Script to revoke WoSign-related certificates on Firefox for OS X

RevokeWoSign_FirefoxOSX.sh

#!/bin/bash

CERTUTIL="/usr/local/opt/nss/bin/certutil"
if [ ! -f "$CERTUTIL" ]; then
    echo "certutil is not found." >&2
    echo "You can install it via 'brew install nss'." >&2
    exit 1
fi

RCC_DIR=RevokeChinaCerts
RCC_REPO="https://github.com/chengr28/RevokeChinaCerts.git"
echo "Checking out RevokeChinaCerts..."
if [ ! -d "$RCC_DIR" ]; then
    git clone --depth 1 "$RCC_REPO"
else
    (cd "$RCC_DIR"; git pull)
fi

PROFILES_DIR="$HOME/Library/Application Support/Firefox/Profiles"
list_profiles() {
    for profile in $(ls "$PROFILES_DIR"); do
        if [ -d "$PROFILES_DIR/$profile" ]; then
            echo $profile
        fi
    done
}

echo
echo "Available profiles:"
profiles=($(list_profiles))
for ((i=1; i <= ${#profiles[@]}; i++)); do
    echo "  $i) ${profiles[$i-1]}"
done
echo -n "Choose from the list: "
read index

echo
profile_name="${profiles[$index-1]}"
profile="$PROFILES_DIR/$profile_name"
echo -n "Checking profile $profile_name... "
if lsof "$profile/.parentlock" > /dev/null; then
    echo "failed"
    echo "the profile is in use." >&2
    exit 1
fi
echo "OK"

list_certs() {
    for f in "$RCC_DIR/Shared/Certificates"/*.crt; do
        cert=$(openssl x509 -noout -text -in "$f")
        if echo "$cert" | grep -q WoSign; then
            echo $f
        fi
    done
}

echo
for f in $(list_certs); do
    echo "Revoking $(basename ${f%.*})..."
    $CERTUTIL -d "$profile" -A -i "$f" -n "${f%.*}" -t "p,p,p"
done