diff options
Diffstat (limited to 'debian/generate-cacerts.pl.in')
-rw-r--r-- | debian/generate-cacerts.pl.in | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/debian/generate-cacerts.pl.in b/debian/generate-cacerts.pl.in deleted file mode 100644 index b90f6ef..0000000 --- a/debian/generate-cacerts.pl.in +++ /dev/null @@ -1,106 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) 2007, 2009 Free Software Foundation -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# generate-cacerts.pl generates a gkeytool keystore named 'cacerts' -# from OpenSSL's certificate bundle. - -# First extract each of OpenSSL's bundled certificates into its own -# aliased filename. -chomp($file=@ARGV[0]); -$file = "/etc/pki/tls/cert.pem" unless $file ne ""; -open(CERTS, $file); -@certs = <CERTS>; -close(CERTS); - -$pem_file_number = 0; -$writing_cert = 0; -foreach $cert (@certs) -{ - if ($cert eq "-----BEGIN CERTIFICATE-----\n") - { - if ($writing_cert != 0) - { - die "$file is malformed."; - } - $pem_file_number++; - # Numbering each file guarantees that cert aliases will be - # unique. - $pem_file_name = "$pem_file_number$cert_alias.pem"; - $writing_cert = 1; - open(PEM, ">$pem_file_name"); - print PEM $cert; - } - elsif ($cert eq "-----END CERTIFICATE-----\n") - { - $writing_cert = 0; - print PEM $cert; - close(PEM); - } - elsif ($cert =~ /Issuer: /) - { - # Generate an alias using the OU and CN attributes of the - # Issuer field if both are present, otherwise use only the CN - # attribute. The Issuer field must have either the OU or the - # CN attribute. - $_ = $cert; - if ($cert =~ /OU=/) - { - s/Issuer:.*?OU=//; - # Remove other occurrences of OU=. - s/OU=.*CN=//; - # Remove CN= if there were not other occurrences of OU=. - s/CN=//; - } - elsif ($cert =~ /CN=/) - { - s/Issuer:.*CN=//; - } - s/\W//g; - tr/A-Z/a-z/; - $cert_alias = $_ - } - else - { - if ($writing_cert == 1) - { - print PEM $cert; - } - } -} - -# Check that the correct number of .pem files were produced. -@pem_files = <*.pem>; -if (@pem_files != $pem_file_number) -{ - die "Number of .pem files produced does not match". - " number of certs read from $file."; -} - -# Now store each cert in the 'cacerts' file using gkeytool. -$certs_written_count = 0; -foreach $pem_file (@pem_files) -{ - system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`". - " -keystore cacerts -storepass '' -file $pem_file". - " 2>&1 >/dev/null"; - unlink($pem_file); - $certs_written_count++; -} - -# Check that the correct number of certs were added to the keystore. -if ($certs_written_count != $pem_file_number) -{ - die "Number of certs added to keystore does not match". - " number of certs read from $file."; -} |