aboutsummaryrefslogtreecommitdiff
path: root/src/gns
diff options
context:
space:
mode:
authorng0 <ng0@n0.is>2019-03-08 22:47:17 +0000
committerng0 <ng0@n0.is>2019-03-08 22:47:17 +0000
commite298128e273a984beb3094e9d380a54a0f65b4ce (patch)
tree8cec2517347c56c9bf2d8409ec7b707364969c4d /src/gns
parent7326379321392c77bc31736b93342063c252d98b (diff)
downloadgnunet-e298128e273a984beb3094e9d380a54a0f65b4ce.tar.gz
gnunet-e298128e273a984beb3094e9d380a54a0f65b4ce.zip
gnunet-gns-proxy-setup-ca:
Here is a new version of gnunet-gns-proxy-setup-ca. Most of it still needs debugging, but it works. This ought to be extended in the future. Man page created.
Diffstat (limited to 'src/gns')
-rw-r--r--src/gns/gnunet-gns-proxy-setup-ca.in473
1 files changed, 399 insertions, 74 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in
index 0a6fab18a..f3a1f58e1 100644
--- a/src/gns/gnunet-gns-proxy-setup-ca.in
+++ b/src/gns/gnunet-gns-proxy-setup-ca.in
@@ -1,78 +1,403 @@
1#!/bin/sh 1#!/bin/sh
2# This shell script will generate an X509 certificate for your gnunet-gns-proxy
3# and install it (for both GNUnet and your browser).
4# 2#
3# This shell script will generate an X509 certificate for
4# your gnunet-gns-proxy and install it (for both GNUnet
5# and your browser).
6#
7# TODO: Implement support for more browsers
8# TODO: Debug and switch to the new version
9# TODO - The only remaining task is fixing the getopts
10# TODO: Error checks
11#
12# The current version partially reuses and recycles
13# code from build.sh by NetBSD (although not entirely
14# used because it needs debugging):
15#
16# Copyright (c) 2001-2011 The NetBSD Foundation, Inc.
17# All rights reserved.
18#
19# This code is derived from software contributed to
20# The NetBSD Foundation by Todd Vierling and Luke Mewburn.
21
22# Redistribution and use in source and binary forms, with or
23# without modification, are permitted provided that the following
24# conditions are met:
25# 1. Redistributions of source code must retain the above
26# copyright notice, this list of conditions and the following
27# disclaimer.
28# 2. Redistributions in binary form must reproduce the above
29# copyright notice, this list of conditions and the following
30# disclaimer in the documentation and/or other materials
31# provided with the distribution.
32
33# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
34# CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
35# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
36# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
37# DISCLAIMED.
38# IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR
39# ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
40# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
41# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
44# LIABILITY, OR TORT
45# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
46# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
47# OF SUCH DAMAGE.
48
49progname=${0##*/}
50
51setdefaults()
52{
53 runcmd=
54 #TOP=$( (exec pwd -P 2>/dev/null) || (exec pwd 2>/dev/null) )
55}
56
57statusmsg()
58{
59 ${runcmd} echo " $@"
60}
61
62infomsg()
63{
64 statusmsg "INFO: $@"
65}
66
67warningmsg()
68{
69 statusmsg "WARNING: $@"
70}
71
72errormsg()
73{
74 statusmsg "ERROR: $@"
75}
76
77linemsg()
78{
79 statusmsg "========================================="
80}
81
82# Given a variable name in $1, modify the variable in place
83# as follows:
84# Convert possibly-relative path to absolute path by prepending
85# ${TOP} if necessary. Also delete trailing "/", if any.
86resolvepath()
87{
88 local var="$1"
89 local val
90 eval val=\"\${${var}}\"
91 case "${val}" in
92 /)
93 ;;
94 /*)
95 val="${val%/}"
96 ;;
97 *)
98 val="${TOP}/${val%/}"
99 ;;
100 esac
101 eval ${var}=\"\${val}\"
102}
103
104# usage()
105# {
106# if [ -n "$*" ]; then
107# echo ""
108# echo "${progname}: $*"
109# fi
110# cat <<_usage_
111
112# Usage: ${progname} [-fhv] [-c FILE] operation [...]
113
114# Operations:
115# cert Create the GNS certificate and only insert
116# it in GNS.
117# browser Create the GNS certificate, insert it in
118# GNS and install it in webbrowsers found.
119# all Create the GNS certificate, insert it in
120# GNS and install it in webbrowsers found.
121# help Print this help message.
122
123# Options:
124# -c FILE Use the configuration file FILE.
125# -f Perform expansions of the variables used in the config
126# value of gns-proxy. This will usually expand
127# $GNUNET_DATA_HOME to represent its path.
128# -h Print this help message.
129# -v Print the version.
