From 4e8aff9f7d075eefa6de23d975c7fb80979e5abb Mon Sep 17 00:00:00 2001
From: Alexander Andryashin <aandryashin@gmail.com>
Date: Mon, 7 Dec 2020 12:17:21 +0300
Subject: [PATCH] Ability to add Root CAs.

---
 static/chrome/entrypoint.sh           | 11 +++++++++++
 static/firefox/selenoid/entrypoint.sh | 17 +++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/static/chrome/entrypoint.sh b/static/chrome/entrypoint.sh
index 23b5c9a4f..cf9ad635c 100755
--- a/static/chrome/entrypoint.sh
+++ b/static/chrome/entrypoint.sh
@@ -36,6 +36,17 @@ clean() {
 
 trap clean SIGINT SIGTERM
 
+if env | grep -q ROOT_CA_; then
+  mkdir -p $HOME/.pki/nssdb
+  certutil -N --empty-password -d sql:$HOME/.pki/nssdb
+  for e in $(env | grep ROOT_CA_ | sed -e 's/=.*$//'); do
+    certname=$(echo -n $e | sed -e 's/ROOT_CA_//')
+    echo ${!e} | base64 -d >/tmp/cert.pem
+    certutil -A -n ${certname} -t "TCu,Cu,Tu" -i /tmp/cert.pem -d sql:$HOME/.pki/nssdb
+    rm /tmp/cert.pem
+  done
+fi
+
 /usr/bin/fileserver &
 FILESERVER_PID=$!
 
diff --git a/static/firefox/selenoid/entrypoint.sh b/static/firefox/selenoid/entrypoint.sh
index 21e8157bc..af603b781 100755
--- a/static/firefox/selenoid/entrypoint.sh
+++ b/static/firefox/selenoid/entrypoint.sh
@@ -67,4 +67,21 @@ fi
 DISPLAY="$DISPLAY" /usr/bin/selenoid -conf /home/selenium/browsers.json -disable-docker -timeout 1h -max-timeout 24h -enable-file-upload -capture-driver-logs &
 SELENOID_PID=$!
 
+if env | grep -q ROOT_CA_; then
+  while true; do
+    if certDB=$(ls -d /tmp/rust_mozprofile*/cert9.db 2>/dev/null); then
+      break
+    else
+      sleep 0.1
+    fi
+  done
+  certdir=$(dirname ${certDB})
+  for e in $(env | grep ROOT_CA_ | sed -e 's/=.*$//'); do
+    certname=$(echo -n $e | sed -e 's/ROOT_CA_//')
+    echo ${!e} | base64 -d >/tmp/cert.pem
+    certutil -A -n ${certname} -t "TCu,Cu,Tu" -i /tmp/cert.pem -d sql:${certdir}
+    rm /tmp/cert.pem
+  done
+fi
+
 wait