README
¶
��# Intro
This works right now only on windows as I use windows specific code and i have not configured os based implementations.
Dependencies
For firefox you will need to have nsstools installed and in your path. If you trust random people from the internet and don't want to build nsstools, you can get them from here. For java you need to have at least java 11 with keytool in your path and JAVA_HOME set.
To use the tool:
c:\>certinstall url https://github.com
{"level":"info","ts":1583144603.9323955,"caller":"cmd/main.go:38","msg":"plucking certs","url":"https://github.com"}
{"level":"info","ts":1583144604.2647254,"caller":"cmd/main.go:46","msg":"found ca cert","commonName":"CA","url":"https://github.com"}
{"level":"info","ts":1583144604.2690482,"caller":"cmd/main.go:77","msg":"found java on the machine, attempting to install cert in cacerts"}
{"level":"info","ts":1583144605.1738913,"caller":"cmd/main.go:82","msg":"java cert installation completed successfully"}
{"level":"info","ts":1583144605.176893,"caller":"cmd/main.go:88","msg":"found firefox on the machine, attempting to install cert in certdb"}
{"level":"info","ts":1583144605.2262104,"caller":"cmd/main.go:93","msg":"firefox cert installation completed successfully"}
{"level":"info","ts":1583144608.5407617,"caller":"cmd/main.go:99","msg":"importing into windows cert store"}
{"level":"info","ts":1583144608.541762,"caller":"cmd/main.go:103","msg":"system cert installation completed successfully"}
c:\>
TODO
- add support for linux and macos
Documentation
¶
Index ¶
- Variables
- func FirefoxCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
- func IsFirefoxInstalled(logger *zap.Logger) bool
- func IsJavaInstalled(logger *zap.Logger) bool
- func JavaCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
- func WebPlucker(logger *zap.Logger, url string) (*x509.Certificate, error)
- func WindowStoreCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoJAVACaCertsStoreFound is returned when we can't find the java ca certs trust store ErrNoJAVACaCertsStoreFound = errors.New("Could not find java cacerts trust store") // ErrNoJAVAKeyToolFound is returned we can't find the JAVA key tool used to import certificates in the cacerts jks ErrNoJAVAKeyToolFound = errors.New("Cloud not find java keytool") // ErrNoFirefoxCertUtilToolFound is returned when we can't find the nss certutil tool //https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_tools_:_certutil ErrNoFirefoxCertUtilToolFound = errors.New("Cloud not find cert util") // ErrNoFirefoxNoCertDBFound is returned when we can't find the firefox certdb database which stores the default certs // https://www.mankier.com/5/cert9.db ErrNoFirefoxNoCertDBFound = errors.New("Cloud not find firefox cert DB") // ErrNoFirefoxInstalled is returned when firefox validation fails ErrNoFirefoxInstalled = errors.New("Firefox not installed or configured properly") // ErrOSNotSupportedFound is showed if using any other OS than window ErrOSNotSupportedFound = errors.New("OS is not supported") )
var ErrNoCAFound = errors.New("No CA certificate found")
ErrNoCAFound results from iterating a list of certificates but not founding any cert which has the BasicConstraints CA set.
https://tools.ietf.org/html/rfc5280#section-6.1.4 section K states:
(k) If certificate i is a version 3 certificate, verify that the basicConstraints extension is present and that cA is set to TRUE. (If certificate i is a version 1 or version 2 certificate, then the application MUST either verify that certificate i is a CA certificate through out-of-band means or reject the certificate. Conforming implementations may choose to reject all version 1 and version 2 intermediate certificates.)
Functions ¶
func FirefoxCertImporter ¶
func FirefoxCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
FirefoxCertImporter imports the CA in firefox
func IsFirefoxInstalled ¶
IsFirefoxInstalled checks if firefox is installed on the machine
func IsJavaInstalled ¶
IsJavaInstalled checks if we have java installed
func JavaCertImporter ¶
JavaCertImporter imports the cert into the JAVA HOME security trust store
func WebPlucker ¶
WebPlucker returns a CA certificate from an URL if the TLS url has the full cert chain in it.
func WindowStoreCertImporter ¶
func WindowStoreCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
WindowStoreCertImporter imports the CA in the Operating System cert store
Types ¶
This section is empty.
Source Files
Directories