mozfreddyb/add-ca-cert.js

## add-ca-cert.js
if (typeof Cc == "undefined") { Cc = Components.classes; }
if (typeof Cu == "undefined") { Cu = Components.utils; }
if (typeof Ci == "undefined") { Ci = Components.interfaces; }

const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
const nsIX509Cert = Ci.nsIX509Cert;
const nsIX509CertDB = Ci.nsIX509CertDB;
const certdb = Cc[nsX509CertDB].getService(nsIX509CertDB);

let certstring = `-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIEIkK/YTANBgkqhkiG9w0BAQsFADCBhTEnMCUGA1UEAwwe
T1dBU1AgWmVkIEF0dGFjayBQcm94eSBSb290IENBMRkwFwYDVQQHDBBiNDg0MzQ0
MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FTUCBSb290IENBMRowGAYDVQQLDBFPV0FT
UCBaQVAgUm9vdCBDQTELMAkGA1UEBhMCeHgwHhcNMTcwNzA2MTIwNTI4WhcNMTgw
NzA2MTIwNTI4WjCBhTEnMCUGA1UEAwweT1dBU1AgWmVkIEF0dGFjayBQcm94eSBS
b290IENBMRkwFwYDVQQHDBBiNDg0MzQ0MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FT
UCBSb290IENBMRowGAYDVQQLDBFPV0FTUCBaQVAgUm9vdCBDQTELMAkGA1UEBhMC
eHgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCo5Z865hmHoAsnKp0
pNRi73XCV14SztNUxZJXdtFvIkAgod2jP8JUwHqMH3yJxxjMu7JVabBhWdL9V7n+
s9xshziFjzpUmluYfhR72qvV4I8xDqdDUgQqvr4ESxsguKHCy1ySjHKIAJifmevV
penhvaFjP/7lpJAE/wWPvtVfVdia+HhepWOO/0qAxcSAHDvAnx51nweox4QQkGUV
dfF5EsqtY8JXtNjQWbviHTQn8g03T8LPZVR59GpCJ/PKpDgHd9dXxlMrquRwZF6L
Bj/Qie88FcCDK3XW4d2QIk+dcv1E1NQv1oFHHzXfIeUMfXVIoxIOcyHW3Q8ixhHo
2DmnAgMBAAGjggF+MIIBejCCATMGA1UdDgSCASoEggEmMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAgqOWfOuYZh6ALJyqdKTUYu91wldeEs7TVMWSV3bR
byJAIKHdoz/CVMB6jB98iccYzLuyVWmwYVnS/Ve5/rPcbIc4hY86VJpbmH4Ue9qr
1eCPMQ6nQ1IEKr6+BEsbILihwstckoxyiACYn5nr1aXp4b2hYz/+5aSQBP8Fj77V
X1XYmvh4XqVjjv9KgMXEgBw7wJ8edZ8HqMeEEJBlFXXxeRLKrWPCV7TY0Fm74h00
J/INN0/Cz2VUefRqQifzyqQ4B3fXV8ZTK6rkcGReiwY/0InvPBXAgyt11uHdkCJP
nXL9RNTUL9aBRx813yHlDH11SKMSDnMh1t0PIsYR6Ng5pwIDAQABMA8GA1UdEwEB
/wQFMAMBAf8wCwYDVR0PBAQDAgG2MCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEF
BQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAVLSJq4mmmRZsO+owDCvCF9jQ
pW0+HoPTTXm+CMeK4gid5ovTvgc6dO6fNbiGdX7FTwxgUiWXTtd2juCuVJpeA9Nq
pwyd4DM2x5SCBMt+NIAq9Zs8gNDRXY/t0iML/QQbrI/wXgpCmnp/2GONw4wPy+at
7mNTG6c+X9CIBTpsRg4aVx/P0Igw3Q/4wyycSlOgyALeP9h1Me9TkgkXnYzxeNN3
NVLbi3pCnt4NLkrtXeKPsslnXL0Vi9ofoO/cYeaE6LvjCg/n9RaW+4oNnCjaEDDI
NGpimFzZk11td4jE+eUPL9urA3UjNq4VcT146R19nr2HhrMc1QaZktflcc+4vg==
-----END CERTIFICATE-----`;

// remove comment-lines
let certlines = certstring.split("\n");
for (let i in certlines) {
    if (certlines[i].startsWith("---")) {
        certlines.splice(i,1)
    }
 }
let certtext = certlines.join(""); // removes newlines

// need to remove the cert if it's already there,
// for this, the certdb wants it as a cert object.
try {
  let cert = certdb.constructX509FromBase64(certtext);
  if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, nsIX509CertDB.TRUSTED_SSL)) {
    certdb.deleteCertificate(cert);
  }
} catch (e) { }
// now, let's actually add the cert
const CA_TRUST_FLAGS = "Cu,,"; // 'trust as a CA' bits for CERT_DecodeTrustString()
certdb.addCertFromBase64(certtext, CA_TRUST_FLAGS);
	if (typeof Cc == "undefined") { Cc = Components.classes; }
	if (typeof Cu == "undefined") { Cu = Components.utils; }
	if (typeof Ci == "undefined") { Ci = Components.interfaces; }

