X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=src%2Fgns%2Fgnunet-gns-proxy-setup-ca;h=692cca974f612a5c945f8be42c52d255abf433fe;hb=2105059516320800eaa8fff1196b58f29a50ba7c;hp=019db07633d376e1e7d19cd61dc28e94776ab99e;hpb=cea0cc4df6ac1a0c5c062dfc325b7e704b3f556d;p=oweals%2Fgnunet.git diff --git a/src/gns/gnunet-gns-proxy-setup-ca b/src/gns/gnunet-gns-proxy-setup-ca index 019db0763..692cca974 100644 --- a/src/gns/gnunet-gns-proxy-setup-ca +++ b/src/gns/gnunet-gns-proxy-setup-ca @@ -1,17 +1,70 @@ +#!/bin/sh +# This shell script will generate an X509 certificate for your gnunet-gns-proxy +# and install it (for both GNUnet and your browser). +# +if ! which certtool > /dev/null +then + echo "'certtool' command not found. Please install it." + exit 1 +fi + echo "Generating CA" +options='' +while getopts "c:" opt; do + case $opt in + c) + options="$options -c $OPTARG" + ;; + \?) + echo "Invalid option: -$OPTARG" >&2 + exit 1 + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + exit 1 + ;; + esac +done + +GNSCERT=`mktemp /tmp/gnscertXXXXXX.pem` +GNSCAKY=`mktemp /tmp/gnscakeyXXXXXX.pem` +GNSCANO=`mktemp /tmp/gnscakeynoencXXXXXX.pem` +GNS_CA_CERT_PEM=`gnunet-config -s gns-proxy -o PROXY_CACERT -f $options` +mkdir -p `dirname $GNS_CA_CERT_PEM` -openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNUnet Naming System" +openssl req -new -x509 -days 3650 -extensions v3_ca -keyout $GNSCAKY -out $GNSCERT -subj "/C=ZZ/L=World/O=GNU/OU=GNUnet/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNU Name System" echo "Removing passphrase from key" -openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out gnscakeynoenc.pem +openssl rsa -passin pass:"GNU Name System" -in $GNSCAKY -out $GNSCANO + +echo "Making private key available to gnunet-gns-proxy" +cat $GNSCERT $GNSCANO > $GNS_CA_CERT_PEM + +echo "Importing CA into browsers" +for f in ~/.mozilla/firefox/*.default/ +do + if [ -d $f ]; then + echo "Importing CA info Firefox at $f/" +# delete old certificate (if any) + certutil -D -n "GNS Proxy CA" -d "$f" >/dev/null 2>/dev/null +# add new certificate + certutil -A -n "GNS Proxy CA" -t CT,, -d "$f" < $GNSCERT + fi +done -cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem -cat gnscacert.pem > $HOME/.gnunet/gns/gnsCAcert.pem -cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem +if [ -d ~/.pki/nssdb/ ]; then + echo "Importing CA into Chrome at ~/.pki/nssdb/" +# delete old certificate (if any) + certutil -D -n "GNS Proxy CA" -d ~/.pki/nssdb/ >/dev/null 2>/dev/null +# add new certificate + certutil -A -n "GNS Proxy CA" -t CT,, -d ~/.pki/nssdb/ < $GNSCERT +fi -rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem +echo "Cleaning up." +rm -f $GNSCAKY $GNSCANO $GNSCERT -echo "Next steps:" -echo "1. The new CA will be used automatically by the proxy with the default settings" -echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the browser of your choice" -echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy on port 7777" +echo "===================================" +echo "You can now start gnunet-gns-proxy." +echo "Afterwards, configure your browser " +echo " to use a SOCKS proxy on port 7777." +echo "==================================="