summaryrefslogtreecommitdiff
path: root/src/gns/gnunet-gns-proxy-setup-ca
blob: 5686e37f743f092cd19f530262485b183b2052e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/sh
# This shell script will generate an X509 certificate for your gnunet-gns-proxy
# and install it (for both GNUnet and your browser).
#
if ! which certtool > /dev/null
then
  echo "'certtool' command not found. Please install it."
  exit 1
fi

echo "Generating CA"
options=''
while getopts "c:" opt; do
  case $opt in
    c)
      options+="-c $OPTARG"
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
mkdir -p `dirname $GNS_CA_CERT_PEM`

openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"

echo "Removing passphrase from key"
openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO

cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM

echo "Importing CA into browsers"
for f in ~/.mozilla/firefox/*.default
do
  if [ -d $f ]; then
    echo "Importing CA info Firefox $f"
    certutil -D -n "GNS Proxy CA" -d ~/.mozilla/firefox/*.default >/dev/null 2&>1
    certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.mozilla/firefox/*.default < $GNSCERT
  fi
done

if [ -d ~/.pki/nssdb ]; then
  echo "Importing CA into Chrome"
  certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb >/dev/null 2&>1
  certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb < $GNSCERT
fi


rm $GNSCAKY $GNSCANO $GNSCERT

echo "You can now start gnunet-gns-proxy and configure your browser to use a SOCKS proxy on port 7777"