FCL/sf/os/security: cryptoservices/browserrootcertificates/certconvert.py@465613364af0 (annotated)

85 1efb81185f1c 201028_01 hgs parents: diff changeset	1	#
1efb81185f1c 201028_01 hgs parents: diff changeset	2	# Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies).
1efb81185f1c 201028_01 hgs parents: diff changeset	3	# All rights reserved.
1efb81185f1c 201028_01 hgs parents: diff changeset	4	# This component and the accompanying materials are made available
1efb81185f1c 201028_01 hgs parents: diff changeset	5	# under the terms of the License "Eclipse Public License v1.0"
1efb81185f1c 201028_01 hgs parents: diff changeset	6	# which accompanies this distribution, and is available
1efb81185f1c 201028_01 hgs parents: diff changeset	7	# at the URL "http://www.eclipse.org/legal/epl-v10.html".
1efb81185f1c 201028_01 hgs parents: diff changeset	8	#
1efb81185f1c 201028_01 hgs parents: diff changeset	9	# Initial Contributors:
1efb81185f1c 201028_01 hgs parents: diff changeset	10	# Nokia Corporation - initial contribution.
1efb81185f1c 201028_01 hgs parents: diff changeset	11	#
1efb81185f1c 201028_01 hgs parents: diff changeset	12	# Contributors:
1efb81185f1c 201028_01 hgs parents: diff changeset	13	#
1efb81185f1c 201028_01 hgs parents: diff changeset	14	# Description:
1efb81185f1c 201028_01 hgs parents: diff changeset	15	# Script to convert the Mozilla certificate store into the store format Symbian OS understands.
1efb81185f1c 201028_01 hgs parents: diff changeset	16	#
1efb81185f1c 201028_01 hgs parents: diff changeset	17	# Mozilla certificate store and its associated license is available at
1efb81185f1c 201028_01 hgs parents: diff changeset	18	# http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
1efb81185f1c 201028_01 hgs parents: diff changeset	19	#
1efb81185f1c 201028_01 hgs parents: diff changeset	20	#
1efb81185f1c 201028_01 hgs parents: diff changeset	21
1efb81185f1c 201028_01 hgs parents: diff changeset	22	import string, getopt, sys, subprocess, glob, os
1efb81185f1c 201028_01 hgs parents: diff changeset	23
1efb81185f1c 201028_01 hgs parents: diff changeset	24	#
1efb81185f1c 201028_01 hgs parents: diff changeset	25	# Default input files
1efb81185f1c 201028_01 hgs parents: diff changeset	26	#
1efb81185f1c 201028_01 hgs parents: diff changeset	27	inFileMozillaCerts = "certdata.txt"
1efb81185f1c 201028_01 hgs parents: diff changeset	28	inFileTrustMapping = "trustmapping.txt"
1efb81185f1c 201028_01 hgs parents: diff changeset	29
1efb81185f1c 201028_01 hgs parents: diff changeset	30	#
1efb81185f1c 201028_01 hgs parents: diff changeset	31	# Output path (don't change this!) and other temp files
1efb81185f1c 201028_01 hgs parents: diff changeset	32	#
1efb81185f1c 201028_01 hgs parents: diff changeset	33	outPath = ".\\"
1efb81185f1c 201028_01 hgs parents: diff changeset	34	outFileCaCerts = "cacerts_text.txt"
1efb81185f1c 201028_01 hgs parents: diff changeset	35	outFileCertClients = "certclients_text.txt"
1efb81185f1c 201028_01 hgs parents: diff changeset	36	outCertAppOutput = "output.txt"
1efb81185f1c 201028_01 hgs parents: diff changeset	37
1efb81185f1c 201028_01 hgs parents: diff changeset	38	#
1efb81185f1c 201028_01 hgs parents: diff changeset	39	# Constants
1efb81185f1c 201028_01 hgs parents: diff changeset	40	#
1efb81185f1c 201028_01 hgs parents: diff changeset	41	ERROR_NONE = 0
1efb81185f1c 201028_01 hgs parents: diff changeset	42	ERROR_EOF = -1
1efb81185f1c 201028_01 hgs parents: diff changeset	43	ERROR_GENERAL = -2
1efb81185f1c 201028_01 hgs parents: diff changeset	44
1efb81185f1c 201028_01 hgs parents: diff changeset	45	#
1efb81185f1c 201028_01 hgs parents: diff changeset	46	# Class CertRecord
