Created
December 18, 2020 20:20
-
-
Save prppedro/f4a6d66ac303234fb3ce47f896eb04e1 to your computer and use it in GitHub Desktop.
Scripts to import Debian certificates and make them usable on Android
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Certificate Exporter | |
| # Pedro T. R. Pinheiro <tadeu@foda-se.uucp> | |
| # 18/DEC/2020 | |
| # This little utility exports Debian SSL certs to the format | |
| # used by my Android Phone: a filename containing cert's | |
| # hash, ended by 0, like: a1b2c3d4e.0. Also, it has the | |
| # cert followed by certinfo (openssl-x509's -text param) | |
| CERTSTORE=/etc/ssl/certs | |
| OUTPUTDIR=cacerts.debconv/ | |
| function exportCert | |
| { | |
| CERT=$1 | |
| FILE=$OUTPUTDIR/$2 | |
| openssl x509 -inform PEM -in $cert >> $FILE | |
| openssl x509 -inform PEM -noout -text -in $cert >> $FILE | |
| openssl x509 -inform PEM -noout -fingerprint -in $cert >> $FILE | |
| } | |
| for cert in /etc/ssl/certs/*.pem; do | |
| HASH=`openssl x509 -inform PEM -subject_hash_old -in $cert | head -1` | |
| FILE=$HASH.0 | |
| exportCert $cert $FILE | |
| done | |
| for cert in /etc/ssl/certs/*.0; do | |
| FILE=`echo $cert | cut -d"/" -f5` | |
| exportCert $cert $FILE | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| ## -- A script to create a new certificate directory for Android --# | |
| # Combines the Debian Certificates with pre-existing one, excluding | |
| # expired certificates. | |
| DEBCONV=cacerts.debconv/ | |
| OLDCERT=cacerts.orig/ | |
| FINAL=cacerts.final/ | |
| EXPIRED=0 | |
| for oldcert in $OLDCERT/*; do | |
| # Checks whether the darn thing is expired or not | |
| openssl x509 -inform PEM -noout -checkend 0 -in $oldcert > /dev/null | |
| if [ $? -eq 0 ]; then | |
| cp $oldcert $FINAL | |
| else | |
| SUBJECT=`openssl x509 -inform PEM -noout -subject -in $oldcert` | |
| EXPIRYD=`openssl x509 -inform PEM -noout -enddate -in $oldcert` | |
| echo "$SUBJECT está expirado! ($EXPIRYD)" | |
| EXPIRED=$(($EXPIRED + 1)) | |
| fi | |
| done; | |
| INSTDEB=0 | |
| for newcert in $DEBCONV/*; do | |
| # I'll assume Debian maintains up-to-date certificates | |
| FILE=`openssl x509 -inform PEM -noout -subject_hash_old -in $newcert`.0 | |
| # copies verifying if the file pre-exists | |
| if [ -e $FINAL/$FILE ]; then | |
| echo "$FILE already existed there." | |
| else | |
| cp $newcert $FINAL | |
| INSTDEB=$(($INSTDEB + 1)) | |
| fi | |
| done; | |
| echo | |
| echo "There were $EXPIRED expired CA certificates." | |
| echo "$INSTDEB CA certificates were imported." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment