root/main/trunk/greenstone3/bin/windows/openssl/bin/c_rehash.pl @ 32476

Revision 32476, 6.4 KB (checked in by ak19, 9 months ago)

Compiled up 32 bit OpenSSL v 1.1.1 on Windows to use in place of ZeroSSL to generate keys. Works on 64 bit to generate keys. Committing just the products (with folder structure) we need for generating keys, as that's all we'll be using openSSL for on Windows, to save on binary size. Instructions on compiling OpenSSL (32 and 64 bit targets, openSSL versions 1.0.2p and 1.1.1) and instructions on packaging up it up for SVN are at internal wiki page Compiling OpenSSL on Windows

Line 
1#!/usr/bin/env perl
2
3# WARNING: do not edit!
4# Generated by makefile from tools\c_rehash.in
5# Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
6#
7# Licensed under the OpenSSL license (the "License").  You may not use
8# this file except in compliance with the License.  You can obtain a copy
9# in the file LICENSE in the source distribution or at
10# https://www.openssl.org/source/license.html
11
12# Perl c_rehash script, scan all files in a directory
13# and add symbolic links to their hash values.
14
15my $dir = "C:\\Users\\Anupama\\OpenSSL\\Build-VC-32-release_1-1-1\\SSL";
16my $prefix = "C:\\Users\\Anupama\\OpenSSL\\Build-VC-32-release_1-1-1";
17
18my $errorcount = 0;
19my $openssl = $ENV{OPENSSL} || "openssl";
20my $pwd;
21my $x509hash = "-subject_hash";
22my $crlhash = "-hash";
23my $verbose = 0;
24my $symlink_exists=eval {symlink("",""); 1};
25my $removelinks = 1;
26
27##  Parse flags.
28while ( $ARGV[0] =~ /^-/ ) {
29    my $flag = shift @ARGV;
30    last if ( $flag eq '--');
31    if ( $flag eq '-old') {
32        $x509hash = "-subject_hash_old";
33        $crlhash = "-hash_old";
34    } elsif ( $flag eq '-h' || $flag eq '-help' ) {
35        help();
36    } elsif ( $flag eq '-n' ) {
37        $removelinks = 0;
38    } elsif ( $flag eq '-v' ) {
39        $verbose++;
40    }
41    else {
42        print STDERR "Usage error; try -h.\n";
43        exit 1;
44    }
45}
46
47sub help {
48    print "Usage: c_rehash [-old] [-h] [-help] [-v] [dirs...]\n";
49    print "   -old use old-style digest\n";
50    print "   -h or -help print this help text\n";
51    print "   -v print files removed and linked\n";
52    exit 0;
53}
54
55eval "require Cwd";
56if (defined(&Cwd::getcwd)) {
57    $pwd=Cwd::getcwd();
58} else {
59    $pwd=`pwd`;
60    chomp($pwd);
61}
62
63# DOS/Win32 or Unix delimiter?  Prefix our installdir, then search.
64my $path_delim = ($pwd =~ /^[a-z]\:/i) ? ';' : ':';
65$ENV{PATH} = "$prefix/bin" . ($ENV{PATH} ? $path_delim . $ENV{PATH} : "");
66
67if (! -x $openssl) {
68    my $found = 0;
69    foreach (split /$path_delim/, $ENV{PATH}) {
70        if (-x "$_/$openssl") {
71            $found = 1;
72            $openssl = "$_/$openssl";
73            last;
74        }   
75    }
76    if ($found == 0) {
77        print STDERR "c_rehash: rehashing skipped ('openssl' program not available)\n";
78        exit 0;
79    }
80}
81
82if (@ARGV) {
83    @dirlist = @ARGV;
84} elsif ($ENV{SSL_CERT_DIR}) {
85    @dirlist = split /$path_delim/, $ENV{SSL_CERT_DIR};
86} else {
87    $dirlist[0] = "$dir/certs";
88}
89
90if (-d $dirlist[0]) {
91    chdir $dirlist[0];
92    $openssl="$pwd/$openssl" if (!-x $openssl);
93    chdir $pwd;
94}
95
96foreach (@dirlist) {
97    if (-d $_ ) {
98            if ( -w $_) {
99        hash_dir($_);
100            } else {
101                print "Skipping $_, can't write\n";
102                $errorcount++;
103            }
104    }
105}
106exit($errorcount);
107
108sub hash_dir {
109    my %hashlist;
110    print "Doing $_[0]\n";
111    chdir $_[0];
112    opendir(DIR, ".");
113    my @flist = sort readdir(DIR);
114    closedir DIR;
115    if ( $removelinks ) {
116        # Delete any existing symbolic links
117        foreach (grep {/^[\da-f]+\.r{0,1}\d+$/} @flist) {
118            if (-l $_) {
119                print "unlink $_" if $verbose;
120                unlink $_ || warn "Can't unlink $_, $!\n";
121            }
122        }
123    }
124    FILE: foreach $fname (grep {/\.(pem)|(crt)|(cer)|(crl)$/} @flist) {
