[32476] | 1 | #!/usr/bin/env perl
|
---|
| 2 |
|
---|
| 3 | # WARNING: do not edit!
|
---|
| 4 | # Generated by makefile from tools\c_rehash.in
|
---|
| 5 | # Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 6 | #
|
---|
| 7 | # Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 8 | # this file except in compliance with the License. You can obtain a copy
|
---|
| 9 | # in the file LICENSE in the source distribution or at
|
---|
| 10 | # https://www.openssl.org/source/license.html
|
---|
| 11 |
|
---|
| 12 | # Perl c_rehash script, scan all files in a directory
|
---|
| 13 | # and add symbolic links to their hash values.
|
---|
| 14 |
|
---|
| 15 | my $dir = "C:\\Users\\Anupama\\OpenSSL\\Build-VC-32-release_1-1-1\\SSL";
|
---|
| 16 | my $prefix = "C:\\Users\\Anupama\\OpenSSL\\Build-VC-32-release_1-1-1";
|
---|
| 17 |
|
---|
| 18 | my $errorcount = 0;
|
---|
| 19 | my $openssl = $ENV{OPENSSL} || "openssl";
|
---|
| 20 | my $pwd;
|
---|
| 21 | my $x509hash = "-subject_hash";
|
---|
| 22 | my $crlhash = "-hash";
|
---|
| 23 | my $verbose = 0;
|
---|
| 24 | my $symlink_exists=eval {symlink("",""); 1};
|
---|
| 25 | my $removelinks = 1;
|
---|
| 26 |
|
---|
| 27 | ## Parse flags.
|
---|
| 28 | while ( $ARGV[0] =~ /^-/ ) {
|
---|
| 29 | my $flag = shift @ARGV;
|
---|
| 30 | last if ( $flag eq '--');
|
---|
| 31 | if ( $flag eq '-old') {
|
---|
| 32 | $x509hash = "-subject_hash_old";
|
---|
| 33 | $crlhash = "-hash_old";
|
---|
| 34 | } elsif ( $flag eq '-h' || $flag eq '-help' ) {
|
---|
| 35 | help();
|
---|
| 36 | } elsif ( $flag eq '-n' ) {
|
---|
| 37 | $removelinks = 0;
|
---|
| 38 | } elsif ( $flag eq '-v' ) {
|
---|
| 39 | $verbose++;
|
---|
| 40 | }
|
---|
| 41 | else {
|
---|
| 42 | print STDERR "Usage error; try -h.\n";
|
---|
| 43 | exit 1;
|
---|
| 44 | }
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 | sub help {
|
---|
| 48 | print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
|
---|
| 49 | print " -old use old-style digest\n";
|
---|
| 50 | print " -h or -help print this help text\n";
|
---|
| 51 | print " -v print files removed and linked\n";
|
---|
| 52 | exit 0;
|
---|
| 53 | }
|
---|
| 54 |
|
---|
| 55 | eval "require Cwd";
|
---|
| 56 | if (defined(&Cwd::getcwd)) {
|
---|
| 57 | $pwd=Cwd::getcwd();
|
---|
| 58 | } else {
|
---|
| 59 | $pwd=`pwd`;
|
---|
| 60 | chomp($pwd);
|
---|
| 61 | }
|
---|
| 62 |
|
---|
| 63 | # DOS/Win32 or Unix delimiter? Prefix our installdir, then search.
