/* $OpenBSD: print.c,v 1.6 2022/03/21 10:39:51 claudio Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include #include #include #include #include "extern.h" static const char * pretty_key_id(const char *hex) { static char buf[128]; /* bigger than SHA_DIGEST_LENGTH * 3 */ size_t i; for (i = 0; i < sizeof(buf) && *hex != '\0'; i++) { if (i % 3 == 2) buf[i] = ':'; else buf[i] = *hex++; } if (i == sizeof(buf)) memcpy(buf + sizeof(buf) - 4, "...", 4); else buf[i] = '\0'; return buf; } char * time2str(time_t t) { static char buf[64]; struct tm tm; if (gmtime_r(&t, &tm) == NULL) return "could not convert time"; strftime(buf, sizeof(buf), "%h %d %T %Y %Z", &tm); return buf; } void tal_print(const struct tal *p) { size_t i; for (i = 0; i < p->urisz; i++) printf("%5zu: URI: %s\n", i + 1, p->uri[i]); } void cert_print(const struct cert *p) { size_t i; char buf1[64], buf2[64]; int sockt; char tbuf[21]; printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); if (p->aki != NULL) printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); if (p->aia != NULL) printf("Authority info access: %s\n", p->aia); if (p->mft != NULL) printf("Manifest: %s\n", p->mft); if (p->repo != NULL) printf("caRepository: %s\n", p->repo); if (p->notify != NULL) printf("Notify URL: %s\n", p->notify); if (p->pubkey != NULL) printf("BGPsec P-256 ECDSA public key: %s\n", p->pubkey); strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires)); printf("Valid until: %s\n", tbuf); printf("Subordinate Resources:\n"); for (i = 0; i < p->asz; i++) switch (p->as[i].type) { case CERT_AS_ID: printf("%5zu: AS: %u\n", i + 1, p->as[i].id); break; case CERT_AS_INHERIT: printf("%5zu: AS: inherit\n", i + 1); break; case CERT_AS_RANGE: printf("%5zu: AS: %u -- %u\n", i + 1, p->as[i].range.min, p->as[i].range.max); break; } for (i = 0; i < p->ipsz; i++) switch (p->ips[i].type) { case CERT_IP_INHERIT: printf("%5zu: IP: inherit\n", i + 1); break; case CERT_IP_ADDR: ip_addr_print(&p->ips[i].ip, p->ips[i].afi, buf1, sizeof(buf1)); printf("%5zu: IP: %s\n", i + 1, buf1); break; case CERT_IP_RANGE: sockt = (p->ips[i].afi == AFI_IPV4) ? AF_INET : AF_INET6; inet_ntop(sockt, p->ips[i].min, buf1, sizeof(buf1)); inet_ntop(sockt, p->ips[i].max, buf2, sizeof(buf2)); printf("%5zu: IP: %s -- %s\n", i + 1, buf1, buf2); break; } } void crl_print(const struct crl *p) { STACK_OF(X509_REVOKED) *revlist; X509_REVOKED *rev; ASN1_INTEGER *crlnum; int i; char *serial; time_t t; printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); crlnum = X509_CRL_get_ext_d2i(p->x509_crl, NID_crl_number, NULL, NULL); serial = x509_convert_seqnum(__func__, crlnum); if (serial != NULL) printf("CRL Serial Number: %s\n", serial); free(serial); ASN1_INTEGER_free(crlnum); printf("CRL valid since: %s\n", time2str(p->issued)); printf("CRL valid until: %s\n", time2str(p->expires)); revlist = X509_CRL_get_REVOKED(p->x509_crl); for (i = 0; i < sk_X509_REVOKED_num(revlist); i++) { if (i == 0) printf("Revoked Certificates:\n"); rev = sk_X509_REVOKED_value(revlist, i); serial = x509_convert_seqnum(__func__, X509_REVOKED_get0_serialNumber(rev)); x509_get_time(X509_REVOKED_get0_revocationDate(rev), &t); if (serial != NULL) printf(" Serial: %8s Revocation Date: %s\n", serial, time2str(t)); free(serial); } if (i == 0) printf("No Revoked Certificates\n"); } void mft_print(const struct mft *p) { size_t i; char *hash; printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); printf("Authority info access: %s\n", p->aia); printf("Manifest Number: %s\n", p->seqnum); for (i = 0; i < p->filesz; i++) { if (base64_encode(p->files[i].hash, sizeof(p->files[i].hash), &hash) == -1) errx(1, "base64_encode failure"); printf("%5zu: %s\n", i + 1, p->files[i].file); printf("\thash %s\n", hash); free(hash); } } void roa_print(const struct roa *p) { char buf[128]; size_t i; printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); printf("Authority info access: %s\n", p->aia); printf("ROA valid until: %s\n", time2str(p->expires)); printf("asID: %u\n", p->asid); for (i = 0; i < p->ipsz; i++) { ip_addr_print(&p->ips[i].addr, p->ips[i].afi, buf, sizeof(buf)); printf("%5zu: %s maxlen: %hhu\n", i + 1, buf, p->ips[i].maxlength); } } void gbr_print(const struct gbr *p) { printf("Subject key identifier: %s\n", pretty_key_id(p->ski)); printf("Authority key identifier: %s\n", pretty_key_id(p->aki)); printf("Authority info access: %s\n", p->aia); printf("vcard:\n%s", p->vcard); }