18c036b8e18df2ff7f2d8b2e1a49a6e99b5cd4d2
[cacert-devel.git] / scripts / mass-revoke.php
1 #!/usr/bin/php -q
2 <? /*
3 LibreSSL - CAcert web application
4 Copyright (C) 2004-2011 CAcert Inc.
5
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; version 2 of the License.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License along
16 with this program; if not, write to the Free Software Foundation, Inc.,
17 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
18 */
19
20 # Companion script to DumpWeakCerts.pl, takes output and revokes weak certs
21 # Only first and last column ($cert_type and $cert_recid) are used, the others
22 # are ignored
23
24 include_once("../includes/mysql.php");
25 # Main
26
27 $num_domain = 0;
28 $num_client = 0;
29 $num_orgdomain = 0;
30 $num_orgclient = 0;
31
32 $num_failures = 0;
33
34 $in = fopen("php://stdin", "r");
35
36 # The restriction on revoked timestamp os only "to be sure" for non-Org certs,
37 # but Org certs (email and serer) may be included multiple times in the output
38 # of DumpWeakCerts.pl (once for each OrgAdmin).
39 while($in_string = rtrim(fgets($in))) {
40 list($cert_type, $cert_email, $owner_name, $cert_expire, $cert_CN, $reason,
41 $cert_serial, $cert_recid) = explode("\t", $in_string);
42
43 if ($cert_type == "DomainCert") {
44 $query = "UPDATE `domaincerts` SET `revoked`='1970-01-01 10:00:01'
45 where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
46
47 if (!mysql_query($query)) {
48 $num_failures++;
49 }
50 $num_domain+=mysql_affected_rows();
51
52 } else if ($cert_type == "EmailCert") {
53 $query = "UPDATE `emailcerts` SET `revoked`='1970-01-01 10:00:01'
54 where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
55
56 if (!mysql_query($query)) {
57 $num_failures++;
58 }
59 $num_client+=mysql_affected_rows();
60
61 } else if ($cert_type == "OrgServerCert") {
62 $query = "UPDATE `orgdomaincerts` SET `revoked`='1970-01-01 10:00:01'
63 where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
64
65 if (!mysql_query($query)) {
66 $num_failures++;
67 }
68 $num_orgdomain+=mysql_affected_rows();
69
70 } else if ($cert_type == "OrgEmailCert") {
71 $query = "UPDATE `orgemailcerts` SET `revoked`='1970-01-01 10:00:01'
72 where `id`='$cert_recid' AND `revoked`<'1970-01-01 10:00:01'";
73
74 if (!mysql_query($query)) {
75 $num_failures++;
76 }
77 $num_orgclient+=mysql_affected_rows();
78 }
79 }
80
81 fclose($in);
82
83 echo "Certificates revoked: ".
84 "$num_domain server certs, ".
85 "$num_client client certs, ".
86 "$num_orgdomain Org server certs, ".
87 "$num_orgclient Org client certs.\n";
88 echo "Update failures: $num_failures\n";
89 ?>