File tree Expand file tree Collapse file tree 5 files changed +87
-0
lines changed
utils/create-platform-certs Expand file tree Collapse file tree 5 files changed +87
-0
lines changed Original file line number Diff line number Diff line change @@ -21,3 +21,5 @@ geckodriver.log
2121node_modules /
2222coverage /
2323utils /mk-ca-bundle /certdata.txt
24+ utils /create-platform-certs /certdata.txt
25+ utils /create-platform-certs /mk-ca-bundle.pl
Original file line number Diff line number Diff line change 1+ # create-platform-certs
2+
3+ This repository creates and fills ` test/rules/platform_certs/default/ ` .
4+
5+ ## Setup
6+
7+ Download ` certdata.txt ` and ` mk-ca-bundle.pl ` and put them in this directory.
8+ You can find the download locations in ` SHA256SUMS ` .
9+
10+ ## Run
11+
12+ You can repopulate the certificates with ` create_platform_certs.sh ` . The
13+ certificates should be bit-for-bit identical if you use the same ` certdata.txt `
14+ and ` mk-ca-bundle.pl ` .
15+
16+ You can update the certificates by using a new ` certdata.txt ` and
17+ ` mk-ca-bundle.pl ` . Be sure to also update ` SHA256SUMS ` .
Original file line number Diff line number Diff line change 1+ # https://hg.mozilla.org/releases/mozilla-release/raw-file/849c090094db/security/nss/lib/ckfw/builtins/certdata.txt
2+ # Tag "FIREFOX_58_0_2_RELEASE"
3+ a3ac15b98179dd2f3c5de076d10b1d53048754372f7207c2f327510cdd78fbd8 certdata.txt
4+ # https://raw.githubusercontent.com/curl/curl/curl-7_58_0/lib/mk-ca-bundle.pl
5+ a285d9f5475e04c006f1f092e7e93ec97899bee4a5f35a143da1d0829a0ff551 mk-ca-bundle.pl
Original file line number Diff line number Diff line change 1+ #! /usr/bin/env bash
2+ set -e
3+
4+ GIT_REPO_TOP_LEVEL=" $( git rev-parse --show-toplevel) "
5+
6+ cd " ${GIT_REPO_TOP_LEVEL} "
7+
8+ COMBINED_CERT_FILE=./ca-bundle.crt
9+ HASH_FILE=./SHA256SUMS
10+ MK_CA_BUNDLE_PL_EXEC=./mk-ca-bundle.pl
11+ SPLIT_CERT_DIR=" ${GIT_REPO_TOP_LEVEL} "
12+ SPLIT_COMBINED_CERT_FILE_EXEC=./split_combined_cert_file.py
13+
14+ sha256sum -c " ${HASH_FILE} "
15+
16+ git rm -r -f -q " ${SPLIT_CERT_DIR} "
17+
18+ mkdir -p " ${SPLIT_CERT_DIR} "
19+
20+ perl " ${MK_CA_BUNDLE_PL_EXEC} " " ${COMBINED_CERT_FILE} "
21+
22+ python " ${SPLIT_COMBINED_CERT_FILE_EXEC} " " ${COMBINED_CERT_FILE} " " ${SPLIT_CERT_DIR} "
23+
24+ rm " ${COMBINED_CERT_FILE} "
25+
26+ c_rehash " ${SPLIT_CERT_DIR} "
27+
28+ git add " ${SPLIT_CERT_DIR} "
Original file line number Diff line number Diff line change 1+ #!/usr/bin/env python
2+ import argparse
3+ import codecs
4+ import os
5+ import re
6+
7+ if __name__ == '__main__' :
8+ parser = argparse .ArgumentParser ()
9+ parser .add_argument (
10+ 'input_filename' ,
11+ help = 'combined crt/pem file to split' ,
12+ )
13+ parser .add_argument (
14+ 'output_dir' ,
15+ help = 'output directory for split files' ,
16+ )
17+ args = parser .parse_args ()
18+ with codecs .open (args .input_filename , 'r' , encoding = 'utf-8' ) as input_file :
19+ bundle = input_file .read ()
20+ certs = re .compile ('\n {2,}' ).split (bundle )
21+
22+ # First element of certs is a comment
23+ certs = certs [1 :]
24+ cert_filename_num_width = len (str (len (certs )))
25+ for index , cert in enumerate (certs ):
26+ cert_name , cert_content = re .compile ("\n =+\n " ).split (cert )
27+ cert_filename = os .path .join (
28+ args .output_dir ,
29+ "cert%s.pem" % str (index + 1 ).zfill (cert_filename_num_width ),
30+ )
31+ with codecs .open (
32+ cert_filename , 'w' , encoding = 'utf-8' ) as cert_file :
33+ cert_file .write ("%s\n " % cert_name )
34+ cert_file .write (cert_content )
35+ cert_file .write ('\n ' )
You can’t perform that action at this time.
0 commit comments