diff options
Diffstat (limited to 'base/ca/shared/webapps/ca/ee/ca')
67 files changed, 18162 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html b/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html new file mode 100644 index 000000000..79862b377 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/AIMEnroll.html @@ -0,0 +1,426 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>AIM User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/ee/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.screenname.Value <> Empty) Then + If doubleQuotes(TheForm.screenname.Value) = True Then + MsgBox "Double quotes are not allowed in the screenname field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.screenname.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.screenname.Value = Empty) Then + ret = MsgBox("You must supply your Directory screenname for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.password.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.certRequest.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +AIM User Enrollment <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's directory. With directory based enrollment, you need only + supply your user ID and password for the directory; the directory + supplies the rest of the information needed for certificate issuance. + If the user ID and password are correct your certificate will be issued + automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/ee/getCerts">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/ee/getCerts">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/ee/getCerts" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's directory. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Screen Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="screenname" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="password" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + } + + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } + +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('certRequest'); + document.write( + '<input type="hidden" name="version" value="1">'); + document.write( + '<input type="hidden" name="certRequest" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html b/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html new file mode 100644 index 000000000..4e0ca29ad --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/CMCEnrollment.html @@ -0,0 +1,189 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>CMC Request Enrollment </TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function setType(f) +{ + if ((f.certType.options[0].selected)) { + alert("You must select Certificate-Type"); + return; + } +} + +function validate(form) +{ + with (form) { + if (cmcRequest.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +CMC Request Enrollment +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a CMC full enrollment request. +<p> + After you click the Submit button, your request will be submitted to an + issuing agent for approval. The certificate will be emailed to you. +</font> + +<form method="post" action="/enrollment" +onSubmit="return validate(document.forms[0])"> + + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC Full Enrollment Request</b><br> +Paste the CMC full enrollment request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="cmcRequest" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Select Certificate Type + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Select a certificate type that corresponds to the certificate request you pasted in the text area above. </font></td> + </tr> + + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Type: </font> + </div> + </td> + <td valign="TOP"> + <SELECT NAME="certType" onchange="setType(document.forms[0])"> + <OPTION value="" SELECTED>Select Certificate-Type + <OPTION value="client">User Certificate + <OPTION value="server">Server SSL Certificate + <OPTION value="ca">CA Signing Certificate + <OPTION value="ra">RA Signing Certificate + <OPTION value="ocspResponder">OCSP Responder Signing Certificate + </SELECT> + </td> + </tr> + + <tr> + <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br> + </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br> + If you have additional comments for the person who will process your + certificate request, write them here. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="cmc"> + <input type="hidden" name="fullResponse" value="false"> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html b/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html new file mode 100644 index 000000000..bd24a212c --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/CMCRevReq.html @@ -0,0 +1,66 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> +<meta name="GENERATOR" content="Microsoft FrontPage 4.0"> +<meta name="ProgId" content="FrontPage.Editor.Document"> +<title>CMC Certificate Revocation signed by authorized agent</title> +</head> + +<body> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">CMC +Certificate Revocation signed by authorized agent</font><br> +<p><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Use +this form to revoke your certificate(s) automatically. +<p>After you click the submit button, the valid certificate with the serial +number specified in the CMC Revocation Request will get revoked automatically.</font></p> +<form method="post" action="CMCRevReq" onSubmit="return validate(document.forms[0])"> + <input type="hidden" name="authenticator" value="CMCAuth"> + <table border="0" width="772" cellspacing="2" cellpadding="2" height="341"> + <tr> + <td valign="TOP" width="762" height="34"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC + Revocation Enrollment Request</b><br> + Paste the CMC revocation request, signed by an authorized agent, + into this text area.</font></td> + </tr> + <tr> + <td width="395" height="169"><textarea name="cmcRequest" rows="12" cols="65" wrap="virtual"> +</textarea><br> + <tr> + <td valign="TOP" width="762" height="41"> + <table border="0" width="574" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td width="560"> + <div align="RIGHT"> + <input type="submit" value="submit" name="submit" width="72"> <input type="hidden" name="templateType" value="RevocationConfirmation"> + <img src="/pki/images/spacer.gif" width="6" height="6"> <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> + +</body> + +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html new file mode 100644 index 000000000..05d672f37 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html @@ -0,0 +1,364 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Certificate Based Enrollment - Directory Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + submit(); + return true; + } +} + + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/ee/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Based User Enrollment for Dual Certs - Directory Based<br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate. You +will be asked to do an SSL client authentication. The certificate you +use to authenticate should be the signing certificate that was +generated together with an encryption certificate sharing the same +subject DN. On success, the user ID and password supplied on this +form will be used to individualize the certificates eventually approved. + If SSL client authentication is successful, the certificate you use +for authentication is a signing-only certificate, the pairing +encryption cert can be found, and the user ID and password are correct your certificates will be issued + automatically. In general, after successful import of these dual +certificates, you want to remove the original pair from your database. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's directory. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for cert-based enrollment --> + <input type="hidden" name="requestFormat" value="clientAuth"> + <input type="HIDDEN" name="doSslAuth" value="on"> + <input type="HIDDEN" name="certauthEnroll" value="on"> + <input type="HIDDEN" name="certauthEnrollType" value="dual"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { +//<!-- + + } +//--> + + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); +// document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); +// document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); +// document.write( +// '<input type=hidden name=CRMFRequest value="">'); +// document.write( +// '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html new file mode 100644 index 000000000..67cb0cbdb --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html @@ -0,0 +1,508 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Cert-Based Directory Based User Enrollment Form for Encryption Cert</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + var keyGenAlg = "rsa-ex"; + //var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + //certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, "rsa-ex"); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/ee/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Based User Enrollment for Encryption Certs - Directory Based <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for an encryption certificate. You +will be asked to do an SSL client authentication. The certificate you +use to authenticate should be a signing-only certificate. On success, the user ID and password supplied on this +form will be used to individualize the certificate eventually approved. + If SSL client authentication is successful, and the user ID and +password are correct your certificate will be issued + automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's directory. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for cert-based enrollment --> + <input type="hidden" name="requestFormat" value="clientAuth"> + <input type="HIDDEN" name="doSslAuth" value="on"> + <input type="HIDDEN" name="certauthEnroll" value="on"> + <input type="HIDDEN" name="certauthEnrollType" value="encryption"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + } + + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } + +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html b/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html new file mode 100644 index 000000000..fe6910efe --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html @@ -0,0 +1,510 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Cert-Based single Directory Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + //var keyGenAlg = "rsa-ex"; + var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + //certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/ee/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Based User Enrollment for Single Certs - Directory Based <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a certificate. You +will be asked to do an SSL client authentication. The certificate you +use to authenticate must be issued by an approved authority. On success, the user ID and password supplied on this +form will be used to individualize the certificate eventually approved. + If SSL client authentication is successful, and the user ID and +password are correct your certificate will be issued + automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's directory. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for cert-based enrollment --> + <input type="hidden" name="requestFormat" value="clientAuth"> + <input type="HIDDEN" name="doSslAuth" value="on"> + <input type="HIDDEN" name="certauthEnroll" value="on"> + <input type="HIDDEN" name="certauthEnrollType" value="single"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + } + + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } + +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html b/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html new file mode 100644 index 000000000..00775b140 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ChallengeRevoke1.html @@ -0,0 +1,175 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Revoke a Certificate using a challenge password</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script> + +<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script> + +<SCRIPT LANGUAGE="JavaScript"> +function validate(form) +{ + with (form) { + if (challengePhrase.value == "") { + alert("The challenge phrase password field cannot be empty."); + return false; + } + if (certSerialToRevoke.value == "") { + alert("You must supply the Serial Number of the certificate to be revoked."); + return false; + } else { + if (isDecimalNumber(form.certSerialToRevoke.value) || + isHexNumber(form.certSerialToRevoke.value)) { + form.certSerialToRevoke.value = trim(form.certSerialToRevoke.value); + } else { + alert("You must specify a hexadecimal or decimal number " + + "for the serial number."); + return false; + } + } + } + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Revocation using a challenge password</font><br> +<p> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Use this form to revoke your certificate(s) automatically. +<p> +After you click the submit button, the valid certificate with the serial number and the matched +challenge phrase password will get revoked automatically. +</font> +<form method="post" action="challenge_revocation1" onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Certificate Revocation Information</b><br> +Please enter the serial number of the certificate to be revoked in the certificate. The serial number should be in either hexadecimal form(starting with 0x) or decimal form.</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Serial Number: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="certSerialToRevoke" size="30"> + </td> + </tr> + + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Authentication Information</b><br> +Enter the challenge password associated with this certificate for authenticating this request.</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Challenge Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="challengePhrase" AutoComplete=off size="30"> + </td> + </tr> + +</table> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Revocation Reason</b><br> +Select a revocation reason.</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + <td> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <input type="radio" checked name="reasonCode" value=0> + Unspecified<br> + <input type="radio" name="reasonCode" value=1> + Key Compromise<br> + <!--input type="radio" name="reasonCode" value=2--> + <!-- CA Compromise<br> --> + <input type="radio" name="reasonCode" value=3> + Affiliation Changed<br> + <input type="radio" name="reasonCode" value=4> + Superseded<br> + <input type="radio" name="reasonCode" value=5> + Cessation of Operation<br> + <!--input type="radio" name="reasonCode" value=6--> + <!--Certificate Hold<br>--> + <!--Value 7 is not used--> + <!--input type="radio" name="reasonCode" value=8--> + <!--Remove from CRL<br>--> + <input type="radio" name="reasonCode" value=9> + Privilege Withdrawn<br> + <!--input type="radio" name="reasonCode" value=10--> + <!--AA Compromise<br>--> + </font> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>Additional Comments</b><br> + If you want to include any additional comments in your revocation request, write them here. + </font> + </td> + </tr> + <tr> + <td> + <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea> + </td> + </tr> + <br> + + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="submit" name="submit" width="72"> + <input type="hidden" name="templateType" value="RevocationConfirmation"> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html new file mode 100644 index 000000000..1c4ca22c2 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/DirPinUserEnroll.html @@ -0,0 +1,533 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Directory and Pin-Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'UidPwdPinDirAuth' (LDAP directory+pin +// enrollment) has been configured in the console. + + +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + if (pin.value == "") { + alert("You must supply your Personal Identification Number"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + //certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + null, + "setCRMFRequest();", + 1024, null, "rsa-dual-use"); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pin.Value = Empty) Then + ret = MsgBox("You must supply your pin for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Directory And PIN Based User Enrollment <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's directory. Your user ID and + password for the directory and a one time personal identification number + (PIN) assigned by your system administrator are required for this automatic + method of certificate issuance. If the user ID, password and PIN are correct + your certificate will be issued automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> + Enter your user ID and password for your organization's directory and + the one time PIN given by your system administrator. + This information will be used to verify your identity and to obtain + information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Enter the PIN your system administrator has communicated to you for certificate enrollment.</font> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">PIN: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pin" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + + } + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } + +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="PinDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html new file mode 100644 index 000000000..703225a82 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/DirUserEnroll.html @@ -0,0 +1,517 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Directory Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- + + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'UidPwdDirAuth' (LDAP directory enrollment) +// has been configured in the console. + +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + //var keyGenAlg = "rsa-ex"; + var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + //certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Directory Based User Enrollment <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's directory. With directory based enrollment, you need only + supply your user ID and password for the directory; the directory + supplies the rest of the information needed for certificate issuance. + If the user ID and password are correct your certificate will be issued + automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's directory. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + } + + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } + +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDirEnrollment">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = j + End If + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + Else + TheForm.cryptprovider.selectedIndex = first + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html b/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html new file mode 100644 index 000000000..528341458 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/DisplayCRL.html @@ -0,0 +1,169 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE>Review Certificate Revocation List</TITLE> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function checkSubmit(form) +{ + if (form.op[0].checked) { + if (form.certSerialNumber.value != "") { + form.certSerialNumber.value = + trim(form.certSerialNumber.value); + } + if (form.certSerialNumber.value != "") { + if (!isNumber(form.certSerialNumber.value,10)) { + if (isNumber(form.certSerialNumber.value,16)) { + canonicalHex = "0x" + + removeColons(stripPrefix(form.certSerialNumber.value)); + form.certSerialNumber.value = canonicalHex; + } else { + alert("You must enter a valid hexadecimal "+ + "or decimal certificate serial number."); + return false; + } + } + } else { + alert("You must enter a certificate serial number."); + return false; + } + + if (isNegative(form.certSerialNumber.value)) { + alert("Certificate serial number can only "+ + "be represented by positive number."); + return false; + } + } + return true; +} +//--> +</SCRIPT> +</HEAD> + + +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Import Certificate Revocation List +</font><br> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Use this form to check whether a particular certificate has been revoked or +to import the latest Certificate Revocation List. +</font> + +<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Select one of these actions</b></font> + +<FORM action=getCRL method=post onSubmit="return checkSubmit(this)"> + +<table border="0" cellspacing="2" cellpadding="2"> + <tr> + <td><input type=RADIO name="op" value="checkCRL" checked></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Check whether the following certificate is revoked</font> + </td> + </tr> + <td></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Certificate serial number: </font> + <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value=""> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="importCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Import the latest CRL to your browser</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="importDeltaCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Import the latest delta CRL to your browser</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="getCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Download the latest CRL in binary form</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="getDeltaCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Download the latest delta CRL in binary form</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="displayCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Display the CRL information:</font> + <SELECT NAME="crlDisplayType"> + <OPTION VALUE="entireCRL" SELECTED>Entire CRL + <OPTION VALUE="crlHeader">CRL header + <OPTION VALUE="base64Encoded">Base64 encoded + <OPTION VALUE="deltaCRL">Delta CRL + </SELECT> + </td> + </tr> +</table> + + +<!-- this could be a text box to support different crl issue point --> +<input type=hidden name=crlIssuingPoint value="MasterCRL"> + +<br> + +<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT> + <input TYPE="hidden" NAME="pageStart" VALUE="1"> + <input TYPE="hidden" NAME="pageSize" VALUE="50"> + <input type="submit" value="Submit" name="submit" width="72"> + </td> + </tr> +</table> + +</FORM> + +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template b/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template new file mode 100644 index 000000000..771c6fb1b --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/EnrollSuccess.template @@ -0,0 +1,248 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<head> +<TITLE> +CS Enroll Request Success +</TITLE> +</head> + + +<CMS_TEMPLATE> + + +<BODY bgcolor="white"> + +<SCRIPT LANGUAGE="JavaScript"> +<!--// +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + + return sign + '0x' + '0' + absValue; +} + +function navMajorVersion() +{ + return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +// page starts here +if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) { + document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Enrollment Success'); + document.writeln('</font>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<P>'); + document.writeln('Congratulations, your certificate has been issued.'); + document.writeln('</font>'); + document.writeln('<br> '); + + if (typeof(result.recordSet) == 'undefined' || + result.recordSet == null || result.recordSet.length == 0) { + document.writeln('<P>'); + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln('No more information on your certificate is provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</PRE></B></BLOCKQUOTE>'); + } else { + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + document.writeln('<P>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.write('Your certificate in Base 64 encoded form:<BR>'); + document.writeln('</font>'); + document.write('<PRE>'); + document.writeln(result.recordSet[i].base64Cert); + document.write('</PRE>'); + document.writeln('<P>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.write('Certificate Content: <BR>'); + document.writeln('</font>'); + document.write('<PRE>'); + document.writeln(result.recordSet[i].certPrettyPrint); + document.write('</PRE>'); + } + } + if (result.fixed.keyrecId != null) { + document.write('Your key is archived successfully.'); + document.writeln('<BLOCKQUOTE><PRE>'); + document.writeln('Key Identifier: ' + toHex(result.fixed.keyrecId)); + document.writeln('</PRE></BLOCKQUOTE>'); + } + } +} + +// NOTE: importUserCertificate should be done before this point but +// it creates a javascript error that clobbers the result variable set in +// the template. + +if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined" && typeof(result.fixed.crmfReqId != "undefined")&& typeof(result.fixed.importCMC) == "undefined") { + if (result.fixed.crmfReqId != null) { + //alert('certNickname is '+result.fixed.certNickname); + //alert(result.fixed.cmmfResponse); + + // NOTE: + var errors = crypto.importUserCertificates(null, result.fixed.cmmfResponse, false); + // var errors = crypto.importUserCertificates(result.fixed.certNickname, + // result.fixed.cmmfResponse, false); + + // NOTE: Alpha version of cartman always returns a non-empty string + // from importUserCertificates() so we can only always assume succcess. + // Uncomment the following line and add appropriate javascripts/messages + // for use with a later version of cartman. + + if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) { + if (errors != '') { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<b>ERROR</b>Could not import the certificate into your browser '+ + 'using nickname '+result.fixed.certNickname+'.<p>'); + document.writeln('The following error message was returned by the browser '+ + 'when importing the certificate:'); + document.writeln('</font>'); + document.writeln('<BLOCKQUOTE><PRE>'); + document.writeln(errors); + document.writeln('</PRE></BLOCKQUOTE>'); + } else { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Your certificate was successfully imported to the browser '+ + 'with nickname '+result.fixed.certNickname); + document.writeln('</font>'); + } + } + } else { + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + + result.fixed.port + "/ee/getBySerial?serialNumber=" + + record.recordSet[i].serialNo + "&importCert=true"; + } + } + if (result.recordSet.length > 0) + alert("Your cert has been imported into the browser!"); + } +} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3) && result.fixed.importCMC == "undefined") { + if (result.fixed.authorityName == 'Certificate Manager') { + // non Cartman + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + + result.fixed.port + "/ee/getBySerial?serialNumber=" + + record.recordSet[i].serialNo + "&importCert=true"; + } + } + if (result.recordSet.length > 0) + alert("Your cert has been imported into the browser!"); + } else { + // this must be a RA + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + + result.fixed.port + "/getCertFromRequest?requestId=" + + result.fixed.requestId + "&importCert=true"; + alert("Your cert has been imported into the browser!"); + } +} + +//--> +</SCRIPT> + + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + +<SCRIPT LANGUAGE=VBS> +<!-- +'======================================================== +' +' In VBS, there are several ways in which the event handler for the +' click event can be bound to the right control. We use one of the +' methods here, which indicates the binding by appending the +' event name to the control name with an intervening '_'. +' +'======================================================== + Sub ImportCertificate + + Dim pkcs7 + + On Error Resume Next + + 'Convert the cert to PKCS7 format + pkcs7 = result.header.pkcs7ChainBase64 + If (IsEmpty(pkcs7) OR theError <> 0) Then + ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert") + Exit Sub + End If + + 'Import the PKCS7 object + Enroll.DeleteRequestCert = FALSE + Enroll.WriteCertToCSP = true + Enroll.acceptPKCS7(pkcs7) + if err.number <> 0 then + Enroll.WriteCertToCSP = false + end if + err.clear + Enroll.acceptPKCS7(pkcs7) + if err.number = 0 then + MsgBox "Certificate has been successfully imported." + else + sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred." + MsgBox sz + end if + + Exit Sub + + End Sub + + ImportCertificate() +--> +</SCRIPT> + + +<SCRIPT LANGUAGE="JavaScript"> +<!--// +if (typeof(result.fixed.replyTo) != 'undefined' && result.fixed.replyTo != null) { + //alert('replyTo='+result.fixed.replyTo); + var loc = result.fixed.replyTo; + if (result.fixed.requestId != null) + loc += "&requestId=" + result.fixed.requestId; + if (result.recordSet.length > 0 && result.recordSet[0].serialNo != null) + loc += "&certificateSerialNumber=" + result.recordSet[0].serialNo; + //alert('loc='+loc); + window.location = loc; +} +//--> +</SCRIPT> + +</font> +</BODY> +</HTML> + diff --git a/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html b/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html new file mode 100644 index 000000000..2fb78081d --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/GetCAChain.html @@ -0,0 +1,107 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE>Get CA Chain</TITLE> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript"> +</SCRIPT> +</HEAD> + + +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Import CA Certificate Chain +</font><br> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Use this form to import the CA certificate chain into your browser (users) +or your server (administrators). This is a one-time operation. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<FORM action=getCAChain method=post> + +<TABLE border=0 cellpadding=1 cellspacing=1> +<tr><td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Users + </font> +</td></tr> +<tr><td> + <input type=RADIO name="op" checked value="download"> + <input type=hidden name="mimeType" value="application/x-x509-ca-cert"> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Import the CA certificate chain into your browser + </font> +</td></tr> +<tr><td> + <input type=RADIO name="op" value="downloadBIN"> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Download the CA certificate chain in binary form + </font> +</td></tr> +<tr><td> + <input type=RADIO name="op" value="display"> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Display the CA certificate chain in PKCS#7 for importing into a server + </font> +</td></tr> +<tr><td> + <input type=RADIO name="op" value="displayIND"> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Display certificates in the CA certificate chain for importing + individually into a server + </font> +</td></tr> +</table> + +<p> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + +</FORM> + +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template b/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template new file mode 100644 index 000000000..e52764ec6 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ImportAdminCert.template @@ -0,0 +1,58 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE>VBScript Administrator Certificate Enrollment +</TITLE> +<CMS_TEMPLATE> +<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1" + codebase="xenroll.dll" + id=Enroll > +</OBJECT> +<SCRIPT language="VBScript"> +<!-- + Dim pkcs7 + + On Error Resume Next + + 'Convert the cert to PKCS7 format + pkcs7 = result.header.pkcs7 + If (IsEmpty(pkcs7) OR theError <> 0) Then + ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert") + End If + + 'Import the PKCS7 object + Enroll.DeleteRequestCert = FALSE + Enroll.WriteCertToCSP = true + Enroll.acceptPKCS7(pkcs7) + if err.number <> 0 then + Enroll.WriteCertToCSP = false + end if + err.clear + Enroll.acceptPKCS7(pkcs7) + if err.number = 0 then + MsgBox "Certificate has been successfully imported." + else + sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred." + MsgBox sz + end if +--> +</SCRIPT> +</head> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/ImportCert.template b/base/ca/shared/webapps/ca/ee/ca/ImportCert.template new file mode 100644 index 000000000..5530cf2d1 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ImportCert.template @@ -0,0 +1,268 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<CMS_TEMPLATE> + +<TITLE> +CS Enroll Request Success +</TITLE> + +<BODY bgcolor="white"> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Import Certificate +</font> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +//document.writeln('<P>'); +//document.writeln('host '+result.fixed.host+'<BR>'); +//document.writeln('port '+result.fixed.port+'<BR>'); +//document.writeln('scheme '+result.fixed.scheme+'<BR>'); +//document.writeln('authority '+result.fixed.authorityName+'<BR>'); + +function navMajorVersion() +{ + return parseInt( + navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +document.writeln('<P>'); +document.writeln('Importing the following certificate to your browser:'); + +document.writeln('<P>'); + +if (result.recordSet == null || result.recordSet.length == 0) { + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln('No more information on your certificate is provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</BLOCKQUOTE></B></PRE>'); +} else { + document.writeln('<UL>'); + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + //document.write('Serial number '); + //document.write('<BLOCKQUOTE><B><PRE>'); + //document.writeln(result.recordSet[i].serialNo); + //document.write('</BLOCKQUOTE></B></PRE>'); + //document.writeln('<P>'); + //document.write('Your certificate in Base 64 encoded form:<BR>'); + //document.write('<BLOCKQUOTE><PRE>'); + //document.writeln(result.recordSet[i].base64Cert); + //document.write('</PRE></BLOCKQUOTE>'); + document.writeln('<P>'); + document.write('Certificate Content: <BR>'); + document.write('<BLOCKQUOTE><PRE>'); + document.writeln(result.recordSet[i].certPrettyPrint); + document.write('</PRE></BLOCKQUOTE>'); + } + } + document.writeln('</UL>'); + +} + +// NOTE: importUserCertificate should be done before this point but +// it creates a javascript error that clobbers the result variable set in +// the template. + +if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined" && + typeof(result.fixed.crmfReqId) != "undefined") { + //alert('certNickname is '+result.fixed.certNickname); + //alert(result.fixed.cmmfResponse); + var errors = crypto.importUserCertificates(null, + result.fixed.cmmfResponse, false); + // var errors = crypto.importUserCertificates(result.fixed.certNickname, + // result.fixed.cmmfResponse, false); + + // NOTE: Alpha version of cartman always returns a non-empty string + // from importUserCertificates() so we can only always assume succcess. + // Uncomment the following line and add appropriate javascripts/messages + // for use with a later version of cartman. + // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below + // to check for errors returned from importUserCertificates. + if (errors != '') { + document.writeln( + '<b>ERROR</b>Could not import the certificate into your browser '+ + 'using nickname '+result.fixed.certNickname+'.<p>'); + document.writeln( + 'The following error message was returned by the browser '+ + 'when importing the certificate:'); + document.writeln('<BLOCKQUOTE><PRE>'); + document.writeln(errors); + document.writeln('</PRE></BLOCKQUOTE>'); + } + else { + document.writeln( + 'Your certificate was successfully imported to the browser '+ + 'with nickname '+result.fixed.certNickname); + } + +// document.writeln( +// 'NOTE: '+ +// 'The following was returned by the browser when importing '+ +// 'the certificate:'); +// document.writeln('<BLOCKQUOTE><PRE>'); +// document.writeln(errors); +// document.writeln('</PRE></BLOCKQUOTE>'); +// document.writeln( +// 'If there was an error message it could be that you do not have '+ +// 'the private key of the certificate you are trying to import. '+ +// 'Please consult your system administrator for assistance.'); +} + +//--> +</SCRIPT> + +<!-- +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + +<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'> +</OBJECT> +--> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +if (navigator.appName == "Microsoft Internet Explorer") { + if ((navigator.appVersion).indexOf("NT 6.") > -1) { + document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>"); + } else { + document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); + } +} +//--> +</SCRIPT> + +<SCRIPT LANGUAGE=VBS> +<!