1efb81185f1c 201028_01 hgs parents: diff changeset	47	#
1efb81185f1c 201028_01 hgs parents: diff changeset	48	class CertRecord:
1efb81185f1c 201028_01 hgs parents: diff changeset	49	def __init__(self, file):
1efb81185f1c 201028_01 hgs parents: diff changeset	50	self.file = file
1efb81185f1c 201028_01 hgs parents: diff changeset	51	# Read over the first CKA_CLASS record
1efb81185f1c 201028_01 hgs parents: diff changeset	52	value = ""
1efb81185f1c 201028_01 hgs parents: diff changeset	53	self.ReadTokenValue("CKA_CLASS")
1efb81185f1c 201028_01 hgs parents: diff changeset	54	# Can we assert if value != "CKO_NETSCAPE_BUILTIN_ROOT_LIST"
1efb81185f1c 201028_01 hgs parents: diff changeset	55
1efb81185f1c 201028_01 hgs parents: diff changeset	56	# Read and parse next record, return 0 if no more records exist
1efb81185f1c 201028_01 hgs parents: diff changeset	57	def Next(self):
1efb81185f1c 201028_01 hgs parents: diff changeset	58	# Read next certificate token
1efb81185f1c 201028_01 hgs parents: diff changeset	59	err, value = self.ReadTokenValue("CKA_CLASS")
1efb81185f1c 201028_01 hgs parents: diff changeset	60	if (err == ERROR_EOF):
1efb81185f1c 201028_01 hgs parents: diff changeset	61	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	62	if (err != ERROR_NONE or value != "CKO_CERTIFICATE"):
1efb81185f1c 201028_01 hgs parents: diff changeset	63	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	64
1efb81185f1c 201028_01 hgs parents: diff changeset	65	# Read the cert label
1efb81185f1c 201028_01 hgs parents: diff changeset	66	err, self.certLabel = self.ReadTokenValue("CKA_LABEL")
1efb81185f1c 201028_01 hgs parents: diff changeset	67	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	68	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	69
1efb81185f1c 201028_01 hgs parents: diff changeset	70	# Read the cert type
1efb81185f1c 201028_01 hgs parents: diff changeset	71	err, self.certType = self.ReadTokenValue("CKA_CERTIFICATE_TYPE")
1efb81185f1c 201028_01 hgs parents: diff changeset	72	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	73	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	74
1efb81185f1c 201028_01 hgs parents: diff changeset	75	# Read the cert serial number
1efb81185f1c 201028_01 hgs parents: diff changeset	76	err, self.certSerialNum = self.ReadTokenValue("CKA_SERIAL_NUMBER")
1efb81185f1c 201028_01 hgs parents: diff changeset	77	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	78	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	79
1efb81185f1c 201028_01 hgs parents: diff changeset	80	# Read the actual cert data (DER encoded)
1efb81185f1c 201028_01 hgs parents: diff changeset	81	err, self.certData = self.ReadTokenValue("CKA_VALUE")
1efb81185f1c 201028_01 hgs parents: diff changeset	82	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	83	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	84
1efb81185f1c 201028_01 hgs parents: diff changeset	85	# Read the trust details
1efb81185f1c 201028_01 hgs parents: diff changeset	86	err, value = self.ReadTokenValue("CKA_CLASS")
1efb81185f1c 201028_01 hgs parents: diff changeset	87	if (err != ERROR_NONE or value != "CKO_NETSCAPE_TRUST"):
1efb81185f1c 201028_01 hgs parents: diff changeset	88	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	89
1efb81185f1c 201028_01 hgs parents: diff changeset	90	# Read the trust label and match it with cert label
1efb81185f1c 201028_01 hgs parents: diff changeset	91	err, self.trustLabel = self.ReadTokenValue("CKA_LABEL")
1efb81185f1c 201028_01 hgs parents: diff changeset	92	if (err != ERROR_NONE or self.trustLabel != self.certLabel):
