Examining the INSERT section
The final section of the pkiserv.tmpl file contains
several sample INSERTS. The following example is an excerpt from the
INSERT section of the pkiserv.tmpl file. (The vertical
ellipses indicate omitted sections.)
The numbers in the following
list refer to the highlighted tags in the preceding excerpt of the
INSERT section.
# =====================================================================
#
# Sample INSERTS
#
# =====================================================================
# @LTC
<INSERT NAME=-AdditionalHeadIE>
#This function must be called in the init() function of your page
<SCRIPT LANGUAGE="JavaScript">
<!--
function LoadObj()
{
var OS = navigator.userAgent;
//approprate object for the OS @LTC
if (OS.indexOf("Windows NT 5")!=-1)
{
var obj2 = document.createElement("obj2");
obj2.innerHTML = "<div role='region' aria-label='certmgr'>" +
"<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1'
id='certmgr' CODEBASE='xenroll.cab#Version=5,131,3659,0'>" +
"certmgr object is not avalible" +
"</OBJECT></div>";
document.body.appendChild(obj2);
}
else
{
var obj2 = document.createElement("obj2");
obj2.innerHTML = "<div role='region' aria-label='g_objWCF'>" +
"<OBJECT classid='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09' id='g_objWCF'>" +
"cert enroll oject is not avalible" +
"</OBJECT></div>";
document.body.appendChild(obj2);
}
return true;
}
//-->
</SCRIPT>
#13@LTD
</INSERT>
<INSERT NAME=-requestok> 1
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Generation Success</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Request submitted successfully</H1>
[errorinfo]
<p> Here's your transaction ID. You will need it to retrieve your
certificate. Press 'Continue' to retrieve the certificate.
<p> <TABLE BORDER><TR><TD>[transactionid]</TD></TR></TABLE>
<FORM METHOD=GET ACTION="/[application]/ssl-cgi/caretrieve.rexx"> 2
<INPUT NAME="Template" TYPE="hidden" VALUE="[tmplname]">
<INPUT NAME="TransactionId" TYPE="hidden" VALUE="[transactionid]">
<INPUT TYPE="submit" VALUE="Continue">
</FORM>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
#@LEA
<INSERT NAME=-requestok2>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Generation Success</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Request submitted successfully</H1>
<p> A link to pick up the certificate was sent to the specified
requestor's email address at [requestor].
<p>
</div>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-requestbad> 3
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Generation Failure</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Request was not successful</H1>
<p> Please correct the problem or report the error to your Web admin
person<br>
<PRE>
[errorinfo]
</PRE>
</div>
<div role="region" aria-label="Home Page">
<p>
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-renewrevokeok>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Renew/Revoke Success</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Request submitted successfully</H1>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-renewrevokebad>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Renew/Revoke Failure</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Request was not successful</H1>
<p> Please correct the problem or report the error to your Web admin
person<br>
<PRE>
[errorinfo]
</PRE>
</div>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</div>
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-preregok>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Certificate Preregistration Success</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Preregistration successful</H1>
[errorinfo]
<p> Here's the temporary transaction ID so you may locate the
preregistration record: @LMC
<STRONG>[transactionid]</STRONG>
<FORM METHOD=GET ACTION="/[application]/ssl-cgi/auth/admpendtid.rexx">
<INPUT NAME="domain" TYPE="hidden" VALUE="[cadomain]">
<INPUT NAME="transactionid" TYPE="hidden" VALUE="[transactionid]">
<INPUT TYPE="submit" VALUE="Examine Preregistration Record">
</FORM>
<p>
<h3>Press 'Preregister' to preregister another client
using the same template.</h3>
<FORM METHOD=GET ACTION="/[application]/ssl-cgi/catmpl.rexx">
<INPUT NAME="Template" TYPE="hidden" VALUE="[tmplname]">
<INPUT TYPE="submit" VALUE="Preregister">
</FORM>
</div>
<div role="region" aria-label="Administration Home Page">
<FORM METHOD=GET ACTION="admmain.rexx">
<center>
<INPUT TYPE="submit" VALUE="Administration Home Page">
</FORM>
</center>
</div>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<center>
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</center>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-returnpkcs10cert> 4
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE> Web Based Certificate Generation Application Pg 4</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Here's your Certificate. Cut and paste it to a file</H1>
<TABLE BORDER><TR><TD>
<PRE>
[base64cert] 5
</PRE>
</TD></TR></TABLE>
<p>
</div>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=returnbrowsercertNS>
[base64cert]
</INSERT>
#@LEA
<INSERT NAME=returnp12cert>
[p12cert]
</INSERT>
<INSERT NAME=returnbrowsercertIE>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<TITLE>MSIE Certificate Install</TITLE>
#29@DKD
%%-ObjectHeaderIE[osversion]%%
#8@02D
</HEAD>
#@02C
<BODY>
#Converted VBScript to JavaScript 56@LUC
<SCRIPT LANGUAGE="JavaScript">
<!-
function InstallCertOnClick(){
var pkcs7data, errmsg, rc;
// Added for CertEnroll API processing.
var objEnroll;
try{
var pkcs7data = "[iecert]";
// CertEnroll.dll API additions follow.
try{
objEnroll = g_objWCF.CreateObject("X509Enrollment.CX509Enrollment");
}catch(err){
objEnroll = null;
}
if(objEnroll !== null && typeof objEnroll === 'object'){
//Vista and above path, use CertEnroll APIs
try{
objEnroll.Initialize(1); // ContextUser
}catch(err){
errmsg = "Error Initializing Enrollment object. " + err.description;
alert(errmsg);
return;
}
try{
objEnroll.InstallResponse(0, pkcs7data, 1, "");
}catch(err){
errmsg = "Error Installing Response. " + err.description;
alert(errmsg);
return;
}
}else{
try{
// Pre-Vista path, use Xenroll APIs
certmgr.DeleteRequestCert = false;
certmgr.WriteCertToCSP = true;
certmgr.acceptPKCS7(pkcs7data);
}catch(err){
certmgr.WriteCertToCSP = false;
certmgr.acceptPKCS7(pkcs7data);
}
//Added during CertEnroll API processing modification.
}
}catch(err){
errmsg = "Your new certificate failed to install. " +
"Please ensure that you are using the same browser " +
"that you used when making the certificate request. " +
"Also ensure that PKI ActiveX is installed.";
alert(errmsg);
return;
}
errmsg = "Your new certificate installed successfully.";
alert(errmsg);
return;
}
// ->
</SCRIPT>
<div role="main"><h1>Internet Explorer certificate install</h1>
<p> Click "Install Certificate" to store your new
certificate into your browser
<TABLE>
<TR> <br>
#@LTC
<TD><INPUT TYPE="BUTTON" onclick="InstallCertOnClick()" VALUE="Install Certificate" NAME="INSTALL" >
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT NAME="Template" TYPE="hidden" VALUE="[tmplname]">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</TD>
</TR>
</TABLE>
</div>
</BODY>
</HTML>
</INSERT>
#
# =====================================================================
#
# X.509 fields (INSERTs) valid for certificate requests
#
# =====================================================================
#
<INSERT NAME=KeyUsage> 6
<div role="region" aria-label="Key Usage">
<p> <LABEL for="keyusagefield">Indicate the key usage for the
certificate [optfield] </LABEL> <BR>
<SELECT NAME="KeyUsage" MULTIPLE id="keyusagefield">
<OPTION VALUE="handshake">Protocol handshaking e.g., SSL (digitalSignature,keyEncipherment)
<OPTION VALUE="certsign">Certificate and CRL signing (keyCertSign, cRLSign)
<OPTION VALUE="docsign">Document signing (nonRepudiation)
<OPTION VALUE="dataencrypt">Data encryption (dataEncipherment)
<OPTION VALUE="digitalsig">Authentication (digitalSignature)
<OPTION VALUE="keyencrypt">Key Transport (keyEncipherment)
<OPTION VALUE="keyagree">Key agreement (keyAgreement)
<OPTION VALUE="keycertsign">Certificate signing (keyCertSign)
<OPTION VALUE="crlsign">CRL signing (cRLSign)
</SELECT>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidKeyUsage(frm){
if ("[optfield]" == "" && frm.KeyUsage.value == "") {
alert("Enter required field."); frm.KeyUsage.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=ExtKeyUsage>
<div role="region" aria-label="Extended Key Usage">
<p> <LABEL for="extkeyusagefield">Indicate the extended key usage for the
certificate [optfield] </LABEL> <BR>
<SELECT NAME="ExtKeyUsage" MULTIPLE id="extkeyusagefield">
<OPTION VALUE="serverauth">Server side authentication (serverAuth)
<OPTION VALUE="clientauth">Client side authentication (clientAuth)
<OPTION VALUE="codesigning">Code signing (codeSigning)
<OPTION VALUE="emailprotection">Email protection (emailProtection)
<OPTION VALUE="timestamping">Digital time stamping (timeStamping)
<OPTION VALUE="ocspsigning">OCSP response signing (OCSPSigning)
<OPTION VALUE="mssmartcardlogon">Microsoft Smart Card Logon (msSmartCardLogon)
</SELECT>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidExtKeyUsage(frm){
if ("[optfield]" == "" && frm.ExtKeyUsage.value == "") {
alert("Enter required field."); frm.ExtKeyUsage.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=NotBefore>
<div role="region" aria-label="Not Before">
<p> <LABEL for="notbeforefield">Number of days after today before the
certificate becomes current [optfield] </LABEL> <BR>
<SELECT NAME="NotBefore" id="notbeforefield">
<OPTION> 0
<OPTION> 30
</SELECT>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidNotBefore(frm){
if ("[optfield]" == "" && frm.NotBefore.value == "") {
alert("Enter required field."); frm.NotBefore.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=NotAfter>
<div role="region" aria-label="Not After">
<p> <LABEL for="notafterfield">Length of time that the certificate is
current [optfield] </LABEL> <BR>
<SELECT NAME="NotAfter" id="notafterfield">
<OPTION value="365">1 Year
<OPTION value="730">2 Years
</SELECT>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidNotAfter(frm){
if ("[optfield]" == "" && frm.NotAfter.value == "") {
alert("Enter required field."); frm.NotAfter.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Country>
<div role="region" aria-label="Country">
<p> <LABEL for="countryfield">Country [optfield]</LABEL> <BR>
<INPUT NAME="Country" TYPE="text" SIZE=2 maxlength="2"
id="countryfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidCountry(frm){
if ("[optfield]" == "" && frm.Country.value == "") {
alert("Enter required field."); frm.Country.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Org>
<div role="region" aria-label="Organization">
<p> <LABEL for="orgfield">Organization [optfield]</LABEL> <BR>
<INPUT NAME="Org" TYPE="text" SIZE=64 maxlength="64" id="orgfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidOrg(frm){
if ("[optfield]" == "" && frm.Org.value == "") {
alert("Enter required field."); frm.Org.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
