hamlet_007
asked on
Internet Explorer Applet
I am attempting to write an Applet for my company that will check the user's current IE Security settings and then advise them on why the site may not be working, a sort of first line of support. So, i can already check all the registry settings that control IE, the one thing i can't seem to figure out is how to see WHICH security zone the page my applet is running on is in. Basically i want to know what zone is showing up in the bottom right hand corner of the screen (where it has a little globe and says "Internet" right now in your browser). I already have the following knowledge base article: http://support.microsoft.com/?kbid=182569 .
If how to do this is in that article i apologize, but i can't seem to find it.
If how to do this is in that article i apologize, but i can't seem to find it.
ASKER
I've been reading through all the refernce you posted, and i fail to see how an API designed to manage certificates can help me.
The only issue I cannot figure out is there a way for an applet to determine what security zone it is being executed in.
thanks.
The only issue I cannot figure out is there a way for an applet to determine what security zone it is being executed in.
thanks.
ASKER
I've been reading through all the refernce you posted, and i fail to see how an API designed to manage certificates can help me.
The only issue I cannot figure out is there a way for an applet to determine what security zone it is being executed in.
thanks.
The only issue I cannot figure out is there a way for an applet to determine what security zone it is being executed in.
thanks.
this is one my example, i hope that's gonna help you:
<html>
<head>
<title>CAPICOM - Store Sample</title>
<%
'*************************
'
' THIS CODE AND INformATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' Copyright (C) 1999- 2002. Microsoft Corporation. All rights reserved.
'
'*************************
'
' Store.html
'
' This is a JScript sample that illustrates how to use features introduced in
' CAPICOM to manage and view your certificate stores as well as check the
' validity of certificates.
'
' Note: For simplicity, this script does not handle all exceptions.
'
'*************************
%>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<object
id="oCAPICOM"
classid="clsid:A996E48C-D3
codebase="capicom.cab#vers
</object>
<script language="jscript">
// CAPICOM constants
var CAPICOM_CERTIFICATE_FIND_S
var CAPICOM_CURRENT_USER_STORE
var CAPICOM_STORE_OPEN_READ_ON
var CAPICOM_INFO_SUBJECT_SIMPL
var CAPICOM_INFO_ISSUER_SIMPLE
var CAPICOM_INFO_SUBJECT_EMAIL
var CAPICOM_INFO_ISSUER_EMAIL_
var CAPICOM_CHECK_NONE = 0;
var CAPICOM_CHECK_TRUSTED_ROOT
var CAPICOM_CHECK_TIME_VALIDIT
var CAPICOM_CHECK_SIGNATURE_VA
var CAPICOM_CHECK_ONLINE_REVOC
var CAPICOM_CHECK_OFFLINE_REVO
var CAPICOM_TRUST_IS_NOT_TIME_
var CAPICOM_TRUST_IS_NOT_TIME_
var CAPICOM_TRUST_IS_REVOKED = 4;
var CAPICOM_TRUST_IS_NOT_SIGNA
var CAPICOM_TRUST_IS_NOT_VALID
var CAPICOM_TRUST_IS_UNTRUSTED
var CAPICOM_TRUST_REVOCATION_S
var CAPICOM_TRUST_IS_CYCLIC = 128;
var CAPICOM_TRUST_IS_PARTIAL_C
var CAPICOM_TRUST_CTL_IS_NOT_T
var CAPICOM_TRUST_CTL_IS_NOT_S
var CAPICOM_TRUST_CTL_IS_NOT_V
function IsCAPICOMInstalled()
{
if(typeof(oCAPICOM) == "object")
{
if( (oCAPICOM.object != null) )
{
// We found CAPICOM!
