#!/usr/bin/python
"""
Small utility to convert the Mozilla-format certificates
(/mozilla/security/nss/lib/ckfw/builtins/certdata.txt in the Mozilla CVS)
into PEM. Got the idea from http://curl.haxx.se/docs/parse-certs.txt.

Copyright (c) 2007 Open Source Applications Foundation.
"""

import array
from M2Crypto import X509

counter = 0
value = None
name = None

out = open('cacert.pem', 'wb')

for line in open('certdata.txt'):
    line = line.strip()
    if line.startswith('CKA_LABEL'):
        assert value is None

        label_encoding, name, dummy = line.split('"')
        label, encoding = label_encoding.split()

        assert encoding == 'UTF8'

    elif line == 'CKA_VALUE MULTILINE_OCTAL':
        assert name is not None

        value = array.array('c')

    elif value is not None and line == 'END':
        assert name is not None

        print 'Writing ' + name
        x509 = X509.load_cert_string(value.tostring(), X509.FORMAT_DER)
        if not x509.verify():
            print '  Skipping ' + name + ' since it does not verify'
            name = None
            value = None
            continue
        counter += 1

        out.write(name + '\n' + '=' * len(name) + '\n\n')
        out.write('SHA1 Fingerprint=' + x509.get_fingerprint('sha1') + '\n')
        out.write(x509.as_text())
        out.write(x509.as_pem())
        out.write('\n')

        name = None
        value = None

    elif value is not None:
        assert name is not None

        for number in line.split('\\'):
            if not number:
                continue

            value.append(chr(int(number, 8)))

print 'Wrote %d certificates' % counter