Platform SDK: Smart Card Enrollment Control

Smart Card Enrollment Control Example

The following HTML script depicts a basic example using the Smart Card Enrollment Control. The example uses Microsoft Visual Basic Scripting Edition.

<HTML>
<TITLE>Microsoft Smart Card Enrollment Control Demonstration
</TITLE>

<OBJECT classid="clsid:80CB7887-20DE-11D2-8D5C-00C04FC29D45"
    CODEBASE="scrdenrl.dll"
    id=Senroll >
</OBJECT>

<B>Microsoft Smart Card Enrollment Control</B>

<SCRIPT language="VBScript">
<!--
' The following subroutines are contained in this script:
' ChangeCSP - called when the user specifies the CSP.
' ChangeCT - called when the user specifies the certificate template name.
' CTType_OnClick - called when the certificate template type changes.
' EnableEnroll - enables or disables the 'Enroll' button.
' Enroll_OnClick - enrolls for a certificate.
' GetSign_OnClick - selects a signing certificate.
' GetUser_OnClick - invokes the 'Select user' dialog.
' Initialize - executes when the script is downloaded to the client.
' RemoveItems - empties a list box.
' Reset_OnClick - resets the user name.
' UpdateCA - displays the certificate authorities in a list box.
' UpdateCSP - displays the crypto service providers in a list box.
' UpdateCT - displays the certificate templates in a list box.
' ViewCert_OnClick - displays the enrolled certificate.

Option Explicit
' Variables to determine if the necessary information
' has been provided by the admin user. These variables
' determine if the 'Enroll' button is enabled or disabled.
Dim CSP_OK      ' Cryptographic Service Provider specified.
Dim SignCert_OK ' Signing Certificate specified.
Dim CT_OK       ' Certificate template specified.
Dim CA_OK       ' Certification Authority specified.
Dim User_OK     ' User name specified.

' Consts
Const SCARD_ENROLL_USER_CERT_TEMPLATE = &H1
Const SCARD_ENROLL_MACHINE_CERT_TEMPLATE = &H2
Const SCARD_ENROLL_UPN_NAME = 1
Const SCARD_ENROLL_SAM_COMPATIBLE_NAME = 2
Const SCARD_ENROLL_CA_MACHINE_NAME = &H1
Const SCARD_ENROLL_NO_DISPLAY_CERT = &H1


sub ChangeCSP
    Senroll.CSPName = document.SCEnrForm.CSP.value
end sub

sub ChangeCT
    Senroll.setCertTemplateName 0, document.SCEnrForm.CT.value
    Call UpdateCA()
end sub

sub CTType_OnClick
    ' The certificate template type changed;
    ' update the list of certificate templates accordingly.
    Call UpdateCT()
end sub

sub EnableEnroll()
    ' This procedure enables the "Enroll" button if the necessary 
    ' information has been entered. This gets called whenever a
    ' change occurs to the CSP, SigningCert, CT or User.
    ' This doesn't get called when the CA is changed because
    ' a change to the CT determines the availability of a CA.
    Dim Data_OK
    Data_OK = CSP_OK And SignCert_OK And CT_OK And CA_OK And User_OK
    document.SCEnrForm.Enroll.disabled = Not Data_OK
end sub

sub Enroll_OnClick
    Senroll.enroll(0)
    ' Allow the resulting cert to be viewed.
    SCEnrForm.ViewCert.disabled=False
end sub

sub GetSign_OnClick
    Dim strSignCert
    
    ' Select the EnrollmentAgent signing certificate.
    Senroll.selectSigningCertificate 0, "EnrollmentAgent"

    ' Retrieve the name of the signing certificate
    ' without displaying the cert user interface.
    strSignCert = Senroll.getSigningCertificateName(SCARD_ENROLL_NO_DISPLAY_CERT)

    If ( "" <> strSignCert ) Then
        document.SCEnrForm.SignCert.value = strSignCert
        SignCert_OK = True
    Else
        SignCert_OK = False
    End If

    ' Updated SignCert_OK flag.
    Call EnableEnroll()
end sub

sub GetUser_OnClick
    Dim strUser
    ' Clear user/certificate info.
    call Reset_OnClick()
    ' Invoke the 'Select user' dialog.
    Senroll.selectUserName(0)
    ' Retrieve the user name.
    strUser = Senroll.getUserName(0)
    If ( "" <> strUSer ) Then
        ' Display the user name in the form.
        document.SCEnrForm.User.Value = strUser
        ' Allow the administrator to clear this user info.
        document.SCEnrForm.Reset.disabled = False
        User_OK = True
        ' Because User_OK changed, call EnableEnroll().
        Call EnableEnroll()
    End If
end sub

sub Initialize
    ' Set the information variables to false.
    CSP_OK      = false
    SignCert_OK = false
    CT_OK       = false
    CA_OK       = false
    User_OK     = false

    ' Update the CSP listbox.
    Call UpdateCSP()

    ' Update the certificate template listbox.
    Call UpdateCT()

    ' Instruct the administrator to select a signing cert. 
    document.SCEnrForm.SignCert.Value = "Select a signing certificate"
    ' Instruct the administrator to select a user.
    document.SCEnrForm.User.Value = "Select a user"
end sub

' Remove all elements of a list box.
sub RemoveItems( List1 )
   Dim nCount, nIndex, LB
    
   ' Determine which list box is being emptied.
   Select Case List1
       Case "CA"
           set LB = document.SCEnrForm.CA
       Case "CT"
           set LB = document.SCEnrForm.CT
       Case Else
           Exit Sub
   End Select

  ' Remove items in a loop.
  nCount = LB.length
  For nIndex = 0 to nCount - 1
      LB.Remove 0
  Next
end sub

sub Reset_OnClick
    Senroll.resetUser()
    document.SCEnrForm.User.Value = "Select a user"

