"CAcert ignores signature algorithm from csr".

This patch introduces the UI for our members to choose which signature
algorithm they want their certificates signed with. Among the choices
are SHA-256, SHA-384 and SHA-512. Further choices may be included as our
signer and web frontend permit.
This commit is contained in:
Wytze van der Raay 2014-06-13 16:00:16 +00:00
parent bfbd218aac
commit 924e6b0337
7 changed files with 353 additions and 93 deletions

View file

@ -289,6 +289,9 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
} }
$_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
$csr = ""; $csr = "";
if(trim($_REQUEST['optionalCSR']) == "") if(trim($_REQUEST['optionalCSR']) == "")
{ {
@ -386,6 +389,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($_SESSION['_config']['codesign'])."', `codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -490,6 +494,7 @@ function buildSubjectFromSession() {
`codesign`='".intval($_SESSION['_config']['codesign'])."', `codesign`='".intval($_SESSION['_config']['codesign'])."',
`disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."', `disablelogin`='".($_SESSION['_config']['disablelogin']?1:0)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -763,6 +768,8 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
} }
$_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
} }
if($process != "" && $oldid == 11) if($process != "" && $oldid == 11)
@ -807,6 +814,7 @@ function buildSubjectFromSession() {
`domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['rowid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) { } elseif(array_key_exists('0',$_SESSION['_config']['altid']) && $_SESSION['_config']['altid']['0'] > 0) {
$query = "insert into `domaincerts` set $query = "insert into `domaincerts` set
@ -814,6 +822,7 @@ function buildSubjectFromSession() {
`domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."', `domid`='".mysql_real_escape_string($_SESSION['_config']['altid']['0'])."',
`created`=NOW(),`subject`='".mysql_real_escape_string($subject)."', `created`=NOW(),`subject`='".mysql_real_escape_string($subject)."',
`rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."', `rootcert`='".mysql_real_escape_string($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} else { } else {
showheader(_("My CAcert.org Account!")); showheader(_("My CAcert.org Account!"));
@ -1467,6 +1476,8 @@ function buildSubjectFromSession() {
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
$_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
$_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description'])); $_SESSION['_config']['description']= trim(stripslashes($_REQUEST['description']));
if(@count($_SESSION['_config']['emails']) > 0) if(@count($_SESSION['_config']['emails']) > 0)
@ -1534,6 +1545,7 @@ function buildSubjectFromSession() {
`created`=FROM_UNIXTIME(UNIX_TIMESTAMP()), `created`=FROM_UNIXTIME(UNIX_TIMESTAMP()),
`codesign`='".intval($_SESSION['_config']['codesign'])."', `codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -1629,6 +1641,7 @@ function buildSubjectFromSession() {
`subject`='".mysql_real_escape_string($csrsubject)."', `subject`='".mysql_real_escape_string($csrsubject)."',
`codesign`='".intval($_SESSION['_config']['codesign'])."', `codesign`='".intval($_SESSION['_config']['codesign'])."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
mysql_query($query); mysql_query($query);
$emailid = mysql_insert_id(); $emailid = mysql_insert_id();
@ -1893,6 +1906,8 @@ function buildSubjectFromSession() {
$_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']); $_SESSION['_config']['rootcert'] = intval($_REQUEST['rootcert']);
if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2) if($_SESSION['_config']['rootcert'] < 1 || $_SESSION['_config']['rootcert'] > 2)
$_SESSION['_config']['rootcert'] = 1; $_SESSION['_config']['rootcert'] = 1;
$_SESSION['_config']['hash_alg'] = HashAlgorithms::clean($_REQUEST['hash_alg']);
} }
if($process != "" && $oldid == 21) if($process != "" && $oldid == 21)
@ -1967,6 +1982,7 @@ function buildSubjectFromSession() {
`created`=NOW(), `created`=NOW(),
`subject`='".mysql_real_escape_string($csrsubject)."', `subject`='".mysql_real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."', `type`='".$type."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} else { } else {
@ -1976,6 +1992,7 @@ function buildSubjectFromSession() {
`created`=NOW(), `created`=NOW(),
`subject`='".mysql_real_escape_string($csrsubject)."', `subject`='".mysql_real_escape_string($csrsubject)."',
`rootcert`='".intval($_SESSION['_config']['rootcert'])."', `rootcert`='".intval($_SESSION['_config']['rootcert'])."',
`md`='".mysql_real_escape_string($_SESSION['_config']['hash_alg'])."',
`type`='".$type."', `type`='".$type."',
`description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'"; `description`='".mysql_real_escape_string($_SESSION['_config']['description'])."'";
} }

View file

@ -98,3 +98,53 @@ function fix_assurer_flag($userID = NULL)
return true; return true;
} }
/**
* Supported hash algorithms for signing certificates
*/
class HashAlgorithms {
/**
* Default hash algorithm identifier for signing
* @var string
*/
public static $default = 'sha256';
/**
* Get display strings for the supported hash algorithms
* @return array(string=>array('name'=>string, 'info'=>string))
* - [$hash_identifier]['name'] = Name that should be displayed in UI
* - [$hash_identifier]['info'] = Additional information that can help
* with the selection of a suitable algorithm
*/
public static function getInfo() {
return array(
'sha256' => array(
'name' => 'SHA-256',
'info' => _('Currently recommended, because the other algorithms might break on some older versions of the GnuTLS library (older than 3.x) still shipped in Debian for example.'),
),
'sha384' => array(
'name' => 'SHA-384',
'info' => '',
),
'sha512' => array(
'name' => 'SHA-512',
'info' => _('Highest protection against hash collision attacks of the algorithms offered here.'),
),
);
}
/**
* Check if the input is a supported hash algorithm identifier otherwise
* return the identifier of the default hash algorithm
*
* @param string $hash_identifier
* @return string The cleaned identifier
*/
public static function clean($hash_identifier) {
if (array_key_exists($hash_identifier, self::getInfo() )) {
return $hash_identifier;
} else {
return self::$default;
}
}
}

View file

@ -30,17 +30,66 @@
<p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p> <p><?=_("If you are a valid organisation and would like the organisation name in the certificates you can apply for an organisation assurance. Contact us via support@cacert.org for more information.")?></p>
<form method="post" action="account.php"> <form method="post" action="account.php">
<p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="text" id="description" name="description" maxlength="80" size="80" />
</p>
<p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
<textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
</p>
<fieldset>
<legend>
<input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
<label for="expertbox"><?=_("Advanced Options")?></label>
</legend>
<div id="advanced_options">
<? if($_SESSION['profile']['points'] >= 50) { ?> <? if($_SESSION['profile']['points'] >= 50) { ?>
<input type="radio" name="rootcert" value="1"/> <?=_("Sign by class 1 root certificate")?><br /> <ul class="no_indent">
<input type="radio" name="rootcert" value="2" checked/> <?=_("Sign by class 3 root certificate")?><br /> <li>
<input type="radio" id="root1" name="rootcert" value="1" />
<label for="root1"><?=_("Sign by class 1 root certificate")?></label>
</li>
<li>
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
<label for="root2"><?=_("Sign by class 3 root certificate")?></label>
</li>
</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<? } ?> <? } ?>
<p><?=_("Optional comment, only used in the certificate overview")?><br>
<input type="text" name="description" maxlength="80" size=80/></p> <p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
<p><?=_("Paste your CSR(Certificate Signing Request) below...")?></p> <ul class="no_indent">
<textarea name="CSR" cols="80" rows="15"></textarea><br /> <?
<p><input type="checkbox" name="CCA" /> <strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
<?=_("Please Note: You need to accept the CCA to proceed.")?></p> ?>
<li>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
</li>
<?
}
?>
</ul>
</div>
</fieldset>
<p><input type="checkbox" id="CCA" name="CCA" /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please note: You need to accept the CCA to proceed.")?></label></p>
<input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>
<script language="javascript">
function showExpert(a)
{
var options=document.getElementById("advanced_options");
options.style.display = (a) ? "" : "none";
var checkbox=document.getElementById("expertbox");
checkbox.style.display = "";
}
showExpert(false);
</script>

View file

@ -25,47 +25,101 @@
<tr> <tr>
<td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td> <td class="DataTD"><?=_("Address")?></td>
<? if(array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) <?
foreach($_SESSION['_config']['emails'] as $val) { ?> if (array_key_exists('emails',$_SESSION['_config']) && is_array($_SESSION['_config']['emails'])) {
$i = 1;
foreach($_SESSION['_config']['emails'] as $val) {
?>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><label for="email<?=$i?>"><?=_("Email")?></label></td>
<td class="DataTD"><input type="text" name="emails[]" value="<?=$val?>"/></td> <td class="DataTD"><input type="text" id="email<?=$i?>" name="emails[]" value="<?=$val?>"/></td>
</tr> </tr>
<? } ?> <?
$i++;
}
} ?>
<tr> <tr>
<td class="DataTD"><?=_("Email")?>:</td> <td class="DataTD"><label for="email0"><?=_("Email")?></td>
<td class="DataTD"><input type="text" name="emails[]"/></td> <td class="DataTD"><input type="text" id="email0" name="emails[]"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Name")?>:</td> <td class="DataTD"><label for="name"><?=_("Name")?></label></td>
<td class="DataTD"><input type="text" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td> <td class="DataTD"><input type="text" id="name" name="name" value="<?=array_key_exists('name',$_SESSION['_config'])?($_SESSION['_config']['name']):''?>"/></td>
</tr> </tr>
<tr> <tr>
<td class="DataTD"><?=_("Department")?>:</td> <td class="DataTD"><label for="OU"><?=_("Department")?></label></td>
<td class="DataTD"><input type="text" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td> <td class="DataTD"><input type="text" id="OU" name="OU" value="<?=array_key_exists('OU',$_SESSION['_config'])?(sanitizeHTML($_SESSION['_config']['OU'])):''?>"/></td>
</tr> </tr>
<tr>
<td class="DataTD" colspan="2" align="left"> <tr name="expertoff" style="display:none">
<input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br /> <td class="DataTD">
<input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br /> <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 60))?> </td>
<td class="DataTD">
<label for="expertbox"><?=_("Show advanced options")?></label>
</td> </td>
</tr> </tr>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 60))?>
</td>
</tr>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
<?
}
?>
</td>
</tr>
<? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?> <? if($_SESSION['profile']['codesign'] && $_SESSION['profile']['points'] >= 100) { ?>
<tr> <tr name="expert">
<td class="DataTD" colspan="2" align="left"><input type="checkbox" name="codesign" value="1" /><?=_("Code Signing")?></td> <td class="DataTD" colspan="2" align="left">
<input type="checkbox" id="codesign" name="codesign" value="1" />
<label for="codesign"><?=_("Code Signing")?></label>
</td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<?=_("Optional comment, only used in the certificate overview")?><br /> <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="text" name="description" maxlength="80" size=80 /> <input type="text" id="description" name="description" maxlength="80" size="80" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2"><input type="submit" name="add_email" value="<?=_("Another Email")?>"> <td class="DataTD" colspan="2">
<input type="submit" name="process" value="<?=_("Next")?>" /></td> <input type="submit" name="add_email" value="<?=_("Add Another Email Address")?>">
<input type="submit" name="process" value="<?=_("Next")?>" />
</td>
</tr> </tr>
</table> </table>
<input type="hidden" name="oldid" value="<?=$id?>"> <input type="hidden" name="oldid" value="<?=$id?>">
</form> </form>
<script language="javascript">
function showExpert(a)
{
b=document.getElementsByName("expert");
for(i=0;b.length>i;i++)
{
if(!a) {b[i].setAttribute("style","display:none"); }
else {b[i].removeAttribute("style");}
}
b=document.getElementsByName("expertoff");
for(i=0;b.length>i;i++)
{
b[i].removeAttribute("style");
}
}
showExpert(false);
</script>

