Perl Monks, I am working on a project and need to parse the content's of a user's firefox keystore. My current method is to use the certutil command to generate the output and look for matching lines. e.g.
# certutil -L -d /home/$username/.mozilla/firefox/*.default/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CN=$certname,OU=site,O=org,L=city,ST=state,C=US u,u,u CN=Certificate Authority,OU=site,O=org CT,C,C
In my script I basically do something like:
my $command = "certutil -L -d $config{firefox_profile}"; open(OUTPUT , "-|", "$command"); while (my $current = <OUTPUT>){ chomp $current; if ($current =~ /^($certname)/i) { #Do something } }
This works, but I am not happy with it. For this to work, I need to know the certificate name in advance or at least the pattern to do actual work on it and I never capture the certificate name. I would like to be able to dynamically capture the CN and trust level as separate values and place them in a hash. For example:
$cert_hash{CN=$certname,OU=site,O=org,L=city,ST=state,C=US}{trust} = “ +u,u,u”; $cert_hash{CN=Certificate Authority,OU=site,O=org}{trust} = “CT,C,C”;
No clean break exists between the certficate name and the trust level in the certutil output. Additionally, the certificate name is not a fixed length, may or may not have spaces, and may have a different path structures depending. In short, my questions are:
- Is certutil the only way to get the certificate data from firefox's db files or is there a more Perl way to do it?
- If certutil is my only option, is there a clean way to extract the certificate name and the trust level?
Thanks in advance,
In reply to Firefox Keystore - Parsing Certutil Output by fixed_1978
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |