Upload

.gitignore

@@ -0,0 +1,3 @@
+cert9.db
+key4.db
+pkcs11.txt

README-original.md

@@ -0,0 +1,23 @@
+b2g-certificates
+================
+
+A shell script to add root certificates to Firefox OS
+
+*The script originates at Enrico's [pending.io](http://www.pending.io/add-cacert-root-certificate-to-firefox-os/) where the discussion came up to enhance the script. The following is the initial documentation taken from that page as well. Anyone is welcome to contribute.*
+
+While being quite happy with my new Firefox OS phone so far, the biggest stopper for me was that, like all Mozilla products, the root certificate of [CAcert](https://www.cacert.org) was not included and so I could not access sites using certificates assured by CAcert.
+
+Recent versions of [Gaia](https://github.com/mozilla-b2g/gaia) allow to accept untrusted site certificates in the browser but in case you want to use an IMAP server or Caldav server which is using a CAcert assured certificate, you are still stuck.
+
+Based on a post by [Carmen Jiménez Cabezas](https://groups.google.com/forum/?fromgroups#!topic/mozilla.dev.b2g/B57slgVO3TU), I wrote a script to read the certificate database from the phone (via adb), add some certificates and then write the database back to the phone. After this procedure, the CAcert root certificate (or any other) are known by the phone and can be used. This enabled me to access my own IMAP server via SSL from the Email app and also use a self-hosted groupware as Caldav server for the Calendar app via HTTPS.
+
+How-to
+------
+
+Save the script somewhere on your system.
+
+Once done, add a new directory in the directory where you stored the script and place the certificates which you want to add to the phone's database in the sub directory 'certs'. For CAcert, this would be the class 3 root certificate in PEM format as found on the [CAcert website](https://www.cacert.org/index.php?id=3).
+
+Then simply run the script.
+
+Note: before running the script you need to enable 'Remote debugging' in the Developer settings menu and connect your phone with your PC using a USB cable (or more general: get adb working).

README.md

@@ -1,23 +1,32 @@
-b2g-certificates
-================
+# b2g-certificates
 
 A shell script to add root certificates to Firefox OS
 
-*The script originates at Enrico's [pending.io](http://www.pending.io/add-cacert-root-certificate-to-firefox-os/) where the discussion came up to enhance the script. The following is the initial documentation taken from that page as well. Anyone is welcome to contribute.*
+[Original README](README-original.md)
 
-While being quite happy with my new Firefox OS phone so far, the biggest stopper for me was that, like all Mozilla products, the root certificate of [CAcert](https://www.cacert.org) was not included and so I could not access sites using certificates assured by CAcert.
+Linux (Debian & Ubuntu): 
 
-Recent versions of [Gaia](https://github.com/mozilla-b2g/gaia) allow to accept untrusted site certificates in the browser but in case you want to use an IMAP server or Caldav server which is using a CAcert assured certificate, you are still stuck.
+```bash
+sudo apt-get install libnss3-tools adb wget
+git clone https://github.com/openGiraffes/b2g-certificates
+cd b2g-certificates
 
-Based on a post by [Carmen Jiménez Cabezas](https://groups.google.com/forum/?fromgroups#!topic/mozilla.dev.b2g/B57slgVO3TU), I wrote a script to read the certificate database from the phone (via adb), add some certificates and then write the database back to the phone. After this procedure, the CAcert root certificate (or any other) are known by the phone and can be used. This enabled me to access my own IMAP server via SSL from the Email app and also use a self-hosted groupware as Caldav server for the Calendar app via HTTPS.
+chmod +x ./add-certificates-to-phone.sh
+./add-certificates-to-phone.sh
 
-How-to
-------
+# If you are using WSL, please run this (Need to set Android Platform Tools as an environment variable)
+chmod +x ./add-certificates-to-phone-wsl.sh
+./add-certificates-to-phone-wsl.sh
+```
 
-Save the script somewhere on your system.
+Windows Batch(Testing and NSS `certutil` reported an error):
 
-Once done, add a new directory in the directory where you stored the script and place the certificates which you want to add to the phone's database in the sub directory 'certs'. For CAcert, this would be the class 3 root certificate in PEM format as found on the [CAcert website](https://www.cacert.org/index.php?id=3).
+```batch
+add-certificates-to-phone.bat
+```
 
