diff options
| author | Aldrik Ramaekers <aldrikboy@gmail.com> | 2025-09-27 18:38:35 +0200 |
|---|---|---|
| committer | Aldrik Ramaekers <aldrikboy@gmail.com> | 2025-09-27 18:38:35 +0200 |
| commit | d8c4d84dc75300c6d4d8b0adceafa33741960b92 (patch) | |
| tree | 00e2dfcc5c836d62fccff76c862e6ec3b0a74db8 /libs/openssl-3.6.0-beta1/ssl/misc/CA.pl | |
| parent | fa088bb60692ba02d30d39affa9a31d9e2b688e2 (diff) | |
added http lib, working on AI invoice importing
Diffstat (limited to 'libs/openssl-3.6.0-beta1/ssl/misc/CA.pl')
| -rw-r--r-- | libs/openssl-3.6.0-beta1/ssl/misc/CA.pl | 383 |
1 files changed, 383 insertions, 0 deletions
diff --git a/libs/openssl-3.6.0-beta1/ssl/misc/CA.pl b/libs/openssl-3.6.0-beta1/ssl/misc/CA.pl new file mode 100644 index 0000000..941ac02 --- /dev/null +++ b/libs/openssl-3.6.0-beta1/ssl/misc/CA.pl @@ -0,0 +1,383 @@ +#!/usr/bin/env perl +# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +# +# Wrapper around the ca to make it easier to use +# +# WARNING: do not edit! +# Generated by makefile from ..\apps\CA.pl.in + +use strict; +use warnings; + +my $verbose = 1; +my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify"); + +my $openssl = $ENV{'OPENSSL'} // "openssl"; +$ENV{'OPENSSL'} = $openssl; +my @openssl = split_val($openssl); + +my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // ""; +my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG); + +# Command invocations. +my @REQ = (@openssl, "req", @OPENSSL_CONFIG); +my @CA = (@openssl, "ca", @OPENSSL_CONFIG); +my @VERIFY = (@openssl, "verify"); +my @X509 = (@openssl, "x509"); +my @PKCS12 = (@openssl, "pkcs12"); + +# Default values for various configuration settings. +my $CATOP = "./demoCA"; +my $CAKEY = "cakey.pem"; +my $CAREQ = "careq.pem"; +my $CACERT = "cacert.pem"; +my $CACRL = "crl.pem"; +my @DAYS = qw(-days 365); +my @CADAYS = qw(-days 1095); # 3 years +my @EXTENSIONS = qw(-extensions v3_ca); +my @POLICY = qw(-policy policy_anything); +my $NEWKEY = "newkey.pem"; +my $NEWREQ = "newreq.pem"; +my $NEWCERT = "newcert.pem"; +my $NEWP12 = "newcert.p12"; + +# Commandline parsing +my %EXTRA; +my $WHAT = shift @ARGV // ""; +@ARGV = parse_extra(@ARGV); +my $RET = 0; + +sub split_val { + return split_val_win32(@_) if ($^O eq 'MSWin32'); + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Unix shell-compatible split + # + # Handles backslash escapes outside quotes and + # in double-quoted strings. Parameter and + # command-substitution is silently ignored. + # Bare newlines outside quotes and (trailing) backslashes are disallowed. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. Possible matches are: + # 1. Ordinary string fragment + # 2. Single-quoted string + # 3. Double-quoted string + # 4. Backslash escape + # 5. Bare backlash or newline (rejected) + # + if ($val =~ m{\G([^'" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G'([^']*)'}ogc) { + # Single-quoted string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + last if ($val =~ m{\G"}ogc); + if ($val =~ m{\G([^"\\]+)}ogcs) { + # literals + push @frag, $1; + } elsif ($val =~ m{\G.(["\`\$\\])}ogc) { + # backslash-escaped special + push @frag, $1; + } elsif ($val =~ m{\G.(.)}ogcs) { + # backslashed non-special + push @frag, "\\$1" unless $1 eq "\n"; + } else { + die sprintf("Malformed quoted string: %s\n", $val); + } + } + } elsif ($val =~ m{\G\\(.)