From bdd7e25d2dd47c3a5d8c95366bc111dc0a176128 Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Wed, 9 Nov 2011 20:25:32 +0100 Subject: Move the java stuff into webclients/java-applet. --- webclients/java-applet/ssl/onetimekey | 65 +++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100755 webclients/java-applet/ssl/onetimekey (limited to 'webclients/java-applet/ssl/onetimekey') diff --git a/webclients/java-applet/ssl/onetimekey b/webclients/java-applet/ssl/onetimekey new file mode 100755 index 0000000..bf57c8f --- /dev/null +++ b/webclients/java-applet/ssl/onetimekey @@ -0,0 +1,65 @@ +#!/bin/sh +# +# usage: onetimekey path/to/mycert.pem +# onetimekey -certonly path/to/mycert.pem +# +# Takes an openssl cert+key pem file and turns into a long string +# for the x11vnc SSL VNC Java Viewer. +# +# The Java applet URL parameter can be oneTimeKey= where str is +# the output of this program, or can be oneTimeKey=PROMPT in which +# case the applet will ask you to paste in the string. +# +# The problem trying to be solved here is it is difficult to get +# the Java applet to have or use a keystore with the key saved +# in it. Also, as the name implies, an HTTPS server can create +# a one time key to send to the applet (the user has already +# logged in via password to the HTTPS server). +# +# Note oneTimeKey is to provide a CLIENT Certificate for the viewer +# to authenticate itself to the VNC Server. +# +# There is also the serverCert= Applet parameter. This is +# a cert to authenticate the VNC server against. To create that +# string with this tool specify -certonly as the first argument. + +certonly="" +if [ "X$1" = "X-certonly" ]; then + shift + certonly=1 +fi + +in=$1 +der=/tmp/1time$$.der +touch $der +chmod 600 $der + +openssl pkcs8 -topk8 -nocrypt -in "$in" -out "$der" -outform der + +pbinhex=/tmp/pbinhex.$$ +cat > $pbinhex <