revert sed and fix a typo

[oweals/gnunet.git] / src / gns / gnunet-gns-proxy-setup-ca.in

#!/bin/sh
# This shell script will generate an X509 certificate for your gnunet-gns-proxy
# and install it (for both GNUnet and your browser).
#

# TODO: We should sed the real paths to the binaries involved here.
OPENSSLCFG=@PREFIX@
if ! which openssl > /dev/null
then
    echo "'openssl' command not found. Please install it."
    exit 1
fi

# Keep it simple so that people can install the tools later on.
OPENSSLBIN=openssl
CERTUTILBIN=certutil

echo "Generating CA"
options=''
while getopts "c:" opt; do
  case $opt in
    c)
      options="$options -c $OPTARG"
      ;;
    \?)
      echo "Invalid option: -$OPTARG" >&2
      exit 1
      ;;
    :)
      echo "Option -$OPTARG requires an argument." >&2
      exit 1
      ;;
  esac
done

GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
mkdir -p `dirname $GNS_CA_CERT_PEM`

OPENSSLBIN req -config $OPENSSLCFG -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"

echo "Removing passphrase from key"
OPENSSLBIN rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO

echo "Making private key available to gnunet-gns-proxy"
cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM

if ! which certutil > /dev/null
then
  echo "The 'certutil' command was not found. Not importing into browsers."
  echo "For 'certutil' install nss."
else
  echo "Importing CA into browsers"
  for f in ~/.mozilla/firefox/*.*/
  do
    if [ -d $f ]; then
      echo "Importing CA info Firefox at $f"
      # delete old certificate (if any)
      @CERTUTILBIN@ -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
      # add new certificate
      @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
    fi
  done

  if [ -d ~/.pki/nssdb/ ]; then
    echo "Importing CA into Chrome at ~/.pki/nssdb/"
    # delete old certificate (if any)
    @CERTUTILBIN@ -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
    # add new certificate
    @CERTUTILBIN@ -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
  fi
fi

echo "Cleaning up."
rm -f $GNSCAKY $GNSCANO $GNSCERT

echo "==================================="
echo "You can now start gnunet-gns-proxy."
echo "Afterwards, configure your browser "
echo " to use a SOCKS proxy on port 7777."
echo "==================================="