summaryrefslogtreecommitdiffstats
path: root/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html
diff options
context:
space:
mode:
Diffstat (limited to 'base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html')
-rw-r--r--base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html472
1 files changed, 472 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html
new file mode 100644
index 0000000..f4798d4
--- /dev/null
+++ b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html
@@ -0,0 +1,472 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UdnPwdDirAuth' (LDAP directory enrollment)
+// has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+ with (form) {
+ if (udn.value == "") {
+ alert("You must supply your dn");
+ return false;
+ }
+ if (pwd.value == "") {
+ alert("You must supply your password");
+ return false;
+ }
+
+ /////////////////////////////////////////////////////////////////
+ // To enable dual key feature, this page must be customized with
+ // appropriate Javascript call. For example,
+ //
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // null,
+ // "setCRMFRequest();",
+ // 512, null, "rsa-ex",
+ // 1024, null, "rsa-sign");
+ //
+ // To enable key archival feature, this page must be customized with
+ // KRA's transport certificate. The transport certificate can be
+ // retrieved in the following ways:
+ // (1) Access "List Certificates" menu option in end-entity page
+ // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+ // (3) Use certutil command in <instance-dir>/config directory
+ // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+ //
+ // Once the transport certificate is obtained, the following
+ // javascript should be modified so that the transport certificate
+ // and appropriate key type are selected. For example,
+ //
+ // var keyGenAlg = "rsa-ex";
+ // crmfObject = crypto.generateCRMFRequest(
+ // "CN=undefined",
+ // "regToken", "authenticator",
+ // keyTransportCert,
+ // "setCRMFRequest();",
+ // 512, null, keyGenAlg);
+ /////////////////////////////////////////////////////////////////
+
+ // To enable key archival, replace "null" with the transport
+ // certificate without "BEBIN..." "END..", nor line breaks.
+ // change keyGenAlg to "rsa-ex"
+ var keyTransportCert = null;
+ var keyGenAlg = "rsa-dual-use";
+ if (navigator.appName == "Netscape" && (navMajorVersion() > 3) &&
+ typeof(crypto.version) != "undefined") {
+ crmfObject = crypto.generateCRMFRequest(
+ "CN=undefined",
+ "regToken", "authenticator",
+ keyTransportCert,
+ "setCRMFRequest();",
+ 1024, null, keyGenAlg);
+ }
+ return true;
+ }
+}
+
+function setCRMFRequest()
+{
+ with (document.forms[0]) {
+ CRMFRequest.value = crmfObject.request;
+ submit();
+ }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+
+<OBJECT
+ classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+ CODEBASE="/xenroll.dll"
+ id=Enroll >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+ escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+ doubleQuotes = False
+End Function
+
+Function formulateDN()
+ Dim dn
+ Dim TheForm
+ Set TheForm = Document.ReqForm
+
+ dn = Empty
+
+ If (TheForm.udn.Value <> Empty) Then
+ If doubleQuotes(TheForm.udn.Value) = True Then
+ MsgBox "Double quotes are not allowed in the dn field"
+ Exit Function
+ End If
+ If (dn <> Empty) Then
+ dn = dn & ","
+ End If
+ dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.udn.Value)
+ End If
+
+ formulateDN = dn
+End Function
+
+Sub Send_OnClick
+ Dim TheForm
+ Dim szName
+ Dim options
+ Set TheForm = Document.ReqForm
+
+
+ ' Do a few sanity checks
+ If (TheForm.udn.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory dn for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+ If (TheForm.pwd.Value = Empty) Then
+ ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+ Exit Sub
+ End If
+
+' If (TheForm.SSLClient.value = Empty AND
+' TheForm.SMIME.value = Empty AND
+' TheForm.ObjectSigning.value = Empty) Then
+' ret = MsgBox("You must select atleast one certificate type", 0,
+' "MSIE Certificate Request")
+' Exit Sub
+' End If
+
+
+ ' Contruct the X500 distinguished name
+ szName = formulateDN()
+
+ On Error Resume Next
+ Enroll.HashAlgorithm = "MD5"
+ Enroll.KeySpec = 1
+ Enroll.GenKeyFlags = 1 ' key exportable
+
+ ' Pick the provider that is selected
+ set options = TheForm.all.cryptprovider.options
+ index = options.selectedIndex
+ Enroll.providerType = options(index).value
+ Enroll.providerName = options(index).text
+
+ szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+ theError = Err.Number
+ On Error Goto 0
+ '
+ ' If the user has cancelled things the we simply ignore whatever
+ ' they were doing ... need to think what should be done here
+ '
+ If (szCertReq = Empty AND theError = 0) Then
+ Exit Sub
+ End If
+
+ If (szCertReq = Empty OR theError <> 0) Then
+ '
+ ' There was an error in the key pair generation. The error value
+ ' is found in the variable 'theError' which we snarfed above before
+ ' we did the 'On Error Goto 0' which cleared it again.
+ '
+ sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+ result = MsgBox(sz, 0, "Credentials Enrollment")
+ Exit Sub
+ End If
+
+ TheForm.pkcs10Request.Value = szCertReq
+ TheForm.Submit
+ Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Directory Based User Enrollment
+</font>
+<br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ Use this form to submit a request for a personal certificate through your
+ organization's directory. With directory based enrollment, you need only
+ supply your user DN and password for the directory; the directory
+ supplies the rest of the information needed for certificate issuance.
+ If the user DN and password are correct your certificate will be issued
+ automatically.
