česky | cymraeg | deutsch | english | español | français | nederlands | português --- more Android guides


back to: Andreas Terpotiz

CAcert for Android - Import

Description

With this batch file the CAcert root certificate can be imported on a mobile.

Required files will be automatically downloaded. Passwords are required, if necessary.

If your own certificates have to be copied to your mobile telephone, store those in a sub-directory named Own. This sub-directory should be in the same directory as the batch file. The format of the file(s) must be .p12 .pks respectively.

Tested with Windows 7 Home Professional x64
Download the file at the end of the source code.

@ECHO OFF
CLS
REM ##########################################################################################################################################
REM ### (c) 2013 Andreas Terpotiz <andreas.terpotiz@cacert.org>                                                                            ###
REM ##########################################################################################################################################
REM ### Function: Update the CA-certificates on an Android Handy.                                                                          ###
REM ### A presumption: Access to Internet                                                                                                  ###
REM ### wget: http://downloads.sourceforge.net/project/gnuwin32/wget/1.11.4-1/wget-1.11.4-1-bin.zip?r=&ts=1357593613&use_mirror=netcologne ###
REM ### The Password for your own certificate files and the Android password                                                               ###
REM ##########################################################################################################################################

REM ######################################################################################################################

SET /P WGET_PATH="Where is the WGET.EXE file located? "
IF NOT EXIST "%WGET_PATH%\wget.exe" CALL :ERROR_MSG "Couldn't find the WGET.EXE file."

REM ######################################################################################################################

REM Download files needed
ECHO Download files needed
"%WGET_PATH%\wget" -qc http://stahlforce.com/dev/unzip.exe
"%WGET_PATH%\wget" -qc http://dottech.org/downloads/adb_fastboot_and_other_tools.zip
unzip -qq adb_fastboot_and_other_tools.zip
MOVE adb_fastboot_and_other_tools adb 2>NUL 1>&2
SET PATH=%PATH%;%CD%\adb\android

IF EXIST "%ProgramFiles(x86)%\java\j*" GOTO SET_JAVA
IF EXIST "%ProgramFiles%\java\j*" GOTO SET_JAVA
CALL :ERROR_MSG "No Java installed"

:SET_JAVA
SET OLD_DIR="%CD%"
CD "%ProgramFiles(x86)%\Java\j*"
SET JAVA_HOME="%CD%"
SET PATH=%PATH%;%JAVA_HOME%\bin
CD "%OLD_DIR%"

REM ######################################################################################################################

REM Save the files needed
REM Here the password can be entered and/or added,
REM which will be used for the KeyStore test
ECHO "" > cert_passwords_for_store.txt
ECHO changeme >> cert_passwords_for_store.txt
ECHO changeit >> cert_passwords_for_store.txt

REM Here a file is created for deleting CAcert roots Aliases
ECHO CACERT3 > cert_alias_to_del.txt
ECHO CACERT >> cert_alias_to_del.txt
ECHO cacertclass3 >> cert_alias_to_del.txt
ECHO cacertclass1 >> cert_alias_to_del.txt
ECHO class3 >> cert_alias_to_del.txt
ECHO root >> cert_alias_to_del.txt

REM Here a file is created for deleting your cert(s) Alias(es)
REM Name(s) should correspond to cert name(s)
ECHO sso >> cert_alias_to_del.txt
ECHO andreas@terpotiz.net >> cert_alias_to_del.txt
ECHO aterpotiz@terpotiz.net >> cert_alias_to_del.txt
ECHO a.terpotiz@terpotiz.net >> cert_alias_to_del.txt
ECHO terpotiz@buz.at >> cert_alias_to_del.txt
ECHO andreas.terpotiz@live.at >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #5 >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #4 >> cert_alias_to_del.txt
ECHO CAcert Inc. ID von Andreas Terpotiz #2 >> cert_alias_to_del.txt

REM Here are the commands for loading the certificate
REM into Android Handy
ECHO su -c "mount -o rw,remount -t rfs /dev/block/stl9 /system" > android.txt
ECHO sleep 5 >> android.txt
ECHO su -c "cat /mnt/sdcard/cacerts.bks > /system/etc/security/cacerts.bks" >> android.txt
ECHO sleep 5 >> android.txt
ECHO su -c "mount -o ro,remount -t rfs /dev/block/stl9 /system" >> android.txt
ECHO sleep 5 >> android.txt
ECHO "reboot" >> android.txt

REM ######################################################################################################################

REM The test of Handy
ECHO Please close the Android Handy.
adb wait-for-device shell exit

ECHO Upload the list of certifikates to the Android Handy
adb pull /system/etc/security/cacerts.bks cacerts.bks 2>NUL 1>&2

ECHO Test the password of the certificate file
CALL :CHECK_DL http://bouncycastle.org/download/bcprov-jdk16-141.jar "Y/n" y
FOR /F %%a IN (cert_passwords_for_store.txt) DO (
        SET PASSWORD=%%a
        keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -v -list 2>NUL 1>&2
        IF ERRORLEVEL 0 GOTO WEITER
)

