rpms / gcc

Clone
Source Code
GIT

Files

eln f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 gcc13-test main private-aoliva-gcc-4_1_1-13-branch private-aoliva-gcc-4_1_1-17-branch private-f38-toolchain private-powerpc-ada-branch private-siddhesh-bdostest rawhide rhel-f29-base rhel-f35-base
  1.   f11
  2.   generate-cacerts.pl
Blob Blame History Raw 
#!/usr/bin/perl

# Copyright (C) 2007 Red Hat, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# generate-cacerts.pl generates a gkeytool keystore named 'cacerts'
# from OpenSSL's certificate bundle.

# First extract each of OpenSSL's bundled certificates into its own
# aliased filename.
$file = "/etc/pki/tls/cert.pem";
open(CERTS, $file);
@certs = <CERTS>;
close(CERTS);

$pem_file_number = 0;
$writing_cert = 0;
foreach $cert (@certs)
{
	 if ($cert eq "-----BEGIN CERTIFICATE-----\n")
	 {
		  if ($writing_cert != 0)
		  {
				die "$file is malformed.";
		  }
		  $pem_file_number++;
		  # Numbering each file guarantees that cert aliases will be
		  # unique.
		  $pem_file_name = "$pem_file_number$cert_alias.pem";
		  $writing_cert = 1;
		  open(PEM, ">$pem_file_name");
		  print PEM $cert;
	 }
	 elsif ($cert eq "-----END CERTIFICATE-----\n")
	 {
		  $writing_cert = 0;
		  print PEM $cert;
		  close(PEM);
	 }
	 elsif ($cert =~ /Issuer: /)
	 {
		  # Generate an alias using the OU and CN attributes of the
		  # Issuer field if both are present, otherwise use only the CN
		  # attribute.  The Issuer field must have either the OU or the
		  # CN attribute.
		  $_ = $cert;
		  if ($cert =~ /OU=/)
		  {
				s/Issuer:.*?OU=//;
				# Remove other occurrences of OU=.
				s/OU=.*CN=//;
				# Remove CN= if there were not other occurrences of OU=.
				s/CN=//;
		  }
		  elsif ($cert =~ /CN=/)
		  {
				s/Issuer:.*CN=//;
		  }
		  s/\W//g;
		  tr/A-Z/a-z/;
		  $cert_alias = $_
	 }
	 else
	 {
		  if ($writing_cert == 1)
		  {
				print PEM $cert;
		  }
	 }
}

# Check that the correct number of .pem files were produced.
@pem_files = <*.pem>;
if (@pem_files != $pem_file_number)
{
	 die "Number of .pem files produced does not match".
		  " number of certs read from $file.";
}

# Now store each cert in the 'cacerts' file using gkeytool.
$certs_written_count = 0;
foreach $pem_file (@pem_files)
{
	 system "yes | gkeytool -import -alias `basename $pem_file .pem`".
		  " -keystore cacerts -storepass '' -file $pem_file".
		  " 2>&1 >/dev/null";
	 unlink($pem_file);
	 $certs_written_count++;
}

# Check that the correct number of certs were added to the keystore.
if ($certs_written_count != $pem_file_number)
{
	 die "Number of certs added to keystore does not match".
		  " number of certs read from $file.";
}
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.