+</font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="2">
+ <tr valign="TOP">
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ <b>Important: </b></font>
+ </td>
+ <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+ Be sure to request your certificate on the same computer
+ on which you plan to use your certificate.</font>
+ </td>
+ </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">
+ <tr>
+ <td>&nbsp;</td>
+ </tr>
+</table>
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+ typeof(crypto.version) != "undefined")) {
+ document.write('<form name="ReqForm" method="post" action="/enrollment">');
+} else {
+ document.write('<form name="ReqForm" method="post" action="/enrollment" '+
+ 'onSubmit="return validate(document.forms[0])">');
+}
+//-->
+</script>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+ <b>User's Identity</b>
+<br>
+ Enter your user DN and password for your organization's directory.
+ This information will be used to verify your identity and to obtain
+ information from the directory to fill in the certificate.
+<br>
+</font>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="25%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User DN: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="TEXT" name="udn" size="45">
+ </td>
+ </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+ <tr>
+ <td width="25%" valign="TOP">
+ <div align="RIGHT">
+ <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+ </div>
+ </td>
+ <td valign="TOP">
+ <input type="PASSWORD" name="pwd" AutoComplete=off size="45">
+ </td>
+ </tr>
+</table>
+
+<!-- for Netscape Certificate Type Extension -->
+<input type="HIDDEN" name="email" value="true">
+<input type="HIDDEN" name="ssl_client" value="true">
+<!-- for Key Usage Extension -->
+<input type="HIDDEN" name="digital_signature" value=true>
+<input type="HIDDEN" name="non_repudiation" value=true>
+<input type="HIDDEN" name="key_encipherment" value=true>
+<br>
+
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" &&
+ (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When your submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'Select the length of the key to generate. The longer the key '+
+ 'length the greater the strength. You may want to check with your '+
+ 'system administrator about the length of key to specify.');
+ document.writeln('</font>');
+
+ document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+ document.writeln('<tr><td width="25%" valign=TOP>');
+ document.writeln('<div align=right>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Key Length: ');
+ document.writeln('</font>');
+ document.writeln('</div>');
+ document.writeln('</td>');
+ document.write('<td valign=TOP>');
+ document.write('<KEYGEN name="subjectKeyGenInfo">');
+ document.write('</td></tr></table>');
+}
+
+
+if (navigator.appName == "Microsoft Internet Explorer") {
+ document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('<b>Public/Private Key Information</b><br>');
+ document.writeln(
+ 'When you submit this form, your browser generates a private and '+
+ 'public key. The browser retains the private key and submits the '+
+ 'public key along with your request for a certificate. '+
+ 'The public key becomes part of your certificate. '+
+ '<P>'+
+ 'The Microsoft Base Cryptographic provider offers 512-bit key '+
+ 'encryption which is adequate for most applications today, '+
+ 'but you may select the Enhanced option if your browser offers '+
+ 'this choice and you require the higher encryption strength. '+
+ 'You may want to check with your system administrator about '+
+ 'the provider to specify.');
+ document.writeln('</font>');
+
+ document.writeln('<p>');
+ document.writeln('<td>');
+ document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+ document.writeln('Cryptographic Provider:');
+ document.writeln('</font>');
+ document.writeln('</td>');
+ document.writeln('<td>');
+ document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ document.writeln('</td>');
+ document.writeln('<p>');
+}
+
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" '+
+ 'bgcolor="#cccccc" background="/pki/images/gray90.gif">');
+document.writeln('<tr><td width=100%> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+ typeof(crypto.version) == "undefined")) {
+ document.writeln('<input type="submit" value="Submit" '+
+ 'name="submit" width="72">');
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ document.writeln('<input type="submit" value="Submit" '+
+ 'name="Send" width="72">');
+} else {
+ document.writeln('<input type="button" value="Submit" '+
+ 'name="submitbutton" '+
+ 'onclick="validate(form)" width="72">');
+}
+
+document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' +
+ '<input type="reset" value="Reset" name="reset" width="72">' +
+ '<input type="hidden" name="certType" value="client">' +
+ '<input type="hidden" name="authenticator" ' +
+ ' value="UserDnEnrollment">');
+
+if (navigator.appName == 'Netscape') {
+ if ((navMajorVersion() > 3) &&
+ (typeof(crypto.version) != 'undefined')) {
+ document.write('<input type=hidden name=CRMFRequest value="">');
+ document.write('<input type=hidden name=cmmfResponse value=true>');
+ //document.write('<input type=hidden name=certNickname value="">');
+ } else {
+ document.write('<input type="hidden" name="importCert" value="off">');
+ }
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+ (navigator.appName == "")) {
+ // navigator.appName == "" is for IE 3.
+ document.write('<input type="hidden" name="pkcs10Request" value="">');
+}
+document.writeln('</div></td></tr></table>');
+//-->
+</script>
+
+</form>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+ Dim i, j
+ Dim providers()
+ i = 0
+ j = 1
+ Dim el
+ Dim temp
+ Dim first
+ Dim TheForm
+ Set TheForm = document.ReqForm
+ On Error Resume Next
+ first = 0
+
+ Do While True
+ temp = ""
+ Enroll.providerType = j
+ temp = Enroll.enumProviders(i,0)
+ If Len(temp) = 0 Then
+ If j < 1 Then
+ j = j + 1
+ i = 0
+ Else
+ Exit Do
+ End If
+ Else
+ set el = document.createElement("OPTION")
+ el.text = temp
+ el.value = j
+ TheForm.cryptprovider.add(el)
+ If first = 0 Then
+ first = 1
+ TheForm.cryptprovider.selectedIndex = 0
+ End If
+ i = i + 1
+ End If
+ Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>