View file

@ -27,13 +27,60 @@
<p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p> <p><?=_("If the Subscriber's name and/or domain name registration change the subscriber will immediately inform CAcert Inc. who shall revoke the digital certificate. When the Digital Certificate expires or is revoked the company will permanently remove the certificate from the server on which it is installed and will not use it for any purpose thereafter. The person responsible for key management and security is fully authorized to install and utilize the certificate to represent this organization's electronic presence.")?></p>
<form method="post" action="account.php"> <form method="post" action="account.php">
<input type="radio" name="rootcert" value="1" /> <?=_("Sign by class 1 root certificate")?><br /> <p><label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="radio" name="rootcert" value="2" checked /> <?=_("Sign by class 3 root certificate")?><br /> <input type="text" id="description" name="description" maxlength="80" size="80" />
<p> <?=_("Optional comment, only used in the certificate overview")?><br /> </p>
<input type="text" name="description" maxlength="80" size=80 /></p> <p><label for="CSR"><?=_("Paste your CSR (Certificate Signing Request) below...")?></label><br />
<textarea id="CSR" name="CSR" cols="80" rows="15"></textarea>
</p>
<fieldset>
<legend>
<input type="checkbox" id="expertbox" onchange="showExpert(this.checked)" style="display:none" />
<label for="expertbox"><?=_("Advanced Options")?></label>
</legend>
<div id="advanced_options">
<ul class="no_indent">
<li>
<input type="radio" id="root1" name="rootcert" value="1" />
<label for="root1"><?=_("Sign by class 1 root certificate")?></label>
</li>
<li>
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" />
<label for="root2"><?=_("Sign by class 3 root certificate")?></label>
</li>
</ul>
<p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p> <p><?=_("Please note: The class 3 root certificate needs to be setup in your webserver as a chained certificate, while slightly more complicated to setup, this root certificate is more likely to be trusted by more people.")?></p>
<p><?=_("Paste your CSR below...")?></p>
<textarea name="CSR" cols="80" rows="15"></textarea><br /> <p class="attach_ul"><?=_("Hash algorithm used when signing the certificate:")?></p>
<ul class="no_indent">
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<li>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label>
</li>
<?
}
?>
</ul>
</div>
</fieldset>
<input type="submit" name="process" value="<?=_("Submit")?>" /> <input type="submit" name="process" value="<?=_("Submit")?>" />
<input type="hidden" name="oldid" value="<?=$id?>" /> <input type="hidden" name="oldid" value="<?=$id?>" />
</form> </form>
<script language="javascript">
function showExpert(a)
{
var options=document.getElementById("advanced_options");
options.style.display = (a) ? "" : "none";
var checkbox=document.getElementById("expertbox");
checkbox.style.display = "";
}
showExpert(false);
</script>

