diff options
Diffstat (limited to 'src/gns/gnunet-gns-proxy-setup-ca.in')
-rw-r--r-- | src/gns/gnunet-gns-proxy-setup-ca.in | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/src/gns/gnunet-gns-proxy-setup-ca.in b/src/gns/gnunet-gns-proxy-setup-ca.in new file mode 100644 index 000000000..0a6fab18a --- /dev/null +++ b/src/gns/gnunet-gns-proxy-setup-ca.in | |||
@@ -0,0 +1,78 @@ | |||
1 | #!/bin/sh | ||
2 | # This shell script will generate an X509 certificate for your gnunet-gns-proxy | ||
3 | # and install it (for both GNUnet and your browser). | ||
4 | # | ||
5 | |||
6 | OPENSSLCFG=@pkgdatadir@/openssl.cnf | ||
7 | if ! which openssl > /dev/null | ||
8 | then | ||
9 | echo "'openssl' command not found. Please install it." | ||
10 | exit 1 | ||
11 | fi | ||
12 | |||
13 | echo "Generating CA" | ||
14 | options='' | ||
15 | while getopts "c:" opt; do | ||
16 | case $opt in | ||
17 | c) | ||
18 | options="$options -c $OPTARG" | ||
19 | ;; | ||
20 | \?) | ||
21 | echo "Invalid option: -$OPTARG" >&2 | ||
22 | exit 1 | ||
23 | ;; | ||
24 | :) | ||
25 | echo "Option -$OPTARG requires an argument." >&2 | ||
26 | exit 1 | ||
27 | ;; | ||
28 | esac | ||
29 | done | ||
30 | |||
31 | GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` | ||
32 | GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` | ||
33 | GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` | ||
34 | GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` | ||
35 | mkdir -p `dirname $GNS_CA_CERT_PEM` | ||
36 | |||
37 | openssl req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" | ||
38 | |||
39 | echo "Removing passphrase from key" | ||
40 | openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO | ||
41 | |||
42 | echo "Making private key available to gnunet-gns-proxy" | ||
43 | cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM | ||
44 | |||
45 | if ! which certutil > /dev/null | ||
46 | then | ||
47 | echo "The 'certutil' command was not found. Not importing into browsers." | ||
48 | echo "For 'certutil' install nss." | ||
49 | else | ||
50 | echo "Importing CA into browsers" | ||
51 | for f in ~/.mozilla/firefox/*.*/ | ||
52 | do | ||
53 | if [ -d $f ]; then | ||
54 | echo "Importing CA info Firefox at $f" | ||
55 | # delete old certificate (if any) | ||
56 | certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null | ||
57 | # add new certificate | ||
58 | certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT | ||
59 | fi | ||
60 | done | ||
61 | |||
62 | if [ -d ~/.pki/nssdb/ ]; then | ||
63 | echo "Importing CA into Chrome at ~/.pki/nssdb/" | ||
64 | # delete old certificate (if any) | ||
65 | certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null | ||
66 | # add new certificate | ||
67 | certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT | ||
68 | fi | ||
69 | fi | ||
70 | |||
71 | echo "Cleaning up." | ||
72 | rm -f $GNSCAKY $GNSCANO $GNSCERT | ||
73 | |||
74 | echo "===================================" | ||
75 | echo "You can now start gnunet-gns-proxy." | ||
76 | echo "Afterwards, configure your browser " | ||
77 | echo " to use a SOCKS proxy on port 7777." | ||
78 | echo "===================================" | ||