-- +'======================================================== +' +' In VBS, there are several ways in which the event handler for the +' click event can be bound to the right control. We use one of the +' methods here, which indicates the binding by appending the +' event name to the control name with an intervening '_'. +' +'======================================================== + + 'Get OS Version, works for Vista and below only + Function GetOSVersion + dim agent + dim res + dim pos + + agent = Navigator.appVersion + pos = InStr(agent,"NT 6.") + + If pos > 0 Then + GetOSVersion = 6 + Exit Function + End If + + pos = InStr(agent,"NT 5.") + + If pos > 0 Then + GetOSVersion = 5 + Exit Function + End If + + GetOSVersion = 5 + End Function + + 'Sub ImportCertificate + Sub ImportCertificate (pkcs7) + 'Dim pkcs7 + Dim res + Dim osVersion + + On Error Resume Next + osVersion = GetOSVersion() + + 'Convert the cert to PKCS7 format + 'pkcs7 = result.header.pkcs7ChainBase64 + 'ret = MsgBox(pkcs7, 0, "Import PKCS7 Cert") + If (IsEmpty(pkcs7) OR theError <> 0) Then + ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert") + Exit Sub + End If + + If osVersion <> 6 Then 'Not Vista + + 'Import the PKCS7 object + Enroll.DeleteRequestCert = FALSE + Enroll.WriteCertToCSP = true + Enroll.acceptPKCS7(pkcs7) + if err.number <> 0 then + Enroll.WriteCertToCSP = false + end if + err.clear + Enroll.acceptPKCS7(pkcs7) + if err.number = 0 then + MsgBox "Certificate has been successfully imported." + else + sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred." + MsgBox sz + end if + Exit Sub + Else 'Vista + Dim enrollObj + + Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") + If IsObject(enrollObj) = False Then + res = MsgBox("Can't create Enroll Object!") + Exit Sub + End If + + enrollObj.Initialize(1) + enrollObj.InstallResponse 0,pkcs7,6,"" + + If Err.number <> 0 Then + sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred." + res =MsgBox(sz & Err.description) + else + res = MsgBox("Certificate has been successfully imported.") + End If + End If + End Sub + + 'ImportCertificate() +--> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +if (navigator.appName == "Microsoft Internet Explorer") { + var pkcs7 = result.header.pkcs7ChainBase64; + //alert("pkcs7="+pkcs7); + ImportCertificate(pkcs7); +} +//--> +</SCRIPT> + +</font> +</BODY> +</HTML> + diff --git a/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html b/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html new file mode 100644 index 000000000..b3a9e4676 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/KeyRecovery.html @@ -0,0 +1,41 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> + <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> + <META NAME="GENERATOR" CONTENT="Mozilla/4.03 [en]C-NSCP (WinNT; U) [Netscape]"> + <TITLE>Key Recovery</TITLE> +</HEAD> +<BODY BGCOLOR="#FFFFFF"> +<SCRIPT LANGUAGE="JavaScript"> + +</SCRIPT> + +<CENTER> +<H2> +User Initiated Key Recovery</H2></CENTER> + +<BLOCKQUOTE> +<CENTER>Key Recovery is supported only for clients that support dual certificates - one for signing and another for encryption. At this time key recovery is not supported. +<p> +</CENTER> + +</BLOCKQUOTE> +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html new file mode 100644 index 000000000..851bca52e --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ManCAEnroll.html @@ -0,0 +1,162 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Request a CA Certificate</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function validate(form) +{ + with (form) { + if (pkcs10Request.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + // form.submit(); + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Manager Enrollment (for Certificate Manager Administrators) +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a subordinate certificate authority's + signing certificate. +<p> + After you click the Submit button, your request will be submitted to an + issuing agent for approval. The certificate will be emailed to you. +</font> +<form method="post" action="/enrollment/pkcs10-server" +onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br> +A PKCS #10 request is generated during the installation of the Certificate Manager. +Paste the certificate authority's PKCS #10 request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br> + </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br> + If you have additional comments for the person who will process your + certificate request, write them here. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="pkcs10"> + <input type="hidden" name="certType" value="ca"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="true" name="ssl_client"> + <input type="HIDDEN" value="true" name="email_ca"> + <input type="HIDDEN" value="true" name="ssl_ca"> + <input type="HIDDEN" value="true" name="object_signing_ca"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_certsign" value=true> + <input type="HIDDEN" name="crl_sign" value=true> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html new file mode 100644 index 000000000..9c2c86a03 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ManObjSignEnroll.html @@ -0,0 +1,693 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>User Certificate Request Form</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> +</SCRIPT> + + +<SCRIPT LANGUAGE="JavaScript"> + +function setSignType(f) +{ + if ((f.certType.options[0].selected)) { + alert("You must select Signing-Type"); + return; + } + else if (f.certType.options[1].selected) + f.object_signing.value = true; + else if (f.certType.options[2].selected) + f.object_signing.value = false; +} + +function updateEmail(f) +{ + if (f.E.value != '') { + f.csrRequestorEmail.value = f.E.value; + } + formulateDN(f, f.subject); +} + +function formDNandReload() +{ + formulateDN(document.forms[0], document.forms[0].subject); + updateEmail(document.forms[0]); +} + +function validate(form) +{ + + if ((form.certType.options[0].selected)) { + alert("You must select Signing-Type"); + return false; + } + + with (form) { + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg="; + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + //var keyGenAlg = "rsa-ex"; + var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + certNickname.value = subject.value; + crmfObject = crypto.generateCRMFRequest( + subject.value, + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN(a,b) + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.C.Value <> Empty) Then + If doubleQuotes(TheForm.C.Value) = True Then + MsgBox "Double quotes are not allowed in the Country field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "C=" & escapeDNComponent(TheForm.C.Value) + End If + + If (TheForm.O.Value <> Empty) Then + If doubleQuotes(TheForm.O.Value) = True Then + MsgBox "Double quotes are not allowed in the Organiztion field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "O=" & escapeDNComponent(TheForm.O.Value) + End If + + If (TheForm.OU.Value <> Empty) Then + If doubleQuotes(TheForm.OU.Value) = True Then + MsgBox "Double quotes are not allowed in the Org Unit field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value) + End If + + If (TheForm.UID.Value <> Empty) Then + If doubleQuotes(TheForm.UID.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value) + End If + + If (TheForm.CN.Value <> Empty) Then + If doubleQuotes(TheForm.CN.Value) = True Then + MsgBox "Double quotes are not allowed in the Common Name field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value) + End If + + If (TheForm.E.Value <> Empty) Then + If doubleQuotes(TheForm.E.Value) = True Then + MsgBox "Double quotes are not allowed in the eMail field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "E=" & escapeDNComponent(TheForm.E.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.CN.Value = Empty) Then + ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then + ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request") + Exit Sub + End If + + ' Contruct the X500 distinguished name + szName = formulateDN("","") + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection you would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.csrRequestorName.Value = TheForm.CN.Value + + ' TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<script lang=javascript> +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // shortcut for version 3.x or less, crypto is not defined + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined") { + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +//--> +</script> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Manual Object Signing Enrollment +</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for an object signing certificate. + After you click the Submit button, your request will be submitted to an + issuing agent for approval. When an issuing agent has approved your request + you will receive the certificate in email, along with instructions for + installing it. + </font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="2" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> + </font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use the certificate. + </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<p> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> + </font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Enter values for the fields you want to have in your certificate. + Your site may require you to fill in certain fields. <br>(* = required field)</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + * Full name: + </font> + </div> + </td> + <td valign="TOP"> + <input type="HIDDEN" name="csrRequestorName"> + <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="C" value="US" size=2 maxlength=2 +onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + </div> + </td> + <td valign="TOP"> </td> + </tr> + <tr> + </tr> + + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-seri +f"> + <b> + Select Signing Type + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size= +"-1"> + Select a signing type that the certificate will be used. </font></td> + </tr> + + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-se +rif">Signing Type: </font> + </div> + </td> + <td valign="TOP"> + <SELECT NAME="certType" onchange="setSignType(document.forms[0])"> + <OPTION value="" SELECTED>Select Signing-Type + <OPTION value="client">Netscape Object-Signing + <OPTION value="codeSignClient">Microsoft Authenticode + </SELECT> + </td> + </tr> + + <tr> + <td colspan="2" valign="TOP"> </td> + </tr> + + + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Contact Information + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Enter an email address or phone number at which you can be contacted + regarding this request. </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Additional Comments + </b><br> + </font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + If you have any comments for the person who will process your certificate request, write them here. + </font> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>'); + } +</script> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + document.writeln('Select the length of the key to generate. '+ + 'The longer the key length, the greater the strength. '+ + 'You may want to check with your system administrator about '+ + 'the length of key to specify.'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + } +</script> + </font> + </td> + </tr> + <tr> + <td> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + document.writeln( + '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length:'); + document.writeln('</font>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln( + '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + } +</script> + </td> + <td> +<script> + //<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + if (navigator.appName == 'Netscape') { + if (navMajorVersion() <= 3 || + typeof(crypto.version) == 'undefined') { + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //</font> + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + } + +</script> + </td> + </tr> +</table> + +<script lang=javascript> +document.write('<table border="0" width="100%" cellspacing="0" '+ + 'cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">' + + '<tr> <td> <div align="RIGHT">'); + +if (navigator.appName == "Netscape") { + + if (navMajorVersion() <= 3) { + // shortcut for version 3.x or less, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if (typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + + document.write( + '<input type="hidden" name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + document.write( + '<input type=hidden name=certNickname value="">'); + } + } +else if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); +} + +document.write( + '<input type="hidden" name="subject" value="">' + + '<input type="hidden" name="requestFormat" value="keygen">' + + '<input type="hidden" name="object_signing" value="true">' + + '<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html new file mode 100644 index 000000000..796ef0d6f --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ManRAEnroll.html @@ -0,0 +1,156 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Request a RA Certificate</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function validate(form) +{ + with (form) { + if (pkcs10Request.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + // form.submit(); + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Registration Manager Enrollment (for Registration Manager Administrators) +</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a Registration Manager's signing + certificate. The Registration Manager will use this certificate to + authenticate itself to the Certificate Manager. +<p> + After you click the Submit button, your request will be submitted to an + issuing agent for approval. The certificate will be emailed to you. +</font> +<form method="post" action="/enrollment/pkcs10-server" +onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br> + A PKCS #10 request is generated during the installation of the + Registration Manager. <br>Paste the PKCS #10 request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br> + </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br> + If you have additional comments for the person who will process your + certificate request, write them here.</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="pkcs10"> + <input type="hidden" name="certType" value="ra"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="true" name="ssl_client"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html new file mode 100644 index 000000000..148aaee7c --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ManServerEnroll.html @@ -0,0 +1,167 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Request a Server Certificate</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function validate(form) +{ + with (form) { + if (pkcs10Request.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + // form.submit(); + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Server Certificate Enrollment (for Server Administrators)</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a server certificate. You must submit + a PKCS #10 request. If you have a Netscape server, create a PKCS#10 request + by using the Netscape Administration Server instance associated with the + server for which you are requesting the certificate. In the Netscape + Administration Server forms, choose Encryption, then Request Server Certificate. +<p> + If you are not using a Netscape server, follow the appropriate steps to + generate a PKCS #10 request with the server you have. +<p> + After you click the Submit button, your request will be submitted to + an issuing agent for approval. You will receive the certificate in email + when it has been approved. +</font> +<form method="post" action="/enrollment" +onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>PKCS #10 Request</b><br> + Paste the PKCS #10 request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + </div> + </td> + <td valign="TOP"> + <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + <b>Server Administrator Contact Information<br></b> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>Additional Comments </b><br> + If you have any additional comments for the person who will process + your certificate request, write them here. </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="pkcs10"> + <input type="hidden" name="certType" value="server"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="true" name="ssl_server"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + <input type="HIDDEN" name="data_encipherment" value=true> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + <input type=hidden name="reencodeSubjectName" value="true"> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html new file mode 100644 index 000000000..e552f8e4a --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ManUserEnroll.html @@ -0,0 +1,705 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>User Certificate Request Form</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> +</SCRIPT> + + +<SCRIPT LANGUAGE="JavaScript"> + +function updateEmail(f) +{ + if (f.E.value != '') { + f.csrRequestorEmail.value = f.E.value; + } + formulateDN(f, f.subject); +} + +function formDNandReload() +{ + formulateDN(document.forms[0], document.forms[0].subject); + updateEmail(document.forms[0]); +} + +function validate(form) +{ + + if (isValidCSR(form) == false) { + //alert(' is not valid csr'); + return false; + } + with (form) { + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg="; + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + //var keyGenAlg = "rsa-ex"; + var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + certNickname.value = subject.value; + crmfObject = crypto.generateCRMFRequest( + subject.value, + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + if (challengePassword.value != confirmChallengePassword.value) { + alert("The challenge phrase password is not the same as the confirmed one."); + return false; + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN(a,b) + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.C.Value <> Empty) Then + If doubleQuotes(TheForm.C.Value) = True Then + MsgBox "Double quotes are not allowed in the Country field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "C=" & escapeDNComponent(TheForm.C.Value) + End If + + If (TheForm.O.Value <> Empty) Then + If doubleQuotes(TheForm.O.Value) = True Then + MsgBox "Double quotes are not allowed in the Organiztion field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "O=" & escapeDNComponent(TheForm.O.Value) + End If + + If (TheForm.OU.Value <> Empty) Then + If doubleQuotes(TheForm.OU.Value) = True Then + MsgBox "Double quotes are not allowed in the Org Unit field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value) + End If + + If (TheForm.UID.Value <> Empty) Then + If doubleQuotes(TheForm.UID.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value) + End If + + If (TheForm.CN.Value <> Empty) Then + If doubleQuotes(TheForm.CN.Value) = True Then + MsgBox "Double quotes are not allowed in the Common Name field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value) + End If + + If (TheForm.E.Value <> Empty) Then + If doubleQuotes(TheForm.E.Value) = True Then + MsgBox "Double quotes are not allowed in the eMail field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "E=" & escapeDNComponent(TheForm.E.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.CN.Value = Empty) Then + ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then + ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request") + Exit Sub + End If + + ' Contruct the X500 distinguished name + szName = formulateDN("","") + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection you would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.csrRequestorName.Value = TheForm.CN.Value + + ' TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<script lang=javascript> +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // shortcut for version 3.x or less, crypto is not defined + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined") { + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.writeln( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +//--> +</script> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Manual User Enrollment +</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate. After you + click the Submit button, your request will be submitted to an issuing agent + for approval. When an issuing agent has approved your request + you will receive the certificate in email, along with instructions for + installing it. + </font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="2" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> + </font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use the certificate. + </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<p> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> + </font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Enter values for the fields you want to have in your certificate. + Your site may require you to fill in certain fields. <br>(* = required field)</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + * Full name: + </font> + </div> + </td> + <td valign="TOP"> + <input type="HIDDEN" name="csrRequestorName"> + <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="C" value="US" size=2 maxlength=2 +onchange="formulateDN(this.form, this.form.subject)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + </div> + </td> + <td valign="TOP"> </td> + </tr> + <tr> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="true" name="email"> + <input type="HIDDEN" value="true" name="ssl_client"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"> </td> + </tr> + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Challenge Phrase Password (optional) + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Enter a challenge phrase password which can be used for certificate revocation. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="challengePassword" AutoComplete=off size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirmed password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="confirmChallengePassword" AutoComplete=off size="30"> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Contact Information + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Enter an email address or phone number at which you can be contacted + regarding this request. </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Additional Comments + </b><br> + </font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + If you have any comments for the person who will process your certificate request, write them here. + </font> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>'); + } +</script> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + document.writeln('Select the length of the key to generate. '+ + 'The longer the key length, the greater the strength. '+ + 'You may want to check with your system administrator about '+ + 'the length of key to specify.'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + } +</script> + </font> + </td> + </tr> + <tr> + <td> +<script> + if (navigator.appName == 'Netscape' && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + document.writeln( + '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length:'); + document.writeln('</font>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln( + '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + } +</script> + </td> + <td> +<script> + //<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + if (navigator.appName == 'Netscape') { + if (navMajorVersion() <= 3 || + typeof(crypto.version) == 'undefined') { + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //</font> + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + } + +</script> + </td> + </tr> +</table> + +<script lang=javascript> +document.write('<table border="0" width="100%" cellspacing="0" '+ + 'cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif">' + + '<tr> <td> <div align="RIGHT">'); + +if (navigator.appName == "Netscape") { + + if (navMajorVersion() <= 3) { + // shortcut for version 3.x or less, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if (typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + + document.write( + '<input type="hidden" name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + document.write( + '<input type=hidden name=certNickname value="">'); + } + } +else if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); +} + +document.write( + '<input type="hidden" name="subject" value="">' + + '<input type="hidden" name="requestFormat" value="keygen">' + + '<input type="hidden" name="certType" value="client">' + + '<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = j + End If + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + Else + TheForm.cryptprovider.selectedIndex = first + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html b/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html new file mode 100644 index 000000000..d671b4b22 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/NISUserEnroll.html @@ -0,0 +1,508 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>NIS Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="../cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'NISAuth' has been configured in the console. + +var crmfObject; +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + //certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + null, + "setCRMFRequest();", + 1024, null, "rsa-dual-use"); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your NIS uid for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your NIS password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +NIS Based User Enrollment <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's NIS. With NIS based enrollment, you need only + supply your user ID and password for the NIS; the directory + supplies the rest of the information needed for certificate issuance. + If the user ID and password are correct your certificate will be issued + automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else + if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +</script> + + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and password for your organization's NIS. This +information will be used to verify your identity and to obtain +information from the directory to fill in the certificate. + <br> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="30%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="30"> + </td> + </tr> + <tr> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +</td></tr> +</table> + + +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln('Select the length of the key to generate. '+ + 'The longer the key length, the greater the strength. '+ + 'You may want to check with your system administrator about '+ + 'the length of key to specify.'); + } + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + +//<!-- + if (navigator.appName == "Netscape") { + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td width="30%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td></table>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } +//--> + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">'); +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } + document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="NISAuth">'); + + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + //document.write( + //'<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> + document.writeln('</div> </td> </tr> </table>'); +</script> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html b/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html new file mode 100644 index 000000000..33d3733ce --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/OCSPResponder.html @@ -0,0 +1,156 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Request an OCSP Responder Certificate </TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function validate(form) +{ + with (form) { + if (pkcs10Request.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + // form.submit(); + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +OCSP Responder Enrollment +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for an OCSP Responder's signing + certificate. +<p> + After you click the Submit button, your request will be submitted to an + issuing agent for approval. The certificate will be emailed to you. +</font> +<form method="post" action="/enrollment/pkcs10-server" +onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br> +A PKCS #10 request is generated by the software that will provide OCSP responses for your CA. +Paste the OCSP responder's PKCS #10 request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br> + </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br> + If you have additional comments for the person who will process your + certificate request, write them here. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="pkcs10"> + <input type="hidden" name="certType" value="ocspResponder"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="false" name="ssl_client"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html b/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html new file mode 100644 index 000000000..820c1aa55 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html @@ -0,0 +1,213 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Request an Object Signing Certificate</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"> +function setSignType(f) +{ + if ((f.certType.options[0].selected)) { + alert("You must select Signing-Type"); + return; + } + else if (f.certType.options[1].selected) + f.object_signing.value = true; + else if (f.certType.options[2].selected) + f.object_signing.value = false; +} + +function validate(form) +{ + if ((form.certType.options[0].selected)) { + alert("You must select Signing-Type"); + return false; + } + + with (form) { + if (pkcs10Request.value == "") + { + alert("You must enter the base64-encoded certificate request."); + return false; + } + if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) { + alert("You must supply a name and either a phone number or an email address."); + return false; + } + } + // form.submit(); + return true; +} +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> + +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Object Signing Certificate Enrollment</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for an object signing certificate. After you click the Submit button, your request will be submitted to an issuing agent for approval. When an issuing agent has approved your request you will receive the certificate in email, along with instructions for installing it. +</font> +<form method="post" action="/enrollment" +onSubmit="return validate(document.forms[0])"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>PKCS #10 Request</b><br> + Paste the PKCS #10 request into this text area. + </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + </div> + </td> + <td valign="TOP"> + <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + <td valign="TOP"> + <input type="HIDDEN" value="true" name="ObjectSigning"> + </td> + </tr> + <tr> + <td colspan="2" valign="TOP"> </td> + </tr> + + <tr> + <td colspan="2" valign="TOP"> + <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b> + Select Signing Type + </b><br> + </font> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Select a signing type that the certificate will be used. </font></td> + </tr> + + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Signing Type: </font> + </div> + </td> + <td valign="TOP"> + <SELECT NAME="certType" onchange="setSignType(document.forms[0])"> + <OPTION value="" SELECTED>Select Signing-Type + <OPTION value="client">Netscape Object-Signing + <OPTION value="codeSignClient">Microsoft Authenticode + </SELECT> + </td> + </tr> + + + <tr> + <td colspan="2" valign="TOP"> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + <b>Contact Information<br></b> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorName" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorEmail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="csrRequestorPhone" size="30"> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> </td> + </tr> + <tr> + <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>Additional Comments </b><br> + If you have any additional comments for the person who will process + your certificate request, write them here. </font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> + </div> + </td> + <td valign="TOP"> + <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual"> +</textarea> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="pkcs10"> + <!-- <input type="hidden" name="certType" value="client">--> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" value="true" name="object_signing"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="key_certsign" value=true> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + <input type=hidden name="reencodeSubjectName" value="true"> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html b/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html new file mode 100644 index 000000000..8f3a373b4 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/PortalEnrollment.html @@ -0,0 +1,751 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Portal User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT> +//<!-- + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'PortalEnroll' has been configured in the console. + + +var crmfObject; + +function updateFullName(f) +{ + f.cn.value = f.givenname.value + " " + f.sn.value; +} + +function validate(form) +{ + with (form) { + if (uid.value == "") { + alert("You must supply your uid"); + return false; + } + if (userPassword.value == "") { + alert("You must supply your Password"); + return false; + } + if (userPassword.value != passwordagain.value) { + alert("Check your Password"); + return false; + } + if (givenname.value == "") { + alert("You must supply your First Name"); + return false; + } + if (sn.value == "") { + alert("You must supply your Last Name"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg="; + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + //var keyGenAlg = "rsa-ex"; + var keyGenAlg = "rsa-dual-use"; + // generate keys for nsm. + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + certNickname.value = uid.value; + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.uid.Value <> Empty) Then + If doubleQuotes(TheForm.uid.Value) = True Then + MsgBox "Double quotes are not allowed in the uid field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.uid.Value = Empty) Then + ret = MsgBox("You must supply your UID for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.userPassword.Value = Empty) Then + ret = MsgBox("You must supply your Password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.userPassword.Value <> TheForm.passwordagain.Value) Then + ret = MsgBox("You must supply consistent Password", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.givenname.Value = Empty) Then + ret = MsgBox("You must supply your First Name for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.sn.Value = Empty) Then + ret = MsgBox("You must supply your Last Name for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 0 + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Portal User Enrollment <br> +</font> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate and user registration. + This form models the standard object class "inetOrgPerson" which has many useful attributes + which can be used in real portal deployment. + Supply your user ID and password to validate your identity. Also, first name + and last name have to be provided for user registration. Other fields are optional; the server + supplies the rest of the information needed for certificate issuance. + If the user ID is unique, your certificate will be issued and user registration + will be done automatically. + </font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b> + Important: + </b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer on which you + plan to use your certificate. </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> +//<!-- + if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else if ((navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined")) { + document.write( + '<form name="ReqForm" method="post" action="/enrollment">'); + } else { + document.write( + '<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); + } +//--> +</script> + +<!-- User identity ------- --> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b><br> +Enter your user ID and Password. This +information will be used to verify your identity and to obtain a certificate.<br> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* User ID: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="uid" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="userPassword" AutoComplete=off size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirm Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="passwordagain" AutoComplete=off size="30"> + </td> + </tr> + +<!