search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
8726 loader.efi: Always set the receive mask in loader.efi
[unleashed.git] / lib / libcrypto / format-pem.pl
blob556178eb30ff006328f05b86f37251b5ec76eec8
1 #!/usr/bin/perl
2 # $OpenBSD: format-pem.pl,v 1.2 2018/03/21 15:23:53 sthen Exp $
3 #
4 # Copyright (c) 2016 Stuart Henderson <sthen@openbsd.org>
5 #
6 # Permission to use, copy, modify, and distribute this software for any
7 # purpose with or without fee is hereby granted, provided that the above
8 # copyright notice and this permission notice appear in all copies.
9 #
10 # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
18 use strict;
19 use warnings;
20
21 use File::Temp qw/ :seekable /;
22 if (! eval {require Date::Parse;1;}) {
23 print STDERR "Date::Parse not available - install p5-Time-TimeDate to check cert dates.\n";
24 } else {
25 use Date::Parse;
26 }
27
28 my $tmp = File::Temp->new(TEMPLATE => '/tmp/splitcert.XXXXXXXX');
29 my $t = $tmp->filename;
30
31 my $certs = 0;
32 my $incert = 0;
33 my %ca;
34 my $rcsid = '# $'.'OpenBSD$';
35
36 while(<>) {
37 $rcsid = $_ if ($_ =~ m/^# \$[O]penBSD/);
38 $incert++ if ($_ =~ m/^-----BEGIN CERTIFICATE-----/);
39 print $tmp $_ if ($incert);
40
41 if ($_ =~ m/^-----END CERTIFICATE-----/) {
42 $certs++;
43
44 my $issuer = `openssl x509 -in $t -noout -issuer`;
45 $issuer =~ s/^issuer= (.*)\n/$1/;
46 my $subj = `openssl x509 -in $t -noout -subject`;
47 $subj =~ s/^subject= (.*)\n/$1/;
48
49 print STDERR "'$subj' not self-signed"
50 if ($issuer ne $subj);
51
52 my $o = `openssl x509 -in $t -noout -nameopt sep_multiline,use_quote,esc_msb -subject`;
53 if ($o =~ /O=/) {
54 $o =~ s/.*O=([^\n]*).*/$1/sm;
55 } else {
56 $o = $subj;
57 }
58
59 if (eval {require Date::Parse;1;}) {
60 my $startdate = `openssl x509 -in $t -startdate -noout`;
61 my $enddate = `openssl x509 -in $t -enddate -noout`;
62 $startdate =~ s/notBefore=(.*)\n/$1/;
63 $enddate =~ s/notAfter=(.*)\n/$1/;
64 my $starttime = str2time($startdate);
65 my $endtime = str2time($enddate);
66
67 if ($starttime > time) {
68 print STDERR "'$subj' not valid yet\n"
69 }
70 if ($endtime < time) {
71 print STDERR "'$subj' expired on $startdate\n"
72 } elsif ($endtime < time + 86400 * 365 * 2) {
73 print STDERR "'$subj' expires on $enddate\n"
74 }
75 }
76
77 my $info = qx/openssl x509 -in $t -text -fingerprint -sha1 -certopt no_pubkey,no_sigdump,no_issuer -noout/;
78 $info .= qx/openssl x509 -in $t -fingerprint -sha256 -noout/;
79 my $cert = qx/openssl x509 -in $t/;
80
81 if (defined $ca{$o}{$subj}) {
82 print STDERR "'$subj': duplicate\n";
83 }
84
85 $ca{$o}{$subj}{'subj'} = $subj;
86 $ca{$o}{$subj}{'info'} = $info;
87 $ca{$o}{$subj}{'cert'} = $cert;
88
89 $tmp->seek(0, SEEK_SET);
90 $incert = 0;
91 }
92 }
93
94 close $tmp;
95 print $rcsid;
96 foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) {
97 print "\n### $o\n\n";
98 foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) {
99 print "=== $subj\n";
100 print $ca{$o}{$subj}{'info'};
101 print $ca{$o}{$subj}{'cert'};
102 }
103 }
104
105 # print a visual summary at the end
106 foreach my $o (sort{lc($a) cmp lc($b)} keys %ca) {
107 print STDERR "\n$o\n";
108 foreach my $subj (sort{lc($a) cmp lc($b)} keys %{ $ca{$o} }) {
109 print STDERR " $subj\n";
110 }
111 }
Unleashed OS