1 #!/bin/sh 2 # 3 # usage: onetimekey path/to/mycert.pem 4 # onetimekey -certonly path/to/mycert.pem 5 # 6 # Takes an openssl cert+key pem file and turns into a long string 7 # for the x11vnc SSL VNC Java Viewer. 8 # 9 # The Java applet URL parameter can be oneTimeKey=<str> where str is 10 # the output of this program, or can be oneTimeKey=PROMPT in which 11 # case the applet will ask you to paste in the string. 12 # 13 # The problem trying to be solved here is it is difficult to get 14 # the Java applet to have or use a keystore with the key saved 15 # in it. Also, as the name implies, an HTTPS server can create 16 # a one time key to send to the applet (the user has already 17 # logged in via password to the HTTPS server). 18 # 19 # Note oneTimeKey is to provide a CLIENT Certificate for the viewer 20 # to authenticate itself to the VNC Server. 21 # 22 # There is also the serverCert=<str> Applet parameter. This is 23 # a cert to authenticate the VNC server against. To create that 24 # string with this tool specify -certonly as the first argument. 25 26 certonly="" 27 if [ "X$1" = "X-certonly" ]; then 28 shift 29 certonly=1 30 fi 31 32 in=$1 33 der=/tmp/1time$$.der 34 touch $der 35 chmod 600 $der 36 37 openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der 38 39 pbinhex=/tmp/pbinhex.$$ 40 cat > $pbinhex <<END 41 #!/usr/bin/perl 42 43 \$str = ''; 44 while (1) { 45 \$c = getc(STDIN); 46 last if \$c eq ''; 47 \$str .= sprintf("%02x", unpack("C", \$c)); 48 } 49 50 print "\$str\n"; 51 END 52 53 chmod 700 $pbinhex 54 55 str1=`$pbinhex < "$der"` 56 rm -f "$der" 57 58 n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1` 59 str2=`tail +$n $in | $pbinhex` 60 if [ "X$certonly" = "X1" ]; then 61 echo "$str2" 62 else 63 echo "$str1,$str2" 64 fi 65 rm -f $pbinhex 66