	const nsX509CertDB = "@mozilla.org/security/x509certdb;1";
	const nsIX509Cert = Ci.nsIX509Cert;
	const nsIX509CertDB = Ci.nsIX509CertDB;
	const certdb = Cc[nsX509CertDB].getService(nsIX509CertDB);

	let certstring = `-----BEGIN CERTIFICATE-----
	MIIFCjCCA/KgAwIBAgIEIkK/YTANBgkqhkiG9w0BAQsFADCBhTEnMCUGA1UEAwwe
	T1dBU1AgWmVkIEF0dGFjayBQcm94eSBSb290IENBMRkwFwYDVQQHDBBiNDg0MzQ0
	MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FTUCBSb290IENBMRowGAYDVQQLDBFPV0FT
	UCBaQVAgUm9vdCBDQTELMAkGA1UEBhMCeHgwHhcNMTcwNzA2MTIwNTI4WhcNMTgw
	NzA2MTIwNTI4WjCBhTEnMCUGA1UEAwweT1dBU1AgWmVkIEF0dGFjayBQcm94eSBS
	b290IENBMRkwFwYDVQQHDBBiNDg0MzQ0MDVhMjExM2UxMRYwFAYDVQQKDA1PV0FT
	UCBSb290IENBMRowGAYDVQQLDBFPV0FTUCBaQVAgUm9vdCBDQTELMAkGA1UEBhMC
	eHgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCCo5Z865hmHoAsnKp0
	pNRi73XCV14SztNUxZJXdtFvIkAgod2jP8JUwHqMH3yJxxjMu7JVabBhWdL9V7n+
	s9xshziFjzpUmluYfhR72qvV4I8xDqdDUgQqvr4ESxsguKHCy1ySjHKIAJifmevV
	penhvaFjP/7lpJAE/wWPvtVfVdia+HhepWOO/0qAxcSAHDvAnx51nweox4QQkGUV
	dfF5EsqtY8JXtNjQWbviHTQn8g03T8LPZVR59GpCJ/PKpDgHd9dXxlMrquRwZF6L
	Bj/Qie88FcCDK3XW4d2QIk+dcv1E1NQv1oFHHzXfIeUMfXVIoxIOcyHW3Q8ixhHo
	2DmnAgMBAAGjggF+MIIBejCCATMGA1UdDgSCASoEggEmMIIBIjANBgkqhkiG9w0B
	AQEFAAOCAQ8AMIIBCgKCAQEAgqOWfOuYZh6ALJyqdKTUYu91wldeEs7TVMWSV3bR
	byJAIKHdoz/CVMB6jB98iccYzLuyVWmwYVnS/Ve5/rPcbIc4hY86VJpbmH4Ue9qr
	1eCPMQ6nQ1IEKr6+BEsbILihwstckoxyiACYn5nr1aXp4b2hYz/+5aSQBP8Fj77V
	X1XYmvh4XqVjjv9KgMXEgBw7wJ8edZ8HqMeEEJBlFXXxeRLKrWPCV7TY0Fm74h00
	J/INN0/Cz2VUefRqQifzyqQ4B3fXV8ZTK6rkcGReiwY/0InvPBXAgyt11uHdkCJP
	nXL9RNTUL9aBRx813yHlDH11SKMSDnMh1t0PIsYR6Ng5pwIDAQABMA8GA1UdEwEB
	/wQFMAMBAf8wCwYDVR0PBAQDAgG2MCMGA1UdJQQcMBoGCCsGAQUFBwMBBggrBgEF
	BQcDAgYEVR0lADANBgkqhkiG9w0BAQsFAAOCAQEAVLSJq4mmmRZsO+owDCvCF9jQ
	pW0+HoPTTXm+CMeK4gid5ovTvgc6dO6fNbiGdX7FTwxgUiWXTtd2juCuVJpeA9Nq
	pwyd4DM2x5SCBMt+NIAq9Zs8gNDRXY/t0iML/QQbrI/wXgpCmnp/2GONw4wPy+at
	7mNTG6c+X9CIBTpsRg4aVx/P0Igw3Q/4wyycSlOgyALeP9h1Me9TkgkXnYzxeNN3
	NVLbi3pCnt4NLkrtXeKPsslnXL0Vi9ofoO/cYeaE6LvjCg/n9RaW+4oNnCjaEDDI
	NGpimFzZk11td4jE+eUPL9urA3UjNq4VcT146R19nr2HhrMc1QaZktflcc+4vg==
	-----END CERTIFICATE-----`;

	// remove comment-lines
	let certlines = certstring.split("\n");
	for (let i in certlines) {
	if (certlines[i].startsWith("---")) {
	certlines.splice(i,1)
	}
	}
	let certtext = certlines.join(""); // removes newlines

	// need to remove the cert if it's already there,
	// for this, the certdb wants it as a cert object.
	try {
	let cert = certdb.constructX509FromBase64(certtext);
	if (certdb.isCertTrusted(cert, nsIX509Cert.CA_CERT, nsIX509CertDB.TRUSTED_SSL)) {
	certdb.deleteCertificate(cert);
	}
	} catch (e) { }
	// now, let's actually add the cert
	const CA_TRUST_FLAGS = "Cu,,"; // 'trust as a CA' bits for CERT_DecodeTrustString()
	certdb.addCertFromBase64(certtext, CA_TRUST_FLAGS);