# OrgUnit is a repeatable field. If more than one is needed, a
# separate INSERT, which can be modelled from this one, is needed.
# See INSERT NAME=OrgUnit2 for an example.
<INSERT NAME=OrgUnit>
<div role="region" aria-label="Organizational Unit">
<p> <LABEL for="orgunitfield">Organizational Unit [optfield]
</LABEL> <BR>
<INPUT NAME="OrgUnit" TYPE="text" SIZE=64 maxlength="64"
id="orgunitfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidOrgUnit(frm){
if ("[optfield]" == "" && frm.OrgUnit.value == "") {
alert("Enter required field."); frm.OrgUnit.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=OrgUnit2>
<div role="region" aria-label="Organizational Unit 2">
<p> <LABEL for="orgunit2field">Organizational Unit [optfield]
</LABEL> <BR>
<INPUT NAME="OrgUnit2" TYPE="text" SIZE=64 maxlength="64"
id="orgunit2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidOrgUnit2(frm){
if ("[optfield]" == "" && frm.OrgUnit2.value == "") {
alert("Enter required field."); frm.OrgUnit2.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Locality>
<div role="region" aria-label="Locality">
<p> <LABEL for="localityfield">Locality [optfield]</LABEL> <BR>
<INPUT NAME="Locality" TYPE="text" SIZE=64 maxlength="64"
id="localityfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidLocality(frm){
if ("[optfield]" == "" && frm.Locality.value == "") {
alert("Enter required field."); frm.Locality.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=StateProv>
<div role="region" aria-label="State or Province">
<p> <LABEL for="stateprovfield">State or Province [optfield]
</LABEL> <BR>
<INPUT NAME="StateProv" TYPE="text" SIZE=64 maxlength="64"
id="stateprovfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidStateProv(frm){
if ("[optfield]" == "" && frm.StateProv.value == "") {
alert("Enter required field."); frm.StateProv.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=CommonName>
<div role="region" aria-label="Common Name">
<p> <LABEL for="commonnamefield">Common Name [optfield] </LABEL> <BR>
<INPUT NAME="CommonName" TYPE="text" SIZE=64 maxlength="64"
id="commonnamefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidCommonName(frm){
if ("[optfield]" == "" && frm.CommonName.value == "") {
alert("Enter required field."); frm.CommonName.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Title>
<div role="region" aria-label="Title">
<p> <LABEL for="titlefield">Title [optfield] </LABEL> <BR>
<INPUT NAME="Title" TYPE="text" SIZE=64 maxlength="64"
id="titlefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidTitle(frm){
if ("[optfield]" == "" && frm.Title.value == "") {
alert("Enter required field."); frm.Title.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=DNQualifier>
<div role="region" aria-label="Distinguished Name Qualifier">
<p> <LABEL for="dnqualfield">Distinguished Name Qualifier
[optfield] </LABEL> <BR>
<INPUT NAME="DNQualifier" TYPE="text" SIZE=64 maxlength="64"
id="dnqualfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidDNQualifier(frm){
if ("[optfield]" == "" && frm.DNQualifier.value == "") {
alert("Enter required field."); frm.DNQualifier.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=DomainName>
<div role="region" aria-label="Domain Name">
<p> <LABEL for="domainnamefield">Domain Name [optfield] </LABEL> <BR>
<INPUT NAME="DomainName" TYPE="text" SIZE=64 maxlength="64"
id="domainnamefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidDomainName(frm){
if ("[optfield]" == "" && frm.DomainName.value == "") {
alert("Enter required field."); frm.DomainName.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Uid>
<div role="region" aria-label="User Login">
<p> <LABEL for="uidfield">User Login ID [optfield] </LABEL> <BR>
<INPUT NAME="Uid" TYPE="text" SIZE=64 maxlength="64" id="uidfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidUid(frm){
if ("[optfield]" == "" && frm.Uid.value == "") {
alert("Enter required field."); frm.Uid.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
# AltIPAddr, AltEmail, AltURI and AltDomain are repeatable fields. If
# more than one is needed, a separate INSERT, which can be modelled
# from the original one, is needed.
# See INSERT NAME=AltDomain2 for an example. @LHA
# Updated Size and maxlength of the AltIPAddr field to 45 to allow
# for IPv6 addresses and updated field description text @LCC
<INSERT NAME=AltIPAddr>
<div role="region" aria-label="Alternate IP Address">
<p> <LABEL for="altipaddrfield">IP address for alternate name in IPv4
or IPv6 format [optfield] </LABEL> <BR>
<INPUT NAME="AltIPAddr" TYPE="text" SIZE=45 maxlength="45"
id="altipaddrfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidAltIPAddr(frm){
if ("[optfield]" == "" && frm.AltIPAddr.value == "") {
alert("Enter required field."); frm.AltIPAddr.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=AltEmail>
<div role="region" aria-label="Alternate Email">
<p> <LABEL for="altemailfield">Email address for alternate name
[optfield] </LABEL> <BR>
<INPUT NAME="AltEmail" TYPE="text" SIZE=100 maxlength="100"
id="altemailfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidAltEmail(frm){
if ("[optfield]" == "" && frm.AltEmail.value == "") {
alert("Enter required field."); frm.AltEmail.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=AltURI>
<div role="region" aria-label="Alternate Uniform Resource Identifier">
<p> <LABEL for="alturifield">Uniform Resource Identifier for alternate
name [optfield] </LABEL> <BR>
<INPUT NAME="AltURI" TYPE="text" SIZE=100 maxlength="255"
id="alturifield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidAltURI(frm){
if ("[optfield]" == "" && frm.AltURI.value == "") {
alert("Enter required field."); frm.AltURI.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=AltDomain>
<div role="region" aria-label="Alternate Domain">
<p> <LABEL for="altdomainfield">Domain name for alternate name
[optfield] </LABEL> <BR>
<INPUT NAME="AltDomain" TYPE="text" SIZE=100 maxlength="100"
id="altdomainfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidAltDomain(frm){
if ("[optfield]" == "" && frm.AltDomain.value == "") {
alert("Enter required field."); frm.AltDomain.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=AltDomain2>
<div role="region" aria-label="Alternate Domain">
<p> <LABEL for="altdomain2field">Domain name for alternate name
[optfield] </LABEL> <BR>
<INPUT NAME="AltDomain2" TYPE="text" SIZE=100 maxlength="100"
id="altdomain2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidAltDomain2(frm){
if ("[optfield]" == "" && frm.AltDomain2.value == "") {
alert("Enter required field."); frm.AltDomain2.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Street>
<div role="region" aria-label="Street Address">
<p> <LABEL for="streetfield">Street address [optfield] </LABEL> <BR>
<INPUT NAME="Street" TYPE="text" MAXLENGTH=64 SIZE=64
id="streetfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidStreet(frm){
if ("[optfield]" == "" && frm.Street.value == "") {
alert("Enter required field."); frm.Street.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=PostalCode>
<div role="region" aria-label="Postal Code">
<p> <LABEL for="postalcodefield">Zipcode or postal code [optfield]
</LABEL> <BR>
<INPUT NAME="PostalCode" TYPE="text" MAXLENGTH=64 SIZE=64
id="postalcodefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidPostalCode(frm){
if ("[optfield]" == "" && frm.PostalCode.value == "") {
alert("Enter required field."); frm.PostalCode.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Email>
<div role="region" aria-label="Email Address">
<p> <LABEL for="emailfield">Email address for distinguished name
MAIL= attribute [optfield] </LABEL> <BR>
# Deprecated, use the MAIL INSERT instead
<INPUT NAME="Email" TYPE="text" MAXLENGTH=64 SIZE=64 id="emailfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidEmail(frm){
if ("[optfield]" == "" && frm.Email.value == "") {
alert("Enter required field."); frm.Email.focus();
return false;
}
if (frm.Email.value != "") {
for (i=0;i<frm.length;i++) {
var fld= frm.elements[i];
if (fld.name == "NotifyEmail")
if (fld.value != "" && fld.value != frm.Email.value) {
alert("Notification email cannot differ from distinguished name email.");
frm.NotifyEmail.focus();
return false;
}
}
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Mail>
<div role="region" aria-label="Mail">
<p> <LABEL for="mailfield">Email address for distinguished name
MAIL= attribute [optfield] </LABEL> <BR>
