soifai/config/simplefiles/CONTESTANT/usr/local/bin/install-client-cert

#!/bin/bash

# This tool installs the client certificate in Firefox and Chromium.

username="$1"

userhome="/home/$username"
certificate="$userhome/.config/clientcert.p12"

runuser -u "$username" -- mkdir -p "$userhome/.config"
mv "$userhome/clientcert.p12" "$certificate"
chown "$username:$username" "$certificate"

# Delete all Firefox data
rm -rf "$userhome/.mozilla/"

# Create an empty profile
runuser -u "$username" -- mkdir -p "$userhome/.mozilla/firefox/main"

# Tell Firefox to user this profile
cat <<EOF >"$userhome/.mozilla/firefox/profiles.ini"
[Profile0]
Name=main
IsRelative=1
Path=main

[General]
StartWithLastProfile=1
Version=2

[Install3B6073811A6ABF12]
Default=main
Locked=1

EOF

chown "$username:$username" "$userhome/.mozilla/firefox/profiles.ini"

# Create a certificate database
runuser -u "$username" -- certutil -d "sql:$userhome/.mozilla/firefox/main/" -N --empty-password

# Import the client certificate
runuser -u "$username" -- pk12util -d "sql:$userhome/.mozilla/firefox/main/" -i "$certificate" -K "" -W ""

# Do the same for the NSS shared certificate database, used by Chromium
rm -rf "$userhome/.pki/"
runuser -u "$username" -- mkdir -p "$userhome/.pki/nssdb"
runuser -u "$username" -- certutil -d "sql:$userhome/.pki/nssdb/" -N --empty-password
runuser -u "$username" -- pk12util -d "sql:$userhome/.pki/nssdb/" -i "$certificate" -K "" -W ""
Initial commit 2022-07-15 11:59:26 +02:00			`#!/bin/bash`

			`# This tool installs the client certificate in Firefox and Chromium.`

			`username="$1"`

			`userhome="/home/$username"`
			`certificate="$userhome/.config/clientcert.p12"`

			`runuser -u "$username" -- mkdir -p "$userhome/.config"`
			`mv "$userhome/clientcert.p12" "$certificate"`
			`chown "$username:$username" "$certificate"`

			`# Delete all Firefox data`
			`rm -rf "$userhome/.mozilla/"`

			`# Create an empty profile`
			`runuser -u "$username" -- mkdir -p "$userhome/.mozilla/firefox/main"`

			`# Tell Firefox to user this profile`
			`cat <<EOF >"$userhome/.mozilla/firefox/profiles.ini"`
			`[Profile0]`
			`Name=main`
			`IsRelative=1`
			`Path=main`

			`[General]`
			`StartWithLastProfile=1`
			`Version=2`

			`[Install3B6073811A6ABF12]`
			`Default=main`
			`Locked=1`

			`EOF`

			`chown "$username:$username" "$userhome/.mozilla/firefox/profiles.ini"`

			`# Create a certificate database`
			`runuser -u "$username" -- certutil -d "sql:$userhome/.mozilla/firefox/main/" -N --empty-password`

			`# Import the client certificate`
			`runuser -u "$username" -- pk12util -d "sql:$userhome/.mozilla/firefox/main/" -i "$certificate" -K "" -W ""`

			`# Do the same for the NSS shared certificate database, used by Chromium`
			`rm -rf "$userhome/.pki/"`
			`runuser -u "$username" -- mkdir -p "$userhome/.pki/nssdb"`
			`runuser -u "$username" -- certutil -d "sql:$userhome/.pki/nssdb/" -N --empty-password`
			`runuser -u "$username" -- pk12util -d "sql:$userhome/.pki/nssdb/" -i "$certificate" -K "" -W ""`