1 #!/bin/sh 2 3 # Outputs the provided certificate (PEM or DER) in a format used by CTS tests. 4 # The format is PEM block, followed by the textual representation of the 5 # certificate, followed by the SHA-1 fingerprint. 6 7 # OpenSSL binary built from this Android source 8 OPENSSL="$ANDROID_HOST_OUT/bin/openssl" 9 if [ "$ANDROID_HOST_OUT" == "" ]; then 10 echo "Android build environment not set up" 11 echo 12 echo "Run the following from the root of the Android source tree:" 13 echo " . build/envsetup.sh && lunch" 14 exit 1 15 fi 16 if [ ! -f "$OPENSSL" ]; then 17 echo "openssl binary not found" 18 echo 19 echo "Run 'mmm external/openssl' or 'make openssl' from the root of the" \ 20 "Android source tree to build it." 21 exit 1 22 fi 23 24 # Input file containing the certificate in PEM or DER format 25 in_file="$1" 26 27 # Output file. If not specified, the file will be named <hash>.0 where "hash" 28 # is the certificate's subject hash produced by: 29 # openssl x509 -in cert_file -subject_hash -noout 30 out_file="$2" 31 32 # Detect whether the input file is PEM or DER. 33 in_form="pem" 34 subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash \ 35 -noout 2>/dev/null) 36 if [ "$?" != "0" ]; then 37 in_form="der" 38 subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash \ 39 -noout) 40 if [ "$?" != "0" ]; then 41 echo "Certificate file format is neither PEM nor DER" 42 exit 1 43 fi 44 fi 45 46 # Name the output file <hash>.0 if the name is not specified explicitly. 47 if [ "$out_file" == "" ]; then 48 out_file="$subject_hash.0" 49 echo "Auto-generated output file name: $out_file" 50 fi 51 52 # Output the certificate in the target format 53 "$OPENSSL" x509 -in "$in_file" -inform $in_form -outform pem > "$out_file" && \ 54 "$OPENSSL" x509 -in "$in_file" -inform $in_form -noout -text -fingerprint \ 55 >> "$out_file" 56