125        # Check to see if certificates and/or CRLs present.
126        my ($cert, $crl) = check_file($fname);
127        if (!$cert && !$crl) {
128            print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
129            next;
130        }
131        link_hash_cert($fname) if ($cert);
132        link_hash_crl($fname) if ($crl);
133    }
134}
135
136sub check_file {
137    my ($is_cert, $is_crl) = (0,0);
138    my $fname = $_[0];
139    open IN, $fname;
140    while(<IN>) {
141        if (/^-----BEGIN (.*)-----/) {
142            my $hdr = $1;
143            if ($hdr =~ /^(X509 |TRUSTED |)CERTIFICATE$/) {
144                $is_cert = 1;
145                last if ($is_crl);
146            } elsif ($hdr eq "X509 CRL") {
147                $is_crl = 1;
148                last if ($is_cert);
149            }
150        }
151    }
152    close IN;
153    return ($is_cert, $is_crl);
154}
155
156
157# Link a certificate to its subject name hash value, each hash is of
158# the form <hash>.<n> where n is an integer. If the hash value already exists
159# then we need to up the value of n, unless its a duplicate in which
160# case we skip the link. We check for duplicates by comparing the
161# certificate fingerprints
162
163sub link_hash_cert {
164        my $fname = $_[0];
165        $fname =~ s/'/'\\''/g;
166        my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
167        chomp $hash;
168        chomp $fprint;
169        $fprint =~ s/^.*=//;
170        $fprint =~ tr/://d;
171        my $suffix = 0;
172        # Search for an unused hash filename
173        while(exists $hashlist{"$hash.$suffix"}) {
174            # Hash matches: if fingerprint matches its a duplicate cert
175            if ($hashlist{"$hash.$suffix"} eq $fprint) {
176                print STDERR "WARNING: Skipping duplicate certificate $fname\n";
177                return;
178            }
179            $suffix++;
180        }
181        $hash .= ".$suffix";
182        if ($symlink_exists) {
183            print "link $fname -> $hash\n" if $verbose;
184            symlink $fname, $hash || warn "Can't symlink, $!";
185        } else {
186            print "copy $fname -> $hash\n" if $verbose;
187                        if (open($in, "<", $fname)) {
188                            if (open($out,">", $hash)) {
189                                print $out $_ while (<$in>);
190                                close $out;
191                            } else {
192                                warn "can't open $hash for write, $!";
193                            }
194                            close $in;
195                        } else {
196                            warn "can't open $fname for read, $!";
197                        }
198        }
199        $hashlist{$hash} = $fprint;
200}
201
202# Same as above except for a CRL. CRL links are of the form <hash>.r<n>
203
204sub link_hash_crl {
205        my $fname = $_[0];
206        $fname =~ s/'/'\\''/g;
207        my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
208        chomp $hash;
209        chomp $fprint;
210        $fprint =~ s/^.*=//;
211        $fprint =~ tr/://d;
212        my $suffix = 0;
213        # Search for an unused hash filename
214        while(exists $hashlist{"$hash.r$suffix"}) {
215            # Hash matches: if fingerprint matches its a duplicate cert
216            if ($hashlist{"$hash.r$suffix"} eq $fprint) {
217                print STDERR "WARNING: Skipping duplicate CRL $fname\n";
218                return;
219            }
220            $suffix++;
221        }
222        $hash .= ".r$suffix";
223        if ($symlink_exists) {
224            print "link $fname -> $hash\n" if $verbose;
225            symlink $fname, $hash || warn "Can't symlink, $!";
226        } else {
227            print "cp $fname -> $hash\n" if $verbose;
228            system ("cp", $fname, $hash);
229                        warn "Can't copy, $!" if ($? >> 8) != 0;
230        }
231        $hashlist{$hash} = $fprint;
232}
Note: See TracBrowser for help on using the browser.