1efb81185f1c 201028_01 hgs parents: diff changeset	93	print "Certificate and Trust label mismatch or not found for cert " + self.certLabel
1efb81185f1c 201028_01 hgs parents: diff changeset	94	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	95
1efb81185f1c 201028_01 hgs parents: diff changeset	96	# Read the SHA1 hash (aka thumbprint)
1efb81185f1c 201028_01 hgs parents: diff changeset	97	err, self.trustSha1Hash = self.ReadTokenValue("CKA_CERT_SHA1_HASH")
1efb81185f1c 201028_01 hgs parents: diff changeset	98
1efb81185f1c 201028_01 hgs parents: diff changeset	99	# Read the trust serial number and match it with cert serial number
1efb81185f1c 201028_01 hgs parents: diff changeset	100	err, self.trustSerialNum = self.ReadTokenValue("CKA_SERIAL_NUMBER")
1efb81185f1c 201028_01 hgs parents: diff changeset	101	if (err != ERROR_NONE or self.trustSerialNum != self.certSerialNum):
1efb81185f1c 201028_01 hgs parents: diff changeset	102	print "Warning: Certificate and Trust serial number mismatch or not found for cert " + self.certLabel
1efb81185f1c 201028_01 hgs parents: diff changeset	103
1efb81185f1c 201028_01 hgs parents: diff changeset	104	# Read the trust list. This has a variable token so can't use ReadTokenValue method
1efb81185f1c 201028_01 hgs parents: diff changeset	105	err, self.trustTrustList = self.ReadTrustValues()
1efb81185f1c 201028_01 hgs parents: diff changeset	106	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	107	return err
1efb81185f1c 201028_01 hgs parents: diff changeset	108
1efb81185f1c 201028_01 hgs parents: diff changeset	109	return ERROR_NONE
1efb81185f1c 201028_01 hgs parents: diff changeset	110
1efb81185f1c 201028_01 hgs parents: diff changeset	111	def ReadTrustValues(self):
1efb81185f1c 201028_01 hgs parents: diff changeset	112	# Keep reading lines till token "CKA_TRUST_STEP_UP_APPROVED" found
1efb81185f1c 201028_01 hgs parents: diff changeset	113	trustList = []
1efb81185f1c 201028_01 hgs parents: diff changeset	114	for line in self.file:
1efb81185f1c 201028_01 hgs parents: diff changeset	115	line = line.rstrip('\n')
1efb81185f1c 201028_01 hgs parents: diff changeset	116	fields = line.split(" ")
1efb81185f1c 201028_01 hgs parents: diff changeset	117	if (len(fields) == 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	118	continue
1efb81185f1c 201028_01 hgs parents: diff changeset	119	if (fields[0] == "CKA_TRUST_STEP_UP_APPROVED"):
1efb81185f1c 201028_01 hgs parents: diff changeset	120	# Done reading trust settings
1efb81185f1c 201028_01 hgs parents: diff changeset	121	return ERROR_NONE, trustList
1efb81185f1c 201028_01 hgs parents: diff changeset	122	break
1efb81185f1c 201028_01 hgs parents: diff changeset	123	if (fields[1] == "CK_TRUST"):
1efb81185f1c 201028_01 hgs parents: diff changeset	124	if ((fields[2] == "CKT_NETSCAPE_TRUSTED_DELEGATOR")):
1efb81185f1c 201028_01 hgs parents: diff changeset	125	trustList.append(fields[0].strip())
1efb81185f1c 201028_01 hgs parents: diff changeset	126	else:
1efb81185f1c 201028_01 hgs parents: diff changeset	127	# Something is wrong
1efb81185f1c 201028_01 hgs parents: diff changeset	128	print "Error reading trust settings. " + line
1efb81185f1c 201028_01 hgs parents: diff changeset	129	return ERROR_GENERAL, []
1efb81185f1c 201028_01 hgs parents: diff changeset	130
1efb81185f1c 201028_01 hgs parents: diff changeset	131	# End of file?
1efb81185f1c 201028_01 hgs parents: diff changeset	132	if (line == ""):
1efb81185f1c 201028_01 hgs parents: diff changeset	133	return ERROR_EOF, ""
1efb81185f1c 201028_01 hgs parents: diff changeset	134	print "Error in ReadTrustValues(). Token ('CKA_TRUST_STEP_UP_APPROVED') not found!"