}ogc) { + # Backslash is unconditional escape outside quoted strings + push @frag, $1 unless $1 eq "\n"; + } else { + die sprintf("Bare backslash or newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag > 0); + return @ret; +} + +sub split_val_win32 { + my ($val) = @_; + my (@ret, @frag); + + # Skip leading whitespace + $val =~ m{\A[ \t]*}ogc; + + # Windows-compatible split + # See: "Parsing C++ command-line arguments" in: + # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170 + # + # Backslashes are special only when followed by a double-quote + # Pairs of double-quotes make a single double-quote. + # Closing double-quotes may be omitted. + + while (1) { + last if (pos($val) == length($val)); + + # The first char is never a SPACE or TAB. + # 1. Ordinary string fragment + # 2. Double-quoted string + # 3. Backslashes preceding a double-quote + # 4. Literal backslashes + # 5. Bare newline (rejected) + # + if ($val =~ m{\G([^" \t\n\\]+)}ogc) { + # Ordinary string + push @frag, $1; + } elsif ($val =~ m{\G"}ogc) { + # Double-quoted string + push @frag, ""; + while (1) { + if ($val =~ m{\G("+)}ogc) { + # Two double-quotes make one literal double-quote + my $l = length($1); + push @frag, q{"} x int($l/2) if ($l > 1); + next if ($l % 2 == 0); + last; + } + if ($val =~ m{\G([^"\\]+)}ogc) { + push @frag, $1; + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + # Backslashes before a double-quote are escapes + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + # Tolerate missing closing double-quote + last; + } + } + } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) { + my $l = length($1); + push @frag, q{\\} x int($l / 2); + if ($l % 2 == 1) { + ++pos($val); + push @frag, q{"}; + } + } elsif ($val =~ m{\G([\\]+)}ogc) { + # Backslashes not before a double-quote are not special + push @frag, $1; + } else { + die sprintf("Bare newline in: '%s'\n", $val); + } + # Done if at SPACE, TAB or end, otherwise continue current fragment + # + next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs); + push @ret, join("", splice(@frag)) if (@frag > 0); + } + # Handle final fragment + push @ret, join("", splice(@frag)) if (@frag); + return @ret; +} + +# Split out "-extra-CMD value", and return new |@ARGV|. Fill in +# |EXTRA{CMD}| with list of values. +sub parse_extra +{ + my @args; + foreach ( @OPENSSL_CMDS ) { + $EXTRA{$_} = []; + } + while (@_) { + my $arg = shift(@_); + if ( $arg !~ m{^-extra-(\w+)$} ) { + push @args, split_val($arg); + next; + } + $arg = $1; + die "Unknown \"-extra-${arg}\" option, exiting\n" + unless grep { $arg eq $_ } @OPENSSL_CMDS; + die "Missing \"-extra-${arg}\" option value, exiting\n" + unless (@_ > 0); + push @{$EXTRA{$arg}}, split_val(shift(@_)); + } + return @args; +} + + +# See if reason for a CRL entry is valid; exit if not. +sub crl_reason_ok +{ + my $r = shift; + + if ($r eq 'unspecified' || $r eq 'keyCompromise' + || $r eq 'CACompromise' || $r eq 'affiliationChanged' + || $r eq 'superseded' || $r eq 'cessationOfOperation' + || $r eq 'certificateHold' || $r eq 'removeFromCRL') { + return 1; + } + print STDERR "Invalid CRL reason; must be one of:\n"; + print STDERR " unspecified, keyCompromise, CACompromise,\n"; + print STDERR " affiliationChanged, superseded, cessationOfOperation\n"; + print STDERR " certificateHold, removeFromCRL"; + exit 1; +} + +# Copy a PEM-format file; return like exit status (zero means ok) +sub copy_pemfile +{ + my ($infile, $outfile, $bound) = @_; + my $found = 0; + + open IN, $infile || die "Cannot open $infile, $!"; + open OUT, ">$outfile" || die "Cannot write to $outfile, $!"; + while (<IN>) { + $found = 1 if /^-----BEGIN.*$bound/; + print OUT $_ if $found; + $found = 2, last if /^-----END.*$bound/; + } + close IN; + close OUT; + return $found == 2 ? 0 : 1; +} + +# Wrapper around system; useful for debugging. Returns just the exit status +sub run +{ + my ($cmd, @args) = @_; + print "====\n$cmd @args\n" if $verbose; + my $status = system {$cmd} $cmd, @args; + print "==> $status\n====\n" if $verbose; + return $status >> 8; +} + + +if ( $WHAT =~ /^(-\?