-- User information ------- --> + + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Personal Information</b><br> +Enter your personal information for registration. This +information will be used for user registration.<br>(* = required field)<br> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* First Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="givenname" size="30" onchange="updateFullName(this.form)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* Last Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="sn" size="30" onchange="updateFullName(this.form)"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Full Name: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="cn" size="40"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="mail" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization unit: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="ou" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="o" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Address: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="postaladdress" size="40"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">City: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="l" size="30"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">State/Province: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="st" size="5"> + </td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">ZIP Code: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="postalcode" size="10"> + </td> + </tr> +<!-- Notice to Administrator --> +<!-- +********************************************************************************* +**** When you want to add following fields into enrollment page. ** +**** The field name should be the same with the attribute name in objectclass ** +********************************************************************************* +--> + +<!---------- Business Category + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Business Category: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="businesscategory" size="30"> + </td> + </tr> +-----------> +<!---------- Car License + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Car License: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="carlicense" size="30"> + </td> + </tr> +-----------> +<!---------- Department Number + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Department Number: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="departmentnumber" size="10"> + </td> + </tr> +-----------> +<!---------- Description + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Description: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="description" size="10"> + </td> + </tr> +-----------> +<!-- destinationindicator, displayname, employeenumber, employeetype, facsimiletelephonenumber, + homephone, homepostaladdress, initials, internationalisdnnumber, ipegphoto, labeleduri, + mail, manager, mobile, o, ou, pager, photo, physicaldeliveryofficename, postofficebox, + preferreddeliverymethod, preferredlanguage, registeredaddress, roomnumber, secretary, + seealso, telephonenumber, teletexterminalidentifier, telexnumber, title, userpkcs12, + usersmimecertificate, x121address, x500uniqueidentifier +-----------> + + <tr> + </tr> + + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + <td valign="TOP"> + <!-- for Netscape Certificate Type Extension --> + <input type="HIDDEN" name="email" value="true"> + <input type="HIDDEN" name="ssl_client" value="true"> + <!-- for Key Usage Extension --> + <input type="HIDDEN" name="digital_signature" value=true> + <input type="HIDDEN" name="non_repudiation" value=true> + <input type="HIDDEN" name="key_encipherment" value=true> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<script> + if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<b>Key Length Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln('Select the length of the key to generate. '+ + 'The longer the key length, the greater the strength. '+ + 'You may want to check with your system administrator about '+ + 'the length of key to specify.'); + } + //else if (navigator.appName == 'Netscape' && crypto.version == "undefined") { + //document.writeln('Select the length of the key to generate. '+ + // 'The longer the key length, the greater the strength. '+ + // 'You may want to check with your system administrator about '+ + // 'the length of key to specify.'); + //} + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+ + 'system administrator about the provider to specify.'); + + document.writeln('<p>'); + } +</script> + </font></td></tr> + <tr> +<script lang=javascript> + +//<!-- + if (navigator.appName == "Netscape") { + if (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined") { + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</td>'); + document.write('<td>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + } + //else { + //alert('nsm'); + //document.writeln('<SELECT NAME=\"keyLength\">'); + //document.writeln('<OPTION VALUE=512>512 bits'); + //document.writeln('<OPTION VALUE=768>768 bits'); + //document.writeln('<OPTION VALUE=1024>1024 bits'); + //document.writeln('</SELECT>'); + //} + document.write('</td>'); + } + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); + } +//--> + +</script> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> +<script lang=javascript> +//<!-- + if (navigator.appName == "Netscape" && navMajorVersion() <= 3) { + // short cut for Nav 3.x or eariler, crypto is not defined + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } else if (navigator.appName == "Netscape" && + typeof(crypto.version) == "undefined") { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); + } + else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln( + '<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); + } + else { + // alert('nsm'); + document.writeln( + '<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); + } +//--> +</script> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + <input type="hidden" name="certType" value="client"> + <input type="hidden" name="authenticator" value="PortalEnrollment"> +<script lang=javascript> +//<!-- + if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + //alert('cmmf response'); + document.write( + '<input type=hidden name=CRMFRequest value="">'); + document.write( + '<input type=hidden name=cmmfResponse value=true>'); + document.write( + '<input type=hidden name=certNickname value="">'); + } + else { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } + } + else if ((navigator.appName == "Microsoft Internet Explorer")|| + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + //alert('pkcs10Request'); + document.write( + '<input type="hidden" name="pkcs10Request" value="">'); + } +//--> +</script> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileList.template b/base/ca/shared/webapps/ca/ee/ca/ProfileList.template new file mode 100644 index 000000000..fc063e152 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileList.template @@ -0,0 +1,71 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<CMS_TEMPLATE> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Profile +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to select a certificate profile for the request. +<p> +</font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" +width="100%"> + <tr> + <td> </td> + </tr> +</table> +<p> +<script language=javascript> +document.writeln('<table width=100%>'); +document.writeln('<tr>'); +document.writeln('<td width=40%>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<b>Certificate Profile Name</b>'); +document.writeln('</FONT>'); +document.writeln('</td>'); +document.writeln('<td width=40%>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<b>Description</b>'); +document.writeln('</FONT>'); +document.writeln('</td>'); +document.writeln('</tr>'); +for (var i = 0; i < recordSet.length; i++) { + if (recordSet[i].profileIsVisible != 'true') { + continue; + } + document.writeln('<tr>'); + if (recordSet[i].profileIsEnable == 'true') { + document.writeln('<td><li>'); + document.writeln('<a href="profileSelect?profileId=' + + recordSet[i].profileId + '">'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' + recordSet[i].profileName + '</FONT>'); + document.writeln('</a>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln(recordSet[i].profileDesc); + document.writeln('</FONT>'); + document.writeln('</td>'); + } + document.writeln('</tr>'); +} // for +document.writeln('</table>'); +</script> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template new file mode 100644 index 000000000..bcb047dbf --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSelect.template @@ -0,0 +1,865 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<CMS_TEMPLATE> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Profile +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit the request. +<p> +</font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" +width="100%"> + <tr> + <td> </td> + </tr> +</table> +<p> + +<SCRIPT LANGUAGE="JavaScript"> + +var dual = 'false'; +var encryptionKeyOnly = 'false'; +var signingKeyOnly = 'false'; + +var keyList = new Array(); +var key = new Object(); +key.type = "RSA"; +keyList[0] = key; +var key = new Object(); +key.type = "EC"; +keyList[1] = key; + +function keyTypeOptions (keyPurpose) +{ + var keyType = "RSA"; + + for (var i = 0; i < policySetListSet.length; i++) { + for (var j = 0; j < policySetListSet[i].policySet.length; j++) { + if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") { + for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) { + if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") { + if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") { + if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) { + keyType = policySetListSet[i].policySet[j].constraintSet[k].value; + } + } + } + } + } + } + } + var keyFound = 0; + for (var i = 0; i < keyList.length; i++) { + if (keyList[i].type == keyType) { + keyFound = 1; + } + } + if (keyFound == 0) { + keyType = "RSA"; + } + if ((navigator.appName == "Microsoft Internet Explorer") && + ((navigator.appVersion).indexOf("NT 6.") == -1)) { + keyType = "RSA"; + } + + return keyType; +} + +function translateCurveName (name) +{ + var translated = ""; + if (navigator.appName == "Microsoft Internet Explorer") { + if (name == "nistp256" || name == "ECDSA_P256") { + translated = "ECDSA_P256"; + } else if (name == "nistp384" || name == "ECDSA_P384") { + translated = "ECDSA_P384"; + } else if (name == "nistp521" || name == "ECDSA_P521") { + translated = "ECDSA_P521"; + } + } else { + if (name == "ECDSA_P256") { + translated = "nistp256"; + } else if (name == "ECDSA_P384") { + translated = "nistp384"; + } else if (name == "ECDSA_P521") { + translated = "nistp521"; + } else { + translated = name; + } + } + return translated; +} + +function keyLengthsCurvesOptions (keyPurpose) +{ + var keyType = "RSA"; + var options = ""; + var lengthsOrCurves = null; + var keyLengthsCurves = ""; + + for (var i = 0; i < policySetListSet.length; i++) { + for (var j = 0; j < policySetListSet[i].policySet.length; j++) { + if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") { + for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) { + if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") { + if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") { + if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) { + keyType = policySetListSet[i].policySet[j].constraintSet[k].value; + } + } + } + + if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) { + if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyParameters") { + keyLengthsCurves = policySetListSet[i].policySet[j].constraintSet[k].value; + lengthsOrCurves = keyLengthsCurves.split(","); + } + } + } + } + } + } + if ((navigator.appName == "Microsoft Internet Explorer") && + ((navigator.appVersion).indexOf("NT 6.") == -1)) { + keyType = "RSA"; + } + + var value = 0; + var l = 0; + for (l = 0 ; l < lengthsOrCurves.length; l++) { + var included = true; + + value = lengthsOrCurves[l]; + + if (keyType != "EC" && !isNumeric(value)) { + included = false; + } else if (keyType == "EC" && + navigator.appName == "Microsoft Internet Explorer" && + value != "nistp256" && value != "nistp384" && value != "nistp521" & + value != "ECDSA_P256" && value != "ECDSA_P384" && value != "ECDSA_P521") { + included = false; + } + + if (included) { + if (keyType == "EC") { + options += '<OPTION VALUE="' + translateCurveName(value) + '"'; + } else { + options += '<OPTION VALUE="' + value + '"'; + } + if (i == 0) { + options += ' SELECTED'; + } + options += '>' + value; + } + } + + if (options.length == 0) { + if (keyType != "EC") { + options = '<OPTION VALUE=1024 SELECTED>1024'; + } else { + if (navigator.appName == "Microsoft Internet Explorer") { + options = '<OPTION VALUE="ECDSA_P256">nistp256'; + } else { + options = '<OPTION VALUE="nistp256">nistp256'; + } + } + } + //alert("options="+options); + + return options; +} + +function isNumeric(sText) +{ + var validChars = "0123456789"; + var isNumber=true; + var char; + + if( !sText) + return false; + + for (i = 0; i < sText.length && isNumber == true; i++) { + char = sText.charAt(i); + if (validChars.indexOf(char) == -1) { + isNumber = false; + } + } + return isNumber; +} + +function validate() +{ + if (keygen_request == 'false') + return false; + with (document.forms[0]) { + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // Note: This archival text below only applies to CS 7.1 and earlier: + + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg="; + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + var keyTransportCert = null; + + + if (typeof(transportCert) != "undefined" && transportCert != "") { + // from CS7.2, transport certificate will be + // inserted automatically + keyTransportCert = transportCert; + } + // generate keys for nsm. + if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + var encKeyType = "rsa-ex"; + var signKeyType = "rsa-sign"; + var dualKeyType = "rsa-dual-use"; + var encKeyParams = null; + var encKeySize = 1024; + var signKeyParams = null; + var signKeySize = 1024; + var keyParams = null; + // Give this default because the ECC crytpo codes requires and integer + // for this value even if presenting ECC curve name parameter. + var keySize = 1024; + + try { + if (dual == 'true') { + + if (keyTypeOptions("encryption") == "EC") { + encKeyType = "ec-ex"; + encKeyParams = "curve=" + encKeyParam.value; + } else { + encKeySize = parseInt(encKeyParam.value); + } + + if (keyTypeOptions("signing") == "EC") { + signKeyType = "ec-sign"; + signKeyParams = "curve=" + signKeyParam.value; + } else { + signKeySize = parseInt(signKeyParam.value); + } + + crmfObject = crypto.generateCRMFRequest( + "CN=x", "regToken", "authenticator", + keyTransportCert, "setCRMFRequest();", + encKeySize, encKeyParams, encKeyType, + signKeySize, signKeyParams, signKeyType); + } else { + if (encryptionKeyOnly == 'true') { + if (keyTypeOptions("") == "EC") { + dualKeyType = "ec-ex"; + keyParams = "curve=" + keyParam.value; + } else { + dualKeyType = "rsa-ex"; + keySize = parseInt(keyParam.value); + } + } else if (signingKeyOnly == 'true') { + if (keyTypeOptions("") == "EC") { + dualKeyType = "ec-sign"; + keyParams = "curve=" + keyParam.value; + } else { + dualKeyType = "rsa-sign"; + keySize = parseInt(keyParam.value); + } + keyTransportCert = null; + } else { + if (keyTypeOptions("") == "EC") { + dualKeyType = "ec-dual-use"; + keyParams = "curve=" + keyParam.value; + } else { + keySize = parseInt(keyParam.value); + } + keyTransportCert = null; + } + crmfObject = crypto.generateCRMFRequest( + "CN=x", "regToken", "authenticator", + keyTransportCert, "setCRMFRequest();", + keySize, keyParams, dualKeyType); + } + } catch (e) { + if (typeof(crmfObject) == "undefined" || crmfObject == null) { + alert("Error generating CRMF request."); + } + } + } + return false; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + cert_request.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> + + +<script language=javascript> + var uri = 'profileSubmit'; + if (typeof(authName) != "undefined") { + if (authIsSSLClientRequired == 'true') { + uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient'; + } + } + if (navigator.appName == "Microsoft Internet Explorer") { + if ((navigator.appVersion).indexOf("NT 6.") > -1) { + document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>"); + } else { + document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>"); + } + document.writeln('<form name="ReqForm" onSubmit="if (checkRequest()) {return true;} else {window.location.reload(); return false;}" method="post" action="' + uri + '">'); + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.writeln('<form name="ReqForm" onSubmit="return validate();" method="post" action="' + uri + '">'); + } else { + document.writeln('<form name="ReqForm" method="post" action="' + uri + '">'); + } +</script> + +<SCRIPT LANGUAGE=VBS> +<!-- +'Get OS Version, works for Vista and below only +Function GetOSVersion + dim agent + dim result + dim pos + + agent = Navigator.appVersion + pos = InStr(agent,"NT 6.") + + If pos > 0 Then + GetOSVersion = 6 ' Vista + Exit Function + End If + + pos = InStr(agent,"NT 5.") + + If pos > 0 Then + GetOSVersion = 5 ' XP etc + Exit Function + End If + +' Default + GetOSVersion = 5 +End Function + +Function checkRequest + Dim TheForm + Dim szName + Dim options + Dim osVersion + Dim result + Dim keyLen + Dim keyParameter + Dim keyIndex + Set TheForm = Document.ReqForm + + checkRequest = False + + keyIndex = TheForm.all.keyLength.options.selectedIndex + If (IsNumeric(TheForm.all.keyLength.options(keyIndex).value)) Then + keyLen = CInt (TheForm.all.keyLength.options(keyIndex).value) + keyParameter = "" + Else + keyLen = 0 + keyParameter = TheForm.all.keyLength.options(keyIndex).value + End If + + osVersion = GetOSVersion() + + If osVersion <> 6 Then 'Not Vista + + ' Contruct the X500 distinguished name + szName = "CN=NAME" + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection you would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + ' Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + Enroll.GenKeyFlags = (65536 * (CLng(keyLen))) + 1 + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Function + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Function + End If + + TheForm.cert_request.Value = szCertReq + + ' TheForm.Submit + + Else 'Vista + Dim enrollment + Dim privateKey + Dim request + Dim csr + Dim objDN + + 'certUsage is "1.3.6.1.5.5.7.3.2" + + On Error Resume Next + 'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") + + If IsObject(g_objClassFactory) = False Then + result = MsgBox("Can't create Factory Object " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + + Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") + + If IsObject(enrollment) = False Then + result = MsgBox("Can't create enroll Object! " & " Error: " & Err.number & " :" & Err.description,"") + Exit Function + End If + + Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") + + If IsObject(privateKey) = False Then + result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + + Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") + + If IsObject(request) = False Then + result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + + Set algobj = g_objClassFactory.CreateObject( "X509Enrollment.CObjectId" ) + If IsObject(algobj) = False Then + result = MsgBox("Can't create OID Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + algobj.InitializeFromAlgorithmName XCN_CRYPT_ANY_GROUP_ID, XCN_CRYPT_OID_INFO_PUBKEY_ANY, AlgorithmFlagsNone, keyParameter + privateKey.Algorithm = algobj + + + privateKey.KeySpec= "1" + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + privateKey.ProviderType = index + privateKey.ProviderName = options(index).text + If keyLen > 0 Then + privateKey.Length = keyLen + End If + + szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value + + Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") + + If IsObject(objDN) = False Then + result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + + objDN.Encode szName,0 + + request.InitializeFromPrivateKey 1,privateKey,"" + request.Subject = objDN + + enrollment.InitializeFromRequest(request) + csr=enrollment.CreateRequest(1) + + If len(csr) = 0 Then + result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + End If + + TheForm.cert_request.Value = csr + + End If + checkRequest = True +End Function + +--> +</SCRIPT> + +<script language=javascript> +if (errorCode == 0) { +document.writeln('<br>'); +document.writeln('<b>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('Certificate Profile - ' + profileName); +document.writeln('</FONT>'); +document.writeln('</b>'); +document.writeln('<p>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln(profileDesc); +document.writeln('</FONT>'); +document.writeln('<p>'); +if (typeof(authName) != "undefined") { +document.writeln('<table width=100%>'); +document.writeln('<tr>'); +document.writeln('<td>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<b>'); +document.writeln('Authentication - ' + authName); +document.writeln('</b>'); +document.writeln('</FONT>'); +document.writeln('</td>'); +document.writeln('</tr>'); +document.writeln('<tr>'); +document.writeln('<td>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln(authDesc); +document.writeln('</FONT>'); +document.writeln('</td>'); +document.writeln('</tr>'); +document.writeln('</table>'); +document.writeln('<p>'); +document.writeln('<table width=100%>'); +for (var i = 0; i < authListSet.length; i++) { + document.writeln('<tr>'); + document.writeln('<td width=40%>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('<li>'); + document.writeln(authListSet[i].authName); + document.writeln('</FONT>'); + document.writeln('</td>'); + document.writeln('<td>'); + if (authListSet[i].authSyntax == 'string') { + document.writeln('<input type=text name=' + authListSet[i].authId + '>'); + } else if (authListSet[i].authSyntax == 'password') { + document.writeln('<input type=password name=' + authListSet[i].authId + '>'); + } + document.writeln('</td>'); + document.writeln('</tr>'); +} +document.writeln('</table>'); +} +document.writeln('<p>'); +document.writeln('<table width=100%>'); +document.writeln('<tr>'); +document.writeln('<td>'); +document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<b>'); +document.writeln('Inputs'); +document.writeln('</b>'); +document.writeln('</FONT>'); +document.writeln('</td>'); +document.writeln('</tr>'); +document.writeln('</table>'); +document.writeln('<p>'); +document.writeln('<table width=100%>'); +for (var m = 0; m < inputPluginListSet.length; m++) { + document.writeln('<tr>'); + document.writeln('<td spancol=2>'); + document.writeln('<b>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln(inputPluginListSet[m].inputPluginName); + document.writeln('</FONT>'); + document.writeln('</b>'); + document.writeln('</td>'); + document.writeln('</tr>'); + for (var n = 0; n < inputListSet.length; n++) { + if (inputPluginListSet[m].inputPluginId != inputListSet[n].inputPluginId) + continue; + document.writeln('<tr>'); + document.writeln('<td width=40%>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('<li>'); + document.writeln(inputListSet[n].inputName); + document.writeln('</FONT>'); + document.writeln('</td>'); + document.writeln('<td>'); + if (inputListSet[n].inputSyntax == 'string') { + document.writeln('<input type=text name=' + inputListSet[n].inputId + '>'); + } else if (inputListSet[n].inputSyntax == 'cert_request') { + document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>'); + } else if (inputListSet[n].inputSyntax == 'cert_request_type') { + document.writeln('<select name=' + inputListSet[n].inputId + '><option value="pkcs10">PKCS#10</option><option value="crmf">CRMF</option></select>'); + } else if (inputListSet[n].inputSyntax == 'dual_keygen_request') { + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>'); + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>'); + document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif"> '); + document.write(keyTypeOptions("encryption")+' (Encryption), </FONT>'); + document.write('<SELECT NAME="signKeyParam">'+keyLengthsCurvesOptions("signing")+'</SELECT>'); + document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif"> '); + document.write(keyTypeOptions("signing")+' (Signing)</FONT>'); + document.writeln('<input type=hidden name=cert_request value="">'); + dual = 'true'; + } else { + document.writeln('Not Supported<input type=hidden name=cert_request value="">'); + } + } else if ((inputListSet[n].inputSyntax == 'keygen_request') || + (inputListSet[n].inputSyntax == 'enc_keygen_request') || + (inputListSet[n].inputSyntax == 'sign_keygen_request')) { + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>'); + document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT> <SELECT NAME=\"cryptprovider\"></SELECT>'); + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>'); + document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'); + document.write(' '+keyTypeOptions("")+' '); + if (inputListSet[n].inputSyntax == 'keygen_request') { + document.write('(Encryption and Signing)</FONT>'); + } else if (inputListSet[n].inputSyntax == 'enc_keygen_request') { + document.write('(Encryption)</FONT>'); + encryptionKeyOnly = 'true'; + } else if (inputListSet[n].inputSyntax == 'sign_keygen_request') { + document.write('(Signing)</FONT>'); + signingKeyOnly = 'true'; + } + document.writeln('<input type=hidden name=cert_request value="">'); + } else { + document.writeln('<KEYGEN name=' + inputListSet[n].inputId + '>'); + } + } else if (inputListSet[n].inputSyntax == 'dual_keygen_request_type') { + keygen_request = 'true'; + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>'); + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>'); + } else { + document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>'); + } + } else if ((inputListSet[n].inputSyntax == 'keygen_request_type') || + (inputListSet[n].inputSyntax == 'enc_keygen_request_type') || + (inputListSet[n].inputSyntax == 'sign_keygen_request_type')) { + keygen_request = 'true'; + if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>'); + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>'); + } else { + document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>'); + } + } + document.writeln('</td>'); + document.writeln('</tr>'); + } +} +document.writeln('</table>'); +document.writeln('<p>'); +document.writeln('<input type=hidden name=profileId value="' + + profileId + '">'); +document.writeln('<input type=hidden name=renewal value="' + + renewal + '">'); +document.writeln('<input type=hidden name=xmlOutput value="' + + xmlOutput + '">'); +} else { + document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".'); +} +</script> +<p> +<p> +<script language=javascript> +if (errorCode == 0) { + if (navigator.appName == "Microsoft Internet Explorer") { + if (typeof(keygen_request) != "undefined") { + document.writeln('<input type=submit value="Submit">'); + } else { + document.writeln('<input type=submit value="Submit">'); + } + } else if (typeof(crypto) != "undefined" && typeof(crypto.version) != "undefined") { + document.writeln('<input type=submit value="Submit">'); + } else { + document.writeln('<input type=submit value="Submit">'); + } +} else { +} + +</script> +<SCRIPT LANGUAGE=VBS> +<!-- +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim firstE + Dim firstS + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Dim osVersion + Dim result + osVersion = GetOSVersion() + + If osVersion <> 6 Then 'Not Vista + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = i + End If + If temp = "Microsoft Strong Cryptographic Provider" Then + firstS = i + End If + If temp = "Microsoft Enhanced Cryptographic Provider v1.0" Then + firstE = i + End If + TheForm.cryptprovider.add(el) + If firstE > 0 Then + TheForm.cryptprovider.selectedIndex = firstE + ElseIf firstS > 0 Then + TheForm.cryptprovider.selectedIndex = firstS + ElseIf first > 0 Then + TheForm.cryptprovider.selectedIndex = first + Else + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + Else 'Vista + Dim csps + Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations") + If IsObject(csps) = False Then + result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"") + Exit Function + + End If + csps.AddAvailableCsps() + 'result = MsgBox(csps.Count,0,"Number of CSPS") + + Dim curName + Dim csp + Dim selected + Dim selectedS + Dim selectedE + Dim selectedEC + selected = -1 + selectedS = -1 + selectedE = -1 + selectedEC = -1 + For i = 0 to csps.Count-1 + + curName = csps.ItemByIndex(i).Name + If len(curName) > 0 Then + Set csp = document.createElement("OPTION") + csp.text = curName + csp.value = 1 + TheForm.cryptprovider.add(csp) + + If curName = "Microsoft Base Cryptographic Provider v1.0" Then + selected = i + End If + If curName = "Microsoft Strong Cryptographic Provider" Then + selectedS = i + End If + If curName = "Microsoft Enhanced Cryptographic Provider v1.0" Then + selectedE = i + End If + If curName = "Microsoft Software Key Storage Provider" Then + selectedEC = i + End If + 'result = MsgBox(curName,0,"") + End If + Next + If selectedEC >= 0 Then + TheForm.cryptprovider.selectedIndex = selectedEC + ElseIf selectedE >= 0 Then + TheForm.cryptprovider.selectedIndex = selectedE + ElseIf selectedS >= 0 Then + TheForm.cryptprovider.selectedIndex = selectedS + ElseIf selected >= 0 Then + TheForm.cryptprovider.selectedIndex = selected + Else + TheForm.cryptprovider.selectedIndex = 0 + End If + End If +End Function + +--> +</SCRIPT> +</form> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html new file mode 100644 index 000000000..90d50864d --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.html @@ -0,0 +1,30 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Certificate Profile Based Enrollment Form</TITLE> +</head> +<body> +<form name="ReqForm" method="post" action="profileSubmit"> +<input type=hidden name=request_type value="keygen"> +<KEYGEN name="request"> +<input type=submit name=Enroll value="Enroll"> +</form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template new file mode 100644 index 000000000..ce1ec122e --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/ProfileSubmit.template @@ -0,0 +1,137 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<CMS_TEMPLATE> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Profile +</font><br> + <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<p> +</font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" +width="100%"> + <tr> + <td> </td> + </tr> +</table> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<script language=javascript> + +var autoImport = 'false'; + +if (errorCode == 0) { // processed + document.write('Congratulations, your request has been processed successfully '); + document.writeln('<P>'); + for (var i = 0; i < requestListSet.length; i++) { + document.write('Your request ID is '); + document.write('<B>'+requestListSet[i].requestId+'</B>.'); + document.writeln('<P>'); + } + document.writeln('<b>'); + document.writeln('Outputs'); + document.writeln('</b>'); + document.writeln('<P>'); + document.writeln('<table width=100%>'); +for (var i = 0; i < outputListSet.length; i++) { + document.writeln('<tr valign=top>'); + document.writeln('<td>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' +); + document.writeln('<li>'); + document.writeln(outputListSet[i].outputName); + document.writeln('</FONT>'); + document.writeln('</td>'); + document.writeln('<tr valign=top>'); + document.writeln('</tr>'); + document.writeln('<td>'); + if (outputListSet[i].outputSyntax == 'string') { + document.writeln(outputListSet[i].outputVal); + } else if (outputListSet[i].outputSyntax == 'pretty_print') { + document.writeln('<pre>'); + document.writeln(outputListSet[i].outputVal); + document.writeln('</pre>'); + } + document.writeln('</td>'); + document.writeln('</tr>'); +} + document.writeln('</table>'); + document.writeln('<p>'); + document.writeln('<table width=100%>'); + document.writeln('<tr valign=top>'); + document.writeln('<td>'); + document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' +); + document.writeln('<li>'); + document.writeln('Certificate Imports'); + document.writeln('</FONT>'); + document.writeln('</td>'); + for (var i = 0; i < requestListSet.length; i++) { + document.writeln('<tr valign=top>'); + document.writeln('<td>'); +if (autoImport == 'true') { + // only support one certificate import + var loc = "getCertFromRequest?requestId="+ requestListSet[i].requestId + "&importCert=true"; + document.write("<iframe width='0' height='0' src='"+loc+"' </iframe>"); +} else { + document.writeln('<form method=post action="getCertFromRequest">'); + if (navigator.appName == "Netscape") { + document.writeln('<input type=hidden name=importCert value=true>'); + } else { + document.writeln('<input type=hidden name=importCert value=false>'); + } + document.writeln('<input type=hidden name=requestId value=' + requestListSet[i].requestId + '>'); + document.writeln('<input type=submit name="Import Certificate" value="Import Certificate">'); + document.writeln('</form>'); +} + document.writeln('</td>'); + document.writeln('</tr>'); + } + document.writeln('</table>'); +} else if (errorCode == 1) { // not submitted + document.write('Sorry, your request is not submitted. The reason is "' + errorReason + '".'); +} else if (errorCode == 2) { // pending + document.write('Congratulations, your request has been successfully '); + document.write('submitted. '); + document.write('Your request will be processed when an authorized agent '); + document.writeln('verifies and validates the information in your request.'); + document.writeln('<P>'); + for (var i = 0; i < requestListSet.length; i++) { + document.write('Your request ID is '); + document.write('<B><a href="checkRequest?requestId='); + document.write(requestListSet[i].requestId); + document.write('">'+requestListSet[i].requestId+'</a></B>.'); + document.writeln('<P>'); + } + document.write('Your can check on the status of your request with '); + document.write('an authorized agent or local administrator '); + document.writeln('by referring to this request ID.'); +} else if (errorCode == 3) { // rejected + document.write('Sorry, your request has been rejected. The reason is "' + errorReason + '"'); + document.writeln('<P>'); + for (var i = 0; i < requestListSet.length; i++) { + document.write('Your request ID is '); + document.write('<B>'+requestListSet[i].requestId+'</B>.'); + document.writeln('<P>'); + } +} else { // unknown state + document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".'); +} +</script> +</font> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template b/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template new file mode 100644 index 000000000..cb840d296 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/RenewalSuccess.template @@ -0,0 +1,217 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> + +<HTML> +<CMS_TEMPLATE> +<TITLE> +CS Renewal Request Success +</TITLE> + +<BODY bgcolor="white"> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Renewal Success +</font> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +//document.writeln('<P>'); +//document.writeln('host '+result.fixed.host+'<BR>'); +//document.writeln('port '+result.fixed.port+'<BR>'); +//document.writeln('scheme '+result.fixed.scheme+'<BR>'); +//document.writeln('authority '+result.fixed.authorityName+'<BR>'); + +function navMajorVersion() +{ + return parseInt( + navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +document.writeln('<P>'); +document.writeln( + 'Congratulations, your certificate has been successfully renewed.'); + +document.writeln('<P>'); + +if (result.recordSet == null || result.recordSet.length == 0) { + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln( + 'No more information on your renewed certificate is provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</BLOCKQUOTE></B></PRE>'); +} else { + // document.writeln('<UL>'); + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + //document.write('Serial number '); + //document.write('<BLOCKQUOTE><B><PRE>'); + //document.writeln(result.recordSet[i].serialNo); + //document.write('</BLOCKQUOTE></B></PRE>'); + document.writeln('<P>'); + document.write( + 'Your renewed certificate in Base 64 encoded form:<BR>'); + document.write('<PRE>'); + document.writeln(result.recordSet[i].base64Cert); + document.write('</PRE>'); + document.writeln('<P>'); + document.write('Certificate Content: <BR>'); + document.write('<PRE>'); + document.writeln(result.recordSet[i].certPrettyPrint); + document.write('</PRE>'); + } + } + // document.writeln('</UL>'); + +} + +// NOTE: importUserCertificate should be done before this point but +// it creates a javascript error that clobbers the result variable set in +// the template. + +if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + if (result.fixed.crmfReqId != null) { + // alert('certNickname is '+result.fixed.certNickname); + // alert(result.fixed.cmmfResponse); + var errors = crypto.importUserCertificates(null, + result.fixed.cmmfResponse, false); + // var errors = crypto.importUserCertificates(result.fixed.certNickname, + // result.fixed.cmmfResponse, false); + + // NOTE: Alpha-1 version of cartman always returns a non-empty string + // from importUserCertificates() so we can only always assume succcess. + // Uncomment the following line and add appropriate javascripts/messages + // for use with a later version of cartman. + + // This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below + // to check for errors returned from importUserCertificates. + if (errors != '') { + document.writeln( + '<b>ERROR</b>Could not import the certificate into your browser '+ + 'using nickname '+result.fixed.certNickname+'.<p>'); + document.writeln( + 'The following error message was returned by the browser '+ + 'when importing the certificate:'); + document.writeln('<BLOCKQUOTE><PRE>'); + document.writeln(errors); + document.writeln('</PRE></BLOCKQUOTE>'); + } + else { + document.writeln( + 'Your certificate was successfully imported to the browser '+ + 'with nickname '+result.fixed.certNickname); + } + +// document.writeln( +// 'NOTE: Although the certificate was issued, the browser '+ +// 'may or may not have successfully imported the certificate. '+ +// 'The following was returned by the browser when importing '+ +// 'the certificate:'); +// document.writeln('<BLOCKQUOTE><PRE>'); +// document.writeln(errors); +// document.writeln('</PRE></BLOCKQUOTE>'); +// document.writeln( +// 'If there was an error message you can import the certificate again '+ +// 'by going to the end entity port and list the certificate by '+ +// 'its serial number.'); + } else if (result.fixed.authorityName == 'Certificate Manager') { + alert("Success!!"); + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true"; + } else { + alert("Success!!"); + // this must be a RA + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" ++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true"; + } +} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3)) { + // non Cartman + if (result.fixed.authorityName == 'Certificate Manager') { + // non Cartman + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true"; + } else { + // this must be a RA + window.location = result.fixed.scheme + "://" + result.fixed.host + ":" ++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true"; + } +} + +//--> +</SCRIPT> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + +<SCRIPT LANGUAGE=VBS> +<!-- +'======================================================== +' +' In VBS, there are several ways in which the event handler for the +' click event can be bound to the right control. We use one of the +' methods here, which indicates the binding by appending the +' event name to the control name with an intervening '_'. +' +'======================================================== + Sub ImportCertificate + + Dim pkcs7 + + On Error Resume Next + + 'Convert the cert to PKCS7 format + pkcs7 = result.header.pkcs7ChainBase64 + If (IsEmpty(pkcs7) OR theError <> 0) Then + ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert") + Exit Sub + End If + + 'Import the PKCS7 object + Enroll.DeleteRequestCert = FALSE + Enroll.WriteCertToCSP = true + Enroll.acceptPKCS7(pkcs7) + if err.number <> 0 then + Enroll.WriteCertToCSP = false + end if + err.clear + Enroll.acceptPKCS7(pkcs7) + if err.number = 0 then + MsgBox "Certificate has been successfully imported." + else + sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred." + MsgBox sz + end if + + Exit Sub + + End Sub + + ImportCertificate() + +</SCRIPT> + +</font> +</BODY> +</HTML> + diff --git a/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template b/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template new file mode 100644 index 000000000..d024a3d14 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/RevocationSuccess.template @@ -0,0 +1,89 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<CMS_TEMPLATE> + +<TITLE> +CS Revocation Request Success +</TITLE> + +<BODY bgcolor="white"> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Revocation Success +</font> + +<P> +The following certificate has been revoked: + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + +<SCRIPT LANGUAGE="JavaScript"> + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + '0x' + absValue; +} + + +if (result.recordSet == null) { + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln('No further details provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</BLOCKQUOTE></B></PRE>'); +} +else if (result.recordSet.length == 0) { + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln('0'); + document.writeln('No further details provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</BLOCKQUOTE></B></PRE>'); +} else { + document.writeln('<UL>'); + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + document.write('Serial number '); + document.write('<BLOCKQUOTE><B><PRE>'); + document.writeln(toHex(result.recordSet[i].serialNo)); + document.write('</BLOCKQUOTE></B></PRE>'); + document.write('</PRE></BLOCKQUOTE>'); + } + } + document.writeln('</UL>'); +} +document.writeln('</PRE></B></BLOCKQUOTE>'); + +document.writeln('<P>'); +</SCRIPT> + +</font> +</BODY> +</HTML> + diff --git a/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html new file mode 100644 index 000000000..f4798d473 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/UserDnEnroll.html @@ -0,0 +1,472 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Directory Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript"> +<!--// + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'UdnPwdDirAuth' (LDAP directory enrollment) +// has been configured in the console. + +var crmfObject; +function validate(form) +{ + with (form) { + if (udn.value == "") { + alert("You must supply your dn"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + var keyGenAlg = "rsa-dual-use"; + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.udn.Value <> Empty) Then + If doubleQuotes(TheForm.udn.Value) = True Then + MsgBox "Double quotes are not allowed in the dn field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.udn.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.udn.Value = Empty) Then + ret = MsgBox("You must supply your Directory dn for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Directory Based User Enrollment +</font> +<br> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's directory. With directory based enrollment, you need only + supply your user DN and password for the directory; the directory + supplies the rest of the information needed for certificate issuance. + If the user DN and password are correct your certificate will be issued + automatically. +</font> + +<table border="0" cellspacing="0" cellpadding="2" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + <b>Important: </b></font> + </td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer + on which you plan to use your certificate.</font> + </td> + </tr> +</table> + +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> +<!--// +if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 || + typeof(crypto.version) != "undefined")) { + document.write('<form name="ReqForm" method="post" action="/enrollment">'); +} else { + document.write('<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); +} +//--> +</script> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b> +<br> + Enter your user DN and password for your organization's directory. + This information will be used to verify your identity and to obtain + information from the directory to fill in the certificate. +<br> +</font> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="25%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User DN: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="udn" size="45"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="25%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="45"> + </td> + </tr> +</table> + +<!-- for Netscape Certificate Type Extension --> +<input type="HIDDEN" name="email" value="true"> +<input type="HIDDEN" name="ssl_client" value="true"> +<!-- for Key Usage Extension --> +<input type="HIDDEN" name="digital_signature" value=true> +<input type="HIDDEN" name="non_repudiation" value=true> +<input type="HIDDEN" name="key_encipherment" value=true> +<br> + + +<script lang="javascript"> +<!--// +if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + document.writeln('</font>'); + + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + document.writeln('<tr><td width="25%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + document.write('</td></tr></table>'); +} + + +if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key '+ + 'encryption which is adequate for most applications today, '+ + 'but you may select the Enhanced option if your browser offers '+ + 'this choice and you require the higher encryption strength. '+ + 'You may want to check with your system administrator about '+ + 'the provider to specify.'); + document.writeln('</font>'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); +} + + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" '+ + 'bgcolor="#cccccc" background="/pki/images/gray90.gif">'); +document.writeln('<tr><td width=100%> <div align="RIGHT">'); + +if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined")) { + document.writeln('<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); +} else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln('<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); +} else { + document.writeln('<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); +} + +document.write('<img src="/pki/images/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDnEnrollment">'); + +if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + document.write('<input type=hidden name=CRMFRequest value="">'); + document.write('<input type=hidden name=cmmfResponse value=true>'); + //document.write('<input type=hidden name=certNickname value="">'); + } else { + document.write('<input type="hidden" name="importCert" value="off">'); + } +} else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + document.write('<input type="hidden" name="pkcs10Request" value="">'); +} +document.writeln('</div></td></tr></table>'); +//--> +</script> + +</form> + +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html b/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html new file mode 100644 index 000000000..df65046b6 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/UserRenewal.html @@ -0,0 +1,98 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>User Certificate Renewal</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +</head> +<body bgcolor="#FFFFFF" onload=checkClientTime()> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Renewal</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to renew your certificate automatically. + <p> + After you click the Submit button, a window will pop up with a list of + certificates you can send to the server. Select the + certificate you want to renew from this window. + </font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="2" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> + </font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to make this request on the same computer on which you plan to use + your renewed certificate. + </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<form method="post" action="/renewal"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b> + </b><br> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="requestFormat" value="clientAuth"> + <input type="hidden" name="certType" value="client"> + <input type="hidden" name="doSslAuth" value="on"> +<script lang=javascript> +//<!-- + if (navigator.appName == 'Netscape') { + document.write( + '<input type="hidden" name="importCert" value="off">'); + } +//--> +</script> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html b/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html new file mode 100644 index 000000000..83f0091a8 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/UserRevocation.html @@ -0,0 +1,118 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>User Certificate Revocation Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Revocation</font><br> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to revoke your certificate automatically. +<p> + After you click the submit button, a window will pop up with a list of + certificates you can send to the server. Select the certificate you + want to revoke from this window. +</font> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<table border="0" cellspacing="2" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> + </font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + This is an irreversible operation. If you still want to continue, + be sure to request revocation on the computer where the private key and + certificate to be revoked are stored. + </font></td> + </tr> +</table> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<form method="post" action="revocation"> + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b> + Revocation Reason</b><br> +Select a revocation reason</font></td> + </tr> + <tr> + <td valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + </font> + </div> + </td> + <td> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <input type="radio" checked name="reasonCode" value=0> + Unspecified<br> + <input type="radio" name="reasonCode" value=1> + Key Compromise<br> + <!--input type="radio" name="reasonCode" value=2--> + <!-- CA Compromise<br> --> + <input type="radio" name="reasonCode" value=3> + Affiliation Changed<br> + <input type="radio" name="reasonCode" value=4> + Superseded<br> + <input type="radio" name="reasonCode" value=5> + Cessation of Operation<br> + <!--input type="radio" name="reasonCode" value=6--> + <!--Certificate Hold<br>--> + <!--Value 7 is not used--> + <!--input type="radio" name="reasonCode" value=8--> + <!--Remove from CRL<br>--> + <input type="radio" name="reasonCode" value=9> + Privilege Withdrawn<br> + <!--input type="radio" name="reasonCode" value=10--> + <!--AA Compromise<br>--> + </font> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/pki/images/gray90.gif"> + <tr> + <td> + <div align="RIGHT"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="op" value="RevocationRequest"> + <input type="hidden" name="certType" value="client"> + <input type="hidden" name="templateType" value="RevocationConfirmation"> + <input type="hidden" name="doSslAuth" value="on"> + <img src="/pki/images/spacer.gif" width="6" height="6"> + <input type="reset" value="Reset" name="reset" width="72"> + </div> + </td> + </tr> + </table> + </td> + </tr> + </table> + </form> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/bench2k.html b/base/ca/shared/webapps/ca/ee/ca/bench2k.html new file mode 100755 index 000000000..ab667f47f --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/bench2k.html @@ -0,0 +1,58 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + <meta name="GENERATOR" content="Mozilla/4.5 [en] (WinNT; U) [Netscape]"> + <title>benchmark1</title> +</head> +<body> +This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br>This is a file used for benchmarking HTTP Operations. +<br> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/checkRequest.html b/base/ca/shared/webapps/ca/ee/ca/checkRequest.html new file mode 100644 index 000000000..2fbaa048d --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/checkRequest.html @@ -0,0 +1,76 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Check Request Status</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script> + +</head> + +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> +<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Check Request Status</font> +<br> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Use this form to verify status of the specified certificate request. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<form ACTION="checkRequest" METHOD=POST> + +<p> + +<table BORDER=0 CELLSPACING=2 CELLPADDING=2> + <tr> + <td><input type=RADIO name="format" value="id" checked></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Enter a request identifying number (in decimal form).</font> + </td> + </tr> + <td></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Request identifier: </font> + <input type=text size=10 MAXLENGTH=99 name="requestId" value=""> + </td> + </tr> + +</table> + +<p> +<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT BGCOLOR="#E5E5E5"> + <input type="submit" value="Submit" name="submit" width="72"> + + </td> + </tr> +</table> +</form> +</body> +</html> + + diff --git a/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template b/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template new file mode 100644 index 000000000..e9b4d72bf --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/displayBySerial.template @@ -0,0 +1,224 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Display Certificate</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<CMS_TEMPLATE> + + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +function navMajorVersion() +{ + return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +function addEscapes(str) +{ + var outStr = str.replace(/</g, "<"); + outStr = outStr.replace(/>/g, ">"); + return outStr; +} + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + + return sign + '0x' + '0' + absValue; +} +//--> +</SCRIPT> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +document.write(' ' + '0x0'+result.header.serialNumber); +if (navigator.appName == 'Netscape' && + navMajorVersion() > 3 && + typeof(crypto.version) != "undefined") { + document.write( + '<input type=hidden name=cmmfResponse value=true>'); +} + +//--> +</SCRIPT> +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Certificate contents</font></td></tr></table> + +<pre> +<SCRIPT LANGUAGE="JavaScript"> +document.write(addEscapes(result.header.certPrettyPrint)); +</SCRIPT> +</pre> + +<p> +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Installing this certificate in a server</font></td></tr></table> + +<p> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +The following format can be used to install this certificate into a server. +<p> +Base 64 encoded certificate +</font> +<p><pre> +-----BEGIN CERTIFICATE----- +<SCRIPT LANGUAUGE="JavaScript"> +document.write(result.header.certChainBase64); +</SCRIPT> +-----END CERTIFICATE----- +</pre> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<p> +Base 64 encoded certificate with CA certificate chain in pkcs7 format +</font> +<p><pre> +-----BEGIN CERTIFICATE----- +<SCRIPT LANGUAUGE="JavaScript"> +document.write(result.header.pkcs7ChainBase64); +</SCRIPT> +-----END CERTIFICATE----- +</pre> + +<br><p> +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Importing this certificate</font></td></tr></table> +<p> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +To import the certificate into your client, click the following button. +</font> +<p> + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + +<SCRIPT LANGUAGE=VBS> +<!-- +'======================================================== +' +' In VBS, there are several ways in which the event handler for the +' click event can be bound to the right control. We use one of the +' methods here, which indicates the binding by appending the +' event name to the control name with an intervening '_'. +' +'======================================================== + Sub ImportCertificate_OnClick + + Dim pkcs7 + + On Error Resume Next + + 'Convert the cert to PKCS7 format + pkcs7 = result.header.pkcs7ChainBase64 + If (IsEmpty(pkcs7) OR theError <> 0) Then + ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert") + Exit Sub + End If + + 'Import the PKCS7 object + Enroll.DeleteRequestCert = FALSE + Enroll.WriteCertToCSP = true + Enroll.acceptPKCS7(pkcs7) + if err.number <> 0 then + Enroll.WriteCertToCSP = false + end if + err.clear + Enroll.acceptPKCS7(pkcs7) + if err.number = 0 then + MsgBox "Certificate has been successfully imported." + else + sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred." + MsgBox sz + end if + + Exit Sub + + End Sub +--> +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript"> +document.write("<center>"); +var loc = 'getBySerial?serialNumber='+ result.header.serialNumber; +if (navigator.appName == "Netscape") { + loc = loc + '&importCert=true'; + if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") { + loc = loc + '&cmmfResponse=true'; + } +} +document.write('<form>\n'+ + '<INPUT TYPE=\"button\" VALUE=\"Import Your Certificate\"'+ + ' onClick=\"location.href=\''+ loc + '\'\">\n'+ + '</form>\n'); +//document.write('<INPUT TYPE=BUTTON VALUE=\"Import Certificate\" NAME=\"ImportCertificate\">'); + +if (navigator.appName == "Netscape" && + result.header.emailCert != null && + result.header.emailCert == true) { + var loc1 = 'getBySerial?serialNumber='+ result.header.serialNumber; + if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") { + loc1 = loc1 + '&cmmfResponse=true'; + } + else { + loc1 = loc1 + '&importCert=true&emailCert=true'; + } + document.write('<form>\n'+ + '<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+ + ' onClick=\"location.href=\''+ loc1 + '\'\">\n'+ + '</form>\n'); +} + +document.write("</center>"); +</SCRIPT> + +</font> +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template b/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template new file mode 100644 index 000000000..f8f306499 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/displayBySerial2.template @@ -0,0 +1,131 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Display Certificate</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<CMS_TEMPLATE> + + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +function navMajorVersion() +{ + return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + + return sign + '0x' + '0' + absValue; +} +//--> +</SCRIPT> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +document.write(' ' + '0x0'+result.header.serialNumber); +if (navigator.appName == 'Netscape' && + navMajorVersion() > 3 && + typeof(crypto.version) != "undefined") { + document.write( + '<input type=hidden name=cmmfResponse value=true>'); +} + +//--> +</SCRIPT> +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Certificate contents</font></td></tr></table> + +<pre> +<SCRIPT LANGUAGE="JavaScript"> +document.write(result.header.certPrettyPrint); +</SCRIPT> +</pre> + +<p> +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Installing this certificate in a server</font></td></tr></table> + +<p> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +The following format can be used to install this certificate into a server. +<p> +Base 64 encoded certificate +</font> +<p><pre> +-----BEGIN CERTIFICATE----- +<SCRIPT LANGUAUGE="JavaScript"> +document.write(result.header.certChainBase64); +</SCRIPT> +-----END CERTIFICATE----- +</pre> + +<br><p> +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left" bgcolor="#e5e5e5"><td align="left"> +<font face="PrimaSans BT, Verdana, sans-serif" size="-1"> +Downloading this certificate</font></td></tr></table> +<p> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +To download the certificate into your system, click the following button. +</font> +<p> + +<SCRIPT LANGUAGE="JavaScript"> +document.write("<center>"); +var loc = '/getBySerial?serialNumber='+ result.header.serialNumber; +document.write('<form>\n'+ + '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+ + ' onClick=\"location.href=\''+ loc + '\'\">\n'+ + '</form>\n'); + +document.write("</center>"); +</SCRIPT> + +</font> +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCRL.template b/base/ca/shared/webapps/ca/ee/ca/displayCRL.template new file mode 100644 index 000000000..e829387c1 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/displayCRL.template @@ -0,0 +1,227 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>CRL Info</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +</head> + +<CMS_TEMPLATE> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1"> +Certificate Revocation List +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> +<br> + + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function doNext() +{ + var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)? + result.header.crlIssuingPoint: "MasterCRL"; + var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)? + result.header.crlDisplayType: "entireCRL"; + var loc = location.protocol + '//' + location.hostname + ':' + + location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+ + '&crlDisplayType='+dt+'&pageStart='+ + (parseInt(result.header.pageStart)+parseInt(document.displayCRLForm.pageSize.value))+ + '&pageSize='+parseInt(document.displayCRLForm.pageSize.value); + location.href = loc; +} + +function doPrevious() +{ + var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)? + result.header.crlIssuingPoint: "MasterCRL"; + var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)? + result.header.crlDisplayType: "entireCRL"; + var loc = location.protocol + '//' + location.hostname + ':' + + location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+ + '&crlDisplayType='+dt+'&pageStart='+ + (parseInt(result.header.pageStart)-parseInt(document.displayCRLForm.pageSize.value))+ + '&pageSize='+parseInt(document.displayCRLForm.pageSize.value); + location.href = loc; +} + + +if (result.header.toDo != null && result.header.toDo == "displayCRL") { + if (result.header.crlNumber != null && + (result.header.crlSize != null || result.header.deltaCRLSize != null) && + result.header.crlIssuingPoint != null) { + + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate revocation list summary</font></td></tr></table>'); + + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr><td align="right" width="40%">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('CRL issuing point:</font></td>'); + document.writeln('<td align="left">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln(result.header.crlIssuingPoint+'</font></td></tr>'); + document.writeln('<tr><td align="right" width="40%">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('CRL number:</font></td>'); + document.writeln('<td align="left">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln(result.header.crlNumber+'</font></td></tr>'); + document.writeln('<tr><td align="right" width="40%">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('Number of CRL entries:</font></td>'); + document.writeln('<td align="left">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + if (result.header.deltaCRLSize != null) + document.writeln(result.header.deltaCRLSize+'</font></td></tr>'); + else + document.writeln(result.header.crlSize+'</font></td></tr>'); + if (result.header.crlDescription != null) { + document.writeln('<tr><td align="right" width="40%">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('CRL issuing point description:</font></td>'); + document.writeln('<td align="left">'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln(result.header.crlDescription+'</font></td></tr>'); + } + document.writeln('</table><br>'); + } + if (result.header.crlPrettyPrint != null) { + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate revocation list contents</font></td></tr></table>'); + document.writeln('<pre>'); + document.writeln(result.header.crlPrettyPrint); + document.writeln('</pre>'); + } + if (result.recordSet.length > 0) { + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>'); + + document.writeln('<pre>'); + document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----'); + for (var i = 0; i < result.recordSet.length; i++) { + document.writeln(result.recordSet[i].crlBase64Encoded); + } + document.writeln('-----END CERTIFICATE REVOCATION LIST-----'); + document.writeln('</pre>'); + } else if (result.header.crlBase64 != null) { + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>'); + + document.writeln('<pre>'); + document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----'); + document.writeln(result.header.crlBase64); + document.writeln('-----END CERTIFICATE REVOCATION LIST-----'); + document.writeln('</pre>'); + } + if (result.header.crlPrettyPrint == null && + result.header.crlBase64 == null && + result.recordSet.length == 0) { + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate revocation list is not found.'); + if (result.header.error != null) { + document.writeln('<br> Additional information:'); + document.writeln('<br> '); + document.writeln(result.header.error); + } + document.writeln('</font>'); + } + if (result.header.crlSize != null && + result.header.pageSize != null && + result.header.pageStart != null && + (parseInt(result.header.crlSize) > parseInt(result.header.pageSize))) { + + document.writeln('<FORM NAME="displayCRLForm" ACTION="getCRL" METHOD=POST>'); + document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">'); + document.writeln('<tr><td ALIGN=LEFT BGCOLOR="#E5E5E5">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + var upperLimit = 0; + if (parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1 > + parseInt(result.header.crlSize)) { + upperLimit = parseInt(result.header.crlSize); + } else { + upperLimit = parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1; + } + document.writeln(result.header.pageStart+'-'+upperLimit+ + ' of '+result.header.crlSize+' CRL entries'); + document.writeln('</font></td>'); + document.writeln('<td ALIGN=RIGHT BGCOLOR="#E5E5E5">'); + var n = 0; + if (parseInt(result.header.pageStart) > 1) { + document.writeln('<INPUT TYPE="button" VALUE="Previous" width="72"'+ + ' onClick="doPrevious();"> '); + n++; + } + if (parseInt(result.header.pageStart) + parseInt(result.header.pageSize) - 1 < + parseInt(result.header.crlSize)) { + document.writeln('<INPUT TYPE="button" VALUE="Next" width="72"'+ + ' onClick="doNext();"> '); + n++; + } + if (n > 0) { + document.writeln('<INPUT TYPE=text SIZE=4 MAXLENGTH=8 NAME=pageSize VALUE='+ + result.header.pageSize+'> '); + } + + document.writeln('</td></tr></table>'); + document.writeln('</FORM>'); + } + +} else if (result.header.toDo != null && + (result.header.toDo == "checkCRL" || result.header.toDo == "checkCRLcache")) { + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + if (result.header.isOnCRL != null && result.header.isOnCRL == true && + result.header.certSerialNumber != null) { + document.writeln('Certificate serial number '+ + result.header.certSerialNumber + + ' is on the certificate revocation list.'); + } else if (result.header.isOnCRL != null && result.header.isOnCRL == true) { + document.writeln('The requested certificate serial number'+ + ' is on the certificate revocation list.'); + } else if (result.header.isOnCRL != null && result.header.isOnCRL == false && + result.header.certSerialNumber != null) { + document.writeln('Certificate serial number '+ + result.header.certSerialNumber + + ' is not on the certificate revocation list.'); + } else if (result.header.isOnCRL != null && result.header.isOnCRL == false) { + document.writeln('The requested certificate serial number'+ + ' is not on the certificate revocation list.'); + } + document.writeln('</font>'); +} else { + document.writeln('Unknown operation.'); +} +//--> +</SCRIPT> + +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template b/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template new file mode 100644 index 000000000..4e93919f5 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/displayCaCert.template @@ -0,0 +1,111 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>CA Certificate Chain</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +</head> + +<CMS_TEMPLATE> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1"> +CA Certificate Chain +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width= +"100%"> + <tr> + <td> </td> + </tr> +</table> +<br> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +if (result.header.displayFormat == "chain") { + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'); + document.writeln('<center><b>' + result.header.subjectdn); + document.writeln('</b></center><p></font><br>'); + document.writeln('<pre>'); + document.writeln('-----BEGIN CERTIFICATE-----'); + document.writeln(result.header.chainBase64); + document.writeln('-----END CERTIFICATE-----'); + document.writeln('</pre>'); +} else if (result.header.displayFormat == "individual") { + if (result.recordSet.length == 0) { + document.write( + "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">No Certificates Found in CA chain</font>\n"); + } else { + document.write("\n"+ + "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+ + "Total number of certificates: "+ result.header.length + + "</font><p>\n"); + for(var i = 0; i < result.recordSet.length; ++i ) { + displayCertificate(result.recordSet[i],i+1); + } + } +} else { + document.writeln('Unknown operation.'); +} + +function displayCertificate(cert,i) +{ + document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%">' + '\n' + + ' <tr>' + '\n' + + ' <td> </td>' + '\n' + + ' </tr>' + '\n' + + '</table>' + '\n' + + '<br>'); + document.writeln("Certificate " + i + ": <p>"); + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate Subject DN </font></td></tr></table>'); + document.writeln(''); + document.writeln("<b>"+cert.subjectdn+"</b><p>"); + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate in base64 encoded format </font></td></tr></table>'); + document.writeln(''); + document.writeln('<pre>'); + document.writeln('-----BEGIN CERTIFICATE-----'); + document.writeln(cert.base64); + document.writeln('-----END CERTIFICATE-----'); + document.writeln('</pre>'); + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate Contents </font></td></tr></table>'); + document.writeln("<pre>"); + document.writeln(cert.certDetails); + document.writeln("</pre>"); + document.writeln("<p>"); + document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); + document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">'); + document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'); + document.writeln('Certificate Fingerprint </font></td></tr></table>'); + document.writeln(''); + document.writeln("<p><pre>"+cert.fingerprints+"</pre></font><p>"); +} +//--> +</SCRIPT> + +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template b/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template new file mode 100644 index 000000000..aafa17aca --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/displayCertFromRequest.template @@ -0,0 +1,177 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<CMS_TEMPLATE> + +<TITLE> +CS Enroll Request Success +</TITLE> + +<script language="javascript"> + +function navMajorVersion() +{ + return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf("."))); +} + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + + return sign + '0x' + '0' + absValue; +} + +function displayCert(cert) +{ + document.writeln( + '<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'+ + 'Certificate 0x'+ cert.serialNo+ + '</font><br>'); + document.writeln( + '<table border="0" cellspacing="0" cellpadding="0" '+ + 'background="/pki/images/hr.gif" width="100%">'+ + '<tr>'+ + '<td> </td>'+ + '</tr>'+ + '</table>'); + + document.writeln( + '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+ + '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+ + '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+ + 'Certificate contents</font></td></tr></table>'+ + '<pre>'+ + cert.certPrettyPrint+ + '</pre>'); + + document.writeln('<p>'+ + '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+ + '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+ + '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+ + 'Certificate fingerprint</font></td></tr></table>'+ + '<pre>'+ + cert.certFingerprint+ + '</pre>'+ + '</font>'); + + document.writeln('<p>'+ + '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+ + '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+ + '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+ + 'Installing this certificate in a server</font></td></tr></table>'+ + '<p>'+ + '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+ + 'The following format can be used to install this certificate '+ + 'into a server.'+ + '</font>'+ + '<p><pre>'+ + //'-----BEGIN CERTIFICATE-----'+ + cert.base64Cert+ + //'-----END CERTIFICATE-----'+ + '</pre>'); + +} + +function importCertificates(numCerts, requestId) +{ + var grammar = 'this'; + var plural = ''; + if (numCerts > 1) { + grammar = 'these'; + plural = 's' + } + document.writeln( '<p>'+ + '<table border="0" cellspacing="2" cellpadding="2" width="100%">'+ + '<tr align="left" bgcolor="#e5e5e5"><td align="left">'+ + '<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+ + 'Importing certificate</font></td></tr></table>'+ + '<p>'+ + '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+ + 'To import '+grammar+' certificate'+plural+' into your client, '+ + 'click the following button.'