(91) 350-9520 support@omarine.org M-F: 7 AM - 7 PM; Weekends: 9 AM - 5 PM

Makeca và Mkcert

Makeca là một chương trình bộ phận của hệ thống Omarine, dùng để tạo các chứng chỉ CA-Certificates. Makeca tham gia cộng đồng bằng sáng chế OIN năm 2015 như một Licensee độc lập với Omarine. Bên trong, Makeca sử dụng Mkcert để tạo chứng chỉ trực tiếp.

Dưới đây là mã nguồn của chương trình Mkcert

#!/usr/bin/awk -f
# This is a tool to generate PEM encoded files from Mozilla certdata.txt.
# Usage: mkcert certdata.txt
#        mkcert certdata.txt certdata2.txt ...
#        mkcert <path/to/some/directory/certdata.txt> ...
#
# Mozilla source
# https://hg.mozilla.org/releases/mozilla-release/file/default/security/\
# nss/lib/ckfw/builtins/certdata.txt
#
# Author: Pham Thanh Tuyen <phamtyn@gmail.com>
#
# March 2015

function echo_color(msg, color, col) {
     system("\
     echo -en \\\\033["col"G; \
     ! test \""msg"\"&& echo -n \"[\"; \
     echo -en \"\\033[1;"color"m\"; \
     ! test \""msg"\"&& echo -n $\" OK \"; \
     test \""msg"\"&& echo -n \""msg"\"; \
     echo -en \"\\033[0;39m\"; \
     ! test \""msg"\"&& echo -n \"]\"; \
     echo -ne \"\r\"; \
     ")
}
BEGIN {
      argok=0
      if(ARGC<2)
      {
          argok=2
          exit 1
      }
      if (getline argtest<ARGV[1] == -1)
      {
          argok=3
          exit 1
      }
      startblock=0
      system("mkdir -p certs")
      print "Making CA-Certificates...\n"
}
/^\s*[0-9]*\s*#\s*Certificate/, /^\s*[0-9]*\s*CKA_TRUST_STEP_UP_APPROVED/ {
     if( length($0) == 0 )
         next
     if(match($0, "^[[:blank:]]*[0-9]*[[:blank:]]*CKA_VALUE MULTILINE_OCTAL$"))
     {
         startblock=1
         next
     }
     if(match($0, "^[[:blank:]]*[0-9]*[[:blank:]]*END$") && startblock)
     {
         startblock=0
         close("tempfile.der")
         "openssl x509 -noout -inform DER -in tempfile.der -subject_hash" | getline subject
         close("openssl x509 -noout -inform DER -in tempfile.der -subject_hash")
         system("openssl x509 -text -inform DER -in tempfile.der -fingerprint >certs/"subject".pem")
         system("sleep 0.001")
         system("rm -f tempfile.der")
         printf "%s", "Creating "subject".pem: "
         next
     }
     if( startblock )
     {
         $0=$NF
         fs=FS
         FS="\\"
         $0=$0
         for(i=1;i<=NF;i++)
         {
             if($i != "")
             {
                 oct=strtonum("0"$i)
                 printf "%c", oct >"tempfile.der"
             }
         }
         FS=fs
     }
     if(match($0, "^[[:blank:]]*[0-9]*[[:blank:]]*CKA_TRUST_SERVER_AUTH"))
     { 
         if(match($NF, "NOT_TRUSTED$"))
         {
             system("rm -f certs/"subject".pem")
             echo_color("this certificate is unusable -> removed.",31,25)
             print ""
         }
         else
         {
             echo_color("",32,25)
             print ""
             argok=1
         }
     }
}
END  {
     switch(argok){
     case 1: 
             print "."
             break
     case 0:
             echo_color("mkcert:",37,0)
             echo_color("error reading '"ARGV[1]"' or no certificate available",31,10)
             print ""
             system("rm -rf certs")
             exit 1
     case 2:
             echo_color("mkcert:",37,0)
             echo_color("no data file, it is usually certdata.txt",31,10)
             print ""
             break
     case 3:
             echo_color("mkcert:",37,0)
             echo_color("cannot open file '"ARGV[1]"' for reading (No such file)",31,10)
             print ""
             break 
     }
}
Advertisements

Gửi phản hồi

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: