@@ -356,54 +356,78 @@ function unlockUIFig(hUIFig)
356356 end
357357
358358 function tf = checkCert()
359- SUCCESS_CODE = 0 ;
359+ % This tools works on the OS-level, and was tested on Win 7 & 10.
360+ %
361+ % With certain browsers it might not be required/helpful as noted in
362+ % https://askubuntu.com/questions/73287/#comment1533817_94861 :
363+ % Note that Chromium and Firefox do not use the system CA certificates,
364+ % so require separate instructions.
365+ % - In Chromium, visit chrome://settings/certificates, click Authorities,
366+ % then click import, and select your .pem.
367+ % - In Firefox, visit about:preferences#privacy, click Certificates,
368+ % View Certificates, Authorities, then click Import and select your .pem.
369+ SUCCESS_CODE = 0 ;
370+ CL = connector .getCertificateLocation(); % certificate location;
371+ if isempty(CL ), CL = fullfile(prefdir , ' thisMatlab.pem' end
372+ %% Test if certificate is already accepted:
360373 switch true
361- case ispc
362- %% Test if certificate is already accepted:
363- [s ,c ] = system(' certutil -verifystore -user "Root" localhost'
364- if s == SUCCESS_CODE
365- tf = true ;
366- else
367- reply = questdlg(' Certificate not found. Would you like to import it?'
368- ' Import "localhost" certificate' ' Yes' ' No' ' Yes'
369- if strcmp(reply ,' Yes'
370- %% Import the certificate
371- [s ,c ] = system([' certutil -addstore -user "Root" '
372- connector .getCertificateLocation()]);
373- tf = s == SUCCESS_CODE ;
374- if tf
375- disp([' Certificate import successful! You should now be '
376- ' able to navigate to the webwindow URL in your browser.'
377- disp([' If the figure is still blank, recreate it and navigate '
378- ' to the new URL.'
379- else
380- disp(c );
381- end
382- else
383- disp(c );
384- tf = false ;
385- end
386- end
374+ case ispc
375+ [s ,c ] = system(' certutil -verifystore -user "Root" localhost'
387376 case isunix
388- warning(' checkCert:unsupportedOS:unix'
389- ' OS not supported for automatic testing, assuming the certificate is in order.'
390- tf = true ;
391- % TODO
392- % See: https://askubuntu.com/a/648629, https://superuser.com/a/437377
393- %{
394- system(['sudo cp ' connector.getCertificateLocation() ...
395- ' /usr/local/share/ca-certificates/localhost-matlab.crt && '...
396- 'sudo dpkg-reconfigure ca-certificates && sudo update-ca-certificates'])
397- %}
398- case ismac
399- warning(' checkCert:unsupportedOS:mac'
400- ' OS not supported for automatic testing, assuming the certificate is in order.'
401- tf = true ;
402- % TODO
403- %{
404- system(['sudo security add-trusted-cert -d -r trustRoot -k '...
405- '"$HOME/Library/Keychains/login.keychain"' connector.getCertificateLocation()]);
406- %}
377+ [s ,c ] = system([' openssl crl2pkcs7 -nocrl -certfile '
378+ ' /etc/ssl/certs/ca-certificates.crt '
379+ ' | openssl pkcs7 -print_certs -noout '
380+ ' | grep '' ^issuer=/C=US/O=company/CN=localhost/OU=engineering'' '
381+ case ismac
382+ [s ,c ] = system(' security find-certificate -c "localhost"'
383+ end
384+ isAccepted = s == SUCCESS_CODE ;
385+
386+ %% Try to import certificate:
387+ if ~isAccepted
388+ reply = questdlg(' Certificate not found. Would you like to import it?'
389+ ' Import "localhost" certificate' ' Yes' ' No' ' Yes'
390+ if strcmp(reply ,' Yes' switch true % #ok<ALIGN>
391+ case ispc
392+ [s ,c ] = system([' certutil -addstore -user "Root" ' CL ]);
393+ % %APPDATA%\MathWorks\MATLAB\R20##x\thisMatlab.pem
394+ case isunix
395+ [s ,c ] = system([' sudo cp ' CL ...
396+ ' /usr/local/share/ca-certificates/localhost-matlab.crt && '
397+ ' sudo update-ca-certificates'
398+ % ~/.matlab/thisMatlab.pem
399+ case ismac % https://apple.stackexchange.com/a/80625
400+ [s ,c ] = system([' security add-trusted-cert -d -r trustRoot -p ssl -k '
401+ ' "$HOME/Library/Keychains/login.keychain" ' CL ]);
402+ % ~/Library/Application\ Support/MathWorks/MATLAB/R20##x/thisMatlab.pem
403+ end % switch
404+ wasImported = s == SUCCESS_CODE ;
405+ else
406+ warning(' Certificate import cancelled by user!'
407+ wasImported = false ;
408+ end
409+ end
410+ %% Report result
411+ tf = isAccepted || wasImported ;
412+ if wasImported
413+ fprintf(1 , ' \n%s\n%s\n%s\n '
414+ [' Certificate import successful! You should now be '
415+ ' able to navigate to the webwindow URL in your browser.'
416+ [' If the figure is still blank, recreate it and navigate '
417+ ' to the new URL.'
418+ [' Also, if you have a script blocking addon (e.g. NoScript), '
419+ ' be sure to whitelist "localhost".'
420+ elseif ~isAccepted % && ~wasImported (implicitly)
421+ disp(c );
422+ fprintf(1 , ' \n%s\n%s\n\t%s\n\t%s\n%s\n '
423+ ' Either certificate presence cannot be determined, or the import failed.'
424+ ' If you'' re using Chromium or Firefox you can follow these instructions:'
425+ [' - In Chromium, visit chrome://settings > (Show advanced) > '
426+ ' Manage HTTP/SSL certificates > Trusted Root Certification Authorities Tab'
427+ ' > Import, and select your .pem.'
428+ [' - In Firefox, visit about:preferences#privacy, click Certificates > '
429+ ' View Certificates > Authorities > Import, and select your .pem.'
430+ [' The certificate is found here: ' CL ]);
407431 end
408432 end % checkCert
409433 end % unlockUIFig
0 commit comments