1 |
commit: dc0e12c39497c9706b07a83b0751abede88d1bc5 |
2 |
Author: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun May 10 07:51:21 2020 +0000 |
4 |
Commit: Georgy Yakovlev <gyakovlev <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun May 10 07:51:21 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc0e12c3 |
7 |
|
8 |
dev-java/openjdk: remove unused generate-cacerts.pl |
9 |
|
10 |
we use system java store now |
11 |
|
12 |
Package-Manager: Portage-2.3.99, Repoman-2.3.22 |
13 |
Signed-off-by: Georgy Yakovlev <gyakovlev <AT> gentoo.org> |
14 |
|
15 |
dev-java/openjdk/files/generate-cacerts.pl | 358 ----------------------------- |
16 |
1 file changed, 358 deletions(-) |
17 |
|
18 |
diff --git a/dev-java/openjdk/files/generate-cacerts.pl b/dev-java/openjdk/files/generate-cacerts.pl |
19 |
deleted file mode 100644 |
20 |
index 17d29b36676..00000000000 |
21 |
--- a/dev-java/openjdk/files/generate-cacerts.pl |
22 |
+++ /dev/null |
23 |
@@ -1,358 +0,0 @@ |
24 |
-#!/usr/bin/perl |
25 |
- |
26 |
-# Copyright (C) 2007, 2008 Red Hat, Inc. |
27 |
-# |
28 |
-# This program is free software; you can redistribute it and/or modify |
29 |
-# it under the terms of the GNU General Public License as published by |
30 |
-# the Free Software Foundation; either version 2 of the License, or |
31 |
-# (at your option) any later version. |
32 |
-# |
33 |
-# This program is distributed in the hope that it will be useful, |
34 |
-# but WITHOUT ANY WARRANTY; without even the implied warranty of |
35 |
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
36 |
-# GNU General Public License for more details. |
37 |
- |
38 |
-# generate-cacerts.pl generates a JKS keystore named 'cacerts' from |
39 |
-# OpenSSL's certificate bundle using OpenJDK's keytool. |
40 |
- |
41 |
-# First extract each of OpenSSL's bundled certificates into its own |
42 |
-# aliased filename. |
43 |
- |
44 |
-# Downloaded from http://cvs.fedoraproject.org/viewvc/rpms/ca-certificates/F-12/generate-cacerts.pl?revision=1.2 |
45 |
-# Check and prevention of duplicate aliases added by Vlastimil Babka <caster@g.o> |
46 |
- |
47 |
-$file = $ARGV[1]; |
48 |
-open(CERTS, $file); |
49 |
-@certs = <CERTS>; |
50 |
-close(CERTS); |
51 |
- |
52 |
-$pem_file_count = 0; |
53 |
-$in_cert_block = 0; |
54 |
-$write_current_cert = 1; |
55 |
-foreach $cert (@certs) |
56 |
-{ |
57 |
- if ($cert =~ /Issuer: /) |
58 |
- { |
59 |
- $_ = $cert; |
60 |
- if ($cert =~ /personal-freemail/) |
61 |
- { |
62 |
- $cert_alias = "thawtepersonalfreemailca"; |
63 |
- } |
64 |
- elsif ($cert =~ /personal-basic/) |
65 |
- { |
66 |
- $cert_alias = "thawtepersonalbasicca"; |
67 |
- } |
68 |
- elsif ($cert =~ /personal-premium/) |
69 |
- { |
70 |
- $cert_alias = "thawtepersonalpremiumca"; |
71 |
- } |
72 |
- elsif ($cert =~ /server-certs/) |
73 |
- { |
74 |
- $cert_alias = "thawteserverca"; |
75 |
- } |
76 |
- elsif ($cert =~ /premium-server/) |
77 |
- { |
78 |
- $cert_alias = "thawtepremiumserverca"; |
79 |
- } |
80 |
- elsif ($cert =~ /Class 1 Public Primary Certification Authority$/) |
81 |
- { |
82 |
- $cert_alias = "verisignclass1ca"; |
83 |
- } |
84 |
- elsif ($cert =~ /Class 1 Public Primary Certification Authority - G2/) |
