česky | cymraeg | deutsch | english | español | français | nederlands | português --- more Android guides
back to: Andreas Terpotiz
CAcert for Android - Import
Description
With this batch file the CAcert root certificate can be imported on a mobile.
Required files will be automatically downloaded. Passwords are required, if necessary.
If your own certificates have to be copied to your mobile telephone, store those in a sub-directory named Own. This sub-directory should be in the same directory as the batch file. The format of the file(s) must be .p12 .pks respectively.
Tested with Windows 7 Home Professional x64
Download the file at the end of the source code.
@ECHO OFF
CLS
REM ##########################################################################################################################################
REM ### (c) 2013 Andreas Terpotiz <andreas.terpotiz@cacert.org> ###
REM ##########################################################################################################################################
REM ### Function: Update the CA-certificates on an Android Handy. ###
REM ### A presumption: Access to Internet ###
REM ### wget: http://downloads.sourceforge.net/project/gnuwin32/wget/1.11.4-1/wget-1.11.4-1-bin.zip?r=&ts=1357593613&use_mirror=netcologne ###
REM ### The Password for your own certificate files and the Android password ###
REM ##########################################################################################################################################
REM ######################################################################################################################
SET /P WGET_PATH="Where is the WGET.EXE file located? "
IF NOT EXIST "%WGET_PATH%\wget.exe" CALL :ERROR_MSG "Couldn't find the WGET.EXE file."
REM ######################################################################################################################
REM Download files needed
ECHO Download files needed
"%WGET_PATH%\wget" -qc http://stahlforce.com/dev/unzip.exe
"%WGET_PATH%\wget" -qc http://dottech.org/downloads/adb_fastboot_and_other_tools.zip
unzip -qq adb_fastboot_and_other_tools.zip
MOVE adb_fastboot_and_other_tools adb 2>NUL 1>&2
SET PATH=%PATH%;%CD%\adb\android
IF EXIST "%ProgramFiles(x86)%\java\j*" GOTO SET_JAVA
IF EXIST "%ProgramFiles%\java\j*" GOTO SET_JAVA
CALL :ERROR_MSG "No Java installed"
:SET_JAVA
SET OLD_DIR="%CD%"
CD "%ProgramFiles(x86)%\Java\j*"
SET JAVA_HOME="%CD%"
SET PATH=%PATH%;%JAVA_HOME%\bin
CD "%OLD_DIR%"
REM ######################################################################################################################
REM Save the files needed
REM Here the password can be entered and/or added,
REM which will be used for the KeyStore test
ECHO "" > cert_passwords_for_store.txt
ECHO changeme >> cert_passwords_for_store.txt
ECHO changeit >> cert_passwords_for_store.txt
REM Here a file is created for deleting CAcert roots Aliases
ECHO CACERT3 > cert_alias_to_del.txt
ECHO CACERT >> cert_alias_to_del.txt
ECHO cacertclass3 >> cert_alias_to_del.txt
ECHO cacertclass1 >> cert_alias_to_del.txt
ECHO class3 >> cert_alias_to_del.txt
ECHO root >> cert_alias_to_del.txt
REM Here a file is created for deleting your cert(s) Alias(es)
REM Name(s) should correspond to cert name(s)
ECHO sso >> cert_alias_to_del.txt
ECHO andreas@terpotiz.net >> cert_alias_to_del.txt
ECHO aterpotiz@terpotiz.net >> cert_alias_to_del.txt
ECHO a.terpotiz@terpotiz.net >> cert_alias_to_del.txt
ECHO terpotiz@buz.at >> cert_alias_to_del.txt
ECHO andreas.terpotiz@live.at >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #5 >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #4 >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #2 >> cert_alias_to_del.txt
REM Here are the commands for loading the certificate
REM into Android Handy
ECHO su -c "mount -o rw,remount -t rfs /dev/block/stl9 /system" > android.txt
ECHO sleep 5 >> android.txt
ECHO su -c "cat /mnt/sdcard/cacerts.bks > /system/etc/security/cacerts.bks" >> android.txt
ECHO sleep 5 >> android.txt
ECHO su -c "mount -o ro,remount -t rfs /dev/block/stl9 /system" >> android.txt
ECHO sleep 5 >> android.txt
ECHO "reboot" >> android.txt
REM ######################################################################################################################
REM The test of Handy
ECHO Please close the Android Handy.