# attribute defined in RFC2798, OID 0.9.2342.19200300.100.1.3
<INPUT NAME="Mail" TYPE="text" MAXLENGTH=64 SIZE=64 id="mailfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidMail(frm){
if ("[optfield]" == "" && frm.Mail.value == "") {
alert("Enter required field."); frm.Mail.focus();
return false;
}
if (frm.Mail.value != "") {
for (i=0;i<frm.length;i++) {
var fld= frm.elements[i];
if (fld.name == "NotifyEmail")
if (fld.value != "" && fld.value != frm.Mail.value) {
alert("Notification email cannot differ from distinguished name MAIL=attribute.");
frm.NotifyEmail.focus();
return false;
}
}
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=EmailAddr>
<div role="region" aria-label="Email">
<p> <LABEL for="emailaddrfield">Email address for distinguished name
EMAIL= attribute [optfield] </LABEL> <BR>
# attribute defined in RFC2798, OID 1.2.840.113549.1.9.1
<INPUT NAME="EmailAddr" TYPE="text" MAXLENGTH=64 SIZE=64
id="emailaddrfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidEmailAddr(frm){
if ("[optfield]" == "" && frm.EmailAddr.value == "") {
alert("Enter required field."); frm.EmailAddr.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=SignWith>
<div role="region" aria-label="Sign With">
<p> <LABEL for="signwithfield">Component:/key-Label used to sign this
certificate [optfield] </LABEL> <BR>
<p> e.g., "SAF:CERTAUTH/Local CA Cert" sign by CERTAUTH certificate
"Local CA Cert"
<INPUT NAME="SignWith" TYPE="text" SIZE=45 maxlength="45"
id="signwithfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSignWith(frm){
if ("[optfield]" == "" && frm.SignWith.value == "") {
alert("Enter required field."); frm.SignWith.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=PublicKey>
<div role="region" aria-label="Public Key">
<p> <LABEL for="publickeyfield">Base64 encoded PKCS#10 certificate
request [optfield] </LABEL> <BR>
<TEXTAREA NAME="PublicKey"
COLS="70"
ROWS="12"
WRAP="OFF" id="publickeyfield">
</TEXTAREA>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidPublicKey(frm){
if ("[optfield]" == "" && frm.PublicKey.value == "") {
alert("Enter required field."); frm.PublicKey.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=PublicKeyNS>
<div role="region" aria-label="Select Key Size">
<p> <LABEL for="keygentag">Select a key size</LABEL>
<KEYGEN NAME="PublicKey" id="keygentag">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidPublicKey(frm){
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=PublicKeyIE>
<div role="region" aria-label="Public Key">
#Converted VBScript to JavaScript 194@LUC
<SCRIPT LANGUAGE="JavaScript">
<!-
function SendReq(){
var pkcs10data,DN,i,Message,CommonName;
var objEnroll;
DN= "";
CommonName= "Unspecified Distinguished Name";
DN= "CN=" + CommonName + ";";
pkcs10data = "";
// CertEnroll APIs for enrollment processing. 111@LDA
try{
objEnroll = g_objWCF.CreateObject("X509Enrollment.CX509Enrollment");
}catch(err){
objEnroll = null;
}
if(objEnroll !== null && typeof objEnroll === 'object'){
var objPrivateKey;
var objRequest;
var provider;
var selectedCSP;
var objCSPs;
var objName;
try{
objPrivateKey = g_objWCF.CreateObject("X509Enrollment.CX509PrivateKey");
}catch(err){
Message = "Error creating Private Key object: \n" + err.description;
alert(Message);
return;
}
try{
objRequest = g_objWCF.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
}catch(err){
Message = "Error creating Request object: \n" + err.description;
alert(Message);
return;
}
//Setup Private key properties based on the selected provider
i = document.getElementById("cspfield").options.selectedIndex;
provider = document.getElementById("cspfield").options(i).text.toLowerCase();
if((provider.indexOf("smart") > 0) || (provider.indexOf("card") > 0)){
//For Smart Card Providers, retrieve the index of the selected CSP
//and set the Private key name, type, and KeySpec
objPrivateKey.ProviderName = document.getElementById("cspfield").options(i).text;
objPrivateKey.ProviderType = document.getElementById("cspfield").options(i).value;
objPrivateKey.KeySpec = 1; // XCN_AT_KEYEXCHANGE
}else{
try{
selectedCSP = g_objWCF.CreateObject("X509Enrollment.CCspInformation");
}catch(err){
Message = "Error creating the a CSP Information object: /n" + err.description;
alert(Message);
return;
}
try{
objCSPs = g_objWCF.CreateObject("X509Enrollment.CCspInformations");
}catch(err){
Message = "Error creating the CSP Informations object: \n" + err.description;
alert(Message);
return;
}
//Retrieve the index of the selected CSP and initialize the
//CSPInformation object using the provider name
selectedCSP.InitializeFromName( document.getElementById("cspfield").options(i).text );
//Add the CSPInformation object to the CSPInformations object
objCSPs.Add( selectedCSP );
//Set the PrivateKey objects CspInformations to our object
objPrivateKey.CspInformations = objCSPs;
//Set intended usage of private key for KeyExchange purposes
objPrivateKey.KeySpec = 1; // XCN_AT_KEYEXCHANGE
//Set KeyProtection based on user input
if(document.CertReq.KeyProt.value == 1){
objPrivateKey.KeyProtection = 2;
//XCN_NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG
}else{
objPrivateKey.KeyProtection = 0;
//XCN_NCRYPT_UI_NO_PROTECTION_FLAG
}
//==================================================================
// The ExportPolicy is set to allow the private key to be exported,
// other options allow the private key to be exported only once for
// archival in a variety of formats, or prevents export of the
// private key.
// ExportPolicy = 0 = XCN_NCRYPT_ALLOW_EXPORT_NONE
// ExportPolicy = 1 = XCN_NCRYPT_ALLOW_EXPORT_FLAG
// ExportPolicy = 2 = XCN_NCRYPT_ALLOW_PLAINTEXT_EXPORT_FLAG
// ExportPolicy = 4 = XCN_NCRYPT_ALLOW_ARCHIVING_FLAG
// ExportPolicy = 8 = XCN_NCRYPT_ALLOW_PLAINTEXT_ARCHIVING_FLAG
//==================================================================
objPrivateKey.ExportPolicy = 1; // XCN_NCRYPT_ALLOW_EXPORT_FLAG
}
try{
objRequest.InitializeFromPrivateKey( 1, objPrivateKey, "");
}catch(err){
Message = "Error initializing request from private key " + err.description;
alert(Message);
return;
}
try{
objName = g_objWCF.CreateObject("X509Enrollment.CX500DistinguishedName");
}catch(err){
Message = "Error creating X500DistinguishedName object: \n" + err.description;
alert(Message);
return;
}
try{
objName.Encode(DN);
}catch(err){
Message = "Error encoding the subject distinguished name \n" + err.description;
alert(Message);
return;
}
try{
objRequest.Subject = objName;
}catch(err){
Message = "Error setting the subject name in request " + err.description;
alert(Message);
return;
}
try{
objEnroll.InitializeFromRequest( objRequest )
}catch(err){
Message = "Error initializing Enrollment object from request: " + err.description;
alert(Message);
return;
}
pkcs10data = objEnroll.CreateRequest(1); // XCN_CRYPT_STRING_BASE64
}else{
//XEnroll APIs for enrollment processing
var keyprotflag;
certmgr.KeySpec = 1;
KeyUsage = "1.3.6.1.5.5.7.3.2";
i = document.getElementById("cspfield").options.selectedIndex;
certmgr.providerName = document.getElementById("cspfield").options(i).text;
certmgr.providerType = document.getElementById("cspfield").options(i).value;
if(document.CertReq.KeyProt.value == 1){
keyprotflag = 2;
}else{
keyprotflag = 0;
}
//=======================================================
//
// If the provider is a smart card that does not support
// private key export, do not set the CRYPT_EXPORTABLE
// flag in the GenKeyFlags property. @D7A
//
// Edit the following If statement to add or remove
// smart card providers as desired
//
//=======================================================
if((certmgr.providerName.substring(0,7) == "Datakey") ||
(certmgr.providerName.substring(0,7) == "Gemplus") ||
(certmgr.providerName.substring(0,6) == "Athena") ||
(certmgr.providerName.substring(0,16) == "Infineon SICRYPT") ||
(certmgr.providerName.substring(0,12) == "Schlumberger")){
certmgr.GenKeyFlags = keyprotflag + 0;
}else{
certmgr.GenKeyFlags = keyprotflag + 1;
}
pkcs10data = certmgr.CreatePKCS10(DN, KeyUsage);
// - added during CertEnroll update. 2@LDA
}
document.CertReq.PublicKey.value = pkcs10data;
if(pkcs10data.length <= 0){
alert("PKCS10 Creation Failed");
}
}
//->
</SCRIPT>
<p> Select the following key information
# 2@LUM
# Changed VBScript to JavaScript 60@LUC
<SCRIPT LANGUAGE="JavaScript">
<!-
function LoadCSPs(){
try {
var i;
var csp;
var sv;
//Modifications for CertEnroll API enrollment process.
var objCSPs;
var oOption;
var errmsg;
try{
objCSPs = g_objWCF.CreateObject("X509Enrollment.CCspInformations");
}catch(err){
objCSPs = null;
}
if(objCSPs !== null && typeof objCSPs === 'object'){
//Vista and above path, use CertEnroll APIs
objCSPs.AddAvailableCsps();
for(i=0 ; i < objCSPs.Count;i++){
//Only include Legacy(Crypto API) providers at this time
if(objCSPs.ItemByIndex(i).LegacyCsp){
oOption = document.createElement("OPTION");
oOption.text = objCSPs.ItemByIndex(i).Name;
oOption.value = objCSPs.ItemByIndex(i).Type;
document.getElementById("cspfield").add(oOption);
}
}
}else{
//Pre-Vista path, use Xenroll APIs
certmgr.providerType = 1;
i = 0;
csp = "";
csp = certmgr.enumProviders(i,0);
sv = "SELECTED";
if(csp.length == 0){
errmsg = "Your PC needs a Windows upgrade before certificates " +
"can be requested. Click the 'Tools' option on the browser " +
"menu then 'Windows Update' to retrieve the upgrade. ";
alert(errmsg);
}
var sel = document.getElementById('cspfield');
while(csp.length != 0){
var opt = document.createElement('option');
opt.innerHTML = csp;
opt.value = 1;
opt.text = csp;
opt.selected = sv;
sel.appendChild(opt);
i = i+1;
csp = "";
try{
csp = certmgr.enumProviders(i,0);
}catch(err){
break
}
sv = "";
}
//Added for CertEnroll.
}
}catch (e) {
//handle
alert("Failed to load CSPs");
}
}
//->
</SCRIPT>
<p><LABEL for="cspfield">Cryptographic Service Provider </LABEL> <!- @LUM ->
<select name="CSP" id="cspfield"> <!- @LUM ->
</select>
<p> <LABEL for="strongprotfield">Enable strong private key
protection? </LABEL>
<select name="KeyProt" id="strongprotfield">
<option value="1">Yes</option>
<option value="0" selected>No</option>
</select>
<input type="hidden" name="PublicKey" value="">
<p>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidPublicKey(frm){
SendReq();
if (document.CertReq.PublicKey.value == "")
return false;
else
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#
#- Added new RenewKeySetNS insert which implements the
#- ValidRenewKeySet function for Netscape/Mozilla based
#- browsers. Just returns true @01A
#
<INSERT NAME=-RenewKeySetNS>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRenewKeySet(frm){
return true;
}
//->
</SCRIPT>
</INSERT>
#
#- Added new RenewKeySetIE insert which implements the
#- ValidRenewKeySet function for MSIE browsers. @01A
#
<INSERT NAME=-RenewKeySetIE>
<!-Removed CAPICOM support 158@LUD ->
<SCRIPT LANGUAGE="JavaScript">
<!-
function ActiveXRenewKeySet()
{ // @LKA
var flag = document.getElementById("autorenflag").value; // @DFA
if(flag == 0) // @DFA
var b64cert = "[iecert]"; // @DFA
else // @DFA
var b64cert = document.getElementById("b64cert").value; // @DFA
var certlen = b64cert.length;
var OS = navigator.userAgent;
var flag1 = false;
var flag2 = false;
if (OS.indexOf("Windows NT 5")!=-1) {
myax = document.getElementById("xenrollreq");
if(myax && myax.object)
{
flag1 = true;
}
else
{
return 1;
}
if(flag1 == true)
{
try {
xenrollreq.CreateXEnrollRequest(b64cert,certlen);
return 0;
}
catch(e) {
alert("PKI ActiveX failed\n" + e.description + "\nContact your PKI administrator");
return 1;
}
}
}
else
{
myax = document.getElementById("cenrollreq");
if(myax && myax.object)
{
flag2 = true;
}
else
{
return 1;
}
if(flag2 == true)
{
try {
cenrollreq.CreateCEnrollRequest(b64cert,certlen);
return 0;
}
catch(e) {
alert("PKI ActiveX failed\n" + e.description + "\nContact your PKI administrator");
return 1;
}
}
}
}
->
</SCRIPT>
<input type="hidden" name="PublicKey" value="">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRenewKeySet(frm){
// 4D@LKA
// - The ValidRenewKeySet function has been modified to call the
//- ActiveXRenewKeySet function for MS IE browsers invokes.
//- On Failure the RenewKeySet function is invoked and handles
//- the different results based on the user's responses and
//- capabilities of the user's machine.
var flag = document.getElementById("autorenflag").value; // @DFA
var res = ActiveXRenewKeySet(); // @LKA
if(res == 0)
return true;
else
{
// PKI ActiveX failed
var os = document.getElementById("osname").value; //19@LUD
if(os == "XP")
{
var confirmstr = "Click OK to install PKIXEnroll ActiveX Control to renew
certificates or Cancel to cancel the renew.";
}
else
{
var confirmstr = "Click OK to install PKICEnroll ActiveX Control to renew
certificates or Cancel to cancel the renew.";
}
var result = confirm(confirmstr);
if(result == true)
{
if(os == "XP")
{
window.location = "/PKIServ/PKIXEnroll/PKIXEnrollDeploy.msi";
}
else
{
window.location = "/PKIServ/PKICEnroll/PKICEnrollDeploy.msi";
}
}
else
{
alert("PKI ActiveX Control has to be used to renew and install certificates");
return false;
}
// 4@LUD
}
}
//->
</SCRIPT>
</INSERT>
# =====================================================================
#
# X.509 fields (INSERTs) that require customization before being used
#
# =====================================================================
# =====================================================================
# INSERT NAME=AltOther_<OID>
# Here it shows two 'AltOther' INSERTs. You may add as many as you need.
# The name of this INSERT is built with the string 'AltOther_',
# concatenated with an underscore(_) separated OID that you need.
# You may have more than one input fields. But the total length of the
# fields together with the length of the OID and the comma can not exceed
# 255.
# The result AltOther field is built by concatenating the dot(.) separated
# OID, which matches this INSERT name, a comma, and the value(s) of the
# input field(s).
# Eg., in AltOther_1_2_3_4_5, the AltOther field is:
# 1.2.3.4.5,<value of Other1a>
# Eg., in AltOther_1_2_3_4_6, the AltOther field is:
# 1.2.3.4.6,<value of Other2a><value of Other2b>
#
# Structure:
# 1) INSERT NAME - 'AltOther_' + <n1_n2_n3_n4_n5>
# 2) a hidden INPUT field with the same name as the INSERT NAME. It
# is used to hold the AltOther field value to be included in the
# certificate.
# 3) input field(s), with substitution variables [optfield] and [readonly].
# [optfield] is used to control whether the field is an optional field.
# [readonly] is used to control the display mode of the field: if the
# field is on a web page requesting input, it will be assigned with
# NULL, if it is on a web page for displaying request/certificate AltOther
# information, it will be assigned with the HTML attribute 'READONLY'.
# 4) a hidden INPUT field with name 'altrawstring_' + <n1_n2_n3_n4_n5>.
# Its value is a substitution variable [altrawvalue] which
# is used to hold the result of the returned value of the AltOther,
# excluding the OID and the comma. This is used for displaying the
# AltOther information in a request or a certificate after it is
# generated.
# 5) a JavaScript which will be called at load time. It contains the
# parsing logic to parse the result obtained in 4) back into
# individual input field(s) when the AltOther information
# is displayed. Make sure the parsing logic matches the input
# field(s) format.
# 6) a JavaScript function with the name built with a string
# 'ValidAltOther_' + <n1_n2_n3_n4_n5>. The name must be of this format.
# Unlike the other validate functions in the other INSERTs which validate
# user input(s) only, it also sets the variable specified in 2) above.
# It concatenates the OID(n1.n2.n3.n4.n5) and value(s) of all the input
# field(s).
# You may customize different validation logic needed to validate
# the input field(s).
# The validation logic shown in the samples include:
# - validate the required field(s) is/are filled
# - validate the length of the input(s)
# - pad the optional field(s) with preset value(s), if there is more
# than one input field
# =====================================================================
#
# =====================================================================
# Sample AltOther INSERT with one input field
# =====================================================================
<INSERT NAME=AltOther_1_2_3_4_5>
<INPUT NAME="AltOther_1_2_3_4_5" TYPE="hidden" maxlength="255">
<p> Other Name for alternate name: <BR>
<p> <LABEL for="other1afield">Customer's account number (11 digits)
[optfield] </LABEL> <BR>
<INPUT NAME="Other1a" TYPE="text" SIZE=11 maxlength="11" [readonly]
id="other1afield">
<INPUT NAME="altrawstring_1_2_3_4_5" TYPE="hidden" VALUE="[altrawvalue]">
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the script that will be called at load time.
var form=document.forms[0]
if (form.altrawstring_1_2_3_4_5.value.length > 0) {
//The name 'Other<x>' needs to match with the above INPUT NAME.
