) == true) {
+ alert('Double quotes are not allowed in Locality field.');
+ locality.value = '';
+ locality.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'L=' + escapeDNComponent(locality.value);
+ }
+ }
+ if (form.state != null) {
+ if (state.value != '') {
+ if (doubleQuotes(state.value) == true) {
+ alert('Double quotes are not allowed in State field.');
+ state.value = '';
+ state.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'ST=' + escapeDNComponent(state.value);
+ }
+ }
+ if (form.country != null) {
+ if (country.value != '') {
+ if (doubleQuotes(country.value) == true) {
+ alert('Double quotes are not allowed in Country field.');
+ country.value = '';
+ country.focus();
+ return;
+ }
+ if (distinguishedName.value != '') distinguishedName.value += ', ';
+ distinguishedName.value += 'C=' + escapeDNComponent(country.value);
+ }
+ }
+ }
+}
+
+function isValidIssuerDN(form)
+{
+ if ((form.orgUnit.value == '') && (form.org.value == '')) {
+ alert("You must enter an Organization Unit or an Organization.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidAdminDN(form)
+{
+
+ if (form.commonName.value == '') {
+ alert("You must enter a Common Name.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidCSR(form)
+{
+ // Note: the checks here are of mixed origin. Some are required for Navigator
+ // and Communicator. The CSR field checks are to avoid server side rejection of the
+ // submission. These checks can be split up to be different for different types of
+ // certificates.
+
+ formulateDN(form, form.subject);
+
+ with (form) {
+ if (isEmailCert != null) {
+ if (eMail.value == "" && isEmailCert.checked) {
+ alert("E-mail certificates must include an E-mail address.");
+ return false;
+ }
+ }
+ if (commonName.value == "") {
+ alert("You must supply your name for the certificate.");
+ return false;
+ }
+ if (csrRequestorName.value == "") {
+ csrRequestorName.value = commonName.value;
+ }
+ if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+ alert("You must supply a contact phone number or e-mail address.");
+ return false;
+ }
+ return true;
+ }
+}
+
+function isNegative(string) {
+ if (string.charAt(0) == '-')
+ return true;
+ else
+ return false;
+}
+
+function isNumber(string, radix) {
+ var i = 0;
+ var legalDigits;
+ if (radix == null || radix == 10) {
+ legalDigits = "0123456789";
+ } else if (radix == 16) {
+ legalDigits = "0123456789abcdefABCDEF:";
+ } else {
+ return false;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+ ++i;
+ }
+ if (radix == 16 && i < string.length - 2 &&
+ string.charAt(i) == '0' &&
+ (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+ legalDigits.indexOf(string.charAt(i+2)) != -1) {
+ i += 3;
+ }
+ for(; i < string.length; ++i) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+ return true;
+}
+
+function isDecimalNumber(string) {
+ var i = 0;
+ var legalDigits = "0123456789";
+
+ for (; i < string.length; i++) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (i < string.length &&
+ legalDigits.indexOf(string.charAt(i)) != -1) {
+ i++;
+ } else
+ return false;
+
+ for (; i < string.length; i++) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for (; i < string.length; i++) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+
+ return true;
+}
+
+function isHexNumber(string) {
+ var i = 0;
+ var legalDigits = "0123456789abcdefABCDEF";
+
+ for (; i < string.length; i++) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (i < string.length - 2 &&
+ string.charAt(i) == '0' &&
+ (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+ legalDigits.indexOf(string.charAt(i+2)) != -1) {
+ i += 3;
+ } else
+ return false;
+
+ for (; i < string.length; i++) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for (; i < string.length; i++) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+
+ return true;
+}
+
+function trim(string) {
+ var i, k, newString;
+
+ for (i = 0; i < string.length; i++) {
+ if (string.charAt(i) != ' ' )
+ break;
+ }
+ for (k = string.length - 1; k > i; k--) {
+ if (string.charAt(k) != ' ' )
+ break;
+ }
+ k++;
+
+ if (k > i)
+ newString = string.substring(i, k);
+ else
+ newString = null;
+
+ return newString;
+}
+
+
+function dateForm(name)
+{
+ var i;
+ document.write('<FORM NAME=\"'+ name +'\">');
+ document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+ for (i=1; i <=31; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('<SELECT NAME=\"month\">'+
+ '<OPTION VALUE=13> '+
+ '<OPTION VALUE=0>January'+
+ '<OPTION VALUE=1>February'+
+ '<OPTION VALUE=2>March'+
+ '<OPTION VALUE=3>April'+
+ '<OPTION VALUE=4>May'+
+ '<OPTION VALUE=5>June'+
+ '<OPTION VALUE=6>July'+
+ '<OPTION VALUE=7>August'+
+ '<OPTION VALUE=8>September'+
+ '<OPTION VALUE=9>October'+
+ '<OPTION VALUE=10>November'+
+ '<OPTION VALUE=11>December'+
+ '</SELECT>'
+ );
+
+ document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+ for (i=1996; i <=2006; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+ return form.day.selectedIndex == 0 &&
+ form.month.selectedIndex == 0 &&
+ form.year.selectedIndex == 0;
+}
+
+
+function convertDate(form, fieldName)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day || year == 0) {
+ alert(fieldName + " is invalid");
+ return null;
+ }
+ else
+ return date.getTime();
+// return Math.round(date.getTime() / 1000);
+}
+
+function convertToTime(form)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day) {
+ return null;
+ }
+ else
+ return date.getTime();
+}
+
+function daysToSeconds(days){
+ return 3600 * 24 * days;
+}
+
+function clickedOnTimeRangeCheckBox(inUse, start, end)
+{
+ if (inUse.checked) {
+ var date = new Date();
+ if (start.day.options[start.day.selectedIndex].value == 0) {
+ start.day.selectedIndex = date.getDate();
+ }
+ if (end.day.options[end.day.selectedIndex].value == 0) {
+ end.day.selectedIndex = date.getDate();
+ }
+ if (start.month.options[start.month.selectedIndex].value == 13) {
+ start.month.selectedIndex = date.getMonth() + 1;
+ }
+ if (end.month.options[end.month.selectedIndex].value == 13) {
+ end.month.selectedIndex = date.getMonth() + 1;
+ }
+ if (start.year.options[start.year.selectedIndex].value == 0) {
+ for (var i = 0; i < start.year.options.length; i++) {
+ if (start.year.options[i].value == date.getFullYear()) {
+ start.year.selectedIndex = i;
+ }
+ }
+ }
+ if (end.year.options[end.year.selectedIndex].value == 0) {
+ for (var i = 0; i < end.year.options.length; i++) {
+ if (end.year.options[i].value == date.getFullYear()) {
+ end.year.selectedIndex = i;
+ }
+ }
+ }
+ }
+}
+
+function generateYearOptions(before, after)
+{
+ var now = new Date();
+ var year = now.getFullYear();
+ document.writeln("<OPTION VALUE=0>");
+ for (var i = year-before-1; i < year+after+1; i++) {
+ document.writeln("<OPTION VALUE="+i+">"+i);
+ }
+}
+
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+ var result;
+ var fromIndex = 0, toIndex = 0;
+
+ // kludgy work-around for indexOf JavaScript bug on empty string
+ if (value == "")
+ return '\"\"';
+
+ result = '\"';
+ while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+ result += value.substring(fromIndex,toIndex);
+ result += '\\"';
+ fromIndex = toIndex + 1;
+ }
+ result += value.substring(fromIndex,value.length);
+ result += '\"';
+ return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' || c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+ var last = list.length;
+// if (asPattern) {
+// list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+// }
+// else if (value != "")
+ if (value != "") {
+ list[last] = tag+"="+escapeValueRfc1779(value);
+// } else if (!asPattern) {
+// list[last] = tag+"=*";
+ }
+// alert("asPattern = " + asPattern);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponent(result,"E",eMail.value,asPattern);
+ makeComponent(result,"CN",commonName.value,asPattern);
+ makeComponent(result,"UID",userID.value,asPattern);
+ makeComponent(result,"OU",orgUnit.value,asPattern);
+ makeComponent(result,"O",org.value,asPattern);
+ makeComponent(result,"L",locality.value,asPattern);
+ makeComponent(result,"ST",state.value,asPattern);
+ makeComponent(result,"C",country.value,asPattern);
+ }
+ if (result.length == 0)
+// return asPattern ? "0 == 0" : "0 == 1";
+ return "(x509Cert.subject=*)";
+ else {
+ return "(x509Cert.subject" + (asPattern ? "~=" : "=") + escapeValue(nsjoin(result,",")) + ")";
+ }
+// escapeValue(result.join(', '));
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+ var last = list.length;
+ if (value != "") {
+ if (asPattern) {
+ list[last] = "(x509Cert.subject=*"+tag+"=*"+
+ escapeValueRfc1779(value)+"*)";
+ } else {
+ // exact match (either the end, or appended with ",")
+ list[last] = "(|(x509Cert.subject=*"+tag+"="+
+ escapeValueRfc1779(value)+",*)"
+ +"(x509Cert.subject=*"+tag+"="+
+ escapeValueRfc1779(value)+"))";
+ }
+ }
+}
+
+function computeNameFilter(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponentFilter(result,"E",eMail.value,asPattern);
+ makeComponentFilter(result,"CN",commonName.value,asPattern);
+ makeComponentFilter(result,"UID",userID.value,asPattern);
+ makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+ makeComponentFilter(result,"O",org.value,asPattern);
+ makeComponentFilter(result,"L",locality.value,asPattern);
+ makeComponentFilter(result,"ST",state.value,asPattern);
+ makeComponentFilter(result,"C",country.value,asPattern);
+ }
+ if (result.length == 0) {
+ return "(x509Cert.subject=*)";
+ } else {
+ if (asPattern) {
+ return "(|" + nsjoin(result,"") + ")";
+ } else {
+ return "(&" + nsjoin(result,"") + ")";
+ }
+ }
+}
+
+function booleanCrit(crit,radioArg)
+{
+ for (var i = 0; i < radioArg.length; ++i ){
+ if( radioArg[i].checked ) {
+ if (radioArg[i].value.length != 0) {
+ crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+ }
+ return;
+ }
+ }
+}
+
+function isHTTPEscapeChar(c)
+{
+ if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+ c == '\r' || c == '\t' || c == ';' || c == '&' ||
+ c == '>') {
+ return true;
+ }
+
+ return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+ table = new Object();
+ table["%"] = "25";
+ table["#"] = "23";
+ table["+"] = "2B";
+ table["="] = "3D";
+ table["\n"] = "0A";
+ table["\r"] = "0D";
+ table["\t"] = "09";
+ table[";"] = "3B";
+ table["&"] = "26";
+ table[">"] = "3E";
+
+ outString = "";
+
+ for (i=0; i < inString.length; i++) {
+ if (inString.charAt(i) == ' ') {
+ outString += '+';
+ } else {
+ if (isHTTPEscapeChar(inString.charAt(i))) {
+ outString += "%" + table[inString.substring(i, i+1)];
+ } else {
+ outString += inString.charAt(i);
+ }
+ }
+ }
+
+ return outString;
+}
+
+function isHex(string)
+{
+ if (string.charAt(0) == '0' &&
+ (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function writeError(errorDetails)
+{
+ document.write("<center><h2><b>" +
+ "Problem Processing Your Request" +
+ "</b></h2></center><p>" +
+ "The service encountered a problem " +
+ "when processing your request. This problem may " +
+ "indicate a flaw in the form used to submit your " +
+ "request or the values that were entered into the form." +
+ "The following message supplies more information " +
+ "about the error that occurred.<p>");
+ document.write("<blockquote><b><pre>");
+ if (errorDetails != null) {
+ document.write(errorDetails);
+ } else {
+ document.write("Unable to provide details. " +
+ "Contact Administrator.");
+ }
+ document.write("</pre></b></blockquote>");
+ if (result.header.errorDescription != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(result.header.errorDescription);
+ document.write('</b></blockquote>');
+ }
+ document.write("<p>");
+ document.write("Please consult your local administrator for " +
+ "further assistance.");
+ document.write("The certificate server's log may provide " +
+ "further information.");
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+ var i;
+ for(i = 0; i < s.length - 1; ++i) {
+ if (s.charAt(i) != ' ' )
+ break;
+ }
+ if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+ return s.substring(i+2,s.length);
+ } else {
+ return s.substring(i,s.length);;
+ }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+ var result = "";
+
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c != ':' ){
+ result += c;
+ }
+ }
+ return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+ val = "";
+ for (i=0; i<array.length; i++) {
+ val = val + array[i];
+ if (i < (array.length-1)) val = val+str;
+ }
+ return val;
+}
+//-->
diff --git a/base/ca/shared/webapps/ca/agent/header.template b/base/ca/shared/webapps/ca/agent/header.template
new file mode 100644
index 000000000..d1221b14b
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/header.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>Header</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body onResize=location.reload() bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+ <tr>
+ <td>
+ <table border="0" cellspacing="12" cellpadding="0">
+ <tr>
+ <td><img src="/pki/images/logo_header.gif"></td>
+ <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+ <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr>
+ <td><img src="/pki/images/spacer.gif" alt="" width="12" height="21"></td>
+<SCRIPT type="text/javascript">
+ for (var i = 0; i < result.recordSet.length; ++i) {
+ if (result.recordSet[i].id == header.selected) {
+ document.write('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"><\/td>');
+ document.write('<td bgcolor="#cccccc" nowrap>');
+ } else {
+ document.write('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"><\/td>');
+ document.write('<td bgcolor="#999999" nowrap>');
+ }
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.recordSet[i].type == "CertificateAuthority") {
+ type = "Certificate Manager";
+ } else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+ type = "Data Recovery Manager";
+ } else if (result.recordSet[i].type == "OCSPAuthority") {
+ type = "Online Certificate Status Manager";
+ } else if (result.recordSet[i].type == "RegistrationAuthority") {
+ type = "Registration Manager";
+ }
+ if (result.recordSet[i].id == header.selected) {
+ document.write('<b>' + type + '<\/b>');
+ } else {
+ document.write('<a href="../' +
+ result.recordSet[i].id +
+ '/index.html" target="_top">' +
+ type + '<\/a>');
+ }
+ document.write('<\/font><\/td>');
+ if (result.recordSet[i].id == header.selected) {
+ document.write('<td><img src="/pki/images/lgRightTab.gif" width="16" height="21" alt=""><\/td>');
+ } else {
+ document.write('<td><img src="/pki/images/dgRightTab.gif" width="16" height="21" alt=""><\/td>');
+ }
+ }
+</SCRIPT>
+ </tr>
+ </table>
+ </td>
+ </tr>
+</table>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/agent/helpfun.js b/base/ca/shared/webapps/ca/agent/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) {
+
+ var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
+
+ HelpWin.location = helptopic;
+ HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+ window.status = helpline;
+
+ return true;
+
+}
+
diff --git a/base/ca/shared/webapps/ca/agent/index.html b/base/ca/shared/webapps/ca/agent/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+ // redirect to 'ROOT'
+ window.location = "/";
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/index.template b/base/ca/shared/webapps/ca/agent/index.template
new file mode 100644
index 000000000..4f45c7390
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/index.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>CA Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+ <tr bgcolor="#000080">
+ <td>
+ <table border="0" cellspacing="12" cellpadding="0">
+ <tr>
+ <td><img src="/pki/images/logo_header.gif"></td>
+ <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+ <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr valign="TOP">
+ <td>&nbsp;</td>
+ <td>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr valign="TOP">
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+ document.write("<center><h2><b>" +
+ "Problem Processing Your Request" +
+ "</b></h2></center><p>" +
+ "The service encountered a problem " +
+ "when processing your request. This problem may " +
+ "indicate a flaw in the form used to submit your " +
+ "request or the values that were entered into the form." +
+ "The following message supplies more information " +
+ "about the error that occurred.<p>");
+ document.write("<blockquote><b><pre>");
+ if (result.header.errorDetails != null) {
+ document.write(result.header.errorDetails);
+ } else {
+ document.write("Unable to provide details. " +
+ "Contact Administrator.");
+ }
+ document.write("</pre></b></blockquote>");
+ if (result.header.errorDescription != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(result.header.errorDescription);
+ document.write('</b></blockquote>');
+ }
+ document.write("<p>");
+ document.write("Please consult your local administrator for " +
+ "further assistance.");
+ document.write("The certificate server's log may provide " +
+ "further information.");
+}
+
+if (result.header.errorDetails != null) {
+ displayError();
+} else {
+ var displayServices = 'true';
+ for (var i = 0; i < result.recordSet.length; ++i) {
+ document.write('<tr valign="TOP">');
+ document.write('<td>');
+ document.write('<img src="/pki/images/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+ document.write('<td>');
+ document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('<a href="');
+ document.write(result.recordSet[i].id + '/index.html');
+ if (result.recordSet[i].type == "RegistrationAuthority") {
+ document.write('">Registration Manager Agent Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+ } else if (result.recordSet[i].type == "CertificateAuthority") {
+ document.write('">Certificate Manager Agent Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+ } else if (result.recordSet[i].type == "OCSPAuthority") {
+ displayServices = 'false';
+ document.write('">Online Certificate Status Manager Agent Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ document.write('The operations available through this menu are used to check certificate status.');
+ } else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+ displayServices = 'false';
+ document.write('">Data Recovery Manager Agent Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ document.write('The operations available through this menu are used to process key requests, and recover keys.');
+ } else {
+ document.write('">Internal Error</a></font>');
+ }
+ document.write('</font></td></tr>');
+ }
+}
+document.write('<tr valign="TOP">');
+document.write('<td>&nbsp;</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+if (displayServices== 'true')
+{
+ document.write('<tr valign="TOP">');
+ document.write('<TD><IMG src="/pki/images/goto-tall.gif" width="10" height="15"></TD>');
+ document.write('<TD><FONT face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('<A href="ports">Services Summary</A></FONT></TD>');
+ document.write('</tr>');
+}
+document.write('<TR valign="TOP">');
+document.write('<TD> </TD>');
+document.write('<TD> </TD>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+</SCRIPT>
+
+</table>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/ports.template b/base/ca/shared/webapps/ca/agent/ports.template
new file mode 100644
index 000000000..bfec33981
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/ports.template
@@ -0,0 +1,121 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>CA Agent Ports</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+ <tr bgcolor="#000080">
+ <td>
+ <table border="0" cellspacing="12" cellpadding="0">
+ <tr>
+ <td><img src="/pki/images/logo_header.gif"></td>
+ <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+ <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Services Summary</b></font></td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ <tr valign="TOP">
+ <td>&nbsp;</td>
+ <td>
+ <table border="0" cellspacing="0" cellpadding="0">
+ <tr valign="TOP">
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+ document.write("<center><h2><b>" +
+ "Problem Processing Your Request" +
+ "</b></h2></center><p>" +
+ "The service encountered a problem " +
+ "when processing your request. This problem may " +
+ "indicate a flaw in the form used to submit your " +
+ "request or the values that were entered into the form." +
+ "The following message supplies more information " +
+ "about the error that occurred.<p>");
+ document.write("<blockquote><b><pre>");
+ if (result.header.errorDetails != null) {
+ document.write(result.header.errorDetails);
+ } else {
+ document.write("Unable to provide details. " +
+ "Contact Administrator.");
+ }
+ document.write("</pre></b></blockquote>");
+ if (result.header.errorDescription != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(result.header.errorDescription);
+ document.write('</b></blockquote>');
+ }
+ document.write("<p>");
+ document.write("Please consult your local administrator for " +
+ "further assistance.");
+ document.write("The certificate server's log may provide " +
+ "further information.");
+}
+
+if (result.header.errorDetails != null) {
+ displayError();
+} else {
+ for (var i = 0; i < result.recordSet.length; ++i) {
+ if (result.recordSet[i].port == -1)
+ continue;
+ document.write('<tr valign="TOP">');
+ document.write('<td>');
+ document.write('<img src="/pki/images/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+ document.write('<td>');
+ document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('<a href="');
+ document.write(result.recordSet[i].prefix + "://" +
+ result.header.hostname + ":" +
+ result.recordSet[i].port);
+ if (result.recordSet[i].type == "eeGateway.http.port") {
+ document.write('">End Users Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ } else if (result.recordSet[i].type == "eeGateway.https.port") {
+ document.write('">SSL End Users Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ } else if (result.recordSet[i].type == "agentGateway.https.port") {
+ document.write('">Agent Services</a></font>');
+ document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+ } else {
+ document.write('">Internal Error</a></font>');
+ }
+ document.write('</font></td></tr>');
+ }
+}
+</SCRIPT>
+ <tr valign="TOP">
+ <td>&nbsp;</td>
+ <td>&nbsp;</td>
+ </tr>
+ </table>
+ </td>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/agent/xenroll.dll b/base/ca/shared/webapps/ca/agent/xenroll.dll
new file mode 100644
index 000000000..9375e988d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/agent/xenroll.dll
Binary files differ
diff --git a/base/ca/shared/webapps/ca/ee/GenError.template b/base/ca/shared/webapps/ca/ee/GenError.template
new file mode 100644
index 000000000..729525afd
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenError.template
@@ -0,0 +1,72 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request<br>
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+ document.write(result.fixed.errorDetails);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+ document.writeln('<P>');
+ document.write('Additional Information:');
+ document.writeln('<P>');
+ document.write('<BLOCKQUOTE><B><PRE>');
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].errorDescription != null) {
+ document.writeln(result.recordSet[i].errorDescription);
+ }
+ }
+ document.writeln('</UL>');
+ document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/GenPending.template b/base/ca/shared/webapps/ca/ee/GenPending.template
new file mode 100644
index 000000000..15ab7316a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Pending</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null)
+ authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+ document.write('<B>'+result.fixed.requestId+'</B>.');
+ document.writeln('<P>');
+ document.write('Your can check on the status of your request with ');
+ document.write('an authorized agent or local administrator ');
+ document.writeln('by referring to this request ID.');
+} else {
+ document.write('<B>not provided.</B> ');
+ document.write('<P>');
+ document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/GenRejected.template b/base/ca/shared/webapps/ca/ee/GenRejected.template
new file mode 100644
index 000000000..6e0ca836f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenRejected.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Rejected</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+ document.writeln('No further details provided.');
+}
+else {
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].policyMessage != null) {
+ document.writeln(result.recordSet[i].policyMessage);
+ }
+ }
+ document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+ document.write('<B>not provided</B>.');
+ document.writeln('<P>');
+ document.write(
+ 'Please consult your local administrator for further assistance.');
+} else {
+ document.write('<B>'+result.fixed.requestId+'</B>. ');
+ document.writeln('<P>');
+ document.write(
+ 'You can contact an authorized agent or local administrator for ');
+ document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/GenSuccess.template b/base/ca/shared/webapps/ca/ee/GenSuccess.template
new file mode 100644
index 000000000..5e17ecd64
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenSuccess.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results ! -->
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Generic Request Success</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null)
+ authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/GenSvcPending.template b/base/ca/shared/webapps/ca/ee/GenSvcPending.template
new file mode 100644
index 000000000..e61acbe6c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+ document.write(result.fixed.remoteAuthorityName);
+else
+ document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+ document.write('<B>'+result.fixed.requestId+'</B>.');
+ document.write('<P>');
+ document.write('Your can check on status of your request with an '+
+ 'authorized agent or local administrator by referring '+
+ 'to this request ID.');
+} else {
+ document.write('not provided. ');
+ document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/GenUnauthorized.template b/base/ca/shared/webapps/ca/ee/GenUnauthorized.template
new file mode 100644
index 000000000..b8526cb59
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenUnauthorized.template
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results ! -->
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Generic Unauthorized</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/GenUnexpectedError.template b/base/ca/shared/webapps/ca/ee/GenUnexpectedError.template
new file mode 100644
index 000000000..d93eb0fd6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/GenUnexpectedError.template
@@ -0,0 +1,62 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System';
+if (result.fixed.authorityName != null) {
+ authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+ 'The following is a detailed message of the error that occurred.');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+ document.write(result.fixed.unexpectedError);
+} else {
+ document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+ 'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html b/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html
new file mode 100644
index 000000000..79862b377
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html
@@ -0,0 +1,426 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>AIM User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/ee/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.screenname.Value <> Empty) Then
+ If doubleQuotes(TheForm.screenname.Value) = True Then
+ MsgBox "Double quotes are not allowed in the screenname field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.screenname.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.screenname.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory screenname for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.password.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.certRequest.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+AIM User Enrollment <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's directory. With directory based enrollment, you need only
+ supply your user ID and password for the directory; the directory
+ supplies the rest of the information needed for certificate issuance.
+ If the user ID and password are correct your certificate will be issued
+ automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/getCerts">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/getCerts">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/getCerts" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Screen Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="screenname" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="password" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ }
+
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('certRequest');
+ document.write(
+ '<input type="hidden" name="version" value="1">');
+ document.write(
+ '<input type="hidden" name="certRequest" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html b/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html
new file mode 100644
index 000000000..4e0ca29ad
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html
@@ -0,0 +1,189 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>CMC Request Enrollment </TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function setType(f)
+{
+ if ((f.certType.options[0].selected)) {
+ alert("You must select Certificate-Type");
+ return;
+ }
+}
+
+function validate(form)
+{
+ with (form) {
+ if (cmcRequest.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+CMC Request Enrollment
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a CMC full enrollment request.
+<p>
+ After you click the Submit button, your request will be submitted to an
+ issuing agent for approval. The certificate will be emailed to you.
+</font>
+
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC Full Enrollment Request</b><br>
+Paste the CMC full enrollment request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="cmcRequest" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Select Certificate Type
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select a certificate type that corresponds to the certificate request you pasted in the text area above. </font></td>
+ </tr>
+
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Type: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <SELECT NAME="certType" onchange="setType(document.forms[0])">
+ <OPTION value="" SELECTED>Select Certificate-Type
+ <OPTION value="client">User Certificate
+ <OPTION value="server">Server SSL Certificate
+ <OPTION value="ca">CA Signing Certificate
+ <OPTION value="ra">RA Signing Certificate
+ <OPTION value="ocspResponder">OCSP Responder Signing Certificate
+ </SELECT>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+ </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+ If you have additional comments for the person who will process your
+ certificate request, write them here.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="cmc">
+ <input type="hidden" name="fullResponse" value="false">
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html b/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html
new file mode 100644
index 000000000..bd24a212c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html
@@ -0,0 +1,66 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<title>CMC Certificate Revocation signed by authorized agent</title>
+</head>
+
+<body>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">CMC
+Certificate Revocation signed by authorized agent</font><br>
+<p><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Use
+this form to revoke your certificate(s) automatically.
+<p>After you click the submit button, the valid certificate with the serial
+number specified in the CMC Revocation Request will get revoked automatically.</font></p>
+<form method="post" action="CMCRevReq" onSubmit="return validate(document.forms[0])">
+ <input type="hidden" name="authenticator" value="CMCAuth">
+ <table border="0" width="772" cellspacing="2" cellpadding="2" height="341">
+ <tr>
+ <td valign="TOP" width="762" height="34"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC
+ Revocation Enrollment Request</b><br>
+ Paste the CMC revocation request, signed by an authorized agent,&nbsp;
+ into this text area.</font></td>
+ </tr>
+ <tr>
+ <td width="395" height="169"><textarea name="cmcRequest" rows="12" cols="65" wrap="virtual">
+</textarea><br>
+ <tr>
+ <td valign="TOP" width="762" height="41">
+ <table border="0" width="574" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td width="560">
+ <div align="RIGHT">
+ <input type="submit" value="submit" name="submit" width="72"> <input type="hidden" name="templateType" value="RevocationConfirmation">
+ <img src="/pki/images/spacer.gif" width="6" height="6"> <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+
+</body>
+
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html
new file mode 100644
index 000000000..05d672f37
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html
@@ -0,0 +1,364 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Certificate Based Enrollment - Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+ submit();
+ return true;
+ }
+}
+
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/ee/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Dual Certs - Directory Based<br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate. You
+will be asked to do an SSL client authentication. The certificate you
+use to authenticate should be the signing certificate that was
+generated together with an encryption certificate sharing the same
+subject DN. On success, the user ID and password supplied on this
+form will be used to individualize the certificates eventually approved.