return true;
}
}
}
function FindCertificateByThumbprin
{
// instantiate the CAPICOM objects
var MyStore = new ActiveXObject("CAPICOM.Sto
var AddrStore = new ActiveXObject("CAPICOM.Sto
var CAStore = new ActiveXObject("CAPICOM.Sto
var RootStore = new ActiveXObject("CAPICOM.Sto
var FoundCertificates = new ActiveXObject("CAPICOM.Cer
// open the store objects
try
{
MyStore.Open(CAPICOM_CURRE
AddrStore.Open(CAPICOM_CUR
CAStore.Open(CAPICOM_CURRE
RootStore.Open(CAPICOM_CUR
}
catch (e)
{
alert("An error occurred while opening your certificate stores, aborting");
return false;
}
// this may take a second so lets update the user with what we are doing
window.status="Finding Certificate with the Thumbprint of " + szThumbprint + ".";
// create an array of all of the stores
MyStores = new Array(MyStore, AddrStore, CAStore, RootStore);
// enumerate through the stores
for (iStore = 0; iStore <= (MyStores.length -1); iStore++)
{
// look for our thumbprint in this store
var Certificates = MyStores[iStore].Certifica
// enumerate through each of the certificates we found (if any)
for (iCert = 1; iCert <= (Certificates.Count); iCert++)
{
FoundCertificates.Add(Cert
}
}
// update the status
window.status="";
// return the certificate
if (typeof(FoundCertificates)
{
return FoundCertificates;
}
}
function displayCert(szThumbprint)
{
// find the certificate specified!
var Certificates = FindCertificateByThumbprin
window.status="Displaying Certificate....";
Certificates.Item(1).Displ
window.status="";
}
function checkCertStatus(szThumbpri
{
if (IsCAPICOMInstalled)
{
// find the certificate specified!
var Certificates = FindCertificateByThumbprin
var Certificate = Certificates.Item(1);
window.status="Checking Certificate Status....";
// CAPICOM exposes Certificate status checking through IsValid, the CheckFlag parameter
// allows you to specify the items you want to have checked for you.
Certificate.IsValid().Chec
if (Certificate.IsValid().Res
{
// clear the status window
window.status="";
alert("CryptoAPI believes \"" + Certificate.GetInfo(CAPICO
}
else
{
var Chain = new ActiveXObject("CAPICOM.Cha
Chain.Build(Certificate)
// clear the status window
window.status="";
if (CAPICOM_TRUST_IS_NOT_SIGN
{
alert("CryptoAPI found a problem with the signature on '" + Certificate.GetInfo(CAPICO
return false;
}
if ((CAPICOM_TRUST_IS_UNTRUST
{
alert("CryptoAPI was unable to chain '" + Certificate.GetInfo(CAPICO
return false;
}
if (CAPICOM_TRUST_IS_CYCLIC & Chain.Status)
{
alert("CAPICOM_TRUST_IS_CY
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_IS_NOT_TIME
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_NOT_TIME
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_NOT_VALI
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_REVOKED & Chain.Status)
{
alert("CryptoAPI determined that '" + Certificate.GetInfo(CAPICO
return false;
}
if (CAPICOM_TRUST_REVOCATION_
{
alert("CryptoAPI was unable to determine the certificate status for '" + Certificate.GetInfo(CAPICO
return false;
}
}
}
}
function populateCertificateList(sz
{
window.status="Populating Certificate Store....";
// Instantiate the objects we will be using...
if( typeof(Store) != "object" )
{
var Store = new ActiveXObject("CAPICOM.Sto
}
// To populate the certificates on in the specified store we first need to open the store,
// with CryptoAPI stores are multi-dimensional, by that I mean that you have machine based
// stores, user based stores, etc; within these "physical" stores within these are logical stores,
// these include:
// * My (Certificates that you have associated keys)
// * AddressBook (Also known as others, these are usually people you correspond with)
// * CA (Intermediate CAs, Intermediates are not trusted; instead they are used to chain to trusted CAs)
// * Root (Trusted CAs, These are the CAs that you have chosen to directly trust)
//
// When we open the store we will do so using the least-privilege model, since we only need to read
// that is all we will ask for. All users on windows can read their personal user store.
