summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2018-07-20 15:45:27 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2018-07-20 15:45:27 +0200
commit6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b (patch)
treed6d651e6b0771e711a705820ed7d8af10e00166f
parent78f15abb447d873d74c08c5bf1ff59b0f35144fb (diff)
downloaditzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.tar.gz
itzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.tar.bz2
itzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.zip
bin/itzks-filter-whitelist-sslmitm-ca: Prep well-known browsers and other applications with E2Guardian's SSL-MitM fake root-CA.
-rwxr-xr-xbin/itzks-filter-whitelist-sslmitm-ca61
1 files changed, 61 insertions, 0 deletions
diff --git a/bin/itzks-filter-whitelist-sslmitm-ca b/bin/itzks-filter-whitelist-sslmitm-ca
new file mode 100755
index 0000000..ca7a852
--- /dev/null
+++ b/bin/itzks-filter-whitelist-sslmitm-ca
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# Copyright (C) 2018 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+if [ "$(hostname -s)" != "tjener" ]; then
+ echo "ERROR: Not on TJENER. Aborting..."
+ exit 1
+fi
+
+certificateFile="/etc/debian-edu/www/E2Guardian-ca.crt"
+certificateName="DebianEduFilter"
+
+if [ ! -e "${certificateFile}" ]; then
+ echo "ERROR: no certificate file at ${certificateFile}. Aborting..."
+ exit 1
+fi
+
+# Debian Edu specific
+if [ -e "$HOME/.mozilla/firefox/debian-edu.default" ]; then
+ certDir="$HOME/.mozilla/firefox/debian-edu.default"
+ if [ ! -e "$HOME/.mozilla/firefox/debian-edu.default/cert8.db" -a ! -e "$HOME/.mozilla/firefox/debian-edu.default/cert9.db" ]; then
+ logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert8.db)"
+ certutil -A -n "${certificateName}" -t "TC,Cw,Tw" -i ${certificateFile} -d ${certDir}
+ fi
+fi
+
+# Debian stretch, Firefox until v57
+for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert8.db" 2>/dev/null)
+do
+ certDir=$(dirname ${certDB})
+ logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert8.db)"
+ certutil -A -n "${certificateName}" -t "TC,Cw,Tw" -i ${certificateFile} -d ${certDir}
+done
+
+# Debian buster, Firefox v58 and higher
+for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert9.db" 2>/dev/null)
+do
+ certDir=$(dirname ${certDB})
+ logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert9.db)"
+ certutil -A -d dbm:${certDir} -t "CT,CT," -n ${certificateName} -i ${certificateFile}
+done
+
+if [ -e "$HOME/.pkg/nssdb/cert9.db" ]; then
+ certDir="$HOMEDIR/.pki/nssdb/"
+ certutil -A -d sql:${certDir} -t "CT,CT," -n ${certificateName} -i ${certificateFile}
+fi
+