//Substr(start position, length)
form.Other1a.value=form.altrawstring_1_2_3_4_5.value.substr(0,11)
}
//->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the validation script
function ValidAltOther_1_2_3_4_5(frm){
if (("[optfield]" == "" && frm.Other1a.value.length != 11) ||
("[optfield]" !="" && frm.Other1a.value != "" && frm.Other1a.value.length != 11)) {
alert("Enter 11 digit account number.");
frm.Other1a.focus();
return false;
}
//Build the entire AltOther field.
if (frm.Other1a.value != "")
frm.AltOther_1_2_3_4_5.value = "1.2.3.4.5," + frm.Other1a.value ;
else
frm.AltOther_1_2_3_4_5.value = "";
return true;
}
//->
</SCRIPT>
</INSERT>
# =====================================================================
# Sample AltOther INSERT with two input fields
# =====================================================================
<INSERT NAME=AltOther_1_2_3_4_6>
<INPUT NAME="AltOther_1_2_3_4_6" TYPE="hidden" maxlength="255">
<p> Other Name for alternate name: <BR>
<p> <LABEL for="other2afield">Customer's driver license number (9 digits)
[optfield] </LABEL> <BR>
<INPUT NAME="Other2a" TYPE="text" SIZE=9 maxlength="9" [readonly]
id="other2afield">
<p> <LABEL for="other2bfield">Customer's driver license expiration date
(yyyymmdd) [optfield] </LABEL> <BR>
<INPUT NAME="Other2b" TYPE="text" SIZE=8 maxlength="8" [readonly]
id="other2bfield">
<INPUT NAME="altrawstring_1_2_3_4_6" TYPE="hidden" VALUE="[altrawvalue]">
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the script that will be called at load time.
var form=document.forms[0]
if (form.altrawstring_1_2_3_4_6.value.length > 0) {
//The name 'Other<x>' needs to match with the above INPUT NAME.
//Substr(start position, length)
form.Other2a.value=form.altrawstring_1_2_3_4_6.value.substr(0,9)
form.Other2b.value=form.altrawstring_1_2_3_4_6.value.substr(9,8)
}
//->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the validation script
function ValidAltOther_1_2_3_4_6(frm){
if (("[optfield]" == "" && frm.Other2a.value.length != 9) ||
("[optfield]" !="" && frm.Other2a.value != "" && frm.Other2a.value.length != 9)) {
alert("Enter 9 digit license number.");
frm.Other2a.focus();
return false;
}
if (("[optfield]" == "" && frm.Other2b.value.length != 8) ||
("[optfield]" !="" && frm.Other2b.value != "" && frm.Other2b.value.length != 8)) {
alert("Enter date format yyyymmdd.");
frm.Other2b.focus();
return false;
}
if ("[optfield]" =="" && frm.Other2a.value == "" &&
frm.Other2b.value == "") {
alert("You must input at least one of the fields.");
frm.Other2a.focus();
return false;
}
//Pad the empty field with desired value for optional fields
if ("[optfield]" !="") {
if (frm.Other2a.value == "" && frm.Other2b.value != "") {
frm.Other2a.value = "000000000";
}
else if (frm.Other2b.value == "" && frm.Other2a.value != "") {
frm.Other2b.value = "00000000";
}
}
//Build the entire AltOther field.
if (frm.Other2a.value != "" && frm.Other2b.value != "")
frm.AltOther_1_2_3_4_6.value = "1.2.3.4.6," + frm.Other2a.value +
frm.Other2b.value;
else
frm.AltOther_1_2_3_4_6.value = "";
return true;
}
//->
</SCRIPT>
</INSERT>
<INSERT NAME=UnstructName>
<div role="region" aria-label="Unstructured Name">
<p> <LABEL for="unstructnamefield">Unstructured device name
[optfield] </LABEL> <BR>
<INPUT NAME="UnstructName" TYPE="text" SIZE=64 maxlength="64"
id="unstructnamefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidUnstructName(frm){
if ("[optfield]" == "" && frm.UnstructName.value == "") {
alert("Enter required field."); frm.UnstructName.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=UnstructAddr>
<div role="region" aria-label="Unstructured Address">
<p> <LABEL for="unstructaddrfield">Unstructured device address
[optfield] </LABEL> <BR>
<INPUT NAME="UnstructAddr" TYPE="text" SIZE=64 maxlength="64"
id="unstructaddrfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidUnstructAddr(frm){
if ("[optfield]" == "" && frm.UnstructAddr.value == "") {
alert("Enter required field."); frm.UnstructAddr.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=SerialNumber>
<div role="region" aria-label="Serial Number">
<p> <LABEL for="serialnumberfield">Device serial number
[optfield] </LABEL> <BR>
<INPUT NAME="SerialNumber" TYPE="text" SIZE=64 maxlength="64"
id="serialnumberfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSerialNumber(frm){
if ("[optfield]" == "" && frm.SerialNumber.value == "") {
alert("Enter required field."); frm.SerialNumber.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
# =====================================================================
# Sample AltOther INSERT for Windows Logon
# =====================================================================
<INSERT NAME=AltOther_1_3_6_1_4_1_311_20_2_3>
<INPUT NAME="AltOther_1_3_6_1_4_1_311_20_2_3" TYPE="hidden" maxlength="255">
<p> Other Name for alternate name: <BR>
<p> <LABEL for="other3afield">User Principal Name (max 50 chars)
[optfield] </LABEL> <BR>
<INPUT NAME="Other3a" TYPE="text" SIZE=50 maxlength="50" [readonly]
id="other3afield">
<INPUT NAME="altrawstring_1_3_6_1_4_1_311_20_2_3" TYPE="hidden"
VALUE="[altrawvalue]">
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the script that will be called at load time.
var form=document.forms[0]
if (form.altrawstring_1_3_6_1_4_1_311_20_2_3.value.length > 0) {
//The name 'Other<x>' needs to match with the above INPUT NAME.
//Substr(start position, length)
form.Other3a.value=form.altrawstring_1_3_6_1_4_1_311_20_2_3.value
}
//->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the validation script
function ValidAltOther_1_3_6_1_4_1_311_20_2_3(frm){
if ("[optfield]" == "" && frm.Other3a.value == "") {
alert("Enter User Principal Name.");
frm.Other3a.focus();
return false;
}
if (frm.Other3a.value != "") {
// Verify the UPN has an atsign('@'), and that it is not
// in either the first or last character position.
if ((frm.Other3a.value.indexOf("@") <= 0)
|| (frm.Other3a.value.indexOf("@") == frm.Other3a.value.length-1)
) {
alert("Enter User Principal Name in the form of id@domain.");
frm.Other3a.focus();
return false;
}
}
//Build the entire AltOther field.
if (frm.Other3a.value != "")
frm.AltOther_1_3_6_1_4_1_311_20_2_3.value = "1.3.6.1.4.1.311.20.2.3,"
+ frm.Other3a.value;
else
frm.AltOther_1_3_6_1_4_1_311_20_2_3.value = "";
return true;
}
//->
</SCRIPT>
</INSERT>
# =====================================================================
# Sample Custom Extension INSERT @LHA
# =====================================================================
# Here it shows one 'CustomExt' INSERT. You may add as many as you need.
# Structure:
#
# 1) INSERT NAME with format:
# the string 'CustomExt_'||_ separated OID||'_'||
# the critical flag in upper case: 'N' or 'C'||'_'||
# the encode type in upper case: 'INT','PRT','IA5','BMP' or 'OCT'
# 2) a hidden INPUT field with the same name as the INSERT NAME. It
# is used to hold the CustomExt field value to be included in the
# certificate.
# 3) input field(s), with substitution variables [optfield] and [readonly].
# [optfield] is used to control whether the field is an optional field.
# [readonly] is used to control the display mode of the field: if the
# field is on a web page requesting input, it will be assigned with
# NULL, if it is on a web page for displaying request/certificate CustomExt
# information, it will be assigned with the HTML attribute 'READONLY'.
# 4) a hidden INPUT field with name similar to the INSERT name, except
# 'CustomExt_' is replaced by 'customstring_'
# Its value is a substitution variable [custvalue] which
# is used to hold the result of the returned value of the CustomExt,
# excluding the OID, the critical flag, the encode type and the
# commas. This is used for displaying the CustomExt information in
# a request or a certificate after it is generated.
# 5) a JavaScript which will be called at load time. It contains the
# parsing logic to parse the result obtained in 4) back into
# individual input field(s) when the CustomExt information
# is displayed. Make sure the parsing logic matches the input
# field(s) format.
# 6) a validation JavaScript function with the name built with a string
# similar to the INSERT name except the part 'CustomExt' is
# replaced by 'ValidCustomExt_'
# Unlike the other validate functions in the other INSERTs which validate
# user input(s) only, it also sets the variable specified in 2) above.
# It concatenates the OID, the critical flag, the encode type,
# and the value(s) of all the input field(s).
# You may customize different validation logic needed to validate
# the input field(s).
# The validation logic shown in the sample include:
# - validate the required field(s) is/are filled
# - validate '@' is not in the input
# =====================================================================
<INSERT NAME=CustomExt_1_3_6_1_4_1_311_20_2_N_BMP>
<INPUT NAME="CustomExt_1_3_6_1_4_1_311_20_2_N_BMP" TYPE="hidden" maxlength="16">
<p> Custom Extension: <BR>
<p> <LABEL for="custom1field">Certificate template name
[optfield] </LABEL> <BR>
<INPUT NAME="Custom1" TYPE="text" SIZE=16 maxlength="16" [readonly]
id="custom1field">
<INPUT NAME="customstring_1_3_6_1_4_1_311_20_2_N_BMP" TYPE="hidden" VALUE="[custvalue]">
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the script that will be called at load time.
var form=document.forms[0]
if (form.customstring_1_3_6_1_4_1_311_20_2_N_BMP.value.length > 0) {
//The name 'Custom<x>' needs to match with the above INPUT NAME.
//Substr(start position, length)
form.Custom1.value=form.customstring_1_3_6_1_4_1_311_20_2_N_BMP.value.substr(0,16)
}
//->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!-
//This is the validation script
function ValidCustomExt_1_3_6_1_4_1_311_20_2_N_BMP(frm){
if ("[optfield]" == "" && frm.Custom1.value == "") {
alert("Enter Certificate Template Name.");
frm.Custom1.focus();
return false;
}
if (frm.Custom1.value != "") {
// Verify the input value, eg. it must not contain an atsign('@')
if ((frm.Custom1.value.indexOf("@") >= 0))
{
alert("Invalid format - no '@' allowed.");
frm.Custom1.focus();
return false;
}
}
//Build the Custom Extension field.
if (frm.Custom1.value != "")
frm.CustomExt_1_3_6_1_4_1_311_20_2_N_BMP.value =
"1.3.6.1.4.1.311.20.2,N,BMP," + frm.Custom1.value;
else
frm.CustomExt_1_3_6_1_4_1_311_20_2_N_BMP.value = "";
return true;
}
//->
</SCRIPT>
</INSERT>
# =====================================================================
#
# non-X.509 certificate request fields (INSERTs)
#
# =====================================================================
#
<INSERT NAME=UserId>
<div role="region" aria-label="User ID">
<p> <LABEL for="safuseridfield">Owning SAF User ID [optfield]
</LABEL> <BR>
<INPUT NAME="UserId" TYPE="text" SIZE=8 maxlength="8"
id="safuseridfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidUserId(frm){
if ("[optfield]" == "" && frm.UserId.value == "") {
alert("Enter required field."); frm.UserId.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Label>
<div role="region" aria-label="Label">
<p> <LABEL for="labelfield">Label assigned to certificate being
requested [optfield] </LABEL> <BR>
<INPUT NAME="Label" TYPE="text" SIZE=32 maxlength="32"
id="labelfield">
<SCRIPT LANGUAGE="JavaScript">
<!
function ValidLabel(frm){
if ("[optfield]" == "" && frm.Label.value == "") {
alert("Enter required field."); frm.Label.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Requestor>
<div role="region" aria-label="Requestor">
<p> <LABEL for="requestorfield">Your name for tracking this request
[optfield] </LABEL> <BR>
<INPUT NAME="Requestor" TYPE="text" SIZE=32 maxlength="32"
id="requestorfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRequestor(frm){
if ("[optfield]" == "" && frm.Requestor.value == "") {
alert("Enter required field."); frm.Requestor.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Requestor2>
<div role="region" aria-label="Requestor Email">
<p> <LABEL for="requestor2field">Enter the requestor's email address
[optfield] </LABEL> <BR>
<INPUT NAME="Requestor" TYPE="text" SIZE=32 maxlength="32"
id="requestor2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRequestor2(frm){
if ("[optfield]" == "" && frm.Requestor.value == "") {
alert("Enter required field."); frm.Requestor.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=PassPhrase> 7
<div role="region" aria-label="Password">
<p> <LABEL for="passphrasefield">Pass phrase for securing this request.
You will need to supply this value when retrieving your certificate
[optfield] </LABEL> <BR>
#@DKC
<INPUT NAME="PassPhrase" TYPE="password" SIZE=32 maxlength="32"
id="passphrasefield" autocomplete="off"> <BR>
<p> <LABEL for="passphrase2field">Reenter your pass phrase to
confirm </LABEL> <BR>
#@DKC
<INPUT NAME="ConfirmPassPhrase" TYPE="password" SIZE=32
maxlength="32" id="passphrase2field" autocomplete="off">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidPassPhrase(frm){
if ("[optfield]" == "" && frm.PassPhrase.value == "") {
alert("Enter required field."); frm.PassPhrase.focus();
return false;
}
if ("[optfield]" == "" && frm.ConfirmPassPhrase.value == "") {
alert("Reenter the pass phrase."); frm.ConfirmPassPhrase.focus();
return false;
}
if (frm.PassPhrase.value != frm.ConfirmPassPhrase.value) {
alert("Passwords don't match. Reenter."); frm.PassPhrase.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=ChallengePassPhrase>
<div role="region" aria-label="Pass Phrase">
<p> <LABEL for="challengefield">If you specified a pass phrase when
submitting the certificate request, type it here, exactly as you
typed it on the request form </LABEL> <BR>
#@DKC
<INPUT NAME="ChallengePassPhrase" TYPE="password" SIZE=32
maxlength="32" id="challengefield" autocomplete="off">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidChallengePassPhrase(frm){
if ("[optfield]" == "" && frm.ChallengePassPhrase.value == "") {
alert("Enter required field."); frm.ChallengePassPhrase.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#@DKC
<INSERT NAME=-ChallengePassPhrase2>
<div role="region" aria-label="Re-enter Pass Phrase">
<p> <LABEL for="challenge2field">Enter the same pass phrase as on
the request form </LABEL> <BR>
<INPUT NAME="ChallengePassPhrase" TYPE="password" SIZE=32
maxlength="32" id="challenge2field" autocomplete="off">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidChallengePassPhrase2(frm){
if ("[optfield]" == "" && frm.ChallengePassPhrase.value == "") {
alert("Enter required field."); frm.ChallengePassPhrase.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
# HostIdMap is a repeatable field. If more than one is needed, a
# separate INSERT, which can be modelled from this one, is needed.
# See INSERT NAME=HostIdMap2 for an example.
<INSERT NAME=HostIdMap>
<div role="region" aria-label="Host ID Map">
<p> <LABEL for="hostidmapfield">HostIdMapping Extension value in
subject-id@host-name form [optfield] </LABEL> <BR>
<INPUT NAME="HostIdMap" TYPE="text" SIZE=100 maxlength="100"
id="hostidmapfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidHostIdMap(frm){
if ("[optfield]" == "" && frm.HostIdMap.value == "") {
alert("Enter required field."); frm.HostIdMap.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=HostIdMap2>
<div role="region" aria-label="Host ID Map 2">
<p> <LABEL for="hostidmap2field">HostIdMapping Extension value in
subject-id@host-name form [optfield] </LABEL> <BR>
<INPUT NAME="HostIdMap2" TYPE="text" SIZE=100 maxlength="100"
id="hostidmap2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidHostIdMap2(frm){
if ("[optfield]" == "" && frm.HostIdMap2.value == "") {
alert("Enter required field."); frm.HostIdMap2.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=-TransactionId>
<div role="region" aria-label="Transaction ID">
<p> <LABEL for ="TransactionIdfield">Enter the assigned transaction
ID [optfield]</LABEL> <BR>
<INPUT NAME="TransactionId" TYPE="text" SIZE=56 maxlength="56"
VALUE="[transactionid]" id = "TransactionIdfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidTransactionId(frm){
if ("[optfield]" == "" && frm.TransactionId.value == "") {
alert("Enter required field."); frm.TransactionId.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=NotifyEmail>
<div role="region" aria-label="Notify Email">
<p> <LABEL for="notifyemailfield">Email address for notification
purposes [optfield] </LABEL> <BR>
<INPUT NAME="NotifyEmail" TYPE="text" SIZE=64 MAXLENGTH="64"
id="notifyemailfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidNotifyEmail(frm){
if ("[optfield]" == "" && frm.NotifyEmail.value == "") {
alert("Enter required field."); frm.NotifyEmail.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#@LEA
<INSERT NAME=-RecoverEmail>
<div role="region" aria-label="Recover Email">
<p> <LABEL for="recoveremailfield">Enter the email address when the
original certificate was requested [optfield] </LABEL> <BR>
<!- @DIC ->
<INPUT NAME="RecoverEmail" TYPE="text" MAXLENGTH=32 SIZE=32
id="recoveremailfield" VALUE="[requestoremail]">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRecoverEmail(frm){
if ("[optfield]" == "" && frm.RecoverEmail.value == "") {
alert("Enter required field."); frm.RecoverEmail.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#@LGA
<INSERT NAME=-RecoverEmail2>
<div role="region" aria-label="Recover Email Two">
<p> <LABEL for="recoveremail2field">Enter the email address when the
original certificate was requested [optfield] </LABEL> <BR>
<INPUT NAME="RecoverEmail" TYPE="text" MAXLENGTH=32 SIZE=32
VALUE="[requestor]" id="recoveremail2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidRecoverEmail(frm){
if ("[optfield]" == "" && frm.RecoverEmail.value == "") {
alert("Enter required field."); frm.RecoverEmail.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=SelectCADomain>
<div role="region" aria-label="Select CA Domain">
<p> <LABEL for="selectcadomfield">Select the CA domain to work with
</LABEL>
<SELECT NAME="domain" id="selectcadomfield">
# rename and replicate the following line for every CA domain and
# determine which one should be SELECTED by default, if any
<OPTION VALUE="Customers" SELECTED>Customers
</SELECT>
</div>
</INSERT>
# Changed name of insert from SmartCardNS to PublicKey2NS to match
# CGI scripts @LDC
# Added the confirmaton dialog box and <keygen> html tag @LJA
<INSERT NAME=PublicKey2NS>
<div role="region" aria-label="Public Key2 NS">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSmartcard(frm){
var message = "Make sure you have Smart Card(s) installed and loaded \
on the browser. Choose the appropriate Smart Card device from the upcoming \
option list. If you cannot confirm a smart card is configured, click Cancel."