adb wait-for-device shell exit
ECHO Upload the list of certifikates to the Android Handy
adb pull /system/etc/security/cacerts.bks cacerts.bks 2>NUL 1>&2
ECHO Test the password of the certificate file
CALL :CHECK_DL http://bouncycastle.org/download/bcprov-jdk16-141.jar "Y/n" y
FOR /F %%a IN (cert_passwords_for_store.txt) DO (
SET PASSWORD=%%a
keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -v -list 2>NUL 1>&2
IF ERRORLEVEL 0 GOTO WEITER
)
REM Manual Input
SET /P PASSWORD="Please enter the Keystore password: " || set PASSWORD=""
keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -v -list 2>NUL 1>&2
IF %ERRORLEVEL% EQU 0 GOTO WEITER
CALL :ERROR_MSG "Invalid password"
:WEITER
IF %PASSWORD%=="" (ECHO Empty password for certificate list file!) ELSE ECHO Password: %PASSWORD%
REM ######################################################################################################################
REM ################################################
REM ### Delete the certifikates with ALIAS Names ###
REM ################################################
:DEL_CERT
SET /P DEL_CERT="Delete the old certificate?(Y/n): " || SET DEL_CERT=y
IF /I "%DEL_CERT%" EQU "y" ( GOTO DEL_CERT_YES) ELSE ( GOTO DEL_CERT_NO )
GOTO DEL_CERT
:DEL_CERT_YES
ECHO Delete an old, possibly existing certificate(s)
FOR /F %%a IN (cert_alias_to_del.txt) DO @keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -alias %%a -delete 2>NUL 1>&2
:DEL_CERT_NO
REM ######################################################################################################################
REM ######################################
REM ### Import of CAcert roots ###
REM ######################################
:CACERT_IMP
SET /P CACERT_IMP="Import CAcert roots?(Y/n): " || SET CACERT_IMP=y
IF /I "%CACERT_IMP%" EQU "y" ( GOTO CACERT_IMP_YES) ELSE ( GOTO CACERT_IMP_NO )
GOTO CACERT_IMP
:CACERT_IMP_YES
ECHO CAcert certificates import
"%WGET_PATH%\wget" -qc http://www.cacert.org/certs/root_X0F.crt
"%WGET_PATH%\wget" -qc http://www.cacert.org/certs/class3_x14E228.crt
FOR /F "tokens=*" %%a in ('dir /b /a-d *.crt') DO @keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -importcert -trustcacerts -alias "%%~na" -file %%a -v -noprompt
:CACERT_IMP_NO
REM ######################################
REM ### Import your own certificate ###
REM ######################################
:CACERT_IMP
SET /P CACERT_IMP="Do you want to import your own certificate?(Y/n): " || SET CACERT_IMP=n
IF /I "%CACERT_IMP%" EQU "y" ( GOTO CACERT_IMP_YES) ELSE ( GOTO CACERT_IMP_NO )
GOTO CACERT_IMP
:CACERT_IMP_YES
ECHO Import your own certificate
REM Set the own certificate password
set /P CERTPASS="Please enter the certificate's password: " || set /P CERTPASS=undef
FOR /F "tokens=*" %%a in ('dir /b /a-d Own\*.p12') DO @keytool -importkeystore -srckeystore Own\%%a -srcstoretype pkcs12 -srcstorepass %CERTPASS% -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -destkeystore cacerts.bks -deststoretype BKS -deststorepass %PASSWORD% -noprompt
:CACERT_IMP_NO
REM ######################################################################################################################
ECHO Write the list of certificates onto SD-Card
adb push cacerts.bks /mnt/sdcard/ 2>NUL 1>&2
ECHO All the work with the Android has finished
adb shell < android.txt
GOTO ENDE
REM ######################################################################################################################
REM ######################
REM ### SUBROUTINES ###
REM ######################
:CHECK_DL
SETLOCAL
:START
SET /P CHKDL="Download from %1 %2" || SET CHKDL=%3
IF /I "%CHKDL%" EQU "y" ( GOTO CHKDL_DL) ELSE ( GOTO CHKDL_END )
GOTO START
:CHKDL_DL
ECHO Hole "%1"
"%WGET_PATH%\wget" -qc "%1"
IF ERRORLEVEL 1 CALL :ERROR_MSG "%1 cannot be loaded"
:CHKDL_END
ENDLOCAL
GOTO:EOF
:ERROR_MSG
CLS
ECHO "%~1"
ECHO The script has been canceled.
EXIT
REM ######################################################################################################################
:ENDE
DEL /F /S /Q adb 2>NUL 1>&2 & RD /S /Q adb 2>NUL 1>&2
DEL adb_fastboot_and_other_tools.zip 2>NUL 1>&2
DEL unzip.exe 2>NUL 1>&2
DEL cert_passwords_for_store.txt 2>NUL 1>&2
DEL cert_alias_to_del.txt 2>NUL 1>&2
DEL android.txt 2>NUL 1>&2
DEL cacerts.bks 2>NUL 1>&2
DEL class3_x14E228.crt 2>NUL 1>&2
DEL root_X0F.crt 2>NUL 1>&2
DEL bcprov-jdk16-141.jar 2>NUL 1>&2
Back to: Andreas Terpotiz
Copy the source text and save it as text document. Coding in the English text: ANSI = ASCII-7bit with the 8th bit=0.
Or, download the attachment.