REM Manual Input
SET /P PASSWORD="Please enter the Keystore password: " || set PASSWORD=""
keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -v -list 2>NUL 1>&2
IF %ERRORLEVEL% EQU 0 GOTO WEITER

CALL :ERROR_MSG "Invalid password"

:WEITER
IF %PASSWORD%=="" (ECHO Empty password for certificate list file!) ELSE ECHO Password: %PASSWORD%

REM ######################################################################################################################

REM ################################################
REM ### Delete the certifikates with ALIAS Names ###
REM ################################################
:DEL_CERT
        SET /P DEL_CERT="Delete the old certificate?(Y/n): " || SET DEL_CERT=y
        IF  /I "%DEL_CERT%" EQU "y" ( GOTO DEL_CERT_YES) ELSE ( GOTO DEL_CERT_NO )
        GOTO DEL_CERT
:DEL_CERT_YES
        ECHO Delete an old, possibly existing certificate(s)
        FOR /F %%a IN (cert_alias_to_del.txt) DO @keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -alias %%a -delete 2>NUL 1>&2
:DEL_CERT_NO

REM ######################################################################################################################

REM ######################################
REM ### Import of CAcert roots         ###
REM ######################################
:CACERT_IMP
        SET /P CACERT_IMP="Import CAcert roots?(Y/n): " || SET CACERT_IMP=y
        IF  /I "%CACERT_IMP%" EQU "y" ( GOTO CACERT_IMP_YES) ELSE ( GOTO CACERT_IMP_NO )
        GOTO CACERT_IMP
:CACERT_IMP_YES
        ECHO CAcert certificates import
        "%WGET_PATH%\wget" -qc http://www.cacert.org/certs/root_X0F.crt
        "%WGET_PATH%\wget" -qc http://www.cacert.org/certs/class3_X0E.crt
        FOR /F "tokens=*" %%a in ('dir /b /a-d *.crt') DO @keytool -keystore cacerts.bks -storetype BKS -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -storepass %PASSWORD% -importcert -trustcacerts -alias "%%~na" -file %%a -v -noprompt
:CACERT_IMP_NO

REM ######################################
REM ### Import your own certificate    ###
REM ######################################
:CACERT_IMP
        SET /P CACERT_IMP="Do you want to import your own certificate?(Y/n): " || SET CACERT_IMP=n
        IF  /I "%CACERT_IMP%" EQU "y" ( GOTO CACERT_IMP_YES) ELSE ( GOTO CACERT_IMP_NO )
        GOTO CACERT_IMP
:CACERT_IMP_YES
        ECHO Import your own certificate
        REM Set the own certificate password
        set /P CERTPASS="Please enter the certificate's password: " || set /P CERTPASS=undef
        FOR /F "tokens=*" %%a in ('dir /b /a-d Own\*.p12') DO @keytool -importkeystore -srckeystore Own\%%a -srcstoretype pkcs12 -srcstorepass %CERTPASS% -providerpath bcprov-jdk16-141.jar -provider org.bouncycastle.jce.provider.BouncyCastleProvider -destkeystore cacerts.bks -deststoretype BKS -deststorepass %PASSWORD% -noprompt
:CACERT_IMP_NO

REM ######################################################################################################################

ECHO Write the list of certificates onto SD-Card
adb push cacerts.bks /mnt/sdcard/ 2>NUL 1>&2
ECHO All the work with the Android has finished
adb shell < android.txt

GOTO ENDE

REM ######################################################################################################################

REM ######################
REM ### SUBROUTINES    ###
REM ######################

:CHECK_DL
SETLOCAL
        :START
                SET /P CHKDL="Download from %1 %2" || SET CHKDL=%3
                IF  /I "%CHKDL%" EQU "y" ( GOTO CHKDL_DL) ELSE ( GOTO CHKDL_END )
                GOTO START
        :CHKDL_DL
                ECHO Hole "%1"
                "%WGET_PATH%\wget" -qc "%1"
                IF ERRORLEVEL 1 CALL :ERROR_MSG "%1 cannot be loaded"
        :CHKDL_END
ENDLOCAL
GOTO:EOF

:ERROR_MSG
CLS
ECHO "%~1"
ECHO The script has been canceled.
EXIT

REM ######################################################################################################################

:ENDE
DEL /F /S /Q adb  2>NUL 1>&2 & RD /S /Q adb 2>NUL 1>&2
DEL adb_fastboot_and_other_tools.zip 2>NUL 1>&2
DEL unzip.exe 2>NUL 1>&2
DEL cert_passwords_for_store.txt 2>NUL 1>&2
DEL cert_alias_to_del.txt 2>NUL 1>&2
DEL android.txt 2>NUL 1>&2
DEL cacerts.bks 2>NUL 1>&2
DEL class3_X0E.crt 2>NUL 1>&2
DEL root_X0F.crt 2>NUL 1>&2
DEL bcprov-jdk16-141.jar 2>NUL 1>&2

CAcert_to_Android.bat


Back to: Andreas Terpotiz


siehe auch FAQ


CAcertFürAndroid-Import/EN (last edited 2020-01-11 15:20:15 by AlesKastner)