Ruby scripts to parse Google Chromium's pinned certificates and then determine if they are self-signed.

check_selfsigned.rb

#!/usr/bin/env ruby
#
# check all certificates in "./certs/" whether they are a self-signed certificate, or not.
#
require 'openssl'
Dir['certs/*'].each do |file|
    #diff = `openssl x509 -in #{file} -noout -issuer -subject| cut -d'=' -f2 | uniq | wc -l`
    #if diff.chomp == '1'

    cert = OpenSSL::X509::Certificate.new(File.open(file))
    if cert.subject == cert.issuer
        #self-signed
        puts "[SS] #{file}"
    else
        #not self-signed
        puts "[-] #{file}"
    end
end

parse_pinned_certs.rb

#!/usr/bin/env ruby
# 
# This script parses a certificate file from Google Chromium's pinned
# certificate file into ./certs/ directory.
#
# Grab Chromium's pinned certs from 
# https://code.google.com/p/chromium/codesearch#chromium/src/net/http/transport_security_state_static.certs
#

open('transport_security_state_static.certs') do |f|
    name = ''
    start = false
    out = nil
    f.each_line do |line|
        line.chomp!
        if !start
            if line!='-----BEGIN CERTIFICATE-----'
                # it could be name
                name = line
            else
                puts '[i] start with name='+name
                start = true
                out = open("certs/#{name}.crt", 'w')
            end
        end

        if start
            out.puts line
        end

        if line=='-----END CERTIFICATE-----'
            puts '[i] stop'
            out.close
            out = nil
            start = false
        end
    end
end