+ If SSL client authentication is successful, the certificate you use
+for authentication is a signing-only certificate, the pairing
+encryption cert can be found, and the user ID and password are correct your certificates will be issued
+ automatically. In general, after successful import of these dual
+certificates, you want to remove the original pair from your database.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for cert-based enrollment -->
+ <input type="hidden" name="requestFormat" value="clientAuth">
+ <input type="HIDDEN" name="doSslAuth" value="on">
+ <input type="HIDDEN" name="certauthEnroll" value="on">
+ <input type="HIDDEN" name="certauthEnrollType" value="dual">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+//<!--
+
+ }
+//-->
+
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+// document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+// document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+// document.write(
+// '<input type=hidden name=CRMFRequest value="">');
+// document.write(
+// '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html
new file mode 100644
index 000000000..67cb0cbdb
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html
@@ -0,0 +1,508 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Cert-Based Directory Based User Enrollment Form for Encryption Cert</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ var keyGenAlg = "rsa-ex";
+ //var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ //certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, "rsa-ex");
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/ee/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Encryption Certs - Directory Based <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for an encryption certificate. You
+will be asked to do an SSL client authentication. The certificate you
+use to authenticate should be a signing-only certificate. On success, the user ID and password supplied on this
+form will be used to individualize the certificate eventually approved.
+ If SSL client authentication is successful, and the user ID and
+password are correct your certificate will be issued
+ automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for cert-based enrollment -->
+ <input type="hidden" name="requestFormat" value="clientAuth">
+ <input type="HIDDEN" name="doSslAuth" value="on">
+ <input type="HIDDEN" name="certauthEnroll" value="on">
+ <input type="HIDDEN" name="certauthEnrollType" value="encryption">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ }
+
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html
new file mode 100644
index 000000000..fe6910efe
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html
@@ -0,0 +1,510 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Cert-Based single Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ //var keyGenAlg = "rsa-ex";
+ var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ //certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/ee/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Single Certs - Directory Based <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a certificate. You
+will be asked to do an SSL client authentication. The certificate you
+use to authenticate must be issued by an approved authority. On success, the user ID and password supplied on this
+form will be used to individualize the certificate eventually approved.
+ If SSL client authentication is successful, and the user ID and
+password are correct your certificate will be issued
+ automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for cert-based enrollment -->
+ <input type="hidden" name="requestFormat" value="clientAuth">
+ <input type="HIDDEN" name="doSslAuth" value="on">
+ <input type="HIDDEN" name="certauthEnroll" value="on">
+ <input type="HIDDEN" name="certauthEnrollType" value="single">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ }
+
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html b/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html
new file mode 100644
index 000000000..00775b140
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Revoke a Certificate using a challenge password</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script>
+
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+ with (form) {
+ if (challengePhrase.value == "") {
+ alert("The challenge phrase password field cannot be empty.");
+ return false;
+ }
+ if (certSerialToRevoke.value == "") {
+ alert("You must supply the Serial Number of the certificate to be revoked.");
+ return false;
+ } else {
+ if (isDecimalNumber(form.certSerialToRevoke.value) ||
+ isHexNumber(form.certSerialToRevoke.value)) {
+ form.certSerialToRevoke.value = trim(form.certSerialToRevoke.value);
+ } else {
+ alert("You must specify a hexadecimal or decimal number " +
+ "for the serial number.");
+ return false;
+ }
+ }
+ }
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Revocation using a challenge password</font><br>
+<p>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to revoke your certificate(s) automatically.
+<p>
+After you click the submit button, the valid certificate with the serial number and the matched
+challenge phrase password will get revoked automatically.
+</font>
+<form method="post" action="challenge_revocation1" onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Certificate Revocation Information</b><br>
+Please enter the serial number of the certificate to be revoked in the certificate. The serial number should be in either hexadecimal form(starting with 0x) or decimal form.</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Serial Number: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="certSerialToRevoke" size="30">
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Authentication Information</b><br>
+Enter the challenge password associated with this certificate for authenticating this request.</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Challenge Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="challengePhrase" AutoComplete=off size="30">
+ </td>
+ </tr>
+
+</table>
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Revocation Reason</b><br>
+Select a revocation reason.</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ <td>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <input type="radio" checked name="reasonCode" value=0>
+ Unspecified<br>
+ <input type="radio" name="reasonCode" value=1>
+ Key Compromise<br>
+ <!--input type="radio" name="reasonCode" value=2-->
+ <!-- CA Compromise<br> -->
+ <input type="radio" name="reasonCode" value=3>
+ Affiliation Changed<br>
+ <input type="radio" name="reasonCode" value=4>
+ Superseded<br>
+ <input type="radio" name="reasonCode" value=5>
+ Cessation of Operation<br>
+ <!--input type="radio" name="reasonCode" value=6-->
+ <!--Certificate Hold<br>-->
+ <!--Value 7 is not used-->
+ <!--input type="radio" name="reasonCode" value=8-->
+ <!--Remove from CRL<br>-->
+ <input type="radio" name="reasonCode" value=9>
+ Privilege Withdrawn<br>
+ <!--input type="radio" name="reasonCode" value=10-->
+ <!--AA Compromise<br>-->
+ </font>
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Additional Comments</b><br>
+ If you want to include any additional comments in your revocation request, write them here.
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+ </td>
+ </tr>
+ <br>
+
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="submit" name="submit" width="72">
+ <input type="hidden" name="templateType" value="RevocationConfirmation">
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html
new file mode 100644
index 000000000..1c4ca22c2
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html
@@ -0,0 +1,533 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory and Pin-Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UidPwdPinDirAuth' (LDAP directory+pin
+// enrollment) has been configured in the console.
+
+
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+ if (pin.value == "") {
+ alert("You must supply your Personal Identification Number");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ //certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ null,
+ "setCRMFRequest();",
+ 1024, null, "rsa-dual-use");
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pin.Value = Empty) Then
+ ret = MsgBox("You must supply your pin for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory And PIN Based User Enrollment <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's directory. Your user ID and
+ password for the directory and a one time personal identification number
+ (PIN) assigned by your system administrator are required for this automatic
+ method of certificate issuance. If the user ID, password and PIN are correct
+ your certificate will be issued automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+ Enter your user ID and password for your organization's directory and
+ the one time PIN given by your system administrator.
+ This information will be used to verify your identity and to obtain
+ information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enter the PIN your system administrator has communicated to you for certificate enrollment.</font>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">PIN: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pin" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+
+ }
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="PinDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html
new file mode 100644
index 000000000..703225a82
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html
@@ -0,0 +1,517 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UidPwdDirAuth' (LDAP directory enrollment)
+// has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ //var keyGenAlg = "rsa-ex";
+ var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ //certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory Based User Enrollment <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's directory. With directory based enrollment, you need only
+ supply your user ID and password for the directory; the directory
+ supplies the rest of the information needed for certificate issuance.
+ If the user ID and password are correct your certificate will be issued
+ automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ }
+
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDirEnrollment">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+ first = j
+ End If
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ Else
+ TheForm.cryptprovider.selectedIndex = first
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html b/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html
new file mode 100644
index 000000000..528341458
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html
@@ -0,0 +1,169 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Review Certificate Revocation List</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function checkSubmit(form)
+{
+ if (form.op[0].checked) {
+ if (form.certSerialNumber.value != "") {
+ form.certSerialNumber.value =
+ trim(form.certSerialNumber.value);
+ }
+ if (form.certSerialNumber.value != "") {
+ if (!isNumber(form.certSerialNumber.value,10)) {
+ if (isNumber(form.certSerialNumber.value,16)) {
+ canonicalHex = "0x" +
+ removeColons(stripPrefix(form.certSerialNumber.value));
+ form.certSerialNumber.value = canonicalHex;
+ } else {
+ alert("You must enter a valid hexadecimal "+
+ "or decimal certificate serial number.");
+ return false;
+ }
+ }
+ } else {
+ alert("You must enter a certificate serial number.");
+ return false;
+ }
+
+ if (isNegative(form.certSerialNumber.value)) {
+ alert("Certificate serial number can only "+
+ "be represented by positive number.");
+ return false;
+ }
+ }
+ return true;
+}
+//-->
+</SCRIPT>
+</HEAD>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate Revocation List
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to check whether a particular certificate has been revoked or
+to import the latest Certificate Revocation List.
+</font>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select one of these actions</b></font>
+
+<FORM action=getCRL method=post onSubmit="return checkSubmit(this)">
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td><input type=RADIO name="op" value="checkCRL" checked></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Check whether the following certificate is revoked</font>
+ </td>
+ </tr>
+ <td></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Certificate serial number:&nbsp;</font>
+ <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value="">
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="importCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Import the latest CRL to your browser</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="importDeltaCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Import the latest delta CRL to your browser</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="getCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Download the latest CRL in binary form</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="getDeltaCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Download the latest delta CRL in binary form</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="displayCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Display the CRL information:</font>&nbsp;&nbsp;
+ <SELECT NAME="crlDisplayType">
+ <OPTION VALUE="entireCRL" SELECTED>Entire CRL
+ <OPTION VALUE="crlHeader">CRL header
+ <OPTION VALUE="base64Encoded">Base64 encoded
+ <OPTION VALUE="deltaCRL">Delta CRL
+ </SELECT>
+ </td>
+ </tr>
+</table>
+
+
+<!-- this could be a text box to support different crl issue point -->
+<input type=hidden name=crlIssuingPoint value="MasterCRL">
+
+<br>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT>
+ <input TYPE="hidden" NAME="pageStart" VALUE="1">
+ <input TYPE="hidden" NAME="pageSize" VALUE="50">
+ <input type="submit" value="Submit" name="submit" width="72">
+ </td>
+ </tr>
+</table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template b/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template
new file mode 100644
index 000000000..771c6fb1b
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template
@@ -0,0 +1,248 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<head>
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+</head>
+
+
+<CMS_TEMPLATE>
+
+
+<BODY bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+// page starts here
+if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) {
+ document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Enrollment Success');
+ document.writeln('</font>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<P>');
+ document.writeln('Congratulations, your certificate has been issued.');
+ document.writeln('</font>');
+ document.writeln('<br>&nbsp');
+
+ if (typeof(result.recordSet) == 'undefined' ||
+ result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<P>');
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No more information on your certificate is provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</PRE></B></BLOCKQUOTE>');
+ } else {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ document.writeln('<P>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('Your certificate in Base 64 encoded form:<BR>');
+ document.writeln('</font>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].base64Cert);
+ document.write('</PRE>');
+ document.writeln('<P>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('Certificate Content: <BR>');
+ document.writeln('</font>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE>');
+ }
+ }
+ if (result.fixed.keyrecId != null) {
+ document.write('Your key is archived successfully.');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln('Key Identifier: ' + toHex(result.fixed.keyrecId));
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ }
+}
+
+// NOTE: importUserCertificate should be done before this point but
+// it creates a javascript error that clobbers the result variable set in
+// the template.
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined" && typeof(result.fixed.crmfReqId != "undefined")&& typeof(result.fixed.importCMC) == "undefined") {
+ if (result.fixed.crmfReqId != null) {
+ //alert('certNickname is '+result.fixed.certNickname);
+ //alert(result.fixed.cmmfResponse);
+
+ // NOTE:
+ var errors = crypto.importUserCertificates(null, result.fixed.cmmfResponse, false);
+ // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+
+ // NOTE: Alpha version of cartman always returns a non-empty string
+ // from importUserCertificates() so we can only always assume succcess.
+ // Uncomment the following line and add appropriate javascripts/messages
+ // for use with a later version of cartman.
+
+ if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) {
+ if (errors != '') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln('The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('</font>');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ } else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ document.writeln('</font>');
+ }
+ }
+ } else {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":" +
+ result.fixed.port + "/ee/getBySerial?serialNumber=" +
+ record.recordSet[i].serialNo + "&importCert=true";
+ }
+ }
+ if (result.recordSet.length > 0)
+ alert("Your cert has been imported into the browser!");
+ }
+} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3) && result.fixed.importCMC == "undefined") {
+ if (result.fixed.authorityName == 'Certificate Manager') {
+ // non Cartman
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":" +
+ result.fixed.port + "/ee/getBySerial?serialNumber=" +
+ record.recordSet[i].serialNo + "&importCert=true";
+ }
+ }
+ if (result.recordSet.length > 0)
+ alert("Your cert has been imported into the browser!");
+ } else {
+ // this must be a RA
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":" +
+ result.fixed.port + "/getCertFromRequest?requestId=" +
+ result.fixed.requestId + "&importCert=true";
+ alert("Your cert has been imported into the browser!");
+ }
+}
+
+//-->
+</SCRIPT>
+
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+
+ ImportCertificate()
+-->
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+if (typeof(result.fixed.replyTo) != 'undefined' && result.fixed.replyTo != null) {
+ //alert('replyTo='+result.fixed.replyTo);
+ var loc = result.fixed.replyTo;
+ if (result.fixed.requestId != null)
+ loc += "&requestId=" + result.fixed.requestId;
+ if (result.recordSet.length > 0 && result.recordSet[0].serialNo != null)
+ loc += "&certificateSerialNumber=" + result.recordSet[0].serialNo;
+ //alert('loc='+loc);
+ window.location = loc;
+}
+//-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html b/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html
new file mode 100644
index 000000000..2fb78081d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html
@@ -0,0 +1,107 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Get CA Chain</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+</SCRIPT>
+</HEAD>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import CA Certificate Chain
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to import the CA certificate chain into your browser (users)
+or your server (administrators). This is a one-time operation.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM action=getCAChain method=post>
+
+<TABLE border=0 cellpadding=1 cellspacing=1>
+<tr><td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Users
+ </font>
+</td></tr>
+<tr><td>
+ <input type=RADIO name="op" checked value="download">
+ <input type=hidden name="mimeType" value="application/x-x509-ca-cert">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Import the CA certificate chain into your browser
+ </font>
+</td></tr>
+<tr><td>
+ <input type=RADIO name="op" value="downloadBIN">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Download the CA certificate chain in binary form
+ </font>
+</td></tr>
+<tr><td>
+ <input type=RADIO name="op" value="display">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Display the CA certificate chain in PKCS#7 for importing into a server
+ </font>
+</td></tr>
+<tr><td>
+ <input type=RADIO name="op" value="displayIND">
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Display certificates in the CA certificate chain for importing
+ individually into a server
+ </font>
+</td></tr>
+</table>
+
+<p>
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template b/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template
new file mode 100644
index 000000000..e52764ec6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>VBScript Administrator Certificate Enrollment
+</TITLE>
+<CMS_TEMPLATE>
+<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
+ codebase="xenroll.dll"
+ id=Enroll >
+</OBJECT>
+<SCRIPT language="VBScript">
+<!--
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+-->
+</SCRIPT>
+</head>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ImportCert.template b/base/ca/shared/webapps/ca/ee/ca/ImportCert.template
new file mode 100644
index 000000000..5530cf2d1
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ImportCert.template
@@ -0,0 +1,268 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host '+result.fixed.host+'<BR>');
+//document.writeln('port '+result.fixed.port+'<BR>');
+//document.writeln('scheme '+result.fixed.scheme+'<BR>');
+//document.writeln('authority '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+ return parseInt(
+ navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln('Importing the following certificate to your browser:');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No more information on your certificate is provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ //document.write('Serial number ');
+ //document.write('<BLOCKQUOTE><B><PRE>');
+ //document.writeln(result.recordSet[i].serialNo);
+ //document.write('</BLOCKQUOTE></B></PRE>');
+ //document.writeln('<P>');
+ //document.write('Your certificate in Base 64 encoded form:<BR>');
+ //document.write('<BLOCKQUOTE><PRE>');
+ //document.writeln(result.recordSet[i].base64Cert);
+ //document.write('</PRE></BLOCKQUOTE>');
+ document.writeln('<P>');
+ document.write('Certificate Content: <BR>');
+ document.write('<BLOCKQUOTE><PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE></BLOCKQUOTE>');
+ }
+ }
+ document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point but
+// it creates a javascript error that clobbers the result variable set in
+// the template.
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined" &&
+ typeof(result.fixed.crmfReqId) != "undefined") {
+ //alert('certNickname is '+result.fixed.certNickname);
+ //alert(result.fixed.cmmfResponse);
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+ // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+
+ // NOTE: Alpha version of cartman always returns a non-empty string
+ // from importUserCertificates() so we can only always assume succcess.
+ // Uncomment the following line and add appropriate javascripts/messages
+ // for use with a later version of cartman.
+ // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below
+ // to check for errors returned from importUserCertificates.
+ if (errors != '') {
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ else {
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ }
+
+// document.writeln(
+// 'NOTE: '+
+// 'The following was returned by the browser when importing '+
+// 'the certificate:');
+// document.writeln('<BLOCKQUOTE><PRE>');
+// document.writeln(errors);
+// document.writeln('</PRE></BLOCKQUOTE>');
+// document.writeln(
+// 'If there was an error message it could be that you do not have '+
+// 'the private key of the certificate you are trying to import. '+
+// 'Please consult your system administrator for assistance.');
+}
+
+//-->
+</SCRIPT>
+
+<!--
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'>
+</OBJECT>
+-->
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ if ((navigator.appVersion).indexOf("NT 6.") > -1) {
+ document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>");
+ } else {
+ document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
+ }
+}
+//-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+
+ 'Get OS Version, works for Vista and below only
+ Function GetOSVersion
+ dim agent
+ dim res
+ dim pos
+
+ agent = Navigator.appVersion
+ pos = InStr(agent,"NT 6.")
+
+ If pos > 0 Then
+ GetOSVersion = 6
+ Exit Function
+ End If
+
+ pos = InStr(agent,"NT 5.")
+
+ If pos > 0 Then
+ GetOSVersion = 5
+ Exit Function
+ End If
+
+ GetOSVersion = 5
+ End Function
+
+ 'Sub ImportCertificate
+ Sub ImportCertificate (pkcs7)
+ 'Dim pkcs7
+ Dim res
+ Dim osVersion
+
+ On Error Resume Next
+ osVersion = GetOSVersion()
+
+ 'Convert the cert to PKCS7 format
+ 'pkcs7 = result.header.pkcs7ChainBase64
+ 'ret = MsgBox(pkcs7, 0, "Import PKCS7 Cert")
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ If osVersion <> 6 Then 'Not Vista
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+ Exit Sub
+ Else 'Vista
+ Dim enrollObj
+
+ Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+ If IsObject(enrollObj) = False Then
+ res = MsgBox("Can't create Enroll Object!")
+ Exit Sub
+ End If
+
+ enrollObj.Initialize(1)
+ enrollObj.InstallResponse 0,pkcs7,6,""
+
+ If Err.number <> 0 Then
+ sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred."
+ res =MsgBox(sz & Err.description)
+ else
+ res = MsgBox("Certificate has been successfully imported.")
+ End If
+ End If
+ End Sub
+
+ 'ImportCertificate()
+-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+ var pkcs7 = result.header.pkcs7ChainBase64;
+ //alert("pkcs7="+pkcs7);
+ ImportCertificate(pkcs7);
+}
+//-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html b/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html
new file mode 100644
index 000000000..b3a9e4676
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+ <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+ <META NAME="GENERATOR" CONTENT="Mozilla/4.03 [en]C-NSCP (WinNT; U) [Netscape]">
+ <TITLE>Key Recovery</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF">
+<SCRIPT LANGUAGE="JavaScript">
+
+</SCRIPT>
+
+<CENTER>
+<H2>
+User Initiated Key Recovery</H2></CENTER>
+
+<BLOCKQUOTE>
+<CENTER>Key Recovery is supported only for clients that support dual certificates - one for signing and another for encryption. At this time key recovery is not supported.
+<p>
+</CENTER>
+
+</BLOCKQUOTE>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html
new file mode 100644
index 000000000..851bca52e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html
@@ -0,0 +1,162 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a CA Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+ with (form) {
+ if (pkcs10Request.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ // form.submit();
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Manager Enrollment (for Certificate Manager Administrators)
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a subordinate certificate authority's
+ signing certificate.
+<p>
+ After you click the Submit button, your request will be submitted to an
+ issuing agent for approval. The certificate will be emailed to you.
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+A PKCS #10 request is generated during the installation of the Certificate Manager.
+Paste the certificate authority's PKCS #10 request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+ </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+ If you have additional comments for the person who will process your
+ certificate request, write them here.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="pkcs10">
+ <input type="hidden" name="certType" value="ca">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="true" name="ssl_client">
+ <input type="HIDDEN" value="true" name="email_ca">
+ <input type="HIDDEN" value="true" name="ssl_ca">
+ <input type="HIDDEN" value="true" name="object_signing_ca">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_certsign" value=true>
+ <input type="HIDDEN" name="crl_sign" value=true>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html
new file mode 100644
index 000000000..9c2c86a03
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html
@@ -0,0 +1,693 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>User Certificate Request Form</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function setSignType(f)
+{
+ if ((f.certType.options[0].selected)) {
+ alert("You must select Signing-Type");
+ return;
+ }
+ else if (f.certType.options[1].selected)
+ f.object_signing.value = true;
+ else if (f.certType.options[2].selected)
+ f.object_signing.value = false;
+}
+
+function updateEmail(f)
+{
+ if (f.E.value != '') {
+ f.csrRequestorEmail.value = f.E.value;
+ }
+ formulateDN(f, f.subject);
+}
+
+function formDNandReload()
+{
+ formulateDN(document.forms[0], document.forms[0].subject);
+ updateEmail(document.forms[0]);
+}
+
+function validate(form)
+{
+
+ if ((form.certType.options[0].selected)) {
+ alert("You must select Signing-Type");
+ return false;
+ }
+
+ with (form) {
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ //var keyGenAlg = "rsa-ex";
+ var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ certNickname.value = subject.value;
+ crmfObject = crypto.generateCRMFRequest(
+ subject.value,
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.C.Value <> Empty) Then
+ If doubleQuotes(TheForm.C.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Country field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+ End If
+
+ If (TheForm.O.Value <> Empty) Then
+ If doubleQuotes(TheForm.O.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Organiztion field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+ End If
+
+ If (TheForm.OU.Value <> Empty) Then
+ If doubleQuotes(TheForm.OU.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Org Unit field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+ End If
+
+ If (TheForm.UID.Value <> Empty) Then
+ If doubleQuotes(TheForm.UID.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value)
+ End If
+
+ If (TheForm.CN.Value <> Empty) Then
+ If doubleQuotes(TheForm.CN.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Common Name field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+ End If
+
+ If (TheForm.E.Value <> Empty) Then
+ If doubleQuotes(TheForm.E.Value) = True Then
+ MsgBox "Double quotes are not allowed in the eMail field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.CN.Value = Empty) Then
+ ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then
+ ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN("","")
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ ' adding 2 to "GenKeyFlags" will enable the 'High Security'
+ ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+ ' asking what level of protection you would like to give
+ ' the key - this varies from 'none' to 'confirm password
+ ' every time the key is used'
+ Enroll.GenKeyFlags = 1 ' key PKCS12-exportable
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.csrRequestorName.Value = TheForm.CN.Value
+
+ ' TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // shortcut for version 3.x or less, crypto is not defined
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined") {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Manual Object Signing Enrollment
+</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for an object signing certificate.
+ After you click the Submit button, your request will be submitted to an
+ issuing agent for approval. When an issuing agent has approved your request
+ you will receive the certificate in email, along with instructions for
+ installing it.
+ </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b>
+ </font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use the certificate.
+ </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+ </font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Enter values for the fields you want to have in your certificate.
+ Your site may require you to fill in certain fields. <br>(* = required field)</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ * Full name:
+ </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="HIDDEN" name="csrRequestorName">
+ <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="C" value="US" size=2 maxlength=2
+onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ </div>
+ </td>
+ <td valign="TOP">&nbsp; </td>
+ </tr>
+ <tr>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-seri
+f">
+ <b>
+ Select Signing Type
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size=
+"-1">
+ Select a signing type that the certificate will be used. </font></td>
+ </tr>
+
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-se
+rif">Signing Type: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <SELECT NAME="certType" onchange="setSignType(document.forms[0])">
+ <OPTION value="" SELECTED>Select Signing-Type
+ <OPTION value="client">Netscape Object-Signing
+ <OPTION value="codeSignClient">Microsoft Authenticode
+ </SELECT>
+ </td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP">&nbsp;</td>
+ </tr>
+
+
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Contact Information
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Enter an email address or phone number at which you can be contacted
+ regarding this request. </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Additional Comments
+ </b><br>
+ </font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ If you have any comments for the person who will process your certificate request, write them here.
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+ }
+</script>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the length of key to specify.');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+ }
+</script>
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+ document.writeln(
+ '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length:');
+ document.writeln('</font>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ }
+</script>
+ </td>
+ <td>
+<script>
+ //<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ if (navigator.appName == 'Netscape') {
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == 'undefined') {
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //</font>
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ }
+
+</script>
+ </td>
+ </tr>
+</table>
+
+<script lang=javascript>
+document.write('<table border="0" width="100%" cellspacing="0" '+
+ 'cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">' +
+ '<tr> <td> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape") {
+
+ if (navMajorVersion() <= 3) {
+ // shortcut for version 3.x or less, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if (typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+
+ document.write(
+ '<input type="hidden" name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ document.write(
+ '<input type=hidden name=certNickname value="">');
+ }
+ }
+else if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+}
+
+document.write(
+ '<input type="hidden" name="subject" value="">' +
+ '<input type="hidden" name="requestFormat" value="keygen">' +
+ '<input type="hidden" name="object_signing" value="true">' +
+ '<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html
new file mode 100644
index 000000000..796ef0d6f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html
@@ -0,0 +1,156 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a RA Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+ with (form) {
+ if (pkcs10Request.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ // form.submit();
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Registration Manager Enrollment (for Registration Manager Administrators)
+</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a Registration Manager's signing
+ certificate. The Registration Manager will use this certificate to
+ authenticate itself to the Certificate Manager.
+<p>
+ After you click the Submit button, your request will be submitted to an
+ issuing agent for approval. The certificate will be emailed to you.
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+ A PKCS #10 request is generated during the installation of the
+ Registration Manager. <br>Paste the PKCS #10 request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+ </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+ If you have additional comments for the person who will process your
+ certificate request, write them here.</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="pkcs10">
+ <input type="hidden" name="certType" value="ra">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="true" name="ssl_client">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html
new file mode 100644
index 000000000..148aaee7c
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html
@@ -0,0 +1,167 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a Server Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+ with (form) {
+ if (pkcs10Request.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ // form.submit();
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Server Certificate Enrollment (for Server Administrators)</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a server certificate. You must submit
+ a PKCS #10 request. If you have a Netscape server, create a PKCS#10 request
+ by using the Netscape Administration Server instance associated with the
+ server for which you are requesting the certificate. In the Netscape
+ Administration Server forms, choose Encryption, then Request Server Certificate.
+<p>
+ If you are not using a Netscape server, follow the appropriate steps to
+ generate a PKCS #10 request with the server you have.
+<p>
+ After you click the Submit button, your request will be submitted to
+ an issuing agent for approval. You will receive the certificate in email
+ when it has been approved.