130
131# _usage_
132# exit 1
133# }
134
135usage()
136{
137 if [ -n "$*" ]; then
138 echo ""
139 echo "${progname}: $*"
140 fi
141 cat <<_usage_
142
143Usage: ${progname} [-hv] [-c FILE] [...]
144
145Options:
146 -c FILE Use the configuration file FILE.
147 -h Print this help message.
148 -v Print the version and exit.
149 -V be verbose
5 150
6OPENSSLCFG=@pkgdatadir@/openssl.cnf 151_usage_
7if ! which openssl > /dev/null 152 exit 1
8then 153}
9 echo "'openssl' command not found. Please install it." 154
10 exit 1 155
11fi 156# parseoptions()
12 157# {
13echo "Generating CA" 158# opts=':cfhv'
14options='' 159# # For now use POSIX getopts. For the future, refer to
15while getopts "c:" opt; do 160# # the shell capabilities check build.sh has?
16 case $opt in 161# if type getopts >/dev/null 2>&1; then
17 c) 162# # we are a posix shell, we can use the builtin getopts
18 options="$options -c $OPTARG" 163# getoptcmd='getopts ${opts} opt && opt=-${opt}'
19 ;; 164# optargcmd=':'
20 \?) 165# optremcmd='shift $((${OPTIND} -1))'
21 echo "Invalid option: -$OPTARG" >&2 166# fi
22 exit 1 167
23 ;; 168# # parse command line options.
24 :) 169# while eval ${getoptcmd}; do
25 echo "Option -$OPTARG requires an argument." >&2 170# case ${opt} in
26 exit 1 171
27 ;; 172# -c)
28 esac 173# eval ${optargcmd}; resolvepath OPTARG
29done 174# GNUNET_CONFIG_FILE="${OPTARG}"
30 175# export GNUNET_CONFIG_FILE
31GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` 176# ;;
32GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` 177# -f)
33GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` 178# GNUNET_PASS_FILENAME=1
34GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` 179# export GNUNET_PASS_FILENAME
35mkdir -p `dirname $GNS_CA_CERT_PEM` 180# ;;
36 181# -v)
37openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" 182# print_version
38 183# ;;
39echo "Removing passphrase from key" 184# --)
40openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO 185# break
41 186# ;;
42echo "Making private key available to gnunet-gns-proxy" 187# -'?'|-h)
43cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM 188# usage
44 189# ;;
45if ! which certutil > /dev/null 190# esac
46then 191# done
47 echo "The 'certutil' command was not found. Not importing into browsers." 192
48 echo "For 'certutil' install nss." 193# # operations
49else 194# eval ${optremcmd}
50 echo "Importing CA into browsers" 195# while [ $# -gt 0 ]; do
51 for f in ~/.mozilla/firefox/*.*/ 196# op=$1; shift
52 do 197# operations="${operations} ${op}"
53 if [ -d $f ]; then 198# case "${op}" in
54 echo "Importing CA info Firefox at $f" 199# help)
55 # delete old certificate (if any) 200# usage
56 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null 201# ;;
57 # add new certificate 202# all|\
58 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT 203# browser|\
204# cert)
205# ;;
206# *)
207# usage "Unknown operation \`${op}'"
208# ;;
209# esac
210# op="$( echo "$op" | tr -s '.-' '__')"
211# eval do_${op}=true
212# done
213# }
214 #[ -n "${operations}" ] || usage "Missing operation to perform."
215 # old code:
216 # while getopts "c:" opt; do
217 # case $opt in
218 # c)
219 # options="$options -c $OPTARG"
220 # ;;
221 # \?)
222 # echo "Invalid option: -$OPTARG" >&2
223 # exit 1
224 # ;;
225 # :)
226 # echo "Option -$OPTARG requires an argument." >&2
227 # exit 1
228 # ;;
229 # esac
230 # done
231
232generate_ca()
233{
234 echo ""
235 infomsg "Generating CA"
236 TMPDIR=${TMPDIR:-/tmp}
237 if [ -e "$TMPDIR" ]; then
238 GNSCERT=`mktemp -t ${00##*/}.pem` || exit 1
239 GNSCAKY=`mktemp -t ${00##*/}.pem` || exit 1
240 GNSCANO=`mktemp -t ${00##*/}.pem` || exit 1
241 else
242 # This warning is mostly pointless.
243 warning "You need to export the TMPDIR variable"
244 fi
245 # else
246 # # SETUP_TMPDIR="$HOME/gns_setup"
247 # # if [ ! -e "$SETUP_TMPDIR" ]; then
248 # # mkdir -p $SETUP_TMPDIR
249 # # fi
250 # GNSCERT=`mktemp ${00##*/}.pem` || exit 1
251 # GNSCAKY=`mktemp ${00##*/}.pem` || exit 1
252 # GNSCANO=`mktemp ${00##*/}.pem` || exit 1
253 # fi
254
255 OPENSSLCFG=@pkgdatadir@/openssl.cnf
256 if ! which openssl > /dev/null
257 then
258 warningmsg "'openssl' command not found. Please install it."
