From 73578674ca23cdb582fd105c2746fc5542c0e774 Mon Sep 17 00:00:00 2001
From: Martin Schanzenbach <mschanzenbach@posteo.de>
Date: Tue, 12 Jun 2012 10:04:51 +0000
Subject: [PATCH] Script for CA generation. Making it easy with config option

---
 src/gns/createProxyCa.sh   | 20 ++++++++++++++++++++
 src/gns/gns.conf.in        |  3 ++-
 src/gns/gnunet-gns-proxy.c | 34 ++++++++++++++++++++++++++++------
 3 files changed, 50 insertions(+), 7 deletions(-)
 create mode 100644 src/gns/createProxyCa.sh

diff --git a/src/gns/createProxyCa.sh b/src/gns/createProxyCa.sh
new file mode 100644
index 000000000..43855241e
--- /dev/null
+++ b/src/gns/createProxyCa.sh
@@ -0,0 +1,20 @@
+echo "Generating CA"
+
+openssl req -new -x509 -days 3650 -extensions v3_ca -keyout gnscakey.pem -out gnscacert.pem -subj "/C=DE/ST=Bavaria/L=Munich/O=TUM/OU=IN/CN=GNS Proxy CA/emailAddress=bounce@gnunet.org" -passout pass:"GNUnet Naming System"
+
+echo "Removing passphrase from key"
+openssl rsa -passin pass:"GNUnet Naming System" -in gnscakey.pem -out gnscakeynoenc.pem
+
+cp gnscacert.pem $HOME/.gnunet/gns/gnscert.pem
+cat gnscacert.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakeynoenc.pem >> $HOME/.gnunet/gns/gnsCAcert.pem
+cat gnscakey.pem
+cat gnscacert.pem
+
+echo "Cleaning up"
+rm gnscakey.pem gnscakeynoenc.pem gnscacert.pem
+
+echo "Next steps:"
+echo "1. The new CA will be used automatically by the proxy with the default settings"
+echo "2. Please import the certificate $HOME/.gnunet/gns/gnscert.pem into the browser of your choice"
+echo "3. Start gnunet-gns-proxy and configure your broser to use a SOCKS proxy on port 7777"
diff --git a/src/gns/gns.conf.in b/src/gns/gns.conf.in
index 2fe10ca34..8484f1810 100644
--- a/src/gns/gns.conf.in
+++ b/src/gns/gns.conf.in
@@ -16,7 +16,8 @@ RECORD_PUT_INTERVAL = 60
 ZONE_PUT_INTERVAL = 900
 
 [gns-proxy]
-PROXY_UNIXPATH= /tmp/gnunet-gns-proxy.sock
+PROXY_CACERT = $SERVICEHOME/gns/gnsCAcert.pem
+PROXY_UNIXPATH = /tmp/gnunet-gns-proxy.sock
 
 [fcfsd]
 HTTPPORT = 18080
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index f0ef61d9f..790a9f474 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -228,7 +228,7 @@ struct ProxyCurlTask
 static unsigned long port = GNUNET_GNS_PROXY_PORT;
 
 /* The CA file (pem) to use for the proxy CA */
-static char* cafile;
+static char* cafile_opt;
 
 /* The listen socket of the proxy */
 static struct GNUNET_NETWORK_Handle *lsock;
@@ -2260,7 +2260,7 @@ load_local_zone_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
   if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key!\n");
+                "Unable to load zone key %s!\n", keyfile);
     GNUNET_free(keyfile);
     return GNUNET_NO;
   }
@@ -2305,14 +2305,14 @@ load_local_shorten_key (const struct GNUNET_CONFIGURATION_Handle *cfg)
                                                           &keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key config value!\n");
+                "Unable to load shorten key config value! (not fatal)\n");
     return GNUNET_NO;
   }
 
   if (GNUNET_NO == GNUNET_DISK_file_test (keyfile))
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "Unable to load zone key!\n");
+                "Unable to load shorten key %s! (not fatal)\n", keyfile);
     GNUNET_free(keyfile);
     return GNUNET_NO;
   }
@@ -2349,10 +2349,29 @@ run (void *cls, char *const *args, const char *cfgfile,
   struct sockaddr_un mhd_unix_sock_addr;
   size_t len;
   char* proxy_sockfile;
+  char* cafile_cfg = NULL;
+  char* cafile;
 
-  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
               "Loading CA\n");
+  
+  cafile = cafile_opt;
 
+  if (NULL == cafile)
+  {
+    if (GNUNET_OK != GNUNET_CONFIGURATION_get_value_filename (cfg, "gns-proxy",
+                                                          "PROXY_CACERT",
+                                                          &cafile_cfg))
+    {
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "Unable to load proxy CA config value!\n");
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                  "No proxy CA provided!\n");
+      return;
+    }
+    cafile = cafile_cfg;
+  }
+  
   gnutls_global_init ();
 
   gnutls_x509_crt_init (&proxy_ca.cert);
@@ -2360,6 +2379,9 @@ run (void *cls, char *const *args, const char *cfgfile,
   
   load_cert_from_file (proxy_ca.cert, cafile);
   load_key_from_file (proxy_ca.key, cafile);
+
+  if (cafile_cfg)
+    GNUNET_free (cafile_cfg);
   
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
               "Loading Template\n");
@@ -2524,7 +2546,7 @@ main (int argc, char *const *argv)
      &GNUNET_GETOPT_set_string, &port},
     {'a', "authority", NULL,
       gettext_noop ("pem file to use as CA"), 1,
-      &GNUNET_GETOPT_set_string, &cafile},
+      &GNUNET_GETOPT_set_string, &cafile_opt},
     GNUNET_GETOPT_OPTION_END
   };
 
-- 
2.25.1