Alex Klyubin | 49ae0bb | 2014-01-27 14:44:50 -0800 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | # Outputs the provided certificate (PEM or DER) in a format used by CTS tests. |
| 4 | # The format is PEM block, followed by the textual representation of the |
| 5 | # certificate, followed by the SHA-1 fingerprint. |
| 6 | |
| 7 | # OpenSSL binary built from this Android source |
| 8 | OPENSSL="$ANDROID_HOST_OUT/bin/openssl" |
| 9 | if [ "$ANDROID_HOST_OUT" == "" ]; then |
| 10 | echo "Android build environment not set up" |
| 11 | echo |
| 12 | echo "Run the following from the root of the Android source tree:" |
| 13 | echo " . build/envsetup.sh && lunch" |
| 14 | exit 1 |
| 15 | fi |
| 16 | if [ ! -f "$OPENSSL" ]; then |
| 17 | echo "openssl binary not found" |
| 18 | echo |
| 19 | echo "Run 'mmm external/openssl' or 'make openssl' from the root of the" \ |
| 20 | "Android source tree to build it." |
| 21 | exit 1 |
| 22 | fi |
| 23 | |
| 24 | # Input file containing the certificate in PEM or DER format |
| 25 | in_file="$1" |
| 26 | |
| 27 | # Output file. If not specified, the file will be named <hash>.0 where "hash" |
| 28 | # is the certificate's subject hash produced by: |
sj.cha | d21c32c | 2014-12-03 09:19:04 +0900 | [diff] [blame] | 29 | # openssl x509 -in cert_file -subject_hash_old -noout |
Alex Klyubin | 49ae0bb | 2014-01-27 14:44:50 -0800 | [diff] [blame] | 30 | out_file="$2" |
| 31 | |
| 32 | # Detect whether the input file is PEM or DER. |
sj.cha | d21c32c | 2014-12-03 09:19:04 +0900 | [diff] [blame] | 33 | # It must use old_hash(MD5) function. |
Alex Klyubin | 49ae0bb | 2014-01-27 14:44:50 -0800 | [diff] [blame] | 34 | in_form="pem" |
sj.cha | d21c32c | 2014-12-03 09:19:04 +0900 | [diff] [blame] | 35 | subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \ |
Alex Klyubin | 49ae0bb | 2014-01-27 14:44:50 -0800 | [diff] [blame] | 36 | -noout 2>/dev/null) |
| 37 | if [ "$?" != "0" ]; then |
| 38 | in_form="der" |
sj.cha | d21c32c | 2014-12-03 09:19:04 +0900 | [diff] [blame] | 39 | subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \ |
Alex Klyubin | 49ae0bb | 2014-01-27 14:44:50 -0800 | [diff] [blame] | 40 | -noout) |
| 41 | if [ "$?" != "0" ]; then |
| 42 | echo "Certificate file format is neither PEM nor DER" |
| 43 | exit 1 |
| 44 | fi |
| 45 | fi |
| 46 | |
| 47 | # Name the output file <hash>.0 if the name is not specified explicitly. |
| 48 | if [ "$out_file" == "" ]; then |
| 49 | out_file="$subject_hash.0" |
| 50 | echo "Auto-generated output file name: $out_file" |
| 51 | fi |
| 52 | |
| 53 | # Output the certificate in the target format |
| 54 | "$OPENSSL" x509 -in "$in_file" -inform $in_form -outform pem > "$out_file" && \ |
| 55 | "$OPENSSL" x509 -in "$in_file" -inform $in_form -noout -text -fingerprint \ |
| 56 | >> "$out_file" |