Rev 2 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 2 | daniel-mar | 1 | #!/usr/bin/php |
| 2 | <?php |
||
| 3 | |||
| 4 | // Generate keypair with: |
||
| 5 | // openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192 |
||
| 6 | // openssl rsa -pubout -in private.pem -out public.pem |
||
| 7 | |||
| 8 | if ($argc < 2) { |
||
| 9 | die("Syntax: $argv[0] file1 [file2 ...]\n"); |
||
| 10 | } |
||
| 11 | |||
| 12 | if (!file_exists(__DIR__.'/private.pem')) { |
||
| 13 | echo "Key private.pem not found\n"; |
||
| 14 | } |
||
| 15 | |||
| 16 | for ($i=1; $i<$argc; $i++) { |
||
| 17 | $file = $argv[$i]; |
||
| 18 | |||
| 19 | $cont = file_get_contents($file); |
||
| 20 | $original = $cont; |
||
| 21 | |||
| 22 | if (strpos($cont, '<?php') === false) { |
||
| 23 | echo "Not a PHP file: $file\n"; |
||
| 24 | continue; |
||
| 25 | } |
||
| 26 | |||
| 27 | $naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont); |
||
| 28 | |||
| 29 | $hash = hash("sha256", $naked.basename($file)); |
||
| 30 | |||
| 31 | $pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem'); |
||
| 32 | openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256); |
||
| 33 | openssl_free_key($pkeyid); |
||
| 34 | |||
| 35 | if (!$signature) { |
||
| 36 | echo "ERROR: $file\n"; |
||
| 37 | continue; |
||
| 38 | } |
||
| 39 | |||
| 4 | daniel-mar | 40 | $sign_line = '<?php /* <ViaThinkSoftSignature>'."\n".split_equal_length(base64_encode($signature),65).'</ViaThinkSoftSignature> */ ?>'; |
| 41 | |||
| 42 | // We have to put the signature at the beginning, because we don't know if the end of the file lacks a PHP closing tag |
||
| 2 | daniel-mar | 43 | if (substr($cont,0,2) === '#!') { |
| 44 | // Preserve shebang |
||
| 45 | $shebang_pos = strpos($naked, "\n"); |
||
| 46 | $shebang = substr($naked, 0, $shebang_pos); |
||
| 47 | $rest = substr($naked, $shebang_pos+1); |
||
| 48 | $cont = $shebang."\n".$sign_line."\n".$rest; |
||
| 49 | } else { |
||
| 50 | $cont = $sign_line."\n".$naked; |
||
| 51 | } |
||
| 52 | |||
| 53 | if ($cont != $original) { |
||
| 54 | echo "Signed: $file\n"; |
||
| 55 | file_put_contents($file, $cont); |
||
| 56 | } else { |
||
| 57 | echo "Already signed: $file\n"; |
||
| 58 | } |
||
| 59 | } |
||
| 60 | |||
| 4 | daniel-mar | 61 | # --- |
| 62 | |||
| 63 | function split_equal_length($data, $width=65) { |
||
| 64 | $out = ''; |
||
| 65 | for ($i=0; $i<strlen($data); $i+=$width) { |
||
| 66 | $out .= substr($data, $i, $width)."\n"; |
||
| 67 | } |
||
| 68 | return $out; |
||
| 69 | } |
||
| 70 |