install_dev_certificate.clj

install-dev-certificate

#!/usr/bin/env bash
set -eo pipefail

CERT_FILE="./certs/dev/dev-ca/rootCA.pem"
CERT_NAME="Nextjournal Development Root CA"

echo "Installing development Root CA into system store..."

if uname -a | grep -q Darwin; then
  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain $CERT_FILE
  echo "Adding cert to java truststore"
  sudo keytool -noprompt -keystore $(/usr/libexec/java_home)/lib/security/cacerts -storepass changeit -importcert -alias nextjournal_dev_ca -file certs/dev/dev-ca/rootCA.pem || true
elif uname -a | grep -q Ubuntu; then
  sudo cp $CERT_FILE  /usr/local/share/ca-certificates/dev_ca.crt
  sudo update-ca-certificates
  if ! which certutil >/dev/null 2>&1; then
    echo
    echo "certutil not found. Please install it with \"sudo apt-get install libnss3-tools\""
    echo "and run this script again"
    exit 1
  fi
  for cert_db in $(find ~/ -type f -name "cert9.db"); do
    cert_dir=$(dirname ${cert_db});
    echo "Installing certificate in firefox/chrome trust store ${cert_dir}"
    certutil -A -n "${CERT_NAME}" -t "TCP,TCP,TCP" -i ${CERT_FILE} -d sql:${cert_dir}
  done
else
  echo "OS not supported"
  exit 1
fi

echo "Certificate installed"

install_dev_certificate.clj

#!/usr/bin/env bb

(ns install-dev-certificate
  "A line by line port of bin/install-dev-certificate"
  (:require [babashka.fs :as fs]
            [babashka.process :refer [sh]]
            [babashka.tasks :refer [shell]]
            [clojure.string :as str]))

(def CERT_FILE "./certs/dev/dev-ca/rootCA.pem")
(def CERT_NAME "Nextjournal Development Root CA")

(println "Installing development Root CA into system store...")

(def uname (:out (sh "uname -a")))

(cond
  (str/includes? uname "Darwin")
  (do
    (shell (str "sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain " CERT_FILE))
    (println "Adding cert to java truststore")
    (if-let [java-home (some-> (or (System/getenv "JAVA_HOME")
                                   (not-empty (:out (sh ["/usr/libexec/java_home"])))
                                   (some->> (fs/which "java")
                                            fs/real-path
                                            fs/parent
                                            fs/parent
                                            str))
                               str/trim)]
      (shell {:continue true}
             (format "sudo keytool -noprompt -keystore %s/lib/security/cacerts -storepass changeit -importcert -alias nextjournal_dev_ca -file certs/dev/dev-ca/rootCA.pem"
                     java-home))
      (do (println "No java install found.")
          (System/exit 1))))
  (str/includes? uname "Ubuntu")
  (do (shell {:continue true}
             (format "sudo cp %s  /usr/local/share/ca-certificates/dev_ca.crt"
                     CERT_FILE))
      (if-not (fs/which "certutil")
        (do (println "certutil not found. Please install it with \"sudo apt-get install libnss3-tools\"")
            (println "and run this script again")
            (System/exit 1))
        (doseq [cert-db (-> ;; could use fs/glob here, but searching the entire home
                         ;; dir with find is probably faster and we can assume bash here, since linux
                         (sh "bash -c 'find ~/ -type f -name \"cert9.db\"")
                         :out str/split-lines)]
          (let [cert-dir (fs/parent cert-db)]
            (println "Installing certificate in firefox/chrome trust store:" cert-dir)
            (shell "certutil -A -n" CERT_NAME "-t" "TCP,TCP,TCP" "-i" CERT_FILE "-d" (str "sql:" cert-dir))))))
  :else (do (println "OS not supported")
            (System/exit 1)))

(println "Certificate installed")