diff options
author | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-07-20 15:45:27 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2018-07-20 15:45:27 +0200 |
commit | 6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b (patch) | |
tree | d6d651e6b0771e711a705820ed7d8af10e00166f | |
parent | 78f15abb447d873d74c08c5bf1ff59b0f35144fb (diff) | |
download | itzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.tar.gz itzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.tar.bz2 itzks-systems-6df7e0a2ad68f359ac50b34f5d6e0ba0f7ef209b.zip |
bin/itzks-filter-whitelist-sslmitm-ca: Prep well-known browsers and other applications with E2Guardian's SSL-MitM fake root-CA.
-rwxr-xr-x | bin/itzks-filter-whitelist-sslmitm-ca | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/bin/itzks-filter-whitelist-sslmitm-ca b/bin/itzks-filter-whitelist-sslmitm-ca new file mode 100755 index 0000000..ca7a852 --- /dev/null +++ b/bin/itzks-filter-whitelist-sslmitm-ca @@ -0,0 +1,61 @@ +#!/bin/bash + +# Copyright (C) 2018 Mike Gabriel <mike.gabriel@das-netzwerkteam.de> +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +if [ "$(hostname -s)" != "tjener" ]; then + echo "ERROR: Not on TJENER. Aborting..." + exit 1 +fi + +certificateFile="/etc/debian-edu/www/E2Guardian-ca.crt" +certificateName="DebianEduFilter" + +if [ ! -e "${certificateFile}" ]; then + echo "ERROR: no certificate file at ${certificateFile}. Aborting..." + exit 1 +fi + +# Debian Edu specific +if [ -e "$HOME/.mozilla/firefox/debian-edu.default" ]; then + certDir="$HOME/.mozilla/firefox/debian-edu.default" + if [ ! -e "$HOME/.mozilla/firefox/debian-edu.default/cert8.db" -a ! -e "$HOME/.mozilla/firefox/debian-edu.default/cert9.db" ]; then + logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert8.db)" + certutil -A -n "${certificateName}" -t "TC,Cw,Tw" -i ${certificateFile} -d ${certDir} + fi +fi + +# Debian stretch, Firefox until v57 +for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert8.db" 2>/dev/null) +do + certDir=$(dirname ${certDB}) + logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert8.db)" + certutil -A -n "${certificateName}" -t "TC,Cw,Tw" -i ${certificateFile} -d ${certDir} +done + +# Debian buster, Firefox v58 and higher +for certDB in $(find ~/.mozilla* ~/.thunderbird -name "cert9.db" 2>/dev/null) +do + certDir=$(dirname ${certDB}) + logger -t "Mozilla CA Import" "Install '${certificateName}' in ${certDir} (cert9.db)" + certutil -A -d dbm:${certDir} -t "CT,CT," -n ${certificateName} -i ${certificateFile} +done + +if [ -e "$HOME/.pkg/nssdb/cert9.db" ]; then + certDir="$HOMEDIR/.pki/nssdb/" + certutil -A -d sql:${certDir} -t "CT,CT," -n ${certificateName} -i ${certificateFile} +fi + |