summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJob Snijders <job@cvs.openbsd.org>2023-03-13 18:02:59 +0000
committerJob Snijders <job@cvs.openbsd.org>2023-03-13 18:02:59 +0000
commitf2cd2be75419613196b6dd27958c3146ebfe8ae1 (patch)
treee2ebc14dfaefebba299e181cd697ebe6b796e9e4
parent38822f8b2d010756de759fbbf4ea953cf4b950e4 (diff)
In filemode for ROAs/ASPAs display when the Signature path will expire
Also rename 'certification path' to 'signature path' for alignment OK tb@
-rw-r--r--usr.sbin/rpki-client/filemode.c37
-rw-r--r--usr.sbin/rpki-client/print.c6
2 files changed, 35 insertions, 8 deletions
diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c
index 033574d65e7..12649f2f27a 100644
--- a/usr.sbin/rpki-client/filemode.c
+++ b/usr.sbin/rpki-client/filemode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: filemode.c,v 1.24 2023/03/13 15:50:40 job Exp $ */
+/* $OpenBSD: filemode.c,v 1.25 2023/03/13 18:02:58 job Exp $ */
/*
* Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -258,10 +258,10 @@ find_tal(struct cert *cert)
}
static void
-print_certification_path(const char *crl, const char *aia, const struct auth *a)
+print_signature_path(const char *crl, const char *aia, const struct auth *a)
{
if (crl != NULL)
- printf("Certification path: %s\n", crl);
+ printf("Signature path: %s\n", crl);
if (aia != NULL)
printf(" %s\n", aia);
@@ -293,6 +293,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
struct tal *tal = NULL;
char *aia = NULL, *aki = NULL;
char *crl_uri = NULL;
+ time_t *expires = NULL, *notafter = NULL;
struct auth *a;
struct crl *c;
const char *errstr = NULL;
@@ -339,9 +340,10 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
aspa = aspa_parse(&x509, file, buf, len);
if (aspa == NULL)
break;
- aspa_print(x509, aspa);
aia = aspa->aia;
aki = aspa->aki;
+ expires = &aspa->expires;
+ notafter = &aspa->notafter;
break;
case RTYPE_CER:
cert = cert_parse_pre(file, buf, len);
@@ -393,9 +395,10 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
roa = roa_parse(&x509, file, buf, len);
if (roa == NULL)
break;
- roa_print(x509, roa);
aia = roa->aia;
aki = roa->aki;
+ expires = &roa->expires;
+ notafter = &roa->notafter;
break;
case RTYPE_RSC:
rsc = rsc_parse(&x509, file, buf, len);
@@ -467,6 +470,22 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
}
}
+ if (expires != NULL) {
+ if (status)
+ *expires = x509_find_expires(*notafter, a, &crlt);
+
+ switch (type) {
+ case RTYPE_ASPA:
+ aspa_print(x509, aspa);
+ break;
+ case RTYPE_ROA:
+ roa_print(x509, roa);
+ break;
+ default:
+ break;
+ }
+ }
+
if (outformats & FORMAT_JSON)
printf("\t\"validation\": \"");
else
@@ -489,8 +508,12 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
else {
printf("\n");
- if (status && aia != NULL)
- print_certification_path(crl_uri, aia, a);
+ if (status && aia != NULL) {
+ print_signature_path(crl_uri, aia, a);
+ if (expires != NULL)
+ printf("Signature path expires: %s\n",
+ time2str(*expires));
+ }
if (x509 == NULL)
goto out;
diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 209ad361439..63b7ff9b944 100644
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: print.c,v 1.32 2023/03/13 09:24:37 job Exp $ */
+/* $OpenBSD: print.c,v 1.33 2023/03/13 18:02:58 job Exp $ */
/*
* Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
* Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -453,6 +453,8 @@ roa_print(const X509 *x, const struct roa *p)
(long long)p->signtime);
printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+ if (p->expires)
+ printf("\t\"expires\": %lld,\n", (long long)p->expires);
} else {
printf("Subject key identifier: %s\n", pretty_key_id(p->ski));
x509_print(x);
@@ -692,6 +694,8 @@ aspa_print(const X509 *x, const struct aspa *p)
(long long)p->signtime);
printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+ if (p->expires)
+ printf("\t\"expires\": %lld,\n", (long long)p->expires);
printf("\t\"customer_asid\": %u,\n", p->custasid);
printf("\t\"provider_set\": [\n");
for (i = 0; i < p->providersz; i++) {