diff options
Diffstat (limited to 'dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html')
-rw-r--r-- | dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html | 472 |
1 files changed, 472 insertions, 0 deletions
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html new file mode 100644 index 000000000..f218ccc51 --- /dev/null +++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html @@ -0,0 +1,472 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<TITLE>Directory Based User Enrollment Form</TITLE> +<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> +<SCRIPT LANGUAGE="JavaScript"></SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT> +<SCRIPT LANGUAGE="JavaScript"> +<!--// + +// Notice to administrators +// +// A link to this HTML form conditionally appears in the +// main enrollment menu frame. This link will only appear if +// a plugin of type 'UdnPwdDirAuth' (LDAP directory enrollment) +// has been configured in the console. + +var crmfObject; +function validate(form) +{ + with (form) { + if (udn.value == "") { + alert("You must supply your dn"); + return false; + } + if (pwd.value == "") { + alert("You must supply your password"); + return false; + } + + ///////////////////////////////////////////////////////////////// + // To enable dual key feature, this page must be customized with + // appropriate Javascript call. For example, + // + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // null, + // "setCRMFRequest();", + // 512, null, "rsa-ex", + // 1024, null, "rsa-sign"); + // + // To enable key archival feature, this page must be customized with + // KRA's transport certificate. The transport certificate can be + // retrieved in the following ways: + // (1) Access "List Certificates" menu option in end-entity page + // (2) Access https://<host>:<agent_port>/kra/displayTransportCert + // (3) Use certutil command in <instance-dir>/config directory + // (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a) + // + // Once the transport certificate is obtained, the following + // javascript should be modified so that the transport certificate + // and appropriate key type are selected. For example, + // + // var keyGenAlg = "rsa-ex"; + // crmfObject = crypto.generateCRMFRequest( + // "CN=undefined", + // "regToken", "authenticator", + // keyTransportCert, + // "setCRMFRequest();", + // 512, null, keyGenAlg); + ///////////////////////////////////////////////////////////////// + + // To enable key archival, replace "null" with the transport + // certificate without "BEBIN..." "END..", nor line breaks. + // change keyGenAlg to "rsa-ex" + var keyTransportCert = null; + var keyGenAlg = "rsa-dual-use"; + if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && + typeof(crypto.version) != "undefined") { + crmfObject = crypto.generateCRMFRequest( + "CN=undefined", + "regToken", "authenticator", + keyTransportCert, + "setCRMFRequest();", + 1024, null, keyGenAlg); + } + return true; + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + CRMFRequest.value = crmfObject.request; + submit(); + } +} + +//--> +</SCRIPT> +</head> + + +<OBJECT + classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" + CODEBASE="/xenroll.dll" + id=Enroll > +</OBJECT> + + +<SCRIPT LANGUAGE=VBS> +<!-- +Function escapeDNComponent(comp) + escapeDNComponent = comp +End Function + +Function doubleQuotes(comp) + doubleQuotes = False +End Function + +Function formulateDN() + Dim dn + Dim TheForm + Set TheForm = Document.ReqForm + + dn = Empty + + If (TheForm.udn.Value <> Empty) Then + If doubleQuotes(TheForm.udn.Value) = True Then + MsgBox "Double quotes are not allowed in the dn field" + Exit Function + End If + If (dn <> Empty) Then + dn = dn & "," + End If + dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.udn.Value) + End If + + formulateDN = dn +End Function + +Sub Send_OnClick + Dim TheForm + Dim szName + Dim options + Set TheForm = Document.ReqForm + + + ' Do a few sanity checks + If (TheForm.udn.Value = Empty) Then + ret = MsgBox("You must supply your Directory dn for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + + If (TheForm.pwd.Value = Empty) Then + ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request") + Exit Sub + End If + +' If (TheForm.SSLClient.value = Empty AND +' TheForm.SMIME.value = Empty AND +' TheForm.ObjectSigning.value = Empty) Then +' ret = MsgBox("You must select atleast one certificate type", 0, +' "MSIE Certificate Request") +' Exit Sub +' End If + + + ' Contruct the X500 distinguished name + szName = formulateDN() + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + Enroll.GenKeyFlags = 1 ' key exportable + + ' Pick the provider that is selected + set options = TheForm.all.cryptprovider.options + index = options.selectedIndex + Enroll.providerType = options(index).value + Enroll.providerName = options(index).text + + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.pkcs10Request.Value = szCertReq + TheForm.Submit + Exit Sub + +End Sub +--> +</SCRIPT> + +<body bgcolor="#FFFFFF" onload=checkClientTime()> + +<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Directory Based User Enrollment +</font> +<br> +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + Use this form to submit a request for a personal certificate through your + organization's directory. With directory based enrollment, you need only + supply your user DN and password for the directory; the directory + supplies the rest of the information needed for certificate issuance. + If the user DN and password are correct your certificate will be issued + automatically. +</font> + +<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<table border="0" cellspacing="0" cellpadding="2"> + <tr valign="TOP"> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + <b>Important: </b></font> + </td> + <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> + Be sure to request your certificate on the same computer + on which you plan to use your certificate.