diff options
| author | Job Snijders <job@cvs.openbsd.org> | 2023-03-13 18:02:59 +0000 |
|---|---|---|
| committer | Job Snijders <job@cvs.openbsd.org> | 2023-03-13 18:02:59 +0000 |
| commit | f2cd2be75419613196b6dd27958c3146ebfe8ae1 (patch) | |
| tree | e2ebc14dfaefebba299e181cd697ebe6b796e9e4 /usr.sbin | |
| parent | 38822f8b2d010756de759fbbf4ea953cf4b950e4 (diff) | |
In filemode for ROAs/ASPAs display when the Signature path will expire
Also rename 'certification path' to 'signature path' for alignment
OK tb@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rpki-client/filemode.c | 37 | ||||
| -rw-r--r-- | usr.sbin/rpki-client/print.c | 6 |
2 files changed, 35 insertions, 8 deletions
diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c index 033574d65e7..12649f2f27a 100644 --- a/usr.sbin/rpki-client/filemode.c +++ b/usr.sbin/rpki-client/filemode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: filemode.c,v 1.24 2023/03/13 15:50:40 job Exp $ */ +/* $OpenBSD: filemode.c,v 1.25 2023/03/13 18:02:58 job Exp $ */ /* * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -258,10 +258,10 @@ find_tal(struct cert *cert) } static void -print_certification_path(const char *crl, const char *aia, const struct auth *a) +print_signature_path(const char *crl, const char *aia, const struct auth *a) { if (crl != NULL) - printf("Certification path: %s\n", crl); + printf("Signature path: %s\n", crl); if (aia != NULL) printf(" %s\n", aia); @@ -293,6 +293,7 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) struct tal *tal = NULL; char *aia = NULL, *aki = NULL; char *crl_uri = NULL; + time_t *expires = NULL, *notafter = NULL; struct auth *a; struct crl *c; const char *errstr = NULL; @@ -339,9 +340,10 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) aspa = aspa_parse(&x509, file, buf, len); if (aspa == NULL) break; - aspa_print(x509, aspa); aia = aspa->aia; aki = aspa->aki; + expires = &aspa->expires; + notafter = &aspa->notafter; break; case RTYPE_CER: cert = cert_parse_pre(file, buf, len); @@ -393,9 +395,10 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) roa = roa_parse(&x509, file, buf, len); if (roa == NULL) break; - roa_print(x509, roa); aia = roa->aia; aki = roa->aki; + expires = &roa->expires; + notafter = &roa->notafter; break; case RTYPE_RSC: rsc = rsc_parse(&x509, file, buf, len); @@ -467,6 +470,22 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) } } + if (expires != NULL) { + if (status) + *expires = x509_find_expires(*notafter, a, &crlt); + + switch (type) { + case RTYPE_ASPA: + aspa_print(x509, aspa); + break; + case RTYPE_ROA: + roa_print(x509, roa); + break; + default: + break; + } + } + if (outformats & FORMAT_JSON) printf("\t\"validation\": \""); else @@ -489,8 +508,12 @@ proc_parser_file(char *file, unsigned char *buf, size_t len) else { printf("\n"); - if (status && aia != NULL) - print_certification_path(crl_uri, aia, a); + if (status && aia != NULL) { + print_signature_path(crl_uri, aia, a); + if (expires != NULL) + printf("Signature path expires: %s\n", + time2str(*expires)); + } if (x509 == NULL) goto out; diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c index 209ad361439..63b7ff9b944 100644 --- a/usr.sbin/rpki-client/print.c +++ b/usr.sbin/rpki-client/print.c @@ -1,4 +1,4 @@ -/* $OpenBSD: print.c,v 1.32 2023/03/13 09:24:37 job Exp $ */ +/* $OpenBSD: print.c,v 1.33 2023/03/13 18:02:58 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org> * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv> @@ -453,6 +453,8 @@ roa_print(const X509 *x, const struct roa *p) (long long)p->signtime); printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore); printf("\t\"valid_until\": %lld,\n", (long long)p->notafter); + if (p->expires) + printf("\t\"expires\": %lld,\n", (long long)p->expires); } else { printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); x509_print(x); @@ -692,6 +694,8 @@ aspa_print(const X509 *x, const struct aspa *p) (long long)p->signtime); printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore); printf("\t\"valid_until\": %lld,\n", (long long)p->notafter); + if (p->expires) + printf("\t\"expires\": %lld,\n", (long long)p->expires); printf("\t\"customer_asid\": %u,\n", p->custasid); printf("\t\"provider_set\": [\n"); for (i = 0; i < p->providersz; i++) { |