var response = confirm(message);
if(response == true)
return true;
else
{
history.back();
return false;
}
}
//->
</SCRIPT>
<p><LABEL for="keygentag2"> Select a key size</LABEL>
<KEYGEN NAME="PublicKey" id="keygentag2">
</div>
</INSERT>
# Changed name of insert from SmartCardIE to PublicKey2IE to match
# CGI scripts @LDC
<INSERT NAME=PublicKey2IE>
<div role="region" aria-label="Public Key2 IE">
#Converted VBScript to JavaScript @LUC
<SCRIPT LANGUAGE="JavaScript">
<!-
function SendReq(){
var pkcs10data,DN,i,Message,CommonName;
var objEnroll;
DN= "";
CommonName= "Unspecified Distinguished Name";
DN= "CN=" + CommonName + ";";
pkcs10data = "";
try{
objEnroll = g_objWCF.CreateObject("X509Enrollment.CX509Enrollment");
}catch(err){
objEnroll = null;
}
if(objEnroll !== null && typeof objEnroll === 'object'){
// This is the Vista and above path which uses CertEnroll API
var objPrivateKey;
var objRequest;
var objName;
try{
objPrivateKey = g_objWCF.CreateObject("X509Enrollment.CX509PrivateKey");
}catch(err){
Message = "Error creating Private Key object: \n" + err.description;
alert(Message);
return;
}
try{
objRequest = g_objWCF.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10");
}catch(err){
Message = "Error creating Request object: \n" + err.description;
alert(Message);
return;
}
i = document.getElementById("smartcardcspfield").options.selectedIndex;
objPrivateKey.ProviderName = document.getElementById("smartcardcspfield").options(i).text;
objPrivateKey.ProviderType = document.getElementById("smartcardcspfield").options(i).value;
objPrivateKey.KeySpec = 1; // XCN_AT_KEYEXCHANGE
try{
objRequest.InitializeFromPrivateKey( 1, objPrivateKey, "");
}catch(err){
Message = "Error initializing request from private key " + err.description;
alert(Message);
return;
}
try{
objName = g_objWCF.CreateObject("X509Enrollment.CX500DistinguishedName");
}catch(err){
Message = "Error creating X500DistinguishedName object: \n" + err.description;
alert(Message);
return;
}
try{
objName.Encode(DN);
}catch(err){
Message = "Error encoding the subject distinguished name \n" + err.description;
alert(Message);
return;
}
try{
objRequest.Subject = objName;
}catch(err){
Message = "Error setting the subject name in request " + err.description;
alert(Message);
return;
}
try{
objEnroll.InitializeFromRequest( objRequest )
}catch(err){
Message = "Error initializing Enrollment object from request: " + err.description;
alert(Message);
return;
}
pkcs10data = objEnroll.CreateRequest(1); // XCN_CRYPT_STRING_BASE64
}else{
// This is the non-Vista path which uses Xenroll APIs
var keyprotflag;
certmgr.KeySpec = 1;
KeyUsage = "1.3.6.1.5.5.7.3.2";
i = document.getElementById("smartcardcspfield").options.selectedIndex;
certmgr.providerName = document.getElementById("smartcardcspfield").options(i).text;
certmgr.providerType = document.getElementById("smartcardcspfield").options(i).value;
certmgr.GenKeyFlags = 0;
pkcs10data = certmgr.CreatePKCS10(DN, KeyUsage);
// - added during CertEnroll update. 2@LDA
}
document.CertReq.PublicKey.value = pkcs10data;
if(pkcs10data.length <= 0){
alert("PKCS10 Creation Failed");
}
}
//->
</SCRIPT>
<p> <LABEL for="smartcardcspfield">Select from the following installed
smartcard providers </LABEL> <br>
<select name="CSP" id="smartcardcspfield">
#Converted VBScript to JavaScript @LUC
<SCRIPT LANGUAGE="JavaScript">
<!-
function LoadCSPs(){
try {
var i;
var csp;
var sv;
//Modifications for CertEnroll API enrollment process.
var objCSPs;
var oOption;
var provider;
var errmsg;
try{
objCSPs = g_objWCF.CreateObject("X509Enrollment.CCspInformations");
}catch(err){
objCSPs = null;
}
if(objCSPs !== null && typeof objCSPs === 'object'){
//Vista and above path, use CertEnroll APIs
objCSPs.AddAvailableCsps();
for(i=0 ; i < objCSPs.Count;i++){
//Only include Legacy(Crypto API) providers at this time
if(objCSPs.ItemByIndex(i).LegacyCsp){
provider = objCSPs.ItemByIndex(i).Name.toLowerCase();
if((provider.indexOf("smart") > 0) || (provider.indexOf("card") > 0)){
oOption = document.createElement("OPTION");
oOption.text = objCSPs.ItemByIndex(i).Name;
oOption.value = objCSPs.ItemByIndex(i).Type;
document.getElementById("smartcardcspfield").add(oOption);
}
}
}
}else{
//Pre-Vista path, use Xenroll APIs
certmgr.providerType = 1;
i = 0;
csp = "";
csp = certmgr.enumProviders(i,0);
sv = "SELECTED";
if(csp.length == 0){
errmsg = "Your PC needs a Windows upgrade before certificates " +
"can be requested. Click the 'Tools' option on the browser " +
"menu then 'Windows Update' to retrieve the upgrade. ";
alert(errmsg);
}
var sel = document.getElementById('smartcardcspfield');
while(csp.length != 0){
//=======================================================
//
// Edit this If statement to add or remove smartcard
// providers as desired
//
//=======================================================
if((csp.substring(0,7) == "Datakey") ||
(csp.substring(0,7) == "Gemplus") ||
(csp.substring(0,6) == "Athena") ||
(csp.substring(0,16) == "Infineon SICRYPT") ||
(csp.substring(0,12) == "Schlumberger")){
var opt = document.createElement('option');
opt.innerHTML = csp;
opt.value = 1;
opt.text = csp;
sel.appendChild(opt);
}
i = i+1;
csp = "";
try{
csp = certmgr.enumProviders(i,0);
}catch(err){
break
}
sv = "";
}
//Added for CertEnroll.
}
}catch (e) {
alert("Failed to load CSPs");
}
}
//->
</SCRIPT>
</select>
<input type="hidden" name="PublicKey" value="">
<p>
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSmartcard(frm){
SendReq()
if (document.CertReq.PublicKey.value == "")
return false;
else
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################################
#
# This INSERT is for preregistration only
#
#####################################################################
<INSERT NAME=ClientName>
<div role="region" aria-label="Client Name">
<p> <LABEL for="clientnamefield">The name of the person or device that
the certificate represents </LABEL> <BR>
<INPUT NAME="ClientName" TYPE="text" SIZE=64 maxlength="64"
id="clientnamefield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidClientName(frm){
if (frm.ClientName.value == "") {
alert("Enter required field."); frm.ClientName.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################
# #
# This INSERT is for PKI generated key request only #
# @LIC #
#####################################################
<INSERT NAME=KeySize>
<div role="region" aria-label="Key Size Field">
<p> <LABEL for="keysizefield">Select the key type and key size
</LABEL> <BR>
<SELECT NAME="KeySize" id="keysizefield">
#1@LQD
<OPTION VALUE="RSA - 1024">RSA - 1024
<OPTION VALUE="RSA - 2048">RSA - 2048
<OPTION VALUE="RSA - 4096">RSA - 4096
<OPTION VALUE="NISTECC - 192">NISTECC - 192
<OPTION VALUE="NISTECC - 224">NISTECC - 224
<OPTION VALUE="NISTECC - 256">NISTECC - 256
<OPTION VALUE="NISTECC - 384">NISTECC - 384
<OPTION VALUE="NISTECC - 521">NISTECC - 521
<OPTION VALUE="BPECC - 160">BPECC - 160
<OPTION VALUE="BPECC - 192">BPECC - 192
<OPTION VALUE="BPECC - 224">BPECC - 224
<OPTION VALUE="BPECC - 256">BPECC - 256
<OPTION VALUE="BPECC - 320">BPECC - 320
<OPTION VALUE="BPECC - 384">BPECC - 384
<OPTION VALUE="BPECC - 512">BPECC - 512
</SELECT>
<SCRIPT LANGUAGE="JavaScript">
<!-
// Because keysize is a single select field, it will always have a
// value, therefore we do not need to check if a required field was
// provided. Also, we assume that only valid values are included in
// the selection options.