</font> + </td> + </tr> +</table> + +<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%"> + <tr> + <td> </td> + </tr> +</table> + +<script lang="javascript"> +<!--// +if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 || + typeof(crypto.version) != "undefined")) { + document.write('<form name="ReqForm" method="post" action="/enrollment">'); +} else { + document.write('<form name="ReqForm" method="post" action="/enrollment" '+ + 'onSubmit="return validate(document.forms[0])">'); +} +//--> +</script> + +<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> + <b>User's Identity</b> +<br> + Enter your user DN and password for your organization's directory. + This information will be used to verify your identity and to obtain + information from the directory to fill in the certificate. +<br> +</font> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="25%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User DN: </font> + </div> + </td> + <td valign="TOP"> + <input type="TEXT" name="udn" size="45"> + </td> + </tr> +</table> + +<table border="0" width="100%" cellspacing="2" cellpadding="2"> + <tr> + <td width="25%" valign="TOP"> + <div align="RIGHT"> + <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> + </div> + </td> + <td valign="TOP"> + <input type="PASSWORD" name="pwd" AutoComplete=off size="45"> + </td> + </tr> +</table> + +<!-- for Netscape Certificate Type Extension --> +<input type="HIDDEN" name="email" value="true"> +<input type="HIDDEN" name="ssl_client" value="true"> +<!-- for Key Usage Extension --> +<input type="HIDDEN" name="digital_signature" value=true> +<input type="HIDDEN" name="non_repudiation" value=true> +<input type="HIDDEN" name="key_encipherment" value=true> +<br> + + +<script lang="javascript"> +<!--// +if (navigator.appName == "Netscape" && + (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) { + + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When your submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'Select the length of the key to generate. The longer the key '+ + 'length the greater the strength. You may want to check with your '+ + 'system administrator about the length of key to specify.'); + document.writeln('</font>'); + + document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">'); + document.writeln('<tr><td width="25%" valign=TOP>'); + document.writeln('<div align=right>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Key Length: '); + document.writeln('</font>'); + document.writeln('</div>'); + document.writeln('</td>'); + document.write('<td valign=TOP>'); + document.write('<KEYGEN name="subjectKeyGenInfo">'); + document.write('</td></tr></table>'); +} + + +if (navigator.appName == "Microsoft Internet Explorer") { + document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('<b>Public/Private Key Information</b><br>'); + document.writeln( + 'When you submit this form, your browser generates a private and '+ + 'public key. The browser retains the private key and submits the '+ + 'public key along with your request for a certificate. '+ + 'The public key becomes part of your certificate. '+ + '<P>'+ + 'The Microsoft Base Cryptographic provider offers 512-bit key '+ + 'encryption which is adequate for most applications today, '+ + 'but you may select the Enhanced option if your browser offers '+ + 'this choice and you require the higher encryption strength. '+ + 'You may want to check with your system administrator about '+ + 'the provider to specify.'); + document.writeln('</font>'); + + document.writeln('<p>'); + document.writeln('<td>'); + document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">'); + document.writeln('Cryptographic Provider:'); + document.writeln('</font>'); + document.writeln('</td>'); + document.writeln('<td>'); + document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); + document.writeln('</td>'); + document.writeln('<p>'); +} + + +document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" '+ + 'bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">'); +document.writeln('<tr><td width=100%> <div align="RIGHT">'); + +if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 || + typeof(crypto.version) == "undefined")) { + document.writeln('<input type="submit" value="Submit" '+ + 'name="submit" width="72">'); +} else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + document.writeln('<input type="submit" value="Submit" '+ + 'name="Send" width="72">'); +} else { + document.writeln('<input type="button" value="Submit" '+ + 'name="submitbutton" '+ + 'onclick="validate(form)" width="72">'); +} + +document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' + + '<input type="reset" value="Reset" name="reset" width="72">' + + '<input type="hidden" name="certType" value="client">' + + '<input type="hidden" name="authenticator" ' + + ' value="UserDnEnrollment">'); + +if (navigator.appName == 'Netscape') { + if ((navMajorVersion() > 3) && + (typeof(crypto.version) != 'undefined')) { + document.write('<input type=hidden name=CRMFRequest value="">'); + document.write('<input type=hidden name=cmmfResponse value=true>'); + //document.write('<input type=hidden name=certNickname value="">'); + } else { + document.write('<input type="hidden" name="importCert" value="off">'); + } +} else if ((navigator.appName == "Microsoft Internet Explorer") || + (navigator.appName == "")) { + // navigator.appName == "" is for IE 3. + document.write('<input type="hidden" name="pkcs10Request" value="">'); +} +document.writeln('</div></td></tr></table>'); +//--> +</script> + +</form> + +<SCRIPT LANGUAGE=VBS> +<!-- + +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.ReqForm + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + End If + i = i + 1 + End If + Loop + +End Function + +--> +</SCRIPT> +</body> +</html> |