+ + '</font>'+ + '<p>'); + + var loc = '/getCertFromRequest?requestId='+result.header.requestId; + if (navigator.appName == "Netscape") { + if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") + loc = loc+'&cmmfResponse=true'; + else + loc = loc + '&importCert=true'; + } + document.writeln('<center>'); + document.writeln('<form>\n'+ + '<INPUT TYPE=\"button\" VALUE=\"Import Certificate'+ + plural+'\"'+ + ' onClick=\"location.href=\''+ loc + '\'\">\n'+ + '</form>\n'); + document.writeln('</center>'); +} +</script> + +<!--BODY bgcolor="white"--> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> + + +<SCRIPT LANGUAGE="JavaScript"> + +//document.writeln('<P>'); +//document.writeln('host '+result.fixed.host+'<BR>'); +//document.writeln('port '+result.fixed.port+'<BR>'); +//document.writeln('scheme '+result.fixed.scheme+'<BR>'); +//document.writeln('authority '+result.fixed.authorityName+'<BR>'); + +//document.writeln('<P>'); +//document.writeln('Issued Certs: '); + +if (result.recordSet == null || result.recordSet.length == 0) { + document.writeln('<BLOCKQUOTE><B><PRE>'); + document.writeln('No further details provided.'); + document.writeln('Please consult your local administrator for assistance.'); + document.writeln('</BLOCKQUOTE></B></PRE>'); +} else { + //document.writeln('<UL>'); + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNo != null) { + displayCert(result.recordSet[i]); + } + } + //document.writeln('</UL>'); + importCertificates(result.recordSet.length, result.header.requestId); + +} +//document.writeln('</PRE></B></BLOCKQUOTE>'); +document.writeln('<P>'); +</SCRIPT> + + +</BODY> +</HTML> + diff --git a/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html b/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html new file mode 100644 index 000000000..cebdc1aec --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/enrollMenu.html @@ -0,0 +1,31 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Enrollment Menu</title> +</head> + +<script lang="javascript" src="/ca/ee/dynamicVars.js"></script> +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[0].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/index.html b/base/ca/shared/webapps/ca/ee/ca/index.html new file mode 100644 index 000000000..80d8415d1 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/index.html @@ -0,0 +1,388 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>CA End-Entity</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<link rel="shortcut icon" href="/pki/images/favicon.ico" /> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/ca/ee/dynamicVars.js"></script> +<script lang="javascript" src="/ca/ee/cms-funcs.js"></script> +<script lang="javascript"> +<!--// +function doResize() { + // used by tabs.html + // don't call resize for IE - it sometimes crashes + if (navigator.appName == 'Netscape' && + ((navMajorVersion() < 4) || + (typeof(crypto.version) == "undefined"))) { + top.reloadTabs(-1); + } +} + +function tabItem(name, link, menu, defaultIndex) +{ + this.name = name; + this.blackname = name.fontcolor('black'); + this.whitename = name.fontcolor('white'); + this.link = link; + this.menu = menu; + this.defaultIndex = defaultIndex; + this.currentIndex = defaultIndex; +} + +function initTabs() +{ + + top.tabs = new Array(); + + var name; + top.tabsCount=0; + + name = 'Enrollment / Renewal'; + top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html', + top.ProfileMenu, 1); + if (http != 'true') { + name = 'Revocation'; + top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html', + top.RevocationMenu, 0); + } + + name = 'Retrieval'; + top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html', + top.RetrievalMenu, 0); + + top.tabsSelectedIndex = 0; + +} + + +function menuItem(name, link, desc) +{ + this.name = name; + this.link = link; + this.seldesc = desc.fontcolor('blue'); // text when selected + this.unseldesc = desc.fontcolor('black'); // text when unselected + this.desc = desc; +} + +function initMenus() +{ + initProfileMenu(); + if (http != 'true') { + initRevocationMenu(); + } + initRecoveryMenu(); + initRetrievalMenu(); +} + +function initProfileMenu() +{ + top.ProfileMenu = new Array(); + + var name = 'profileList'; + top.ProfileMenu[0] = new menuItem(name, 'profileList', + 'List Certificate Profiles'); +} + +function tableItem(name, items) +{ + this.name = name; + this.menuItems = items; +} + + +// Check if a particular authmanager is enabled. +// The 'authamanager' array is set in +// dynamic javascript in the URL /dynamicVars.js + +function isAuthMgrEnabled(name) +{ + // handle the case when no auth manager is configured + if (typeof(authmanager) == 'undefined') { + return false; + } + for (var k=0; k<authmanager.length; k++) { + if (authmanager[k] == name) { + return true; + } + } + return false; +} + +function initRevocationMenu() +{ + top.RevocationMenu = new Array(); + + var name='usercert'; + top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html', + 'User Certificate'); + //name='servercert'; + //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html', + // 'Server Certificate'); + + // name='othercert'; + // top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html', + // 'Certificate (challenge phrase-based)'); + name='othercert'; + top.RevocationMenu[1] = new menuItem(name, 'CMCRevReq.html', + 'CMC Revoke'); +} + +function initRecoveryMenu() +{ + top.RecoveryMenu = new Array(); + var name; + + name = 'keyRecovery'; + top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html', + 'Key Recovery'); +} + +function initRetrievalMenu() +{ + top.RetrievalMenu = new Array(); + var name; + var count=0; + + name = 'checkrequest'; + top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html', + 'Check Request Status'); + + if (subsystemname != 'ra') { + name = 'listcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html', + 'List Certificates'); + name = 'searchcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html', + 'Search Certificates'); + } + name = 'getcachain'; + top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html', + 'Import CA Certificate Chain'); + + if (subsystemname != 'ra') { + name = 'reviewcrl'; + if (clacrlurl != '') { + top.RetrievalMenu[count++] = new menuItem(name, clacrlurl, + 'Import Certificate Revocation List'); + } else { + top.RetrievalMenu[count++] = new menuItem(name, 'getInfo?template=/ee/ca/toDisplayCRL', + 'Import Certificate Revocation List'); + } + } +} + +// This method draws the left panel + +function loadMenu(menu) +{ + + with (top.left.document) { + writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">'); + writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>'); + writeln('<tr>'); + writeln('<td>'); + + var selbgcol = '#cccccc'; // cell's background col when selected + var unselbgcol = '#cccccc'; // "" "" unselected + + for (var k=0; k<menu.length; k++) { + writeln('<tr>'); + + // We check if the link is empty. If it is, this means the + // menu item should be rendered as a 'title'. See the + // 'Browser' heading in initEnrollMenu as an example + + if (menu[k].link != '') { + + if (k == top.tabs[top.tabsSelectedIndex].currentIndex) { + + // Draw the current element in 'selected' state + + writeln('<td bgcolor="'+selbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].seldesc+'</b></a></font>' + ); + } + else { + // Draw the current element in 'unselected' state + + writeln('<td bgcolor="'+unselbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].unseldesc+'</b></a></font>' + ); + + } + + } + else { // nice headers go here (enrollment menu) + writeln('<td bgcolor=white>'+ + '<font face="PrimaSans BT, Verdana, sans-serif"'+ + 'color=black>'+ + '<b>'+ + menu[k].desc+'</b></font>'); + } + + + writeln('</td>'); + writeln('</tr>'); + } + + writeln('</table>'); + writeln('</td>'); + writeln('</tr>'); + writeln('</table>'); + close(); + } + +} + +function reloadMenu(item) +{ + var curMenu = top.tabs[top.tabsSelectedIndex]; + curMenu.currentIndex = item; + top.cms_content.location = curMenu.menu[item].link; + loadMenu(curMenu.menu); + + +} + + +function reloadMenuAndContent() +{ + var tab = top.tabs[top.tabsSelectedIndex]; + tab.currentIndex = 0; + top.cms_content.location = tab.menu[tab.currentIndex].link; + reloadMenu(tab.currentIndex); +} + +function reloadTabs(tabnum) +{ + if (tabnum != -1) { + top.tabsSelectedIndex = tabnum; + } + top.reloadMenuAndContent(); + +// if (navigator.appName != "Netscape") { +// top.reloadMenu(top.tabs[tabnum].defaultIndex); +// } + + if ( navigator.appName == 'Netscape') { + top.tabsf.location.reload(false); + } else { + loadTabs(); + } + if ( navigator.appName != 'Netscape') { + loadTabs(); + } +} + + + +function loadTabs() +{ + with (top.tabsf.document) { + writeln('<body onresize="top.doResize();" bgcolor="#4f52b5" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">'); + + writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#4f52b5">'); + writeln('<tr><td>'); + writeln('<table border=0 cellspacing=12 cellpadding=0>'); + writeln('<tr>'); + writeln('<td><img src="/pki/images/logo_header.gif"></td>'); + writeln('<td> </td>'); + if (subsystemname == 'ca') { + writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#cccccc" size="-2">®</font></sup> Certificate Manager</b></font></td>'); + } else { + writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b><b>Dogtag<sup><font color="#cccccc" size="-2">®</font></sup> Registration Manager</b></font></td>'); + } + writeln('</tr>'); + writeln('</table>'); + + writeln('<table border=0 cellspacing="0" cellpadding="0">'); + writeln('<tr>'); + writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>'); + + var index = top.tabsSelectedIndex; + for (var j=0; j < top.tabsCount; j++) { + if (j == index) { + writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#cccccc" nowrap>'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+ + top.tabs[j].blackname+ + '</b></font></td>'); + writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+ + '</td>'); + } + else { + writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#999999" nowrap>'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a onclick=javascript:top.reloadTabs("'+ + j+'"); href='+ + top.tabs[j].link+' target="left"><b>'+ + top.tabs[j].whitename+'</b></a></font></td>'); + writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>'); + } + } + + writeln('</tr>'); + writeln('</table></td></tr>'); + writeln('<tr bgcolor=#CCCCCC><td> <br> </td></tr>'); + writeln('</tr>'); + writeln('</table>'); + close(); + + } +} + + + +//--> +</script> +</head> + +<script lang="javascript"> +<!--// +initMenus(); +initTabs(); +//--> +</script> + + +<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> + <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0"> + <frameset cols="140,1*" border="0" frameborder="NO"> + <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left"> + <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content"> + </frameset> + <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO"> +</frameset> +<noframes><body bgcolor="#FFFFFF"> + +</body></noframes> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html new file mode 100644 index 000000000..74c3080f0 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/index.html @@ -0,0 +1,556 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<title>CA End-Entity</title> +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +<link rel="shortcut icon" href="/pki/images/favicon.ico" /> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/dynamicVars.js"></script> +<script lang="javascript" src="../cms-funcs.js"></script> +<script lang="javascript"> +<!--// +function doResize() { + // used by tabs.html + // don't call resize for IE - it sometimes crashes + if (navigator.appName == 'Netscape' && + ((navMajorVersion() < 4) || + (typeof(crypto.version) == "undefined"))) { + top.reloadTabs(-1); + } +} + +function tabItem(name, link, menu, defaultIndex) +{ + this.name = name; + this.blackname = name.fontcolor('black'); + this.whitename = name.fontcolor('white'); + this.link = link; + this.menu = menu; + this.defaultIndex = defaultIndex; + this.currentIndex = defaultIndex; +} + +function initTabs() +{ + + top.tabs = new Array(); + + var name; + top.tabsCount=0; + + name = 'Enrollment'; + top.tabs[top.tabsCount++] = new tabItem(name, 'enrollMenu.html', + top.EnrollMenu, 1); + if (http != 'true') { + name = 'Renewal'; + top.tabs[top.tabsCount++] = new tabItem(name, 'renewalMenu.html', + top.RenewalMenu, 0); + name = 'Revocation'; + top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html', + top.RevocationMenu, 0); + } + + name = 'Retrieval'; + top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html', + top.RetrievalMenu, 0); + + top.tabsSelectedIndex = 0; + +} + + +function menuItem(name, link, desc) +{ + this.name = name; + this.link = link; + this.seldesc = desc.fontcolor('blue'); // text when selected + this.unseldesc = desc.fontcolor('black'); // text when unselected + this.desc = desc; +} + +function initMenus() +{ + initEnrollMenu(); + if (http != 'true') { + initRenewalMenu(); + initRevocationMenu(); + } + initRecoveryMenu(); + initRetrievalMenu(); +} + +function initRenewalMenu() +{ + top.RenewalMenu = new Array(); + + var name = 'usercert'; + top.RenewalMenu[0] = new menuItem(name, 'UserRenewal.html', + 'User Certificate'); + //name = 'servercert'; + //top.RenewalMenu[name] = new menuItem(name, 'ServerRenewal.html', + // 'Server Certificate'); +} + +function tableItem(name, items) +{ + this.name = name; + this.menuItems = items; +} + + +// Check if a particular authmanager is enabled. +// The 'authamanager' array is set in +// dynamic javascript in the URL /dynamicVars.js + +function isAuthMgrEnabled(name) +{ + // handle the case when no auth manager is configured + if (typeof(authmanager) == 'undefined') { + return false; + } + for (var k=0; k<authmanager.length; k++) { + if (authmanager[k] == name) { + return true; + } + } + return false; +} + +function initEnrollMenu() +{ + top.EnrollMenu = new Array(); + + var item; + var count=0; + menuItems = new Array(); + // User enrollment stuff here + + item = 'userenrolltitle'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, '', 'Browser'); + count++; + + // 'Manual' enrollment - does not pass through any + // authentication plugin, so requests must be approved + // manually by the agent + + item = 'manuser'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ManUserEnroll.html', 'Manual'); + count++; + + + // UidPwdDirAuth - authenticates against an LDAP directory + // with uid + pwd + + if ( isAuthMgrEnabled("UidPwdDirAuth") ) { + item = 'diruser'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'DirUserEnroll.html', + 'Directory'); + count++; + } + + // UidPwdPinDirAuth - authenticates against an LDAP directory + // with uid + pwd + one-time pin + if ( isAuthMgrEnabled("UidPwdPinDirAuth") ) { + item = 'pinuser'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'DirPinUserEnroll.html', + 'Directory and Pin'); + count++; + } + + // NISAuth - authenticates against NIS + if ( isAuthMgrEnabled("NISAuth") ) { + item = 'nisuser'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'NISUserEnroll.html', 'NIS'); + + count++; + } + + // Kerberos - authenticates against a Kerberos server + if ( isAuthMgrEnabled("KerberosAuth") ) { + item = 'kerberos'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'KerberosBasedAuthentication.html', 'Kerberos'); + count++; + } + + // PortalEnroll - allows a user to enroll if their uid + // does NOT already exist in the directory. I.e. they can + // create an account + if ( isAuthMgrEnabled("PortalEnroll") ) { + item = 'portaluser'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'PortalEnrollment.html', 'Portal'); + count++; + } + + if (subsystemname != 'ra') { + if (http != 'true') { + // this one is directory based cert-based + if ( isAuthMgrEnabled("UidPwdDirAuth") ) { + item = 'certBasedDualEnroll'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'CertBasedDualEnroll.html', 'Certificate'); + count++; + } + } + } + else { + if (http != 'true') { + // this one is directory based cert-based + if ( isAuthMgrEnabled("UidPwdDirAuth") ) { + item = 'certBasedSingleEnroll'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate'); + count++; + } + } + +// item = 'certBasedEncEnroll'; +// menuItems[count] = top.EnrollMenu[count] = +// new menuItem(item, 'CertBasedEncryptionEnroll.html', 'Certificate'); +// count++; +// item = 'certBasedSingleEnroll'; +// menuItems[count] = top.EnrollMenu[count] = +// new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate'); +// count++; + + } +// Server Enrollment + item = 'serverenrolltitle'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, '', 'Server'); + count++; + + item = 'manserver'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ManServerEnroll.html', 'SSL Server'); + count++; + + // if we're talking to a Registration Manager, don't allow the user to enroll + // for a RM or CM certificate. + item = 'manra'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ManRAEnroll.html', 'Registration Manager'); + count++; + + if (subsystemname != 'ra') { + item = 'manca'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ManCAEnroll.html', 'Certificate Manager'); + count++; + } + + item = 'manocsp'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'OCSPResponder.html', 'OCSP Responder'); + count++; + + item = 'othertitle'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, '', 'Other'); + count++; + + item = 'manos'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ManObjSignEnroll.html', 'Object Signing (Browser)'); + count++; + + item = 'manospkcs'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'ObjSignPKCS10Enroll.html', 'Object Signing (PKCS10)'); + count++; + + item = 'mancmc'; + menuItems[count] = top.EnrollMenu[count] = + new menuItem(item, 'CMCEnrollment.html', 'CMC Enrollment'); + count++; + +} + +function initRevocationMenu() +{ + top.RevocationMenu = new Array(); + + var name='usercert'; + top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html', + 'User Certificate'); + //name='servercert'; + //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html', + // 'Server Certificate'); + + name='othercert'; + top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html', + 'Certificate (challenge phrase-based)'); + name='othercert'; + top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html', + 'CMC Revoke'); +} + +function initRecoveryMenu() +{ + top.RecoveryMenu = new Array(); + var name; + + name = 'keyRecovery'; + top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html', + 'Key Recovery'); +} + +function initRetrievalMenu() +{ + top.RetrievalMenu = new Array(); + var name; + var count=0; + + name = 'checkrequest'; + top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html', + 'Check Request Status'); + + if (subsystemname != 'ra') { + name = 'listcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html', + 'List Certificates'); + name = 'searchcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html', + 'Search Certificates'); + } + name = 'getcachain'; + top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html', + 'Import CA Certificate Chain'); + + if (subsystemname != 'ra') { + name = 'reviewcrl'; + if (clacrlurl != '') { + top.RetrievalMenu[count++] = new menuItem(name, clacrlurl, + 'Import Certificate Revocation List'); + } else { + top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL', + 'Import Certificate Revocation List'); + } + } +} + +// This method draws the left panel + +function loadMenu(menu) +{ + + with (top.left.document) { + writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">'); + writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>'); + writeln('<tr>'); + writeln('<td>'); + + var selbgcol = '#cccccc'; // cell's background col when selected + var unselbgcol = '#cccccc'; // "" "" unselected + + for (var k=0; k<menu.length; k++) { + writeln('<tr>'); + + // We check if the link is empty. If it is, this means the + // menu item should be rendered as a 'title'. See the + // 'Browser' heading in initEnrollMenu as an example + + if (menu[k].link != '') { + + if (k == top.tabs[top.tabsSelectedIndex].currentIndex) { + + // Draw the current element in 'selected' state + + writeln('<td bgcolor="'+selbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].seldesc+'</b></a></font>' + ); + } + else { + // Draw the current element in 'unselected' state + + writeln('<td bgcolor="'+unselbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].unseldesc+'</b></a></font>' + ); + + } + + } + else { // nice headers go here (enrollment menu) + writeln('<td bgcolor=white>'+ + '<font face="PrimaSans BT, Verdana, sans-serif"'+ + 'color=black>'+ + '<b>'+ + menu[k].desc+'</b></font>'); + } + + + writeln('</td>'); + writeln('</tr>'); + } + + writeln('</table>'); + writeln('</td>'); + writeln('</tr>'); + writeln('</table>'); + close(); + } + +} + +function reloadMenu(item) +{ + var curMenu = top.tabs[top.tabsSelectedIndex]; + curMenu.currentIndex = item; + top.cms_content.location = curMenu.menu[item].link; + loadMenu(curMenu.menu); + + +} + + +function reloadMenuAndContent() +{ + var tab = top.tabs[top.tabsSelectedIndex]; + tab.currentIndex = tab.defaultIndex; + top.cms_content.location = tab.menu[tab.currentIndex].link; + reloadMenu(tab.currentIndex); +} + +function reloadTabs(tabnum) +{ + if (tabnum != -1) { + top.tabsSelectedIndex = tabnum; + } + top.reloadMenuAndContent(); + + if (navigator.appName != "Netscape") { + top.reloadMenu(top.tabs[tabnum].defaultIndex); + } + + if ( navigator.appName == 'Netscape') { + top.tabsf.location.reload(false); + } else { + loadTabs(); + } + if ( navigator.appName != 'Netscape') { + loadTabs(); + } +} + + + +function loadTabs() +{ + with (top.tabsf.document) { + writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">'); + + writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">'); + writeln('<tr><td>'); + writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >'); + writeln('<tr><td>'); + writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">'); + writeln('<tr>'); + writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">®</font>'+ + '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>'); + writeln('<td></td>'); + if (subsystemname == 'ca') { + writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>'); + } + else { + writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>'); + } + writeln('</tr>'); + writeln('</table>'); + writeln('</td></tr>'); + writeln('</table>'); + + writeln('<table border=0 cellspacing="0" cellpadding="0">'); + writeln('<tr>'); + writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>'); + + var index = top.tabsSelectedIndex; + for (var j=0; j < top.tabsCount; j++) { + if (j == index) { + writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#cccccc" nowrap>'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+ + top.tabs[j].blackname+ + '</b></font></td>'); + writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+ + '</td>'); + } + else { + writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#999999" nowrap>'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a onclick=javascript:top.reloadTabs("'+ + j+'"); href='+ + top.tabs[j].link+' target="left"><b>'+ + top.tabs[j].whitename+'</b></a></font></td>'); + writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>'); + } + } + + writeln('</tr>'); + writeln('</table></td></tr>'); + writeln('<tr bgcolor=#CCCCCC><td> <br> </td></tr>'); + writeln('</tr>'); + writeln('</table>'); + close(); + + } +} + + + +//--> +</script> +</head> + +<script lang="javascript"> +<!--// +initMenus(); +initTabs(); +//--> +</script> + + +<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> + <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0"> + <frameset cols="140,1*" border="0" frameborder="NO"> + <frame src="enrollMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left"> + <frame src="ManUserEnroll.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content"> + </frameset> + <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO"> +</frameset> +<noframes><body bgcolor="#FFFFFF"> + +</body></noframes> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html new file mode 100644 index 000000000..9eabc2262 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html @@ -0,0 +1,36 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>profile Menu</title> +</head> + +<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399"> +<script lang="javascript" src="/dynamicVars.js"></script> +<script lang=javascript> +//<!-- + if (http != 'true') { + top.loadMenu(top.tabs[3].menu); + } else { + top.loadMenu(top.tabs[1].menu); + } +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html new file mode 100644 index 000000000..ec39a7a01 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html @@ -0,0 +1,36 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>Retrieval Menu</title> +</head> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/dynamicVars.js"></script> + +<script lang=javascript> +//<!-- + if (http != 'true') { + top.loadMenu(top.tabs[3].menu); + } else { + top.loadMenu(top.tabs[1].menu); + } +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html new file mode 100644 index 000000000..fa810e748 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html @@ -0,0 +1,31 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>Revocation Menu</title> +</head> + + +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[2].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html new file mode 100644 index 000000000..478c193ad --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/index.html @@ -0,0 +1,393 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> +<head> +<title>CA End-Entity</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<link rel="shortcut icon" href="/pki/images/favicon.ico" /> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/dynamicVars.js"></script> +<script lang="javascript" src="../cms-funcs.js"></script> +<script lang="javascript"> +<!--// +function doResize() { + // used by tabs.html + // don't call resize for IE - it sometimes crashes + if (navigator.appName == 'Netscape' && + ((navMajorVersion() < 4) || + (typeof(crypto.version) == "undefined"))) { + top.reloadTabs(-1); + } +} + +function tabItem(name, link, menu, defaultIndex) +{ + this.name = name; + this.blackname = name.fontcolor('black'); + this.whitename = name.fontcolor('white'); + this.link = link; + this.menu = menu; + this.defaultIndex = defaultIndex; + this.currentIndex = defaultIndex; +} + +function initTabs() +{ + + top.tabs = new Array(); + + var name; + top.tabsCount=0; + + name = 'Enrollment'; + top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html', + top.ProfileMenu, 1); + if (http != 'true') { + name = 'Revocation'; + top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html', + top.RevocationMenu, 0); + } + + name = 'Retrieval'; + top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html', + top.RetrievalMenu, 0); + + top.tabsSelectedIndex = 0; + +} + + +function menuItem(name, link, desc) +{ + this.name = name; + this.link = link; + this.seldesc = desc.fontcolor('blue'); // text when selected + this.unseldesc = desc.fontcolor('black'); // text when unselected + this.desc = desc; +} + +function initMenus() +{ + initProfileMenu(); + if (http != 'true') { + initRevocationMenu(); + } + initRecoveryMenu(); + initRetrievalMenu(); +} + +function initProfileMenu() +{ + top.ProfileMenu = new Array(); + + var name = 'profileList'; + top.ProfileMenu[0] = new menuItem(name, 'profileList', + 'List Profiles'); +} + +function tableItem(name, items) +{ + this.name = name; + this.menuItems = items; +} + + +// Check if a particular authmanager is enabled. +// The 'authamanager' array is set in +// dynamic javascript in the URL /dynamicVars.js + +function isAuthMgrEnabled(name) +{ + // handle the case when no auth manager is configured + if (typeof(authmanager) == 'undefined') { + return false; + } + for (var k=0; k<authmanager.length; k++) { + if (authmanager[k] == name) { + return true; + } + } + return false; +} + +function initRevocationMenu() +{ + top.RevocationMenu = new Array(); + + var name='usercert'; + top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html', + 'User Certificate'); + //name='servercert'; + //top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html', + // 'Server Certificate'); + + name='othercert'; + top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html', + 'Certificate (challenge phrase-based)'); + name='othercert'; + top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html', + 'CMC Revoke'); +} + +function initRecoveryMenu() +{ + top.RecoveryMenu = new Array(); + var name; + + name = 'keyRecovery'; + top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html', + 'Key Recovery'); +} + +function initRetrievalMenu() +{ + top.RetrievalMenu = new Array(); + var name; + var count=0; + + name = 'checkrequest'; + top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html', + 'Check Request Status'); + + if (subsystemname != 'ra') { + name = 'listcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html', + 'List Certificates'); + name = 'searchcerts'; + top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html', + 'Search Certificates'); + } + name = 'getcachain'; + top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html', + 'Import CA Certificate Chain'); + + if (subsystemname != 'ra') { + name = 'reviewcrl'; + if (clacrlurl != '') { + top.RetrievalMenu[count++] = new menuItem(name, clacrlurl, + 'Import Certificate Revocation List'); + } else { + top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL', + 'Import Certificate Revocation List'); + } + } +} + +// This method draws the left panel + +function loadMenu(menu) +{ + + with (top.left.document) { + writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">'); + writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>'); + writeln('<tr>'); + writeln('<td>'); + + var selbgcol = '#cccccc'; // cell's background col when selected + var unselbgcol = '#cccccc'; // "" "" unselected + + for (var k=0; k<menu.length; k++) { + writeln('<tr>'); + + // We check if the link is empty. If it is, this means the + // menu item should be rendered as a 'title'. See the + // 'Browser' heading in initEnrollMenu as an example + + if (menu[k].link != '') { + + if (k == top.tabs[top.tabsSelectedIndex].currentIndex) { + + // Draw the current element in 'selected' state + + writeln('<td bgcolor="'+selbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].seldesc+'</b></a></font>' + ); + } + else { + // Draw the current element in 'unselected' state + + writeln('<td bgcolor="'+unselbgcol+'">'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<b>'+ + '<a onclick=javascript:top.reloadMenu("'+k+'"); href='+ + menu[k].link+ + ' target="cms_content" >'+ + menu[k].unseldesc+'</b></a></font>' + ); + + } + + } + else { // nice headers go here (enrollment menu) + writeln('<td bgcolor=white>'+ + '<font face="PrimaSans BT, Verdana, sans-serif"'+ + 'color=black>'+ + '<b>'+ + menu[k].desc+'</b></font>'); + } + + + writeln('</td>'); + writeln('</tr>'); + } + + writeln('</table>'); + writeln('</td>'); + writeln('</tr>'); + writeln('</table>'); + close(); + } + +} + +function reloadMenu(item) +{ + var curMenu = top.tabs[top.tabsSelectedIndex]; + curMenu.currentIndex = item; + top.cms_content.location = curMenu.menu[item].link; + loadMenu(curMenu.menu); + + +} + + +function reloadMenuAndContent() +{ + var tab = top.tabs[top.tabsSelectedIndex]; + tab.currentIndex = 0; + top.cms_content.location = tab.menu[tab.currentIndex].link; + reloadMenu(tab.currentIndex); +} + +function reloadTabs(tabnum) +{ + if (tabnum != -1) { + top.tabsSelectedIndex = tabnum; + } + top.reloadMenuAndContent(); + + if (navigator.appName != "Netscape") { + top.reloadMenu(top.tabs[tabnum].defaultIndex); + } + + if ( navigator.appName == 'Netscape') { + top.tabsf.location.reload(false); + } else { + loadTabs(); + } + if ( navigator.appName != 'Netscape') { + loadTabs(); + } +} + + + +function loadTabs() +{ + with (top.tabsf.document) { + writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">'); + + writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">'); + writeln('<tr><td>'); + writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >'); + writeln('<tr><td>'); + writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">'); + writeln('<tr>'); + writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">®</font>'+ + '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>'); + writeln('<td></td>'); + if (subsystemname == 'ca') { + writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>'); + } + else { + writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>'); + } + writeln('</tr>'); + writeln('</table>'); + writeln('</td></tr>'); + writeln('</table>'); + + writeln('<table border=0 cellspacing="0" cellpadding="0">'); + writeln('<tr>'); + writeln('<td><img src="/pki/images/spacer.gif" width="12" height="12"></td>'); + + var index = top.tabsSelectedIndex; + for (var j=0; j < top.tabsCount; j++) { + if (j == index) { + writeln('<td><img src="/pki/images/lgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#cccccc" nowrap>'); + writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+ + top.tabs[j].blackname+ + '</b></font></td>'); + writeln('<td><img src="/pki/images/lgRightTab2.gif" width="16" height="21">'+ + '</td>'); + } + else { + writeln('<td><img src="/pki/images/dgLeftTab.gif" width="13" height="21"></td>'); + writeln('<td bgcolor="#999999" nowrap>'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a onclick=javascript:top.reloadTabs("'+ + j+'"); href='+ + top.tabs[j].link+' target="left"><b>'+ + top.tabs[j].whitename+'</b></a></font></td>'); + writeln('<td><img src="/pki/images/dgRightTab2.gif" width="16" height="21"></td>'); + } + } + + writeln('</tr>'); + writeln('</table></td></tr>'); + writeln('<tr bgcolor=#CCCCCC><td> <br> </td></tr>'); + writeln('</tr>'); + writeln('</table>'); + close(); + + } +} + + + +//--> +</script> +</head> + +<script lang="javascript"> +<!--// +initMenus(); +initTabs(); +//--> +</script> + + +<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> + <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0"> + <frameset cols="140,1*" border="0" frameborder="NO"> + <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left"> + <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content"> + </frameset> + <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO"> +</frameset> +<noframes><body bgcolor="#FFFFFF"> + +</body></noframes> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html new file mode 100644 index 000000000..8f19d91b4 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html @@ -0,0 +1,32 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>profile Menu</title> +</head> + +<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399"> +<script lang="javascript" src="/dynamicVars.js"></script> +<script lang=javascript> +//<!-- + top.loadMenu(top.tabs[0].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html new file mode 100644 index 000000000..faafe343e --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html @@ -0,0 +1,36 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>Retrieval Menu</title> +</head> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/dynamicVars.js"></script> + +<script lang=javascript> +//<!-- + if (http != 'true') { + top.loadMenu(top.tabs[2].menu); + } else { + top.loadMenu(top.tabs[1].menu); + } +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html new file mode 100644 index 000000000..21f5f4397 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html @@ -0,0 +1,31 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<html> + +<head> +<title>Revocation Menu</title> +</head> + + +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[1].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/profileMenu.html b/base/ca/shared/webapps/ca/ee/ca/profileMenu.html new file mode 100644 index 000000000..b621c230e --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/profileMenu.html @@ -0,0 +1,32 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>profile Menu</title> +</head> + +<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399"> +<script lang="javascript" src="/ca/ee/dynamicVars.js"></script> +<script lang=javascript> +//<!-- + top.loadMenu(top.tabs[0].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html b/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html new file mode 100644 index 000000000..557a1cf17 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/queryBySerial.html @@ -0,0 +1,190 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>List Certificates Within a Serial Number Range</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script> + +<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script> + +<script LANGUAGE="JavaScript"> +<!