-Then simply run the script.
+NSS (Windows, 3.35.0, fron AdGuard) `certutil` reported an error:
+```
+certutil.exe: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
+```
 
-Note: before running the script you need to enable 'Remote debugging' in the Developer settings menu and connect your phone with your PC using a USB cable (or more general: get adb working).

add-certificates-to-phone-wsl.sh

@@ -0,0 +1,61 @@
+#!/bin/bash
+
+CERT_DIR=certs
+ROOT_DIR_DB=/data/b2g/mozilla
+CERT=cert9.db
+KEY=key4.db
+PKCS11=pkcs11.txt
+DB_DIR=`adb.exe shell "ls -d ${ROOT_DIR_DB}/*.default 2>/dev/null" | sed "s/default.*$/default/g"`
+
+if [ "${DB_DIR}" = "" ]; then
+  echo "Profile directory does not exists. Please start the b2g process at
+least once before running this script."
+  exit 1
+fi
+
+function log
+{
+    GREEN="\E[32m"
+    RESET="\033[00;00m"
+    echo -e "${GREEN}$1${RESET}"
+}
+
+# cleanup
+rm -f ./$CERT
+rm -f ./$KEY
+rm -f ./$PKCS11
+
+# pull files from phone
+log "getting ${CERT}"
+adb.exe pull ${DB_DIR}/${CERT} .
+log "getting ${KEY}"
+adb.exe pull ${DB_DIR}/${KEY} .
+log "getting ${PKCS11}"
+adb.exe pull ${DB_DIR}/${PKCS11} .
+
+# clear password and add certificates
+log "set password (hit enter twice to set an empty password)"
+certutil -d 'sql:.' -N
+
+log "adding certificats"
+for i in ${CERT_DIR}/*
+do
+  log "Adding certificate $i"
+  certutil -d 'sql:.' -A -n "`basename $i`" -t "C,C,TC" -i $i
+done
+
+# push files to phone
+log "stopping b2g"
+adb.exe shell stop b2g
+
+log "copying ${CERT}"
+adb.exe push ./${CERT} ${DB_DIR}/${CERT}
+log "copying ${KEY}"
+adb.exe push ./${KEY} ${DB_DIR}/${KEY}
+log "copying ${PKCS11}"
+adb.exe push ./${PKCS11} ${DB_DIR}/${PKCS11}
+
+log "starting b2g"
+adb.exe shell start b2g
+
+log "Finished."

add-certificates-to-phone.bat

@@ -0,0 +1,55 @@
+@echo off
+:: Set environment variable
+set CERT_DIR=certs
+set CERT=cert9.db
+set KEY=key4.db
+set PKCS11=pkcs11.txt
+for /f %%i in ('adb shell "ls -d /data/b2g/mozilla/*.default 2>/dev/null" ^|^| "bin/sed.exe" "s/default.*$/default/g"') do set DB_DIR=%%i
+
+if DB_DIR == "" (
+    echo "Profile directory does not exists. Please start the b2g process at least once before running this script."
+    pause
+)
+
+:: Cleanup
+del /f %CERT%
+del /f %KEY%
+del /f %PKCS11%
+
+:: Pull files from phone
+@echo Getting %CERT%
+adb pull %DB_DIR%/%CERT% .
+
+@echo Getting %KEY%
+adb pull %DB_DIR%/%KEY% .
+
+@echo Getting %PKCS11%
+adb pull %DB_DIR%/%PKCS11% .
+
+:: Clear password and add certificates
+@echo Set password (hit enter twice to set an empty password)
+"bin/nss/certutil.exe" -d 'sql:.' -N
+
+@echo Adding certificats
+for %%i in (%CERT_DIR%/*) do (
+    echo Adding certificate %%i
+    "bin/nss/certutil.exe" -d 'sql:.' -A -n "`basename %%i`" -t "C,C,TC" -i %CERT_DIR%/%%i
+)
+
+:: Push files to phone
+@echo Stopping B2G
+adb shell stop b2g
+
+@echo copying %CERT%
+adb push ./%CERT% %DB_DIR%/%CERT%
+@echo copying %KEY%
+adb push ./%KEY% %DB_DIR%/%KEY%
+@echo copying %PKCS11%
+adb push ./%PKCS11% %DB_DIR%/%PKCS11%
+
+@echo Starting B2G
+adb shell start b2g
+
+@echo Finished.
+
+pause

certs/isrgrootx1.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----