+</font>
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>PKCS #10 Request</b><br>
+ Paste the PKCS #10 request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ <b>Server Administrator Contact Information<br></b>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Additional Comments </b><br>
+ If you have any additional comments for the person who will process
+ your certificate request, write them here. </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="pkcs10">
+ <input type="hidden" name="certType" value="server">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="true" name="ssl_server">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ <input type="HIDDEN" name="data_encipherment" value=true>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ <input type=hidden name="reencodeSubjectName" value="true">
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html
new file mode 100644
index 000000000..e552f8e4a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html
@@ -0,0 +1,705 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>User Certificate Request Form</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function updateEmail(f)
+{
+ if (f.E.value != '') {
+ f.csrRequestorEmail.value = f.E.value;
+ }
+ formulateDN(f, f.subject);
+}
+
+function formDNandReload()
+{
+ formulateDN(document.forms[0], document.forms[0].subject);
+ updateEmail(document.forms[0]);
+}
+
+function validate(form)
+{
+
+ if (isValidCSR(form) == false) {
+ //alert(' is not valid csr');
+ return false;
+ }
+ with (form) {
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ //var keyGenAlg = "rsa-ex";
+ var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ certNickname.value = subject.value;
+ crmfObject = crypto.generateCRMFRequest(
+ subject.value,
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ if (challengePassword.value != confirmChallengePassword.value) {
+ alert("The challenge phrase password is not the same as the confirmed one.");
+ return false;
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.C.Value <> Empty) Then
+ If doubleQuotes(TheForm.C.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Country field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+ End If
+
+ If (TheForm.O.Value <> Empty) Then
+ If doubleQuotes(TheForm.O.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Organiztion field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+ End If
+
+ If (TheForm.OU.Value <> Empty) Then
+ If doubleQuotes(TheForm.OU.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Org Unit field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+ End If
+
+ If (TheForm.UID.Value <> Empty) Then
+ If doubleQuotes(TheForm.UID.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value)
+ End If
+
+ If (TheForm.CN.Value <> Empty) Then
+ If doubleQuotes(TheForm.CN.Value) = True Then
+ MsgBox "Double quotes are not allowed in the Common Name field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+ End If
+
+ If (TheForm.E.Value <> Empty) Then
+ If doubleQuotes(TheForm.E.Value) = True Then
+ MsgBox "Double quotes are not allowed in the eMail field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.CN.Value = Empty) Then
+ ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then
+ ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN("","")
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ ' adding 2 to "GenKeyFlags" will enable the 'High Security'
+ ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+ ' asking what level of protection you would like to give
+ ' the key - this varies from 'none' to 'confirm password
+ ' every time the key is used'
+ Enroll.GenKeyFlags = 1 ' key PKCS12-exportable
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.csrRequestorName.Value = TheForm.CN.Value
+
+ ' TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // shortcut for version 3.x or less, crypto is not defined
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined") {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.writeln(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Manual User Enrollment
+</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate. After you
+ click the Submit button, your request will be submitted to an issuing agent
+ for approval. When an issuing agent has approved your request
+ you will receive the certificate in email, along with instructions for
+ installing it.
+ </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b>
+ </font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use the certificate.
+ </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+ </font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Enter values for the fields you want to have in your certificate.
+ Your site may require you to fill in certain fields. <br>(* = required field)</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ * Full name:
+ </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="HIDDEN" name="csrRequestorName">
+ <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="C" value="US" size=2 maxlength=2
+onchange="formulateDN(this.form, this.form.subject)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ </div>
+ </td>
+ <td valign="TOP">&nbsp; </td>
+ </tr>
+ <tr>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="true" name="email">
+ <input type="HIDDEN" value="true" name="ssl_client">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP">&nbsp;</td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Challenge Phrase Password (optional)
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Enter a challenge phrase password which can be used for certificate revocation.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="challengePassword" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirmed password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="confirmChallengePassword" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Contact Information
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Enter an email address or phone number at which you can be contacted
+ regarding this request. </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Additional Comments
+ </b><br>
+ </font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ If you have any comments for the person who will process your certificate request, write them here.
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+ }
+</script>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the length of key to specify.');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+ }
+</script>
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<script>
+ if (navigator.appName == 'Netscape' &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+ document.writeln(
+ '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length:');
+ document.writeln('</font>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ }
+</script>
+ </td>
+ <td>
+<script>
+ //<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ if (navigator.appName == 'Netscape') {
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == 'undefined') {
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //</font>
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ }
+
+</script>
+ </td>
+ </tr>
+</table>
+
+<script lang=javascript>
+document.write('<table border="0" width="100%" cellspacing="0" '+
+ 'cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">' +
+ '<tr> <td> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape") {
+
+ if (navMajorVersion() <= 3) {
+ // shortcut for version 3.x or less, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if (typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+
+ document.write(
+ '<input type="hidden" name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ document.write(
+ '<input type=hidden name=certNickname value="">');
+ }
+ }
+else if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+}
+
+document.write(
+ '<input type="hidden" name="subject" value="">' +
+ '<input type="hidden" name="requestFormat" value="keygen">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+ first = j
+ End If
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ Else
+ TheForm.cryptprovider.selectedIndex = first
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html
new file mode 100644
index 000000000..d671b4b22
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html
@@ -0,0 +1,508 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>NIS Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'NISAuth' has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ //certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ null,
+ "setCRMFRequest();",
+ 1024, null, "rsa-dual-use");
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your NIS uid for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your NIS password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+NIS Based User Enrollment <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's NIS. With NIS based enrollment, you need only
+ supply your user ID and password for the NIS; the directory
+ supplies the rest of the information needed for certificate issuance.
+ If the user ID and password are correct your certificate will be issued
+ automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else
+ if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+</script>
+
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and password for your organization's NIS. This
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+ <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="30%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the length of key to specify.');
+ }
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td width="30%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td></table>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+ document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="NISAuth">');
+
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ //document.write(
+ //'<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+ document.writeln('</div> </td> </tr> </table>');
+</script>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html b/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html
new file mode 100644
index 000000000..33d3733ce
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html
@@ -0,0 +1,156 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request an OCSP Responder Certificate </TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+ with (form) {
+ if (pkcs10Request.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ // form.submit();
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+OCSP Responder Enrollment
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for an OCSP Responder's signing
+ certificate.
+<p>
+ After you click the Submit button, your request will be submitted to an
+ issuing agent for approval. The certificate will be emailed to you.
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+A PKCS #10 request is generated by the software that will provide OCSP responses for your CA.
+Paste the OCSP responder's PKCS #10 request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+ </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+ If you have additional comments for the person who will process your
+ certificate request, write them here.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="pkcs10">
+ <input type="hidden" name="certType" value="ocspResponder">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="false" name="ssl_client">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html b/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html
new file mode 100644
index 000000000..820c1aa55
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html
@@ -0,0 +1,213 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request an Object Signing Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function setSignType(f)
+{
+ if ((f.certType.options[0].selected)) {
+ alert("You must select Signing-Type");
+ return;
+ }
+ else if (f.certType.options[1].selected)
+ f.object_signing.value = true;
+ else if (f.certType.options[2].selected)
+ f.object_signing.value = false;
+}
+
+function validate(form)
+{
+ if ((form.certType.options[0].selected)) {
+ alert("You must select Signing-Type");
+ return false;
+ }
+
+ with (form) {
+ if (pkcs10Request.value == "")
+ {
+ alert("You must enter the base64-encoded certificate request.");
+ return false;
+ }
+ if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+ alert("You must supply a name and either a phone number or an email address.");
+ return false;
+ }
+ }
+ // form.submit();
+ return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Object Signing Certificate Enrollment</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for an object signing certificate. After you click the Submit button, your request will be submitted to an issuing agent for approval. When an issuing agent has approved your request you will receive the certificate in email, along with instructions for installing it.
+</font>
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>PKCS #10 Request</b><br>
+ Paste the PKCS #10 request into this text area.
+ </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="HIDDEN" value="true" name="ObjectSigning">
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2" valign="TOP">&nbsp;</td>
+ </tr>
+
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>
+ Select Signing Type
+ </b><br>
+ </font>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select a signing type that the certificate will be used. </font></td>
+ </tr>
+
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Signing Type: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <SELECT NAME="certType" onchange="setSignType(document.forms[0])">
+ <OPTION value="" SELECTED>Select Signing-Type
+ <OPTION value="client">Netscape Object-Signing
+ <OPTION value="codeSignClient">Microsoft Authenticode
+ </SELECT>
+ </td>
+ </tr>
+
+
+ <tr>
+ <td colspan="2" valign="TOP">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ <b>Contact Information<br></b>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorName" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorEmail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="csrRequestorPhone" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">&nbsp;</td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Additional Comments </b><br>
+ If you have any additional comments for the person who will process
+ your certificate request, write them here. </font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="pkcs10">
+ <!-- <input type="hidden" name="certType" value="client">-->
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" value="true" name="object_signing">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="key_certsign" value=true>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ <input type=hidden name="reencodeSubjectName" value="true">
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html b/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html
new file mode 100644
index 000000000..8f3a373b4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html
@@ -0,0 +1,751 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Portal User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'PortalEnroll' has been configured in the console.
+
+
+var crmfObject;
+
+function updateFullName(f)
+{
+ f.cn.value = f.givenname.value + " " + f.sn.value;
+}
+
+function validate(form)
+{
+ with (form) {
+ if (uid.value == "") {
+ alert("You must supply your uid");
+ return false;
+ }
+ if (userPassword.value == "") {
+ alert("You must supply your Password");
+ return false;
+ }
+ if (userPassword.value != passwordagain.value) {
+ alert("Check your Password");
+ return false;
+ }
+ if (givenname.value == "") {
+ alert("You must supply your First Name");
+ return false;
+ }
+ if (sn.value == "") {
+ alert("You must supply your Last Name");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ //var keyGenAlg = "rsa-ex";
+ var keyGenAlg = "rsa-dual-use";
+ // generate keys for nsm.
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ certNickname.value = uid.value;
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.uid.Value <> Empty) Then
+ If doubleQuotes(TheForm.uid.Value) = True Then
+ MsgBox "Double quotes are not allowed in the uid field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.uid.Value = Empty) Then
+ ret = MsgBox("You must supply your UID for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.userPassword.Value = Empty) Then
+ ret = MsgBox("You must supply your Password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.userPassword.Value <> TheForm.passwordagain.Value) Then
+ ret = MsgBox("You must supply consistent Password", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.givenname.Value = Empty) Then
+ ret = MsgBox("You must supply your First Name for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.sn.Value = Empty) Then
+ ret = MsgBox("You must supply your Last Name for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 0
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Portal User Enrollment <br>
+</font>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate and user registration.
+ This form models the standard object class "inetOrgPerson" which has many useful attributes
+ which can be used in real portal deployment.
+ Supply your user ID and password to validate your identity. Also, first name
+ and last name have to be provided for user registration. Other fields are optional; the server
+ supplies the rest of the information needed for certificate issuance.
+ If the user ID is unique, your certificate will be issued and user registration
+ will be done automatically.
+ </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+ Important:
+ </b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer on which you
+ plan to use your certificate. </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+//<!--
+ if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else if ((navigator.appName == "Netscape" &&
+ typeof(crypto.version) != "undefined")) {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment">');
+ } else {
+ document.write(
+ '<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+ }
+//-->
+</script>
+
+<!-- User identity ------- -->
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b><br>
+Enter your user ID and Password. This
+information will be used to verify your identity and to obtain a certificate.<br>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* User ID: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="uid" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="userPassword" AutoComplete=off size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirm Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="passwordagain" AutoComplete=off size="30">
+ </td>
+ </tr>
+
+<!-- User information ------- -->
+
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Personal Information</b><br>
+Enter your personal information for registration. This
+information will be used for user registration.<br>(* = required field)<br>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* First Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="givenname" size="30" onchange="updateFullName(this.form)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* Last Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="sn" size="30" onchange="updateFullName(this.form)">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Full Name: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="cn" size="40">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="mail" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization unit: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="ou" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="o" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Address: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="postaladdress" size="40">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">City: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="l" size="30">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">State/Province: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="st" size="5">
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">ZIP Code: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="postalcode" size="10">
+ </td>
+ </tr>
+<!-- Notice to Administrator -->
+<!--
+*********************************************************************************
+**** When you want to add following fields into enrollment page. **
+**** The field name should be the same with the attribute name in objectclass **
+*********************************************************************************
+-->
+
+<!---------- Business Category
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Business Category: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="businesscategory" size="30">
+ </td>
+ </tr>
+----------->
+<!---------- Car License
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Car License: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="carlicense" size="30">
+ </td>
+ </tr>
+----------->
+<!---------- Department Number
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Department Number: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="departmentnumber" size="10">
+ </td>
+ </tr>
+----------->
+<!---------- Description
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Description: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="description" size="10">
+ </td>
+ </tr>
+----------->
+<!-- destinationindicator, displayname, employeenumber, employeetype, facsimiletelephonenumber,
+ homephone, homepostaladdress, initials, internationalisdnnumber, ipegphoto, labeleduri,
+ mail, manager, mobile, o, ou, pager, photo, physicaldeliveryofficename, postofficebox,
+ preferreddeliverymethod, preferredlanguage, registeredaddress, roomnumber, secretary,
+ seealso, telephonenumber, teletexterminalidentifier, telexnumber, title, userpkcs12,
+ usersmimecertificate, x121address, x500uniqueidentifier
+----------->
+
+ <tr>
+ </tr>
+
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <!-- for Netscape Certificate Type Extension -->
+ <input type="HIDDEN" name="email" value="true">
+ <input type="HIDDEN" name="ssl_client" value="true">
+ <!-- for Key Usage Extension -->
+ <input type="HIDDEN" name="digital_signature" value=true>
+ <input type="HIDDEN" name="non_repudiation" value=true>
+ <input type="HIDDEN" name="key_encipherment" value=true>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+ if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<b>Key Length Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln('Select the length of the key to generate. '+
+ 'The longer the key length, the greater the strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the length of key to specify.');
+ }
+ //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+ //document.writeln('Select the length of the key to generate. '+
+ // 'The longer the key length, the greater the strength. '+
+ // 'You may want to check with your system administrator about '+
+ // 'the length of key to specify.');
+ //}
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+ 'system administrator about the provider to specify.');
+
+ document.writeln('<p>');
+ }
+</script>
+ </font></td></tr>
+ <tr>
+<script lang=javascript>
+
+//<!--
+ if (navigator.appName == "Netscape") {
+ if (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined") {
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.write('<td>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ }
+ //else {
+ //alert('nsm');
+ //document.writeln('<SELECT NAME=\"keyLength\">');
+ //document.writeln('<OPTION VALUE=512>512 bits');
+ //document.writeln('<OPTION VALUE=768>768 bits');
+ //document.writeln('<OPTION VALUE=1024>1024 bits');
+ //document.writeln('</SELECT>');
+ //}
+ document.write('</td>');
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+ }
+//-->
+
+</script>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+<script lang=javascript>
+//<!--
+ if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+ // short cut for Nav 3.x or eariler, crypto is not defined
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ } else if (navigator.appName == "Netscape" &&
+ typeof(crypto.version) == "undefined") {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln(
+ '<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+ }
+ else {
+ // alert('nsm');
+ document.writeln(
+ '<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+ }
+//-->
+</script>
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ <input type="hidden" name="certType" value="client">
+ <input type="hidden" name="authenticator" value="PortalEnrollment">
+<script lang=javascript>
+//<!--
+ if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ //alert('cmmf response');
+ document.write(
+ '<input type=hidden name=CRMFRequest value="">');
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+ document.write(
+ '<input type=hidden name=certNickname value="">');
+ }
+ else {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+ }
+ else if ((navigator.appName == "Microsoft Internet Explorer")||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ //alert('pkcs10Request');
+ document.write(
+ '<input type="hidden" name="pkcs10Request" value="">');
+ }
+//-->
+</script>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileList.template b/base/ca/shared/webapps/ca/ee/ca/ProfileList.template
new file mode 100644
index 000000000..fc063e152
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileList.template
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to select a certificate profile for the request.
+<p>
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
+width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+<script language=javascript>
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Name</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Description</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+ if (recordSet[i].profileIsVisible != 'true') {
+ continue;
+ }
+ document.writeln('<tr>');
+ if (recordSet[i].profileIsEnable == 'true') {
+ document.writeln('<td><li>');
+ document.writeln('<a href="profileSelect?profileId=' +
+ recordSet[i].profileId + '">');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' + recordSet[i].profileName + '</FONT>');
+ document.writeln('</a>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(recordSet[i].profileDesc);
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ }
+ document.writeln('</tr>');
+} // for
+document.writeln('</table>');
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
new file mode 100644
index 000000000..bcb047dbf
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -0,0 +1,865 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit the request.
+<p>
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
+width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var dual = 'false';
+var encryptionKeyOnly = 'false';
+var signingKeyOnly = 'false';
+
+var keyList = new Array();
+var key = new Object();
+key.type = "RSA";
+keyList[0] = key;
+var key = new Object();
+key.type = "EC";
+keyList[1] = key;
+
+function keyTypeOptions (keyPurpose)
+{
+ var keyType = "RSA";
+
+ for (var i = 0; i < policySetListSet.length; i++) {
+ for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+ if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") {
+ for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) {
+ if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") {
+ if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") {
+ if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+ keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ var keyFound = 0;
+ for (var i = 0; i < keyList.length; i++) {
+ if (keyList[i].type == keyType) {
+ keyFound = 1;
+ }
+ }
+ if (keyFound == 0) {
+ keyType = "RSA";
+ }
+ if ((navigator.appName == "Microsoft Internet Explorer") &&
+ ((navigator.appVersion).indexOf("NT 6.") == -1)) {
+ keyType = "RSA";
+ }
+
+ return keyType;
+}
+
+function translateCurveName (name)
+{
+ var translated = "";
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ if (name == "nistp256" || name == "ECDSA_P256") {
+ translated = "ECDSA_P256";
+ } else if (name == "nistp384" || name == "ECDSA_P384") {
+ translated = "ECDSA_P384";
+ } else if (name == "nistp521" || name == "ECDSA_P521") {
+ translated = "ECDSA_P521";
+ }
+ } else {
+ if (name == "ECDSA_P256") {
+ translated = "nistp256";
+ } else if (name == "ECDSA_P384") {
+ translated = "nistp384";
+ } else if (name == "ECDSA_P521") {
+ translated = "nistp521";
+ } else {
+ translated = name;
+ }
+ }
+ return translated;
+}
+
+function keyLengthsCurvesOptions (keyPurpose)
+{
+ var keyType = "RSA";
+ var options = "";
+ var lengthsOrCurves = null;
+ var keyLengthsCurves = "";
+
+ for (var i = 0; i < policySetListSet.length; i++) {
+ for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+ if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") {
+ for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) {
+ if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") {
+ if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") {
+ if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+ keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
+ }
+ }
+ }
+
+ if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+ if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyParameters") {
+ keyLengthsCurves = policySetListSet[i].policySet[j].constraintSet[k].value;
+ lengthsOrCurves = keyLengthsCurves.split(",");
+ }
+ }
+ }
+ }
+ }
+ }
+ if ((navigator.appName == "Microsoft Internet Explorer") &&
+ ((navigator.appVersion).indexOf("NT 6.") == -1)) {
+ keyType = "RSA";
+ }
+
+ var value = 0;
+ var l = 0;
+ for (l = 0 ; l < lengthsOrCurves.length; l++) {
+ var included = true;
+
+ value = lengthsOrCurves[l];
+
+ if (keyType != "EC" && !isNumeric(value)) {
+ included = false;
+ } else if (keyType == "EC" &&
+ navigator.appName == "Microsoft Internet Explorer" &&
+ value != "nistp256" && value != "nistp384" && value != "nistp521" &
+ value != "ECDSA_P256" && value != "ECDSA_P384" && value != "ECDSA_P521") {
+ included = false;
+ }
+
+ if (included) {
+ if (keyType == "EC") {
+ options += '<OPTION VALUE="' + translateCurveName(value) + '"';
+ } else {
+ options += '<OPTION VALUE="' + value + '"';
+ }
+ if (i == 0) {
+ options += ' SELECTED';
+ }
+ options += '>' + value;
+ }
+ }
+
+ if (options.length == 0) {
+ if (keyType != "EC") {
+ options = '<OPTION VALUE=1024 SELECTED>1024';
+ } else {
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ options = '<OPTION VALUE="ECDSA_P256">nistp256';
+ } else {
+ options = '<OPTION VALUE="nistp256">nistp256';
+ }
+ }
+ }
+ //alert("options="+options);
+
+ return options;
+}
+
+function isNumeric(sText)
+{
+ var validChars = "0123456789";
+ var isNumber=true;
+ var char;
+
+ if( !sText)
+ return false;
+
+ for (i = 0; i < sText.length && isNumber == true; i++) {
+ char = sText.charAt(i);
+ if (validChars.indexOf(char) == -1) {
+ isNumber = false;
+ }
+ }
+ return isNumber;
+}
+
+function validate()
+{
+ if (keygen_request == 'false')
+ return false;
+ with (document.forms[0]) {
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ // Note: This archival text below only applies to CS 7.1 and earlier:
+
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+ var keyTransportCert = null;
+
+
+ if (typeof(transportCert) != "undefined" && transportCert != "") {
+ // from CS7.2, transport certificate will be
+ // inserted automatically
+ keyTransportCert = transportCert;
+ }
+ // generate keys for nsm.
+ if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ var encKeyType = "rsa-ex";
+ var signKeyType = "rsa-sign";
+ var dualKeyType = "rsa-dual-use";
+ var encKeyParams = null;
+ var encKeySize = 1024;
+ var signKeyParams = null;
+ var signKeySize = 1024;
+ var keyParams = null;
+ // Give this default because the ECC crytpo codes requires and integer
+ // for this value even if presenting ECC curve name parameter.
+ var keySize = 1024;
+
+ try {
+ if (dual == 'true') {
+
+ if (keyTypeOptions("encryption") == "EC") {
+ encKeyType = "ec-ex";
+ encKeyParams = "curve=" + encKeyParam.value;
+ } else {
+ encKeySize = parseInt(encKeyParam.value);
+ }
+
+ if (keyTypeOptions("signing") == "EC") {
+ signKeyType = "ec-sign";
+ signKeyParams = "curve=" + signKeyParam.value;
+ } else {
+ signKeySize = parseInt(signKeyParam.value);
+ }
+
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=x", "regToken", "authenticator",
+ keyTransportCert, "setCRMFRequest();",
+ encKeySize, encKeyParams, encKeyType,
+ signKeySize, signKeyParams, signKeyType);
+ } else {
+ if (encryptionKeyOnly == 'true') {
+ if (keyTypeOptions("") == "EC") {
+ dualKeyType = "ec-ex";
+ keyParams = "curve=" + keyParam.value;
+ } else {
+ dualKeyType = "rsa-ex";
+ keySize = parseInt(keyParam.value);
+ }
+ } else if (signingKeyOnly == 'true') {
+ if (keyTypeOptions("") == "EC") {
+ dualKeyType = "ec-sign";
+ keyParams = "curve=" + keyParam.value;
+ } else {
+ dualKeyType = "rsa-sign";
+ keySize = parseInt(keyParam.value);
+ }
+ keyTransportCert = null;
+ } else {
+ if (keyTypeOptions("") == "EC") {
+ dualKeyType = "ec-dual-use";
+ keyParams = "curve=" + keyParam.value;
+ } else {
+ keySize = parseInt(keyParam.value);
+ }
+ keyTransportCert = null;
+ }
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=x", "regToken", "authenticator",
+ keyTransportCert, "setCRMFRequest();",
+ keySize, keyParams, dualKeyType);
+ }
+ } catch (e) {
+ if (typeof(crmfObject) == "undefined" || crmfObject == null) {
+ alert("Error generating CRMF request.");
+ }
+ }
+ }
+ return false;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ cert_request.value = crmfObject.request;
+ submit();
+ }
+}
+
+</SCRIPT>
+
+
+<script language=javascript>
+ var uri = 'profileSubmit';
+ if (typeof(authName) != "undefined") {
+ if (authIsSSLClientRequired == 'true') {
+ uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient';
+ }
+ }
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ if ((navigator.appVersion).indexOf("NT 6.") > -1) {
+ document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>");
+ } else {
+ document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
+ }
+ document.writeln('<form name="ReqForm" onSubmit="if (checkRequest()) {return true;} else {window.location.reload(); return false;}" method="post" action="' + uri + '">');
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.writeln('<form name="ReqForm" onSubmit="return validate();" method="post" action="' + uri + '">');
+ } else {
+ document.writeln('<form name="ReqForm" method="post" action="' + uri + '">');
+ }
+</script>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'Get OS Version, works for Vista and below only
+Function GetOSVersion
+ dim agent
+ dim result
+ dim pos
+
+ agent = Navigator.appVersion
+ pos = InStr(agent,"NT 6.")
+
+ If pos > 0 Then
+ GetOSVersion = 6 ' Vista
+ Exit Function
+ End If
+
+ pos = InStr(agent,"NT 5.")
+
+ If pos > 0 Then
+ GetOSVersion = 5 ' XP etc
+ Exit Function
+ End If
+
+' Default
+ GetOSVersion = 5
+End Function
+
+Function checkRequest
+ Dim TheForm
+ Dim szName
+ Dim options
+ Dim osVersion
+ Dim result
+ Dim keyLen
+ Dim keyParameter
+ Dim keyIndex
+ Set TheForm = Document.ReqForm
+
+ checkRequest = False
+
+ keyIndex = TheForm.all.keyLength.options.selectedIndex
+ If (IsNumeric(TheForm.all.keyLength.options(keyIndex).value)) Then
+ keyLen = CInt (TheForm.all.keyLength.options(keyIndex).value)
+ keyParameter = ""
+ Else
+ keyLen = 0
+ keyParameter = TheForm.all.keyLength.options(keyIndex).value
+ End If
+
+ osVersion = GetOSVersion()
+
+ If osVersion <> 6 Then 'Not Vista
+
+ ' Contruct the X500 distinguished name
+ szName = "CN=NAME"
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ ' adding 2 to "GenKeyFlags" will enable the 'High Security'
+ ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+ ' asking what level of protection you would like to give
+ ' the key - this varies from 'none' to 'confirm password
+ ' every time the key is used'
+ ' Enroll.GenKeyFlags = 1 ' key PKCS12-exportable
+ Enroll.GenKeyFlags = (65536 * (CLng(keyLen))) + 1
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Function
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Function
+ End If
+
+ TheForm.cert_request.Value = szCertReq
+
+ ' TheForm.Submit
+
+ Else 'Vista
+ Dim enrollment
+ Dim privateKey
+ Dim request
+ Dim csr
+ Dim objDN
+
+ 'certUsage is "1.3.6.1.5.5.7.3.2"
+
+ On Error Resume Next
+ 'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
+
+ If IsObject(g_objClassFactory) = False Then
+ result = MsgBox("Can't create Factory Object " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+
+ Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+
+ If IsObject(enrollment) = False Then
+ result = MsgBox("Can't create enroll Object! " & " Error: " & Err.number & " :" & Err.description,"")
+ Exit Function
+ End If
+
+ Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
+
+ If IsObject(privateKey) = False Then
+ result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+
+ Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
+
+ If IsObject(request) = False Then
+ result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+
+ Set algobj = g_objClassFactory.CreateObject( "X509Enrollment.CObjectId" )
+ If IsObject(algobj) = False Then
+ result = MsgBox("Can't create OID Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+ algobj.InitializeFromAlgorithmName XCN_CRYPT_ANY_GROUP_ID, XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlagsNone, keyParameter
+ privateKey.Algorithm = algobj
+
+
+ privateKey.KeySpec= "1"
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ privateKey.ProviderType = index
+ privateKey.ProviderName = options(index).text
+ If keyLen > 0 Then
+ privateKey.Length = keyLen
+ End If
+
+ szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value
+
+ Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
+
+ If IsObject(objDN) = False Then
+ result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+
+ objDN.Encode szName,0
+
+ request.InitializeFromPrivateKey 1,privateKey,""
+ request.Subject = objDN
+
+ enrollment.InitializeFromRequest(request)
+ csr=enrollment.CreateRequest(1)
+
+ If len(csr) = 0 Then
+ result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+ End If
+
+ TheForm.cert_request.Value = csr
+
+ End If
+ checkRequest = True
+End Function
+
+-->
+</SCRIPT>
+
+<script language=javascript>
+if (errorCode == 0) {
+document.writeln('<br>');
+document.writeln('<b>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile - ' + profileName);
+document.writeln('</FONT>');
+document.writeln('</b>');
+document.writeln('<p>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</FONT>');
+document.writeln('<p>');
+if (typeof(authName) != "undefined") {
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>');
+document.writeln('Authentication - ' + authName);
+document.writeln('</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(authDesc);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+for (var i = 0; i < authListSet.length; i++) {
+ document.writeln('<tr>');
+ document.writeln('<td width=40%>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<li>');
+ document.writeln(authListSet[i].authName);
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ if (authListSet[i].authSyntax == 'string') {
+ document.writeln('<input type=text name=' + authListSet[i].authId + '>');
+ } else if (authListSet[i].authSyntax == 'password') {
+ document.writeln('<input type=password name=' + authListSet[i].authId + '>');
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+}
+document.writeln('</table>');
+}
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>');
+document.writeln('Inputs');
+document.writeln('</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+for (var m = 0; m < inputPluginListSet.length; m++) {
+ document.writeln('<tr>');
+ document.writeln('<td spancol=2>');
+ document.writeln('<b>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(inputPluginListSet[m].inputPluginName);
+ document.writeln('</FONT>');
+ document.writeln('</b>');
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ for (var n = 0; n < inputListSet.length; n++) {
+ if (inputPluginListSet[m].inputPluginId != inputListSet[n].inputPluginId)
+ continue;
+ document.writeln('<tr>');
+ document.writeln('<td width=40%>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('<li>');
+ document.writeln(inputListSet[n].inputName);
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ if (inputListSet[n].inputSyntax == 'string') {
+ document.writeln('<input type=text name=' + inputListSet[n].inputId + '>');
+ } else if (inputListSet[n].inputSyntax == 'cert_request') {
+ document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>');
+ } else if (inputListSet[n].inputSyntax == 'cert_request_type') {
+ document.writeln('<select name=' + inputListSet[n].inputId + '><option value="pkcs10">PKCS#10</option><option value="crmf">CRMF</option></select>');
+ } else if (inputListSet[n].inputSyntax == 'dual_keygen_request') {
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>');
+ document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
+ document.write(keyTypeOptions("encryption")+'&nbsp;&nbsp;(Encryption),&nbsp;&nbsp;</FONT>');
+ document.write('<SELECT NAME="signKeyParam">'+keyLengthsCurvesOptions("signing")+'</SELECT>');
+ document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
+ document.write(keyTypeOptions("signing")+'&nbsp;&nbsp;(Signing)</FONT>');
+ document.writeln('<input type=hidden name=cert_request value="">');
+ dual = 'true';
+ } else {
+ document.writeln('Not Supported<input type=hidden name=cert_request value="">');
+ }
+ } else if ((inputListSet[n].inputSyntax == 'keygen_request') ||
+ (inputListSet[n].inputSyntax == 'enc_keygen_request') ||
+ (inputListSet[n].inputSyntax == 'sign_keygen_request')) {
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
+ document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>');
+ document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('&nbsp;&nbsp;&nbsp;'+keyTypeOptions("")+'&nbsp;&nbsp;');
+ if (inputListSet[n].inputSyntax == 'keygen_request') {
+ document.write('(Encryption and Signing)</FONT>');
+ } else if (inputListSet[n].inputSyntax == 'enc_keygen_request') {
+ document.write('(Encryption)</FONT>');
+ encryptionKeyOnly = 'true';
+ } else if (inputListSet[n].inputSyntax == 'sign_keygen_request') {
+ document.write('(Signing)</FONT>');
+ signingKeyOnly = 'true';
+ }
+ document.writeln('<input type=hidden name=cert_request value="">');
+ } else {
+ document.writeln('<KEYGEN name=' + inputListSet[n].inputId + '>');
+ }
+ } else if (inputListSet[n].inputSyntax == 'dual_keygen_request_type') {
+ keygen_request = 'true';
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
+ } else {
+ document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
+ }
+ } else if ((inputListSet[n].inputSyntax == 'keygen_request_type') ||
+ (inputListSet[n].inputSyntax == 'enc_keygen_request_type') ||
+ (inputListSet[n].inputSyntax == 'sign_keygen_request_type')) {
+ keygen_request = 'true';
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>');
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
+ } else {
+ document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>');
+ }
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ }
+}
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<input type=hidden name=profileId value="' +
+ profileId + '">');
+document.writeln('<input type=hidden name=renewal value="' +
+ renewal + '">');
+document.writeln('<input type=hidden name=xmlOutput value="' +
+ xmlOutput + '">');
+} else {
+ document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".');
+}
+</script>
+<p>
+<p>
+<script language=javascript>
+if (errorCode == 0) {
+ if (navigator.appName == "Microsoft Internet Explorer") {
+ if (typeof(keygen_request) != "undefined") {
+ document.writeln('<input type=submit value="Submit">');
+ } else {
+ document.writeln('<input type=submit value="Submit">');
+ }
+ } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") {
+ document.writeln('<input type=submit value="Submit">');
+ } else {
+ document.writeln('<input type=submit value="Submit">');
+ }
+} else {
+}
+
+</script>
+<SCRIPT LANGUAGE=VBS>
+<!--
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim firstE
+ Dim firstS
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Dim osVersion
+ Dim result
+ osVersion = GetOSVersion()
+
+ If osVersion <> 6 Then 'Not Vista
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+ first = i
+ End If
+ If temp = "Microsoft Strong Cryptographic Provider" Then
+ firstS = i
+ End If
+ If temp = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ firstE = i
+ End If
+ TheForm.cryptprovider.add(el)
+ If firstE > 0 Then
+ TheForm.cryptprovider.selectedIndex = firstE
+ ElseIf firstS > 0 Then
+ TheForm.cryptprovider.selectedIndex = firstS
+ ElseIf first > 0 Then
+ TheForm.cryptprovider.selectedIndex = first
+ Else
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+ Else 'Vista
+ Dim csps
+ Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations")
+ If IsObject(csps) = False Then
+ result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+ Exit Function
+
+ End If
+ csps.AddAvailableCsps()
+ 'result = MsgBox(csps.Count,0,"Number of CSPS")
+
+ Dim curName
+ Dim csp
+ Dim selected
+ Dim selectedS
+ Dim selectedE
+ Dim selectedEC
+ selected = -1
+ selectedS = -1
+ selectedE = -1
+ selectedEC = -1
+ For i = 0 to csps.Count-1
+
+ curName = csps.ItemByIndex(i).Name
+ If len(curName) > 0 Then
+ Set csp = document.createElement("OPTION")
+ csp.text = curName
+ csp.value = 1
+ TheForm.cryptprovider.add(csp)
+
+ If curName = "Microsoft Base Cryptographic Provider v1.0" Then
+ selected = i
+ End If
+ If curName = "Microsoft Strong Cryptographic Provider" Then
+ selectedS = i
+ End If
+ If curName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+ selectedE = i
+ End If
+ If curName = "Microsoft Software Key Storage Provider" Then
+ selectedEC = i
+ End If
+ 'result = MsgBox(curName,0,"")
+ End If
+ Next
+ If selectedEC >= 0 Then
+ TheForm.cryptprovider.selectedIndex = selectedEC
+ ElseIf selectedE >= 0 Then
+ TheForm.cryptprovider.selectedIndex = selectedE
+ ElseIf selectedS >= 0 Then
+ TheForm.cryptprovider.selectedIndex = selectedS
+ ElseIf selected >= 0 Then
+ TheForm.cryptprovider.selectedIndex = selected
+ Else
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ End If
+End Function
+
+-->
+</SCRIPT>
+</form>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html
new file mode 100644
index 000000000..90d50864d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Certificate Profile Based Enrollment Form</TITLE>
+</head>
+<body>
+<form name="ReqForm" method="post" action="profileSubmit">
+<input type=hidden name=request_type value="keygen">
+<KEYGEN name="request">
+<input type=submit name=Enroll value="Enroll">
+</form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template
new file mode 100644
index 000000000..ce1ec122e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template
@@ -0,0 +1,137 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+ <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif"
+width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script language=javascript>
+
+var autoImport = 'false';
+
+if (errorCode == 0) { // processed
+ document.write('Congratulations, your request has been processed successfully ');
+ document.writeln('<P>');
+ for (var i = 0; i < requestListSet.length; i++) {
+ document.write('Your request ID is ');
+ document.write('<B>'+requestListSet[i].requestId+'</B>.');
+ document.writeln('<P>');
+ }
+ document.writeln('<b>');
+ document.writeln('Outputs');
+ document.writeln('</b>');
+ document.writeln('<P>');
+ document.writeln('<table width=100%>');
+for (var i = 0; i < outputListSet.length; i++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+ document.writeln('<li>');
+ document.writeln(outputListSet[i].outputName);
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ document.writeln('<tr valign=top>');
+ document.writeln('</tr>');
+ document.writeln('<td>');
+ if (outputListSet[i].outputSyntax == 'string') {
+ document.writeln(outputListSet[i].outputVal);
+ } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+ document.writeln('<pre>');
+ document.writeln(outputListSet[i].outputVal);
+ document.writeln('</pre>');
+ }
+ document.writeln('</td>');
+ document.writeln('</tr>');
+}
+ document.writeln('</table>');
+ document.writeln('<p>');
+ document.writeln('<table width=100%>');
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+ document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+ document.writeln('<li>');
+ document.writeln('Certificate Imports');
+ document.writeln('</FONT>');
+ document.writeln('</td>');
+ for (var i = 0; i < requestListSet.length; i++) {
+ document.writeln('<tr valign=top>');
+ document.writeln('<td>');
+if (autoImport == 'true') {
+ // only support one certificate import
+ var loc = "getCertFromRequest?requestId="+ requestListSet[i].requestId + "&importCert=true";
+ document.write("<iframe width='0' height='0' src='"+loc+"' </iframe>");
+} else {
+ document.writeln('<form method=post action="getCertFromRequest">');
+ if (navigator.appName == "Netscape") {
+ document.writeln('<input type=hidden name=importCert value=true>');
+ } else {
+ document.writeln('<input type=hidden name=importCert value=false>');
+ }
+ document.writeln('<input type=hidden name=requestId value=' + requestListSet[i].requestId + '>');
+ document.writeln('<input type=submit name="Import Certificate" value="Import Certificate">');
+ document.writeln('</form>');
+}
+ document.writeln('</td>');
+ document.writeln('</tr>');
+ }
+ document.writeln('</table>');
+} else if (errorCode == 1) { // not submitted
+ document.write('Sorry, your request is not submitted. The reason is "' + errorReason + '".');
+} else if (errorCode == 2) { // pending
+ document.write('Congratulations, your request has been successfully ');
+ document.write('submitted. ');
+ document.write('Your request will be processed when an authorized agent ');
+ document.writeln('verifies and validates the information in your request.');
+ document.writeln('<P>');
+ for (var i = 0; i < requestListSet.length; i++) {
+ document.write('Your request ID is ');
+ document.write('<B><a href="checkRequest?requestId=');
+ document.write(requestListSet[i].requestId);
+ document.write('">'+requestListSet[i].requestId+'</a></B>.');
+ document.writeln('<P>');
+ }
+ document.write('Your can check on the status of your request with ');
+ document.write('an authorized agent or local administrator ');
+ document.writeln('by referring to this request ID.');
+} else if (errorCode == 3) { // rejected
+ document.write('Sorry, your request has been rejected. The reason is "' + errorReason + '"');
+ document.writeln('<P>');
+ for (var i = 0; i < requestListSet.length; i++) {
+ document.write('Your request ID is ');
+ document.write('<B>'+requestListSet[i].requestId+'</B>.');
+ document.writeln('<P>');
+ }
+} else { // unknown state
+ document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".');
+}
+</script>
+</font>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template b/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template
new file mode 100644
index 000000000..cb840d296
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template
@@ -0,0 +1,217 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<HTML>
+<CMS_TEMPLATE>
+<TITLE>
+CS Renewal Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Renewal Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host '+result.fixed.host+'<BR>');
+//document.writeln('port '+result.fixed.port+'<BR>');
+//document.writeln('scheme '+result.fixed.scheme+'<BR>');
+//document.writeln('authority '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+ return parseInt(
+ navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln(
+ 'Congratulations, your certificate has been successfully renewed.');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln(
+ 'No more information on your renewed certificate is provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ // document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ //document.write('Serial number ');
+ //document.write('<BLOCKQUOTE><B><PRE>');
+ //document.writeln(result.recordSet[i].serialNo);
+ //document.write('</BLOCKQUOTE></B></PRE>');
+ document.writeln('<P>');
+ document.write(
+ 'Your renewed certificate in Base 64 encoded form:<BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].base64Cert);
+ document.write('</PRE>');
+ document.writeln('<P>');
+ document.write('Certificate Content: <BR>');
+ document.write('<PRE>');
+ document.writeln(result.recordSet[i].certPrettyPrint);
+ document.write('</PRE>');
+ }
+ }
+ // document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point but
+// it creates a javascript error that clobbers the result variable set in
+// the template.
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ if (result.fixed.crmfReqId != null) {
+ // alert('certNickname is '+result.fixed.certNickname);
+ // alert(result.fixed.cmmfResponse);
+ var errors = crypto.importUserCertificates(null,
+ result.fixed.cmmfResponse, false);
+ // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+ // result.fixed.cmmfResponse, false);
+
+ // NOTE: Alpha-1 version of cartman always returns a non-empty string
+ // from importUserCertificates() so we can only always assume succcess.
+ // Uncomment the following line and add appropriate javascripts/messages
+ // for use with a later version of cartman.
+
+ // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below
+ // to check for errors returned from importUserCertificates.
+ if (errors != '') {
+ document.writeln(
+ '<b>ERROR</b>Could not import the certificate into your browser '+
+ 'using nickname '+result.fixed.certNickname+'.<p>');
+ document.writeln(
+ 'The following error message was returned by the browser '+
+ 'when importing the certificate:');
+ document.writeln('<BLOCKQUOTE><PRE>');
+ document.writeln(errors);
+ document.writeln('</PRE></BLOCKQUOTE>');
+ }
+ else {
+ document.writeln(
+ 'Your certificate was successfully imported to the browser '+
+ 'with nickname '+result.fixed.certNickname);
+ }
+
+// document.writeln(
+// 'NOTE: Although the certificate was issued, the browser '+
+// 'may or may not have successfully imported the certificate. '+
+// 'The following was returned by the browser when importing '+
+// 'the certificate:');
+// document.writeln('<BLOCKQUOTE><PRE>');
+// document.writeln(errors);
+// document.writeln('</PRE></BLOCKQUOTE>');
+// document.writeln(
+// 'If there was an error message you can import the certificate again '+
+// 'by going to the end entity port and list the certificate by '+
+// 'its serial number.');
+ } else if (result.fixed.authorityName == 'Certificate Manager') {
+ alert("Success!!");
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+ } else {
+ alert("Success!!");
+ // this must be a RA
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true";
+ }
+} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3)) {
+ // non Cartman
+ if (result.fixed.authorityName == 'Certificate Manager') {
+ // non Cartman
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+ } else {
+ // this must be a RA
+ window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true";
+ }
+}
+
+//-->
+</SCRIPT>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+
+ ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template b/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template
new file mode 100644
index 000000000..d024a3d14
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template
@@ -0,0 +1,89 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Revocation Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Revocation Success
+</font>
+
+<P>
+The following certificate has been revoked:
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + absValue;
+}
+
+
+if (result.recordSet == null) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('0');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ document.write('Serial number ');
+ document.write('<BLOCKQUOTE><B><PRE>');
+ document.writeln(toHex(result.recordSet[i].serialNo));
+ document.write('</BLOCKQUOTE></B></PRE>');
+ document.write('</PRE></BLOCKQUOTE>');
+ }
+ }
+ document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html
new file mode 100644
index 000000000..f4798d473
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html
@@ -0,0 +1,472 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UdnPwdDirAuth' (LDAP directory enrollment)
+// has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (udn.value == "") {
+ alert("You must supply your dn");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ var keyGenAlg = "rsa-dual-use";
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.udn.Value <> Empty) Then
+ If doubleQuotes(TheForm.udn.Value) = True Then
+ MsgBox "Double quotes are not allowed in the dn field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.udn.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.udn.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory dn for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Directory Based User Enrollment
+</font>
+<br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's directory. With directory based enrollment, you need only
+ supply your user DN and password for the directory; the directory
+ supplies the rest of the information needed for certificate issuance.
+ If the user DN and password are correct your certificate will be issued
+ automatically.
+</font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <b>Important: </b></font>
+ </td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer
+ on which you plan to use your certificate.</font>
+ </td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+ typeof(crypto.version) != "undefined")) {
+ document.write('<form name="ReqForm" method="post" action="/enrollment">');
+} else {
+ document.write('<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+}
+//-->
+</script>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b>
+<br>
+ Enter your user DN and password for your organization's directory.
+ This information will be used to verify your identity and to obtain
+ information from the directory to fill in the certificate.
+<br>
+</font>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="25%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User DN: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="udn" size="45">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="25%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="45">
+ </td>
+ </tr>
+</table>
+
+<!-- for Netscape Certificate Type Extension -->
+<input type="HIDDEN" name="email" value="true">
+<input type="HIDDEN" name="ssl_client" value="true">
+<!-- for Key Usage Extension -->
+<input type="HIDDEN" name="digital_signature" value=true>
+<input type="HIDDEN" name="non_repudiation" value=true>
+<input type="HIDDEN" name="key_encipherment" value=true>
+<br>
+
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ document.writeln('</font>');
+
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ document.writeln('<tr><td width="25%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ document.write('</td></tr></table>');
+}
+
+
+if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key '+
+ 'encryption which is adequate for most applications today, '+
+ 'but you may select the Enhanced option if your browser offers '+
+ 'this choice and you require the higher encryption strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the provider to specify.');
+ document.writeln('</font>');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+}
+
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" '+
+ 'bgcolor="#cccccc" background="/pki/images/gray90.gif">');
+document.writeln('<tr><td width=100%> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined")) {
+ document.writeln('<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln('<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+} else {
+ document.writeln('<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+}
+
+document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDnEnrollment">');
+
+if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ document.write('<input type=hidden name=CRMFRequest value="">');
+ document.write('<input type=hidden name=cmmfResponse value=true>');
+ //document.write('<input type=hidden name=certNickname value="">');
+ } else {
+ document.write('<input type="hidden" name="importCert" value="off">');
+ }
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ document.write('<input type="hidden" name="pkcs10Request" value="">');
+}
+document.writeln('</div></td></tr></table>');
+//-->
+</script>
+
+</form>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html b/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html
new file mode 100644
index 000000000..df65046b6
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html
@@ -0,0 +1,98 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>User Certificate Renewal</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+</head>
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Renewal</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to renew your certificate automatically.
+ <p>
+ After you click the Submit button, a window will pop up with a list of
+ certificates you can send to the server. Select the
+ certificate you want to renew from this window.
+ </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b>
+ </font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to make this request on the same computer on which you plan to use
+ your renewed certificate.
+ </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<form method="post" action="/renewal">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>
+ </b><br>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="requestFormat" value="clientAuth">
+ <input type="hidden" name="certType" value="client">
+ <input type="hidden" name="doSslAuth" value="on">
+<script lang=javascript>
+//<!--
+ if (navigator.appName == 'Netscape') {
+ document.write(
+ '<input type="hidden" name="importCert" value="off">');
+ }
+//-->
+</script>
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html b/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html
new file mode 100644
index 000000000..83f0091a8
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>User Certificate Revocation Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Revocation</font><br>
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to revoke your certificate automatically.
+<p>
+ After you click the submit button, a window will pop up with a list of
+ certificates you can send to the server. Select the certificate you
+ want to revoke from this window.
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b>
+ </font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ This is an irreversible operation. If you still want to continue,
+ be sure to request revocation on the computer where the private key and
+ certificate to be revoked are stored.
+ </font></td>
+ </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<form method="post" action="revocation">
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>
+ Revocation Reason</b><br>
+Select a revocation reason</font></td>
+ </tr>
+ <tr>
+ <td valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ </font>
+ </div>
+ </td>
+ <td>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <input type="radio" checked name="reasonCode" value=0>
+ Unspecified<br>
+ <input type="radio" name="reasonCode" value=1>
+ Key Compromise<br>
+ <!--input type="radio" name="reasonCode" value=2-->
+ <!-- CA Compromise<br> -->
+ <input type="radio" name="reasonCode" value=3>
+ Affiliation Changed<br>
+ <input type="radio" name="reasonCode" value=4>
+ Superseded<br>
+ <input type="radio" name="reasonCode" value=5>
+ Cessation of Operation<br>
+ <!--input type="radio" name="reasonCode" value=6-->
+ <!--Certificate Hold<br>-->
+ <!--Value 7 is not used-->
+ <!--input type="radio" name="reasonCode" value=8-->
+ <!--Remove from CRL<br>-->
+ <input type="radio" name="reasonCode" value=9>
+ Privilege Withdrawn<br>
+ <!--input type="radio" name="reasonCode" value=10-->
+ <!--AA Compromise<br>-->
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">
+ <tr>
+ <td>
+ <div align="RIGHT">
+ <input type="submit" value="Submit" name="submit" width="72">
+ <input type="hidden" name="op" value="RevocationRequest">
+ <input type="hidden" name="certType" value="client">
+ <input type="hidden" name="templateType" value="RevocationConfirmation">
+ <input type="hidden" name="doSslAuth" value="on">
+ <img src="/pki/images/spacer.gif" width="6" height="6">
+ <input type="reset" value="Reset" name="reset" width="72">
+ </div>
+ </td>
+ </tr>
+ </table>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/bench2k.html b/base/ca/shared/webapps/ca/ee/ca/bench2k.html
new file mode 100755
index 000000000..ab667f47f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/bench2k.html
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+ <meta name="GENERATOR" content="Mozilla/4.5 [en] (WinNT; U) [Netscape]">
+ <title>benchmark1</title>
+</head>
+<body>
+This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>&nbsp;
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/checkRequest.html b/base/ca/shared/webapps/ca/ee/ca/checkRequest.html
new file mode 100644
index 000000000..2fbaa048d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/checkRequest.html
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Check Request Status</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Check Request Status</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to verify status of the specified certificate request.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<form ACTION="checkRequest" METHOD=POST>
+
+<p>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2>
+ <tr>
+ <td><input type=RADIO name="format" value="id" checked></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Enter a request identifying number (in decimal form).</font>
+ </td>
+ </tr>
+ <td></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Request identifier:&nbsp;</font>
+ <input type=text size=10 MAXLENGTH=99 name="requestId" value="">
+ </td>
+ </tr>
+
+</table>
+
+<p>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input type="submit" value="Submit" name="submit" width="72">
+ &nbsp;&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+</form>
+</body>
+</html>
+
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template b/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template
new file mode 100644
index 000000000..e9b4d72bf
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template
@@ -0,0 +1,224 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display Certificate</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+ navMajorVersion() > 3 &&
+ typeof(crypto.version) != "undefined") {
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(addEscapes(result.header.certPrettyPrint));
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<p>
+Base 64 encoded certificate with CA certificate chain in pkcs7 format
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.pkcs7ChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Importing this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To import the certificate into your client, click the following button.
+</font>
+<p>
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+ Sub ImportCertificate_OnClick
+
+ Dim pkcs7
+
+ On Error Resume Next
+
+ 'Convert the cert to PKCS7 format
+ pkcs7 = result.header.pkcs7ChainBase64
+ If (IsEmpty(pkcs7) OR theError <> 0) Then
+ ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+ Exit Sub
+ End If
+
+ 'Import the PKCS7 object
+ Enroll.DeleteRequestCert = FALSE
+ Enroll.WriteCertToCSP = true
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number <> 0 then
+ Enroll.WriteCertToCSP = false
+ end if
+ err.clear
+ Enroll.acceptPKCS7(pkcs7)
+ if err.number = 0 then
+ MsgBox "Certificate has been successfully imported."
+ else
+ sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+ MsgBox sz
+ end if
+
+ Exit Sub
+
+ End Sub
+-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+document.write("<center>");
+var loc = 'getBySerial?serialNumber='+ result.header.serialNumber;
+if (navigator.appName == "Netscape") {
+ loc = loc + '&importCert=true';
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+ loc = loc + '&cmmfResponse=true';
+ }
+}
+document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import Your Certificate\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+//document.write('<INPUT TYPE=BUTTON VALUE=\"Import Certificate\" NAME=\"ImportCertificate\">');
+
+if (navigator.appName == "Netscape" &&
+ result.header.emailCert != null &&
+ result.header.emailCert == true) {
+ var loc1 = 'getBySerial?serialNumber='+ result.header.serialNumber;
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+ loc1 = loc1 + '&cmmfResponse=true';
+ }
+ else {
+ loc1 = loc1 + '&importCert=true&emailCert=true';
+ }
+ document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+ ' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+ '</form>\n');
+}
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template b/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template
new file mode 100644
index 000000000..f8f306499
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template
@@ -0,0 +1,131 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Display Certificate</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+ navMajorVersion() > 3 &&
+ typeof(crypto.version) != "undefined") {
+ document.write(
+ '<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(result.header.certPrettyPrint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Downloading this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To download the certificate into your system, click the following button.
