6
6
# * | (__| |_| | _ <| |___
7
7
# * \___|\___/|_| \_\_____|
9
# * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
9
# * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
11
11
# * This software is licensed as described in the file COPYING, which
12
12
# * you should have received as part of this distribution. The terms
35
35
use LWP::UserAgent;
37
use vars qw($opt_b $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
37
use vars qw($opt_b $opt_f $opt_h $opt_i $opt_l $opt_n $opt_q $opt_t $opt_u $opt_v);
39
39
my $url = 'http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1';
40
40
# If the OpenSSL commandline is not in search path you can configure it here!
41
41
my $openssl = 'openssl';
45
getopts('bfhilnqtuv');
48
48
print ("=" x 78 . "\n");
59
59
$0 =~ s@.*(/|\\)@@;
61
printf("Usage:\t%s [-b] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [<outputfile>]\n", $0);
61
printf("Usage:\t%s [-b] [-f] [-i] [-l] [-n] [-q] [-t] [-u] [-v] [<outputfile>]\n", $0);
62
62
print "\t-b\tbackup an existing version of ca-bundle.crt\n";
63
print "\t-f\tforce rebuild even if certdata.txt is current\n";
63
64
print "\t-i\tprint version info about used modules\n";
64
65
print "\t-l\tprint license info about certdata.txt\n";
65
66
print "\t-n\tno download of certdata.txt (to use existing)\n";
73
74
my $crt = $ARGV[0] || 'ca-bundle.crt';
74
75
(my $txt = $url) =~ s@(.*/|\?.*)@@g;
77
my $stdout = $crt eq '-';
78
81
unless ($opt_n and -e $txt) {
79
print "Downloading '$txt' ...\n" if (!$opt_q);
82
print STDERR "Downloading '$txt' ...\n" if (!$opt_q);
80
83
my $ua = new LWP::UserAgent(agent => "$0/$version");
82
85
$resp = $ua->mirror($url, $txt);
83
86
if ($resp && $resp->code eq '304') {
84
print "Not modified\n" unless $opt_q;
89
my $currentdate = scalar gmtime($resp ? $resp->last_modified : (stat($txt))[9]);
91
if ($opt_b && -e $crt) {
93
while (-e "$crt.~${bk}~") {
96
rename $crt, "$crt.~${bk}~";
87
print STDERR "Not modified\n" unless $opt_q;
88
exit 0 if -e $crt && !$opt_f;
92
if( !$resp || $resp->code !~ /^(?:200|304)$/ ) {
93
print STDERR "Unable to download latest data: "
94
. ($resp? $resp->code . ' - ' . $resp->message : "LWP failed") . "\n"
96
exit 1 if -e $crt || ! -r $txt;
100
my $currentdate = scalar gmtime($fetched ? $resp->last_modified : (stat($txt))[9]);
99
102
my $format = $opt_t ? "plain text and " : "";
100
open(CRT,">$crt") or die "Couldn't open $crt: $!";
104
open(CRT, '> -') or die "Couldn't open STDOUT: $!\n";
106
open(CRT,">$crt.~") or die "Couldn't open $crt.~: $!\n";
103
110
## $crt -- Bundle of CA Root Certificates
120
close(CRT) or die "Couldn't close $crt: $!";
122
print "Processing '$txt' ...\n" if (!$opt_q);
127
print STDERR "Processing '$txt' ...\n" if (!$opt_q);
126
131
my $start_of_cert = 0;
128
open(TXT,"$txt") or die "Couldn't open $txt: $!";
133
open(TXT,"$txt") or die "Couldn't open $txt: $!\n";
130
135
if (/\*\*\*\*\* BEGIN LICENSE BLOCK \*\*\*\*\*/) {
131
open(CRT, ">>$crt") or die "Couldn't open $crt: $!";
133
137
print if ($opt_l);
136
140
print if ($opt_l);
137
141
last if (/\*\*\*\*\* END LICENSE BLOCK \*\*\*\*\*/);
139
close(CRT) or die "Couldn't close $crt: $!";
141
144
next if /^#|^\s*$/;
143
146
if (/^CVS_ID\s+\"(.*)\"/) {
144
open(CRT, ">>$crt") or die "Couldn't open $crt: $!";
145
147
print CRT "# $1\n";
146
close(CRT) or die "Couldn't close $crt: $!";
149
150
# this is a match for the start of a certificate
184
185
my $pem = "-----BEGIN CERTIFICATE-----\n"
185
186
. MIME::Base64::encode($data)
186
187
. "-----END CERTIFICATE-----\n";
187
open(CRT, ">>$crt") or die "Couldn't open $crt: $!";
188
188
print CRT "\n$caname\n";
189
189
print CRT ("=" x length($caname) . "\n");
193
close(CRT) or die "Couldn't close $crt: $!";
195
open(TMP, "|$openssl x509 -md5 -fingerprint -text -inform PEM >> $crt") or die "Couldn't open openssl pipe: $!";
194
open(TMP, "|$openssl x509 -md5 -fingerprint -text -inform PEM >> $crt") or die "Couldn't open openssl pipe: $!\n";
197
close(TMP) or die "Couldn't close openssl pipe: $!";
196
close(TMP) or die "Couldn't close openssl pipe: $!\n";
199
print "Parsing: $caname\n" if ($opt_v);
198
print STDERR "Parsing: $caname\n" if ($opt_v);
201
200
$start_of_cert = 0;
205
close(TXT) or die "Couldn't close $txt: $!";
204
close(TXT) or die "Couldn't close $txt: $!\n";
205
close(CRT) or die "Couldn't close $crt.~: $!\n";
207
if ($opt_b && -e $crt) {
209
while (-e "$crt.~${bk}~") {
212
rename $crt, "$crt.~${bk}~" or die "Failed to create backup $crt.~$bk}~: $!\n";
214
unlink( $crt ) or die "Failed to remove $crt: $!\n";
216
rename "$crt.~", $crt or die "Failed to rename $crt.~ to $crt: $!\n";
206
218
unlink $txt if ($opt_u);
207
print "Done ($certnum CA certs processed, $skipnum untrusted skipped).\n" if (!$opt_q);
219
print STDERR "Done ($certnum CA certs processed, $skipnum untrusted skipped).\n" if (!$opt_q);