diff options
Diffstat (limited to 'scripts/mass-revoke.php')
| -rwxr-xr-x | scripts/mass-revoke.php | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/scripts/mass-revoke.php b/scripts/mass-revoke.php new file mode 100755 index 0000000..18c036b --- /dev/null +++ b/scripts/mass-revoke.php @@ -0,0 +1,89 @@ +#!/usr/bin/php -q +<? /* + LibreSSL - CAcert web application + Copyright (C) 2004-2011 CAcert Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +*/ + +# Companion script to DumpWeakCerts.pl, takes output and revokes weak certs +# Only first and last column ($cert_type and $cert_recid) are used, the others +# are ignored + +include_once("../includes/mysql.php"); +# Main + +$num_domain = 0; +$num_client = 0; +$num_orgdomain = 0; +$num_orgclient = 0; + +$num_failures = 0; + +$in = fopen("php://stdin", "r"); + +# The restriction on revoked timestamp os only "to be sure" for non-Org certs, +# but Org certs (email and serer) may be included multiple times in the output +# of DumpWeakCerts.pl (once for each OrgAdmin). +while($in_string = rtrim(fgets($in))) { + list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason, + $cert_serial, $cert_recid) = explode("\t", $in_string); + + if ($cert_type == "DomainCert") { + $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_domain+=mysql_affected_rows(); + + } else if ($cert_type == "EmailCert") { + $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_client+=mysql_affected_rows(); + + } else if ($cert_type == "OrgServerCert") { + $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_orgdomain+=mysql_affected_rows(); + + } else if ($cert_type == "OrgEmailCert") { + $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01' + where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'"; + + if (!mysql_query($query)) { + $num_failures++; + } + $num_orgclient+=mysql_affected_rows(); + } +} + +fclose($in); + +echo "Certificates revoked: ". + "$num_domain server certs, ". + "$num_client client certs, ". + "$num_orgdomain Org server certs, ". + "$num_orgclient Org client certs.\n"; +echo "Update failures: $num_failures\n"; +?> |