+</font>
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+document.write("<center>");
+var loc = '/getBySerial?serialNumber='+ result.header.serialNumber;
+document.write('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCRL.template b/base/ca/shared/webapps/ca/ee/ca/displayCRL.template
new file mode 100644
index 000000000..e829387c1
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/displayCRL.template
@@ -0,0 +1,227 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>CRL Info</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Certificate Revocation List
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doNext()
+{
+ var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+ result.header.crlIssuingPoint: "MasterCRL";
+ var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+ result.header.crlDisplayType: "entireCRL";
+ var loc = location.protocol + '//' + location.hostname + ':' +
+ location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+
+ '&crlDisplayType='+dt+'&pageStart='+
+ (parseInt(result.header.pageStart)+parseInt(document.displayCRLForm.pageSize.value))+
+ '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+ location.href = loc;
+}
+
+function doPrevious()
+{
+ var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+ result.header.crlIssuingPoint: "MasterCRL";
+ var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+ result.header.crlDisplayType: "entireCRL";
+ var loc = location.protocol + '//' + location.hostname + ':' +
+ location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+
+ '&crlDisplayType='+dt+'&pageStart='+
+ (parseInt(result.header.pageStart)-parseInt(document.displayCRLForm.pageSize.value))+
+ '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+ location.href = loc;
+}
+
+
+if (result.header.toDo != null && result.header.toDo == "displayCRL") {
+ if (result.header.crlNumber != null &&
+ (result.header.crlSize != null || result.header.deltaCRLSize != null) &&
+ result.header.crlIssuingPoint != null) {
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list summary</font></td></tr></table>');
+
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL issuing point:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlIssuingPoint+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL number:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlNumber+'</font></td></tr>');
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('Number of CRL entries:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ if (result.header.deltaCRLSize != null)
+ document.writeln(result.header.deltaCRLSize+'</font></td></tr>');
+ else
+ document.writeln(result.header.crlSize+'</font></td></tr>');
+ if (result.header.crlDescription != null) {
+ document.writeln('<tr><td align="right" width="40%">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('CRL issuing point description:</font></td>');
+ document.writeln('<td align="left">');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln(result.header.crlDescription+'</font></td></tr>');
+ }
+ document.writeln('</table><br>');
+ }
+ if (result.header.crlPrettyPrint != null) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list contents</font></td></tr></table>');
+ document.writeln('<pre>');
+ document.writeln(result.header.crlPrettyPrint);
+ document.writeln('</pre>');
+ }
+ if (result.recordSet.length > 0) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ document.writeln(result.recordSet[i].crlBase64Encoded);
+ }
+ document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+ document.writeln('</pre>');
+ } else if (result.header.crlBase64 != null) {
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+ document.writeln(result.header.crlBase64);
+ document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+ document.writeln('</pre>');
+ }
+ if (result.header.crlPrettyPrint == null &&
+ result.header.crlBase64 == null &&
+ result.recordSet.length == 0) {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate revocation list is not found.');
+ if (result.header.error != null) {
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:');
+ document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;');
+ document.writeln(result.header.error);
+ }
+ document.writeln('</font>');
+ }
+ if (result.header.crlSize != null &&
+ result.header.pageSize != null &&
+ result.header.pageStart != null &&
+ (parseInt(result.header.crlSize) > parseInt(result.header.pageSize))) {
+
+ document.writeln('<FORM NAME="displayCRLForm" ACTION="getCRL" METHOD=POST>');
+ document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+ document.writeln('<tr><td ALIGN=LEFT BGCOLOR="#E5E5E5">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ var upperLimit = 0;
+ if (parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1 >
+ parseInt(result.header.crlSize)) {
+ upperLimit = parseInt(result.header.crlSize);
+ } else {
+ upperLimit = parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1;
+ }
+ document.writeln(result.header.pageStart+'-'+upperLimit+
+ ' of '+result.header.crlSize+' CRL entries');
+ document.writeln('</font></td>');
+ document.writeln('<td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+ var n = 0;
+ if (parseInt(result.header.pageStart) > 1) {
+ document.writeln('<INPUT TYPE="button" VALUE="Previous" width="72"'+
+ ' onClick="doPrevious();">&nbsp;');
+ n++;
+ }
+ if (parseInt(result.header.pageStart) + parseInt(result.header.pageSize) - 1 <
+ parseInt(result.header.crlSize)) {
+ document.writeln('<INPUT TYPE="button" VALUE="Next" width="72"'+
+ ' onClick="doNext();">&nbsp;');
+ n++;
+ }
+ if (n > 0) {
+ document.writeln('<INPUT TYPE=text SIZE=4 MAXLENGTH=8 NAME=pageSize VALUE='+
+ result.header.pageSize+'>&nbsp;');
+ }
+
+ document.writeln('</td></tr></table>');
+ document.writeln('</FORM>');
+ }
+
+} else if (result.header.toDo != null &&
+ (result.header.toDo == "checkCRL" || result.header.toDo == "checkCRLcache")) {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ if (result.header.isOnCRL != null && result.header.isOnCRL == true &&
+ result.header.certSerialNumber != null) {
+ document.writeln('Certificate serial number '+
+ result.header.certSerialNumber +
+ ' is on the certificate revocation list.');
+ } else if (result.header.isOnCRL != null && result.header.isOnCRL == true) {
+ document.writeln('The requested certificate serial number'+
+ ' is on the certificate revocation list.');
+ } else if (result.header.isOnCRL != null && result.header.isOnCRL == false &&
+ result.header.certSerialNumber != null) {
+ document.writeln('Certificate serial number '+
+ result.header.certSerialNumber +
+ ' is not on the certificate revocation list.');
+ } else if (result.header.isOnCRL != null && result.header.isOnCRL == false) {
+ document.writeln('The requested certificate serial number'+
+ ' is not on the certificate revocation list.');
+ }
+ document.writeln('</font>');
+} else {
+ document.writeln('Unknown operation.');
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template b/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template
new file mode 100644
index 000000000..4e93919f5
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template
@@ -0,0 +1,111 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>CA Certificate Chain</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+CA Certificate Chain
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width=
+"100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (result.header.displayFormat == "chain") {
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">');
+ document.writeln('<center><b>' + result.header.subjectdn);
+ document.writeln('</b></center><p></font><br>');
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE-----');
+ document.writeln(result.header.chainBase64);
+ document.writeln('-----END CERTIFICATE-----');
+ document.writeln('</pre>');
+} else if (result.header.displayFormat == "individual") {
+ if (result.recordSet.length == 0) {
+ document.write(
+ "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">No Certificates Found in CA chain</font>\n");
+ } else {
+ document.write("\n"+
+ "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+ "Total number of certificates: "+ result.header.length +
+ "</font><p>\n");
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayCertificate(result.recordSet[i],i+1);
+ }
+ }
+} else {
+ document.writeln('Unknown operation.');
+}
+
+function displayCertificate(cert,i)
+{
+ document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">' + '\n' +
+ ' <tr>' + '\n' +
+ ' <td>&nbsp;</td>' + '\n' +
+ ' </tr>' + '\n' +
+ '</table>' + '\n' +
+ '<br>');
+ document.writeln("Certificate " + i + ": <p>");
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate Subject DN </font></td></tr></table>');
+ document.writeln('');
+ document.writeln("<b>"+cert.subjectdn+"</b><p>");
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate in base64 encoded format </font></td></tr></table>');
+ document.writeln('');
+ document.writeln('<pre>');
+ document.writeln('-----BEGIN CERTIFICATE-----');
+ document.writeln(cert.base64);
+ document.writeln('-----END CERTIFICATE-----');
+ document.writeln('</pre>');
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate Contents </font></td></tr></table>');
+ document.writeln("<pre>");
+ document.writeln(cert.certDetails);
+ document.writeln("</pre>");
+ document.writeln("<p>");
+ document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+ document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+ document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+ document.writeln('Certificate Fingerprint </font></td></tr></table>');
+ document.writeln('');
+ document.writeln("<p><pre>"+cert.fingerprints+"</pre></font><p>");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template b/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template
new file mode 100644
index 000000000..aafa17aca
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template
@@ -0,0 +1,177 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<script language="javascript">
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+
+ return sign + '0x' + '0' + absValue;
+}
+
+function displayCert(cert)
+{
+ document.writeln(
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'+
+ 'Certificate 0x'+ cert.serialNo+
+ '</font><br>');
+ document.writeln(
+ '<table border="0" cellspacing="0" cellpadding="0" '+
+ 'background="/pki/images/hr.gif" width="100%">'+
+ '<tr>'+
+ '<td>&nbsp;</td>'+
+ '</tr>'+
+ '</table>');
+
+ document.writeln(
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Certificate contents</font></td></tr></table>'+
+ '<pre>'+
+ cert.certPrettyPrint+
+ '</pre>');
+
+ document.writeln('<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Certificate fingerprint</font></td></tr></table>'+
+ '<pre>'+
+ cert.certFingerprint+
+ '</pre>'+
+ '</font>');
+
+ document.writeln('<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Installing this certificate in a server</font></td></tr></table>'+
+ '<p>'+
+ '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+ 'The following format can be used to install this certificate '+
+ 'into a server.'+
+ '</font>'+
+ '<p><pre>'+
+ //'-----BEGIN CERTIFICATE-----'+
+ cert.base64Cert+
+ //'-----END CERTIFICATE-----'+
+ '</pre>');
+
+}
+
+function importCertificates(numCerts, requestId)
+{
+ var grammar = 'this';
+ var plural = '';
+ if (numCerts > 1) {
+ grammar = 'these';
+ plural = 's'
+ }
+ document.writeln( '<p>'+
+ '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+ '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+ '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+ 'Importing certificate</font></td></tr></table>'+
+ '<p>'+
+ '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+ 'To import '+grammar+' certificate'+plural+' into your client, '+
+ 'click the following button.'+
+ '</font>'+
+ '<p>');
+
+ var loc = '/getCertFromRequest?requestId='+result.header.requestId;
+ if (navigator.appName == "Netscape") {
+ if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined")
+ loc = loc+'&cmmfResponse=true';
+ else
+ loc = loc + '&importCert=true';
+ }
+ document.writeln('<center>');
+ document.writeln('<form>\n'+
+ '<INPUT TYPE=\"button\" VALUE=\"Import Certificate'+
+ plural+'\"'+
+ ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+ '</form>\n');
+ document.writeln('</center>');
+}
+</script>
+
+<!--BODY bgcolor="white"-->
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+//document.writeln('<P>');
+//document.writeln('host '+result.fixed.host+'<BR>');
+//document.writeln('port '+result.fixed.port+'<BR>');
+//document.writeln('scheme '+result.fixed.scheme+'<BR>');
+//document.writeln('authority '+result.fixed.authorityName+'<BR>');
+
+//document.writeln('<P>');
+//document.writeln('Issued Certs: ');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+ document.writeln('<BLOCKQUOTE><B><PRE>');
+ document.writeln('No further details provided.');
+ document.writeln('Please consult your local administrator for assistance.');
+ document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+ //document.writeln('<UL>');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNo != null) {
+ displayCert(result.recordSet[i]);
+ }
+ }
+ //document.writeln('</UL>');
+ importCertificates(result.recordSet.length, result.header.requestId);
+
+}
+//document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html b/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html
new file mode 100644
index 000000000..cebdc1aec
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Enrollment Menu</title>
+</head>
+
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/index.html b/base/ca/shared/webapps/ca/ee/ca/index.html
new file mode 100644
index 000000000..80d8415d1
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/index.html
@@ -0,0 +1,388 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang="javascript" src="/ca/ee/cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+ // used by tabs.html
+ // don't call resize for IE - it sometimes crashes
+ if (navigator.appName == 'Netscape' &&
+ ((navMajorVersion() < 4) ||
+ (typeof(crypto.version) == "undefined"))) {
+ top.reloadTabs(-1);
+ }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+ this.name = name;
+ this.blackname = name.fontcolor('black');
+ this.whitename = name.fontcolor('white');
+ this.link = link;
+ this.menu = menu;
+ this.defaultIndex = defaultIndex;
+ this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+ top.tabs = new Array();
+
+ var name;
+ top.tabsCount=0;
+
+ name = 'Enrollment / Renewal';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html',
+ top.ProfileMenu, 1);
+ if (http != 'true') {
+ name = 'Revocation';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+ top.RevocationMenu, 0);
+ }
+
+ name = 'Retrieval';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+ top.RetrievalMenu, 0);
+
+ top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+ this.name = name;
+ this.link = link;
+ this.seldesc = desc.fontcolor('blue'); // text when selected
+ this.unseldesc = desc.fontcolor('black'); // text when unselected
+ this.desc = desc;
+}
+
+function initMenus()
+{
+ initProfileMenu();
+ if (http != 'true') {
+ initRevocationMenu();
+ }
+ initRecoveryMenu();
+ initRetrievalMenu();
+}
+
+function initProfileMenu()
+{
+ top.ProfileMenu = new Array();
+
+ var name = 'profileList';
+ top.ProfileMenu[0] = new menuItem(name, 'profileList',
+ 'List Certificate Profiles');
+}
+
+function tableItem(name, items)
+{
+ this.name = name;
+ this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+ // handle the case when no auth manager is configured
+ if (typeof(authmanager) == 'undefined') {
+ return false;
+ }
+ for (var k=0; k<authmanager.length; k++) {
+ if (authmanager[k] == name) {
+ return true;
+ }
+ }
+ return false;
+}
+
+function initRevocationMenu()
+{
+ top.RevocationMenu = new Array();
+
+ var name='usercert';
+ top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+ 'User Certificate');
+ //name='servercert';
+ //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+ // 'Server Certificate');
+
+ // name='othercert';
+ // top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+ // 'Certificate (challenge phrase-based)');
+ name='othercert';
+ top.RevocationMenu[1] = new menuItem(name, 'CMCRevReq.html',
+ 'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+ top.RecoveryMenu = new Array();
+ var name;
+
+ name = 'keyRecovery';
+ top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+ 'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+ top.RetrievalMenu = new Array();
+ var name;
+ var count=0;
+
+ name = 'checkrequest';
+ top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+ 'Check Request Status');
+
+ if (subsystemname != 'ra') {
+ name = 'listcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+ 'List Certificates');
+ name = 'searchcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+ 'Search Certificates');
+ }
+ name = 'getcachain';
+ top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+ 'Import CA Certificate Chain');
+
+ if (subsystemname != 'ra') {
+ name = 'reviewcrl';
+ if (clacrlurl != '') {
+ top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+ 'Import Certificate Revocation List');
+ } else {
+ top.RetrievalMenu[count++] = new menuItem(name, 'getInfo?template=/ee/ca/toDisplayCRL',
+ 'Import Certificate Revocation List');
+ }
+ }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+ with (top.left.document) {
+ writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+ writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+ writeln('<tr>');
+ writeln('<td>');
+
+ var selbgcol = '#cccccc'; // cell's background col when selected
+ var unselbgcol = '#cccccc'; // "" "" unselected
+
+ for (var k=0; k<menu.length; k++) {
+ writeln('<tr>');
+
+ // We check if the link is empty. If it is, this means the
+ // menu item should be rendered as a 'title'. See the
+ // 'Browser' heading in initEnrollMenu as an example
+
+ if (menu[k].link != '') {
+
+ if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+ // Draw the current element in 'selected' state
+
+ writeln('<td bgcolor="'+selbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].seldesc+'</b></a></font>'
+ );
+ }
+ else {
+ // Draw the current element in 'unselected' state
+
+ writeln('<td bgcolor="'+unselbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].unseldesc+'</b></a></font>'
+ );
+
+ }
+
+ }
+ else { // nice headers go here (enrollment menu)
+ writeln('<td bgcolor=white>'+
+ '<font face="PrimaSans BT, Verdana, sans-serif"'+
+ 'color=black>'+
+ '<b>'+
+ menu[k].desc+'</b></font>');
+ }
+
+
+ writeln('</td>');
+ writeln('</tr>');
+ }
+
+ writeln('</table>');
+ writeln('</td>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+ }
+
+}
+
+function reloadMenu(item)
+{
+ var curMenu = top.tabs[top.tabsSelectedIndex];
+ curMenu.currentIndex = item;
+ top.cms_content.location = curMenu.menu[item].link;
+ loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+ var tab = top.tabs[top.tabsSelectedIndex];
+ tab.currentIndex = 0;
+ top.cms_content.location = tab.menu[tab.currentIndex].link;
+ reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+ if (tabnum != -1) {
+ top.tabsSelectedIndex = tabnum;
+ }
+ top.reloadMenuAndContent();
+
+// if (navigator.appName != "Netscape") {
+// top.reloadMenu(top.tabs[tabnum].defaultIndex);
+// }
+
+ if ( navigator.appName == 'Netscape') {
+ top.tabsf.location.reload(false);
+ } else {
+ loadTabs();
+ }
+ if ( navigator.appName != 'Netscape') {
+ loadTabs();
+ }
+}
+
+
+
+function loadTabs()
+{
+ with (top.tabsf.document) {
+ writeln('<body onresize="top.doResize();" bgcolor="#4f52b5" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+ writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#4f52b5">');
+ writeln('<tr><td>');
+ writeln('<table border=0 cellspacing=12 cellpadding=0>');
+ writeln('<tr>');
+ writeln('<td><img src="/pki/images/logo_header.gif"></td>');
+ writeln('<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>');
+ if (subsystemname == 'ca') {
+ writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#cccccc" size="-2">&reg;</font></sup> Certificate Manager</b></font></td>');
+ } else {
+ writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b><b>Dogtag<sup><font color="#cccccc" size="-2">&reg;</font></sup> Registration Manager</b></font></td>');
+ }
+ writeln('</tr>');
+ writeln('</table>');
+
+ writeln('<table border=0 cellspacing="0" cellpadding="0">');
+ writeln('<tr>');
+ writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>');
+
+ var index = top.tabsSelectedIndex;
+ for (var j=0; j < top.tabsCount; j++) {
+ if (j == index) {
+ writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#cccccc" nowrap>');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+ top.tabs[j].blackname+
+ '</b></font></td>');
+ writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+
+ '</td>');
+ }
+ else {
+ writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#999999" nowrap>'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a onclick=javascript:top.reloadTabs("'+
+ j+'"); href='+
+ top.tabs[j].link+' target="left"><b>'+
+ top.tabs[j].whitename+'</b></a></font></td>');
+ writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>');
+ }
+ }
+
+ writeln('</tr>');
+ writeln('</table></td></tr>');
+ writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+
+ }
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*">
+ <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+ <frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+ <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+ </frameset>
+ <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html
new file mode 100644
index 000000000..74c3080f0
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html
@@ -0,0 +1,556 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang="javascript" src="../cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+ // used by tabs.html
+ // don't call resize for IE - it sometimes crashes
+ if (navigator.appName == 'Netscape' &&
+ ((navMajorVersion() < 4) ||
+ (typeof(crypto.version) == "undefined"))) {
+ top.reloadTabs(-1);
+ }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+ this.name = name;
+ this.blackname = name.fontcolor('black');
+ this.whitename = name.fontcolor('white');
+ this.link = link;
+ this.menu = menu;
+ this.defaultIndex = defaultIndex;
+ this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+ top.tabs = new Array();
+
+ var name;
+ top.tabsCount=0;
+
+ name = 'Enrollment';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'enrollMenu.html',
+ top.EnrollMenu, 1);
+ if (http != 'true') {
+ name = 'Renewal';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'renewalMenu.html',
+ top.RenewalMenu, 0);
+ name = 'Revocation';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+ top.RevocationMenu, 0);
+ }
+
+ name = 'Retrieval';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+ top.RetrievalMenu, 0);
+
+ top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+ this.name = name;
+ this.link = link;
+ this.seldesc = desc.fontcolor('blue'); // text when selected
+ this.unseldesc = desc.fontcolor('black'); // text when unselected
+ this.desc = desc;
+}
+
+function initMenus()
+{
+ initEnrollMenu();
+ if (http != 'true') {
+ initRenewalMenu();
+ initRevocationMenu();
+ }
+ initRecoveryMenu();
+ initRetrievalMenu();
+}
+
+function initRenewalMenu()
+{
+ top.RenewalMenu = new Array();
+
+ var name = 'usercert';
+ top.RenewalMenu[0] = new menuItem(name, 'UserRenewal.html',
+ 'User Certificate');
+ //name = 'servercert';
+ //top.RenewalMenu[name] = new menuItem(name, 'ServerRenewal.html',
+ // 'Server Certificate');
+}
+
+function tableItem(name, items)
+{
+ this.name = name;
+ this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+ // handle the case when no auth manager is configured
+ if (typeof(authmanager) == 'undefined') {
+ return false;
+ }
+ for (var k=0; k<authmanager.length; k++) {
+ if (authmanager[k] == name) {
+ return true;
+ }
+ }
+ return false;
+}
+
+function initEnrollMenu()
+{
+ top.EnrollMenu = new Array();
+
+ var item;
+ var count=0;
+ menuItems = new Array();
+ // User enrollment stuff here
+
+ item = 'userenrolltitle';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, '', 'Browser');
+ count++;
+
+ // 'Manual' enrollment - does not pass through any
+ // authentication plugin, so requests must be approved
+ // manually by the agent
+
+ item = 'manuser';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ManUserEnroll.html', 'Manual');
+ count++;
+
+
+ // UidPwdDirAuth - authenticates against an LDAP directory
+ // with uid + pwd
+
+ if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+ item = 'diruser';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'DirUserEnroll.html',
+ 'Directory');
+ count++;
+ }
+
+ // UidPwdPinDirAuth - authenticates against an LDAP directory
+ // with uid + pwd + one-time pin
+ if ( isAuthMgrEnabled("UidPwdPinDirAuth") ) {
+ item = 'pinuser';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'DirPinUserEnroll.html',
+ 'Directory and Pin');
+ count++;
+ }
+
+ // NISAuth - authenticates against NIS
+ if ( isAuthMgrEnabled("NISAuth") ) {
+ item = 'nisuser';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'NISUserEnroll.html', 'NIS');
+
+ count++;
+ }
+
+ // Kerberos - authenticates against a Kerberos server
+ if ( isAuthMgrEnabled("KerberosAuth") ) {
+ item = 'kerberos';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'KerberosBasedAuthentication.html', 'Kerberos');
+ count++;
+ }
+
+ // PortalEnroll - allows a user to enroll if their uid
+ // does NOT already exist in the directory. I.e. they can
+ // create an account
+ if ( isAuthMgrEnabled("PortalEnroll") ) {
+ item = 'portaluser';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'PortalEnrollment.html', 'Portal');
+ count++;
+ }
+
+ if (subsystemname != 'ra') {
+ if (http != 'true') {
+ // this one is directory based cert-based
+ if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+ item = 'certBasedDualEnroll';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'CertBasedDualEnroll.html', 'Certificate');
+ count++;
+ }
+ }
+ }
+ else {
+ if (http != 'true') {
+ // this one is directory based cert-based
+ if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+ item = 'certBasedSingleEnroll';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate');
+ count++;
+ }
+ }
+
+// item = 'certBasedEncEnroll';
+// menuItems[count] = top.EnrollMenu[count] =
+// new menuItem(item, 'CertBasedEncryptionEnroll.html', 'Certificate');
+// count++;
+// item = 'certBasedSingleEnroll';
+// menuItems[count] = top.EnrollMenu[count] =
+// new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate');
+// count++;
+
+ }
+// Server Enrollment
+ item = 'serverenrolltitle';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, '', 'Server');
+ count++;
+
+ item = 'manserver';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ManServerEnroll.html', 'SSL Server');
+ count++;
+
+ // if we're talking to a Registration Manager, don't allow the user to enroll
+ // for a RM or CM certificate.
+ item = 'manra';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ManRAEnroll.html', 'Registration Manager');
+ count++;
+
+ if (subsystemname != 'ra') {
+ item = 'manca';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ManCAEnroll.html', 'Certificate Manager');
+ count++;
+ }
+
+ item = 'manocsp';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'OCSPResponder.html', 'OCSP Responder');
+ count++;
+
+ item = 'othertitle';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, '', 'Other');
+ count++;
+
+ item = 'manos';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ManObjSignEnroll.html', 'Object Signing (Browser)');
+ count++;
+
+ item = 'manospkcs';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'ObjSignPKCS10Enroll.html', 'Object Signing (PKCS10)');
+ count++;
+
+ item = 'mancmc';
+ menuItems[count] = top.EnrollMenu[count] =
+ new menuItem(item, 'CMCEnrollment.html', 'CMC Enrollment');
+ count++;
+
+}
+
+function initRevocationMenu()
+{
+ top.RevocationMenu = new Array();
+
+ var name='usercert';
+ top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+ 'User Certificate');
+ //name='servercert';
+ //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+ // 'Server Certificate');
+
+ name='othercert';
+ top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+ 'Certificate (challenge phrase-based)');
+ name='othercert';
+ top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html',
+ 'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+ top.RecoveryMenu = new Array();
+ var name;
+
+ name = 'keyRecovery';
+ top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+ 'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+ top.RetrievalMenu = new Array();
+ var name;
+ var count=0;
+
+ name = 'checkrequest';
+ top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+ 'Check Request Status');
+
+ if (subsystemname != 'ra') {
+ name = 'listcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+ 'List Certificates');
+ name = 'searchcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+ 'Search Certificates');
+ }
+ name = 'getcachain';
+ top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+ 'Import CA Certificate Chain');
+
+ if (subsystemname != 'ra') {
+ name = 'reviewcrl';
+ if (clacrlurl != '') {
+ top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+ 'Import Certificate Revocation List');
+ } else {
+ top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL',
+ 'Import Certificate Revocation List');
+ }
+ }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+ with (top.left.document) {
+ writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+ writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+ writeln('<tr>');
+ writeln('<td>');
+
+ var selbgcol = '#cccccc'; // cell's background col when selected
+ var unselbgcol = '#cccccc'; // "" "" unselected
+
+ for (var k=0; k<menu.length; k++) {
+ writeln('<tr>');
+
+ // We check if the link is empty. If it is, this means the
+ // menu item should be rendered as a 'title'. See the
+ // 'Browser' heading in initEnrollMenu as an example
+
+ if (menu[k].link != '') {
+
+ if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+ // Draw the current element in 'selected' state
+
+ writeln('<td bgcolor="'+selbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].seldesc+'</b></a></font>'
+ );
+ }
+ else {
+ // Draw the current element in 'unselected' state
+
+ writeln('<td bgcolor="'+unselbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].unseldesc+'</b></a></font>'
+ );
+
+ }
+
+ }
+ else { // nice headers go here (enrollment menu)
+ writeln('<td bgcolor=white>'+
+ '<font face="PrimaSans BT, Verdana, sans-serif"'+
+ 'color=black>'+
+ '<b>'+
+ menu[k].desc+'</b></font>');
+ }
+
+
+ writeln('</td>');
+ writeln('</tr>');
+ }
+
+ writeln('</table>');
+ writeln('</td>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+ }
+
+}
+
+function reloadMenu(item)
+{
+ var curMenu = top.tabs[top.tabsSelectedIndex];
+ curMenu.currentIndex = item;
+ top.cms_content.location = curMenu.menu[item].link;
+ loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+ var tab = top.tabs[top.tabsSelectedIndex];
+ tab.currentIndex = tab.defaultIndex;
+ top.cms_content.location = tab.menu[tab.currentIndex].link;
+ reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+ if (tabnum != -1) {
+ top.tabsSelectedIndex = tabnum;
+ }
+ top.reloadMenuAndContent();
+
+ if (navigator.appName != "Netscape") {
+ top.reloadMenu(top.tabs[tabnum].defaultIndex);
+ }
+
+ if ( navigator.appName == 'Netscape') {
+ top.tabsf.location.reload(false);
+ } else {
+ loadTabs();
+ }
+ if ( navigator.appName != 'Netscape') {
+ loadTabs();
+ }
+}
+
+
+
+function loadTabs()
+{
+ with (top.tabsf.document) {
+ writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+ writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">');
+ writeln('<tr><td>');
+ writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >');
+ writeln('<tr><td>');
+ writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">');
+ writeln('<tr>');
+ writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">&reg;</font>'+
+ '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>');
+ writeln('<td></td>');
+ if (subsystemname == 'ca') {
+ writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>');
+ }
+ else {
+ writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>');
+ }
+ writeln('</tr>');
+ writeln('</table>');
+ writeln('</td></tr>');
+ writeln('</table>');
+
+ writeln('<table border=0 cellspacing="0" cellpadding="0">');
+ writeln('<tr>');
+ writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>');
+
+ var index = top.tabsSelectedIndex;
+ for (var j=0; j < top.tabsCount; j++) {
+ if (j == index) {
+ writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#cccccc" nowrap>');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+ top.tabs[j].blackname+
+ '</b></font></td>');
+ writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+
+ '</td>');
+ }
+ else {
+ writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#999999" nowrap>'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a onclick=javascript:top.reloadTabs("'+
+ j+'"); href='+
+ top.tabs[j].link+' target="left"><b>'+
+ top.tabs[j].whitename+'</b></a></font></td>');
+ writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>');
+ }
+ }
+
+ writeln('</tr>');
+ writeln('</table></td></tr>');
+ writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+
+ }
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*">
+ <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+ <frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="enrollMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+ <frame src="ManUserEnroll.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+ </frameset>
+ <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html
new file mode 100644
index 000000000..9eabc2262
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+ if (http != 'true') {
+ top.loadMenu(top.tabs[3].menu);
+ } else {
+ top.loadMenu(top.tabs[1].menu);
+ }
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html
new file mode 100644
index 000000000..ec39a7a01
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+ if (http != 'true') {
+ top.loadMenu(top.tabs[3].menu);
+ } else {
+ top.loadMenu(top.tabs[1].menu);
+ }
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html
new file mode 100644
index 000000000..fa810e748
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[2].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html
new file mode 100644
index 000000000..478c193ad
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html
@@ -0,0 +1,393 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang="javascript" src="../cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+ // used by tabs.html
+ // don't call resize for IE - it sometimes crashes
+ if (navigator.appName == 'Netscape' &&
+ ((navMajorVersion() < 4) ||
+ (typeof(crypto.version) == "undefined"))) {
+ top.reloadTabs(-1);
+ }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+ this.name = name;
+ this.blackname = name.fontcolor('black');
+ this.whitename = name.fontcolor('white');
+ this.link = link;
+ this.menu = menu;
+ this.defaultIndex = defaultIndex;
+ this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+ top.tabs = new Array();
+
+ var name;
+ top.tabsCount=0;
+
+ name = 'Enrollment';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html',
+ top.ProfileMenu, 1);
+ if (http != 'true') {
+ name = 'Revocation';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+ top.RevocationMenu, 0);
+ }
+
+ name = 'Retrieval';
+ top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+ top.RetrievalMenu, 0);
+
+ top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+ this.name = name;
+ this.link = link;
+ this.seldesc = desc.fontcolor('blue'); // text when selected
+ this.unseldesc = desc.fontcolor('black'); // text when unselected
+ this.desc = desc;
+}
+
+function initMenus()
+{
+ initProfileMenu();
+ if (http != 'true') {
+ initRevocationMenu();
+ }
+ initRecoveryMenu();
+ initRetrievalMenu();
+}
+
+function initProfileMenu()
+{
+ top.ProfileMenu = new Array();
+
+ var name = 'profileList';
+ top.ProfileMenu[0] = new menuItem(name, 'profileList',
+ 'List Profiles');
+}
+
+function tableItem(name, items)
+{
+ this.name = name;
+ this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+ // handle the case when no auth manager is configured
+ if (typeof(authmanager) == 'undefined') {
+ return false;
+ }
+ for (var k=0; k<authmanager.length; k++) {
+ if (authmanager[k] == name) {
+ return true;
+ }
+ }
+ return false;
+}
+
+function initRevocationMenu()
+{
+ top.RevocationMenu = new Array();
+
+ var name='usercert';
+ top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+ 'User Certificate');
+ //name='servercert';
+ //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+ // 'Server Certificate');
+
+ name='othercert';
+ top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+ 'Certificate (challenge phrase-based)');
+ name='othercert';
+ top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html',
+ 'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+ top.RecoveryMenu = new Array();
+ var name;
+
+ name = 'keyRecovery';
+ top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+ 'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+ top.RetrievalMenu = new Array();
+ var name;
+ var count=0;
+
+ name = 'checkrequest';
+ top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+ 'Check Request Status');
+
+ if (subsystemname != 'ra') {
+ name = 'listcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+ 'List Certificates');
+ name = 'searchcerts';
+ top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+ 'Search Certificates');
+ }
+ name = 'getcachain';
+ top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+ 'Import CA Certificate Chain');
+
+ if (subsystemname != 'ra') {
+ name = 'reviewcrl';
+ if (clacrlurl != '') {
+ top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+ 'Import Certificate Revocation List');
+ } else {
+ top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL',
+ 'Import Certificate Revocation List');
+ }
+ }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+ with (top.left.document) {
+ writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+ writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+ writeln('<tr>');
+ writeln('<td>');
+
+ var selbgcol = '#cccccc'; // cell's background col when selected
+ var unselbgcol = '#cccccc'; // "" "" unselected
+
+ for (var k=0; k<menu.length; k++) {
+ writeln('<tr>');
+
+ // We check if the link is empty. If it is, this means the
+ // menu item should be rendered as a 'title'. See the
+ // 'Browser' heading in initEnrollMenu as an example
+
+ if (menu[k].link != '') {
+
+ if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+ // Draw the current element in 'selected' state
+
+ writeln('<td bgcolor="'+selbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].seldesc+'</b></a></font>'
+ );
+ }
+ else {
+ // Draw the current element in 'unselected' state
+
+ writeln('<td bgcolor="'+unselbgcol+'">');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<b>'+
+ '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+ menu[k].link+
+ ' target="cms_content" >'+
+ menu[k].unseldesc+'</b></a></font>'
+ );
+
+ }
+
+ }
+ else { // nice headers go here (enrollment menu)
+ writeln('<td bgcolor=white>'+
+ '<font face="PrimaSans BT, Verdana, sans-serif"'+
+ 'color=black>'+
+ '<b>'+
+ menu[k].desc+'</b></font>');
+ }
+
+
+ writeln('</td>');
+ writeln('</tr>');
+ }
+
+ writeln('</table>');
+ writeln('</td>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+ }
+
+}
+
+function reloadMenu(item)
+{
+ var curMenu = top.tabs[top.tabsSelectedIndex];
+ curMenu.currentIndex = item;
+ top.cms_content.location = curMenu.menu[item].link;
+ loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+ var tab = top.tabs[top.tabsSelectedIndex];
+ tab.currentIndex = 0;
+ top.cms_content.location = tab.menu[tab.currentIndex].link;
+ reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+ if (tabnum != -1) {
+ top.tabsSelectedIndex = tabnum;
+ }
+ top.reloadMenuAndContent();
+
+ if (navigator.appName != "Netscape") {
+ top.reloadMenu(top.tabs[tabnum].defaultIndex);
+ }
+
+ if ( navigator.appName == 'Netscape') {
+ top.tabsf.location.reload(false);
+ } else {
+ loadTabs();
+ }
+ if ( navigator.appName != 'Netscape') {
+ loadTabs();
+ }
+}
+
+
+
+function loadTabs()
+{
+ with (top.tabsf.document) {
+ writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+ writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">');
+ writeln('<tr><td>');
+ writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >');
+ writeln('<tr><td>');
+ writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">');
+ writeln('<tr>');
+ writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">&reg;</font>'+
+ '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>');
+ writeln('<td></td>');
+ if (subsystemname == 'ca') {
+ writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>');
+ }
+ else {
+ writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>');
+ }
+ writeln('</tr>');
+ writeln('</table>');
+ writeln('</td></tr>');
+ writeln('</table>');
+
+ writeln('<table border=0 cellspacing="0" cellpadding="0">');
+ writeln('<tr>');
+ writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>');
+
+ var index = top.tabsSelectedIndex;
+ for (var j=0; j < top.tabsCount; j++) {
+ if (j == index) {
+ writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#cccccc" nowrap>');
+ writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+ top.tabs[j].blackname+
+ '</b></font></td>');
+ writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+
+ '</td>');
+ }
+ else {
+ writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>');
+ writeln('<td bgcolor="#999999" nowrap>'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a onclick=javascript:top.reloadTabs("'+
+ j+'"); href='+
+ top.tabs[j].link+' target="left"><b>'+
+ top.tabs[j].whitename+'</b></a></font></td>');
+ writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>');
+ }
+ }
+
+ writeln('</tr>');
+ writeln('</table></td></tr>');
+ writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+ writeln('</tr>');
+ writeln('</table>');
+ close();
+
+ }
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*">
+ <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+ <frameset cols="140,1*" border="0" frameborder="NO">
+ <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+ <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+ </frameset>
+ <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html
new file mode 100644
index 000000000..8f19d91b4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+ top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html
new file mode 100644
index 000000000..faafe343e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+ if (http != 'true') {
+ top.loadMenu(top.tabs[2].menu);
+ } else {
+ top.loadMenu(top.tabs[1].menu);
+ }
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html
new file mode 100644
index 000000000..21f5f4397
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileMenu.html
new file mode 100644
index 000000000..b621c230e
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/profileMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+ top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html b/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html
new file mode 100644
index 000000000..557a1cf17
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>List Certificates Within a Serial Number Range</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+
+<script LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+ var canonicalFrom = "", canonicalTo = "";
+
+ if ( form.serialFrom.value!= "") {
+ canonicalFrom =
+ trim(form.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isHexNumber(canonicalFrom)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return;
+ }
+ form.serialFrom.value = canonicalFrom;
+ }
+
+ if ( form.serialTo.value!= "") {
+ canonicalTo =
+ trim(form.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isHexNumber(canonicalTo)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return;
+ }
+ form.serialTo.value = canonicalTo;
+ }
+
+ /* Can't do this using parseInt*/
+ /*
+ if (form.serialFrom.value != "" && form.serialTo.value != "" ) {
+ if (parseInt(form.serialFrom.value) > parseInt(form.serialTo.value)) {
+ alert("The low end of the range is larger than the high end.");
+ return;
+ }
+ }
+ */
+
+ if (!form.skipRevoked.checked && !form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(certStatus=*)";
+ } else if (form.skipRevoked.checked && form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(certStatus=VALID)";
+ } else if (form.skipRevoked.checked) {
+ form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+ } else if (form.skipNonValid.checked) {
+ form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
+ }
+
+ if (form.serialFrom.value == "") {
+ form.querySentinelDown.value = "0";
+ } else {
+ form.querySentinelDown.value = form.serialFrom.value;
+ form.querySentinelUp.value = form.serialFrom.value;
+ form.direction.value = "down";
+ }
+
+ form.op.value = "listCerts";
+ form.submit();
+}
+//-->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">List Certificates</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to list certificates whose serial numbers fall within a
+specified range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<form ACTION="listCerts" METHOD=POST>
+ <input TYPE="HIDDEN" NAME="op" VALUE="">
+ <input TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of serial numbers in hexadecimal form (starting with 0x, as in the certificate list) or in decimal form.
