Rev 33 | Go to most recent revision | Blame | Last modification | View Log | RSS feed
#!/usr/bin/php<?php/** VNag - Nagios Framework for PHP* Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com>* Licensed under the terms of the Apache 2.0 license** Revision 2018-11-06*/// Generate keypair with:// openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:8192// openssl rsa -pubout -in private.pem -out public.pemif ($argc < 2) {die("Syntax: $argv[0] file1 [file2 ...]\n");}if (!file_exists(__DIR__.'/private.pem')) {echo "Key private.pem not found\n";}for ($i=1; $i<$argc; $i++) {$file = $argv[$i];if (is_dir($file)) continue;$cont = file_get_contents($file);$original = $cont;if (strpos($cont, '<?php') === false) {echo "Not a PHP file: $file\n";continue;}$naked = preg_replace('@<\?php /\* <ViaThinkSoftSignature>(.+)</ViaThinkSoftSignature> \*/ \?>\n@ismU', '', $cont);$hash = hash("sha256", $naked.basename($file));$pkeyid = @openssl_pkey_get_private('file://'.__DIR__.'/private.pem');openssl_sign($hash, $signature, $pkeyid, OPENSSL_ALGO_SHA256);openssl_free_key($pkeyid);if (!$signature) {echo "ERROR: $file\n";continue;}$sign_line = '<?php /* <ViaThinkSoftSignature>'."\n".split_equal_length(base64_encode($signature),65).'</ViaThinkSoftSignature> */ ?>';// We have to put the signature at the beginning, because we don't know if the end of the file lacks a PHP closing tagif (substr($cont,0,2) === '#!') {// Preserve shebang$shebang_pos = strpos($naked, "\n");$shebang = substr($naked, 0, $shebang_pos);$rest = substr($naked, $shebang_pos+1);$cont = $shebang."\n".$sign_line."\n".$rest;} else {$cont = $sign_line."\n".$naked;}if ($cont != $original) {echo "Signed: $file\n";file_put_contents($file, $cont);} else {echo "Already signed: $file\n";}}# ---function split_equal_length($data, $width=65) {$out = '';for ($i=0; $i<strlen($data); $i+=$width) {$out .= substr($data, $i, $width)."\n";}return $out;}