#! /usr/bin/perl -w # Copyright 2001 VeriSign # Written by Mike Schiraldi use strict; use IPC::Open2; use MIME::Base64; use FileHandle; sub pipeexec ($$); my $cert; { local $/; $cert = ; } $cert =~ s/^-*BEGIN CERTIFICATE-*$//m; $cert =~ s/^-*END CERTIFICATE-*$//m; if ($cert !~ /[^A-Za-z0-9+=\/\s]/) { $cert = MIME::Base64::decode $cert; } my $pipe = pipeexec "openssl x509 -inform DER -text -noout", $cert; my $address; my $algo; my $live; while (<$pipe>) { $live = 1; chomp; /^\s+Subject\:.*Email=(.*)/ and $address = $1; /^\s+Signature Algorithm\: (.*)/ and $algo = $1; } $live or die; defined $address or $address = '(null)'; $address =~ s/\@/\./ or die "Bad email address: $address\n"; defined $algo or $algo = '(null)'; $algo eq 'md5WithRSAEncryption' or die "Bad algorithm: $algo\n"; my @tmp1 = split //, $cert; my @tmp2 = unpack "CC", $tmp1[-3] . $tmp1[-2]; my $tag = ($tmp2[0] << 8) | $tmp2[1]; my $rr = "$address. 86400 IN CERT PKIX $tag RSAMD5 (\n" . (MIME::Base64::encode $cert) . ")\n"; $rr =~ s/\n(.)/\n\t$1/g; print $rr; sub pipeexec ($$) { my $cmd = shift; my $input = shift; my $pid; my $rdr = new FileHandle; my $wtr = new FileHandle; $pid = IPC::Open2::open2 $rdr, $wtr, $cmd or die; print $wtr $input; close $wtr; waitpid ($pid, 0) > 0 or die; $? and die "$? returned by $cmd\n"; return $rdr; }