function ValidKeySize(frm)
{
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################
# #
# These INSERTs are used to assist the recovery of #
# the certificate whose key is generated by PKI. #
# You can add as many as you want. Start from #
# Security1, then Security2 ... Securityn and so on.#
# These are meant to be used by the GENCERT/REQCERT #
# and QRECOVER exits. #
# The number of these questions must match to that #
# handled by the exits. #
# @LEA #
#####################################################
<INSERT NAME=Security1>
<div role="region" aria-label="Security Question One">
<p> <LABEL for="security1field">What's the intended use of this
certificate? [optfield] </LABEL> <BR>
<INPUT NAME="Security1" TYPE="text" SIZE=100 maxlength="100"
id="security1field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSecurity1(frm){
if ("[optfield]" == "" && frm.Security1.value == "") {
alert("Enter required field."); frm.Security1.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
<INSERT NAME=Security2>
<div role="region" aria-label="Security Question Two">
<p> <LABEL for="security2field">What's the name of your elementary
school? [optfield] </LABEL> <BR>
<INPUT NAME="Security2" TYPE="text" SIZE=100 maxlength="100"
id="security2field">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidSecurity2(frm){
if ("[optfield]" == "" && frm.Security2.value == "") {
alert("Enter required field."); frm.Security2.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
####################################################################
# #
# Additional section #
# #
####################################################################
<INSERT NAME=-copyright>
<META HTTP-EQUIV="Content-Type" content="text/html; charset=ISO-8859-1">
<!-
/********************************************************************/
/* */
/* Licensed Materials - Property of IBM */
/* 5650-ZOS */
/* Copyright IBM Corp. 2001, 2015 */
/* */
/********************************************************************/
->
</INSERT>
<INSERT NAME=-pagefooter>
<div role="region" aria-label="Contact Email">
<A HREF="mailto:webmaster@your-company">
email: webmaster@your-company.com</A>
</div>
</INSERT>
#####################################################################
#
# This INSERT is for Installation of Auto Renewed certificate // @DFA
#
#####################################################################
#Converted VBScript to JavaScript 74@LUC
<INSERT NAME=InstallCert>
<SCRIPT LANGUAGE="JavaScript">
<!-
function installCert(){
//
//Function Call to install Certificate after the creation of the renewal request
//-
var msg;
var pkcs7data, errmsg, rc;
// Added for CertEnroll API processing.
var objEnroll;
var temp;
var beginlen;
var beginpos;
var begintag;
try{
var pkcs7data = document.getElementById("b64cert").value;
//Remove begin certificate tag
begintag = "-BEGIN CERTIFICATE-"
if(pkcs7data.indexOf(begintag) >= 0){
temp = pkcs7data;
beginlen = begintag.length;
beginpos = temp.indexOf(begintag) + beginlen;
pkcs7data = temp.substring(beginpos);
}
// CertEnroll.dll API additions follow.
try{
objEnroll = g_objWCF.CreateObject("X509Enrollment.CX509Enrollment");
}catch(err){
objEnroll = null;
}
if(objEnroll !== null && typeof objEnroll === 'object'){
try{
//Vista and above path, use CertEnroll APIs
objEnroll.Initialize(1); // ContextUser
}catch(err){
errmsg = "Error Initializing Enrollment object. " + err.description;
alert(errmsg);
return 1;
}
try{
objEnroll.InstallResponse(0, pkcs7data, 1, "");
}catch(err){
errmsg = "Error Installing Response. " + err.description;
alert(errmsg);
return 1;
}
}else{
try{
//Pre-Vista path, use Xenroll APIs
certmgr.DeleteRequestCert = false;
certmgr.WriteCertToCSP = true;
certmgr.acceptPKCS7(pkcs7data);
}catch(err){
certmgr.WriteCertToCSP = false;
certmgr.acceptPKCS7(pkcs7data);
}
//Added during CertEnroll API processing modification.
}
}catch(err){
errmsg = "Your new certificate failed to install. " +
"Please ensure that you are using the same browser " +
"that you used when making the certificate request. " +
"Also ensure that PKI ActiveX is installed.";
alert(errmsg);
return;
}
errmsg = "Your new certificate installed successfully.";
alert(errmsg);
return 0;
}
// ->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!-
// Function to create the renewal request. If successful, go ahead and
// call the VB script function to install the certificate on the browser
function InstallCertificate()
{
// return failure if certificate not present
if(document.getElementById("b64cert").value == "")
{
alert("Auto Renew Certificate Install failed - Missing required base64 certificate");
document.getElementById("b64cert").focus();
return false;
}
//Call to create renewal request
var result = ValidRenewKeySet();
if(result == false)
{
// If unsuccessful, check the operating system, If XP and lower
// the request might still be available, so go ahead and call function
// to install the certificate. If the ActiveX program was just installed
// then the user must refresh the page and try to install the certificate
// If operating system is Windows Vista and above, renewal request
// will not be present, the certificate will fail to install so return
// failure
if(document.getElementById("osname").value == "XP")
{
var res = installCert();
return res;
}
else
{
return false;
}
}
else
{
var res1 = installCert();
return res1;
}
}
//->
</SCRIPT>
</INSERT>
#####################################################################
#
# This INSERT is BusinessCat @LOA
#
#####################################################################
<INSERT NAME=BusinessCat>
<div role="region" aria-label="Business Category">
<p> <LABEL for="businesscatfield">Business Category [optfield] </LABEL>
<BR>
<INPUT NAME="BusinessCat" TYPE="text" SIZE=64 maxlength="64"
id="businesscatfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidBusinessCat(frm){
if ("[optfield]" == "" && frm.BusinessCat.value == "") {
alert("Enter required field."); frm.BusinessCat.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################################
#
# This INSERT is JurLocality @LOA
#
#####################################################################
<INSERT NAME=JurLocality>
<div role="region" aria-label="Jurisdiction of Incorporation Locality Name">
<p> <LABEL for="jurlocalityfield">Jurisdiction of Incorporation Locality
Name [optfield] </LABEL> <BR>
<INPUT NAME="JurLocality" TYPE="text" SIZE=64 maxlength="64"
id="jurlocalityfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidJurLocality(frm){
if ("[optfield]" == "" && frm.JurLocality.value == "") {
alert("Enter required field."); frm.JurLocality.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################################
#
# This INSERT is JurStateProv @LOA
#
#####################################################################
<INSERT NAME=JurStateProv>
<div role="region" aria-label="Jurisdiction of Incorporation State or Province Name">
<p> <LABEL for="jurstateprovfield">Jurisdiction of Incorporation State or
Province Name [optfield] </LABEL> <BR>
<INPUT NAME="JurStateProv" TYPE="text" SIZE=64 maxlength="64"
id="jurstateprovfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidJurStateProv(frm){
if ("[optfield]" == "" && frm.JurStateProv.value == "") {
alert("Enter required field."); frm.JurStateProv.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>
#####################################################################
#
# This INSERT is JurCountry @LOA
#
#####################################################################
<INSERT NAME=JurCountry>
<div role="region" aria-label="Jurisdiction of Incorporation Country Name">
<p> <LABEL for="jurcountryfield">Jurisdiction of Incorporation Country
Name [optfield] </LABEL> <BR>
<INPUT NAME="JurCountry" TYPE="text" SIZE=2 maxlength="2"
id="jurcountryfield">
<SCRIPT LANGUAGE="JavaScript">
<!-
function ValidJurCountry(frm){
if ("[optfield]" == "" && frm.JurCountry.value == "") {
alert("Enter required field."); frm.JurCountry.focus();
return false;
}
return true;
}
//->
</SCRIPT>
</div>
</INSERT>- The -requestok INSERT has the logic to generate the certificate. If the certificate is successfully generated, a web page (whose main heading is "Request submitted successfully") is displayed. This web page includes the transaction ID.
- The -requestok INSERT includes an ACTION that calls caretrieve.rexx, which allows the user to retrieve the certificate.
- Alternately, if the request is not successful, the -requestbad INSERT gains control.
- (The caretrieve.rexx CGI displays the RETRIEVECONTENT subsection (see list item 15) HTML, which displays a web page that prompts the user for the transaction ID associated with the certificate request. The user enters the transaction ID (and any password) and clicks the Continue button, which calls cagetcert.rexx.) The cagetcert.rexx CGI calls R_PKIServ for EXPORT of the certificate. If the export is successful, cagetcert.rexx displays the HTML under the RETURNCERT subsection. (See list item 18.)
- The base64-encoded certificate is displayed on the web page by using the [base64cert] substitution variable.
- This is a browser-qualified PublicKey INSERT for Internet Explorer.
- Additional INSERTs are certificate field name INSERTs. These describe the fields using the HTML dialogs that are displayed on the web pages if the user is allowed to input these fields. For example, PassPhrase is a text field with a maximum length of 32 characters. The two-year PKI browser certificate for authenticating to z/OS® allows the user to fill in this field. (%%PassPhrase%% is listed in the input fields; see list item 8.)