1efb81185f1c 201028_01 hgs parents: diff changeset	135	return ERROR_GENERAL, ""
1efb81185f1c 201028_01 hgs parents: diff changeset	136
1efb81185f1c 201028_01 hgs parents: diff changeset	137	def ReadTokenValue(self, token):
1efb81185f1c 201028_01 hgs parents: diff changeset	138	# Keep reading lines till token found
1efb81185f1c 201028_01 hgs parents: diff changeset	139	for line in self.file:
1efb81185f1c 201028_01 hgs parents: diff changeset	140	line = line.rstrip('\n')
1efb81185f1c 201028_01 hgs parents: diff changeset	141	fields = line.split(" ")
1efb81185f1c 201028_01 hgs parents: diff changeset	142	if (len(fields) == 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	143	continue
1efb81185f1c 201028_01 hgs parents: diff changeset	144	if (fields[0] == token):
1efb81185f1c 201028_01 hgs parents: diff changeset	145	if (fields[1] != "MULTILINE_OCTAL"):
1efb81185f1c 201028_01 hgs parents: diff changeset	146	value = " ".join(fields[2:])
1efb81185f1c 201028_01 hgs parents: diff changeset	147	return ERROR_NONE, value
1efb81185f1c 201028_01 hgs parents: diff changeset	148	else:
1efb81185f1c 201028_01 hgs parents: diff changeset	149	# Read multiline octal value till END
1efb81185f1c 201028_01 hgs parents: diff changeset	150	value=""
1efb81185f1c 201028_01 hgs parents: diff changeset	151	for nextline in self.file:
1efb81185f1c 201028_01 hgs parents: diff changeset	152	nextline = nextline.rstrip('\n')
1efb81185f1c 201028_01 hgs parents: diff changeset	153	if (nextline == "END"):
1efb81185f1c 201028_01 hgs parents: diff changeset	154	break
1efb81185f1c 201028_01 hgs parents: diff changeset	155	if (nextline != ""):
1efb81185f1c 201028_01 hgs parents: diff changeset	156	# Convert string of octal to binary data
1efb81185f1c 201028_01 hgs parents: diff changeset	157	# There must be an easier way than this!
1efb81185f1c 201028_01 hgs parents: diff changeset	158	octalWordList = nextline.split("\\")
1efb81185f1c 201028_01 hgs parents: diff changeset	159	for octalWord in octalWordList:
1efb81185f1c 201028_01 hgs parents: diff changeset	160	if (octalWord != ""):
1efb81185f1c 201028_01 hgs parents: diff changeset	161	value = value + chr(int(octalWord, 8))
1efb81185f1c 201028_01 hgs parents: diff changeset	162	else:
1efb81185f1c 201028_01 hgs parents: diff changeset	163	print "ReadTokenValue(" + token + ") awaiting END. Unexpected end of file!"
1efb81185f1c 201028_01 hgs parents: diff changeset	164	return ERROR_EOF, ""
1efb81185f1c 201028_01 hgs parents: diff changeset	165	return ERROR_NONE, value
1efb81185f1c 201028_01 hgs parents: diff changeset	166
1efb81185f1c 201028_01 hgs parents: diff changeset	167	#print "ReadTokenValue(" + token + "). Token not found!"
1efb81185f1c 201028_01 hgs parents: diff changeset	168	return ERROR_EOF, ""
1efb81185f1c 201028_01 hgs parents: diff changeset	169
1efb81185f1c 201028_01 hgs parents: diff changeset	170	#
1efb81185f1c 201028_01 hgs parents: diff changeset	171	# Global function ReadTrustMapping()
1efb81185f1c 201028_01 hgs parents: diff changeset	172	#
1efb81185f1c 201028_01 hgs parents: diff changeset	173	def ReadTrustMapping(file):
1efb81185f1c 201028_01 hgs parents: diff changeset	174	trustMapping = []
1efb81185f1c 201028_01 hgs parents: diff changeset	175	for line in file:
1efb81185f1c 201028_01 hgs parents: diff changeset	176	line = line.rstrip('\n')
1efb81185f1c 201028_01 hgs parents: diff changeset	177	if (line == "" or line[0] == "#"):
1efb81185f1c 201028_01 hgs parents: diff changeset	178	continue
1efb81185f1c 201028_01 hgs parents: diff changeset	179	fields = line.split(",")
