-
Notifications
You must be signed in to change notification settings - Fork 0
/
clean-crl.cin
executable file
·113 lines (97 loc) · 2.88 KB
/
clean-crl.cin
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#! /usr/bin/perl -w
#
use strict;
use Getopt::Long qw(:config no_ignore_case bundling);
my $sccsid = '@(#)$Id$';
my $targetdir;
my $show_help;
my $show_version;
my $verbose;
my $dryrun;
sub help() {
(my $name = $0) =~ s/.*\///;
print <<EOHELP;
The $name utility will eradicate [0-9a-f]{8}.r\\d+ files from
the directory given to the "-l" option if no matching [0-9a-f]{8}.\\d+
file can be found in the same, which in most cases will wipe stale
historic CRLs from an X509_CERT_DIR like directory.
Use at your own risk. It may be wiping files that you would have
liked to keep, or it may kill your pet.
Options:
-l | --cadir <path>
directory to cleanse of old CRL-ish files
-v[v...] | --verbose
become more verbose and talkative
-n | --dryrun
do not actually unlink any files
-V | --version
show a version number
-h | --help
this help text
Examples:
$name -l /etc/grid-security/certificates
Diagnostics:
". not found": consult an expert.
EOHELP
return 1;
}
sub showversion() {
(my $name = $0) =~ s/.*\///;
print "$name version @VERSION@\n";
return 1;
}
&GetOptions(
"l|cadir=s" => \$targetdir,
"n|dryrun" => \$dryrun,
"h|help" => \$show_help,
"v|verbose+" => \$verbose,
"V|version" => \$show_version
) or &help and exit(1);
$show_help and &help() and exit (0);
$show_version and &showversion() and exit (0);
$verbose = 0 unless defined $verbose;
$dryrun = 0 unless defined $dryrun;
die "Error: target directory undefined, please supply -l argument!\n"
unless $targetdir;
die "Error: target directory $targetdir does not exist\n"
unless -e $targetdir;
die "Error: target directory $targetdir is not a directory\n"
unless -d $targetdir;
# read the directory and find all CA like .\d and CRL like files,
# recoding the hashes of the info files in an array, and then in a
# second pass weeding out those CRL ".r*" files that do not have
# a corresponding info or crl_url file
# the remainer is a candidate for deletion
my $dh;
my @crlfiles;
my %infohashes;
opendir($dh,$targetdir) or die "Cannot open $targetdir: $!\n";
while ( my $fn = readdir $dh ) {
$fn =~ /^([0-9a-f]{8})\.(\d+)$/ and do {
$infohashes{$1}=1;
($verbose > 2) and print "Hash $1 belongs to an active CA\n";
};
$fn =~ /^([0-9a-f]{8})\.r(\d+)$/ and do {
push @crlfiles,$fn;
($verbose > 2) and print "File $fn is classified as a CRL file\n";
};
}
my @candidates = grep {
/^([0-9a-f]{8})\.r([0-9]+)$/;
! exists $infohashes{$1};
} @crlfiles;
$verbose > 0 and do {
if ( $#candidates >= 0 ) {
print "The following CRL like files are about to be deleted".
($dryrun?" ... NOT!":".")."\n";
foreach my $fn ( @candidates ) { print " $fn\n"; }
} else {
print "No orphaned CRL like files found in $targetdir\n";
}
};
if ( ! $dryrun ) {
foreach my $fn ( @candidates ) {
unlink("$targetdir/$fn") or warn "Cannot remove $targetdir/$fn: $!\n";
}
}
1;