pk/zeek
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zeek/auxil/zeek-aux/devel-tools/gen-mozilla-ca-list.rb
Patrick Kelley 8fd444092b initial
2025-05-07 15:35:15 -04:00

85 lines
2.3 KiB
Ruby
Executable File
Raw Permalink Blame History

#!/usr/bin/env ruby
tmpcert = "/tmp/tmpcert.der"
incert=false
intrust=false
if ARGV.length != 1
abort "\nPass path to the certdata.txt you want to add as first input argument to this script\n\n"+
"certdata.txt can be retrieved from the newest NSS release."
end
url = 'http://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1'
io = open(ARGV[0]);
puts "# Don't edit! This file is automatically generated."
puts "# Generated at: #{Time.now}"
puts "# Generated from: #{url}"
puts "#"
puts "# The original source file comes with this licensing statement:"
puts "#"
puts "# This Source Code Form is subject to the terms of the Mozilla Public"
puts "# License, v. 2.0. If a copy of the MPL was not distributed with this"
puts "# file, You can obtain one at http://mozilla.org/MPL/2.0/."
puts ""
puts "@load base/protocols/ssl"
puts "module SSL;";
puts "";
puts "## @docs-omit-value"
puts "redef root_certs += {";
all_certs = []
all_subjects = []
cert_name = ""
cert = ""
io.each do |line|
line.chomp!
if intrust
if line =~ /^CKA_TRUST_SERVER_AUTH/
if line =~ /CKT_NSS_TRUSTED_DELEGATOR/
File.open(tmpcert, "wb") do |f|
byteArray = cert.split("\\x")
max = byteArray.length() - 1
byteArray[1..max].each do | byte |
f.print byte.hex.chr
end
end
cert_subj = `openssl x509 -in #{tmpcert} -inform DER -noout -subject -nameopt RFC2253`
cert_subj["subject="]= ""
cert_subj.chomp!
File.delete(tmpcert)
if not all_subjects.include?(cert_subj)
puts " [\"#{cert_subj}\"] = \"#{cert}\","
all_subjects << cert_subj
end
end
intrust=false
end
else
if line =~ /^CKA_LABEL/
cert_name = line.sub(/.*\"(.*)\".*/, "\\1")
i = 0
while all_certs.include?(cert_name)
i+=1
cert_name += " #{i}"
end
all_certs << cert_name
elsif line =~ /^CKA_VALUE MULTILINE_OCTAL/
incert=true
cert=""
elsif line =~ /^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/
intrust=true
elsif line =~ /^END/
incert=false
elsif incert
cert += line.split(/\\/).collect { |x| x.oct.chr.unpack("H2")[0].upcase if x!="" }.join("\\x")
end
end
end
puts "};"
Reference in New Issue View Git Blame Copy Permalink