259 infomsg "Cleaning up."
260 rm -f $GNSCAKY $GNSCANO $GNSCERT
261 exit 1
262 fi
263 if [ -n "${GNUNET_CONFIG}" ]; then
264 GNUNET_CONFIG="-c ${GNUNET_CONFIG_FILE}"
265 else
266 GNUNET_CONFIG=""
267 fi
268 if [ GNUNET_PASS_FILENAME ]; then
269 GNUNET_OPT_F=""
270 else
271 GNUNET_OPT_F=" -f "
272 fi
273 GNS_CA_CERT_PEM=`gnunet-config ${GNUNET_CONFIG} -s gns-proxy -o PROXY_CACERT ${GNUNET_OPT_F} -f ${options}`
274 mkdir -p `dirname $GNS_CA_CERT_PEM`
275
276 # Bad names etc.
277 if [ verbosity ]; then
278 VERBOSE_OUTPUT=""
279 else
280 VERBOSE_OUTPUT="2>/dev/null"
59 fi 281 fi
60 done 282 openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" ${VERBOSE_OUTPUT}
61 283
62 if [ -d ~/.pki/nssdb/ ]; then 284 statusmsg "Removing passphrase from key"
63 echo "Importing CA into Chrome at ~/.pki/nssdb/" 285 openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO ${VERBOSE_OUTPUT}
64 # delete old certificate (if any) 286
65 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null 287 statusmsg "Making private key available to gnunet-gns-proxy"
66 # add new certificate 288 cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
67 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT 289}
68 fi 290
69fi 291importbrowsers()
70 292{
71echo "Cleaning up." 293 if ! which certutil > /dev/null
72rm -f $GNSCAKY $GNSCANO $GNSCERT 294 then
73 295 warningmsg "The 'certutil' command was not found."
74echo "===================================" 296 warningmsg "Not importing into browsers."
75echo "You can now start gnunet-gns-proxy." 297 warningmsg "For 'certutil' install nss."
76echo "Afterwards, configure your browser " 298 else
77echo " to use a SOCKS proxy on port 7777." 299 statusmsg "Importing CA into browsers"
78echo "===================================" 300 # TODO: Error handling?
301 for f in ~/.mozilla/firefox/*.*/
302 do
303 if [ -d $f ]; then
304 statusmsg "Importing CA into Firefox at $f"
305 # delete old certificate (if any)
306 certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
307 # add new certificate
308 certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
309 fi
310 done
311 # TODO: Error handling?
312 if [ -d ~/.pki/nssdb/ ]; then
313 statusmsg "Importing CA into Chrome at ~/.pki/nssdb/"
314 # delete old certificate (if any)
315 certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
316 # add new certificate
317 certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
318 fi
319 fi
320}
321
322print_version()
323{
324 GNUNET_ARM_VERSION=`gnunet-arm -v`
325 echo $GNUNET_ARM_VERSION
326}
327
328clean_up()
329{
330 infomsg "Cleaning up."
331 rm -f $GNSCAKY $GNSCANO $GNSCERT
332 if [ -e $SETUP_TMPDIR ]; then
333 rm -rf $SETUP_TMPDIR
334 fi
335
336 linemsg
337 infomsg "You can now start gnunet-gns-proxy."
338 infomsg "Afterwards, configure your browser "
339 infomsg "to use a SOCKS proxy on port 7777. "
340 linemsg
341}
342
343main()
344{
345 while getopts "vhVc:" opt; do
346 case $opt in
347 v)
348 print_version
349 exit 0
350 ;;
351 h)
352 usage
353 ;;
354 V)
355 verbosity=1
356 ;;
357 c)
358 options="$options -c $OPTARG"
359 infomsg "Using configuration file $OPTARG"
360 ;;
361 \?)
362 echo "Invalid option: -$OPTARG" >&2
363 usage
364 ;;
365 :)
366 echo "Option -$OPTARG requires an argument." >&2
367 usage
368 ;;
369 esac
370 done
371 setdefaults
372 generate_ca
373 importbrowsers
374 clean_up
375
376# Needs debugging...
377# setdefaults
378# _args=$@
379# parseoptions "$@"
380# for op in ${operations}; do
381# case "${op}" in
382# cert)
383# ${runcmd} "${generate_ca}"
384# ${runcmd} "${clean_up}"
385# ;;
386# browser)
387# ${runcmd} "${generate_ca}"
388# ${runcmd} "${importbrowsers}"
389# ${runcmd} "${clean_up}"
390# ;;
391# all)
392# ${runcmd} "${generate_ca}"
393# ${runcmd} "${importbrowsers}"
394# ${runcmd} "${clean_up}"
395# ;;
396# *)
397# infomsg "Unknown operation \`${op}'"
398# ;;
399# esac
400# done
401}
402
403main "$@"