1efb81185f1c 201028_01 hgs parents: diff changeset	180	if (len(fields) == 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	181	continue
1efb81185f1c 201028_01 hgs parents: diff changeset	182	if ((len(fields) % 2) != 1):
1efb81185f1c 201028_01 hgs parents: diff changeset	183	print "Error in file '%s' in line '%s'\n" % inFileTrustMapping % line
1efb81185f1c 201028_01 hgs parents: diff changeset	184	return GENERAL_ERROR, [[]]
1efb81185f1c 201028_01 hgs parents: diff changeset	185	mozTrust = fields[0].strip()
1efb81185f1c 201028_01 hgs parents: diff changeset	186	for index in range(1, len(fields), 2):
1efb81185f1c 201028_01 hgs parents: diff changeset	187	appUID = fields[index].strip()
1efb81185f1c 201028_01 hgs parents: diff changeset	188	appName = fields[index + 1].strip()
1efb81185f1c 201028_01 hgs parents: diff changeset	189	trustMapping.append([mozTrust, appUID, appName])
1efb81185f1c 201028_01 hgs parents: diff changeset	190	return ERROR_NONE, trustMapping
1efb81185f1c 201028_01 hgs parents: diff changeset	191
1efb81185f1c 201028_01 hgs parents: diff changeset	192	#
1efb81185f1c 201028_01 hgs parents: diff changeset	193	# Global function ReadCommandlineArgs()
1efb81185f1c 201028_01 hgs parents: diff changeset	194	#
1efb81185f1c 201028_01 hgs parents: diff changeset	195	def ReadCommandlineArgs(argv):
1efb81185f1c 201028_01 hgs parents: diff changeset	196	try:
1efb81185f1c 201028_01 hgs parents: diff changeset	197	flags, args = getopt.getopt(argv[1:], "hm:t:", ["help", "mozilla=", "trust="])
1efb81185f1c 201028_01 hgs parents: diff changeset	198	except getopt.GetoptError, err:
1efb81185f1c 201028_01 hgs parents: diff changeset	199	# Print usage
1efb81185f1c 201028_01 hgs parents: diff changeset	200	print str(err) + "\n"
1efb81185f1c 201028_01 hgs parents: diff changeset	201	PrintUsage()
1efb81185f1c 201028_01 hgs parents: diff changeset	202	sys.exit(-1)
1efb81185f1c 201028_01 hgs parents: diff changeset	203	for flag, arg in flags:
1efb81185f1c 201028_01 hgs parents: diff changeset	204	if flag in ("-h", "--help"):
1efb81185f1c 201028_01 hgs parents: diff changeset	205	PrintUsage()
1efb81185f1c 201028_01 hgs parents: diff changeset	206	sys.exit()
1efb81185f1c 201028_01 hgs parents: diff changeset	207	elif flag in ("-m", "--mozilla"):
1efb81185f1c 201028_01 hgs parents: diff changeset	208	globals()["inFileMozillaCerts"] = arg
1efb81185f1c 201028_01 hgs parents: diff changeset	209	elif flag in ("-t", "--trust"):
1efb81185f1c 201028_01 hgs parents: diff changeset	210	globals()["inFileTrustMapping"] = arg
1efb81185f1c 201028_01 hgs parents: diff changeset	211	print "certconvert - This script converts the Mozilla certificate store into Symbian OS certificate store."
1efb81185f1c 201028_01 hgs parents: diff changeset	212	print "\nInput Mozilla store file: %s" % globals()["inFileMozillaCerts"]
1efb81185f1c 201028_01 hgs parents: diff changeset	213	print "Input trust mapping: %s" % globals()["inFileTrustMapping"]
1efb81185f1c 201028_01 hgs parents: diff changeset	214
1efb81185f1c 201028_01 hgs parents: diff changeset	215	#
1efb81185f1c 201028_01 hgs parents: diff changeset	216	#
1efb81185f1c 201028_01 hgs parents: diff changeset	217	#
1efb81185f1c 201028_01 hgs parents: diff changeset	218	def PrintUsage():
1efb81185f1c 201028_01 hgs parents: diff changeset	219	print "certconvert - This script converts the Mozilla certificate store into Symbian OS certificate store."
1efb81185f1c 201028_01 hgs parents: diff changeset	220	print "It uses certapp for the conversion so certapp must be in the path."