+
+<p>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+ <tr>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Lowest serial number</font>
+ </td>
+ <td><input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ (leave blank for no lower limit)</font>
+ </td>
+ </tr>
+ <tr>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ Highest serial number</font></font></td>
+ <td><input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+ <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+ (leave blank for no upper limit)</font>
+ </td>
+ </tr>
+</table>
+
+<p>
+<input TYPE="CHECKBOX" NAME="skipRevoked">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have been revoked
+</font>
+<br>
+<input TYPE="CHECKBOX" CHECKED NAME="skipNonValid">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have expired or are not yet valid</font>
+<br>&nbsp;
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+<INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
+<INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
+ <INPUT TYPE="hidden" NAME="direction" VALUE="begin">
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=10 MAXLENGTH=99 VALUE="20">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+</form>
+</body>
+</html>
+
+
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/queryCert.html b/base/ca/shared/webapps/ca/ee/ca/queryCert.html
new file mode 100644
index 000000000..32e2ac644
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/queryCert.html
@@ -0,0 +1,1518 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Search for Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search. Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list) or in decimal form.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isHexNumber(canonicalFrom)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isHexNumber(canonicalTo)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Email address:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Common name:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization unit:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Locality:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+State:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Country:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">
+Exact
+</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">
+Partial
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function subjectCritInUse()
+{
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=9>Privilege withdrawn
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function revokedByCritInUse()
+{
+ return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+ if (document.revokedByCritForm.revokedBy.value.length == 0) {
+ alert("User id in 'revoked by' filter is empty");
+ return null;
+ }
+ return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+ return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.revokedOnFrom)) {
+ from = convertDate(document.revokedOnFrom,
+ "Start date for revocation time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certRevokedOn>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.revokedOnTo)) {
+ to = convertDate(document.revokedOnTo,
+ "End date for revocation time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certRevokedOn<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for revocation time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Revocation time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+ return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+ var crit = new Array();
+ var sum = null;
+ var next = 0;
+
+ for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+ if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ crit[next++] = "(x509cert.certRevoInfo="+i+")";
+ }
+ }
+ sum = nsjoin(crit,"");
+ if (next > 1) {
+ sum = "(|" + sum + ")"
+ } else if (next < 1) {
+ alert("You must select at least one revocation reason.");
+ return null;
+ }
+ return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="issuedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function issuedByCritInUse()
+{
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Issue time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:
+</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotBeforeCritInUse()
+{
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Validity beginning time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period: </font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotAfterCritInUse()
+{
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a
+validity period:
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validityLengthCritInUse()
+{
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+ if(!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function certTypeCritInUse()
+{
+ return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+ var result = '';
+ var count = 0;
+
+ for (var i = 1; i < document.certTypeCritForm.length; i++) {
+ var sel = document.certTypeCritForm[i].selectedIndex;
+ if (sel > 0) {
+ count++;
+ result += '(x509cert.nsExtension.' +
+ document.certTypeCritForm[i].name + '='+
+ document.certTypeCritForm[i].options[sel].value + ')';
+ }
+ }
+ if (count == 0) {
+ alert("At least one of the certificate types must be selected");
+ return null;
+ }
+
+ return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ andFilter[critCount++] = "(certRecordId=*)";
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+
+ if (revokedOnCritInUse()) {
+ if ((andFilter[critCount++] = revokedOnCrit()) == null)
+ return;
+ }
+ if (revokedByCritInUse()) {
+ if ((andFilter[critCount++] = revokedByCrit()) == null)
+ return;
+ }
+ if (revocationReasonCritInUse()) {
+ if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+ if (certTypeCritInUse()) {
+ if ((andFilter[critCount++] = certTypeCrit()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+
+ form.op.value = "listCerts";
+
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="/listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+ <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/queryCert.template b/base/ca/shared/webapps/ca/ee/ca/queryCert.template
new file mode 100644
index 000000000..1165cb309
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/queryCert.template
@@ -0,0 +1,499 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+ position: absolute;
+ left: 300px;
+ top: 50px;
+ width: 400px;
+ padding: 3px;
+ border: solid;
+ border-width: 2px;
+ background: white;
+ display: none;
+ margin: 5px;
+}
+
+
+table#t td {
+ font-size: 0.8em;
+ padding: 0px;
+ margin: 0px;
+}
+
+.r {
+ visibility: visible;
+ background-color: pink;
+}
+
+
+.h {
+ background-color: #eeeeee;
+ font-color: #606060;
+ font-weight: bold;
+}
+
+</STYLE>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+
+ renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+ if (oid == "1.2.840.113549.1.1.1")
+ return "PKCS #1 RSA";
+ else if (oid == "1.2.840.113549.1.1.4")
+ return "PKCS #1 MD5 With RSA";
+ else if (oid == "1.2.840.10040.4.1")
+ return "DSA";
+ else
+ return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+ (dateTmp.getHours()<10?" ;":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+"ACTION="+ "/ca/ee/ca/displayBySerial" +">"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumber+");' "+
+"ACTION='"+ "/ee/reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+
+function getRevocationReason(revocationReason)
+{
+ var reasons = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superceded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Unspecified", // value 7 is not used
+ "Remove from CRL",
+ "Privilege withdrawn",
+ "AA key compromise");
+ if (revocationReason < 0 || revocationReason >= reasons.length)
+ revocationReason = 0;
+ return reasons[revocationReason];
+}
+
+function isRevoked(index)
+{
+ return (recordSet[index].revokedOn != null);
+}
+
+
+
+
+function setNode(table,desc,content,style)
+{
+ var row = table.insertRow(-1);
+ if (style) {
+ row.className = style;
+ }
+ var cell1 = row.insertCell(-1);
+ var desc_text = document.createTextNode(desc);
+ cell1.appendChild(desc_text);
+ var cell2 = row.insertCell(-1);
+ var content_text = document.createTextNode(content);
+ cell2.appendChild(content_text);
+}
+
+
+
+function mouseover(element,event)
+{
+ var x = event.clientX;
+ var y = event.clientY;
+
+ var index= element.getAttribute("index");
+ if (index == null) { return false; }
+ var cert = recordSet[index];
+
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+ var v;
+ var e = document.getElementById("certMetaDatadiv");
+
+ var t = document.getElementById("t");
+
+ // delete all the rows in the table
+ var i=0;
+ while (i < t.rows.length) {
+ t.deleteRow(0);
+ }
+
+ setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+ setNode(t,"Version:", cert.version+1);
+ setNode(t,"Certificate Type:",cert.type);
+ setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+ " with "+ cert.subjectPublicKeyLength+"-bit key");
+ setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+ setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+ setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+ setNode(t,"Issued By:", cert.issuedBy);
+
+ if (isRevoked(index)) {
+ setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+ setNode(t,"Revoked by:", cert.revokedBy, "r");
+ setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+ assumedheight = 210;
+ } else {
+ assumedheight = 180;
+ }
+
+ e.style.left = x+30 + 'px'; // x-offset of floating div
+
+ var offset = 20; // extra y-offset of floating div
+ var bottom = y + offset + assumedheight;
+ if (bottom > window.innerHeight) {
+ offset = 0 - (2*offset) - assumedheight;
+ }
+
+ e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+ // unhide the window
+ e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+// window.setTimeout("hide",1);
+ var index= element.getAttribute("index");
+ if (recordSet[index].revokedOn != null) {
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+ } else {
+// element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+ }
+ hide();
+}
+
+function hide()
+{
+ document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+
+// overflow: hidden; white-space: nowrap
+
+function displayCertificateRecord(i, cert)
+{
+ document.write(
+// "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+
+ "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+ "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+
+ "<td width=16%>"+
+ (cert.revokedOn != null ?"revoked":"valid")+
+ "</td>\n"+
+ "<td style='overflow: hidden; white-space: nowrap;'>"+
+ " <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ " <div style='overflow: hidden; white-space: nowrap;'>"+
+ " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+
+ cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+ "onmouseout='mouseout(this);'>"+
+ addEscapes(cert.subject)+"</a></div></font>"+
+ "</td>"+
+ "</tr>\n"
+
+ );
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+ );
+} else {
+
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer:<br> " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+ );
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+ displayNextForm();
+
+ document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%>&nbsp;</td><td width=16%>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor='#e5e5e5' style='font-weight: bold'>"+
+"<td>\n"+
+ "<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ "Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td>"+
+"</tr>\n");
+
+
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayCertificateRecord(i, result.recordSet[i]);
+ }
+document.write("</table>\n");
+
+ if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+ (result.header.querySentinelDown != null)) {
+ document.write("<br>&nbsp;\n" +
+ "<table border='0' cellspacing='0' cellpadding='0' background='/pki/images/hr.gif' width='100%'>\n"+
+ "<tr><td>&nbsp;</td></tr></table>\n");
+ }
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+
+ if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+ displayRevokeAllForm(result.header.totalRecordCount);
+ document.write("</td><td>\n");
+ }
+
+// if (result.header.querySentinel != null) {
+ displayNextForm();
+// }
+
+ document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+ return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+function doNext(element)
+{
+ var form = element.form;
+// form.action = "/"+result.header.op;
+ form.action = "/ca/ee/ca/listCerts";
+ form.op.value = result.header.op;
+
+ form.direction.value= "down";
+
+ if (element.name == "begin") {
+ form.querySentinelDown.value = 0;
+ form.direction.value = "begin";
+ } else if (element.name == "end") {
+ form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
+ form.direction.value = "end";
+ } else if (element.name == "down") {
+ form.querySentinelDown.value = result.header.querySentinelDown;
+ form.querySentinelUp.value = result.header.querySentinelUp;
+ form.direction.value = "down";
+ } else if (element.name == "up") {
+ form.querySentinelUp.value = result.header.querySentinelUp;
+ form.querySentinelDown.value = result.header.querySentinelDown;
+ form.direction.value = "up";
+ }
+
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ if (result.header.revokeAll != null) {
+ form.revokeAll.value = result.header.revokeAll;
+ }
+ if (result.header.queryFilterHash != null) {
+ form.queryFilterHash.value = result.header.queryFilterHash;
+ }
+
+ form.submit();
+}
+
+function displayNextForm()
+{
+ document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+ document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+ document.write(renderHidden("queryFilterHash"));
+}
+
+var disabledDown = ((result.header.querySentinelDown == null) ||
+ (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
+var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME=up onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
+result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
+result.header.querySentinelUp+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=hidden NAME=direction VALUE='"+
+result.header.direction+ "'>\n"+
+"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+
+"<button "+disabledDown+" NAME=down onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME=end onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+
+function doRevokeAll(form)
+{
+// form.action = result.header.serviceURL;
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ form.revokeAll.value = result.header.queryCertFilter;
+ form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+// document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+ document.write("<FORM NAME ='revokeAllForm' "+
+ "METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+ "ACTION='"+ "/reasonToRevoke" +"'>\n"+
+ "<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+ "<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+ "<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+ "<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+ "</FORM>\n");
+// "</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template
new file mode 100644
index 000000000..7edfe7e29
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template
@@ -0,0 +1,480 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function validate()
+{
+ var caCert = -1;
+ var filter = "(|";
+ var n = 0;
+
+ if (document.forms[0].invalidityEnabled.checked) {
+ var d = convertDate(document.forms[0], "Invalidity Date");
+ if (d == null) return false;
+ document.forms[0].invalidityDate.value = d;
+ }
+
+ for (var i = 0; i < result.recordSet.length; ++i ) {
+ if (result.recordSet[i].serialNumber != null) {
+ for (var j = 0; j < document.forms[0].length; j++) {
+ if (result.recordSet[i].serialNumber ==
+ document.forms[0].elements[j].name) {
+ if (document.forms[0].elements[j].checked) {
+ n++;
+ filter += "(certRecordId="+
+ result.recordSet[i].serialNumberDecimal+")";
+ if (result.header.caSerialNumber != null &&
+ result.recordSet[i].serialNumber ==
+ result.header.caSerialNumber) {
+ caCert = result.header.caSerialNumber;
+ }
+ }
+ break;
+ }
+ }
+ }
+ }
+ if (n > 0) {
+ filter += ")";
+ document.forms[0].revokeAll.value = filter;
+ } else {
+ alert("No certificate has been selected.");
+ return false;
+ }
+
+ if (caCert > -1) {
+ return confirm("WARNING!!!\n"+
+ "You are about to do an irreversible operation.\n"+
+ "Certificate #"+toHex(caCert)+
+ " belongs to your Certificate Authority.\n"+
+ "Do you really want to revoke this certificate?");
+ }
+ return true;
+}
+
+function clickedOnInvalidityEnabled()
+{
+ if (document.forms[0].invalidityEnabled.checked) {
+ var date = new Date();
+ if (document.forms[0].day.options[document.forms[0].day.selectedIndex].value == 0) {
+ document.forms[0].day.selectedIndex = date.getDate();
+ }
+ if (document.forms[0].month.options[document.forms[0].month.selectedIndex].value == 13) {
+ document.forms[0].month.selectedIndex = date.getMonth() +1;
+ }
+ if (document.forms[0].year.options[document.forms[0].year.selectedIndex].value == 0) {
+ for (var i = 0; i < document.forms[0].year.options.length; i++) {
+ if (document.forms[0].year.options[i].value == date.getFullYear()) {
+ document.forms[0].year.selectedIndex = i;
+ }
+ }
+ }
+ }
+}
+
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + '0' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + '0' + number;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+
+function renderCell(cellData)
+{
+ return ("<td><font size=\"-2\" face=\"PrimaSans BT, Verdana, sans-serif\">"+
+ cellData+ "</font></td>\n");
+}
+
+function renderRow(cell1, cell2)
+{
+ var twoCells = renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + twoCells + "</tr>\n");
+}
+
+function renderRowWithCheckbox(serialNumber, cell1, cell2)
+{
+ var allCells = "<td rowspan=4><input TYPE=\"CHECKBOX\" checked NAME=" +
+ serialNumber + "></td>\n" +
+ renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function renderRowWithoutCheckbox(cell1, cell2)
+{
+ var allCells = "<td rowspan=4>&nbsp;</td>\n" +
+ renderCell(cell1) + renderCell(cell2);
+ return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ return outStr;
+}
+
+function displayCertInfo()
+{
+ document.write("<table border=\"0\" cellspacing=\"2\">");
+ for (var i = 0; i < result.recordSet.length; ++i ) {
+ if (result.recordSet[i].serialNumber != null) {
+ if (result.header.caSerialNumber != null &&
+ result.recordSet[i].serialNumber ==
+ result.header.caSerialNumber) {
+ document.write(renderRowWithoutCheckbox("Serial Number: ",
+ toHex(result.recordSet[i].serialNumber)));
+ } else {
+ document.write(renderRowWithCheckbox(
+ result.recordSet[i].serialNumber,
+ "Serial Number: ",
+ toHex(result.recordSet[i].serialNumber)));
+ }
+ }
+ if (result.recordSet[i].subject != null) {
+ document.write(renderRow("Subject Name:",
+ addSpaces(result.recordSet[i].subject)));
+ }
+ if ((result.recordSet[i].validNotBefore != null) &&
+ (result.recordSet[i].validNotAfter != null)) {
+ validity = 'not before: '+
+ renderDateFromSecs(result.recordSet[i].validNotBefore) +
+ '&nbsp;&nbsp;and not after: ' +
+ renderDateFromSecs(result.recordSet[i].validNotAfter);
+ document.write(renderRow("Valid:", validity));
+ }
+ document.write(renderRow(" ", " "));
+ }
+ document.write("</table>");
+}
+
+function renderReason()
+{
+ var reason = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superceded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Unspecified", // value 7 is not used
+ "Remove from CRL",
+ "Privilege withdrawn",
+ "AA key compromise");
+ var activeChoice = new Array(1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0);
+ document.write("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");
+ for (var i = 0; i < reason.length; i++) {
+ if (activeChoice[i] > 0) {
+ document.write("<tr><td width=\"1%\">\n");
+ document.write("<input type=\"RADIO\"");
+ if ((result.header.reason != null && result.header.reason == i) ||
+ (i == 0 && result.header.reason == null)) {
+ document.write(" checked");
+ }
+ document.write(" name=\"revocationReason\" value=\""+i+"\">\n");
+ document.write("</td><td width=\"99%\">\n");
+ document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+ document.write(reason[i]+"</font></td></tr>\n");
+ }
+ }
+ document.write("</table>\n");
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to confirm certificate revocation by selecting appropriate
+revocation reason and submitting the form.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+ request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+ </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+
+<form method="post" action="/ca/ee/ca/doRevoke" onSubmit="return validate()">
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (result.recordSet.length == 0) {
+ document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+ "No Matching Certificates Found</font><br><br>\n");
+} else {
+ displayCertInfo();
+}
+//-->
+</SCRIPT>
+<br>
+
+ <table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td valign="TOP" colspan="2">
+ <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select Invalidity Date</font></b><br>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Please select the date on which it is known or suspected that the private key
+ was compromised or that the certificate otherwise became invalid.</font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <INPUT TYPE="CHECKBOX" NAME="invalidityEnabled" onClick="clickedOnInvalidityEnabled();">
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Invalidity date:&nbsp;
+ <SELECT NAME="day">
+ <OPTION VALUE=0>
+ <OPTION VALUE=1>1
+ <OPTION VALUE=2>2
+ <OPTION VALUE=3>3
+ <OPTION VALUE=4>4
+ <OPTION VALUE=5>5
+ <OPTION VALUE=6>6
+ <OPTION VALUE=7>7
+ <OPTION VALUE=8>8
+ <OPTION VALUE=9>9
+ <OPTION VALUE=10>10
+ <OPTION VALUE=11>11
+ <OPTION VALUE=12>12
+ <OPTION VALUE=13>13
+ <OPTION VALUE=14>14
+ <OPTION VALUE=15>15
+ <OPTION VALUE=16>16
+ <OPTION VALUE=17>17
+ <OPTION VALUE=18>18
+ <OPTION VALUE=19>19
+ <OPTION VALUE=20>20
+ <OPTION VALUE=21>21
+ <OPTION VALUE=22>22
+ <OPTION VALUE=23>23
+ <OPTION VALUE=24>24
+ <OPTION VALUE=25>25
+ <OPTION VALUE=26>26
+ <OPTION VALUE=27>27
+ <OPTION VALUE=28>28
+ <OPTION VALUE=29>29
+ <OPTION VALUE=30>30
+ <OPTION VALUE=31>31
+ </SELECT>
+ <SELECT NAME="month">
+ <OPTION VALUE=13>
+ <OPTION VALUE=0>January
+ <OPTION VALUE=1>February
+ <OPTION VALUE=2>March
+ <OPTION VALUE=3>April
+ <OPTION VALUE=4>May
+ <OPTION VALUE=5>June
+ <OPTION VALUE=6>July
+ <OPTION VALUE=7>August
+ <OPTION VALUE=8>September
+ <OPTION VALUE=9>October
+ <OPTION VALUE=10>November
+ <OPTION VALUE=11>December
+ </SELECT>
+ <SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 2);
+//-->
+</SCRIPT>
+ </SELECT>
+ <br>&nbsp;
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td valign="TOP" colspan="2">
+ <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Select Revocation Reason</font></b><br>
+ <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+ Please select reason for revocation.</font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+ renderReason();
+//-->
+</SCRIPT>
+<br>
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>Additional Comments</b><br>
+ If you want to include any additional comments in your revocation request, write them here.
+ </font>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+ </td>
+ </tr>
+ </table>
+ <br>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+//var caCert = isOnTheListToBeRevoked(result.header.caSerialNumber);
+var caCert = -1;
+if (caCert > -1) {
+ document.write("<font size=\"-1\" color=\"red\" "+
+ "face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+ "<b>WARNING!!!</b><br>"+
+ "You are about to do an irreversible operation.<br>"+
+ "Certificate #"+toHex(caCert)+
+ " belongs to your Certificate Authority.<br>"+
+ "Do you really want to revoke this certificate?"+
+ "</font><br>&nbsp;<br>&nbsp;\n");
+}
+
+function isOnTheListToBeRevoked(serialNumber)
+{
+ if (result.recordSet.length > 0 && serialNumber != null) {
+ for (var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].serialNumber != null) {
+ if (result.recordSet[i].serialNumber == serialNumber) {
+ return serialNumber;
+ }
+ }
+ }
+ }
+ return (-1);
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!!! You are about to do an irreversible operation.\n"+
+ "Certificate # "+toHex(serialNumber)+
+ " belongs to your Certificate Authority."+
+ "Do you really want to revoke this certificate ?");
+}
+//-->
+</SCRIPT>
+
+ <table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <input type="submit" value="Submit" name="submit" width="72">&nbsp;&nbsp;
+ <input type="hidden" name="op" value="doRevoke">
+ <input type="hidden" name="templateType" value="RevocationSuccess">
+ <input type="reset" value="Reset" name="reset" width="72">&nbsp;&nbsp;
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+ document.writeln("<INPUT TYPE=hidden name=serialNumber value=\"" +
+ result.header.serialNumber +"\">");
+ document.writeln("<INPUT TYPE=hidden name=revokeAll value=\"" +
+ result.header.revokeAll +"\">");
+ document.writeln("<INPUT TYPE=hidden name=totalRecordCount value=\"" +
+ result.header.totalRecordCount +"\">");
+ document.writeln("<INPUT TYPE=hidden name=verifiedRecordCount value=\"" +
+ result.header.verifiedRecordCount +"\">");
+ document.writeln("<INPUT TYPE=hidden name=invalidityDate value=\"0\">");
+ if (result.header.request != null) {
+ document.writeln("<INPUT TYPE=hidden name=requestId value=\"" +
+ result.header.request +"\">");
+ }
+ if (result.header.b64eCertificate != null) {
+ document.writeln("<INPUT TYPE=hidden name=b64eCertificate value=\"" +
+ result.header.b64eCertificate +"\">");
+ }
+ if (typeof(result.header.nonce) != "undefined") {
+ document.writeln("<INPUT TYPE=hidden name=nonce value=\"" +
+ result.header.nonce +"\">");
+ }
+//-->
+</SCRIPT>
+ </td>
+ </tr>
+ </table>
+ </form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html b/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html
new file mode 100644
index 000000000..c463d2d3d
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Recovery Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[3].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template b/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template
new file mode 100644
index 000000000..f66f683cf
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title></title>
+ <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Delegated Administrator
+</font>
+<br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory Enrollment Setup.
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.error != null) {
+ document.writeln('Error: '+result.header.error);
+} else {
+ if (result.header.op != null) {
+ if (result.header.op == "add") {
+ document.write('New');
+ if (result.header.instance != null)
+ document.write(' <b>'+result.header.instance+'</b>');
+ document.write(' instance of the');
+ if (result.header.plugin != null)
+ document.write(' <b>'+result.header.plugin+'</b>');
+ else
+ document.write(' directory enrollment');
+ document.writeln(' plugin has been added.');
+ } else if (result.header.op == "delete") {
+ document.write('Instance');
+ if (result.header.instance != null)
+ document.write(' <b>'+result.header.instance+'</b>');
+ document.writeln(' of the directory enrollment plugin has been deleted.');
+ } else {
+ document.writeln('Unknown operation');
+ }
+ }
+}
+</SCRIPT>
+
+</font>
+
+</BODY>
+</HTML>
+
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html b/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html
new file mode 100644
index 000000000..ca2956b33
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Renewal Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/requestStatus.template b/base/ca/shared/webapps/ca/ee/ca/requestStatus.template
new file mode 100644
index 000000000..a25f5e2ad
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/requestStatus.template
@@ -0,0 +1,221 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Request Status</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Request Status
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left"><td width="20%"></td><td width="80%"></td></tr>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+"&nbsp;"+
+ (dateTmp.getHours()<10?"&nbsp;":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderPkcs7(pkcs7)
+{
+ var len = pkcs7.length;
+ var str = "";
+ for (var i = 0; i < len; i=i+64){
+ if (i+64 < len)
+ str = str + pkcs7.substring(i,i+64) +"\n";
+ else
+ str = str + pkcs7.substring(i,len) ;
+ }
+ return str;
+}
+
+if (result.header.requestId != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Request:</font></td>');
+ document.writeln('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a href="checkRequest?requestId='+
+ result.header.requestId+'"'+
+ 'onMouseOver=" return helpstatus(\'Click to redisplay this '+
+ 'request \')" onMouseOut="return helpstatus(\'\')">'+
+ result.header.requestId + '</a></font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Submitted on:</font></td>');
+ document.writeln('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ renderDateFromSecs(result.header.createdOn) +
+ '</font></td></tr>');
+
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+ 'Status:</b></font></td>');
+ document.writeln('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+ result.header.status + '</b></font></td></tr>');
+
+ if (result.header.requestNotes != null) {
+ document.writeln('<tr><td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Additional Notes:</font></td>');
+ document.writeln('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ result.header.requestNotes+'</font></td></tr>');
+ }
+ if (result.recordSet != null && result.recordSet.length > 0) {
+ document.writeln('<tr>');
+ if (result.recordSet.length > 1) {
+ document.writeln('<td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Issued certificates:</font></td>');
+ } else {
+ document.writeln('<td valign="top" align="right">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ 'Issued certificate:</font></td>');
+ }
+
+ if (result.header.authority != null && (result.header.authority == 'ra' ||
+ result.recordSet.length > 1)) {
+ document.write('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a href="displayCertFromRequest?requestId='+
+ result.header.requestId + '"' +
+ ' onMouseOver=" return helpstatus(\'Click to display this '+
+ 'certificate \')" onMouseOut="return helpstatus(\'\')">');
+ for (var i = 0; i < result.recordSet.length; i++) {
+ document.write(renderHexNumber(result.recordSet[i].serialNumber,8));
+ if (i+1 < result.recordSet.length) {
+ document.write(' \& ');
+ }
+ }
+ document.writeln('</a></font></td>');
+ } else if (result.header.authority != null && result.header.authority == 'ca') {
+ if (result.recordSet[0].serialNumber != null) {
+ document.writeln('<td valign="top">'+
+ '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+ '<a href="displayBySerial?serialNumber='+
+ '0x'+result.recordSet[0].serialNumber + '"' +
+ ' onMouseOver=" return helpstatus(\'Click to display this '+
+ 'certificate \')" onMouseOut="return helpstatus(\'\')">' +
+ renderHexNumber(result.recordSet[0].serialNumber,8)+'</a>'+
+ '</font></td>');
+ } else {
+ document.writeln('<td valign="top" ></td>');
+ }
+ }
+
+ document.writeln('</tr>');
+ }
+}
+//-->
+</SCRIPT>
+</table>
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.pkcs7ChainBase64 != null) {
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr>');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<p>');
+document.writeln('Certificate with CA certificate chain in pkcs7 format:');
+document.writeln('</font>');
+document.writeln('<p><pre>');
+document.writeln('-----BEGIN CERTIFICATE-----');
+document.writeln(renderPkcs7(result.header.pkcs7ChainBase64));
+document.writeln('-----END CERTIFICATE-----');
+document.writeln('</pre>');
+document.writeln('</tr>');
+document.writeln('</table>');
+}
+
+if (result.header.cmcFullEnrollmentResponse != null) {
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr>');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<p>');
+document.writeln('Certificate embedded in CMC full enrollment response:');
+document.writeln('</font>');
+document.writeln('<p><pre>');
+document.writeln('-----BEGIN CERTIFICATE-----');
+document.writeln(result.header.cmcFullEnrollmentResponse);
+document.writeln('-----END CERTIFICATE-----');
+document.writeln('</pre>');
+document.writeln('</tr>');
+document.writeln('</table>');
+}
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html
new file mode 100644
index 000000000..c7d8d13c8
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+ if (http != 'true') {
+ top.loadMenu(top.tabs[2].menu);
+ } else {
+ top.loadMenu(top.tabs[1].menu);
+ }
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html
new file mode 100644
index 000000000..1b1d19a60
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/base/ca/shared/webapps/ca/ee/ca/revocationResult.template b/base/ca/shared/webapps/ca/ee/ca/revocationResult.template
new file mode 100644
index 000000000..ddcc66198
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/revocationResult.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + number;
+}
+
+if (result.header.revoked == 'yes') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate Revocation Has Been Completed</font><br><br>');
+ if (result.recordSet.length == 0 && result.header.totalRecordCount > 0) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('All requested certificates were already revoked.');
+ document.writeln('</font><br>');
+ } else if (result.recordSet.length == 1) {
+ if (result.recordSet[0].error == null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate with serial number <b>' +
+ toHex(result.recordSet[0].serialNumber) +
+ '</b> has been revoked.');
+ document.writeln('</font><br>');
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ } else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ } else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('</font><br>');
+/*
+ if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.certsUpdated > 0) {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+ document.writeln('</font><br>');
+ }
+*/
+ } else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate with serial number <b>' +
+ toHex(result.recordSet[0].serialNumber) +
+ '</b> is not revoked.<br><br>');
+ document.writeln('Additional Information:');
+ document.writeln('</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.recordSet[0].error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+ } else if (result.recordSet.length > 1) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.write('The following certificates were processed to complete revocation request:');
+ document.writeln('</font>');
+
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ var revokedCerts = 0;
+ for(var i = 0; i < result.recordSet.length; i++) {
+ if (result.recordSet[i].error == null) {
+ revokedCerts++;
+ document.writeln(toHex(result.recordSet[i].serialNumber) + ' - revoked<BR>\n');
+ } else {
+ document.write(toHex(result.recordSet[i].serialNumber) + ' - failed');
+ if (result.recordSet[i].error != null)
+ document.write(': ' + result.recordSet[i].error);
+ document.writeln('<BR>\n');
+ }
+ }
+ document.writeln('</font>');
+ document.write('</blockquote>');
+
+ if (revokedCerts > 0 && result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ } else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+
+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ } else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('<br>');
+/*
+ if (result.header.certsUpdated > 0) {
+ if (result.header.certsUpdated == result.header.certsToUpdate) {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has been partially updated. See log files for more details.');
+ }
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+*/
+ document.writeln('</font><br>');
+ }
+ }
+} else if (result.header.revoked == 'pending') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Revocation Request Has Been Submitted</font><br><br>');
+} else if (result.header.revoked == 'rejected') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate Revocation Has Been Rejected</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+} else {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Revocation Request Cannot Be Completed</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/srchCert.html b/base/ca/shared/webapps/ca/ee/ca/srchCert.html
new file mode 100644
index 000000000..2676d2592
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/srchCert.html
@@ -0,0 +1,1587 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+ <title>Search for Certificates</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search. Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter. You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list) or in decimal form.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+ if (document.serialNumberRangeCritForm.inUse.checked) {
+ document.queryForm.serialNumberRangeInUse.value = 'on';
+ }
+ document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+ document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+ return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+ var crit = new Array;
+ var next = 0;
+ var canonicalFrom = "", canonicalTo = "";
+
+ if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+ canonicalFrom =
+ trim(document.serialNumberRangeCritForm.serialFrom.value);
+ }
+
+ if (canonicalFrom != "") {
+ if (!isDecimalNumber(canonicalFrom)) {
+ if (isHexNumber(canonicalFrom)) {
+ canonicalFrom = "0x" +
+ removeColons(stripPrefix(canonicalFrom));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the low end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalFrom)) {
+ alert("You must specify a positive value for the low " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+ }
+
+ if (document.serialNumberRangeCritForm.serialTo.value != "") {
+ canonicalTo =
+ trim(document.serialNumberRangeCritForm.serialTo.value);
+ }
+
+ if (canonicalTo != "") {
+ if (!isDecimalNumber(canonicalTo)) {
+ if (isHexNumber(canonicalTo)) {
+ canonicalTo = "0x" +
+ removeColons(stripPrefix(canonicalTo));
+ } else {
+ alert("You must specify a decimal or hexadecimal value" +
+ "for the high end of the serial number range.");
+ return null;
+ }
+ }
+ if (isNegative(canonicalTo)) {
+ alert("You must specify a positive value for the high " +
+ "end of the serial number range.");
+ return null;
+ }
+ crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+ }
+
+ /* Can not do this using parseInt */
+ /*
+ if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+ document.serialNumberRangeCritForm.serialTo.value != "") {
+ if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+ alert("The low end of the range is larger than the high end.");
+ return null;
+ }
+ }
+ */
+
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Email address:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Common name:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization unit:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Locality:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+State:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Country:
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">
+Exact
+</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">
+Partial
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank.
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank. Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function subjectCritInUse()
+{
+ if (document.subjectCritForm.inUse.checked) {
+ document.queryForm.subjectInUse.value = 'on';
+ }
+ document.queryForm.eMail.value = document.subjectCritForm.eMail.value;
+ document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+ document.queryForm.userID.value = document.subjectCritForm.userID.value;
+ document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+ document.queryForm.org.value = document.subjectCritForm.org.value;
+ document.queryForm.locality.value = document.subjectCritForm.locality.value;
+ document.queryForm.state.value = document.subjectCritForm.state.value;
+ document.queryForm.country.value = document.subjectCritForm.country.value;
+ if (document.subjectCritForm.match[1].checked) {
+ document.queryForm.match.value = 'partial';
+ } else {
+ document.queryForm.match.value = 'exact';
+ }
+ return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+ return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.revokedOnCritForm.inUse, document.revokedOnFrom, document.revokedOnTo);">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=9>Privilege withdrawn
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function revokedByCritInUse()
+{
+ if (document.revokedByCritForm.inUse.checked) {
+ document.queryForm.revokedByInUse.value = 'on';
+ }
+ document.queryForm.revokedBy.value = document.revokedByCritForm.revokedBy.value;
+ return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+ if (document.revokedByCritForm.revokedBy.value.length == 0) {
+ alert("User id in 'revoked by' filter is empty");
+ return null;
+ }
+ return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+ if (document.revokedOnCritForm.inUse.checked) {
+ document.queryForm.revokedOnInUse.value = 'on';
+ }
+ d = convertToTime(document.revokedOnFrom);
+ if (d != null) {
+ document.queryForm.revokedOnFrom.value = d;
+ }
+ d = convertToTime(document.revokedOnTo);
+ if (d != null) {
+ document.queryForm.revokedOnTo.value = d;
+ }
+ return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.revokedOnFrom)) {
+ from = convertDate(document.revokedOnFrom,
+ "Start date for revocation time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certRevokedOn>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.revokedOnTo)) {
+ to = convertDate(document.revokedOnTo,
+ "End date for revocation time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certRevokedOn<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for revocation time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Revocation time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+ if (document.revocationReasonCritForm.inUse.checked) {
+ document.queryForm.revocationReasonInUse.value = 'on';
+ }
+ var values = new Array();
+ var next = 0;
+ for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+ if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ values[next++] = i;
+ }
+ }
+ document.queryForm.revocationReason.value = values;
+ return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+ var crit = new Array();
+ var sum = null;
+ var next = 0;
+
+ for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+ if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+ crit[next++] = "(x509cert.certRevoInfo="+i+")";
+ }
+ }
+ sum = nsjoin(crit,"");
+ if (next > 1) {
+ sum = "(|" + sum + ")"
+ } else if (next < 1) {
+ alert("You must select at least one revocation reason.");
+ return null;
+ }
+ return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="issuedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.issuedOnCritForm.inUse, document.issuedOnFrom, document.issuedOnTo);"></td>
+<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 1);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function issuedByCritInUse()
+{
+ if (document.issuedByCritForm.inUse.checked) {
+ document.queryForm.issuedByInUse.value = 'on';
+ }
+ document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+ return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+ if (document.issuedByCritForm.issuedBy.value.length == 0) {
+ alert("User id in 'issued by' filter is empty");
+ return null;
+ }
+ return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+ if (document.issuedOnCritForm.inUse.checked) {
+ document.queryForm.issuedOnInUse.value = 'on';
+ }
+ d = convertToTime(document.issuedOnFrom);
+ if (d != null) {
+ document.queryForm.issuedOnFrom.value = d;
+ }
+ d = convertToTime(document.issuedOnTo);
+ if (d != null) {
+ document.queryForm.issuedOnTo.value = d;
+ }
+ return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.issuedOnFrom)) {
+ from = convertDate(document.issuedOnFrom,
+ "Start date for issue time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(certCreateTime>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.issuedOnTo)) {
+ to = convertDate(document.issuedOnTo,
+ "End date for issue time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(certCreateTime<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for issue time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Issue time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotBeforeCritForm.inUse, document.validNotBeforeFrom, document.validNotBeforeTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:
+</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotBeforeCritInUse()
+{
+ if (document.validNotBeforeCritForm.inUse.checked) {
+ document.queryForm.validNotBeforeInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotBeforeFrom);
+ if (d != null) {
+ document.queryForm.validNotBeforeFrom.value = d;
+ }
+ d = convertToTime(document.validNotBeforeTo);
+ if (d != null) {
+ document.queryForm.validNotBeforeTo.value = d;
+ }
+ return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotBeforeFrom)) {
+ from = convertDate(document.validNotBeforeFrom,
+ "Start date for the validity beginning time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotBeforeTo)) {
+ to = convertDate(document.validNotBeforeTo,
+ "End date for the validity beginning time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for validity beginning range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Validity beginning time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotAfterCritForm.inUse, document.validNotAfterFrom, document.validNotAfterTo);"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period: </font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<SCRIPT type="text/javascript">
+//<!--
+generateYearOptions(10, 10);
+//-->
+</SCRIPT>
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotAfterCritInUse()
+{
+ if (document.validNotAfterCritForm.inUse.checked) {
+ document.queryForm.validNotAfterInUse.value = 'on';
+ }
+ d = convertToTime(document.validNotAfterFrom);
+ if (d != null) {
+ document.queryForm.validNotAfterFrom.value = d;
+ }
+ d = convertToTime(document.validNotAfterTo);
+ if (d != null) {
+ document.queryForm.validNotAfterTo.value = d;
+ }
+ return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+ var from = null, to = null;
+ var crit = new Array();
+ var next = 0;
+ if (!dateIsEmpty(document.validNotAfterFrom)) {
+ from = convertDate(document.validNotAfterFrom,
+ "Start date for the expiration time range criterion");
+ if (from == null) return null;
+ crit[next++] = "(x509cert.notAfter>=" + from + ")";
+ }
+ if (!dateIsEmpty(document.validNotAfterTo)) {
+ to = convertDate(document.validNotAfterTo,
+ "End date for the expiration time range criterion");
+ if (to == null) return null;
+ to += 86399999;
+ crit[next++] = "(x509cert.notAfter<=" + to + ")";
+ }
+
+ if (from == null && to == null) {
+ alert("You must enter a date for expiration time range.");
+ return null;
+ }
+ if (from != null && to != null && from > to) {
+ alert("Expiration time range specified is empty");
+ return null;
+ }
+ return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a
+validity period:
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION>
+<OPTION VALUE="31536000000">Year(s)</OPTION>
+</SELECT>
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validityLengthCritInUse()
+{
+ if (document.validityLengthCritForm.inUse.checked) {
+ document.queryForm.validityLengthInUse.value = 'on';
+ }
+ document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+ document.queryForm.count.value = document.validityLengthCritForm.count.value;
+ document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+ return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+ with(document.validityLengthCritForm) {
+ if(!isNumber(count.value,10)) {
+ alert("Invalid number specified in validity length criterion");
+ return null;
+ }
+
+ return "(x509cert.duration" +
+ validityOp.options[validityOp.selectedIndex].value +
+ (count.value * unit.options[unit.selectedIndex].value) +")";
+ }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function certTypeCritInUse()
+{
+ if (document.certTypeCritForm.inUse.checked) {
+ document.queryForm.certTypeInUse.value = 'on';
+ }
+ document.queryForm.SSLClient.value = document.certTypeCritForm.SSLClient.value;
+ document.queryForm.SSLServer.value = document.certTypeCritForm.SSLServer.value;
+ document.queryForm.SecureEmail.value = document.certTypeCritForm.SecureEmail.value;
+ document.queryForm.SubordinateSSLCA.value = document.certTypeCritForm.SubordinateSSLCA.value;
+ document.queryForm.SubordinateEmailCA.value = document.certTypeCritForm.SubordinateEmailCA.value;
+ return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+ var result = '';
+ var count = 0;
+
+ for (var i = 1; i < document.certTypeCritForm.length; i++) {
+ var sel = document.certTypeCritForm[i].selectedIndex;
+ if (sel > 0) {
+ count++;
+ result += '(x509cert.nsExtension.' +
+ document.certTypeCritForm[i].name + '='+
+ document.certTypeCritForm[i].options[sel].value + ')';
+ }
+ }
+ if (count == 0) {
+ alert("At least one of the certificate types must be selected");
+ return null;
+ }
+
+ return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+ var andFilter = new Array;
+ var critCount = 0;
+
+ if (serialNumberRangeCritInUse()) {
+ if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+ return;
+ }
+ if (subjectCritInUse()) {
+ if ((andFilter[critCount++] = subjectCrit()) == null)
+ return;
+ }
+
+ if (revokedOnCritInUse()) {
+ if ((andFilter[critCount++] = revokedOnCrit()) == null)
+ return;
+ }
+ if (revokedByCritInUse()) {
+ if ((andFilter[critCount++] = revokedByCrit()) == null)
+ return;
+ }
+ if (revocationReasonCritInUse()) {
+ if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+ return;
+ }
+ if (issuedOnCritInUse()) {
+ if ((andFilter[critCount++] = issuedOnCrit()) == null)
+ return;
+ }
+ if (issuedByCritInUse()) {
+ if ((andFilter[critCount++] = issuedByCrit()) == null)
+ return;
+ }
+ if (validNotBeforeCritInUse()) {
+ if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+ return;
+ }
+ if (validNotAfterCritInUse()) {
+ if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+ return;
+ }
+ if (validityLengthCritInUse()) {
+ if ((andFilter[critCount++] = validityLengthCrit()) == null)
+ return;
+ }
+ if (certTypeCritInUse()) {
+ if ((andFilter[critCount++] = certTypeCrit()) == null)
+ return;
+ }
+
+ // At least one section must be selected
+ if (critCount == 0) {
+ alert("You must choose at least one section on this form.");
+ return;
+ }
+
+ var f = nsjoin(andFilter,"");
+ if (f.length == 0) f = "(certRecordId=*)";
+ form.queryCertFilter.value = "(&"+f+")";
+
+ form.op.value = "srchCerts";
+
+ form.submit();
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReasonInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReason" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="certTypeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateEmailCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateSSLCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SecureEmail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLClient" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLServer" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Maximum results:</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+ <tr>
+ <td align="right">
+ <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+ Time limit (in seconds):</font>
+ </td>
+ <td>
+ <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+ </td>
+ </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+ <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+ </td>
+ </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/srchCert.template b/base/ca/shared/webapps/ca/ee/ca/srchCert.template
new file mode 100644
index 000000000..4213d000a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/srchCert.template
@@ -0,0 +1,487 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+ position: absolute;
+ left: 300px;
+ top: 50px;
+ width: 400px;
+ padding: 3px;
+ border: solid;
+ border-width: 2px;
+ background: white;
+ display: none;
+ margin: 5px;
+}
+
+
+table#t td {
+ font-size: 0.8em;
+ padding: 0px;
+ margin: 0px;
+}
+
+.r {
+ visibility: visible;
+ background-color: pink;
+}
+
+
+.h {
+ background-color: #eeeeee;
+ font-color: #606060;
+ font-weight: bold;
+}
+
+</STYLE>
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{
+ return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+
+ renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+ if (oid == "1.2.840.113549.1.1.1")
+ return "PKCS #1 RSA";
+ else if (oid == "1.2.840.113549.1.1.4")
+ return "PKCS #1 MD5 With RSA";
+ else if (oid == "1.2.840.10040.4.1")
+ return "DSA";
+ else
+ return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+ var num = number;
+ while (num.length < width)
+ num = "0"+num;
+ return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+ if (secs == null) return "";
+ var dateTmp = new Date();
+ dateTmp.setTime(secs * 1000);
+ var year = dateTmp.getYear();
+ if (year < 100) {
+ year += 1900;
+ } else {
+ year %= 100;
+ year += 2000;
+ }
+ return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" "+
+ (dateTmp.getHours()<10?" ":"")+
+ dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+ dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+ dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+"ACTION="+ "/displayBySerial" +">"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+ serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumber)
+{
+ return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumber+");' "+
+"ACTION='"+ "/reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+function addSpaces(str)
+{
+ var outStr = "";
+ var i0 = 0;
+ var i1 = 0;
+
+ while (i1 < str.length) {
+ i1 = str.indexOf(',', i0);
+ if (i1 > -1) {
+ i1++;
+ outStr += str.substring(i0, i1);
+ outStr += " ";
+ i0 = i1;
+ } else {
+ outStr += str.substring(i0, str.length);
+ i1 = str.length;
+ }
+ }
+
+ return outStr;
+}
+
+function addEscapes(str)
+{
+ var outStr = str.replace(/</g, "&lt;");
+ outStr = outStr.replace(/>/g, "&gt;");
+ return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+ var reasons = new Array("Unspecified",
+ "Key compromised",
+ "CA key compromised",
+ "Affiliation changed",
+ "Certificate superceded",
+ "Cessation of operation",
+ "Certificate is on hold",
+ "Unspecified", // value 7 is not used
+ "Remove from CRL",
+ "Privilege withdrawn",
+ "AA key compromise");
+ if (revocationReason < 0 || revocationReason >= reasons.length)
+ revocationReason = 0;
+ return reasons[revocationReason];
+}
+
+function isRevoked(index)
+{
+ return (recordSet[index].revokedOn != null);
+}
+
+
+
+
+function setNode(table,desc,content,style)
+{
+ var row = table.insertRow(-1);
+ if (style) {
+ row.className = style;
+ }
+ var cell1 = row.insertCell(-1);
+ var desc_text = document.createTextNode(desc);
+ cell1.appendChild(desc_text);
+ var cell2 = row.insertCell(-1);
+ var content_text = document.createTextNode(content);
+ cell2.appendChild(content_text);
+}
+
+
+
+function mouseover(element,event)
+{
+ var x = event.clientX;
+ var y = event.clientY;
+
+ var index= element.getAttribute("index");
+ if (index == null) { return false; }
+ var cert = recordSet[index];
+
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+ var v;
+ var e = document.getElementById("certMetaDatadiv");
+
+ var t = document.getElementById("t");
+
+ // delete all the rows in the table
+ var i=0;
+ while (i < t.rows.length) {
+ t.deleteRow(0);
+ }
+
+ setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+ setNode(t,"Version:", cert.version+1);
+ setNode(t,"Certificate Type:",cert.type);
+ setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+ " with "+ cert.subjectPublicKeyLength+"-bit key");
+ setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+ setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+ setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+ setNode(t,"Issued By:", cert.issuedBy);
+
+ if (isRevoked(index)) {
+ setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+ setNode(t,"Revoked by:", cert.revokedBy, "r");
+ setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+ assumedheight = 210;
+ } else {
+ assumedheight = 180;
+ }
+
+ e.style.left = x+30; // x-offset of floating div
+
+ var offset = 20; // extra y-offset of floating div
+ var bottom = y + offset + assumedheight;
+ if (bottom > window.innerHeight) {
+ offset = 0 - (2*offset) - assumedheight;
+ }
+
+ e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+ // unhide the window
+ e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+// window.setTimeout("hide",1);
+ var index= element.getAttribute("index");
+ if (recordSet[index].revokedOn != null) {
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+ } else {
+// element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+ element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+ }
+ hide();
+}
+
+function hide()
+{
+ document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+function displayCertificateRecord(i, cert)
+{
+ document.write(
+// "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+
+ "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+ "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+
+ "<td width=16%>"+(cert.revokedOn != null ?"revoked":"valid")+"</td>\n"+
+ "<td style='overflow: hidden; white-space: nowrap;'>"+
+ " <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ " <div style='overflow: hidden; white-space: nowrap;'>"+
+ " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+
+ cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+ "onmouseout='mouseout(this);'>"+
+ addEscapes(cert.subject)+"</div></font>"+
+ "</a></td>"+
+ "</tr>\n"
+
+ );
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+ );
+} else {
+
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+ );
+
+ if (result.header.totalRecordCount == result.header.maxSize) {
+ document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"(Maximum size reached)"+
+"</font>\n"
+ );
+ }
+
+ document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%>&nbsp;</td><td width=16%>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+"<tr bgcolor='#e5e5e5'><td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td></tr>\n");
+
+ for(var i = 0; i < result.recordSet.length; ++i ) {
+ displayCertificateRecord(i, result.recordSet[i]);
+ }
+document.write("</table>\n");
+
+
+ if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+ (result.header.querySentinel != null)) {
+ document.write("<br>&nbsp;\n" +
+ "<table border='0' cellspacing='0' cellpadding='0' background='/pki/images/hr.gif' width='100%'>\n"+
+ "<tr><td>&nbsp;</td></tr></table>\n");
+ }
+
+ document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+ "<tr align=center><td>\n");
+
+ if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+ displayRevokeAllForm(result.header.totalRecordCount);
+ document.write("</td><td>\n");
+ }
+
+ if (result.header.querySentinel != null) {
+ displayNextForm();
+ }
+
+ document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+ return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+function doNext(form)
+{
+// form.action = "/"+result.header.op;
+ form.action = "listCerts";
+ form.op.value = result.header.op;
+ form.querySentinel.value = result.header.querySentinel;
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ if (result.header.revokeAll != null) {
+ form.revokeAll.value = result.header.revokeAll;
+ }
+ if (result.header.queryFilterHash != null) {
+ form.queryFilterHash.value = result.header.queryFilterHash;
+ }
+ // form.submit();
+}
+
+function displayNextForm()
+{
+ document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST onSubmit='doNext(nextForm);' "+
+"ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+ document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+ document.write(renderHidden("queryFilterHash"));
+}
+
+document.write("<INPUT TYPE=submit VALUE='Find' width='72'>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"&nbsp;next</font>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinel VALUE='"+
+result.header.querySentinel+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=text SIZE=4 MAXLENGTH=3 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"&nbsp;record(s)</font>\n"+
+"</FORM>\n");
+//"</FORM></DIV>\n");
+}
+
+function doRevokeAll(form)
+{
+// form.action = result.header.serviceURL;
+ form.totalRecordCount.value = result.header.totalRecordCount;
+ form.revokeAll.value = result.header.queryCertFilter;
+ form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+// document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+ document.write("<FORM NAME ='revokeAllForm' "+
+ "METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+ "ACTION='"+ "/reasonToRevoke" +"'>\n"+
+ "<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+ "<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+ "<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+ "<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+ "</FORM>\n");
+// "</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+
+
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/ca/tabs.html b/base/ca/shared/webapps/ca/ee/ca/tabs.html
new file mode 100644
index 000000000..2cf6ee3be
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/tabs.html
@@ -0,0 +1,35 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+</head>
+
+<body bgcolor="#4f52b5" onresize="top.doResize();">
+<script lang="javascript">
+<!--//
+top.loadTabs();
+//-->
+</script>
+</body>
+</html>
diff --git a/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template b/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template
new file mode 100644
index 000000000..2a158381f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template
@@ -0,0 +1,231 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Review Certificate Revocation List</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function checkSubmit(form)
+{
+ if (typeof(form.crlIssuingPoint) == 'undefined') {
+ alert("CRL issuing points are not available.");
+ return false;
+ }
+ if (form.op[0].checked || form.op[1].checked) {
+ if (form.certSerialNumber.value != "") {
+ form.certSerialNumber.value =
+ trim(form.certSerialNumber.value);
+ }
+ if (form.certSerialNumber.value != "") {
+ if (!isNumber(form.certSerialNumber.value,10)) {
+ if (isNumber(form.certSerialNumber.value,16)) {
+ canonicalHex = "0x" +
+ removeColons(stripPrefix(form.certSerialNumber.value));
+ form.certSerialNumber.value = canonicalHex;
+ } else {
+ alert("You must enter a valid hexadecimal "+
+ "or decimal certificate serial number.");
+ return false;
+ }
+ }
+ } else {
+ alert("You must enter a certificate serial number.");
+ return false;
+ }
+
+ if (isNegative(form.certSerialNumber.value)) {
+ alert("Certificate serial number can only "+
+ "be represented by positive number.");
+ return false;
+ }
+ }
+ return true;
+}
+//-->
+</SCRIPT>
+</HEAD>
+
+<CMS_TEMPLATE>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate Revocation List
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to check whether a particular certificate has been revoked or
+to import the latest Certificate Revocation List.
