证书简介
- DER(Distinguished Encoding Rules)
DER是二进制格式,不可读。 - PEM(Privacy Enhanced Mail)
PEM以"-----BEGIN CERTIFICATE-----"开头, "-----END CERTIFICATE-----"结尾,内容以BASE64编码。
# 查看DER格式证书的信息
openssl x509 -in certificate.der -inform der -text -noout
生成方式
通过查看/system/ca-certificates/下的README.cacerts
格式为:.
#hash 查看
openssl x509 -subject_hash_old -in 证书文件
#cer格式
openssl x509 -inform DER -text -in cerfile > ${hash}.0
#pem格式
openssl x509 -inform PEM -text -in pemfile > ${hash}.0
集成方法
/system/ca-certificates/Android.mk
LOCAL_PATH := $(call my-dir)
#
# Definitions for installing Certificate Authority (CA) certificates
#
define all-files-under
$(patsubst ./%,%, \
$(shell cd $(LOCAL_PATH) ; \
find $(1) -type f) \
)
endef
# $(1): module name
# $(2): source file
# $(3): destination directory
define include-prebuilt-with-destination-directory
include $$(CLEAR_VARS)
LOCAL_MODULE := $(1)
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
LOCAL_MODULE_STEM := $(notdir $(2))
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(3)
LOCAL_SRC_FILES := $(2)
include $$(BUILD_PREBUILT)
endef
cacerts := $(call all-files-under,files)
cacerts_target_directory := $(TARGET_OUT)/etc/security/cacerts
$(foreach cacert, $(cacerts), $(eval $(call include-prebuilt-with-destination-directory,target-cacert-$(notdir $(cacert)),$(cacert),$(cacerts_target_directory))))
cacerts_target := $(addprefix $(cacerts_target_directory)/,$(foreach cacert,$(cacerts),$(notdir $(cacert))))
.PHONY: cacerts_target
cacerts: $(cacerts_target)
# This is so that build/target/product/core.mk can use cacerts in PRODUCT_PACKAGES
ALL_MODULES.cacerts.INSTALLED := $(cacerts_target)
cacerts_host_directory := $(HOST_OUT)/etc/security/cacerts
$(foreach cacert, $(cacerts), $(eval $(call include-prebuilt-with-destination-directory,host-cacert-$(notdir $(cacert)),$(cacert),$(cacerts_host_directory))))
cacerts_host := $(addprefix $(cacerts_host_directory)/,$(foreach cacert,$(cacerts),$(notdir $(cacert))))
.PHONY: cacerts-host
cacerts-host: $(cacerts_host)
include $(call all-makefiles-under,$(LOCAL_PATH))
可以看出只需要将${hash}.h
拷贝到/system/ca-certificates/files
目录下即可。
编译:
source/lunch/make
查看结果:
编译生成的文件在目录out/target/product/${product_name}/system/etc/security/cacerts/
下。
其他
google目录下:These CA certs are appropriate for connecting to Google services.
wfa_certs: These CA certs are Wi-Fi Alliance Root certificates.