I propose we make life better for 3rd party AOSP consumers by writing an upstream python script to output the Base64-encoded certificate for a given APK. AOSP consumers will need this information in order to modify config_webview_packages.xml (see http://go/clank-webview/webview-providers for details).

This probably isn't that hard for us to write, and I could imagine this is handy if AOSP consumers ever want to ship both monochrome and webview to their users.

---

I suppose this *might* be handy for trichrome too (issue 887078). I imagine devs might want to print TrichromeLibrary's signature and verify it matches the signature hardcoded in TrichromeWebView's manifest. But, only Torne can comment on if StaticSharedLibraries use the same format as config_webview_packages.xml.

---

Anyone have pointers for how to do this? The best I have is:

$ APK=path/to/WebView.apk
$ unzip -p "$APK" META-INF/CERT.RSA | openssl pkcs7 -in - -inform DER -print_certs | egrep '[a-zA-Z0-9/+]+$' | tr -d '\n'

^ Although this doesn't quite work as nicely as I would like.