Store.Open(CAPICOM_CURRENT
// Create the enumeration object so we can see what certificates are available.
var Certificates = Store.Certificates;
//begin constructing table
szHTML = " <table cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"CertTable\">";
szHTML = szHTML +" <tr><th>x</th><th>Subject<
// Enumerate through each of the certificates in the store..
for (i = 1; i <= (Certificates.Count); i++)
{
szHTML = szHTML +" <tr><td class=\"checkCert\" onMouseOver=\"this.style.c
}
// end table
szHTML = szHTML +" </table>";
szHTML = szHTML +" </td>";
szHTML = szHTML +" </tr>";
szHTML = szHTML +"</table>";
// update the div
datadiv.innerHTML=szHTML;
// Clean up
Store = null;
Certificates = null;
window.status="";
}
function init()
{
// The installation of CAPICOM is dependant on various security permissions on the host pc
// some of these permissions include:
// * read and create permissions to the HKR key in the registry (to register the object)
// * read permissions to the capicom.dll on the file system
//
// If a user does not have said permissions you will not be able to Instantiate the object
// as such your code will not work. So prior to utilizing any of the objects implemented
// by CAPICOM we will check to see if it has been installed.
if (IsCAPICOMInstalled() != true)
{
// Alert the that CAPICOM was not able to be installed
alert("CAPICOM could not be loaded, possibly due to insufficient access privileges on this machine.");
}
else
{
populateCertificateList("M
}
}
</script>
</head>
<body OnLoad="init()">
<style type="text/css">
TABLE {font-family:tahoma,sans-s
TABLE.CertTable TD {border-bottom:solid #93BEE2 1px}
TABLE.CertTable TH {background-color:#336699;
TABLE.CertTable TR {background-color:#FFF7E5;
TD.CheckCert {text-decoration:underline
TD.CertSubject {text-decoration:underline
TD.CertIssuer {text-decoration:none}
</style>
<table ID="tblStoreMenu">
<tr>
<td>
<input value="Personal" type="button" onclick="populateCertifica
</td>
<td>
<input value="Others" type="button" onclick="populateCertifica
</td>
<td>
<input value="Intermediate CAs" type="button" onclick="populateCertifica
</td>
<td>
<input value="Root CAs" type="button" onclick="populateCertifica
</td>
</tr>
</table>
<div id="datadiv"></div>
</body>
</html>
<html>
<head>
<title>CAPICOM - Store Sample</title>
<%
'*************************
'
' THIS CODE AND INformATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
' EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
' WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
'
' Copyright (C) 1999- 2002. Microsoft Corporation. All rights reserved.
'
'*************************
'
' Store.html
'
' This is a JScript sample that illustrates how to use features introduced in
' CAPICOM to manage and view your certificate stores as well as check the
' validity of certificates.
'
' Note: For simplicity, this script does not handle all exceptions.
'
'*************************
%>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<object
id="oCAPICOM"
classid="clsid:A996E48C-D3
codebase="capicom.cab#vers
</object>
<script language="jscript">
// CAPICOM constants
var CAPICOM_CERTIFICATE_FIND_S
var CAPICOM_CURRENT_USER_STORE
var CAPICOM_STORE_OPEN_READ_ON
var CAPICOM_INFO_SUBJECT_SIMPL
var CAPICOM_INFO_ISSUER_SIMPLE
var CAPICOM_INFO_SUBJECT_EMAIL
var CAPICOM_INFO_ISSUER_EMAIL_
var CAPICOM_CHECK_NONE = 0;
var CAPICOM_CHECK_TRUSTED_ROOT
var CAPICOM_CHECK_TIME_VALIDIT
var CAPICOM_CHECK_SIGNATURE_VA
var CAPICOM_CHECK_ONLINE_REVOC
var CAPICOM_CHECK_OFFLINE_REVO
var CAPICOM_TRUST_IS_NOT_TIME_
var CAPICOM_TRUST_IS_NOT_TIME_
var CAPICOM_TRUST_IS_REVOKED = 4;
var CAPICOM_TRUST_IS_NOT_SIGNA
var CAPICOM_TRUST_IS_NOT_VALID
var CAPICOM_TRUST_IS_UNTRUSTED
var CAPICOM_TRUST_REVOCATION_S
var CAPICOM_TRUST_IS_CYCLIC = 128;
var CAPICOM_TRUST_IS_PARTIAL_C
var CAPICOM_TRUST_CTL_IS_NOT_T
var CAPICOM_TRUST_CTL_IS_NOT_S
var CAPICOM_TRUST_CTL_IS_NOT_V
function IsCAPICOMInstalled()
{
if(typeof(oCAPICOM) == "object")
{
if( (oCAPICOM.object != null) )
{
// We found CAPICOM!
return true;
}
}
}
function FindCertificateByThumbprin
{
// instantiate the CAPICOM objects
var MyStore = new ActiveXObject("CAPICOM.Sto
var AddrStore = new ActiveXObject("CAPICOM.Sto
var CAStore = new ActiveXObject("CAPICOM.Sto
var RootStore = new ActiveXObject("CAPICOM.Sto
var FoundCertificates = new ActiveXObject("CAPICOM.Cer
// open the store objects
try
{
MyStore.Open(CAPICOM_CURRE
AddrStore.Open(CAPICOM_CUR
CAStore.Open(CAPICOM_CURRE
RootStore.Open(CAPICOM_CUR
}
catch (e)
{
alert("An error occurred while opening your certificate stores, aborting");
return false;
}
// this may take a second so lets update the user with what we are doing
window.status="Finding Certificate with the Thumbprint of " + szThumbprint + ".";
// create an array of all of the stores
MyStores = new Array(MyStore, AddrStore, CAStore, RootStore);
// enumerate through the stores
for (iStore = 0; iStore <= (MyStores.length -1); iStore++)
{
// look for our thumbprint in this store
var Certificates = MyStores[iStore].Certifica
// enumerate through each of the certificates we found (if any)
for (iCert = 1; iCert <= (Certificates.Count); iCert++)
{
FoundCertificates.Add(Cert
}
}
// update the status
window.status="";
// return the certificate
if (typeof(FoundCertificates)
{
return FoundCertificates;
}
}
function displayCert(szThumbprint)
{
// find the certificate specified!
var Certificates = FindCertificateByThumbprin
window.status="Displaying Certificate....";
Certificates.Item(1).Displ
window.status="";
}
function checkCertStatus(szThumbpri
{
if (IsCAPICOMInstalled)
{
// find the certificate specified!
var Certificates = FindCertificateByThumbprin
var Certificate = Certificates.Item(1);
window.status="Checking Certificate Status....";
// CAPICOM exposes Certificate status checking through IsValid, the CheckFlag parameter
// allows you to specify the items you want to have checked for you.
Certificate.IsValid().Chec
if (Certificate.IsValid().Res
{
// clear the status window
window.status="";
alert("CryptoAPI believes \"" + Certificate.GetInfo(CAPICO
}
else
{
var Chain = new ActiveXObject("CAPICOM.Cha
Chain.Build(Certificate)
// clear the status window
window.status="";
if (CAPICOM_TRUST_IS_NOT_SIGN
{
alert("CryptoAPI found a problem with the signature on '" + Certificate.GetInfo(CAPICO
return false;
}
if ((CAPICOM_TRUST_IS_UNTRUST
{
alert("CryptoAPI was unable to chain '" + Certificate.GetInfo(CAPICO
return false;
}
if (CAPICOM_TRUST_IS_CYCLIC & Chain.Status)
{
alert("CAPICOM_TRUST_IS_CY
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_CTL_IS_NOT_
{
alert("CAPICOM_TRUST_CTL_I
return false;
}
if (CAPICOM_TRUST_IS_NOT_TIME
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_NOT_TIME
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_NOT_VALI
{
alert("CAPICOM_TRUST_IS_NO
return false;
}
if (CAPICOM_TRUST_IS_REVOKED & Chain.Status)
{
alert("CryptoAPI determined that '" + Certificate.GetInfo(CAPICO
return false;
}
if (CAPICOM_TRUST_REVOCATION_
{
alert("CryptoAPI was unable to determine the certificate status for '" + Certificate.GetInfo(CAPICO
return false;
}
}
}
}
function populateCertificateList(sz
{
window.status="Populating Certificate Store....";
// Instantiate the objects we will be using...
if( typeof(Store) != "object" )
{
var Store = new ActiveXObject("CAPICOM.Sto
}
// To populate the certificates on in the specified store we first need to open the store,
// with CryptoAPI stores are multi-dimensional, by that I mean that you have machine based
// stores, user based stores, etc; within these "physical" stores within these are logical stores,
// these include:
// * My (Certificates that you have associated keys)
// * AddressBook (Also known as others, these are usually people you correspond with)
// * CA (Intermediate CAs, Intermediates are not trusted; instead they are used to chain to trusted CAs)
// * Root (Trusted CAs, These are the CAs that you have chosen to directly trust)
//
// When we open the store we will do so using the least-privilege model, since we only need to read
// that is all we will ask for. All users on windows can read their personal user store.
Store.Open(CAPICOM_CURRENT
// Create the enumeration object so we can see what certificates are available.
var Certificates = Store.Certificates;
//begin constructing table
szHTML = " <table cellpadding=\"0\" cellspacing=\"0\" width=\"100%\" class=\"CertTable\">";
szHTML = szHTML +" <tr><th>x</th><th>Subject<
// Enumerate through each of the certificates in the store..
for (i = 1; i <= (Certificates.Count); i++)
{
szHTML = szHTML +" <tr><td class=\"checkCert\" onMouseOver=\"this.style.c
}
// end table
szHTML = szHTML +" </table>";
szHTML = szHTML +" </td>";
szHTML = szHTML +" </tr>";
szHTML = szHTML +"</table>";
// update the div
datadiv.innerHTML=szHTML;
// Clean up
Store = null;
Certificates = null;
window.status="";
}
function init()
{
// The installation of CAPICOM is dependant on various security permissions on the host pc
// some of these permissions include:
// * read and create permissions to the HKR key in the registry (to register the object)
// * read permissions to the capicom.dll on the file system
//
// If a user does not have said permissions you will not be able to Instantiate the object
// as such your code will not work. So prior to utilizing any of the objects implemented
// by CAPICOM we will check to see if it has been installed.
if (IsCAPICOMInstalled() != true)
{
// Alert the that CAPICOM was not able to be installed
alert("CAPICOM could not be loaded, possibly due to insufficient access privileges on this machine.");
}
else
{
populateCertificateList("M
}
}
</script>
</head>
<body OnLoad="init()">
<style type="text/css">
TABLE {font-family:tahoma,sans-s
TABLE.CertTable TD {border-bottom:solid #93BEE2 1px}
TABLE.CertTable TH {background-color:#336699;
TABLE.CertTable TR {background-color:#FFF7E5;
TD.CheckCert {text-decoration:underline
TD.CertSubject {text-decoration:underline
TD.CertIssuer {text-decoration:none}
</style>
<table ID="tblStoreMenu">
<tr>
<td>
<input value="Personal" type="button" onclick="populateCertifica
</td>
<td>
<input value="Others" type="button" onclick="populateCertifica
</td>
<td>
<input value="Intermediate CAs" type="button" onclick="populateCertifica
</td>
<td>
<input value="Root CAs" type="button" onclick="populateCertifica
</td>
</tr>
</table>
<div id="datadiv"></div>
</body>
</html>
ASKER
These are the methods i need to call using a java applet imbeded in IE, it appears they come through some package labeled System. I assume this means that i have to created C++ stubs to get back to this DLL to get these class files imported.
ReTasm -- Thanks for the post, but the main point of the project is to see if the client browser has ActiveX turned on or not in their security settings for the zone that the page turns up in. So imbeding ActiveX controls isn't really an option. Thanks for the info on how the CAPICOM package could be a solution...
ReTasm -- Thanks for the post, but the main point of the project is to see if the client browser has ActiveX turned on or not in their security settings for the zone that the page turns up in. So imbeding ActiveX controls isn't really an option. Thanks for the info on how the CAPICOM package could be a solution...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CHECK THIS:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/Security/capicom_reference.asp
regards