diff options
Diffstat (limited to 'dev-java')
-rw-r--r-- | dev-java/openjdk/files/generate-cacerts.pl | 358 |
1 files changed, 0 insertions, 358 deletions
diff --git a/dev-java/openjdk/files/generate-cacerts.pl b/dev-java/openjdk/files/generate-cacerts.pl deleted file mode 100644 index 17d29b36676d..000000000000 --- a/dev-java/openjdk/files/generate-cacerts.pl +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/perl - -# Copyright (C) 2007, 2008 Red Hat, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. - -# generate-cacerts.pl generates a JKS keystore named 'cacerts' from -# OpenSSL's certificate bundle using OpenJDK's keytool. - -# First extract each of OpenSSL's bundled certificates into its own -# aliased filename. - -# Downloaded from http://cvs.fedoraproject.org/viewvc/rpms/ca-certificates/F-12/generate-cacerts.pl?revision=1.2 -# Check and prevention of duplicate aliases added by Vlastimil Babka <caster@gentoo.org> - -$file = $ARGV[1]; -open(CERTS, $file); -@certs = <CERTS>; -close(CERTS); - -$pem_file_count = 0; -$in_cert_block = 0; -$write_current_cert = 1; -foreach $cert (@certs) -{ - if ($cert =~ /Issuer: /) - { - $_ = $cert; - if ($cert =~ /personal-freemail/) - { - $cert_alias = "thawtepersonalfreemailca"; - } - elsif ($cert =~ /personal-basic/) - { - $cert_alias = "thawtepersonalbasicca"; - } - elsif ($cert =~ /personal-premium/) - { - $cert_alias = "thawtepersonalpremiumca"; - } - elsif ($cert =~ /server-certs/) - { - $cert_alias = "thawteserverca"; - } - elsif ($cert =~ /premium-server/) - { - $cert_alias = "thawtepremiumserverca"; - } - elsif ($cert =~ /Class 1 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass1ca"; - } - elsif ($cert =~ /Class 1 Public Primary Certification Authority - G2/) - { - $cert_alias = "verisignclass1g2ca"; - } - elsif ($cert =~ - /VeriSign Class 1 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass1g3ca"; - } - elsif ($cert =~ /Class 2 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass2ca"; - } - elsif ($cert =~ /Class 2 Public Primary Certification Authority - G2/) - { - $cert_alias = "verisignclass2g2ca"; - } - elsif ($cert =~ - /VeriSign Class 2 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass2g3ca"; - } - elsif ($cert =~ /Class 3 Public Primary Certification Authority$/) - { - $cert_alias = "verisignclass3ca"; - } - # Version 1 of Class 3 Public Primary Certification Authority - # - G2 is added. Version 3 is excluded. See below. - elsif ($cert =~ - /VeriSign Class 3 Public Primary Certification Authority - G3/) - { - $cert_alias = "verisignclass3g3ca"; - } - elsif ($cert =~ - /RSA Data Security.*Secure Server Certification Authority/) - { - $cert_alias = "verisignserverca"; - } - elsif ($cert =~ /GTE CyberTrust Global Root/) - { - $cert_alias = "gtecybertrustglobalca"; - } - elsif ($cert =~ /Baltimore CyberTrust Root/) - { - $cert_alias = "baltimorecybertrustca"; - } - elsif ($cert =~ /www.entrust.net\/Client_CA_Info\/CPS/) - { - $cert_alias = "entrustclientca"; - } - elsif ($cert =~ /www.entrust.net\/GCCA_CPS/) - { - $cert_alias = "entrustglobalclientca"; - } - elsif ($cert =~ /www.entrust.net\/CPS_2048/) - { - $cert_alias = "entrust2048ca"; - } - elsif ($cert =~ /www.entrust.net\/CPS /) - { - $cert_alias = "entrustsslca"; - } - elsif ($cert =~ /www.entrust.net\/SSL_CPS/) - { - $cert_alias = "entrustgsslca"; - } - elsif ($cert =~ /The Go Daddy Group/) - { - $cert_alias = "godaddyclass2ca"; - } - elsif ($cert =~ /Starfield Class 2 Certification Authority/) - { - $cert_alias = "starfieldclass2ca"; - } - elsif ($cert =~ /ValiCert Class 2 Policy Validation Authority/) - { - $cert_alias = "valicertclass2ca"; - } - elsif ($cert =~ /GeoTrust Global CA$/) - { - $cert_alias = "geotrustglobalca"; - } - elsif ($cert =~ /Equifax Secure Certificate Authority/) - { - $cert_alias = "equifaxsecureca"; - } - elsif ($cert =~ /Equifax Secure eBusiness CA-1/) - { - $cert_alias = "equifaxsecureebusinessca1"; - } - elsif ($cert =~ /Equifax Secure eBusiness CA-2/) - { - $cert_alias = "equifaxsecureebusinessca2"; - } - elsif ($cert =~ /Equifax Secure Global eBusiness CA-1/) - { - $cert_alias = "equifaxsecureglobalebusinessca1"; - } - elsif ($cert =~ /Sonera Class1 CA/) - { - $cert_alias = "soneraclass1ca"; - } - elsif ($cert =~ /Sonera Class2 CA/) - { - $cert_alias = "soneraclass2ca"; - } - elsif ($cert =~ /AAA Certificate Services/) - { - $cert_alias = "comodoaaaca"; - } - elsif ($cert =~ /AddTrust Class 1 CA Root/) - { - $cert_alias = "addtrustclass1ca"; - } - elsif ($cert =~ /AddTrust External CA Root/) - { - $cert_alias = "addtrustexternalca"; - } - elsif ($cert =~ /AddTrust Qualified CA Root/) - { - $cert_alias = "addtrustqualifiedca"; - } - elsif ($cert =~ /UTN-USERFirst-Hardware/) - { - $cert_alias = "utnuserfirsthardwareca"; - } - elsif ($cert =~ /UTN-USERFirst-Client Authentication and Email/) - { - $cert_alias = "utnuserfirstclientauthemailca"; - } - elsif ($cert =~ /UTN - DATACorp SGC/) - { - $cert_alias = "utndatacorpsgcca"; - } - elsif ($cert =~ /UTN-USERFirst-Object/) - { - $cert_alias = "utnuserfirstobjectca"; - } - elsif ($cert =~ /America Online Root Certification Authority 1/) - { - $cert_alias = "aolrootca1"; - } - elsif ($cert =~ /DigiCert Assured ID Root CA/) - { - $cert_alias = "digicertassuredidrootca"; - } - elsif ($cert =~ /DigiCert Global Root CA/) - { - $cert_alias = "digicertglobalrootca"; - } - elsif ($cert =~ /DigiCert High Assurance EV Root CA/) - { - $cert_alias = "digicerthighassuranceevrootca"; - } - elsif ($cert =~ /GlobalSign Root CA$/) - { - $cert_alias = "globalsignca"; - } - elsif ($cert =~ /GlobalSign Root CA - R2/) - { - $cert_alias = "globalsignr2ca"; - } - elsif ($cert =~ /Elektronik.*Kas.*2005/) - { - $cert_alias = "extra-elektronikkas2005"; - } - elsif ($cert =~ /Elektronik/) - { - $cert_alias = "extra-elektronik2005"; - } - # Mozilla does not provide these certificates: - # baltimorecodesigningca - # gtecybertrust5ca - # trustcenterclass2caii - # trustcenterclass4caii - # trustcenteruniversalcai - else - { - # Generate an alias using the OU and CN attributes of the - # Issuer field if both are present, otherwise use only the - # CN attribute. The Issuer field must have either the OU - # or the CN attribute. - $_ = $cert; - if ($cert =~ /OU=/) - { - s/Issuer:.*?OU=//; - # Remove other occurrences of OU=. - s/OU=.*CN=//; - # Remove CN= if there were not other occurrences of OU=. - s/CN=//; - s/\/emailAddress.*//; - s/Certificate Authority/ca/g; - s/Certification Authority/ca/g; - } - elsif ($cert =~ /CN=/) - { - s/Issuer:.*CN=//; - s/\/emailAddress.*//; - s/Certificate Authority/ca/g; - s/Certification Authority/ca/g; - } - s/\W//g; - tr/A-Z/a-z/; - $cert_alias = "extra-$_"; - - } - while (-e "$cert_alias.pem") - { - $cert_alias = "$cert_alias" . "_"; - } - } - # When it attempts to parse: - # - # Class 3 Public Primary Certification Authority - G2, Version 3 - # - # keytool says: - # - # #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false - # Unparseable AuthorityInfoAccess extension due to - # java.io.IOException: Invalid encoding of URI - # - # If we do not exclude this file - # openjdk/jdk/test/lib/security/cacerts/VerifyCACerts.java fails - # on this cert, printing: - # - # Couldn't verify: java.security.SignatureException: Signature - # does not match. - # - elsif ($cert =~ - /A6:0F:34:C8:62:6C:81:F6:8B:F7:7D:A9:F6:67:58:8A:90:3F:7D:36/) - { - $write_current_cert = 0; - $pem_file_count--; - } - elsif ($cert eq "-----BEGIN CERTIFICATE-----\n") - { - if ($in_cert_block != 0) - { - die "$file is malformed."; - } - $in_cert_block = 1; - if ($write_current_cert == 1) - { - $pem_file_count++; - if (-e "$cert_alias.pem") - { - print "$cert_alias"; - die "already exists" - } - open(PEM, ">$cert_alias.pem"); - print PEM $cert; - } - } - elsif ($cert eq "-----END CERTIFICATE-----\n") - { - $in_cert_block = 0; - if ($write_current_cert == 1) - { - print PEM $cert; - close(PEM); - } - $write_current_cert = 1 - } - else - { - if ($in_cert_block == 1 && $write_current_cert == 1) - { - print PEM $cert; - } - } -} - -# Check that the correct number of .pem files were produced. -@pem_files = <*.pem>; -if (@pem_files != $pem_file_count) -{ - print "$pem_file_count"; - die "Number of .pem files produced does not match". - " number of certs read from $file."; -} - -# Now store each cert in the 'cacerts' file using keytool. -$certs_written_count = 0; -foreach $pem_file (@pem_files) -{ - system "$ARGV[0] -noprompt -import". - " -alias `basename $pem_file .pem`". - " -keystore cacerts -storepass 'changeit' -file $pem_file"; - unlink($pem_file); - $certs_written_count++; -} - -# Check that the correct number of certs were added to the keystore. -if ($certs_written_count != $pem_file_count) -{ - die "Number of certs added to keystore does not match". - " number of certs read from $file."; -} |