View file

@ -34,6 +34,7 @@
<tr> <tr>
<td class="DataTD"><?=_("Add")?></td> <td class="DataTD"><?=_("Add")?></td>
<td class="DataTD"><?=_("Address")?></td> <td class="DataTD"><?=_("Address")?></td>
</tr>
<? <?
$query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''"; $query = "select * from `email` where `memid`='".intval($_SESSION['profile']['id'])."' and `deleted`=0 and `hash`=''";
@ -41,8 +42,8 @@
while($row = mysql_fetch_assoc($res)) while($row = mysql_fetch_assoc($res))
{ ?> { ?>
<tr> <tr>
<td class="DataTD"><input type="checkbox" name="addid[]" value="<?=intval($row['id'])?>"></td> <td class="DataTD"><input type="checkbox" id="addid<?=intval($row['id'])?>" name="addid[]" value="<?=intval($row['id'])?>"></td>
<td class="DataTD"><?=sanitizeHTML($row['email'])?></td> <td class="DataTD" align="left"><label for="addid<?=intval($row['id'])?>"><?=sanitizeHTML($row['email'])?></label></td>
</tr> </tr>
<? } <? }
if($_SESSION['profile']['points'] >= 50) if($_SESSION['profile']['points'] >= 50)
@ -52,81 +53,120 @@ if($_SESSION['profile']['points'] >= 50)
$lname = $_SESSION['profile']['lname']; $lname = $_SESSION['profile']['lname'];
$suffix = $_SESSION['profile']['suffix']; $suffix = $_SESSION['profile']['suffix'];
?> ?>
<td class="DataTD" colspan="2" align="left">
<input type="radio" name="rootcert" value="1" checked /> <?=_("Sign by class 1 root certificate")?><br />
<input type="radio" name="rootcert" value="2" /> <?=_("Sign by class 3 root certificate")?><br />
<?=str_replace("\n", "<br />\n", wordwrap(_("Please note: The class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain. Until we are included in browsers this might not be a desirable option for most people"), 125))?>
</td>
</tr>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<input type="radio" name="incname" value="0" checked /> <?=_("No Name")?><br /> <input type="radio" id="incname0" name="incname" value="0" checked="checked" />
<? if($fname && $lname) { ?><input type="radio" name="incname" value="1" /> <?=_("Include")?> '<?=$fname." ".$lname?>'<br /><? } ?> <label for="incname0"><?=_("No Name")?></label><br />
<? if($fname && $mname && $lname) { ?><input type="radio" name="incname" value="2" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'<br /><? } ?> <? if($fname && $lname) { ?>
<? if($fname && $lname && $suffix) { ?><input type="radio" name="incname" value="3" /> <?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'<br /><? } ?> <input type="radio" id="incname1" name="incname" value="1" />
<? if($fname && $mname && $lname && $suffix) { ?><input type="radio" name="incname" value="4" /> <?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'<br /><? } ?> <label for="incname1"><?=_("Include")?> '<?=$fname." ".$lname?>'</label><br />
</td> <? } ?>
</tr> <? if($fname && $mname && $lname) { ?>
<? } ?> <input type="radio" id="incname2" name="incname" value="2" />
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?> <label for="incname2"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname?>'</label><br />
<tr> <? } ?>
<td class="DataTD"> <? if($fname && $lname && $suffix) { ?>
<input type="checkbox" name="codesign" value="1" /> <input type="radio" id="incname3" name="incname" value="3" />
</td> <label for="incname3"><?=_("Include")?> '<?=$fname." ".$lname." ".$suffix?>'</label><br />
<td class="DataTD" align="left"> <? } ?>
<?=_("Code Signing")?><br /> <? if($fname && $mname && $lname && $suffix) { ?>
<?=_("Please Note: By ticking this box you will automatically have your name included in any certificates.")?> <input type="radio" id="incname4" name="incname" value="4" />
<label for="incname4"><?=_("Include")?> '<?=$fname." ".$mname." ".$lname." ".$suffix?>'</label><br />
<? } ?>
</td> </td>
</tr> </tr>
<? } ?> <? } ?>
<tr> <tr>
<td class="DataTD"> <td class="DataTD">
<input type="checkbox" name="login" value="1" checked="checked" /> <input type="checkbox" id="login" name="login" value="1" checked="checked" />
</td> </td>
<td class="DataTD"> <?=_("Enable certificate login with this certificate")?><br /> <td class="DataTD" align="left">
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?><br/> <label for="login"><?=_("Enable certificate login with this certificate")?><br />
<?=_("By allowing certificate login, this certificate can be used to login into this account at https://secure.cacert.org/ .")?></label>
</td> </td>
</tr> </tr>
<tr> <tr>
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2" align="left">
<?=_("Optional comment, only used in the certificate overview")?><br /> <label for="description"><?=_("Optional comment, only used in the certificate overview")?></label><br />
<input type="text" name="description" maxlength="100" size="100" /> <input type="text" id="description" name="description" maxlength="100" size="100" />
</td> </td>
