I want to add a trusted certificate autority to your Mozilla Firefox certificate repository using JSS and Windows. Somebody knows how to do that?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Here is how to do it with JSS 4.3.1 !
You will find your windows firefox profile directory at %APPDATA%/Mozilla/Firefox/Profiles.
Be sure to put all needed native libs in a unique directory and references this directory in the java.library.path, example:
-Djava.library.path="C:\dev\firefox\jss-native" Here is the sample code:
File firefoxProfilesDir = new File(appData + "/Mozilla/Firefox/Profiles");
boolean firefoxInstalled = firefoxProfilesDir.exists() && firefoxProfilesDir.isDirectory();
if (!firefoxInstalled) {
LOG.info("Firefox profiles not found, abort");
return;
}
LOG.info("Firefox profiles found");
LOG.info("Browsing for firefox profile");
File[] profilesDir = firefoxProfilesDir.listFiles();
for (File profileDir : profilesDir) {
if (!profileDir.isDirectory()) {
continue;
}
LOG.info("Found firefox profile {}", profileDir.getName());
// Autority
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate rootCertificate = certificateFactory.generateCertificate(Dispatcher.class
.getResourceAsStream("/certificates/myautoritycert.cer"));
// Load native libs
System.loadLibrary("nspr4");
System.loadLibrary("plc4");
System.loadLibrary("plds4");
System.loadLibrary("nssutil3");
System.loadLibrary("nss3");
System.loadLibrary("smime3");
System.loadLibrary("freebl3");
System.loadLibrary("nssckbi");
System.loadLibrary("nssdbm3");
System.loadLibrary("sqlite3");
System.loadLibrary("ssl3");
// Initialize mozilla crypto
CryptoManager.initialize(profileDir.getAbsolutePath());
CryptoManager manager = CryptoManager.getInstance();
CryptoToken token = manager.getInternalKeyStorageToken();
manager.setThreadToken(token);
// Autority
X509Certificate cert = manager.importCACertPackage(rootCertificate.getEncoded());
InternalCertificate certInternal = manager.importCertToPerm(cert , "somealias");
certInternal.setSSLTrust(InternalCertificate.TRUSTED_CA);
LOG.info("Certificate {} loaded into firefox profile {}", "somealias", profileDir.getName());
break;
}