Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
privileged JS for Firefox to add a certificate as a trusted CA
if (typeof Cc == "undefined") { Cc = Components.classes; }
if (typeof Cu == "undefined") { Cu = Components.utils; }
if (typeof Ci == "undefined") { Ci = Components.interfaces; }
const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509Cert = Ci.nsIX509Cert;
const nsIX509CertDB = Ci.nsIX509CertDB;
const certdb = Cc[nsX509CertDB].getService(nsIX509CertDB);
let certstring = `-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEIkK/YTANBgkqhkiG9w0BAQsFADCBhTEnMCUGA1UEAwwe
T1dBU1AgWmVkIEF0dGFjayBQcm94eSBSb290IENBMRkwFwYDVQQHDBBiNDg0MzQ0
MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FTUCBSb290IENBMRowGAYDVQQLDBFPV0FT
UCBaQVAgUm9vdCBDQTELMAkGA1UEBhMCeHgwHhcNMTcwNzA2MTIwNTI4WhcNMTgw
NzA2MTIwNTI4WjCBhTEnMCUGA1UEAwweT1dBU1AgWmVkIEF0dGFjayBQcm94eSBS
b290IENBMRkwFwYDVQQHDBBiNDg0MzQ0MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FT
UCBSb290IENBMRowGAYDVQQLDBFPV0FTUCBaQVAgUm9vdCBDQTELMAkGA1UEBhMC
eHgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCo5Z865hmHoAsnKp0
pNRi73XCV14SztNUxZJXdtFvIkAgod2jP8JUwHqMH3yJxxjMu7JVabBhWdL9V7n+
s9xshziFjzpUmluYfhR72qvV4I8xDqdDUgQqvr4ESxsguKHCy1ySjHKIAJifmevV
penhvaFjP/7lpJAE/wWPvtVfVdia+HhepWOO/0qAxcSAHDvAnx51nweox4QQkGUV
dfF5EsqtY8JXtNjQWbviHTQn8g03T8LPZVR59GpCJ/PKpDgHd9dXxlMrquRwZF6L
Bj/Qie88FcCDK3XW4d2QIk+dcv1E1NQv1oFHHzXfIeUMfXVIoxIOcyHW3Q8ixhHo
2DmnAgMBAAGjggF+MIIBejCCATMGA1UdDgSCASoEggEmMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAgqOWfOuYZh6ALJyqdKTUYu91wldeEs7TVMWSV3bR
byJAIKHdoz/CVMB6jB98iccYzLuyVWmwYVnS/Ve5/rPcbIc4hY86VJpbmH4Ue9qr
1eCPMQ6nQ1IEKr6+BEsbILihwstckoxyiACYn5nr1aXp4b2hYz/+5aSQBP8Fj77V
X1XYmvh4XqVjjv9KgMXEgBw7wJ8edZ8HqMeEEJBlFXXxeRLKrWPCV7TY0Fm74h00
J/INN0/Cz2VUefRqQifzyqQ4B3fXV8ZTK6rkcGReiwY/0InvPBXAgyt11uHdkCJP
nXL9RNTUL9aBRx813yHlDH11SKMSDnMh1t0PIsYR6Ng5pwIDAQABMA8GA1UdEwEB
/wQFMAMBAf8wCwYDVR0PBAQDAgG2MCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEF
BQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAVLSJq4mmmRZsO+owDCvCF9jQ
pW0+HoPTTXm+CMeK4gid5ovTvgc6dO6fNbiGdX7FTwxgUiWXTtd2juCuVJpeA9Nq
pwyd4DM2x5SCBMt+NIAq9Zs8gNDRXY/t0iML/QQbrI/wXgpCmnp/2GONw4wPy+at
7mNTG6c+X9CIBTpsRg4aVx/P0Igw3Q/4wyycSlOgyALeP9h1Me9TkgkXnYzxeNN3
NVLbi3pCnt4NLkrtXeKPsslnXL0Vi9ofoO/cYeaE6LvjCg/n9RaW+4oNnCjaEDDI
NGpimFzZk11td4jE+eUPL9urA3UjNq4VcT146R19nr2HhrMc1QaZktflcc+4vg==
-----END CERTIFICATE-----`;
// remove comment-lines
let certlines = certstring.split("\n");
for (let i in certlines) {
if (certlines[i].startsWith("---")) {
certlines.splice(i,1)
}
}
let certtext = certlines.join(""); // removes newlines
// need to remove the cert if it's already there,
// for this, the certdb wants it as a cert object.
try {
let cert = certdb.constructX509FromBase64(certtext);
if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, nsIX509CertDB.TRUSTED_SSL)) {
certdb.deleteCertificate(cert);
}
} catch (e) { }
// now, let's actually add the cert
const CA_TRUST_FLAGS = "Cu,,"; // 'trust as a CA' bits for CERT_DecodeTrustString()
certdb.addCertFromBase64(certtext, CA_TRUST_FLAGS);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.