1efb81185f1c 201028_01 hgs parents: diff changeset	221	print "Usage: certconvert [-h] \| [-m <file> -t <file>] [-o <outpath>]"
1efb81185f1c 201028_01 hgs parents: diff changeset	222	print "where:"
1efb81185f1c 201028_01 hgs parents: diff changeset	223	print "-h \| --help\tshows this help"
1efb81185f1c 201028_01 hgs parents: diff changeset	224	print "-m \| --mozilla\tis used to specify the Mozilla certificate store input file."
1efb81185f1c 201028_01 hgs parents: diff changeset	225	print "\t\tIf not specified default is taken as 'certdata.txt'."
1efb81185f1c 201028_01 hgs parents: diff changeset	226	print "-t \| --trust\tis used to specify the input trust mapping input file."
1efb81185f1c 201028_01 hgs parents: diff changeset	227	print "\t\tThis file maps the trust settings from the Mozilla store to "
1efb81185f1c 201028_01 hgs parents: diff changeset	228	print "\t\tSymbian's applications and uids."
1efb81185f1c 201028_01 hgs parents: diff changeset	229	print "\t\tIf not specified default is taken as 'trustmapping.txt'."
1efb81185f1c 201028_01 hgs parents: diff changeset	230
1efb81185f1c 201028_01 hgs parents: diff changeset	231	#
1efb81185f1c 201028_01 hgs parents: diff changeset	232	# Main starts here
1efb81185f1c 201028_01 hgs parents: diff changeset	233	#
1efb81185f1c 201028_01 hgs parents: diff changeset	234
1efb81185f1c 201028_01 hgs parents: diff changeset	235	# Read and process command line arguments
1efb81185f1c 201028_01 hgs parents: diff changeset	236	ReadCommandlineArgs(sys.argv)
1efb81185f1c 201028_01 hgs parents: diff changeset	237
1efb81185f1c 201028_01 hgs parents: diff changeset	238	# First read the trust mappings file
1efb81185f1c 201028_01 hgs parents: diff changeset	239	print "Reading trust mapping file...",
1efb81185f1c 201028_01 hgs parents: diff changeset	240	file = open(inFileTrustMapping, "r")
1efb81185f1c 201028_01 hgs parents: diff changeset	241	err, trustMapping = ReadTrustMapping(file)
1efb81185f1c 201028_01 hgs parents: diff changeset	242	if (err != ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	243	print "\nError reading trust mapping file!\n"
1efb81185f1c 201028_01 hgs parents: diff changeset	244	sys.exit(-1)
1efb81185f1c 201028_01 hgs parents: diff changeset	245	file.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	246	print "done."
1efb81185f1c 201028_01 hgs parents: diff changeset	247
1efb81185f1c 201028_01 hgs parents: diff changeset	248	print "Reading Mozilla certificate store and processing certificates",
1efb81185f1c 201028_01 hgs parents: diff changeset	249	inFileMoz=open(inFileMozillaCerts, "r")
1efb81185f1c 201028_01 hgs parents: diff changeset	250	record = CertRecord(inFileMoz)
1efb81185f1c 201028_01 hgs parents: diff changeset	251	inRecNum = outRecNum = 0
1efb81185f1c 201028_01 hgs parents: diff changeset	252	while (record.Next() == ERROR_NONE):
1efb81185f1c 201028_01 hgs parents: diff changeset	253	inRecNum = inRecNum + 1
1efb81185f1c 201028_01 hgs parents: diff changeset	254	#print "Read record %d: %s" % (inRecNum, record.certLabel)
1efb81185f1c 201028_01 hgs parents: diff changeset	255	# Do filtering of records (if any)
1efb81185f1c 201028_01 hgs parents: diff changeset	256
1efb81185f1c 201028_01 hgs parents: diff changeset	257	outRecNum = outRecNum + 1
1efb81185f1c 201028_01 hgs parents: diff changeset	258	# Create the human readable filecertstore entry
1efb81185f1c 201028_01 hgs parents: diff changeset	259	if (outRecNum == 1):
1efb81185f1c 201028_01 hgs parents: diff changeset	260	if (os.path.exists(outPath) == False):
1efb81185f1c 201028_01 hgs parents: diff changeset	261	os.makedirs(outPath)
1efb81185f1c 201028_01 hgs parents: diff changeset	262	if (os.path.exists(outPath + "\\certs") == False):
1efb81185f1c 201028_01 hgs parents: diff changeset	263	os.makedirs(outPath + "\\certs")
1efb81185f1c 201028_01 hgs parents: diff changeset	264	outFileSym = open(outPath + outFileCaCerts, "w")
