1# -*- coding:utf-8 -*- 2# Copyright (c) 2015 The WebRTC project authors. All Rights Reserved. 3# 4# Use of this source code is governed by a BSD-style license 5# that can be found in the LICENSE file in the root of the source 6# tree. An additional intellectual property rights grant can be found 7# in the file PATENTS. All contributing project authors may 8# be found in the AUTHORS file in the root of the source tree. 9 10 11"""This is a tool to transform a crt file into a C/C++ header. 12 13Usage: 14generate_sslroots.py cert_file.crt [--verbose | -v] [--full_cert | -f] 15 16Arguments: 17 -v Print output while running. 18 -f Add public key and certificate name. Default is to skip and reduce 19 generated file size. 20""" 21 22import commands 23from optparse import OptionParser 24import os 25import re 26import string 27 28_GENERATED_FILE = 'ssl_roots.h' 29_PREFIX = '__generated__' 30_EXTENSION = '.crt' 31_SUBJECT_NAME_ARRAY = 'subject_name' 32_SUBJECT_NAME_VARIABLE = 'SubjectName' 33_PUBLIC_KEY_ARRAY = 'public_key' 34_PUBLIC_KEY_VARIABLE = 'PublicKey' 35_CERTIFICATE_ARRAY = 'certificate' 36_CERTIFICATE_VARIABLE = 'Certificate' 37_CERTIFICATE_SIZE_VARIABLE = 'CertificateSize' 38_INT_TYPE = 'size_t' 39_CHAR_TYPE = 'const unsigned char*' 40_VERBOSE = 'verbose' 41 42 43def main(): 44 """The main entrypoint.""" 45 parser = OptionParser('usage %prog FILE') 46 parser.add_option('-v', '--verbose', dest='verbose', action='store_true') 47 parser.add_option('-f', '--full_cert', dest='full_cert', action='store_true') 48 options, args = parser.parse_args() 49 if len(args) < 1: 50 parser.error('No crt file specified.') 51 return 52 root_dir = _SplitCrt(args[0], options) 53 _GenCFiles(root_dir, options) 54 _Cleanup(root_dir) 55 56 57def _SplitCrt(source_file, options): 58 sub_file_blocks = [] 59 label_name = '' 60 root_dir = os.path.dirname(os.path.abspath(source_file)) + '/' 61 _PrintOutput(root_dir, options) 62 f = open(source_file) 63 for line in f: 64 if line.startswith('# Label: '): 65 sub_file_blocks.append(line) 66 label = re.search(r'\".*\"', line) 67 temp_label = label.group(0) 68 end = len(temp_label)-1 69 label_name = _SafeName(temp_label[1:end]) 70 elif line.startswith('-----END CERTIFICATE-----'): 71 sub_file_blocks.append(line) 72 new_file_name = root_dir + _PREFIX + label_name + _EXTENSION 73 _PrintOutput('Generating: ' + new_file_name, options) 74 new_file = open(new_file_name, 'w') 75 for out_line in sub_file_blocks: 76 new_file.write(out_line) 77 new_file.close() 78 sub_file_blocks = [] 79 else: 80 sub_file_blocks.append(line) 81 f.close() 82 return root_dir 83 84 85def _GenCFiles(root_dir, options): 86 output_header_file = open(root_dir + _GENERATED_FILE, 'w') 87 output_header_file.write(_CreateOutputHeader()) 88 if options.full_cert: 89 subject_name_list = _CreateArraySectionHeader(_SUBJECT_NAME_VARIABLE, 90 _CHAR_TYPE, options) 91 public_key_list = _CreateArraySectionHeader(_PUBLIC_KEY_VARIABLE, 92 _CHAR_TYPE, options) 93 certificate_list = _CreateArraySectionHeader(_CERTIFICATE_VARIABLE, 94 _CHAR_TYPE, options) 95 certificate_size_list = _CreateArraySectionHeader(_CERTIFICATE_SIZE_VARIABLE, 96 _INT_TYPE, options) 97 98 for _, _, files in os.walk(root_dir): 99 for current_file in files: 100 if current_file.startswith(_PREFIX): 101 prefix_length = len(_PREFIX) 102 length = len(current_file) - len(_EXTENSION) 103 label = current_file[prefix_length:length] 104 filtered_output, cert_size = _CreateCertSection(root_dir, current_file, 105 label, options) 106 output_header_file.write(filtered_output + '\n\n\n') 107 if options.full_cert: 108 subject_name_list += _AddLabelToArray(label, _SUBJECT_NAME_ARRAY) 109 public_key_list += _AddLabelToArray(label, _PUBLIC_KEY_ARRAY) 110 certificate_list += _AddLabelToArray(label, _CERTIFICATE_ARRAY) 111 certificate_size_list += (' %s,\n') %(cert_size) 112 113 if options.full_cert: 114 subject_name_list += _CreateArraySectionFooter() 115 output_header_file.write(subject_name_list) 116 public_key_list += _CreateArraySectionFooter() 117 output_header_file.write(public_key_list) 118 certificate_list += _CreateArraySectionFooter() 119 output_header_file.write(certificate_list) 120 certificate_size_list += _CreateArraySectionFooter() 121 output_header_file.write(certificate_size_list) 122 output_header_file.close() 123 124 125def _Cleanup(root_dir): 126 for f in os.listdir(root_dir): 127 if f.startswith(_PREFIX): 128 os.remove(root_dir + f) 129 130 131def _CreateCertSection(root_dir, source_file, label, options): 132 command = 'openssl x509 -in %s%s -noout -C' %(root_dir, source_file) 133 _PrintOutput(command, options) 134 output = commands.getstatusoutput(command)[1] 135 renamed_output = output.replace('unsigned char XXX_', 136 'const unsigned char ' + label + '_') 137 filtered_output = '' 138 cert_block = '^const unsigned char.*?};$' 139 prog = re.compile(cert_block, re.IGNORECASE | re.MULTILINE | re.DOTALL) 140 if not options.full_cert: 141 filtered_output = prog.sub('', renamed_output, count=2) 142 else: 143 filtered_output = renamed_output 144 145 cert_size_block = r'\d\d\d+' 146 prog2 = re.compile(cert_size_block, re.MULTILINE | re.VERBOSE) 147 result = prog2.findall(renamed_output) 148 cert_size = result[len(result) - 1] 149 150 return filtered_output, cert_size 151 152 153def _CreateOutputHeader(): 154 output = ('// This file is the root certificates in C form that are needed to' 155 ' connect to\n// Google.\n\n' 156 '// It was generated with the following command line:\n' 157 '// > python tools/certs/generate_sslroots.py' 158 '\n// https://pki.google.com/roots.pem\n\n') 159 return output 160 161 162def _CreateArraySectionHeader(type_name, type_type, options): 163 output = ('const %s kSSLCert%sList[] = {\n') %(type_type, type_name) 164 _PrintOutput(output, options) 165 return output 166 167 168def _AddLabelToArray(label, type_name): 169 return ' %s_%s,\n' %(label, type_name) 170 171 172def _CreateArraySectionFooter(): 173 return '};\n\n' 174 175 176def _SafeName(original_file_name): 177 bad_chars = ' -./\\()áéíőú' 178 replacement_chars = '' 179 for _ in bad_chars: 180 replacement_chars += '_' 181 translation_table = string.maketrans(bad_chars, replacement_chars) 182 return original_file_name.translate(translation_table) 183 184 185def _PrintOutput(output, options): 186 if options.verbose: 187 print output 188 189if __name__ == '__main__': 190 main() 191