|
---|
| 64 | my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
|
---|
| 65 | $ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
|
---|
| 66 |
|
---|
| 67 | if (! -x $openssl) {
|
---|
| 68 | my $found = 0;
|
---|
| 69 | foreach (split /$path_delim/, $ENV{PATH}) {
|
---|
| 70 | if (-x "$_/$openssl") {
|
---|
| 71 | $found = 1;
|
---|
| 72 | $openssl = "$_/$openssl";
|
---|
| 73 | last;
|
---|
| 74 | }
|
---|
| 75 | }
|
---|
| 76 | if ($found == 0) {
|
---|
| 77 | print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
|
---|
| 78 | exit 0;
|
---|
| 79 | }
|
---|
| 80 | }
|
---|
| 81 |
|
---|
| 82 | if (@ARGV) {
|
---|
| 83 | @dirlist = @ARGV;
|
---|
| 84 | } elsif ($ENV{SSL_CERT_DIR}) {
|
---|
| 85 | @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
|
---|
| 86 | } else {
|
---|
| 87 | $dirlist[0] = "$dir/certs";
|
---|
| 88 | }
|
---|
| 89 |
|
---|
| 90 | if (-d $dirlist[0]) {
|
---|
| 91 | chdir $dirlist[0];
|
---|
| 92 | $openssl="$pwd/$openssl" if (!-x $openssl);
|
---|
| 93 | chdir $pwd;
|
---|
| 94 | }
|
---|
| 95 |
|
---|
| 96 | foreach (@dirlist) {
|
---|
| 97 | if (-d $_ ) {
|
---|
| 98 | if ( -w $_) {
|
---|
| 99 | hash_dir($_);
|
---|
| 100 | } else {
|
---|
| 101 | print "Skipping $_, can't write\n";
|
---|
| 102 | $errorcount++;
|
---|
| 103 | }
|
---|
| 104 | }
|
---|
| 105 | }
|
---|
| 106 | exit($errorcount);
|
---|
| 107 |
|
---|
| 108 | sub hash_dir {
|
---|
| 109 | my %hashlist;
|
---|
| 110 | print "Doing $_[0]\n";
|
---|
| 111 | chdir $_[0];
|
---|
| 112 | opendir(DIR, ".");
|
---|
| 113 | my @flist = sort readdir(DIR);
|
---|
| 114 | closedir DIR;
|
---|
| 115 | if ( $removelinks ) {
|
---|
| 116 | # Delete any existing symbolic links
|
---|
| 117 | foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
|
---|
| 118 | if (-l $_) {
|
---|
| 119 | print "unlink $_" if $verbose;
|
---|
| 120 | unlink $_ || warn "Can't unlink $_, $!\n";
|
---|
| 121 | }
|
---|
| 122 | }
|
---|
| 123 | }
|
---|
| 124 | FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
|
---|
| 125 | # Check to see if certificates and/or CRLs present.
|
---|
| 126 | my ($cert, $crl) = check_file($fname);
|
---|
| 127 | if (!$cert && !$crl) {
|
---|
| 128 | print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
|
---|
| 129 | next;
|
---|
| 130 | }
|
---|
| 131 | link_hash_cert($fname) if ($cert);
|
---|
| 132 | link_hash_crl($fname) if ($crl);
|
---|
| 133 | }
|
---|
| 134 | }
|
---|
| 135 |
|
---|
| 136 | sub check_file {
|
---|
| 137 | my ($is_cert, $is_crl) = (0,0);
|
---|
| 138 | my $fname = $_[0];
|
---|
| 139 | open IN, $fname;
|
---|
| 140 | while(<IN>) {
|
---|
| 141 | if (/^-----BEGIN (.*)-----/) {
|
---|
| 142 | my $hdr = $1;
|
---|
| 143 | if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
|
---|
| 144 | $is_cert = 1;
|
---|
| 145 | last if ($is_crl);
|
---|
| 146 | } elsif ($hdr eq "X509 CRL") {
|
---|
| 147 | $is_crl = 1;
|
---|
| 148 | last if ($is_cert);
|
---|
| 149 | }
|
---|
| 150 | }
|
---|
| 151 | }
|
---|
| 152 | close IN;
|
---|
| 153 | return ($is_cert, $is_crl);
|
---|
| 154 | }
|
---|
| 155 |
|
---|
| 156 |
|
---|
