A FastAPI web application that automates the process of generating Samsung Tizen developer certificates for both TV and other Tizen devices.
Install uv globally (instructions)
# Run the generator for a TV device
uv run tv --device-id "000???" --email "[email protected]"
# Run the generator for another type of device
uv run generate --device-id "000???" --email "[email protected]"
Required parameters (or defined environment variables):
-
--device-id: Your device's unique identifier (can also read the environment variableDEVICE_ID) -
--email: Your Samsung account email (can also read the environment variableEMAIL) -
--cert-password: Password to use when generating the certificates (default is blank)
When you run the server, your browser will open to Samsung's login page. You'll need to sign in with your Samsung account to authorize the certificate generation. This provides the necessary OAuth access token for creating the certificates.
The certtool.py module automates the process of obtaining Samsung's certificate generation parameters:
- Downloads the latest extension_info.xml from Tizen Studio's repository
- Locates the "Samsung Certificate Extension" package
- Downloads and extracts the certificate extension ZIP
- Traverses the nested ZIP files to find:
- Required CA certificates
- Java class files containing OAuth configuration
- Java class defining certificate api URLs
The tool performs basic Java class file parsing to extract constants from SigninDialog.class:
- Reads the constant pool section of the class file
- Extracts string constants containing:
- SERVICE_ID for OAuth authentication
- Login URL endpoints
- DISTRIBUTER_URL
- AUTHOR_URL
This allows the tool to stay up-to-date with Samsung's latest certificate infrastructure without hardcoding values.
The application will:
- Start a local web server
- Open your browser to the Samsung authentication page
- Handle the OAuth callback
- Generate the certificates in the
certificatesdirectory
The following files will be created in the certificates directory:
author.p12- Author certificate in PKCS12 formatdistributor.p12- Distributor certificate in PKCS12 format- Various intermediate files (.csr, .key.pem, etc.)
All certificates are generated with empty passwords for easier integration with development tools.
cert_server.py- Main FastAPI application and certificate generation logiccerttool.py- Utility functions for Samsung certificate extension handlingrequirements.txt- Python package dependenciesca/- Directory containing CA certificates
Special thanks to Andreas Mausch (@andreas-mausch) for the research and documentation of the Samsung certificate generation process. The certificate chain and generation process is based on his work in the moonwatch project.
Additional thanks to @bloodlee for the PyJavap project, which provided valuable insights into Java class file parsing without external dependencies. While PyJavap is more comprehensive, its approach to class file structure analysis helped inform the focused implementation used in this project.
MIT License