    ' Disable this button (it will be enabled when a user is selected).
    document.SCEnrForm.Reset.disabled = True

    ' Disable the ViewCert button, because 
    ' the resetUser() method removes the cert from memory.
    SCEnrForm.ViewCert.disabled=True

    User_OK = False
    ' Disable enroll button.
    Call EnableEnroll()
end sub

sub UpdateCA
    ' Update the list of CAs.
    ' This will be called every time a different Cert Template is selected.
    Dim nCount, nIndex, strCTName, Element
    
    ' Empty the list of CAs currently displayed.
    RemoveItems("CA")

    ' List the CAs for the current certificate template.  
    strCTName = Senroll.getCertTemplateName( 0 )
    nCount = Senroll.getCACount(strCTName)
    If ( 0 = nCount ) Then
        CA_OK = False
        MsgBox("No Certification Authority is available for the specified certificate template.")
    Else
        ' At least one CA exists.
        CA_OK = True
        ' Populate the list of CAs.
        For nIndex = 0 To nCount - 1
            Set Element=document.createElement("OPTION")
            Element.text=Senroll.enumCAName( nIndex, 0, strCTName )
            Element.value=Element.text
            document.SCEnrForm.CA.Options.Add Element
        Next
        ' Select the top element in the list.
        document.SCEnrForm.CA.selectedIndex=0
    End If
end sub

sub UpdateCSP
    Dim nCount, nIndex, Element
    
    ' Display the CSPs in the list box.
    ' Determine the count of CSPs.
    nCount = Senroll.CSPCount
    If ( 0 = nCount ) Then
        MsgBox("No CSPs available.")
    Else
        ' At least one CSP exists.
        CSP_OK = True
        ' Add the CSP names to the CSP list
        For nIndex = 0 to nCount - 1
            Set Element=document.createElement("OPTION")
            Element.text=Senroll.enumCSPName( nIndex, 0 )
            Element.value=Element.text
            document.SCEnrForm.CSP.Options.Add Element
        Next
        ' Make the first item the selected item.
        ' This is for the user's viewing benefit.
        ' The Smart Card enrollment control upon initialization will
        ' have set the CSPName property to the value
        ' returned by enumCSPName(0, 0).
        document.SCEnrForm.CSP.selectedIndex=0
    End If
end sub

sub UpdateCT
    Dim nIndex, nCount, Element, CertTempType

    ' Determine the Type of certificate template.
    if ( document.SCenrForm.CTType(0).checked ) then 
        CertTempType = SCARD_ENROLL_USER_CERT_TEMPLATE
    else
        CertTempType = SCARD_ENROLL_MACHINE_CERT_TEMPLATE
    end if

    ' Display the certificate templates in the list box.
    ' Empty the existing contents.
    RemoveItems("CT")

    ' Determine the count of Cert Templates.
    nCount = Senroll.getCertTemplateCount(CertTempType)

    If ( 0 = nCount ) Then
        CT_OK = False 
        MsgBox("No certificate templates available.")
    Else
        ' At least one cert template exists.
        CT_OK = True
        ' Add the cert templates names to the CT list
        For nIndex = 0 to nCount - 1
            Set Element=document.createElement("OPTION")
            Element.text=Senroll.enumCertTemplateName( nIndex, CertTempType )
            Element.value=Element.text
            document.SCEnrForm.CT.Options.Add Element
        Next
        ' Make the first item the selected item.
        ' This is for the user's viewing benefit.
        ' The Smart Card enrollment control upon initialization will
        ' have set the CertTemplateName property to the value
        ' returned by enumCertTemplateName(0, 1).
        document.SCEnrForm.CT.selectedIndex=0
       ' Display the certification authorities in the list box.
       Call UpdateCA()
    End If
end sub

sub ViewCert_OnClick
    Dim strEnrolledCert

    ' Retrieve the name of the enrolled certificate and
    ' display the certificate viewer user interface.
    strEnrolledCert = Senroll.getEnrolledCertificateName(0)
end sub

-->
</SCRIPT>


<BODY LANGUAGE=VBScript OnLoad="Initialize">

<FORM NAME="SCEnrForm">
<P>
    Cryptographic Service Provider <SELECT NAME="CSP" SIZE=1 ID="CSP" onChange="ChangeCSP" LANGUAGE="VBScript">
                              </SELECT>
<P>
    Administrator Signing Certificate <INPUT NAME="SignCert" SIZE=40 READONLY><INPUT NAME="GetSign" TYPE="button" VALUE="Select Signing Certificate">
<P>
    Certificate Template <SELECT NAME="CertTemplate" SIZE=1 ID="CT" onChange="ChangeCT" LANGUAGE="VBScript">
                              </SELECT>  <INPUT NAME="CTType" onclick = "CTType_OnClick" ID="CTType" TYPE="radio" CHECKED VALUE=1>User <INPUT NAME="CTType" ID="CTType" onclick=CTType_OnClick TYPE="radio" VALUE=2>Machine
<P>
    Certification Authority <SELECT NAME="CertAuth" SIZE=1 ID="CA" onChange="ChangeCA" LANGUAGE="VBScript">
                              </SELECT>   
<P>
    Enroll on behalf of <INPUT NAME="User" SIZE=40 READONLY><INPUT NAME="GetUser" TYPE="button" VALUE="Select User">
<P>
<INPUT NAME="Enroll" TYPE="button" VALUE="Enroll" DISABLED>
<INPUT NAME="Reset" TYPE="button" VALUE="Reset User" DISABLED>
<INPUT NAME="ViewCert" TYPE="button" VALUE="View Certificate" DISABLED> 
</FORM></P>

</BODY>
</HTML>