blob: bf57c8fe8ebd3c4a31f109e791bc892cdd163278 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
#!/bin/sh
#
# usage: onetimekey path/to/mycert.pem
# onetimekey -certonly path/to/mycert.pem
#
# Takes an openssl cert+key pem file and turns into a long string
# for the x11vnc SSL VNC Java Viewer.
#
# The Java applet URL parameter can be oneTimeKey=<str> where str is
# the output of this program, or can be oneTimeKey=PROMPT in which
# case the applet will ask you to paste in the string.
#
# The problem trying to be solved here is it is difficult to get
# the Java applet to have or use a keystore with the key saved
# in it. Also, as the name implies, an HTTPS server can create
# a one time key to send to the applet (the user has already
# logged in via password to the HTTPS server).
#
# Note oneTimeKey is to provide a CLIENT Certificate for the viewer
# to authenticate itself to the VNC Server.
#
# There is also the serverCert=<str> Applet parameter. This is
# a cert to authenticate the VNC server against. To create that
# string with this tool specify -certonly as the first argument.
certonly=""
if [ "X$1" = "X-certonly" ]; then
shift
certonly=1
fi
in=$1
der=/tmp/1time$$.der
touch $der
chmod 600 $der
openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der
pbinhex=/tmp/pbinhex.$$
cat > $pbinhex <<END
#!/usr/bin/perl
\$str = '';
while (1) {
\$c = getc(STDIN);
last if \$c eq '';
\$str .= sprintf("%02x", unpack("C", \$c));
}
print "\$str\n";
END
chmod 700 $pbinhex
str1=`$pbinhex < "$der"`
rm -f "$der"
n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
str2=`tail +$n $in | $pbinhex`
if [ "X$certonly" = "X1" ]; then
echo "$str2"
else
echo "$str1,$str2"
fi
rm -f $pbinhex
|