-- +function doSubmit(form) +{ + var canonicalFrom = "", canonicalTo = ""; + + if ( form.serialFrom.value!= "") { + canonicalFrom = + trim(form.serialFrom.value); + } + + if (canonicalFrom != "") { + if (!isDecimalNumber(canonicalFrom)) { + if (isHexNumber(canonicalFrom)) { + canonicalFrom = "0x" + + removeColons(stripPrefix(canonicalFrom)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the low end of the serial number range."); + return; + } + } + if (isNegative(canonicalFrom)) { + alert("You must specify a positive value for the low " + + "end of the serial number range."); + return; + } + form.serialFrom.value = canonicalFrom; + } + + if ( form.serialTo.value!= "") { + canonicalTo = + trim(form.serialTo.value); + } + + if (canonicalTo != "") { + if (!isDecimalNumber(canonicalTo)) { + if (isHexNumber(canonicalTo)) { + canonicalTo = "0x" + + removeColons(stripPrefix(canonicalTo)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the high end of the serial number range."); + return; + } + } + if (isNegative(canonicalTo)) { + alert("You must specify a positive value for the high " + + "end of the serial number range."); + return; + } + form.serialTo.value = canonicalTo; + } + + /* Can't do this using parseInt*/ + /* + if (form.serialFrom.value != "" && form.serialTo.value != "" ) { + if (parseInt(form.serialFrom.value) > parseInt(form.serialTo.value)) { + alert("The low end of the range is larger than the high end."); + return; + } + } + */ + + if (!form.skipRevoked.checked && !form.skipNonValid.checked) { + form.queryCertFilter.value = "(certStatus=*)"; + } else if (form.skipRevoked.checked && form.skipNonValid.checked) { + form.queryCertFilter.value = "(certStatus=VALID)"; + } else if (form.skipRevoked.checked) { + form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; + } else if (form.skipNonValid.checked) { + form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))"; + } + + if (form.serialFrom.value == "") { + form.querySentinelDown.value = "0"; + } else { + form.querySentinelDown.value = form.serialFrom.value; + form.querySentinelUp.value = form.serialFrom.value; + form.direction.value = "down"; + } + + form.op.value = "listCerts"; + form.submit(); +} +//--> +</script> +</head> + +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> +<font size=+1 face="PrimaSans BT, Verdana, sans-serif">List Certificates</font> +<br> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Use this form to list certificates whose serial numbers fall within a +specified range.</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<form ACTION="listCerts" METHOD=POST> + <input TYPE="HIDDEN" NAME="op" VALUE=""> + <input TYPE="HIDDEN" NAME="queryCertFilter" VALUE=""> + +<p> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Enter a range of serial numbers in hexadecimal form (starting with 0x, as in the certificate list) or in decimal form. + +<p> +<table BORDER=0 CELLSPACING=2 CELLPADDING=0> + <tr> + <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + Lowest serial number</font> + </td> + <td><input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td> + <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + (leave blank for no lower limit)</font> + </td> + </tr> + <tr> + <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + Highest serial number</font></font></td> + <td><input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td> + <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + (leave blank for no upper limit)</font> + </td> + </tr> +</table> + +<p> +<input TYPE="CHECKBOX" NAME="skipRevoked"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Do not show certificates that have been revoked +</font> +<br> +<input TYPE="CHECKBOX" CHECKED NAME="skipNonValid"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Do not show certificates that have expired or are not yet valid</font> +<br> +<br> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT BGCOLOR="#E5E5E5"> + <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);"> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font> +<INPUT TYPE="hidden" NAME="querySentinelDown" VALUE=""> +<INPUT TYPE="hidden" NAME="querySentinelUp" VALUE=""> + <INPUT TYPE="hidden" NAME="direction" VALUE="begin"> + <INPUT TYPE="TEXT" NAME="maxCount" SIZE=10 MAXLENGTH=99 VALUE="20"> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font> + </td> + </tr> +</table> +</form> +</body> +</html> + + + diff --git a/base/ca/shared/webapps/ca/ee/ca/queryCert.html b/base/ca/shared/webapps/ca/ee/ca/queryCert.html new file mode 100644 index 000000000..32e2ac644 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/queryCert.html @@ -0,0 +1,1518 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Search for Certificates</title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> + +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script> +<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script> +</head> + +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> +<font size=+1 face="PrimaSans BT, Verdana, sans-serif"> +Search for Certificates +</font><br> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Use this form to compose queries based on properties of the certificate. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Each section below filters the search. Check the box at the top of the +section if you want to use that filter in your search, then complete the fields. +Leave a box unchecked to ignore that filter. You can click more than one box +to get a combination of search criteria. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Serial Number Range</font></b> +<FORM NAME="serialNumberRangeCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td colspan="3"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates that fall within the following range:</font> +</td> +</tr> +<tr> +<td> </td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Lowest serial number:</font></td> +<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +(leave blank for no lower limit)</font></td> +</tr> +<tr> +<td> </td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Highest serial number:</font></td> +<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +(leave blank for no upper limit)</font></td> +</tr> +</table> +</FORM> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Enter a range of certificate serial numbers in hexadecimal form +(starting with 0x, as in the certificate list) or in decimal form. +</font> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function serialNumberRangeCritInUse() +{ + return document.serialNumberRangeCritForm.inUse.checked; +} + +function serialNumberRangeCrit() +{ + var crit = new Array; + var next = 0; + var canonicalFrom = "", canonicalTo = ""; + + if (document.serialNumberRangeCritForm.serialFrom.value != "") { + canonicalFrom = + trim(document.serialNumberRangeCritForm.serialFrom.value); + } + + if (canonicalFrom != "") { + if (!isDecimalNumber(canonicalFrom)) { + if (isHexNumber(canonicalFrom)) { + canonicalFrom = "0x" + + removeColons(stripPrefix(canonicalFrom)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the low end of the serial number range."); + return null; + } + } + if (isNegative(canonicalFrom)) { + alert("You must specify a positive value for the low " + + "end of the serial number range."); + return null; + } + crit[next++] = "(certRecordId>=" + canonicalFrom + ")"; + } + + if (document.serialNumberRangeCritForm.serialTo.value != "") { + canonicalTo = + trim(document.serialNumberRangeCritForm.serialTo.value); + } + + if (canonicalTo != "") { + if (!isDecimalNumber(canonicalTo)) { + if (isHexNumber(canonicalTo)) { + canonicalTo = "0x" + + removeColons(stripPrefix(canonicalTo)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the high end of the serial number range."); + return null; + } + } + if (isNegative(canonicalTo)) { + alert("You must specify a positive value for the high " + + "end of the serial number range."); + return null; + } + crit[next++] = "(certRecordId<=" + canonicalTo + ")"; + } + + /* Can not do this using parseInt */ + /* + if (document.serialNumberRangeCritForm.serialFrom.value != "" && + document.serialNumberRangeCritForm.serialTo.value != "") { + if (parseInt(canonicalFrom) > parseInt(canonicalTo)) { + alert("The low end of the range is larger than the high end."); + return null; + } + } + */ + + return nsjoin(crit,""); +} +//--> +</SCRIPT> + + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b> +<FORM NAME="subjectCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates with a subject name matching the following: +</font> +</td> +</tr> + +<tr align="left"> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Email address: +</font></td> +<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Common name: +</font></td> +<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +User ID: +</font></td> +<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Organization unit: +</font></td> +<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Organization: +</font></td> +<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Locality: +</font></td> +<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +State: +</font></td> +<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Country: +</font></td> +<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font> +</td> +<td> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<INPUT TYPE="RADIO" NAME="match" VALUE="exact"> +Exact +</font> +</td> +<tr> +<td> </td> +<td align="right"> </td> +<td> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial"> +Partial +</font> +</td> +</tr> +</table> +</FORM> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Enter values for the fields you want to have in your search criteria. +Leave other fields blank. +<br><br> +Exact match method finds certificates for subjects whose name consists +<b>exactly</b> of the components that you have filled in above, and contains +none of the components you have left blank. Pattern matching wildcard +values cannot be used in this search. +<br><br> +Partial match method finds certificates for subjects whose name consists +<b>in part</b> of the components you have specified above, and in addition +may contain arbitrary values for the other components you have left blank above. +Pattern matching wildcard values can be used in this search. +</font> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function subjectCritInUse() +{ + return document.subjectCritForm.inUse.checked; +} +function subjectCrit() +{ + return computeNameFilter(document.subjectCritForm); +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Revocation Information</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr align="left"> +<FORM NAME="revokedByCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked by: +</font> + <INPUT TYPE="text" NAME="revokedBy" SIZE=10> +</td> +</FORM> +</tr> + +<tr> +<FORM NAME="revokedOnCritForm"> +<td> +<INPUT TYPE="CHECKBOX" NAME="inUse"> +</td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked during the period:</font> +</td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign="top" align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="revokedOnFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="revokedOnTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="revocationReasonCritForm"> +<td valign="top" align="left"> +<INPUT TYPE="CHECKBOX" NAME="inUse"> +</td> +</FORM> +<td valign="top" align="left"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked from the reason:</font> +</td> +<FORM NAME="revocationReasonForm"> +<td valign="top" nowrap> +<SELECT NAME="revocationReason" size=4 multiple> +<OPTION VALUE=0>Unspecified +<OPTION VALUE=1>Key compromised +<OPTION VALUE=2>CA key compromised +<OPTION VALUE=3>Affiliation changed +<OPTION VALUE=4>Certificate superceded +<OPTION VALUE=5>Cessation of operation +<OPTION VALUE=6>Certificate is on hold +<OPTION VALUE=9>Privilege withdrawn +</SELECT> +</td> +</FORM> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function revokedByCritInUse() +{ + return document.revokedByCritForm.inUse.checked; +} +function revokedByCrit() +{ + if (document.revokedByCritForm.revokedBy.value.length == 0) { + alert("User id in 'revoked by' filter is empty"); + return null; + } + return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")"; +} + +function revokedOnCritInUse() +{ + return document.revokedOnCritForm.inUse.checked; +} +function revokedOnCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.revokedOnFrom)) { + from = convertDate(document.revokedOnFrom, + "Start date for revocation time range criterion"); + if (from == null) return null; + crit[next++] = "(certRevokedOn>=" + from + ")"; + } + if (!dateIsEmpty(document.revokedOnTo)) { + to = convertDate(document.revokedOnTo, + "End date for revocation time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(certRevokedOn<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for revocation time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Revocation time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} + +function revocationReasonCritInUse() +{ + return document.revocationReasonCritForm.inUse.checked; +} +function revocationReasonCrit() +{ + var crit = new Array(); + var sum = null; + var next = 0; + + for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) { + if (document.revocationReasonForm.revocationReason.options[i].selected == true) { + crit[next++] = "(x509cert.certRevoInfo="+i+")"; + } + } + sum = nsjoin(crit,""); + if (next > 1) { + sum = "(|" + sum + ")" + } else if (next < 1) { + alert("You must select at least one revocation reason."); + return null; + } + return sum; +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Issuing Information</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="issuedByCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates issued by: +</font> + <INPUT TYPE="text" NAME="issuedBy" SIZE=10> +</td> +</FORM> +</tr> + +<tr> +<FORM NAME="issuedOnCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates issued during the period:</font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="issuedOnFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="issuedOnTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function issuedByCritInUse() +{ + return document.issuedByCritForm.inUse.checked; +} +function issuedByCrit() +{ + if (document.issuedByCritForm.issuedBy.value.length == 0) { + alert("User id in 'issued by' filter is empty"); + return null; + } + return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")"; +} + + +function issuedOnCritInUse() +{ + return document.issuedOnCritForm.inUse.checked; +} +function issuedOnCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.issuedOnFrom)) { + from = convertDate(document.issuedOnFrom, + "Start date for issue time range criterion"); + if (from == null) return null; + crit[next++] = "(certCreateTime>=" + from + ")"; + } + if (!dateIsEmpty(document.issuedOnTo)) { + to = convertDate(document.issuedOnTo, + "End date for issue time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(certCreateTime<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for issue time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Issue time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Dates of Validity</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="validNotBeforeCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates effective during the period: +</font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotBeforeFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotBeforeTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validNotBeforeCritInUse() +{ + return document.validNotBeforeCritForm.inUse.checked; +} + +function validNotBeforeCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.validNotBeforeFrom)) { + from = convertDate(document.validNotBeforeFrom, + "Start date for the validity beginning time range criterion"); + if (from == null) return null; + crit[next++] = "(x509Cert.notBefore>=" + from + ")"; + } + if (!dateIsEmpty(document.validNotBeforeTo)) { + to = convertDate(document.validNotBeforeTo, + "End date for the validity beginning time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(x509Cert.notBefore<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for validity beginning range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Validity beginning time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="validNotAfterCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates expired during the period: </font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotAfterFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotAfterTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<OPTION VALUE=0> +<OPTION VALUE=1997>1997 +<OPTION VALUE=1998>1998 +<OPTION VALUE=1999>1999 +<OPTION VALUE=2000>2000 +<OPTION VALUE=2001>2001 +<OPTION VALUE=2002>2002 +<OPTION VALUE=2003>2003 +<OPTION VALUE=2004>2004 +<OPTION VALUE=2005>2005 +<OPTION VALUE=2006>2006 +<OPTION VALUE=2007>2007 +<OPTION VALUE=2008>2008 +<OPTION VALUE=2009>2009 +<OPTION VALUE=2010>2010 +<OPTION VALUE=2011>2011 +<OPTION VALUE=2012>2012 +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validNotAfterCritInUse() +{ + return document.validNotAfterCritForm.inUse.checked; +} + +function validNotAfterCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.validNotAfterFrom)) { + from = convertDate(document.validNotAfterFrom, + "Start date for the expiration time range criterion"); + if (from == null) return null; + crit[next++] = "(x509cert.notAfter>=" + from + ")"; + } + if (!dateIsEmpty(document.validNotAfterTo)) { + to = convertDate(document.validNotAfterTo, + "End date for the expiration time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(x509cert.notAfter<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for expiration time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Expiration time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + +<table border="0" cellspacing="2" cellpadding="2"> +<FORM NAME="validityLengthCritForm"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates with a +validity period: +</font></td> +</tr> +<tr> +<td> </td> +<td> +<SELECT NAME="validityOp"> +<OPTION VALUE="<="> not greater +<OPTION VALUE=">="> not less +</SELECT> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font> +<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2> +<SELECT NAME="unit"> +<OPTION VALUE="86400000">Day(s)</OPTION> +<OPTION VALUE="604800000">Week(s)</OPTION> +<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> +<OPTION VALUE="31536000000">Year(s)</OPTION> +</SELECT> +</td></tr> +</FORM> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validityLengthCritInUse() +{ + return document.validityLengthCritForm.inUse.checked; +} + +function validityLengthCrit() +{ + with(document.validityLengthCritForm) { + if(!isNumber(count.value,10)) { + alert("Invalid number specified in validity length criterion"); + return null; + } + + return "(x509cert.duration" + + validityOp.options[validityOp.selectedIndex].value + + (count.value * unit.options[unit.selectedIndex].value) +")"; + } +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font> + +<FORM NAME="certTypeCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates of the following types: +</font></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font> +</td> +<td> +<SELECT NAME="SSLClient"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font> +</td> +<td> +<SELECT NAME="SSLServer"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font> +</td><td> +<SELECT NAME="SecureEmail"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font> +</td><td> +<SELECT NAME="SubordinateSSLCA"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font> +</td><td> +<SELECT NAME="SubordinateEmailCA"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +</table> +</FORM> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function certTypeCritInUse() +{ + return document.certTypeCritForm.inUse.checked; +} + +function certTypeCrit() +{ + var result = ''; + var count = 0; + + for (var i = 1; i < document.certTypeCritForm.length; i++) { + var sel = document.certTypeCritForm[i].selectedIndex; + if (sel > 0) { + count++; + result += '(x509cert.nsExtension.' + + document.certTypeCritForm[i].name + '='+ + document.certTypeCritForm[i].options[sel].value + ')'; + } + } + if (count == 0) { + alert("At least one of the certificate types must be selected"); + return null; + } + + return result; +} +//--> +</SCRIPT> + +<br> +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function doSubmit(form) +{ + var andFilter = new Array; + var critCount = 0; + + andFilter[critCount++] = "(certRecordId=*)"; + + if (serialNumberRangeCritInUse()) { + if ((andFilter[critCount++] = serialNumberRangeCrit()) == null) + return; + } + if (subjectCritInUse()) { + if ((andFilter[critCount++] = subjectCrit()) == null) + return; + } + + if (revokedOnCritInUse()) { + if ((andFilter[critCount++] = revokedOnCrit()) == null) + return; + } + if (revokedByCritInUse()) { + if ((andFilter[critCount++] = revokedByCrit()) == null) + return; + } + if (revocationReasonCritInUse()) { + if ((andFilter[critCount++] = revocationReasonCrit()) == null) + return; + } + if (issuedOnCritInUse()) { + if ((andFilter[critCount++] = issuedOnCrit()) == null) + return; + } + if (issuedByCritInUse()) { + if ((andFilter[critCount++] = issuedByCrit()) == null) + return; + } + if (validNotBeforeCritInUse()) { + if ((andFilter[critCount++] = validNotBeforeCrit()) == null) + return; + } + if (validNotAfterCritInUse()) { + if ((andFilter[critCount++] = validNotAfterCrit()) == null) + return; + } + if (validityLengthCritInUse()) { + if ((andFilter[critCount++] = validityLengthCrit()) == null) + return; + } + if (certTypeCritInUse()) { + if ((andFilter[critCount++] = certTypeCrit()) == null) + return; + } + + // At least one section must be selected + if (critCount == 0) { + alert("You must choose at least one section on this form."); + return; + } + + form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")"; + + form.op.value = "listCerts"; + + form.submit(); +} +//--> +</SCRIPT> + + +<FORM NAME="queryForm" ACTION="/listCerts" METHOD=POST> +<INPUT TYPE="HIDDEN" NAME="op" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE=""> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT BGCOLOR="#E5E5E5"> + <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font> + <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5"> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font> + </td> + </tr> +</table> + +</form> +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/queryCert.template b/base/ca/shared/webapps/ca/ee/ca/queryCert.template new file mode 100644 index 000000000..1165cb309 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/queryCert.template @@ -0,0 +1,499 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Untitled Document</title> +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + +<style type="text/css"> + +.floating { + position: absolute; + left: 300px; + top: 50px; + width: 400px; + padding: 3px; + border: solid; + border-width: 2px; + background: white; + display: none; + margin: 5px; +} + + +table#t td { + font-size: 0.8em; + padding: 0px; + margin: 0px; +} + +.r { + visibility: visible; + background-color: pink; +} + + +.h { + background-color: #eeeeee; + font-color: #606060; + font-weight: bold; +} + +</STYLE> + +</head> + +<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + + +<CMS_TEMPLATE> + + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + absValue; +} + +function addEscapes(str) +{ + var outStr = str.replace(/</g, "<"); + outStr = outStr.replace(/>/g, ">"); + return outStr; +} + +function revokeCert(serialNumber) +{ + return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ + renderHexNumber(serialNumber,8)+ " ?"); +} + +function renderOidName(oid) +{ + if (oid == "1.2.840.113549.1.1.1") + return "PKCS #1 RSA"; + else if (oid == "1.2.840.113549.1.1.4") + return "PKCS #1 MD5 With RSA"; + else if (oid == "1.2.840.10040.4.1") + return "DSA"; + else + return "OID."+oid; +} + +function renderHexNumber(number,width) +{ + var num = number; + while (num.length < width) + num = "0"+num; + return "0x"+num; +} + +function renderDateFromSecs(secs) +{ + if (secs == null) return ""; + var dateTmp = new Date(); + dateTmp.setTime(secs * 1000); + var year = dateTmp.getYear(); + if (year < 100) { + year += 1900; + } else { + year %= 100; + year += 2000; + } + return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+ + (dateTmp.getHours()<10?" ;":"")+ + dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+ + dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+ + dateTmp.getSeconds(); +} + +function renderDetailsButton(serialNumber) +{ + return "<FORM METHOD=post "+ +"ACTION="+ "/ca/ee/ca/displayBySerial" +">"+ +"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+ +"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+serialNumber +"'>\n"+ +"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n"; +} + +function renderRevokeButton(serialNumber) +{ + return "<FORM METHOD=post "+ +//"onSubmit='return revokeCert("+serialNumber+");' "+ +"ACTION='"+ "/ee/reasonToRevoke" +"'>\n"+ +"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+ +"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+ +"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+ +"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+ +"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+ +"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+ +"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+ +"</FORM>\n"; +} + + +function getRevocationReason(revocationReason) +{ + var reasons = new Array("Unspecified", + "Key compromised", + "CA key compromised", + "Affiliation changed", + "Certificate superceded", + "Cessation of operation", + "Certificate is on hold", + "Unspecified", // value 7 is not used + "Remove from CRL", + "Privilege withdrawn", + "AA key compromise"); + if (revocationReason < 0 || revocationReason >= reasons.length) + revocationReason = 0; + return reasons[revocationReason]; +} + +function isRevoked(index) +{ + return (recordSet[index].revokedOn != null); +} + + + + +function setNode(table,desc,content,style) +{ + var row = table.insertRow(-1); + if (style) { + row.className = style; + } + var cell1 = row.insertCell(-1); + var desc_text = document.createTextNode(desc); + cell1.appendChild(desc_text); + var cell2 = row.insertCell(-1); + var content_text = document.createTextNode(content); + cell2.appendChild(content_text); +} + + + +function mouseover(element,event) +{ + var x = event.clientX; + var y = event.clientY; + + var index= element.getAttribute("index"); + if (index == null) { return false; } + var cert = recordSet[index]; + + element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF"; + + var v; + var e = document.getElementById("certMetaDatadiv"); + + var t = document.getElementById("t"); + + // delete all the rows in the table + var i=0; + while (i < t.rows.length) { + t.deleteRow(0); + } + + setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h"); + setNode(t,"Version:", cert.version+1); + setNode(t,"Certificate Type:",cert.type); + setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+ + " with "+ cert.subjectPublicKeyLength+"-bit key"); + setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore)); + setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter)); + setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn)); + setNode(t,"Issued By:", cert.issuedBy); + + if (isRevoked(index)) { + setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r"); + setNode(t,"Revoked by:", cert.revokedBy, "r"); + setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r"); + assumedheight = 210; + } else { + assumedheight = 180; + } + + e.style.left = x+30 + 'px'; // x-offset of floating div + + var offset = 20; // extra y-offset of floating div + var bottom = y + offset + assumedheight; + if (bottom > window.innerHeight) { + offset = 0 - (2*offset) - assumedheight; + } + + e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px'; + + // unhide the window + e.style.display ="block"; + + +} + +function mouseout(element) +{ +// window.setTimeout("hide",1); + var index= element.getAttribute("index"); + if (recordSet[index].revokedOn != null) { + element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE"; + } else { +// element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE"; + element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF"; + } + hide(); +} + +function hide() +{ + document.getElementById("certMetaDatadiv").style.display ="none"; +} + + +// overflow: hidden; white-space: nowrap + +function displayCertificateRecord(i, cert) +{ + document.write( +// "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+ + "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+ + "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ + renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+ + "<td width=16%>"+ + (cert.revokedOn != null ?"revoked":"valid")+ + "</td>\n"+ + "<td style='overflow: hidden; white-space: nowrap;'>"+ + " <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ + " <div style='overflow: hidden; white-space: nowrap;'>"+ + " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+ + cert.serialNumber+"' onmouseover='mouseover(this,event);' "+ + "onmouseout='mouseout(this);'>"+ + addEscapes(cert.subject)+"</a></div></font>"+ + "</td>"+ + "</tr>\n" + + ); +} + +function displaySearchResults() +{ +if (result.recordSet.length == 0) { + document.write( +"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n" + ); +} else { + + document.write( +"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer:<br> " + +(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") + +"</font><br>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Total number of records found: "+result.header.totalRecordCount+ +"</font>\n" + ); + + document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+ + "<tr align=center><td>\n"); + displayNextForm(); + + document.write( +"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+ +"<tr><td width=18%> </td><td width=16%> </td><td> </td></tr>\n"+ + +"<tr bgcolor='#e5e5e5' style='font-weight: bold'>"+ +"<td>\n"+ + "<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ + "Serial number</font></td>\n"+ + +"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Status</td>\n"+ + +"<td>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Subject name</font></td>"+ +"</tr>\n"); + + + for(var i = 0; i < result.recordSet.length; ++i ) { + displayCertificateRecord(i, result.recordSet[i]); + } +document.write("</table>\n"); + + if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) || + (result.header.querySentinelDown != null)) { + document.write("<br> \n" + + "<table border='0' cellspacing='0' cellpadding='0' background='/pki/images/hr.gif' width='100%'>\n"+ + "<tr><td> </td></tr></table>\n"); + } + + document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+ + "<tr align=center><td>\n"); + + if (result.header.revokeAll != null && result.header.totalRecordCount > 1) { + displayRevokeAllForm(result.header.totalRecordCount); + document.write("</td><td>\n"); + } + +// if (result.header.querySentinel != null) { + displayNextForm(); +// } + + document.write("</td></tr></table>\n"); +} +} + +function renderHidden(name,value) +{ + return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n"; +} + +function doNext(element) +{ + var form = element.form; +// form.action = "/"+result.header.op; + form.action = "/ca/ee/ca/listCerts"; + form.op.value = result.header.op; + + form.direction.value= "down"; + + if (element.name == "begin") { + form.querySentinelDown.value = 0; + form.direction.value = "begin"; + } else if (element.name == "end") { + form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1; + form.direction.value = "end"; + } else if (element.name == "down") { + form.querySentinelDown.value = result.header.querySentinelDown; + form.querySentinelUp.value = result.header.querySentinelUp; + form.direction.value = "down"; + } else if (element.name == "up") { + form.querySentinelUp.value = result.header.querySentinelUp; + form.querySentinelDown.value = result.header.querySentinelDown; + form.direction.value = "up"; + } + + form.totalRecordCount.value = result.header.totalRecordCount; + if (result.header.revokeAll != null) { + form.revokeAll.value = result.header.revokeAll; + } + if (result.header.queryFilterHash != null) { + form.queryFilterHash.value = result.header.queryFilterHash; + } + + form.submit(); +} + +function displayNextForm() +{ + document.write( +//"<div align=center> \n"+ +"<FORM NAME ='nextForm' METHOD=POST ACTION=''>\n"+ +renderHidden("op")); + +if (result.header.revokeAll != null) { + document.write(renderHidden("revokeAll")); +} + +if (result.header.queryFilterHash != null) { + document.write(renderHidden("queryFilterHash")); +} + +var disabledDown = ((result.header.querySentinelDown == null) || + (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : ""; +var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : ""; + +document.write( +"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|<<</button>\n"+ +"<button "+disabledUp+" NAME=up onClick='doNext(this)' VALUE='<' width='72'><</button>\n"+ +"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+ +result.header.totalRecordCount+ "'>\n"+ +"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+ +result.header.queryCertFilter+ "'>\n"+ +"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+ +result.header.querySentinelDown+ "'>\n"+ +"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+ +result.header.querySentinelUp+ "'>\n"+ +"<INPUT TYPE=hidden NAME=serialTo VALUE='"+ +result.header.serialTo+ "'>\n"+ +"<INPUT TYPE=hidden NAME=direction VALUE='"+ +result.header.direction+ "'>\n"+ +"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+ +result.header.maxCount+ "'>\n"+ + +"<button "+disabledDown+" NAME=down onClick='doNext(this)' VALUE='>' width='72'>></button>\n"+ +"<button NAME=end onClick='doNext(this)' VALUE='>>|' width='72'>>>|</button>\n"+ +"</FORM>\n"); +} + +function doRevokeAll(form) +{ +// form.action = result.header.serviceURL; + form.totalRecordCount.value = result.header.totalRecordCount; + form.revokeAll.value = result.header.queryCertFilter; + form.submit(); +} + +function displayRevokeAllForm(recordCount) +{ +// document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+ + document.write("<FORM NAME ='revokeAllForm' "+ + "METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+ + "ACTION='"+ "/reasonToRevoke" +"'>\n"+ + "<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+ + "<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+ + "<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+ + "<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+ + "</FORM>\n"); +// "</FORM></DIV>\n"); +} + + +displaySearchResults(); + +//--> +</SCRIPT> + +<div id="certMetaDatadiv" class="floating"> +<table id="t" width="100%"> +<tr><td/></tr> +</table> +</div> + +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template new file mode 100644 index 000000000..7edfe7e29 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/reasonToRevoke.template @@ -0,0 +1,480 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<CMS_TEMPLATE> +<TITLE>Certificate Revocation Confirmation</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script> +<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function validate() +{ + var caCert = -1; + var filter = "(|"; + var n = 0; + + if (document.forms[0].invalidityEnabled.checked) { + var d = convertDate(document.forms[0], "Invalidity Date"); + if (d == null) return false; + document.forms[0].invalidityDate.value = d; + } + + for (var i = 0; i < result.recordSet.length; ++i ) { + if (result.recordSet[i].serialNumber != null) { + for (var j = 0; j < document.forms[0].length; j++) { + if (result.recordSet[i].serialNumber == + document.forms[0].elements[j].name) { + if (document.forms[0].elements[j].checked) { + n++; + filter += "(certRecordId="+ + result.recordSet[i].serialNumberDecimal+")"; + if (result.header.caSerialNumber != null && + result.recordSet[i].serialNumber == + result.header.caSerialNumber) { + caCert = result.header.caSerialNumber; + } + } + break; + } + } + } + } + if (n > 0) { + filter += ")"; + document.forms[0].revokeAll.value = filter; + } else { + alert("No certificate has been selected."); + return false; + } + + if (caCert > -1) { + return confirm("WARNING!!!\n"+ + "You are about to do an irreversible operation.\n"+ + "Certificate #"+toHex(caCert)+ + " belongs to your Certificate Authority.