Move expiry_whitelist.txt out to ukf-data project.

Implements #19. Remove the badly implemented (in practice mandatory) -q option to check_embedded.pl, replacing it with a mandatory option containing the location of the whitelist file.
InCommon · Jan 18, 2017 · d9318b3 · d9318b3
1 parent 1bb7bf3
commit d9318b3
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 96 deletions.
diff --git a/build.xml b/build.xml
@@ -2426,7 +2426,7 @@
         <exec executable="perl" dir="${utilities.dir}"
             input="${temp.dir}/embedded.pem">
             <arg value="${utilities.dir}/check_embedded.pl"/>
-            <arg value="-q"/>
+            <arg value="${entities.dir}/expiry_whitelist.txt"/>
         </exec>
         <delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
     </target>

diff --git a/utilities/check_embedded.pl b/utilities/check_embedded.pl
@@ -13,7 +13,7 @@
 #
 # Command line options:
 #
-#	-q	quiet		don't print anything out if there are no problems detected
+#   check_embedded.pl whitelistfile inputfile
 #
 
 #
@@ -31,22 +31,6 @@
 #
 my $longExpiredDays = 30*3; # about three months
 
-#
-# Load expiry whitelist.
-#
-open(WL, 'expiry_whitelist.txt') || die "can't open certificate expiry whitelist";
-while (<WL>) {
-	# fold lines
-	while (/^(.*)\\\s*$/) {
-		chomp;
-		$_ .= ' ' . <WL>;
-	}
-	next if /^\s*#/;	# drop comments
-	next if /^\s*$/;	# drop blank lines
-	my ($fingerprint) = split;
-	$expiry_whitelist{uc $fingerprint} = 'unused';
-}
-
 sub error {
 	my($s) = @_;
 	push(@olines, '   *** ' . $s . ' ***');
@@ -67,10 +51,7 @@ sub comment {
 #
 # Process command-line options.
 #
-while (@ARGV) {
-	$arg = shift @ARGV;
-	$quiet = 1 if $arg eq '-q';
-}
+$whitelistfile = shift @ARGV;
 
 #
 # Hash of already-seen blobs.
@@ -106,6 +87,22 @@ sub comment {
 
 my $total_certs = 0;
 
+#
+# Load expiry whitelist.
+#
+open(WL, $whitelistfile) || die "can't open certificate expiry whitelist $whitelistfile";
+while (<WL>) {
+    # fold lines
+    while (/^(.*)\\\s*$/) {
+        chomp;
+        $_ .= ' ' . <WL>;
+    }
+    next if /^\s*#/;    # drop comments
+    next if /^\s*$/;    # drop blank lines
+    my ($fingerprint) = split;
+    $expiry_whitelist{uc $fingerprint} = 'unused';
+}
+
 while (<>) {
 
 	#
@@ -369,7 +366,7 @@ sub comment {
 		#
 		# Print any interesting things related to this certificate.
 		#
-		if ($printme || !$quiet) {
+		if ($printme) {
 			foreach $oline (@olines) {
 				print $oline, "\n";
 			}

diff --git a/utilities/expiry_whitelist.txt b/utilities/expiry_whitelist.txt