</tr> </tr>
<tr name="expertoff" style="display:none"> <tr name="expertoff" style="display:none">
<td class="DataTD"> <td class="DataTD">
<input type="checkbox" name="expertbox" onchange="showExpert(this.checked)" /> <input type="checkbox" id="expertbox" name="expertbox" onchange="showExpert(this.checked)" />
</td> </td>
<td class="DataTD" align="left">
<label for="expertbox"><?=_("Show advanced options")?></label>
</td>
</tr>
<?
if($_SESSION['profile']['points'] >= 50)
{
?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<input type="radio" id="root1" name="rootcert" value="1" /> <label for="root1"><?=_("Sign by class 1 root certificate")?></label><br />
<input type="radio" id="root2" name="rootcert" value="2" checked="checked" /> <label for="root2"><?=_("Sign by class 3 root certificate")?></label><br />
<?=str_replace("\n", "<br />\n", wordwrap(_("Please note: If you use a certificate signed by the class 3 root, the class 3 root certificate needs to be imported into your email program as well as the class 1 root certificate so your email program can build a full trust path chain."), 125))?>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD" colspan="2" align="left">
<?=_("Hash algorithm used when signing the certificate:")?><br />
<?
foreach (HashAlgorithms::getInfo() as $algorithm => $display_info) {
?>
<input type="radio" id="hash_alg_<?=$algorithm?>" name="hash_alg" value="<?=$algorithm?>" <?=(HashAlgorithms::$default === $algorithm)?'checked="checked"':''?> />
<label for="hash_alg_<?=$algorithm?>"><?=$display_info['name']?><?=$display_info['info']?' - '.$display_info['info']:''?></label><br />
<?
}
?>
</td>
</tr>
<? if($_SESSION['profile']['points'] >= 100 && $_SESSION['profile']['codesign'] > 0) { ?>
<tr name="expert">
<td class="DataTD"> <td class="DataTD">
<?=_("Show advanced options")?> <input type="checkbox" id="codesign" name="codesign" value="1" />
</td>
<td class="DataTD" align="left">
<label for="codesign"><?=_("Code Signing")?><br />
<?=_("Please note: By ticking this box you will automatically have your name included in the certificate.")?></label>
</td>
</tr>
<? } ?>
<tr name="expert">
<td class="DataTD">
<input type="checkbox" id="SSO" name="SSO" value="1" />
</td>
<td class="DataTD" align="left">
<label for="SSO"><?=_("Add Single Sign On ID Information")?><br />
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a></label>
</td> </td>
</tr> </tr>
<tr name="expert"> <tr name="expert">
<td class="DataTD" colspan="2" align="left"> <td class="DataTD" colspan="2">
<input type="radio" name="SSO" value="0" checked /> <?=_("No Single Sign On ID")?><br /> <label for="optionalCSR"><?=_("Optional Client CSR, no information on the certificate will be used")?></label><br />
<input type="radio" name="SSO" value="1" /> <?=_("Add Single Sign On ID Information")?><br /> <textarea id="optionalCSR" name="optionalCSR" cols="80" rows="5"></textarea>
<?=str_replace("\n", "<br>\n", wordwrap(_("By adding Single Sign On (SSO) ID information to your certificates this could be used to track you, you can also issue certificates with no email addresses that are useful only for Authentication. Please see a more detailed description on our WIKI about it."), 125))?>
<a href="http://wiki.cacert.org/wiki/SSO"><?=_("SSO WIKI Entry")?></a>
</td> </td>
</tr> </tr>
<tr name="expert"> <tr>
<td class="DataTD" colspan="2"><?=_("Optional Client CSR, no information on the certificate will be used")?></td>
</tr>
<tr name="expert">
<td class="DataTD" colspan="2"><textarea name="optionalCSR" cols="80" rows="5"></textarea></td>
</tr>
<tr>
<td class="DataTD"> <td class="DataTD">
<input type="checkbox" name="CCA" /> <input type="checkbox" id="CCA" name="CCA" />
</td> </td>
<td class="DataTD" align="left"> <td class="DataTD" align="left">
<strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br /> <label for="CCA"><strong><?=sprintf(_("I accept the CAcert Community Agreement (%s)."),"<a href='/policy/CAcertCommunityAgreement.html'>CCA</a>")?></strong><br />
<?=_("Please Note: You need to accept the CCA to proceed.")?> <?=_("Please note: You need to accept the CCA to proceed.")?></label>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -154,4 +194,3 @@ function showExpert(a)
} }
showExpert(false); showExpert(false);
</script> </script>

View file

@ -94,6 +94,14 @@ ul.no_indent {
padding: 0px; padding: 0px;
} }
.attach_ul {
margin-bottom: 0px;
}
.attach_ul + ul {
margin-top: 0px;
}
/***********************************************/ /***********************************************/
/* Layout Divs */ /* Layout Divs */
@ -414,10 +422,6 @@ a.glink:hover {
color: #000000; color: #000000;
} }
.story p {
padding: 0px 0px 10px 0px;
}
.story a.capsule { .story a.capsule {
font: bold 1em Arial,sans-serif; font: bold 1em Arial,sans-serif;
color: #005FA9; color: #005FA9;