1efb81185f1c 201028_01 hgs parents: diff changeset	265	outFileSym.write("StartCertStoreEntries\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	266
1efb81185f1c 201028_01 hgs parents: diff changeset	267	outFileSym.write("\t# Entry %d\n" % outRecNum)
1efb81185f1c 201028_01 hgs parents: diff changeset	268
1efb81185f1c 201028_01 hgs parents: diff changeset	269	# Write out the SHA1 hash of the certificate (to make it easier to compare certs)
1efb81185f1c 201028_01 hgs parents: diff changeset	270	# Convert to hex
1efb81185f1c 201028_01 hgs parents: diff changeset	271	sha1hash = ""
1efb81185f1c 201028_01 hgs parents: diff changeset	272	#octalWordList = record.trustSha1Hash.split("\\")
1efb81185f1c 201028_01 hgs parents: diff changeset	273	for index in range(0, len(record.trustSha1Hash)):
1efb81185f1c 201028_01 hgs parents: diff changeset	274	hexdigits = hex(ord(record.trustSha1Hash[index]))[2:]
1efb81185f1c 201028_01 hgs parents: diff changeset	275	hexdigits = hexdigits.zfill(2)
1efb81185f1c 201028_01 hgs parents: diff changeset	276	sha1hash = sha1hash + hexdigits + " "
1efb81185f1c 201028_01 hgs parents: diff changeset	277	outFileSym.write("\t# Thumbprint(hex) %s\n" % sha1hash)
1efb81185f1c 201028_01 hgs parents: diff changeset	278
1efb81185f1c 201028_01 hgs parents: diff changeset	279	outFileSym.write("\tStartEntry " + record.certLabel + "\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	280	outFileSym.write("\t\tDeletable true\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	281	outFileSym.write("\t\tFormat EX509Certificate\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	282	outFileSym.write("\t\tCertOwnerType ECACertificate\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	283	outFileSym.write("\t\tSubjectKeyId auto\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	284	outFileSym.write("\t\tIssuerKeyId auto\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	285
1efb81185f1c 201028_01 hgs parents: diff changeset	286	# Write out trust details
1efb81185f1c 201028_01 hgs parents: diff changeset	287	outFileSym.write("\t\tStartApplicationList\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	288	for trust in record.trustTrustList:
1efb81185f1c 201028_01 hgs parents: diff changeset	289	# Look for the mapping
1efb81185f1c 201028_01 hgs parents: diff changeset	290	for mapping in trustMapping:
1efb81185f1c 201028_01 hgs parents: diff changeset	291	if (trust == mapping[0]):
1efb81185f1c 201028_01 hgs parents: diff changeset	292	# Found a mapping. Add it and keep on looking since
1efb81185f1c 201028_01 hgs parents: diff changeset	293	# there could be more than one app mapping
1efb81185f1c 201028_01 hgs parents: diff changeset	294	outFileSym.write('\t\t\tApplication "' + mapping[2] + '"\n');
1efb81185f1c 201028_01 hgs parents: diff changeset	295	outFileSym.write("\t\tEndApplicationList\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	296	outFileSym.write("\t\tTrusted true\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	297	certFileName = "certs\\\\cert%04d" % outRecNum + ".der"
1efb81185f1c 201028_01 hgs parents: diff changeset	298	outFileSym.write('\t\tDataFileName "' + certFileName + '"\n')
1efb81185f1c 201028_01 hgs parents: diff changeset	299	outFileSym.write("\tEndEntry\n\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	300	# Write the certificate file
1efb81185f1c 201028_01 hgs parents: diff changeset	301	outFileCert = open(outPath + certFileName, "wb")
1efb81185f1c 201028_01 hgs parents: diff changeset	302	outFileCert.write(record.certData)
1efb81185f1c 201028_01 hgs parents: diff changeset	303	outFileCert.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	304	print ".",
1efb81185f1c 201028_01 hgs parents: diff changeset	305
1efb81185f1c 201028_01 hgs parents: diff changeset	306	if (outRecNum > 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	307	outFileSym.write("EndCertStoreEntries\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	308	outFileSym.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	309	print "done."
