1 #!/bin/sh 2 3 # Outputs the provided certificate (PEM or DER) in a format used by CTS tests. 4 # The format is PEM block, followed by the textual representation of the 5 # certificate, followed by the SHA-1 fingerprint. 6 7 # OpenSSL binary built from this Android source 8 OPENSSL="$ANDROID_HOST_OUT/bin/openssl" 9 if [ "$ANDROID_HOST_OUT" == "" ]; then 10 echo "Android build environment not set up" 11 echo 12 echo "Run the following from the root of the Android source tree:" 13 echo " . build/envsetup.sh && lunch" 14 exit 1 15 fi 16 if [ ! -f "$OPENSSL" ]; then 17 echo "openssl binary not found" 18 echo 19 echo "Run 'mmm external/openssl' or 'make openssl' from the root of the" \ 20 "Android source tree to build it." 21 exit 1 22 fi 23 24 # Input file containing the certificate in PEM or DER format 25 in_file="$1" 26 27 # Output file. If not specified, the file will be named <hash>.0 where "hash" 28 # is the certificate's subject hash produced by: 29 # openssl x509 -in cert_file -subject_hash_old -noout 30 out_file="$2" 31 32 # Detect whether the input file is PEM or DER. 33 # It must use old_hash(MD5) function. 34 in_form="pem" 35 subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \ 36 -noout 2>/dev/null) 37 if [ "$?" != "0" ]; then 38 in_form="der" 39 subject_hash=$("$OPENSSL" x509 -in "$in_file" -inform $in_form -subject_hash_old \ 40 -noout) 41 if [ "$?" != "0" ]; then 42 echo "Certificate file format is neither PEM nor DER" 43 exit 1 44 fi 45 fi 46 47 # Name the output file <hash>.0 if the name is not specified explicitly. 48 if [ "$out_file" == "" ]; then 49 out_file="$subject_hash.0" 50 echo "Auto-generated output file name: $out_file" 51 fi 52 53 # Output the certificate in the target format 54 "$OPENSSL" x509 -in "$in_file" -inform $in_form -outform pem > "$out_file" && \ 55 "$OPENSSL" x509 -in "$in_file" -inform $in_form -noout -text -fingerprint \ 56 >> "$out_file" 57
