tests/tests/security/tools/format_cert.sh

#!/bin/sh

# Outputs the provided certificate (PEM or DER) in a format used by CTS tests.
# The format is PEM block, followed by the textual representation of the
# certificate, followed by the SHA-1 fingerprint.

# OpenSSL binary built from this Android source
OPENSSL="$ANDROID_HOST_OUT/bin/openssl"
if [ "$ANDROID_HOST_OUT" == "" ]; then
  echo "Android build environment not set up"
  echo
  echo "Run the following from the root of the Android source tree:"
  echo "  . build/envsetup.sh && lunch"
  exit 1
fi
if [ ! -f "$OPENSSL" ]; then
  echo "openssl binary not found"
  echo
  echo "Run 'mmm external/openssl' or 'make openssl' from the root of the" \
      "Android source tree to build it."
  exit 1
fi

# Input file containing the certificate in PEM or DER format
in_file="$1"

# Output file. If not specified, the file will be named <hash>.0 where "hash"
# is the certificate's subject hash produced by:
#   openssl x509 -in cert_file -subject_hash_old -noout
out_file="$2"

# Detect whether the input file is PEM or DER.
# It must use old_hash(MD5) function.
in_form="pem"
subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \
    -noout 2>/dev/null)
if [ "$?" != "0" ]; then
  in_form="der"
  subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \
      -noout)
  if [ "$?" != "0" ]; then
    echo "Certificate file format is neither PEM nor DER"
    exit 1
  fi
fi

# Name the output file <hash>.0 if the name is not specified explicitly.
if [ "$out_file" == "" ]; then
  out_file="$subject_hash.0"
  echo "Auto-generated output file name: $out_file"
fi

# Output the certificate in the target format
"$OPENSSL" x509 -in "$in_file" -inform $in_form -outform pem > "$out_file" && \
"$OPENSSL" x509 -in "$in_file" -inform $in_form -noout -text -fingerprint \
    >> "$out_file"