+</font>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" >
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<FORM action=getCRL method=post onSubmit="return checkSubmit(this)">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select CRL issuing point</b></font>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+var issuingPoint;
+var i;
+
+if (result.header.crlIssuingPoints != null &&
+ result.header.crlIssuingPoints.length > 0) {
+ issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+ issuingPoint = null;
+}
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr><td align="right" width="20%">');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Issuing point:</font></td>');
+document.writeln('<td align="left">');
+if (issuingPoint != null && issuingPoint.length > 0) {
+ document.writeln('<SELECT NAME="crlIssuingPoint">');
+ for (i = 0; i < issuingPoint.length; i++) {
+ document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+ if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+ document.write(' SELECTED');
+ document.writeln('>' + issuingPoint[i] + '</OPTION>');
+ }
+ document.writeln('</SELECT>');
+} else {
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+ document.writeln('not available</font>');
+}
+document.writeln('</td></tr></table>');
+//-->
+</SCRIPT>
+
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select one of these actions</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+ <tr>
+ <td><input type=RADIO name="op" value="checkCRLcache" checked></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Check whether the following certificate is included in CRL cache</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="checkCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Check whether the following certificate is listed by CRL</font>
+ </td>
+ </tr>
+ <tr>
+ <td></td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Certificate serial number:&nbsp;</font>
+ <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value="">
+ </td>
+ </tr>
+ <tr>
+ <td></td>
+ <td></td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="importCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Import the latest CRL to your browser</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="importDeltaCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Import the latest delta CRL to your browser</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="getCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Download the latest CRL in binary form</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="getDeltaCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Download the latest delta CRL in binary form</font>
+ </td>
+ </tr>
+ <tr>
+ <td><input type=RADIO name="op" value="displayCRL"></td>
+ <td>
+ <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Display the CRL information:</font>&nbsp;&nbsp;
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+ document.writeln('<SELECT NAME="crlDisplayType">');
+ if (result.header.master_host != null && result.header.master_host.length &&
+ result.header.master_port != null && result.header.master_port.length) {
+ document.write('<OPTION VALUE="entireCRL" SELECTED>Entire CRL');
+ } else {
+ document.write('<OPTION VALUE="cachedCRL" SELECTED>Cached CRL');
+ document.write('<OPTION VALUE="entireCRL">Entire CRL');
+ }
+ document.write('<OPTION VALUE="crlHeader">CRL header');
+ document.write('<OPTION VALUE="base64Encoded">Base64 encoded');
+ if (result.header.isDeltaCRLEnabled != null &&
+ result.header.isDeltaCRLEnabled == true) {
+ document.write('<OPTION VALUE="deltaCRL">Delta CRL');
+ }
+ document.writeln('</SELECT>');
+//-->
+</SCRIPT>
+ </td>
+ </tr>
+</table>
+
+<br>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/pki/images/gray90.gif">
+ <tr>
+ <td ALIGN=RIGHT>
+ <input TYPE="hidden" NAME="pageStart" VALUE="1">
+ <input TYPE="hidden" NAME="pageSize" VALUE="50">
+ <input type="submit" value="Submit" name="submit" width="72">
+ </td>
+ </tr>
+</table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template b/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template
new file mode 100644
index 000000000..b876f6f5f
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function toHex1(number)
+{
+ var absValue = "", sign = "";
+ var digits = "0123456789abcdef";
+ if (number < 0) {
+ sign = "-";
+ number = -number;
+ }
+
+ for(; number >= 16 ; number = Math.floor(number/16)) {
+ absValue = digits.charAt(number % 16) + absValue;
+ }
+ absValue = digits.charAt(number % 16) + absValue;
+ return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+ return '0x' + number;
+}
+
+if (result.header.unrevoked == 'yes') {
+ var s = (result.header.serialNumber.indexOf(",") > 0)? "s": "";
+ var ve = (result.header.serialNumber.indexOf(",") > 0)? "ve": "s";
+
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' Ha'+ve+' Been Released From Hold</font><br><br>');
+
+
+ if (result.header.error == null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+ result.header.serialNumber +
+ '</b> ha'+ve+' been released from hold.');
+ document.writeln('</font><br>');
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.updateCRL && result.header.updateCRL == "yes") {
+ if (result.header.updateCRLSuccess != null &&
+ result.header.updateCRLSuccess == "yes") {
+ document.writeln('The Certificate Revocation List has been successfully updated.');
+ }
+ else {
+ document.writeln('The Certificate Revocation List update Failed');
+ if (result.header.updateCRLSuccess != null)
+ document.writeln(' with error '+
+ result.header.updateCRLError);
+ else
+ document.writeln('. No further details provided.');
+ }
+ }
+ else {
+ document.writeln(
+ 'The Certificate Revocation List will be updated '+
+ 'automatically at the next scheduled update.');
+ }
+ document.writeln('</font><br>');
+/*
+ if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ if (result.header.dirUpdated == 'yes') {
+ document.write('Directory has been successfully updated.');
+ } else {
+ document.write('Directory has not been updated. See log files for more details.');
+ }
+ document.writeln('</font><br>');
+ }
+*/
+ } else {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+ result.header.serialNumber +
+ '</b> ha'+ve+' not been released from hold..<br><br>');
+ document.writeln('Additional Information:');
+ document.writeln('</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+} else if (result.header.unrevoked == 'pending') {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Unrevocation Request Has Been Submitted</font><br><br>');
+} else {
+ document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Unrevocation Request Cannot Be Completed</font><br><br>');
+ if (result.header.error != null) {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Addition information:</font>');
+ document.writeln('<blockquote>');
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln(result.header.error);
+ document.writeln('</font>');
+ document.writeln('</blockquote>');
+ }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/base/ca/shared/webapps/ca/ee/cms-funcs.js b/base/ca/shared/webapps/ca/ee/cms-funcs.js
new file mode 100644
index 000000000..601a84221
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/cms-funcs.js
@@ -0,0 +1,746 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+// This file holds definitions of various utility functions
+// used on the EE pages.
+
+// tabs=4
+
+// Before enrolling, we compare the client's clock against
+// a value the server sends (some javascript in the URL at
+// at /dynamicVar.js sets a variable called serverdate to
+// the current time of the server).
+//
+// If the values are different, we alert the user, because
+// they may have problems using the cert if their clock is
+// set to before the validity period of the certificate.
+
+function checkClientTime()
+{
+ var speed;
+ var server_date;
+ var client_date = new Date();
+ var zone = client_date.getTimezoneOffset();
+ var timediff = 0;
+
+ var serverutc;
+ var clientutc = client_date.getTime();
+
+ if (serverdate == null) {
+ return;
+ }
+ server_date = new Date(serverdate);
+ serverutc = server_date.getTime();
+
+ var offset = clientutc - serverutc;
+ if (offset >0) {
+ speed = 'fast';
+ } else {
+ speed = 'slow';
+ }
+ timediff = Math.round(Math.abs(offset/1000/60));
+
+ if (timediff > 10) {
+ msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed +
+ '\n\nYou may encounter problems using your certificate\n' +
+ 'as your clock is set incorrectly.\n\n' +
+ 'According to the server, the time is:\n ' + server_date +
+ '\n\nPlease correct your clock before proceeding with enrollment'+
+ '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+ 'If you change your timezone, you may need to restart your browser\n'+
+ 'before continuing.';
+ alert(msg);
+ return false;
+ }
+ return true;
+}
+
+
+
+
+function escapeDNComponent(str)
+{
+ var outStr = "";
+ var escapeValue = false;
+
+ // Do we need to escape any characters
+ for (i=0; i < str.length; i++) {
+ c = str.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n') {
+ escapeValue = true;
+ break;
+ }
+ }
+
+ if (escapeValue == true) {
+ outStr += '"';
+ outStr += str;
+ outStr += '"';
+ } else {
+ outStr += str;
+ }
+ return outStr;
+}
+
+function doubleQuotes(componentName)
+{
+ for (i=0; i < componentName.length; i++) {
+ if (componentName.charAt(i) == '"') {
+ return true;
+ }
+ }
+ return false;
+}
+
+
+function alertIfDoubleQuotes(element, fieldname)
+{
+ if (doubleQuotes(element.value) == true) {
+ alert('Double quotes are not allowed in the '+fieldname+' field');
+ element.value = '';
+ element.focus();
+ return true;
+ }
+ else {
+ return false;
+ }
+}
+
+function appendToDN(DN, newcomponent)
+{
+ if (DN.value != '') { DN.value += ', '; }
+
+ DN.value += newcomponent;
+
+}
+
+function formulateDN(form, DN)
+{
+ // Note: The alerts about double quotes are here to avoid
+ // problems with the code dealing with quoting and escaping in the
+ // Netscape Directory Server 1.0 implementation.
+ with (form) {
+ DN.value = '';
+
+ if (form.E != null && E.value != '') {
+ if (alertIfDoubleQuotes(E,"E-mail")) { return; }
+ appendToDN(DN,'E='+escapeDNComponent(E.value));
+ }
+ if (form.CN != null && CN.value != '') {
+ if (alertIfDoubleQuotes(CN,"Common Name")) { return; }
+ appendToDN(DN,'CN='+escapeDNComponent(CN.value));
+ }
+ if (form.UID != null && UID.value != '') {
+ if (alertIfDoubleQuotes(UID,"User ID")) { return; }
+ appendToDN(DN,'UID='+escapeDNComponent(UID.value));
+ }
+ if (form.OU != null && OU.value != '') {
+ if (alertIfDoubleQuotes(OU,"Organizational Unit")) { return; }
+ appendToDN(DN,'OU='+escapeDNComponent(OU.value));
+ }
+ if (form.O != null && O.value != '') {
+ if (alertIfDoubleQuotes(O,"Organization")) { return; }
+ appendToDN(DN,'O='+escapeDNComponent(O.value));
+ }
+ if (form.L != null && L.value != '') {
+ if (alertIfDoubleQuotes(L,"Locality")) { return; }
+ appendToDN(DN,'L='+escapeDNComponent(L.value));
+ }
+ if (form.ST != null && ST.value != '') {
+ if (alertIfDoubleQuotes(ST,"State")) { return; }
+ appendToDN(DN,'ST='+escapeDNComponent(ST.value));
+ }
+ if (form.C != null && C.value != '') {
+ if (alertIfDoubleQuotes(C,"Country")) { return; }
+ appendToDN(DN,'C='+escapeDNComponent(C.value));
+ }
+ }
+}
+
+
+function isValidIssuerDN(form)
+{
+ // Note: The check here is to avoid a crash in Netscape Navigator <4.6
+ // that is triggered when doing client-auth to a server whose
+ // SSL-cert (or the signer of it) does not have an O in the DN
+ // There are some other bugs in Nav 3 relating to importing the
+ // CA cert without the OU or O fields.
+
+ if ((form.OU.value == '') && (form.O.value == '')) {
+ alert("You must enter an Organization Unit or an Organization.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidAdminDN(form)
+{
+ // Note: The check here is to avoid a bug in Netscape
+ // Navigator 3.0 and 3.01 that are triggered on formation
+ // of the nickname on import of a personal cert if
+ // that cert does not contain a common name.
+
+ if (form.CN.value == '') {
+ alert("You must enter a Common Name.");
+ return false;
+ } else {
+ return true;
+ }
+}
+
+function isValidCSR(form)
+{
+ // Note: the checks here are of mixed origin. Some are required
+ // for Navigator and Communicator. The CSR field checks are
+ // to avoid server side rejection of the submission. These
+ // checks can be split up to be different for different types of
+ // certificates.
+
+ formulateDN(form, form.subject);
+
+ with (form) {
+ if (email != null) {
+ if (E.value == "" && email.checked) {
+ alert("E-mail certificates must include an E-mail address.");
+ return false;
+ }
+ }
+ if (CN.value == "") {
+ alert("You must supply your name for the certificate.");
+ return false;
+ }
+
+ if (csrRequestorPhone != null && csrRequestorEmail != null) {
+ if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+ alert("You must supply a contact phone number or e-mail address.");
+ return false;
+ }
+ return true;
+ }
+ }
+}
+
+function isNegative(string) {
+ if (string.charAt(0) == '-')
+ return true;
+ else
+ return false;
+}
+
+function isNumber(string, radix) {
+ var i = 0;
+ var legalDigits;
+
+ if (radix == null || radix == 10) {
+ legalDigits = "0123456789";
+ } else if (radix == 16) {
+ legalDigits = "0123456789abcdefABCDEF:";
+ } else {
+ return false;
+ }
+ // skip leading space
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ break;
+ }
+ if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+ ++i;
+ }
+ if (radix == 16 && i < string.length - 2 &&
+ string.charAt(i) == '0' &&
+ (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+ legalDigits.indexOf(string.charAt(i+2)) != -1) {
+ i += 3;
+ }
+ for(; i < string.length; ++i) {
+ if (legalDigits.indexOf(string.charAt(i)) == -1)
+ break;
+ }
+ for(; i < string.length; ++i) {
+ if (string.charAt(i) != ' ')
+ return false;
+ }
+ return true;
+}
+
+function isDecimalNumber(string)
+{
+ return isNumber(string,10);
+}
+
+function isHexNumber(string)
+{
+ return isNumber(string,16);
+}
+
+function dateForm(name)
+{
+ var i;
+ document.write('<FORM NAME=\"'+ name +'\">');
+ document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+ for (i=1; i <=31; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('<SELECT NAME=\"month\">'+
+ '<OPTION VALUE=13> '+
+ '<OPTION VALUE=0>January'+
+ '<OPTION VALUE=1>February'+
+ '<OPTION VALUE=2>March'+
+ '<OPTION VALUE=3>April'+
+ '<OPTION VALUE=4>May'+
+ '<OPTION VALUE=5>June'+
+ '<OPTION VALUE=6>July'+
+ '<OPTION VALUE=7>August'+
+ '<OPTION VALUE=8>September'+
+ '<OPTION VALUE=9>October'+
+ '<OPTION VALUE=10>November'+
+ '<OPTION VALUE=11>December'+
+ '</SELECT>'
+ );
+
+ document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+ for (i=1996; i <=2006; ++i)
+ document.write('<OPTION VALUE='+i+'>'+i);
+ document.write('</SELECT>');
+ document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+ return form.day.selectedIndex == 0 &&
+ form.month.selectedIndex == 0 &&
+ form.year.selectedIndex == 0;
+}
+
+
+function daysToSeconds(days){
+ return 3600 * 24 * days;
+}
+
+function clickedOnTimeRangeCheckBox(inUse, start, end)
+{
+ if (inUse.checked) {
+ var date = new Date();
+ if (start.day.options[start.day.selectedIndex].value == 0) {
+ start.day.selectedIndex = date.getDate();
+ }
+ if (end.day.options[end.day.selectedIndex].value == 0) {
+ end.day.selectedIndex = date.getDate();
+ }
+ if (start.month.options[start.month.selectedIndex].value == 13) {
+ start.month.selectedIndex = date.getMonth() + 1;
+ }
+ if (end.month.options[end.month.selectedIndex].value == 13) {
+ end.month.selectedIndex = date.getMonth() + 1;
+ }
+ if (start.year.options[start.year.selectedIndex].value == 0) {
+ for (var i = 0; i < start.year.options.length; i++) {
+ if (start.year.options[i].value == date.getFullYear()) {
+ start.year.selectedIndex = i;
+ }
+ }
+ }
+ if (end.year.options[end.year.selectedIndex].value == 0) {
+ for (var i = 0; i < end.year.options.length; i++) {
+ if (end.year.options[i].value == date.getFullYear()) {
+ end.year.selectedIndex = i;
+ }
+ }
+ }
+ }
+}
+
+function generateYearOptions(before, after)
+{
+ var now = new Date();
+ var year = now.getFullYear();
+ document.writeln("<OPTION VALUE=0>");
+ for (var i = year-before-1; i < year+after+1; i++) {
+ document.writeln("<OPTION VALUE="+i+">"+i);
+ }
+}
+
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+ var result;
+ var fromIndex = 0, toIndex = 0;
+
+ // kludgy work-around for indexOf JavaScript bug on empty string
+ if (value == "")
+ return '\"\"';
+
+ result = '\"';
+ while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+ result += value.substring(fromIndex,toIndex);
+ result += '\\"';
+ fromIndex = toIndex + 1;
+ }
+ result += value.substring(fromIndex,value.length);
+ result += '\"';
+ return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == '\\' | c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return '\"' + result + '\"';
+}
+
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+ var last = list.length;
+ if (asPattern) {
+ list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+ }
+ else if (value != "")
+ list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponent(result,"E",E.value,asPattern);
+ makeComponent(result,"CN",CN.value,asPattern);
+ makeComponent(result,"UID",UID.value,asPattern);
+ makeComponent(result,"OU",OU.value,asPattern);
+ makeComponent(result,"O",O.value,asPattern);
+ makeComponent(result,"L",L.value,asPattern);
+ makeComponent(result,"ST",ST.value,asPattern);
+ makeComponent(result,"C",C.value,asPattern);
+ }
+ if (result.length == 0)
+ return asPattern ? "0 == 0" : "0 == 1";
+ else
+ return "subject" + ( asPattern ? " ~= " : " == ") +
+ escapeValue(result.join(', '));
+}
+
+function isHTTPEscapeChar(c)
+{
+ if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+ c == '\r' || c == '\t' || c == ';' || c == '&' ||
+ c == '>') {
+ return true;
+ }
+
+ return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+ table = new Object();
+ table["%"] = "25";
+ table["#"] = "23";
+ table["+"] = "2B";
+ table["="] = "3D";
+ table["\n"] = "0A";
+ table["\r"] = "0D";
+ table["\t"] = "09";
+ table[";"] = "3B";
+ table["&"] = "26";
+ table[">"] = "3E";
+
+ outString = "";
+
+ for (i=0; i < inString.length; i++) {
+ if (inString.charAt(i) == ' ') {
+ outString += '+';
+ } else {
+ if (isHTTPEscapeChar(inString.charAt(i))) {
+ outString += "%" + table[inString.substring(i, i+1)];
+ } else {
+ outString += inString.charAt(i);
+ }
+ }
+ }
+
+ return outString;
+}
+
+
+
+function navMajorVersion()
+{
+ return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+
+
+// these functions below were originally in funcs.js
+
+
+
+function trim(string) {
+ var i, k, newString;
+
+ for (i = 0; i < string.length; i++) {
+ if (string.charAt(i) != ' ' )
+ break;
+ }
+ for (k = string.length - 1; k > i; k--) {
+ if (string.charAt(k) != ' ' )
+ break;
+ }
+ k++;
+
+ if (k > i)
+ newString = string.substring(i, k);
+ else
+ newString = null;
+
+ return newString;
+}
+
+
+function convertDate(form, fieldName)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day) {
+ alert(fieldName + " is invalid");
+ return null;
+ }
+ else
+ return date.getTime();
+}
+
+function convertToTime(form)
+{
+ var date;
+ var day = form.day.options[form.day.selectedIndex].value;
+ var month = form.month.options[form.month.selectedIndex].value;
+ var year = form.year.options[form.year.selectedIndex].value;
+ date = new Date(year,month,day);
+
+ // see if normalization was required
+ if (date.getMonth() != month || date.getDate() != day) {
+ return null;
+ }
+ else
+ return date.getTime();
+}
+
+function escapeValueRfc1779(value)
+{
+ var result = "";
+
+ // Do we need to escape any characters
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c == ',' || c == '=' || c == '+' || c == '<' ||
+ c == '>' || c == '#' || c == ';' || c == '\r' ||
+ c == '\n' || c == '\\' || c == '"') {
+ result += '\\';
+ }
+ result += c;
+ }
+ return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+ var last = list.length;
+ if (value != "") {
+ if (asPattern) {
+ list[last] = "(x509Cert.subject=*"+tag+"=*"+
+ escapeValueRfc1779(value)+"*)";
+ } else {
+ // exact match (either the end, or appended with ",")
+ list[last] = "(|(x509Cert.subject=*"+tag+"="+
+ escapeValueRfc1779(value)+",*)"
+ +"(x509Cert.subject=*"+tag+"="+
+ escapeValueRfc1779(value)+"))";
+ }
+ }
+}
+
+
+
+function computeNameFilter(form)
+{
+ var asPattern = form.match[1].checked;
+ var result = new Array;
+
+ with (form) {
+ // The order of clauses here determines how components are ordered
+ // in the name sent in the client's request. A site may wish to
+ // re-order the clauses here if their conventions produce names
+ // with components in a different order.
+ makeComponentFilter(result,"E",eMail.value,asPattern);
+ makeComponentFilter(result,"CN",commonName.value,asPattern);
+ makeComponentFilter(result,"UID",userID.value,asPattern);
+ makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+ makeComponentFilter(result,"O",org.value,asPattern);
+ makeComponentFilter(result,"L",locality.value,asPattern);
+ makeComponentFilter(result,"ST",state.value,asPattern);
+ makeComponentFilter(result,"C",country.value,asPattern);
+ }
+ if (result.length == 0) {
+ return "(x509Cert.subject=*)";
+ } else {
+ if (asPattern) {
+ return "(|" + nsjoin(result,"") + ")";
+ } else {
+ return "(&" + nsjoin(result,"") + ")";
+ }
+ }
+}
+
+function booleanCrit(crit,radioArg)
+{
+ for (var i = 0; i < radioArg.length; ++i ){
+ if( radioArg[i].checked ) {
+ if (radioArg[i].value.length != 0) {
+ crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+ }
+ return;
+ }
+ }
+}
+
+
+function isHex(string)
+{
+ if (string.charAt(0) == '0' &&
+ (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+ return true;
+ } else {
+ return false;
+ }
+}
+
+function writeError(errorDetails)
+{
+ document.write("<center><h2><b>" +
+ "Problem Processing Your Request" +
+ "</b></h2></center><p>" +
+ "The service encountered a problem " +
+ "when processing your request. This problem may " +
+ "indicate a flaw in the form used to submit your " +
+ "request or the values that were entered into the form." +
+ "The following message supplies more information " +
+ "about the error that occurred.<p>");
+ document.write("<blockquote><b><pre>");
+ if (errorDetails != null) {
+ document.write(errorDetails);
+ } else {
+ document.write("Unable to provide details. " +
+ "Contact Administrator.");
+ }
+ document.write("</pre></b></blockquote>");
+ if (result.header.errorDescription != null) {
+ document.write('<p>Additional Information:<p>');
+ document.write('<blockquote><b>');
+ document.write(result.header.errorDescription);
+ document.write('</b></blockquote>');
+ }
+ document.write("<p>");
+ document.write("Please consult your local administrator for " +
+ "further assistance.");
+ document.write("The certificate server's log may provide " +
+ "further information.");
+}
+
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+ var i;
+ for(i = 0; i < s.length - 1; ++i) {
+ if (s.charAt(i) != ' ' )
+ break;
+ }
+ if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+ return s.substring(i+2,s.length);
+ } else {
+ return s.substring(i,s.length);;
+ }
+}
+
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+ var result = "";
+
+ for (i=0; i < value.length; i++) {
+ c = value.charAt(i);
+ if (c != ':' ){
+ result += c;
+ }
+ }
+ return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+ val = "";
+ for (i=0; i<array.length; i++) {
+ val = val + array[i];
+ if (i < (array.length-1)) val = val+str;
+ }
+ return val;
+}
+//-->
+
+
+
+//-->
+
+
+
+
+
diff --git a/base/ca/shared/webapps/ca/ee/helpfun.js b/base/ca/shared/webapps/ca/ee/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) {
+
+ var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500");
+
+ HelpWin.location = helptopic;
+ HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+ window.status = helpline;
+
+ return true;
+
+}
+
diff --git a/base/ca/shared/webapps/ca/ee/index.html b/base/ca/shared/webapps/ca/ee/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+ // redirect to 'ROOT'
+ window.location = "/";
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/index.html b/base/ca/shared/webapps/ca/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/base/ca/shared/webapps/ca/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+ // redirect to 'ROOT'
+ window.location = "/";
+</script>
+</html>
diff --git a/base/ca/shared/webapps/ca/services.template b/base/ca/shared/webapps/ca/services.template
new file mode 100644
index 000000000..b4ce80168
--- /dev/null
+++ b/base/ca/shared/webapps/ca/services.template
@@ -0,0 +1,106 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>CA Services</title>
+ <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+ <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+ <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+<div id="header">
+ <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+ <div id="headertitle">
+ <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+ </div>
+ <div id="account">
+ <dl><dt><span></span></dt><dd></dd></dl>
+ </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+ -
+</div>
+
+
+</div>
+</div>
+
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Services Page
+</font><br>
+<p>
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+for (var i=0; i<result.recordSet.length; ++i) {
+ document.write('<tr valign="TOP">');
+ document.write('<td>');
+ document.write('<td>');
+ document.write('<font size=4 face="PrimaSans BT, Verdana, sans-serif">');
+ document.write('<li><a href="');
+ document.write(result.recordSet[i].prefix + "://" +
+ result.recordSet[i].host + ":" + result.recordSet[i].port + "/"+
+ result.recordSet[i].uri);
+ if (result.recordSet[i].type == "admin") {
+ document.write('">Admin Services</a></font>');
+ } else if (result.recordSet[i].type == "agent") {
+ document.write('">Agent Services</a></font>');
+ } else if (result.recordSet[i].type == "ee") {
+ document.write('">SSL End Users Services</a></font>');
+ }
+
+ document.write('</font></td></tr>');
+}
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</center>
+<div id="footer">
+</div>
+</body>
+</html>