#!/bin/bash -e
#
# Inserts all local *.crt to user's browsers (webkit (chromium, ..) & mozilla (firefox, ..)) cert db's as trusted
#
# Comes handy when testing SSL with self-signed and such. May also be
# useful on a normal production system if you keep (self signed, your
# privately CA) certs in /usr/local/share/ca-certificates/.
#
# Note that these browsers do not use (Debian's) system default cert database (ca-certificates), else this tool would not be needed.
#
# Depends: libnss3-tools
# See Also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926388

main()
{
	local pkiDir="${HOME}/.pki" trust="C,,"
	[ "${MBD_CODENAME}" != "buster" ] || trust="P,,"
	local c
	for c in /usr/local/share/ca-certificates/*.crt; do
		if [ -e "${pkiDir}/nssdb" ]; then
			printf "I: [webkit] Adding %s to %s...\n" "${c}" "${pkiDir}"
			certutil -d sql:${pkiDir}/nssdb -A -t "${trust}" -n"$(basename ${c} .pem)" -i "${c}" || read -p "[chromium] FYI: ${pkiDir} seems broke [RET]" DUMMY
		fi

		local certDB
		for certDB in $(find  ${HOME}/.mozilla/ -name "cert*.db"); do
			printf "I: [mozilla] Adding %s to %s...\n" "${c}" "${certDB}"
			certutil -d $(dirname "${certDB}") -A -t "${trust}" -n"$(basename ${c} .pem)" -i "${c}"|| read -p "[firefox] FYI: ${certDB} seems broke [RET]" DUMMY
		done
	done
}

main