85 |
- { |
86 |
- $cert_alias = "verisignclass1g2ca"; |
87 |
- } |
88 |
- elsif ($cert =~ |
89 |
- /VeriSign Class 1 Public Primary Certification Authority - G3/) |
90 |
- { |
91 |
- $cert_alias = "verisignclass1g3ca"; |
92 |
- } |
93 |
- elsif ($cert =~ /Class 2 Public Primary Certification Authority$/) |
94 |
- { |
95 |
- $cert_alias = "verisignclass2ca"; |
96 |
- } |
97 |
- elsif ($cert =~ /Class 2 Public Primary Certification Authority - G2/) |
98 |
- { |
99 |
- $cert_alias = "verisignclass2g2ca"; |
100 |
- } |
101 |
- elsif ($cert =~ |
102 |
- /VeriSign Class 2 Public Primary Certification Authority - G3/) |
103 |
- { |
104 |
- $cert_alias = "verisignclass2g3ca"; |
105 |
- } |
106 |
- elsif ($cert =~ /Class 3 Public Primary Certification Authority$/) |
107 |
- { |
108 |
- $cert_alias = "verisignclass3ca"; |
109 |
- } |
110 |
- # Version 1 of Class 3 Public Primary Certification Authority |
111 |
- # - G2 is added. Version 3 is excluded. See below. |
112 |
- elsif ($cert =~ |
113 |
- /VeriSign Class 3 Public Primary Certification Authority - G3/) |
114 |
- { |
115 |
- $cert_alias = "verisignclass3g3ca"; |
116 |
- } |
117 |
- elsif ($cert =~ |
118 |
- /RSA Data Security.*Secure Server Certification Authority/) |
119 |
- { |
120 |
- $cert_alias = "verisignserverca"; |
121 |
- } |
122 |
- elsif ($cert =~ /GTE CyberTrust Global Root/) |
123 |
- { |
124 |
- $cert_alias = "gtecybertrustglobalca"; |
125 |
- } |
126 |
- elsif ($cert =~ /Baltimore CyberTrust Root/) |
127 |
- { |
128 |
- $cert_alias = "baltimorecybertrustca"; |
129 |
- } |
130 |
- elsif ($cert =~ /www.entrust.net\/Client_CA_Info\/CPS/) |
131 |
- { |
132 |
- $cert_alias = "entrustclientca"; |
133 |
- } |
134 |
- elsif ($cert =~ /www.entrust.net\/GCCA_CPS/) |
135 |
- { |
136 |
- $cert_alias = "entrustglobalclientca"; |
137 |
- } |
138 |
- elsif ($cert =~ /www.entrust.net\/CPS_2048/) |
139 |
- { |
140 |
- $cert_alias = "entrust2048ca"; |
141 |
- } |
142 |
- elsif ($cert =~ /www.entrust.net\/CPS /) |
143 |
- { |
144 |
- $cert_alias = "entrustsslca"; |
145 |
- } |
146 |
- elsif ($cert =~ /www.entrust.net\/SSL_CPS/) |
147 |
- { |
148 |
- $cert_alias = "entrustgsslca"; |
149 |
- } |
150 |
- elsif ($cert =~ /The Go Daddy Group/) |
151 |
- { |
152 |
- $cert_alias = "godaddyclass2ca"; |
153 |
- } |
154 |
- elsif ($cert =~ /Starfield Class 2 Certification Authority/) |
155 |
- { |
156 |
- $cert_alias = "starfieldclass2ca"; |
157 |
- } |
158 |
- elsif ($cert =~ /ValiCert Class 2 Policy Validation Authority/) |
159 |
- { |
160 |
- $cert_alias = "valicertclass2ca"; |
161 |
- } |
162 |
- elsif ($cert =~ /GeoTrust Global CA$/) |
163 |
- { |
164 |
- $cert_alias = "geotrustglobalca"; |
165 |
- } |
166 |
- elsif ($cert =~ /Equifax Secure Certificate Authority/) |
167 |
- { |
168 |
- $cert_alias = "equifaxsecureca"; |
169 |
- } |
170 |
- elsif ($cert =~ /Equifax Secure eBusiness CA-1/) |
171 |
- { |
172 |
- $cert_alias = "equifaxsecureebusinessca1"; |
173 |
- } |
174 |
- elsif ($cert =~ /Equifax Secure eBusiness CA-2/) |
175 |
- { |
176 |
- $cert_alias = "equifaxsecureebusinessca2"; |
177 |
- } |
178 |
- elsif ($cert =~ /Equifax Secure Global eBusiness CA-1/) |
