summaryrefslogtreecommitdiffstats
path: root/webclients/ssl/onetimekey
diff options
context:
space:
mode:
Diffstat (limited to 'webclients/ssl/onetimekey')
-rwxr-xr-xwebclients/ssl/onetimekey65
1 files changed, 65 insertions, 0 deletions
diff --git a/webclients/ssl/onetimekey b/webclients/ssl/onetimekey
new file mode 100755
index 0000000..bf57c8f
--- /dev/null
+++ b/webclients/ssl/onetimekey
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# usage: onetimekey path/to/mycert.pem
+# onetimekey -certonly path/to/mycert.pem
+#
+# Takes an openssl cert+key pem file and turns into a long string
+# for the x11vnc SSL VNC Java Viewer.
+#
+# The Java applet URL parameter can be oneTimeKey=<str> where str is
+# the output of this program, or can be oneTimeKey=PROMPT in which
+# case the applet will ask you to paste in the string.
+#
+# The problem trying to be solved here is it is difficult to get
+# the Java applet to have or use a keystore with the key saved
+# in it. Also, as the name implies, an HTTPS server can create
+# a one time key to send to the applet (the user has already
+# logged in via password to the HTTPS server).
+#
+# Note oneTimeKey is to provide a CLIENT Certificate for the viewer
+# to authenticate itself to the VNC Server.
+#
+# There is also the serverCert=<str> Applet parameter. This is
+# a cert to authenticate the VNC server against. To create that
+# string with this tool specify -certonly as the first argument.
+
+certonly=""
+if [ "X$1" = "X-certonly" ]; then
+ shift
+ certonly=1
+fi
+
+in=$1
+der=/tmp/1time$$.der
+touch $der
+chmod 600 $der
+
+openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der
+
+pbinhex=/tmp/pbinhex.$$
+cat > $pbinhex <<END
+#!/usr/bin/perl
+
+\$str = '';
+while (1) {
+ \$c = getc(STDIN);
+ last if \$c eq '';
+ \$str .= sprintf("%02x", unpack("C", \$c));
+}
+
+print "\$str\n";
+END
+
+chmod 700 $pbinhex
+
+str1=`$pbinhex < "$der"`
+rm -f "$der"
+
+n=`grep -n 'BEGIN CERTIFICATE' $in | awk -F: '{print $1}' | head -1`
+str2=`tail +$n $in | $pbinhex`
+if [ "X$certonly" = "X1" ]; then
+ echo "$str2"
+else
+ echo "$str1,$str2"
+fi
+rm -f $pbinhex