\n"+ + "Do you really want to revoke this certificate?"); + } + return true; +} + +function clickedOnInvalidityEnabled() +{ + if (document.forms[0].invalidityEnabled.checked) { + var date = new Date(); + if (document.forms[0].day.options[document.forms[0].day.selectedIndex].value == 0) { + document.forms[0].day.selectedIndex = date.getDate(); + } + if (document.forms[0].month.options[document.forms[0].month.selectedIndex].value == 13) { + document.forms[0].month.selectedIndex = date.getMonth() +1; + } + if (document.forms[0].year.options[document.forms[0].year.selectedIndex].value == 0) { + for (var i = 0; i < document.forms[0].year.options.length; i++) { + if (document.forms[0].year.options[i].value == date.getFullYear()) { + document.forms[0].year.selectedIndex = i; + } + } + } + } +} + +function toHex1(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + '0x' + '0' + absValue; +} + +function toHex(number) +{ + return '0x' + '0' + number; +} + +function renderDateFromSecs(secs) +{ + if (secs == null) return ""; + var dateTmp = new Date(); + dateTmp.setTime(secs * 1000); + var year = dateTmp.getYear(); + if (year < 100) { + year += 1900; + } else { + year %= 100; + year += 2000; + } + return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year; +} + +function renderCell(cellData) +{ + return ("<td><font size=\"-2\" face=\"PrimaSans BT, Verdana, sans-serif\">"+ + cellData+ "</font></td>\n"); +} + +function renderRow(cell1, cell2) +{ + var twoCells = renderCell(cell1) + renderCell(cell2); + return ("<tr valign=\"TOP\">\n" + twoCells + "</tr>\n"); +} + +function renderRowWithCheckbox(serialNumber, cell1, cell2) +{ + var allCells = "<td rowspan=4><input TYPE=\"CHECKBOX\" checked NAME=" + + serialNumber + "></td>\n" + + renderCell(cell1) + renderCell(cell2); + return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n"); +} + +function renderRowWithoutCheckbox(cell1, cell2) +{ + var allCells = "<td rowspan=4> </td>\n" + + renderCell(cell1) + renderCell(cell2); + return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n"); +} + +function addSpaces(str) +{ + var outStr = ""; + var i0 = 0; + var i1 = 0; + + while (i1 < str.length) { + i1 = str.indexOf(',', i0); + if (i1 > -1) { + i1++; + outStr += str.substring(i0, i1); + outStr += " "; + i0 = i1; + } else { + outStr += str.substring(i0, str.length); + i1 = str.length; + } + } + + return outStr; +} + +function displayCertInfo() +{ + document.write("<table border=\"0\" cellspacing=\"2\">"); + for (var i = 0; i < result.recordSet.length; ++i ) { + if (result.recordSet[i].serialNumber != null) { + if (result.header.caSerialNumber != null && + result.recordSet[i].serialNumber == + result.header.caSerialNumber) { + document.write(renderRowWithoutCheckbox("Serial Number: ", + toHex(result.recordSet[i].serialNumber))); + } else { + document.write(renderRowWithCheckbox( + result.recordSet[i].serialNumber, + "Serial Number: ", + toHex(result.recordSet[i].serialNumber))); + } + } + if (result.recordSet[i].subject != null) { + document.write(renderRow("Subject Name:", + addSpaces(result.recordSet[i].subject))); + } + if ((result.recordSet[i].validNotBefore != null) && + (result.recordSet[i].validNotAfter != null)) { + validity = 'not before: '+ + renderDateFromSecs(result.recordSet[i].validNotBefore) + + ' and not after: ' + + renderDateFromSecs(result.recordSet[i].validNotAfter); + document.write(renderRow("Valid:", validity)); + } + document.write(renderRow(" ", " ")); + } + document.write("</table>"); +} + +function renderReason() +{ + var reason = new Array("Unspecified", + "Key compromised", + "CA key compromised", + "Affiliation changed", + "Certificate superceded", + "Cessation of operation", + "Certificate is on hold", + "Unspecified", // value 7 is not used + "Remove from CRL", + "Privilege withdrawn", + "AA key compromise"); + var activeChoice = new Array(1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0); + document.write("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n"); + for (var i = 0; i < reason.length; i++) { + if (activeChoice[i] > 0) { + document.write("<tr><td width=\"1%\">\n"); + document.write("<input type=\"RADIO\""); + if ((result.header.reason != null && result.header.reason == i) || + (i == 0 && result.header.reason == null)) { + document.write(" checked"); + } + document.write(" name=\"revocationReason\" value=\""+i+"\">\n"); + document.write("</td><td width=\"99%\">\n"); + document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, sans-serif\">\n"); + document.write(reason[i]+"</font></td></tr>\n"); + } + } + document.write("</table>\n"); +} +//--> +</SCRIPT> +</head> +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Certificate Revocation Confirmation</font><br> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Use this form to confirm certificate revocation by selecting appropriate +revocation reason and submitting the form.</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this + request you must use the browser environment in which you have access to your authentication certificate and key. </font></td> + </tr> +</table> +<br><br> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +<b>Certificate Details</b><br> +The details of the certificate being revoked are below: +</font> + +<form method="post" action="/ca/ee/ca/doRevoke" onSubmit="return validate()"> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +if (result.recordSet.length == 0) { + document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+ + "No Matching Certificates Found</font><br><br>\n"); +} else { + displayCertInfo(); +} +//--> +</SCRIPT> +<br> + + <table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td valign="TOP" colspan="2"> + <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Select Invalidity Date</font></b><br> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Please select the date on which it is known or suspected that the private key + was compromised or that the certificate otherwise became invalid.</font> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <INPUT TYPE="CHECKBOX" NAME="invalidityEnabled" onClick="clickedOnInvalidityEnabled();"> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Invalidity date: + <SELECT NAME="day"> + <OPTION VALUE=0> + <OPTION VALUE=1>1 + <OPTION VALUE=2>2 + <OPTION VALUE=3>3 + <OPTION VALUE=4>4 + <OPTION VALUE=5>5 + <OPTION VALUE=6>6 + <OPTION VALUE=7>7 + <OPTION VALUE=8>8 + <OPTION VALUE=9>9 + <OPTION VALUE=10>10 + <OPTION VALUE=11>11 + <OPTION VALUE=12>12 + <OPTION VALUE=13>13 + <OPTION VALUE=14>14 + <OPTION VALUE=15>15 + <OPTION VALUE=16>16 + <OPTION VALUE=17>17 + <OPTION VALUE=18>18 + <OPTION VALUE=19>19 + <OPTION VALUE=20>20 + <OPTION VALUE=21>21 + <OPTION VALUE=22>22 + <OPTION VALUE=23>23 + <OPTION VALUE=24>24 + <OPTION VALUE=25>25 + <OPTION VALUE=26>26 + <OPTION VALUE=27>27 + <OPTION VALUE=28>28 + <OPTION VALUE=29>29 + <OPTION VALUE=30>30 + <OPTION VALUE=31>31 + </SELECT> + <SELECT NAME="month"> + <OPTION VALUE=13> + <OPTION VALUE=0>January + <OPTION VALUE=1>February + <OPTION VALUE=2>March + <OPTION VALUE=3>April + <OPTION VALUE=4>May + <OPTION VALUE=5>June + <OPTION VALUE=6>July + <OPTION VALUE=7>August + <OPTION VALUE=8>September + <OPTION VALUE=9>October + <OPTION VALUE=10>November + <OPTION VALUE=11>December + </SELECT> + <SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 2); +//--> +</SCRIPT> + </SELECT> + <br> + </font> + </td> + </tr> + <tr> + <td valign="TOP" colspan="2"> + <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Select Revocation Reason</font></b><br> + <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> + Please select reason for revocation.</font> + </td> + </tr> + <tr> + <td> +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + renderReason(); +//--> +</SCRIPT> +<br> + </td> + </tr> + <tr> + <td colspan="2"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>Additional Comments</b><br> + If you want to include any additional comments in your revocation request, write them here. + </font> + </td> + </tr> + <tr> + <td> + <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea> + </td> + </tr> + </table> + <br> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +//var caCert = isOnTheListToBeRevoked(result.header.caSerialNumber); +var caCert = -1; +if (caCert > -1) { + document.write("<font size=\"-1\" color=\"red\" "+ + "face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+ + "<b>WARNING!!!</b><br>"+ + "You are about to do an irreversible operation.<br>"+ + "Certificate #"+toHex(caCert)+ + " belongs to your Certificate Authority.<br>"+ + "Do you really want to revoke this certificate?"+ + "</font><br> <br> \n"); +} + +function isOnTheListToBeRevoked(serialNumber) +{ + if (result.recordSet.length > 0 && serialNumber != null) { + for (var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].serialNumber != null) { + if (result.recordSet[i].serialNumber == serialNumber) { + return serialNumber; + } + } + } + } + return (-1); +} + +function revokeCert(serialNumber) +{ + return confirm("WARNING!!! You are about to do an irreversible operation.\n"+ + "Certificate # "+toHex(serialNumber)+ + " belongs to your Certificate Authority."+ + "Do you really want to revoke this certificate ?"); +} +//--> +</SCRIPT> + + <table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%"> + <tr> + <td ALIGN=RIGHT BGCOLOR="#E5E5E5"> + <input type="submit" value="Submit" name="submit" width="72"> + <input type="hidden" name="op" value="doRevoke"> + <input type="hidden" name="templateType" value="RevocationSuccess"> + <input type="reset" value="Reset" name="reset" width="72"> +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + document.writeln("<INPUT TYPE=hidden name=serialNumber value=\"" + + result.header.serialNumber +"\">"); + document.writeln("<INPUT TYPE=hidden name=revokeAll value=\"" + + result.header.revokeAll +"\">"); + document.writeln("<INPUT TYPE=hidden name=totalRecordCount value=\"" + + result.header.totalRecordCount +"\">"); + document.writeln("<INPUT TYPE=hidden name=verifiedRecordCount value=\"" + + result.header.verifiedRecordCount +"\">"); + document.writeln("<INPUT TYPE=hidden name=invalidityDate value=\"0\">"); + if (result.header.request != null) { + document.writeln("<INPUT TYPE=hidden name=requestId value=\"" + + result.header.request +"\">"); + } + if (result.header.b64eCertificate != null) { + document.writeln("<INPUT TYPE=hidden name=b64eCertificate value=\"" + + result.header.b64eCertificate +"\">"); + } + if (typeof(result.header.nonce) != "undefined") { + document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + + result.header.nonce +"\">"); + } +//--> +</SCRIPT> + </td> + </tr> + </table> + </form> +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html b/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html new file mode 100644 index 000000000..c463d2d3d --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/recoveryMenu.html @@ -0,0 +1,32 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Recovery Menu</title> +</head> + +<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399"> + +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[3].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template b/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template new file mode 100644 index 000000000..f66f683cf --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/remoteAuthConfig.template @@ -0,0 +1,74 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title></title> + <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +</head> + +<CMS_TEMPLATE> + +<BODY bgcolor="white"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Delegated Administrator +</font> +<br> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Directory Enrollment Setup. +</font> +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + +<SCRIPT LANGUAUGE="JavaScript"> +if (result.header.error != null) { + document.writeln('Error: '+result.header.error); +} else { + if (result.header.op != null) { + if (result.header.op == "add") { + document.write('New'); + if (result.header.instance != null) + document.write(' <b>'+result.header.instance+'</b>'); + document.write(' instance of the'); + if (result.header.plugin != null) + document.write(' <b>'+result.header.plugin+'</b>'); + else + document.write(' directory enrollment'); + document.writeln(' plugin has been added.'); + } else if (result.header.op == "delete") { + document.write('Instance'); + if (result.header.instance != null) + document.write(' <b>'+result.header.instance+'</b>'); + document.writeln(' of the directory enrollment plugin has been deleted.'); + } else { + document.writeln('Unknown operation'); + } + } +} +</SCRIPT> + +</font> + +</BODY> +</HTML> + + diff --git a/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html b/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html new file mode 100644 index 000000000..ca2956b33 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/renewalMenu.html @@ -0,0 +1,32 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Renewal Menu</title> +</head> + +<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399"> + +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[1].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/requestStatus.template b/base/ca/shared/webapps/ca/ee/ca/requestStatus.template new file mode 100644 index 000000000..a25f5e2ad --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/requestStatus.template @@ -0,0 +1,221 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Request Status</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +</head> + +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script> + +<CMS_TEMPLATE> + +<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1"> +Request Status +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2" width="100%"> +<tr align="left"><td width="20%"></td><td width="80%"></td></tr> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function renderDateFromSecs(secs) +{ + if (secs == null) return ""; + var dateTmp = new Date(); + dateTmp.setTime(secs * 1000); + var year = dateTmp.getYear(); + if (year < 100) { + year += 1900; + } else { + year %= 100; + year += 2000; + } + return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" "+ + (dateTmp.getHours()<10?" ":"")+ + dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+ + dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+ + dateTmp.getSeconds(); +} + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + absValue; +} + +function renderHexNumber(number,width) +{ + var num = number; + while (num.length < width) + num = "0"+num; + return "0x"+num; +} + +function renderPkcs7(pkcs7) +{ + var len = pkcs7.length; + var str = ""; + for (var i = 0; i < len; i=i+64){ + if (i+64 < len) + str = str + pkcs7.substring(i,i+64) +"\n"; + else + str = str + pkcs7.substring(i,len) ; + } + return str; +} + +if (result.header.requestId != null) { + document.writeln('<tr><td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + 'Request:</font></td>'); + document.writeln('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a href="checkRequest?requestId='+ + result.header.requestId+'"'+ + 'onMouseOver=" return helpstatus(\'Click to redisplay this '+ + 'request \')" onMouseOut="return helpstatus(\'\')">'+ + result.header.requestId + '</a></font></td></tr>'); + + document.writeln('<tr><td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + 'Submitted on:</font></td>'); + document.writeln('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + renderDateFromSecs(result.header.createdOn) + + '</font></td></tr>'); + + document.writeln('<tr><td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+ + 'Status:</b></font></td>'); + document.writeln('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+ + result.header.status + '</b></font></td></tr>'); + + if (result.header.requestNotes != null) { + document.writeln('<tr><td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + 'Additional Notes:</font></td>'); + document.writeln('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + result.header.requestNotes+'</font></td></tr>'); + } + if (result.recordSet != null && result.recordSet.length > 0) { + document.writeln('<tr>'); + if (result.recordSet.length > 1) { + document.writeln('<td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + 'Issued certificates:</font></td>'); + } else { + document.writeln('<td valign="top" align="right">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + 'Issued certificate:</font></td>'); + } + + if (result.header.authority != null && (result.header.authority == 'ra' || + result.recordSet.length > 1)) { + document.write('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a href="displayCertFromRequest?requestId='+ + result.header.requestId + '"' + + ' onMouseOver=" return helpstatus(\'Click to display this '+ + 'certificate \')" onMouseOut="return helpstatus(\'\')">'); + for (var i = 0; i < result.recordSet.length; i++) { + document.write(renderHexNumber(result.recordSet[i].serialNumber,8)); + if (i+1 < result.recordSet.length) { + document.write(' \& '); + } + } + document.writeln('</a></font></td>'); + } else if (result.header.authority != null && result.header.authority == 'ca') { + if (result.recordSet[0].serialNumber != null) { + document.writeln('<td valign="top">'+ + '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ + '<a href="displayBySerial?serialNumber='+ + '0x'+result.recordSet[0].serialNumber + '"' + + ' onMouseOver=" return helpstatus(\'Click to display this '+ + 'certificate \')" onMouseOut="return helpstatus(\'\')">' + + renderHexNumber(result.recordSet[0].serialNumber,8)+'</a>'+ + '</font></td>'); + } else { + document.writeln('<td valign="top" ></td>'); + } + } + + document.writeln('</tr>'); + } +} +//--> +</SCRIPT> +</table> + +<SCRIPT LANGUAUGE="JavaScript"> +if (result.header.pkcs7ChainBase64 != null) { + +document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); +document.writeln('<tr>'); +document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<p>'); +document.writeln('Certificate with CA certificate chain in pkcs7 format:'); +document.writeln('</font>'); +document.writeln('<p><pre>'); +document.writeln('-----BEGIN CERTIFICATE-----'); +document.writeln(renderPkcs7(result.header.pkcs7ChainBase64)); +document.writeln('-----END CERTIFICATE-----'); +document.writeln('</pre>'); +document.writeln('</tr>'); +document.writeln('</table>'); +} + +if (result.header.cmcFullEnrollmentResponse != null) { +document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); +document.writeln('<tr>'); +document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('<p>'); +document.writeln('Certificate embedded in CMC full enrollment response:'); +document.writeln('</font>'); +document.writeln('<p><pre>'); +document.writeln('-----BEGIN CERTIFICATE-----'); +document.writeln(result.header.cmcFullEnrollmentResponse); +document.writeln('-----END CERTIFICATE-----'); +document.writeln('</pre>'); +document.writeln('</tr>'); +document.writeln('</table>'); +} +</SCRIPT> + +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html b/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html new file mode 100644 index 000000000..c7d8d13c8 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/retrievalMenu.html @@ -0,0 +1,36 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Retrieval Menu</title> +</head> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script lang="javascript" src="/ca/ee/dynamicVars.js"></script> + +<script lang=javascript> +//<!-- + if (http != 'true') { + top.loadMenu(top.tabs[2].menu); + } else { + top.loadMenu(top.tabs[1].menu); + } +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html b/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html new file mode 100644 index 000000000..1b1d19a60 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/revocationMenu.html @@ -0,0 +1,31 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Revocation Menu</title> +</head> + + +<script lang=javascript> +//<!-- +top.loadMenu(top.tabs[1].menu); +//--> +</script> + +</body> diff --git a/base/ca/shared/webapps/ca/ee/ca/revocationResult.template b/base/ca/shared/webapps/ca/ee/ca/revocationResult.template new file mode 100644 index 000000000..ddcc66198 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/revocationResult.template @@ -0,0 +1,190 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE></TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<CMS_TEMPLATE> +<BODY bgcolor="white"> +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function toHex1(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + '0x' + absValue; +} + +function toHex(number) +{ + return '0x' + number; +} + +if (result.header.revoked == 'yes') { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate Revocation Has Been Completed</font><br><br>'); + if (result.recordSet.length == 0 && result.header.totalRecordCount > 0) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.write('All requested certificates were already revoked.'); + document.writeln('</font><br>'); + } else if (result.recordSet.length == 1) { + if (result.recordSet[0].error == null) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate with serial number <b>' + + toHex(result.recordSet[0].serialNumber) + + '</b> has been revoked.'); + document.writeln('</font><br>'); + + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + if (result.header.updateCRL && result.header.updateCRL == "yes") { + if (result.header.updateCRLSuccess != null && + result.header.updateCRLSuccess == "yes") { + document.writeln('The Certificate Revocation List has been successfully updated.'); + } else { + document.writeln('The Certificate Revocation List update Failed'); + if (result.header.updateCRLSuccess != null) + document.writeln(' with error '+ result.header.updateCRLError); + else + document.writeln('. No further details provided.'); + } + } else { + document.writeln( + 'The Certificate Revocation List will be updated '+ + 'automatically at the next scheduled update.'); + } + document.writeln('</font><br>'); +/* + if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + if (result.header.certsUpdated > 0) { + document.write('Directory has been successfully updated.'); + } else { + document.write('Directory has not been updated. See log files for more details.'); + } + document.writeln('</font><br>'); + } +*/ + } else { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate with serial number <b>' + + toHex(result.recordSet[0].serialNumber) + + '</b> is not revoked.<br><br>'); + document.writeln('Additional Information:'); + document.writeln('</font>'); + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln(result.recordSet[0].error); + document.writeln('</font>'); + document.writeln('</blockquote>'); + } + } else if (result.recordSet.length > 1) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.write('The following certificates were processed to complete revocation request:'); + document.writeln('</font>'); + + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + var revokedCerts = 0; + for(var i = 0; i < result.recordSet.length; i++) { + if (result.recordSet[i].error == null) { + revokedCerts++; + document.writeln(toHex(result.recordSet[i].serialNumber) + ' - revoked<BR>\n'); + } else { + document.write(toHex(result.recordSet[i].serialNumber) + ' - failed'); + if (result.recordSet[i].error != null) + document.write(': ' + result.recordSet[i].error); + document.writeln('<BR>\n'); + } + } + document.writeln('</font>'); + document.write('</blockquote>'); + + if (revokedCerts > 0 && result.header.dirEnabled != null && result.header.dirEnabled == 'yes') { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + if (result.header.updateCRL && result.header.updateCRL == "yes") { + if (result.header.updateCRLSuccess != null && + result.header.updateCRLSuccess == "yes") { + document.writeln('The Certificate Revocation List has been successfully updated.'); + } else { + document.writeln('The Certificate Revocation List update Failed'); + if (result.header.updateCRLSuccess != null) + document.writeln(' with error '+ + result.header.updateCRLError); + else + document.writeln('. No further details provided.'); + } + } else { + document.writeln( + 'The Certificate Revocation List will be updated '+ + 'automatically at the next scheduled update.'); + } + document.writeln('<br>'); +/* + if (result.header.certsUpdated > 0) { + if (result.header.certsUpdated == result.header.certsToUpdate) { + document.write('Directory has been successfully updated.'); + } else { + document.write('Directory has been partially updated. See log files for more details.'); + } + } else { + document.write('Directory has not been updated. See log files for more details.'); + } +*/ + document.writeln('</font><br>'); + } + } +} else if (result.header.revoked == 'pending') { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Revocation Request Has Been Submitted</font><br><br>'); +} else if (result.header.revoked == 'rejected') { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate Revocation Has Been Rejected</font><br><br>'); + if (result.header.error != null) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>'); + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln(result.header.error); + document.writeln('</font>'); + document.writeln('</blockquote>'); + } +} else { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Revocation Request Cannot Be Completed</font><br><br>'); + if (result.header.error != null) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>'); + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln(result.header.error); + document.writeln('</font>'); + document.writeln('</blockquote>'); + } +} +//--> +</SCRIPT> +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/srchCert.html b/base/ca/shared/webapps/ca/ee/ca/srchCert.html new file mode 100644 index 000000000..2676d2592 --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/srchCert.html @@ -0,0 +1,1587 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> + <title>Search for Certificates</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script> +<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script> +</head> + +<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> +<font size=+1 face="PrimaSans BT, Verdana, sans-serif"> +Search for Certificates +</font><br> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Use this form to compose queries based on properties of the certificate. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Each section below filters the search. Check the box at the top of the +section if you want to use that filter in your search, then complete the fields. +Leave a box unchecked to ignore that filter. You can click more than one box +to get a combination of search criteria. +</font> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Serial Number Range</font></b> +<FORM NAME="serialNumberRangeCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td colspan="3"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates that fall within the following range:</font> +</td> +</tr> +<tr> +<td> </td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Lowest serial number:</font></td> +<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +(leave blank for no lower limit)</font></td> +</tr> +<tr> +<td> </td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Highest serial number:</font></td> +<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td> +<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +(leave blank for no upper limit)</font></td> +</tr> +</table> +</FORM> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Enter a range of certificate serial numbers in hexadecimal form +(starting with 0x, as in the certificate list) or in decimal form. +</font> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function serialNumberRangeCritInUse() +{ + if (document.serialNumberRangeCritForm.inUse.checked) { + document.queryForm.serialNumberRangeInUse.value = 'on'; + } + document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value; + document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value; + return document.serialNumberRangeCritForm.inUse.checked; +} + +function serialNumberRangeCrit() +{ + var crit = new Array; + var next = 0; + var canonicalFrom = "", canonicalTo = ""; + + if (document.serialNumberRangeCritForm.serialFrom.value != "") { + canonicalFrom = + trim(document.serialNumberRangeCritForm.serialFrom.value); + } + + if (canonicalFrom != "") { + if (!isDecimalNumber(canonicalFrom)) { + if (isHexNumber(canonicalFrom)) { + canonicalFrom = "0x" + + removeColons(stripPrefix(canonicalFrom)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the low end of the serial number range."); + return null; + } + } + if (isNegative(canonicalFrom)) { + alert("You must specify a positive value for the low " + + "end of the serial number range."); + return null; + } + crit[next++] = "(certRecordId>=" + canonicalFrom + ")"; + } + + if (document.serialNumberRangeCritForm.serialTo.value != "") { + canonicalTo = + trim(document.serialNumberRangeCritForm.serialTo.value); + } + + if (canonicalTo != "") { + if (!isDecimalNumber(canonicalTo)) { + if (isHexNumber(canonicalTo)) { + canonicalTo = "0x" + + removeColons(stripPrefix(canonicalTo)); + } else { + alert("You must specify a decimal or hexadecimal value" + + "for the high end of the serial number range."); + return null; + } + } + if (isNegative(canonicalTo)) { + alert("You must specify a positive value for the high " + + "end of the serial number range."); + return null; + } + crit[next++] = "(certRecordId<=" + canonicalTo + ")"; + } + + /* Can not do this using parseInt */ + /* + if (document.serialNumberRangeCritForm.serialFrom.value != "" && + document.serialNumberRangeCritForm.serialTo.value != "") { + if (parseInt(canonicalFrom) > parseInt(canonicalTo)) { + alert("The low end of the range is larger than the high end."); + return null; + } + } + */ + + return nsjoin(crit,""); +} +//--> +</SCRIPT> + + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b> +<FORM NAME="subjectCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates with a subject name matching the following: +</font> +</td> +</tr> + +<tr align="left"> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Email address: +</font></td> +<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Common name: +</font></td> +<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +User ID: +</font></td> +<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Organization unit: +</font></td> +<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Organization: +</font></td> +<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Locality: +</font></td> +<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +State: +</font></td> +<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Country: +</font></td> +<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font> +</td> +<td> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<INPUT TYPE="RADIO" NAME="match" VALUE="exact"> +Exact +</font> +</td> +<tr> +<td> </td> +<td align="right"> </td> +<td> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial"> +Partial +</font> +</td> +</tr> +</table> +</FORM> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Enter values for the fields you want to have in your search criteria. +Leave other fields blank. +<br><br> +Exact match method finds certificates for subjects whose name consists +<b>exactly</b> of the components that you have filled in above, and contains +none of the components you have left blank. Pattern matching wildcard +values cannot be used in this search. +<br><br> +Partial match method finds certificates for subjects whose name consists +<b>in part</b> of the components you have specified above, and in addition +may contain arbitrary values for the other components you have left blank above. +Pattern matching wildcard values can be used in this search. +</font> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function subjectCritInUse() +{ + if (document.subjectCritForm.inUse.checked) { + document.queryForm.subjectInUse.value = 'on'; + } + document.queryForm.eMail.value = document.subjectCritForm.eMail.value; + document.queryForm.commonName.value = document.subjectCritForm.commonName.value; + document.queryForm.userID.value = document.subjectCritForm.userID.value; + document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value; + document.queryForm.org.value = document.subjectCritForm.org.value; + document.queryForm.locality.value = document.subjectCritForm.locality.value; + document.queryForm.state.value = document.subjectCritForm.state.value; + document.queryForm.country.value = document.subjectCritForm.country.value; + if (document.subjectCritForm.match[1].checked) { + document.queryForm.match.value = 'partial'; + } else { + document.queryForm.match.value = 'exact'; + } + return document.subjectCritForm.inUse.checked; +} +function subjectCrit() +{ + return computeNameFilter(document.subjectCritForm); +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Revocation Information</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr align="left"> +<FORM NAME="revokedByCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked by: +</font> + <INPUT TYPE="text" NAME="revokedBy" SIZE=10> +</td> +</FORM> +</tr> + +<tr> +<FORM NAME="revokedOnCritForm"> +<td> +<INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.revokedOnCritForm.inUse, document.revokedOnFrom, document.revokedOnTo);"> +</td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked during the period:</font> +</td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign="top" align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="revokedOnFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 1); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="revokedOnTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 1); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> +</table> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="revocationReasonCritForm"> +<td valign="top" align="left"> +<INPUT TYPE="CHECKBOX" NAME="inUse"> +</td> +</FORM> +<td valign="top" align="left"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates revoked from the reason:</font> +</td> +<FORM NAME="revocationReasonForm"> +<td valign="top" nowrap> +<SELECT NAME="revocationReason" size=4 multiple> +<OPTION VALUE=0>Unspecified +<OPTION VALUE=1>Key compromised +<OPTION VALUE=2>CA key compromised +<OPTION VALUE=3>Affiliation changed +<OPTION VALUE=4>Certificate superceded +<OPTION VALUE=5>Cessation of operation +<OPTION VALUE=6>Certificate is on hold +<OPTION VALUE=9>Privilege withdrawn +</SELECT> +</td> +</FORM> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function revokedByCritInUse() +{ + if (document.revokedByCritForm.inUse.checked) { + document.queryForm.revokedByInUse.value = 'on'; + } + document.queryForm.revokedBy.value = document.revokedByCritForm.revokedBy.value; + return document.revokedByCritForm.inUse.checked; +} +function revokedByCrit() +{ + if (document.revokedByCritForm.revokedBy.value.length == 0) { + alert("User id in 'revoked by' filter is empty"); + return null; + } + return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")"; +} + +function revokedOnCritInUse() +{ + if (document.revokedOnCritForm.inUse.checked) { + document.queryForm.revokedOnInUse.value = 'on'; + } + d = convertToTime(document.revokedOnFrom); + if (d != null) { + document.queryForm.revokedOnFrom.value = d; + } + d = convertToTime(document.revokedOnTo); + if (d != null) { + document.queryForm.revokedOnTo.value = d; + } + return document.revokedOnCritForm.inUse.checked; +} +function revokedOnCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.revokedOnFrom)) { + from = convertDate(document.revokedOnFrom, + "Start date for revocation time range criterion"); + if (from == null) return null; + crit[next++] = "(certRevokedOn>=" + from + ")"; + } + if (!dateIsEmpty(document.revokedOnTo)) { + to = convertDate(document.revokedOnTo, + "End date for revocation time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(certRevokedOn<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for revocation time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Revocation time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} + +function revocationReasonCritInUse() +{ + if (document.revocationReasonCritForm.inUse.checked) { + document.queryForm.revocationReasonInUse.value = 'on'; + } + var values = new Array(); + var next = 0; + for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) { + if (document.revocationReasonForm.revocationReason.options[i].selected == true) { + values[next++] = i; + } + } + document.queryForm.revocationReason.value = values; + return document.revocationReasonCritForm.inUse.checked; +} +function revocationReasonCrit() +{ + var crit = new Array(); + var sum = null; + var next = 0; + + for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) { + if (document.revocationReasonForm.revocationReason.options[i].selected == true) { + crit[next++] = "(x509cert.certRevoInfo="+i+")"; + } + } + sum = nsjoin(crit,""); + if (next > 1) { + sum = "(|" + sum + ")" + } else if (next < 1) { + alert("You must select at