179 |
- { |
180 |
- $cert_alias = "equifaxsecureglobalebusinessca1"; |
181 |
- } |
182 |
- elsif ($cert =~ /Sonera Class1 CA/) |
183 |
- { |
184 |
- $cert_alias = "soneraclass1ca"; |
185 |
- } |
186 |
- elsif ($cert =~ /Sonera Class2 CA/) |
187 |
- { |
188 |
- $cert_alias = "soneraclass2ca"; |
189 |
- } |
190 |
- elsif ($cert =~ /AAA Certificate Services/) |
191 |
- { |
192 |
- $cert_alias = "comodoaaaca"; |
193 |
- } |
194 |
- elsif ($cert =~ /AddTrust Class 1 CA Root/) |
195 |
- { |
196 |
- $cert_alias = "addtrustclass1ca"; |
197 |
- } |
198 |
- elsif ($cert =~ /AddTrust External CA Root/) |
199 |
- { |
200 |
- $cert_alias = "addtrustexternalca"; |
201 |
- } |
202 |
- elsif ($cert =~ /AddTrust Qualified CA Root/) |
203 |
- { |
204 |
- $cert_alias = "addtrustqualifiedca"; |
205 |
- } |
206 |
- elsif ($cert =~ /UTN-USERFirst-Hardware/) |
207 |
- { |
208 |
- $cert_alias = "utnuserfirsthardwareca"; |
209 |
- } |
210 |
- elsif ($cert =~ /UTN-USERFirst-Client Authentication and Email/) |
211 |
- { |
212 |
- $cert_alias = "utnuserfirstclientauthemailca"; |
213 |
- } |
214 |
- elsif ($cert =~ /UTN - DATACorp SGC/) |
215 |
- { |
216 |
- $cert_alias = "utndatacorpsgcca"; |
217 |
- } |
218 |
- elsif ($cert =~ /UTN-USERFirst-Object/) |
219 |
- { |
220 |
- $cert_alias = "utnuserfirstobjectca"; |
221 |
- } |
222 |
- elsif ($cert =~ /America Online Root Certification Authority 1/) |
223 |
- { |
224 |
- $cert_alias = "aolrootca1"; |
225 |
- } |
226 |
- elsif ($cert =~ /DigiCert Assured ID Root CA/) |
227 |
- { |
228 |
- $cert_alias = "digicertassuredidrootca"; |
229 |
- } |
230 |
- elsif ($cert =~ /DigiCert Global Root CA/) |
231 |
- { |
232 |
- $cert_alias = "digicertglobalrootca"; |
233 |
- } |
234 |
- elsif ($cert =~ /DigiCert High Assurance EV Root CA/) |
235 |
- { |
236 |
- $cert_alias = "digicerthighassuranceevrootca"; |
237 |
- } |
238 |
- elsif ($cert =~ /GlobalSign Root CA$/) |
239 |
- { |
240 |
- $cert_alias = "globalsignca"; |
241 |
- } |
242 |
- elsif ($cert =~ /GlobalSign Root CA - R2/) |
243 |
- { |
244 |
- $cert_alias = "globalsignr2ca"; |
245 |
- } |
246 |
- elsif ($cert =~ /Elektronik.*Kas.*2005/) |
247 |
- { |
248 |
- $cert_alias = "extra-elektronikkas2005"; |
249 |
- } |
250 |
- elsif ($cert =~ /Elektronik/) |
251 |
- { |
252 |
- $cert_alias = "extra-elektronik2005"; |
253 |
- } |
254 |
- # Mozilla does not provide these certificates: |
255 |
- # baltimorecodesigningca |
256 |
- # gtecybertrust5ca |
257 |
- # trustcenterclass2caii |
258 |
- # trustcenterclass4caii |
259 |
- # trustcenteruniversalcai |
260 |
- else |
261 |
- { |
262 |
- # Generate an alias using the OU and CN attributes of the |
263 |
- # Issuer field if both are present, otherwise use only the |
264 |
- # CN attribute. The Issuer field must have either the OU |
265 |
- # or the CN attribute. |
266 |
- $_ = $cert; |
267 |
- if ($cert =~ /OU=/) |
268 |
- { |
269 |
- s/Issuer:.*?OU=//; |
270 |
- # Remove other occurrences of OU=. |
271 |
- s/OU=.*CN=//; |
272 |
- # Remove CN= if there were not other occurrences of OU=. |
273 |
- s/CN=//; |
274 |
- s/\/emailAddress.*//; |
275 |
- s/Certificate Authority/ca/g; |
276 |
- s/Certification Authority/ca/g; |
277 |
