Go to most recent revision | Blame | Last modification | View Log | RSS feed
#!/usr/bin/php
<?php
// Generate keypair with:
// openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192
// openssl rsa -pubout -in private.pem -out public.pem
if ($argc < 2) {
die("Syntax: $argv[0] file1 [file2 ...]\n");
}
if (!file_exists(__DIR__.'/private.pem')) {
echo "Key private.pem not found\n";
}
for ($i=1; $i<$argc; $i++) {
$file = $argv[$i];
$cont = file_get_contents($file);
$original = $cont;
if (strpos($cont, '<?php') === false) {
echo "Not a PHP file: $file\n";
continue;
}
$naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont);
$hash = hash("sha256", $naked.basename($file));
$pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem');
openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256);
openssl_free_key($pkeyid);
if (!$signature) {
echo "ERROR: $file\n";
continue;
}
$sign_line = '<?php /* <ViaThinkSoftSignature>'.base64_encode($signature).'</ViaThinkSoftSignature> */ ?>';
if (substr($cont,0,2) === '#!') {
// Preserve shebang
$shebang_pos = strpos($naked, "\n");
$shebang = substr($naked, 0, $shebang_pos);
$rest = substr($naked, $shebang_pos+1);
$cont = $shebang."\n".$sign_line."\n".$rest;
} else {
$cont = $sign_line."\n".$naked;
}
if ($cont != $original) {
echo "Signed: $file\n";
file_put_contents($file, $cont);
} else {
echo "Already signed: $file\n";
}
}