certinstall

package module

v0.0.0-...-9b12b14 Latest Latest Go to latest Published: May 25, 2020 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cosminilie/certinstall

README ¶

��# Intro

This works right now only on windows as I use windows specific code and i have not configured os based implementations.

Dependencies

For firefox you will need to have nsstools installed and in your path. If you trust random people from the internet and don't want to build nsstools, you can get them from here. For java you need to have at least java 11 with keytool in your path and JAVA_HOME set.

To use the tool:

c:\>certinstall url https://github.com
{"level":"info","ts":1583144603.9323955,"caller":"cmd/main.go:38","msg":"plucking certs","url":"https://github.com"}
{"level":"info","ts":1583144604.2647254,"caller":"cmd/main.go:46","msg":"found ca cert","commonName":"CA","url":"https://github.com"}
{"level":"info","ts":1583144604.2690482,"caller":"cmd/main.go:77","msg":"found java on the machine, attempting to install cert in cacerts"}
{"level":"info","ts":1583144605.1738913,"caller":"cmd/main.go:82","msg":"java cert installation completed successfully"}
{"level":"info","ts":1583144605.176893,"caller":"cmd/main.go:88","msg":"found firefox on the machine, attempting to install cert in certdb"}
{"level":"info","ts":1583144605.2262104,"caller":"cmd/main.go:93","msg":"firefox cert installation completed successfully"}
{"level":"info","ts":1583144608.5407617,"caller":"cmd/main.go:99","msg":"importing into windows cert store"}
{"level":"info","ts":1583144608.541762,"caller":"cmd/main.go:103","msg":"system cert installation completed successfully"}
c:\>

TODO

add support for linux and macos

Documentation ¶

Index ¶

Variables
func FirefoxCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
func IsFirefoxInstalled(logger *zap.Logger) bool
func IsJavaInstalled(logger *zap.Logger) bool
func JavaCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error
func WebPlucker(logger *zap.Logger, url string) (*x509.Certificate, error)
func WindowStoreCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// ErrNoJAVACaCertsStoreFound is returned when we can't find the java ca certs trust store
	ErrNoJAVACaCertsStoreFound = errors.New("Could not find java cacerts trust store")
	// ErrNoJAVAKeyToolFound is returned we can't find the JAVA key tool used to import certificates in the cacerts jks
	ErrNoJAVAKeyToolFound = errors.New("Cloud not find java keytool")
	// ErrNoFirefoxCertUtilToolFound is returned when we can't find the nss certutil tool
	//https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_tools_:_certutil
	ErrNoFirefoxCertUtilToolFound = errors.New("Cloud not find cert util")
	// ErrNoFirefoxNoCertDBFound  is returned when we can't find the firefox certdb database which stores the default certs
	// https://www.mankier.com/5/cert9.db
	ErrNoFirefoxNoCertDBFound = errors.New("Cloud not find firefox cert DB")
	// ErrNoFirefoxInstalled is returned when firefox validation fails
	ErrNoFirefoxInstalled = errors.New("Firefox not installed or configured properly")
	// ErrOSNotSupportedFound is showed if using any other OS than window
	ErrOSNotSupportedFound = errors.New("OS is not supported")
)

View Source

var ErrNoCAFound = errors.New("No CA certificate found")

ErrNoCAFound results from iterating a list of certificates but not founding any cert which has the BasicConstraints CA set.

https://tools.ietf.org/html/rfc5280#section-6.1.4 section K states:

(k) If certificate i is a version 3 certificate, verify that the basicConstraints extension is present and that cA is set to TRUE. (If certificate i is a version 1 or version 2 certificate, then the application MUST either verify that certificate i is a CA certificate through out-of-band means or reject the certificate. Conforming implementations may choose to reject all version 1 and version 2 intermediate certificates.)

Functions ¶

func FirefoxCertImporter ¶

func FirefoxCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error

FirefoxCertImporter imports the CA in firefox

func IsFirefoxInstalled ¶

func IsFirefoxInstalled(logger *zap.Logger) bool

IsFirefoxInstalled checks if firefox is installed on the machine

func IsJavaInstalled ¶

func IsJavaInstalled(logger *zap.Logger) bool

IsJavaInstalled checks if we have java installed

func JavaCertImporter ¶

func JavaCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error

JavaCertImporter imports the cert into the JAVA HOME security trust store

func WebPlucker ¶

func WebPlucker(logger *zap.Logger, url string) (*x509.Certificate, error)

WebPlucker returns a CA certificate from an URL if the TLS url has the full cert chain in it.

func WindowStoreCertImporter ¶

func WindowStoreCertImporter(logger *zap.Logger, caFile *x509.Certificate, caSerialNumber *big.Int) error

WindowStoreCertImporter imports the CA in the Operating System cert store

Types ¶

This section is empty.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL