Go to most recent revision | Blame | Last modification | View Log | RSS feed
#!/usr/bin/php<?php// Generate keypair with:// openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192// openssl rsa -pubout -in private.pem -out public.pemif ($argc < 2) {die("Syntax: $argv[0] file1 [file2 ...]\n");}if (!file_exists(__DIR__.'/private.pem')) {echo "Key private.pem not found\n";}for ($i=1; $i<$argc; $i++) {$file = $argv[$i];$cont = file_get_contents($file);$original = $cont;if (strpos($cont, '<?php') === false) {echo "Not a PHP file: $file\n";continue;}$naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont);$hash = hash("sha256", $naked.basename($file));$pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem');openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256);openssl_free_key($pkeyid);if (!$signature) {echo "ERROR: $file\n";continue;}$sign_line = '<?php /* <ViaThinkSoftSignature>'.base64_encode($signature).'</ViaThinkSoftSignature> */ ?>';if (substr($cont,0,2) === '#!') {// Preserve shebang$shebang_pos = strpos($naked, "\n");$shebang = substr($naked, 0, $shebang_pos);$rest = substr($naked, $shebang_pos+1);$cont = $shebang."\n".$sign_line."\n".$rest;} else {$cont = $sign_line."\n".$naked;}if ($cont != $original) {echo "Signed: $file\n";file_put_contents($file, $cont);} else {echo "Already signed: $file\n";}}