#!/bin/sh

extract_certificate_and_private_key()
{
  passphrase_file=$(mktemp) || exit
  echo asdf > $passphrase_file
  local nssdb="$1" name="$2"
  pk12util -d sql:"$nssdb"  -n "$name" -w "$passphrase_file" -o /dev/stdout |
    openssl pkcs12 -passin file:"$passphrase_file" -nodes
  rm "$passphrase_file"
}

extract_public_key()
{
  local nssdb="$1" name="$2"
  certutil -d sql:"$nssdb"  -L -n "$name" -a | openssl x509 -pubkey -noout
}

extract_private_key()
{
  extract_certificate_and_private_key "$@" | openssl rsa -outform PEM
}

extract_certificate()
{
  extract_certificate_and_private_key "$@" | openssl x509
}

for nssdb in "$HOME/.pki/nssdb" "$HOME"/.mozilla/firefox/*; do
  [ -d "$nssdb" ] || continue
  [ -e "$nssdb"/cert8.db -o -e "$nssdb"/cert9.db ] || continue
  echo "nssdb=$nssdb" >&2
  certutil -d sql:"$nssdb"  -L | sed -ne 's/ *.,.,.$//p' |
    while read name; do

#     certutil -d sql:"$nssdb" -K -n "$name"
#     extract_public_key "$nssdb" "$name"
#     extract_certificate_and_private_key "$nssdb" "$name"
      extract_private_key "$nssdb" "$name"
      extract_certificate "$nssdb" "$name"

    done
done