least one revocation reason."); + return null; + } + return sum; +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Issuing Information</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="issuedByCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates issued by: +</font> + <INPUT TYPE="text" NAME="issuedBy" SIZE=10> +</td> +</FORM> +</tr> + +<tr> +<FORM NAME="issuedOnCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.issuedOnCritForm.inUse, document.issuedOnFrom, document.issuedOnTo);"></td> +<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates issued during the period:</font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="issuedOnFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 1); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="issuedOnTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 1); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function issuedByCritInUse() +{ + if (document.issuedByCritForm.inUse.checked) { + document.queryForm.issuedByInUse.value = 'on'; + } + document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value; + return document.issuedByCritForm.inUse.checked; +} +function issuedByCrit() +{ + if (document.issuedByCritForm.issuedBy.value.length == 0) { + alert("User id in 'issued by' filter is empty"); + return null; + } + return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")"; +} + + +function issuedOnCritInUse() +{ + if (document.issuedOnCritForm.inUse.checked) { + document.queryForm.issuedOnInUse.value = 'on'; + } + d = convertToTime(document.issuedOnFrom); + if (d != null) { + document.queryForm.issuedOnFrom.value = d; + } + d = convertToTime(document.issuedOnTo); + if (d != null) { + document.queryForm.issuedOnTo.value = d; + } + return document.issuedOnCritForm.inUse.checked; +} +function issuedOnCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.issuedOnFrom)) { + from = convertDate(document.issuedOnFrom, + "Start date for issue time range criterion"); + if (from == null) return null; + crit[next++] = "(certCreateTime>=" + from + ")"; + } + if (!dateIsEmpty(document.issuedOnTo)) { + to = convertDate(document.issuedOnTo, + "End date for issue time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(certCreateTime<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for issue time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Issue time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Dates of Validity</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="validNotBeforeCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotBeforeCritForm.inUse, document.validNotBeforeFrom, document.validNotBeforeTo);"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates effective during the period: +</font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotBeforeFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 10); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotBeforeTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 10); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validNotBeforeCritInUse() +{ + if (document.validNotBeforeCritForm.inUse.checked) { + document.queryForm.validNotBeforeInUse.value = 'on'; + } + d = convertToTime(document.validNotBeforeFrom); + if (d != null) { + document.queryForm.validNotBeforeFrom.value = d; + } + d = convertToTime(document.validNotBeforeTo); + if (d != null) { + document.queryForm.validNotBeforeTo.value = d; + } + return document.validNotBeforeCritForm.inUse.checked; +} + +function validNotBeforeCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.validNotBeforeFrom)) { + from = convertDate(document.validNotBeforeFrom, + "Start date for the validity beginning time range criterion"); + if (from == null) return null; + crit[next++] = "(x509Cert.notBefore>=" + from + ")"; + } + if (!dateIsEmpty(document.validNotBeforeTo)) { + to = convertDate(document.validNotBeforeTo, + "End date for the validity beginning time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(x509Cert.notBefore<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for validity beginning range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Validity beginning time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<FORM NAME="validNotAfterCritForm"> +<td><INPUT TYPE="CHECKBOX" NAME="inUse" onClick="clickedOnTimeRangeCheckBox(document.validNotAfterCritForm.inUse, document.validNotAfterFrom, document.validNotAfterTo);"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates expired during the period: </font></td> +</FORM> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotAfterFrom"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 10); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> + +<tr> +<td> </td> +<td valign=top align=right> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font> +</td> +<td valign="top" nowrap> +<FORM NAME="validNotAfterTo"> +<SELECT NAME="day"> +<OPTION VALUE=0> +<OPTION VALUE=1>1 +<OPTION VALUE=2>2 +<OPTION VALUE=3>3 +<OPTION VALUE=4>4 +<OPTION VALUE=5>5 +<OPTION VALUE=6>6 +<OPTION VALUE=7>7 +<OPTION VALUE=8>8 +<OPTION VALUE=9>9 +<OPTION VALUE=10>10 +<OPTION VALUE=11>11 +<OPTION VALUE=12>12 +<OPTION VALUE=13>13 +<OPTION VALUE=14>14 +<OPTION VALUE=15>15 +<OPTION VALUE=16>16 +<OPTION VALUE=17>17 +<OPTION VALUE=18>18 +<OPTION VALUE=19>19 +<OPTION VALUE=20>20 +<OPTION VALUE=21>21 +<OPTION VALUE=22>22 +<OPTION VALUE=23>23 +<OPTION VALUE=24>24 +<OPTION VALUE=25>25 +<OPTION VALUE=26>26 +<OPTION VALUE=27>27 +<OPTION VALUE=28>28 +<OPTION VALUE=29>29 +<OPTION VALUE=30>30 +<OPTION VALUE=31>31 +</SELECT> +<SELECT NAME="month"> +<OPTION VALUE=13> +<OPTION VALUE=0>January +<OPTION VALUE=1>February +<OPTION VALUE=2>March +<OPTION VALUE=3>April +<OPTION VALUE=4>May +<OPTION VALUE=5>June +<OPTION VALUE=6>July +<OPTION VALUE=7>August +<OPTION VALUE=8>September +<OPTION VALUE=9>October +<OPTION VALUE=10>November +<OPTION VALUE=11>December +</SELECT> +<SELECT NAME="year"> +<SCRIPT type="text/javascript"> +//<!-- +generateYearOptions(10, 10); +//--> +</SCRIPT> +</SELECT> +</FORM> +</td> +</tr> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validNotAfterCritInUse() +{ + if (document.validNotAfterCritForm.inUse.checked) { + document.queryForm.validNotAfterInUse.value = 'on'; + } + d = convertToTime(document.validNotAfterFrom); + if (d != null) { + document.queryForm.validNotAfterFrom.value = d; + } + d = convertToTime(document.validNotAfterTo); + if (d != null) { + document.queryForm.validNotAfterTo.value = d; + } + return document.validNotAfterCritForm.inUse.checked; +} + +function validNotAfterCrit() +{ + var from = null, to = null; + var crit = new Array(); + var next = 0; + if (!dateIsEmpty(document.validNotAfterFrom)) { + from = convertDate(document.validNotAfterFrom, + "Start date for the expiration time range criterion"); + if (from == null) return null; + crit[next++] = "(x509cert.notAfter>=" + from + ")"; + } + if (!dateIsEmpty(document.validNotAfterTo)) { + to = convertDate(document.validNotAfterTo, + "End date for the expiration time range criterion"); + if (to == null) return null; + to += 86399999; + crit[next++] = "(x509cert.notAfter<=" + to + ")"; + } + + if (from == null && to == null) { + alert("You must enter a date for expiration time range."); + return null; + } + if (from != null && to != null && from > to) { + alert("Expiration time range specified is empty"); + return null; + } + return nsjoin(crit,""); +} +//--> +</SCRIPT> + +<table border="0" cellspacing="2" cellpadding="2"> +<FORM NAME="validityLengthCritForm"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates with a +validity period: +</font></td> +</tr> +<tr> +<td> </td> +<td> +<SELECT NAME="validityOp"> +<OPTION VALUE="<="> not greater +<OPTION VALUE=">="> not less +</SELECT> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font> +<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2> +<SELECT NAME="unit"> +<OPTION VALUE="86400000">Day(s)</OPTION> +<OPTION VALUE="604800000">Week(s)</OPTION> +<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> +<OPTION VALUE="31536000000">Year(s)</OPTION> +</SELECT> +</td></tr> +</FORM> +</table> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function validityLengthCritInUse() +{ + if (document.validityLengthCritForm.inUse.checked) { + document.queryForm.validityLengthInUse.value = 'on'; + } + document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value; + document.queryForm.count.value = document.validityLengthCritForm.count.value; + document.queryForm.unit.value = document.validityLengthCritForm.unit.value; + return document.validityLengthCritForm.inUse.checked; +} + +function validityLengthCrit() +{ + with(document.validityLengthCritForm) { + if(!isNumber(count.value,10)) { + alert("Invalid number specified in validity length criterion"); + return null; + } + + return "(x509cert.duration" + + validityOp.options[validityOp.selectedIndex].value + + (count.value * unit.options[unit.selectedIndex].value) +")"; + } +} +//--> +</SCRIPT> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font> + +<FORM NAME="certTypeCritForm"> +<table border="0" cellspacing="2" cellpadding="2"> +<tr> +<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td> +<td align="left" colspan="2"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +Show certificates of the following types: +</font></td> +</tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font> +</td> +<td> +<SELECT NAME="SSLClient"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font> +</td> +<td> +<SELECT NAME="SSLServer"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font> +</td><td> +<SELECT NAME="SecureEmail"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font> +</td><td> +<SELECT NAME="SubordinateSSLCA"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +<tr> +<td> </td> +<td align="right"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font> +</td><td> +<SELECT NAME="SubordinateEmailCA"> +<OPTION SELECTED VALUE="">Do not care +<OPTION VALUE="on">On +<OPTION VALUE="off">Off +</SELECT> +</td></tr> +</table> +</FORM> + +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function certTypeCritInUse() +{ + if (document.certTypeCritForm.inUse.checked) { + document.queryForm.certTypeInUse.value = 'on'; + } + document.queryForm.SSLClient.value = document.certTypeCritForm.SSLClient.value; + document.queryForm.SSLServer.value = document.certTypeCritForm.SSLServer.value; + document.queryForm.SecureEmail.value = document.certTypeCritForm.SecureEmail.value; + document.queryForm.SubordinateSSLCA.value = document.certTypeCritForm.SubordinateSSLCA.value; + document.queryForm.SubordinateEmailCA.value = document.certTypeCritForm.SubordinateEmailCA.value; + return document.certTypeCritForm.inUse.checked; +} + +function certTypeCrit() +{ + var result = ''; + var count = 0; + + for (var i = 1; i < document.certTypeCritForm.length; i++) { + var sel = document.certTypeCritForm[i].selectedIndex; + if (sel > 0) { + count++; + result += '(x509cert.nsExtension.' + + document.certTypeCritForm[i].name + '='+ + document.certTypeCritForm[i].options[sel].value + ')'; + } + } + if (count == 0) { + alert("At least one of the certificate types must be selected"); + return null; + } + + return result; +} +//--> +</SCRIPT> + +<br> +<SCRIPT LANGUAGE="JavaScript"> +<!-- +function doSubmit(form) +{ + var andFilter = new Array; + var critCount = 0; + + if (serialNumberRangeCritInUse()) { + if ((andFilter[critCount++] = serialNumberRangeCrit()) == null) + return; + } + if (subjectCritInUse()) { + if ((andFilter[critCount++] = subjectCrit()) == null) + return; + } + + if (revokedOnCritInUse()) { + if ((andFilter[critCount++] = revokedOnCrit()) == null) + return; + } + if (revokedByCritInUse()) { + if ((andFilter[critCount++] = revokedByCrit()) == null) + return; + } + if (revocationReasonCritInUse()) { + if ((andFilter[critCount++] = revocationReasonCrit()) == null) + return; + } + if (issuedOnCritInUse()) { + if ((andFilter[critCount++] = issuedOnCrit()) == null) + return; + } + if (issuedByCritInUse()) { + if ((andFilter[critCount++] = issuedByCrit()) == null) + return; + } + if (validNotBeforeCritInUse()) { + if ((andFilter[critCount++] = validNotBeforeCrit()) == null) + return; + } + if (validNotAfterCritInUse()) { + if ((andFilter[critCount++] = validNotAfterCrit()) == null) + return; + } + if (validityLengthCritInUse()) { + if ((andFilter[critCount++] = validityLengthCrit()) == null) + return; + } + if (certTypeCritInUse()) { + if ((andFilter[critCount++] = certTypeCrit()) == null) + return; + } + + // At least one section must be selected + if (critCount == 0) { + alert("You must choose at least one section on this form."); + return; + } + + var f = nsjoin(andFilter,""); + if (f.length == 0) f = "(certRecordId=*)"; + form.queryCertFilter.value = "(&"+f+")"; + + form.op.value = "srchCerts"; + + form.submit(); +} +//--> +</SCRIPT> + + +<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST> +<INPUT TYPE="HIDDEN" NAME="op" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="eMail" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="commonName" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="userID" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="org" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="locality" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="state" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="country" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="match" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revokedByInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revokedBy" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revokedOnInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revokedOnFrom" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revokedOnTo" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revocationReasonInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="revocationReason" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="count" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="unit" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="certTypeInUse" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="SubordinateEmailCA" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="SubordinateSSLCA" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="SecureEmail" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="SSLClient" VALUE=""> +<INPUT TYPE="HIDDEN" NAME="SSLServer" VALUE=""> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font> +<table border="0" cellspacing="2" cellpadding="2"> + <tr> + <td align="right"> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + Maximum results:</font> + </td> + <td> + <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10> + </td> + </tr> + <tr> + <td align="right"> + <font size=-1 face="PrimaSans BT, Verdana, sans-serif"> + Time limit (in seconds):</font> + </td> + <td> + <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10> + </td> + </tr> +</table> +<br> + +<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT BGCOLOR="#E5E5E5"> + <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'> + </td> + </tr> +</table> + +</form> +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/srchCert.template b/base/ca/shared/webapps/ca/ee/ca/srchCert.template new file mode 100644 index 000000000..4213d000a --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/srchCert.template @@ -0,0 +1,487 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>Untitled Document</title> +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + +<style type="text/css"> + +.floating { + position: absolute; + left: 300px; + top: 50px; + width: 400px; + padding: 3px; + border: solid; + border-width: 2px; + background: white; + display: none; + margin: 5px; +} + + +table#t td { + font-size: 0.8em; + padding: 0px; + margin: 0px; +} + +.r { + visibility: visible; + background-color: pink; +} + + +.h { + background-color: #eeeeee; + font-color: #606060; + font-weight: bold; +} + +</STYLE> +</head> + +<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000"> +<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results +</font><br> +<table border="0" cellspacing="0" cellpadding="0" background="/pki/images/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<CMS_TEMPLATE> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- + +function toHex(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + absValue; +} + +function revokeCert(serialNumber) +{ + return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ + renderHexNumber(serialNumber,8)+ " ?"); +} + +function renderOidName(oid) +{ + if (oid == "1.2.840.113549.1.1.1") + return "PKCS #1 RSA"; + else if (oid == "1.2.840.113549.1.1.4") + return "PKCS #1 MD5 With RSA"; + else if (oid == "1.2.840.10040.4.1") + return "DSA"; + else + return "OID."+oid; +} + +function renderHexNumber(number,width) +{ + var num = number; + while (num.length < width) + num = "0"+num; + return "0x"+num; +} + +function renderDateFromSecs(secs) +{ + if (secs == null) return ""; + var dateTmp = new Date(); + dateTmp.setTime(secs * 1000); + var year = dateTmp.getYear(); + if (year < 100) { + year += 1900; + } else { + year %= 100; + year += 2000; + } + return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" "+ + (dateTmp.getHours()<10?" ":"")+ + dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+ + dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+ + dateTmp.getSeconds(); +} + +function renderDetailsButton(serialNumber) +{ + return "<FORM METHOD=post "+ +"ACTION="+ "/displayBySerial" +">"+ +"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+ +"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+ serialNumber +"'>\n"+ +"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n"; +} + +function renderRevokeButton(serialNumber) +{ + return "<FORM METHOD=post "+ +//"onSubmit='return revokeCert("+serialNumber+");' "+ +"ACTION='"+ "/reasonToRevoke" +"'>\n"+ +"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+ +"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+ +"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+ +"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+ +"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+ +"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+ +"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+ +"</FORM>\n"; +} + +function addSpaces(str) +{ + var outStr = ""; + var i0 = 0; + var i1 = 0; + + while (i1 < str.length) { + i1 = str.indexOf(',', i0); + if (i1 > -1) { + i1++; + outStr += str.substring(i0, i1); + outStr += " "; + i0 = i1; + } else { + outStr += str.substring(i0, str.length); + i1 = str.length; + } + } + + return outStr; +} + +function addEscapes(str) +{ + var outStr = str.replace(/</g, "<"); + outStr = outStr.replace(/>/g, ">"); + return outStr; +} + +function getRevocationReason(revocationReason) +{ + var reasons = new Array("Unspecified", + "Key compromised", + "CA key compromised", + "Affiliation changed", + "Certificate superceded", + "Cessation of operation", + "Certificate is on hold", + "Unspecified", // value 7 is not used + "Remove from CRL", + "Privilege withdrawn", + "AA key compromise"); + if (revocationReason < 0 || revocationReason >= reasons.length) + revocationReason = 0; + return reasons[revocationReason]; +} + +function isRevoked(index) +{ + return (recordSet[index].revokedOn != null); +} + + + + +function setNode(table,desc,content,style) +{ + var row = table.insertRow(-1); + if (style) { + row.className = style; + } + var cell1 = row.insertCell(-1); + var desc_text = document.createTextNode(desc); + cell1.appendChild(desc_text); + var cell2 = row.insertCell(-1); + var content_text = document.createTextNode(content); + cell2.appendChild(content_text); +} + + + +function mouseover(element,event) +{ + var x = event.clientX; + var y = event.clientY; + + var index= element.getAttribute("index"); + if (index == null) { return false; } + var cert = recordSet[index]; + + element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF"; + + var v; + var e = document.getElementById("certMetaDatadiv"); + + var t = document.getElementById("t"); + + // delete all the rows in the table + var i=0; + while (i < t.rows.length) { + t.deleteRow(0); + } + + setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h"); + setNode(t,"Version:", cert.version+1); + setNode(t,"Certificate Type:",cert.type); + setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+ + " with "+ cert.subjectPublicKeyLength+"-bit key"); + setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore)); + setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter)); + setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn)); + setNode(t,"Issued By:", cert.issuedBy); + + if (isRevoked(index)) { + setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r"); + setNode(t,"Revoked by:", cert.revokedBy, "r"); + setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r"); + assumedheight = 210; + } else { + assumedheight = 180; + } + + e.style.left = x+30; // x-offset of floating div + + var offset = 20; // extra y-offset of floating div + var bottom = y + offset + assumedheight; + if (bottom > window.innerHeight) { + offset = 0 - (2*offset) - assumedheight; + } + + e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px'; + + // unhide the window + e.style.display ="block"; + + +} + +function mouseout(element) +{ +// window.setTimeout("hide",1); + var index= element.getAttribute("index"); + if (recordSet[index].revokedOn != null) { + element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE"; + } else { +// element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE"; + element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF"; + } + hide(); +} + +function hide() +{ + document.getElementById("certMetaDatadiv").style.display ="none"; +} + +function displayCertificateRecord(i, cert) +{ + document.write( +// "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+ + "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+ + "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ + renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+ + "<td width=16%>"+(cert.revokedOn != null ?"revoked":"valid")+"</td>\n"+ + "<td style='overflow: hidden; white-space: nowrap;'>"+ + " <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ + " <div style='overflow: hidden; white-space: nowrap;'>"+ + " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+ + cert.serialNumber+"' onmouseover='mouseover(this,event);' "+ + "onmouseout='mouseout(this);'>"+ + addEscapes(cert.subject)+"</div></font>"+ + "</a></td>"+ + "</tr>\n" + + ); +} + +function displaySearchResults() +{ +if (result.recordSet.length == 0) { + document.write( +"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n" + ); +} else { + + document.write( +"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer: " + +(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") + +"</font><br>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Total number of records found: "+result.header.totalRecordCount+ +"</font>\n" + ); + + if (result.header.totalRecordCount == result.header.maxSize) { + document.write( +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"(Maximum size reached)"+ +"</font>\n" + ); + } + + document.write( +"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+ +"<tr><td width=18%> </td><td width=16%> </td><td> </td></tr>\n"+ +"<tr bgcolor='#e5e5e5'><td>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Serial number</font></td>\n"+ + +"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Status</td>\n"+ + +"<td\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +"Subject name</font></td></tr>\n"); + + for(var i = 0; i < result.recordSet.length; ++i ) { + displayCertificateRecord(i, result.recordSet[i]); + } +document.write("</table>\n"); + + + if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) || + (result.header.querySentinel != null)) { + document.write("<br> \n" + + "<table border='0' cellspacing='0' cellpadding='0' background='/pki/images/hr.gif' width='100%'>\n"+ + "<tr><td> </td></tr></table>\n"); + } + + document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+ + "<tr align=center><td>\n"); + + if (result.header.revokeAll != null && result.header.totalRecordCount > 1) { + displayRevokeAllForm(result.header.totalRecordCount); + document.write("</td><td>\n"); + } + + if (result.header.querySentinel != null) { + displayNextForm(); + } + + document.write("</td></tr></table>\n"); +} +} + +function renderHidden(name,value) +{ + return "<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n"; +} + +function doNext(form) +{ +// form.action = "/"+result.header.op; + form.action = "listCerts"; + form.op.value = result.header.op; + form.querySentinel.value = result.header.querySentinel; + form.totalRecordCount.value = result.header.totalRecordCount; + if (result.header.revokeAll != null) { + form.revokeAll.value = result.header.revokeAll; + } + if (result.header.queryFilterHash != null) { + form.queryFilterHash.value = result.header.queryFilterHash; + } + // form.submit(); +} + +function displayNextForm() +{ + document.write( +//"<div align=center> \n"+ +"<FORM NAME ='nextForm' METHOD=POST onSubmit='doNext(nextForm);' "+ +"ACTION=''>\n"+ +renderHidden("op")); + +if (result.header.revokeAll != null) { + document.write(renderHidden("revokeAll")); +} + +if (result.header.queryFilterHash != null) { + document.write(renderHidden("queryFilterHash")); +} + +document.write("<INPUT TYPE=submit VALUE='Find' width='72'>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +" next</font>\n"+ +"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+ +result.header.totalRecordCount+ "'>\n"+ +"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+ +result.header.queryCertFilter+ "'>\n"+ +"<INPUT TYPE=hidden NAME=querySentinel VALUE='"+ +result.header.querySentinel+ "'>\n"+ +"<INPUT TYPE=hidden NAME=serialTo VALUE='"+ +result.header.serialTo+ "'>\n"+ +"<INPUT TYPE=text SIZE=4 MAXLENGTH=3 NAME=maxCount VALUE='"+ +result.header.maxCount+ "'>\n"+ +"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+ +" record(s)</font>\n"+ +"</FORM>\n"); +//"</FORM></DIV>\n"); +} + +function doRevokeAll(form) +{ +// form.action = result.header.serviceURL; + form.totalRecordCount.value = result.header.totalRecordCount; + form.revokeAll.value = result.header.queryCertFilter; + form.submit(); +} + +function displayRevokeAllForm(recordCount) +{ +// document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+ + document.write("<FORM NAME ='revokeAllForm' "+ + "METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+ + "ACTION='"+ "/reasonToRevoke" +"'>\n"+ + "<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+ + "<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+ + "<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+ + "<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+ + "</FORM>\n"); +// "</FORM></DIV>\n"); +} + + +displaySearchResults(); + +//--> +</SCRIPT> + +<div id="certMetaDatadiv" class="floating"> +<table id="t" width="100%"> +<tr><td/></tr> +</table> +</div> + + +</BODY> +</HTML> diff --git a/base/ca/shared/webapps/ca/ee/ca/tabs.html b/base/ca/shared/webapps/ca/ee/ca/tabs.html new file mode 100644 index 000000000..2cf6ee3be --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/tabs.html @@ -0,0 +1,35 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<title>CA End-Entity</title> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +</head> + +<body bgcolor="#4f52b5" onresize="top.doResize();"> +<script lang="javascript"> +<!--// +top.loadTabs(); +//--> +</script> +</body> +</html> diff --git a/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template b/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template new file mode 100644 index 000000000..2a158381f --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/toDisplayCRL.template @@ -0,0 +1,231 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE>Review Certificate Revocation List</TITLE> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> + +</SCRIPT> + +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function checkSubmit(form) +{ + if (typeof(form.crlIssuingPoint) == 'undefined') { + alert("CRL issuing points are not available."); + return false; + } + if (form.op[0].checked || form.op[1].checked) { + if (form.certSerialNumber.value != "") { + form.certSerialNumber.value = + trim(form.certSerialNumber.value); + } + if (form.certSerialNumber.value != "") { + if (!isNumber(form.certSerialNumber.value,10)) { + if (isNumber(form.certSerialNumber.value,16)) { + canonicalHex = "0x" + + removeColons(stripPrefix(form.certSerialNumber.value)); + form.certSerialNumber.value = canonicalHex; + } else { + alert("You must enter a valid hexadecimal "+ + "or decimal certificate serial number."); + return false; + } + } + } else { + alert("You must enter a certificate serial number."); + return false; + } + + if (isNegative(form.certSerialNumber.value)) { + alert("Certificate serial number can only "+ + "be represented by positive number."); + return false; + } + } + return true; +} +//--> +</SCRIPT> +</HEAD> + +<CMS_TEMPLATE> + + +<body bgcolor="#FFFFFF"> +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Import Certificate Revocation List +</font><br> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> +Use this form to check whether a particular certificate has been revoked or +to import the latest Certificate Revocation List. +</font> + +<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/pki/images/hr.gif" > + <tr> + <td> </td> + </tr> +</table> + +<FORM action=getCRL method=post onSubmit="return checkSubmit(this)"> +<font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Select CRL issuing point</b></font> +<SCRIPT LANGUAGE="JavaScript"> +<!-- +var issuingPoint; +var i; + +if (result.header.crlIssuingPoints != null && + result.header.crlIssuingPoints.length > 0) { + issuingPoint = result.header.crlIssuingPoints.split('+'); +} else { + issuingPoint = null; +} + +document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">'); +document.writeln('<tr><td align="right" width="20%">'); +document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); +document.writeln('Issuing point:</font></td>'); +document.writeln('<td align="left">'); +if (issuingPoint != null && issuingPoint.length > 0) { + document.writeln('<SELECT NAME="crlIssuingPoint">'); + for (i = 0; i < issuingPoint.length; i++) { + document.write('<OPTION VALUE="' + issuingPoint[i] + '"'); + if (result.header.masterCRLIssuingPoint == issuingPoint[i]) + document.write(' SELECTED'); + document.writeln('>' + issuingPoint[i] + '</OPTION>'); + } + document.writeln('</SELECT>'); +} else { + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'); + document.writeln('not available</font>'); +} +document.writeln('</td></tr></table>'); +//--> +</SCRIPT> + +<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif"> +<b>Select one of these actions</b></font> + +<table border="0" cellspacing="2" cellpadding="2"> + <tr> + <td><input type=RADIO name="op" value="checkCRLcache" checked></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Check whether the following certificate is included in CRL cache</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="checkCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Check whether the following certificate is listed by CRL</font> + </td> + </tr> + <tr> + <td></td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Certificate serial number: </font> + <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value=""> + </td> + </tr> + <tr> + <td></td> + <td></td> + </tr> + <tr> + <td><input type=RADIO name="op" value="importCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Import the latest CRL to your browser</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="importDeltaCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Import the latest delta CRL to your browser</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="getCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Download the latest CRL in binary form</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="getDeltaCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Download the latest delta CRL in binary form</font> + </td> + </tr> + <tr> + <td><input type=RADIO name="op" value="displayCRL"></td> + <td> + <font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Display the CRL information:</font> +<SCRIPT LANGUAGE="JavaScript"> +<!-- + document.writeln('<SELECT NAME="crlDisplayType">'); + if (result.header.master_host != null && result.header.master_host.length && + result.header.master_port != null && result.header.master_port.length) { + document.write('<OPTION VALUE="entireCRL" SELECTED>Entire CRL'); + } else { + document.write('<OPTION VALUE="cachedCRL" SELECTED>Cached CRL'); + document.write('<OPTION VALUE="entireCRL">Entire CRL'); + } + document.write('<OPTION VALUE="crlHeader">CRL header'); + document.write('<OPTION VALUE="base64Encoded">Base64 encoded'); + if (result.header.isDeltaCRLEnabled != null && + result.header.isDeltaCRLEnabled == true) { + document.write('<OPTION VALUE="deltaCRL">Delta CRL'); + } + document.writeln('</SELECT>'); +//--> +</SCRIPT> + </td> + </tr> +</table> + +<br> + +<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/pki/images/gray90.gif"> + <tr> + <td ALIGN=RIGHT> + <input TYPE="hidden" NAME="pageStart" VALUE="1"> + <input TYPE="hidden" NAME="pageSize" VALUE="50"> + <input type="submit" value="Submit" name="submit" width="72"> + </td> + </tr> +</table> + +</FORM> + +</body> +</html> + diff --git a/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template b/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template new file mode 100644 index 000000000..b876f6f5f --- /dev/null +++ b/base/ca/shared/webapps/ca/ee/ca/unrevocationResult.template @@ -0,0 +1,126 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<HTML> +<HEAD> +<TITLE></TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<CMS_TEMPLATE> +<BODY bgcolor="white"> +<SCRIPT LANGUAGE="JavaScript"> +//<!-- +function toHex1(number) +{ + var absValue = "", sign = ""; + var digits = "0123456789abcdef"; + if (number < 0) { + sign = "-"; + number = -number; + } + + for(; number >= 16 ; number = Math.floor(number/16)) { + absValue = digits.charAt(number % 16) + absValue; + } + absValue = digits.charAt(number % 16) + absValue; + return sign + '0x' + absValue; +} + +function toHex(number) +{ + return '0x' + number; +} + +if (result.header.unrevoked == 'yes') { + var s = (result.header.serialNumber.indexOf(",") > 0)? "s": ""; + var ve = (result.header.serialNumber.indexOf(",") > 0)? "ve": "s"; + + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate'+s+' Ha'+ve+' Been Released From Hold</font><br><br>'); + + + if (result.header.error == null) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate'+s+' with serial number'+s+' <b>' + + result.header.serialNumber + + '</b> ha'+ve+' been released from hold.'); + document.writeln('</font><br>'); + + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + if (result.header.updateCRL && result.header.updateCRL == "yes") { + if (result.header.updateCRLSuccess != null && + result.header.updateCRLSuccess == "yes") { + document.writeln('The Certificate Revocation List has been successfully updated.'); + } + else { + document.writeln('The Certificate Revocation List update Failed'); + if (result.header.updateCRLSuccess != null) + document.writeln(' with error '+ + result.header.updateCRLError); + else + document.writeln('. No further details provided.'); + } + } + else { + document.writeln( + 'The Certificate Revocation List will be updated '+ + 'automatically at the next scheduled update.'); + } + document.writeln('</font><br>'); +/* + if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + if (result.header.dirUpdated == 'yes') { + document.write('Directory has been successfully updated.'); + } else { + document.write('Directory has not been updated. See log files for more details.'); + } + document.writeln('</font><br>'); + } +*/ + } else { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Certificate'+s+' with serial number'+s+' <b>' + + result.header.serialNumber + + '</b> ha'+ve+' not been released from hold..<br><br>'); + document.writeln('Additional Information:'); + document.writeln('</font>'); + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln(result.header.error); + document.writeln('</font>'); + document.writeln('</blockquote>'); + } +} else if (result.header.unrevoked == 'pending') { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Unrevocation Request Has Been Submitted</font><br><br>'); +} else { + document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Unrevocation Request Cannot Be Completed</font><br><br>'); + if (result.header.error != null) { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Addition information:</font>'); + document.writeln('<blockquote>'); + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln(result.header.error); + document.writeln('</font>'); + document.writeln('</blockquote>'); + } +} +//--> +</SCRIPT> +</BODY> +</HTML> |