+#!/bin/sh
+# This shell script will generate an X509 certificate for your gnunet-gns-proxy
+# and install it (for both GNUnet and your browser).
+#
+if ! which certtool > /dev/null
+then
+ echo "'certtool' command not found. Please install it."
+ exit 1
+fi
+
echo "Generating CA"
+options=''
+while getopts "c:" opt; do
+ case $opt in
+ c)
+ options="$options -c $OPTARG"
+ ;;
+ \?)
+ echo "Invalid option: -$OPTARG" >&2
+ exit 1
+ ;;
+ :)
+ echo "Option -$OPTARG requires an argument." >&2
+ exit 1
+ ;;
+ esac
+done
+
+GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem`
+GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem`
+GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem`
+GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options`
+mkdir -p `dirname $GNS_CA_CERT_PEM`
-openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNUnet Naming System"
+openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System"
echo "Removing passphrase from key"
-openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out gnscakeynoenc.pem
+openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO
+
+echo "Making private key available to gnunet-gns-proxy"
+cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM
+
+echo "Importing CA into browsers"
+for f in ~/.mozilla/firefox/*.default/
+do
+ if [ -d $f ]; then
+ echo "Importing CA info Firefox at $f/"
+# delete old certificate (if any)
+ certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null
+# add new certificate
+ certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT
+ fi
+done
-cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem
-cat gnscacert.pem > $HOME/.gnunet/gns/gnsCAcert.pem
-cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+if [ -d ~/.pki/nssdb/ ]; then
+ echo "Importing CA into Chrome at ~/.pki/nssdb/"
+# delete old certificate (if any)
+ certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null
+# add new certificate
+ certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT
+fi
-rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem
+echo "Cleaning up."
+rm -f $GNSCAKY $GNSCANO $GNSCERT
-echo "Next steps:"
-echo "1. The new CA will be used automatically by the proxy with the default settings"
-echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the browser of your choice"
-echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy on port 7777"
+echo "==================================="
+echo "You can now start gnunet-gns-proxy."
+echo "Afterwards, configure your browser "
+echo " to use a SOCKS proxy on port 7777."
+echo "==================================="
projects / oweals / gnunet.git / blobdiff