gencert.sh: Automate certificate addition to FireFox and Chrome

As of today, bluepy-scratch-link users need to do special action to allow
local server certificates. This is trouble some and James Le Cuirot
suggested to automate the action with certutil tools

To avoid the user action, check if NSS DB of FireFox or Chrome exists. If
NSS DBs exist, add the certificate to those DBs.

Signed-off-by: Shin'ichiro Kawasaki <kawasaki@juno.dti.ne.jp>

gencert.sh

@@ -14,3 +14,58 @@ distinguished_name = dn
 subjectAltName = DNS:device-manager.scratch.mit.edu
 HERE
 
+if ((!$?)); then
+	echo "Generated certificate: ${CERT_FILE}"
+	echo "Generated key: ${KEY_FILE}"
+else
+	echo "Failed to generate certificate and key files."
+	exit 1
+fi
+
+if ! command -v certutil > /dev/null; then
+	echo "Certutil command not found. Do not add certificate."
+	exit 2
+fi
+
+add_cert() {
+	local dir="${1}"
+	local prefix=sql
+
+	if [[ -e ${dir}/key3.db ]]; then
+		prefix=dbm
+	fi
+
+	certutil -A -d "${prefix}:${1}" -n "device-manager.scratch.mit.edu" \
+		 -t "C,," -i "${CERT_FILE}"
+}
+
+# Add certificate to FireFox
+declare nssdb
+for f in "${HOME}"/.mozilla/firefox/*/key*.db; do
+	if [[ ! -f ${f} ]]; then
+		continue
+	fi
+	nssdb=${f%/*}
+	if add_cert "${nssdb}"; then
+		echo "Added certificate to FireFox NSS DB: ${nssdb}"
+	else
+		echo "Failed to add certificate to FireFox NSS DB: ${nssdb}"
+		exit 3
+	fi
+done
+if [[ -z ${nssdb} ]]; then
+	echo "FireFox NSS DB not found. Do not add certificate."
+fi
+
+# Add certificate to Chrome
+nssdb="${HOME}/.pki/nssdb"
+if [[ -d ${nssdb} ]]; then
+	if add_cert "${nssdb}"; then
+		echo "Added certificate to Chrome"
+	else
+		echo "Failed to add certificate to Chrome"
+		exit 4
+	fi
+else
+	echo "Chrome NSS DB not found. Do not add certificate."
+fi