1efb81185f1c 201028_01 hgs parents: diff changeset	310
1efb81185f1c 201028_01 hgs parents: diff changeset	311	# Finally create the app to uid mapping file for Symbian OS
1efb81185f1c 201028_01 hgs parents: diff changeset	312	if (outRecNum > 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	313	outFileSym = open(outPath + outFileCertClients, "w")
1efb81185f1c 201028_01 hgs parents: diff changeset	314	outFileSym.write("StartClientInfo\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	315	for index in range(0, len(trustMapping)):
1efb81185f1c 201028_01 hgs parents: diff changeset	316	outFileSym.write("\t#Entry %d\n" % (index + 1))
1efb81185f1c 201028_01 hgs parents: diff changeset	317	outFileSym.write("\t\tUid %s\n" % trustMapping[index][1])
1efb81185f1c 201028_01 hgs parents: diff changeset	318	outFileSym.write('\t\tName "%s"\n' % trustMapping[index][2])
1efb81185f1c 201028_01 hgs parents: diff changeset	319	outFileSym.write("EndClientInfo\n")
1efb81185f1c 201028_01 hgs parents: diff changeset	320	outFileSym.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	321	inFileMoz.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	322
1efb81185f1c 201028_01 hgs parents: diff changeset	323	print "Invoking certapp tool to create the Symbian certificate store...",
1efb81185f1c 201028_01 hgs parents: diff changeset	324	certappCmd = "certapp" + \
1efb81185f1c 201028_01 hgs parents: diff changeset	325	" --in --hca=" + outPath + outFileCaCerts + " --hcc=" + outPath + outFileCertClients + \
1efb81185f1c 201028_01 hgs parents: diff changeset	326	" --out --bca=" + outPath + "cacerts.dat" + " --bcc=" + outPath + "certclients.dat"
1efb81185f1c 201028_01 hgs parents: diff changeset	327
1efb81185f1c 201028_01 hgs parents: diff changeset	328	dummyFile = open(outPath + outCertAppOutput, "w")
1efb81185f1c 201028_01 hgs parents: diff changeset	329	p = subprocess.Popen(certappCmd, 0, None, None, dummyFile, dummyFile)
1efb81185f1c 201028_01 hgs parents: diff changeset	330	retcode = p.wait()
1efb81185f1c 201028_01 hgs parents: diff changeset	331	dummyFile.close()
1efb81185f1c 201028_01 hgs parents: diff changeset	332
1efb81185f1c 201028_01 hgs parents: diff changeset	333	if (retcode != 0):
1efb81185f1c 201028_01 hgs parents: diff changeset	334	print "\ncertapp returned error code: %d" % retcode
1efb81185f1c 201028_01 hgs parents: diff changeset	335	print certappCmd
1efb81185f1c 201028_01 hgs parents: diff changeset	336	print "For details see file " + outPath + outCertAppOutput
1efb81185f1c 201028_01 hgs parents: diff changeset	337	print "Leaving temp files untouched for debugging"
1efb81185f1c 201028_01 hgs parents: diff changeset	338	else:
1efb81185f1c 201028_01 hgs parents: diff changeset	339	print "done."
1efb81185f1c 201028_01 hgs parents: diff changeset	340	print "Cleaning up temp files...",
1efb81185f1c 201028_01 hgs parents: diff changeset	341	files = glob.glob(outPath + "certs\\*")
1efb81185f1c 201028_01 hgs parents: diff changeset	342	for file in files:
1efb81185f1c 201028_01 hgs parents: diff changeset	343	os.remove(file)
1efb81185f1c 201028_01 hgs parents: diff changeset	344	os.rmdir(outPath + "certs")
1efb81185f1c 201028_01 hgs parents: diff changeset	345	os.remove(outPath + outFileCaCerts)
1efb81185f1c 201028_01 hgs parents: diff changeset	346	os.remove(outPath + outFileCertClients)
1efb81185f1c 201028_01 hgs parents: diff changeset	347	os.remove(outPath + outCertAppOutput)
1efb81185f1c 201028_01 hgs parents: diff changeset	348	print "done."
1efb81185f1c 201028_01 hgs parents: diff changeset	349	print "Done. Read %d" % inRecNum + " certificates. Written %d" % outRecNum + " certificates.\n"

author	hgs
	Thu, 22 Jul 2010 20:18:20 +0530
changeset 86	465613364af0
parent 85	1efb81185f1c
permissions	-rw-r--r--