|-h|-help)$/ ) { + print STDERR <<EOF; +Usage: + CA.pl -newcert | -newreq | -newreq-nodes | -xsign | -sign | -signCA | -signcert | -crl | -newca [-extra-cmd parameter] + CA.pl -pkcs12 [certname] + CA.pl -verify certfile ... + CA.pl -revoke certfile [reason] +EOF + exit 0; +} + +if ($WHAT eq '-newcert' ) { + # create a certificate + $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}}); + print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-precert' ) { + # create a pre-certificate + $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}}); + print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) { + # create a certificate request + $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}}); + print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0; +} elsif ($WHAT eq '-newca' ) { + # create the directory hierarchy + my @dirs = ( "${CATOP}", "${CATOP}/certs", "${CATOP}/crl", + "${CATOP}/newcerts", "${CATOP}/private" ); + die "${CATOP}/index.txt exists.\nRemove old sub-tree to proceed," + if -f "${CATOP}/index.txt"; + die "${CATOP}/serial exists.\nRemove old sub-tree to proceed," + if -f "${CATOP}/serial"; + foreach my $d ( @dirs ) { + if ( -d $d ) { + warn "Directory $d exists" if -d $d; + } else { + mkdir $d or die "Can't mkdir $d, $!"; + } + } + + open OUT, ">${CATOP}/index.txt"; + close OUT; + open OUT, ">${CATOP}/crlnumber"; + print OUT "01\n"; + close OUT; + # ask user for existing CA certificate + print "CA certificate filename (or enter to create)\n"; + my $FILE; + $FILE = "" unless defined($FILE = <STDIN>); + $FILE =~ s{\R$}{}; + if ($FILE ne "") { + copy_pemfile($FILE,"${CATOP}/private/$CAKEY", "PRIVATE"); + copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE"); + } else { + print "Making CA certificate ...\n"; + $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY", + "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}}); + $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS, + qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign", + @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}}) + if $RET == 0; + print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0; + } +} elsif ($WHAT eq '-pkcs12' ) { + my $cname = $ARGV[0]; + $cname = "My Certificate" unless defined $cname; + $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY, + "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12, + qw(-export -name), $cname, @{$EXTRA{pkcs12}}); + print "PKCS#12 file is in $NEWP12\n" if $RET == 0; +} elsif ($WHAT eq '-xsign' ) { + $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}}); +} elsif ($WHAT eq '-sign' ) { + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signCA' ) { + $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS, + "-infiles", $NEWREQ, @{$EXTRA{ca}}); + print "Signed CA certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-signcert' ) { + $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ, + qw(-out tmp.pem), @{$EXTRA{x509}}); + $RET = run(@CA, @POLICY, "-out", $NEWCERT, + qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0; + print "Signed certificate is in $NEWCERT\n" if $RET == 0; +} elsif ($WHAT eq '-verify' ) { + my @files = @ARGV ? @ARGV : ( $NEWCERT ); + foreach my $file (@files) { + my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}}); + $RET = $status if $status != 0; + } +} elsif ($WHAT eq '-crl' ) { + $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}}); + print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0; +} elsif ($WHAT eq '-revoke' ) { + my $cname = $ARGV[0]; + if (!defined $cname) { + print "Certificate filename is required; reason optional.\n"; + exit 1; + } + my @reason; + @reason = ("-crl_reason", $ARGV[1]) + if defined $ARGV[1] && crl_reason_ok($ARGV[1]); + $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}}); +} else { + print STDERR "Unknown arg \"$WHAT\"\n"; + print STDERR "Use -help for help.\n"; + exit 1; +} + +exit $RET; |