Skip to content
This repository has been archived by the owner on Dec 10, 2018. It is now read-only.

Commit

Permalink
Add Chrome 58, Firefox ESR support
Browse files Browse the repository at this point in the history
Cert was missing subjectAltName for newer Chrome versions.
Firefox ESR uses different registry keys.
  • Loading branch information
tresf committed Apr 24, 2017
1 parent fdbfff4 commit 8ac9692
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 26 deletions.
2 changes: 2 additions & 0 deletions ant/apple/apple-keygen.sh.in
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,8 @@ function remove_certs {
if [ -n "$2" ]; then
cname="${jks.cn}"
makekeystore=$(echo "$makekeystore" | sed -e "s|$cname|$2|g")
san=" -ext san=dns:${jks.cn},dns:${jks.cnalt}"
makekeystore=$(echo "$makekeystore" | sed -e "s|$san||g")
fi

#
Expand Down
3 changes: 3 additions & 0 deletions ant/linux/linux-keygen.sh.in
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@ makekeystore="${makekeystore/$keystore/$keystorepath}"
if [ -n "$1" ]; then
cname="CN=${jks.cn},"
override="CN=$1,"
san=" -ext san=dns:${jks.cn},dns:${jks.cnalt}"
blank=""
makekeystore="${makekeystore/$cname/$override}"
makekeystore="${makekeystore/$san/$blank}"
fi

# Cert export variable substitutions
Expand Down
3 changes: 2 additions & 1 deletion ant/self-sign.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
# Platform-independent info used at install time for wss:// signing
# Values prefixed with an !exclamation-mark can't be determined until install time
jks.cn=localhost
jks.cnalt=localhost.qz.io
jks.city=Canastota
jks.state=NY
jks.country=US
Expand All @@ -18,7 +19,7 @@ jks.host=0.0.0.0

jks.keystore=${jks.install}/auth/${build.socket.name}.jks
jks.keytool=keytool
jks.command=\\"${jks.keytool}\\" -genkey -noprompt -alias ${jks.alias} -keyalg RSA -keysize 2048 -dname \\"CN=${jks.cn}, EMAILADDRESS=${vendor.email}, OU=${jks.company}, O=${jks.company}, L=${jks.city}, S=${jks.state}, C=${jks.country}\\" -validity ${jks.validity} -keystore \\"${jks.keystore}\\" -storepass ${jks.storepass} -keypass ${jks.keypass}
jks.command=\\"${jks.keytool}\\" -genkey -noprompt -alias ${jks.alias} -keyalg RSA -keysize 2048 -dname \\"CN=${jks.cn}, EMAILADDRESS=${vendor.email}, OU=${jks.company}, O=${jks.company}, L=${jks.city}, S=${jks.state}, C=${jks.country}\\" -validity ${jks.validity} -keystore \\"${jks.keystore}\\" -storepass ${jks.storepass} -keypass ${jks.keypass} -ext san=dns:${jks.cn},dns:${jks.cnalt}

der.cert=${jks.install}/auth/${build.socket.name}.crt
der.command=\\"${jks.keytool}\\" -exportcert -alias ${jks.alias} -keystore \\"${jks.keystore}\\" -storepass ${jks.storepass} -keypass ${jks.keypass} -file \\"${der.cert}\\" -rfc
Expand Down
63 changes: 38 additions & 25 deletions ant/windows/windows-keygen.js.in
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,10 @@ var qzInstall = getArg(0, getRegValue("HKLM\\Software\\${socket.name}\\"));
var installMode = getArg(1, "install");
var cn = getArg(2, "${jks.cn}");
var firefoxPortable = getArg(3, null);
var firefoxInstall;

if (installMode == "install") {
var javaKey, jreHome, keyTool, keyStore, password, derCert, firefoxInstall;
var javaKey, jreHome, keyTool, keyStore, password, derCert;
if (createJavaKeystore()) {
try { installWindowsCertificate(); }
catch (err) { installWindowsXPCertificate(); }
Expand All @@ -55,13 +56,10 @@ if (installMode == "install") {
"The installer will continue, but ${socket.name} will not function with Firefox until this conflict is resolved.",
"Firefox AutoConfig Warning");
} else {
if (firefoxInstall) {
installFirefoxCertificate();
}
installFirefoxCertificate();
}
}
} else {
var firefoxInstall;
try { deleteWindowsCertificate(); }
catch (err) { deleteWindowsXPCertificate(); }
deleteFirefoxCertificate();
Expand All @@ -86,24 +84,27 @@ function deleteFile(filePath) {
* Generates a random string to be used as a password
*/
function pw() {
var text = "";
if (password) {
return password;
}
password = "";
var chars = "abcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < parseInt("${jks.passlength}"); i++ ) {
text += chars.charAt(Math.floor(Math.random() * chars.length));
}
return text;
password += chars.charAt(Math.floor(Math.random() * chars.length));
}
return password;
}