- } |
278 |
- elsif ($cert =~ /CN=/) |
279 |
- { |
280 |
- s/Issuer:.*CN=//; |
281 |
- s/\/emailAddress.*//; |
282 |
- s/Certificate Authority/ca/g; |
283 |
- s/Certification Authority/ca/g; |
284 |
- } |
285 |
- s/\W//g; |
286 |
- tr/A-Z/a-z/; |
287 |
- $cert_alias = "extra-$_"; |
288 |
- |
289 |
- } |
290 |
- while (-e "$cert_alias.pem") |
291 |
- { |
292 |
- $cert_alias = "$cert_alias" . "_"; |
293 |
- } |
294 |
- } |
295 |
- # When it attempts to parse: |
296 |
- # |
297 |
- # Class 3 Public Primary Certification Authority - G2, Version 3 |
298 |
- # |
299 |
- # keytool says: |
300 |
- # |
301 |
- # #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false |
302 |
- # Unparseable AuthorityInfoAccess extension due to |
303 |
- # java.io.IOException: Invalid encoding of URI |
304 |
- # |
305 |
- # If we do not exclude this file |
306 |
- # openjdk/jdk/test/lib/security/cacerts/VerifyCACerts.java fails |
307 |
- # on this cert, printing: |
308 |
- # |
309 |
- # Couldn't verify: java.security.SignatureException: Signature |
310 |
- # does not match. |
311 |
- # |
312 |
- elsif ($cert =~ |
313 |
- /A6:0F:34:C8:62:6C:81:F6:8B:F7:7D:A9:F6:67:58:8A:90:3F:7D:36/) |
314 |
- { |
315 |
- $write_current_cert = 0; |
316 |
- $pem_file_count--; |
317 |
- } |
318 |
- elsif ($cert eq "-----BEGIN CERTIFICATE-----\n") |
319 |
- { |
320 |
- if ($in_cert_block != 0) |
321 |
- { |
322 |
- die "$file is malformed."; |
323 |
- } |
324 |
- $in_cert_block = 1; |
325 |
- if ($write_current_cert == 1) |
326 |
- { |
327 |
- $pem_file_count++; |
328 |
- if (-e "$cert_alias.pem") |
329 |
- { |
330 |
- print "$cert_alias"; |
331 |
- die "already exists" |
332 |
- } |
333 |
- open(PEM, ">$cert_alias.pem"); |
334 |
- print PEM $cert; |
335 |
- } |
336 |
- } |
337 |
- elsif ($cert eq "-----END CERTIFICATE-----\n") |
338 |
- { |
339 |
- $in_cert_block = 0; |
340 |
- if ($write_current_cert == 1) |
341 |
- { |
342 |
- print PEM $cert; |
343 |
- close(PEM); |
344 |
- } |
345 |
- $write_current_cert = 1 |
346 |
- } |
347 |
- else |
348 |
- { |
349 |
- if ($in_cert_block == 1 && $write_current_cert == 1) |
350 |
- { |
351 |
- print PEM $cert; |
352 |
- } |
353 |
- } |
354 |
-} |
355 |
- |
356 |
-# Check that the correct number of .pem files were produced. |
357 |
-@pem_files = <*.pem>; |
358 |
-if (@pem_files != $pem_file_count) |
359 |
-{ |
360 |
- print "$pem_file_count"; |
361 |
- die "Number of .pem files produced does not match". |
362 |
- " number of certs read from $file."; |
363 |
-} |
364 |
- |
365 |
-# Now store each cert in the 'cacerts' file using keytool. |
366 |
-$certs_written_count = 0; |
367 |
-foreach $pem_file (@pem_files) |
368 |
-{ |
369 |
- system "$ARGV[0] -noprompt -import". |
370 |
- " -alias `basename $pem_file .pem`". |
371 |
- " -keystore cacerts -storepass 'changeit' -file $pem_file"; |
372 |
- unlink($pem_file); |
373 |
- $certs_written_count++; |
374 |
-} |
375 |
- |
376 |
-# Check that the correct number of certs were added to the keystore. |
377 |
-if ($certs_written_count != $pem_file_count) |
378 |
-{ |
379 |
- die "Number of certs added to keystore does not match". |
380 |
- " number of certs read from $file."; |
381 |
-} |