charles-dyfis-net/parse-certs

## parse-certs
#!/bin/bash
#
#  Parse Mozilla's certdata.txt and extract CA Root Certificates into PEM
#  format.
#
#  Based on http://curl.haxx.se/mail/lib-2004-07/0134.html; cleaned up to
#  follow fewer worst practices for bash :)
#
#  certdata.txt can be found in Mozilla's source tree:
#  /mozilla/security/nss/lib/ckfw/builtins/certdata.txt
#

[[ $1 ]] && exec <"$1"
[[ $2 ]] && exec <"$2"

tmpdir=$(mktemp -t -d ca-bundle.d.XXXXXX)
trap 'rm -rf "$tmpdir"' 0
cd "$tmpdir"

echo "Processing $1" >&2

cat >"script.rb" <<'EOF'
certnum = 1

while line = $stdin.gets
  next if line =~ /^#/
  next if line =~ /^\s*$/
  line.chomp!

  if line =~ /CKA_LABEL/
    label,type,val = line.split(' ',3)
    val.sub!(/^"/, "")
    val.sub!(/"$/, "")
    next
  end
  if line =~ /CKA_VALUE MULTILINE_OCTAL/
    data=''
    fname = format("%d.crt", certnum)

    while line = $stdin.gets
      break if $_ =~ /^END/
      line.chomp!
      line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
    end
    open(fname, "w") do |fp|
      fp.puts val
      fp.puts "-----BEGIN CERTIFICATE-----"
      fp.puts [data].pack("m*")
      fp.puts "-----END CERTIFICATE-----"
    end
    $stderr.puts("Parsing: " + val)
    certnum += 1
  end
end
EOF
ruby script.rb

cat <<EOF
##
##  ca-bundle.crt -- Bundle of CA Root Certificates
##  Last Modified: `date`
##
##  This is a bundle of X.509 certificates of public
##  Certificate Authorities (CA). These were automatically
##  extracted from Mozilla's root certificates file (certdata.txt).
##  This file can be found in the mozilla source tree:
##  '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'
##
EOF

shopt -s nullglob
files=( *.crt )
if (( ${#files} == 0 )) ; then
  echo "ERROR: No certificates created by ruby script" >&2
  exit 1
fi

for file in "${files[@]}"; do
  read name <"$file"
  printf '\n%s\n' "$name"
  for (( n=0; n<${#name}; ++n )); do
    printf '='
  done
  printf '\n\n'
  openssl x509 -fingerprint -text -in "$file" -inform PEM
  rm -f "$file"
done

echo "Done.." >&2
	#!/bin/bash
	#
	# Parse Mozilla's certdata.txt and extract CA Root Certificates into PEM
	# format.
	#
	# Based on http://curl.haxx.se/mail/lib-2004-07/0134.html; cleaned up to
	# follow fewer worst practices for bash :)
	#
	# certdata.txt can be found in Mozilla's source tree:
	# /mozilla/security/nss/lib/ckfw/builtins/certdata.txt
	#

	[[ $1 ]] && exec <"$1"
	[[ $2 ]] && exec <"$2"

	tmpdir=$(mktemp -t -d ca-bundle.d.XXXXXX)
	trap 'rm -rf "$tmpdir"' 0
	cd "$tmpdir"

	echo "Processing $1" >&2

	cat >"script.rb" <<'EOF'
	certnum = 1

	while line = $stdin.gets
	next if line =~ /^#/
	next if line =~ /^\s*$/
	line.chomp!

	if line =~ /CKA_LABEL/
	label,type,val = line.split(' ',3)
	val.sub!(/^"/, "")
	val.sub!(/"$/, "")
	next
	end
	if line =~ /CKA_VALUE MULTILINE_OCTAL/
	data=''
	fname = format("%d.crt", certnum)

	while line = $stdin.gets
	break if $_ =~ /^END/
	line.chomp!
	line.gsub(/\\([0-3][0-7][0-7])/) { data += $1.oct.chr }
	end
	open(fname, "w") do \|fp\|
	fp.puts val
	fp.puts "-----BEGIN CERTIFICATE-----"
	fp.puts [data].pack("m*")
	fp.puts "-----END CERTIFICATE-----"
	end
	$stderr.puts("Parsing: " + val)
	certnum += 1
	end
	end
	EOF
	ruby script.rb

	cat <<EOF
	##
	## ca-bundle.crt -- Bundle of CA Root Certificates
	## Last Modified: `date`
	##
	## This is a bundle of X.509 certificates of public
	## Certificate Authorities (CA). These were automatically
	## extracted from Mozilla's root certificates file (certdata.txt).
	## This file can be found in the mozilla source tree:
	## '/mozilla/security/nss/lib/ckfw/builtins/certdata.txt'
	##
	EOF

	shopt -s nullglob
	files=( *.crt )
	if (( ${#files} == 0 )) ; then
	echo "ERROR: No certificates created by ruby script" >&2
	exit 1
	fi

	for file in "${files[@]}"; do
	read name <"$file"
	printf '\n%s\n' "$name"
	for (( n=0; n<${#name}; ++n )); do
	printf '='
	done
	printf '\n\n'
	openssl x509 -fingerprint -text -in "$file" -inform PEM
	rm -f "$file"
	done

	echo "Done.." >&2