/**
* Reads a registry value, taking 32-bit/64-bit architecture into consideration
*/
function getRegValue(path) {
function getRegValue(path) {
// If 64-bit OS, try 32-bit registry first
var arch = "";
if (shell.ExpandEnvironmentStrings("ProgramFiles(x86)")) {
path = path.replace("\\Software\\", "\\Software\\Wow6432Node\\");
}

var regValue = "";
try {
regValue = shell.RegRead(path);
Expand Down Expand Up @@ -134,8 +135,9 @@ function verifyExec(cmd, msg) {
/**
* Replaces "!install" with proper location, usually "C:\Program Files\", fixes forward slashes
*/
function fixPath(append) {
return append.replace("${jks.install}", qzInstall).replace(/\//g, "\\");
function fixPath(path) {
var removeTrailing = qzInstall.replace(/\\$/, "").replace(/\/$/, "");
return path.replace("${jks.install}", removeTrailing).replace(/\//g, "\\");
}

/**
Expand Down Expand Up @@ -216,19 +218,18 @@ function createJavaKeystore() {
die("Can't find ${socket.name} installation path. Secure websockets will not work.", "${windows.err.install}");
}


keyStore = fixPath("${jks.keystore}");
password = pw(); // random password hash

var makeKeyStore = "${jks.command}"
.replace("${jks.keytool}", keyTool)
.replace("${jks.keystore}", keyStore)
.replace("${jks.storepass}", password)
.replace("${jks.keypass}", password);
.replace("${jks.keytool}", keyTool)
.replace("${jks.keystore}", keyStore)
.replace("${jks.storepass}", pw())
.replace("${jks.keypass}", pw());

// Handle CN=${jks.cn} override
if (cn != "${jks.cn}") {
makeKeyStore = makeKeyStore.replace("CN=${jks.cn},", "CN=" + cn + ",");
makeKeyStore = makeKeyStore.replace(" -ext san=dns:${jks.cn},dns:${jks.cnalt}", "");
}

deleteFile(keyStore); // remove old, if exists
Expand All @@ -239,8 +240,8 @@ function createJavaKeystore() {
var file = fso.OpenTextFile(fixPath("${jks.properties}"), 2, true);
file.WriteLine("wss.alias=" + "${jks.alias}");
file.WriteLine("wss.keystore=" + keyStore.replace(/\\/g, "\\\\"));
file.WriteLine("wss.keypass=" + password);
file.WriteLine("wss.storepass=" + password);
file.WriteLine("wss.keypass=" + pw());
file.WriteLine("wss.storepass=" + pw());
file.WriteLine("wss.host=${jks.host}");
file.Close();

Expand All @@ -254,8 +255,8 @@ function installWindowsCertificate() {
var makeDerCert = "${der.command}"
.replace("${jks.keytool}", keyTool)
.replace("${jks.keystore}", keyStore)
.replace("${jks.storepass}", password)
.replace("${jks.keypass}", password)
.replace("${jks.storepass}", pw())
.replace("${jks.keypass}", pw())
.replace("${der.cert}", derCert);

deleteFile(derCert); // remove old, if exists
Expand Down Expand Up @@ -300,8 +301,16 @@ function getFirefoxInstall() {
var firefoxKey = "HKLM\\Software\\Mozilla\\Mozilla Firefox";
var firefoxVer = getRegValue(firefoxKey + "\\");
if (!firefoxVer) {
debug(" - [skipped] Firefox was not detected");
return false;
// Look for Extended Support Release
firefoxVer = getRegValue(firefoxKey + " ESR\\");
if (firefoxVer) {
firefoxVer += " ESR";
debug(" - [success] Found Firefox " + firefoxVer);
}
else {
debug(" - [skipped] Firefox was not detected");
return false;
}
} else {
debug(" - [success] Found Firefox " + firefoxVer);
}
Expand Down Expand Up @@ -397,6 +406,10 @@ function deleteFirefoxCertificate() {
* Install certificate for Mozilla Firefox browser, which utilizes its own cert database
*/
function installFirefoxCertificate() {
if (!firefoxInstall) {
debug("Skipping Firefox cert install...");
return;
}
debug("Registering with Firefox...");
var firefoxCfg = firefoxInstall + "\\..\\${firefoxconfig.name}";

Expand Down

0 comments on commit 8ac9692

Please sign in to comment.