From 3a784edbd5d8b264eb1972059035ff86cacc3180 Mon Sep 17 00:00:00 2001 From: Shin'ichiro Kawasaki Date: Sat, 18 Apr 2020 18:17:42 +0900 Subject: [PATCH] gencert.sh: Automate certificate addition to FireFox and Chrome As of today, bluepy-scratch-link users need to do special action to allow local server certificates. This is trouble some and James Le Cuirot suggested to automate the action with certutil tools To avoid the user action, check if NSS DB of FireFox or Chrome exists. If NSS DBs exist, add the certificate to those DBs. Signed-off-by: Shin'ichiro Kawasaki --- gencert.sh | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/gencert.sh b/gencert.sh index e0d2d53..2c94219 100755 --- a/gencert.sh +++ b/gencert.sh @@ -14,3 +14,58 @@ distinguished_name = dn subjectAltName = DNS:device-manager.scratch.mit.edu HERE +if ((!$?)); then + echo "Generated certificate: ${CERT_FILE}" + echo "Generated key: ${KEY_FILE}" +else + echo "Failed to generate certificate and key files." + exit 1 +fi + +if ! command -v certutil > /dev/null; then + echo "Certutil command not found. Do not add certificate." + exit 2 +fi + +add_cert() { + local dir="${1}" + local prefix=sql + + if [[ -e ${dir}/key3.db ]]; then + prefix=dbm + fi + + certutil -A -d "${prefix}:${1}" -n "device-manager.scratch.mit.edu" \ + -t "C,," -i "${CERT_FILE}" +} + +# Add certificate to FireFox +declare nssdb +for f in "${HOME}"/.mozilla/firefox/*/key*.db; do + if [[ ! -f ${f} ]]; then + continue + fi + nssdb=${f%/*} + if add_cert "${nssdb}"; then + echo "Added certificate to FireFox NSS DB: ${nssdb}" + else + echo "Failed to add certificate to FireFox NSS DB: ${nssdb}" + exit 3 + fi +done +if [[ -z ${nssdb} ]]; then + echo "FireFox NSS DB not found. Do not add certificate." +fi + +# Add certificate to Chrome +nssdb="${HOME}/.pki/nssdb" +if [[ -d ${nssdb} ]]; then + if add_cert "${nssdb}"; then + echo "Added certificate to Chrome" + else + echo "Failed to add certificate to Chrome" + exit 4 + fi +else + echo "Chrome NSS DB not found. Do not add certificate." +fi