| 157 | # Link a certificate to its subject name hash value, each hash is of
|
---|
| 158 | # the form <hash>.<n> where n is an integer. If the hash value already exists
|
---|
| 159 | # then we need to up the value of n, unless its a duplicate in which
|
---|
| 160 | # case we skip the link. We check for duplicates by comparing the
|
---|
| 161 | # certificate fingerprints
|
---|
| 162 |
|
---|
| 163 | sub link_hash_cert {
|
---|
| 164 | my $fname = $_[0];
|
---|
| 165 | $fname =~ s/'/'\\''/g;
|
---|
| 166 | my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
|
---|
| 167 | chomp $hash;
|
---|
| 168 | chomp $fprint;
|
---|
| 169 | $fprint =~ s/^.*=//;
|
---|
| 170 | $fprint =~ tr/://d;
|
---|
| 171 | my $suffix = 0;
|
---|
| 172 | # Search for an unused hash filename
|
---|
| 173 | while(exists $hashlist{"$hash.$suffix"}) {
|
---|
| 174 | # Hash matches: if fingerprint matches its a duplicate cert
|
---|
| 175 | if ($hashlist{"$hash.$suffix"} eq $fprint) {
|
---|
| 176 | print STDERR "WARNING: Skipping duplicate certificate $fname\n";
|
---|
| 177 | return;
|
---|
| 178 | }
|
---|
| 179 | $suffix++;
|
---|
| 180 | }
|
---|
| 181 | $hash .= ".$suffix";
|
---|
| 182 | if ($symlink_exists) {
|
---|
| 183 | print "link $fname -> $hash\n" if $verbose;
|
---|
| 184 | symlink $fname, $hash || warn "Can't symlink, $!";
|
---|
| 185 | } else {
|
---|
| 186 | print "copy $fname -> $hash\n" if $verbose;
|
---|
| 187 | if (open($in, "<", $fname)) {
|
---|
| 188 | if (open($out,">", $hash)) {
|
---|
| 189 | print $out $_ while (<$in>);
|
---|
| 190 | close $out;
|
---|
| 191 | } else {
|
---|
| 192 | warn "can't open $hash for write, $!";
|
---|
| 193 | }
|
---|
| 194 | close $in;
|
---|
| 195 | } else {
|
---|
| 196 | warn "can't open $fname for read, $!";
|
---|
| 197 | }
|
---|
| 198 | }
|
---|
| 199 | $hashlist{$hash} = $fprint;
|
---|
| 200 | }
|
---|
| 201 |
|
---|
| 202 | # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
|
---|
| 203 |
|
---|
| 204 | sub link_hash_crl {
|
---|
| 205 | my $fname = $_[0];
|
---|
| 206 | $fname =~ s/'/'\\''/g;
|
---|
| 207 | my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
|
---|
| 208 | chomp $hash;
|
---|
| 209 | chomp $fprint;
|
---|
| 210 | $fprint =~ s/^.*=//;
|
---|
| 211 | $fprint =~ tr/://d;
|
---|
| 212 | my $suffix = 0;
|
---|
| 213 | # Search for an unused hash filename
|
---|
| 214 | while(exists $hashlist{"$hash.r$suffix"}) {
|
---|
| 215 | # Hash matches: if fingerprint matches its a duplicate cert
|
---|
| 216 | if ($hashlist{"$hash.r$suffix"} eq $fprint) {
|
---|
| 217 | print STDERR "WARNING: Skipping duplicate CRL $fname\n";
|
---|
| 218 | return;
|
---|
| 219 | }
|
---|
| 220 | $suffix++;
|
---|
| 221 | }
|
---|
| 222 | $hash .= ".r$suffix";
|
---|
| 223 | if ($symlink_exists) {
|
---|
| 224 | print "link $fname -> $hash\n" if $verbose;
|
---|
| 225 | symlink $fname, $hash || warn "Can't symlink, $!";
|
---|
| 226 | } else {
|
---|
| 227 | print "cp $fname -> $hash\n" if $verbose;
|
---|
| 228 | system ("cp", $fname, $hash);
|
---|
| 229 | warn "Can't copy, $!" if ($? >> 8) != 0;
|
---|
| 230 | }
|
---|
| 231 | $hashlist{$hash} = $fprint;
|
---|
| 232 | }
|
---|