Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to revoke WoSign-related certificates on Firefox for OS X
#!/bin/bash
CERTUTIL="/usr/local/opt/nss/bin/certutil"
if [ ! -f "$CERTUTIL" ]; then
echo "certutil is not found." >&2
echo "You can install it via 'brew install nss'." >&2
exit 1
fi
RCC_DIR=RevokeChinaCerts
RCC_REPO="https://github.com/chengr28/RevokeChinaCerts.git"
echo "Checking out RevokeChinaCerts..."
if [ ! -d "$RCC_DIR" ]; then
git clone --depth 1 "$RCC_REPO"
else
(cd "$RCC_DIR"; git pull)
fi
PROFILES_DIR="$HOME/Library/Application Support/Firefox/Profiles"
list_profiles() {
for profile in $(ls "$PROFILES_DIR"); do
if [ -d "$PROFILES_DIR/$profile" ]; then
echo $profile
fi
done
}
echo
echo "Available profiles:"
profiles=($(list_profiles))
for ((i=1; i <= ${#profiles[@]}; i++)); do
echo " $i) ${profiles[$i-1]}"
done
echo -n "Choose from the list: "
read index
echo
profile_name="${profiles[$index-1]}"
profile="$PROFILES_DIR/$profile_name"
echo -n "Checking profile $profile_name... "
if lsof "$profile/.parentlock" > /dev/null; then
echo "failed"
echo "the profile is in use." >&2
exit 1
fi
echo "OK"
list_certs() {
for f in "$RCC_DIR/Shared/Certificates"/*.crt; do
cert=$(openssl x509 -noout -text -in "$f")
if echo "$cert" | grep -q WoSign; then
echo $f
fi
done
}
echo
for f in $(list_certs); do
echo "Revoking $(basename ${f%.*})..."
$CERTUTIL -d "$profile" -A -i "$f" -n "${f%.*}" -t "p,p,p"
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment