def PrintCertTypes(ca_names):
htmlbase.PrintHeader('Start enrollment for certificate request')
htmlbase.PrintHeading('Start enrollment for certificate request')
print """This certificate authority issues several types
of client certificates.<BR>Please choose the appropriate certificate
type below:<P>
<TABLE CELLSPACING=10%%>"""
for ca_name in ca_names:
ca = opensslcnf.getcadata(ca_name)
if ca.isclientcert():
if ca.nsCaPolicyUrl:
nsCaPolicyUrlStr = '<A HREF="%s%s">(view policy)' % (ca.nsBaseUrl,ca.nsCaPolicyUrl)
else:
nsCaPolicyUrlStr = ' '
print '<TR><TD><A HREF="%s/%s">%s</A></TD><TD>%s</TD><TD>%s</TD></TR>' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,ca_name,ca.nsComment,nsCaPolicyUrlStr)
print '</TABLE>'
htmlbase.PrintFooter()
def PrintKeygenForm(form,ca_name,ca,browsertype,scriptmethod='POST'):
print """Content-type: text/html\n
<HTML>
<HEAD>
<TITLE>Create key pair and certificate request</TITLE>
"""
if browsertype=='MSIE':
import vbs
vbs.PrintVBSXenrollObject()
print '<SCRIPT Language=VBSCRIPT>\n<!-- '
vbs.PrintVBSCryptoProvider()
vbs.PrintVBSKeyGenCode(form)
print ' -->\n</SCRIPT>'
print '</HEAD><BODY onLoad=KeySizeSelectList() %s>' % htmlbase.bodyPARAM
htmlbase.PrintHeading('Create key pair and certificate request')
print 'Your key pair and certificate request can be generated now.<BR>'
print 'Please have a look below to check if your input data was correct.<P>'
# Print input given by user as readable table and hidden input fields
PrintInput(form)
print '<FORM name="KeyGenForm" ACTION="%s/%s" METHOD=%s ACCEPT-CHARSET="iso-8859-1">' % (os.environ.get('SCRIPT_NAME','client-enroll.py'),ca_name,scriptmethod)
for i in form.inputkeys:
for j in form.field[i]:
print '<INPUT TYPE="hidden" NAME="%s" VALUE="%s">' % (j.name,j.content)
# Print hint about minimum key size
if ca.min_key_size>0:
print """Please note:<BR>
The certificate type <STRONG>%s</STRONG> requires a minimum key size of <STRONG>%d</STRONG> bits!
If you are not able to choose a key length equal or greater than <STRONG>%d</STRONG> the
certificate authority will refuse to issue a certificate for your certificate request!<P>
""" % (ca_name,ca.min_key_size,ca.min_key_size)
if browsertype=='MSIE':
print '<P>Key size: <SELECT NAME="KeySize"></SELECT></P><INPUT TYPE="hidden" NAME="PKCS10" VALUE="">'
print '<INPUT TYPE="BUTTON" onClick="GenTheKeyPair()" VALUE="Generate key pair"></FORM>'
else:
print '<P>%s:%s</P><INPUT TYPE="submit" VALUE="Generate key pair"></FORM>' % ( \
HelpURL(HelpUrlBase,form.field['SPKAC'][0].name,form.field['SPKAC'][0].text),\
form.field['SPKAC'][0].inputfield(form.field['challenge'][0].content) \
)
htmlbase.PrintFooter()
<P>
Certificates of this type will be valid for <STRONG>%d days</STRONG>, approximately until <STRONG>%s</STRONG>.
</P>
""" % (ca_name,
ca.nsCertTypeStr,
nsCommentStr,
ca.default_days,
time.strftime('%Y-%m-%d',time.gmtime(time.time()+86400*ca.default_days))
)
print """You can apply for a certificate by filling out the input form below.
Click on the names of the parameters to get further informations about the
usage and format restrictions of the input data.<P>
Required input parameters are marked with *.
"""
PrintEmptyForm(form,ca_name)
htmlbase.PrintFooter()
sys.exit(0)
form.add(cgiforms.formInputClass('KeySize','Key Size',100,alphanumregex))
form.add(
cgiforms.formInputClass(
'PKCS10',
'PKCS#10 Request',
2000,
(
r'[ \w+/=\r\n]+',
re.S+re.M)
)
)
form.add(cgiforms.formKeygenClass('SPKAC','Public Key and Challenge',6000))