Archives
/
ncdns
mirror of https://github.com/namecoin/ncdns
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
v0.3.2
v0.3.1
v0.3
v0.2.2
v0.2.1
v0.2
v0.1.2
v0.1.1
v0.1
v0.0.10.3
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '497faca99e'
${ noResults }
ncdns/tlsrestrictchromium/tlsrestrict_chromium_tool/main.go

69 lines
2.0 KiB
Go
Raw Blame History

package main
import (
"encoding/json"
"io/ioutil"
"log"
"github.com/namecoin/ncdns/tlsrestrictchromium"
"gopkg.in/hlandau/easyconfig.v1"
"gopkg.in/hlandau/easyconfig.v1/cflag"
)
var (
flagGroup = cflag.NewGroup(nil, "tlsrestrict")
transportSecurityPathFlag = cflag.String(flagGroup, "chromium-ts-path", "", "Path to the TransportSecurity file in Chromium's profile folder. Make sure that no running instance of Chromium is using this profile folder; profile corruption could result otherwise.")
domainFlag = cflag.String(flagGroup, "domain", "bit.", "Block built-in CA's from signing for any subdomains of this fully-qualified domain name.")
)
func main() {
config := easyconfig.Configurator{
ProgramName: "tlsrestrict_chromium",
}
err := config.Parse(nil)
if err != nil {
log.Fatalf("Couldn't parse configuration: %s", err)
}
transportSecurityPath := transportSecurityPathFlag.Value()
domain := domainFlag.Value()
if transportSecurityPath == "" {
log.Fatalf("Missing required --tlsrestrict.chromium-ts-path parameter")
}
rawIn, err := ioutil.ReadFile(transportSecurityPath)
if err != nil {
log.Fatalf("Couldn't read file %s: %s", transportSecurityPath, err)
}
var data map[string]interface{}
err = json.Unmarshal(rawIn, &data)
if err != nil {
log.Fatalf("Couldn't parse file %s: %s", transportSecurityPath, err)
}
// Chromium's TransportSecurity database uses keys of the form base64(sha256(dnsPack(fqdn)))
domainDNSHashB64String, err := tlsrestrictchromium.DNSHash(domain)
if err != nil {
log.Fatalf("Couldn't hash domain name %s: %s", domain, err)
}
data[domainDNSHashB64String], err = tlsrestrictchromium.BlockAllCAs()
if err != nil {
log.Fatalf("Couldn't assign BlockAllCAs: %s", err)
}
rawOut, err := json.Marshal(data)
if err != nil {
log.Fatalf("Couldn't marshal data: %s", err)
}
// 0600 seems to be the default mode in Chromium on Fedora
err = ioutil.WriteFile(transportSecurityPath, rawOut, 0600)
if err != nil {
log.Fatalf("Couldn't write file %s: %s", transportSecurityPath, err)
}
}
Reference in New Issue View Git Blame Copy Permalink