In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 74119a5..cb8994e 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.174 2023/03/13 09:24:37 job Exp $ */
+/*     $OpenBSD: extern.h,v 1.175 2023/03/13 19:51:49 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -141,6 +141,7 @@ struct cert {
        X509            *x509; /* the cert */
        time_t           notbefore; /* cert's Not Before */
        time_t           notafter; /* cert's Not After */
+       time_t           expires; /* when the signature path expires */
 };
 
 /*
@@ -213,6 +214,7 @@ struct mft {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           thisupdate; /* from the eContent */
        time_t           nextupdate; /* from the eContent */
+       time_t           expires; /* when the signature path expires */
        size_t           filesz; /* number of filenames */
        unsigned int     repoid;
        int              stale; /* if a stale manifest */
@@ -248,7 +250,7 @@ struct roa {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           notbefore; /* EE cert's Not Before */
        time_t           notafter; /* EE cert's Not After */
-       time_t           expires; /* Transitive expiry moment */
+       time_t           expires; /* when the signature path expires */
 };
 
 struct rscfile {
@@ -274,6 +276,7 @@ struct rsc {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           notbefore; /* EE cert's Not Before */
        time_t           notafter; /* Not After of the RSC EE */
+       time_t           expires; /* when the signature path expires */
 };
 
 /*
@@ -304,6 +307,7 @@ struct tak {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           notbefore; /* EE cert's Not Before */
        time_t           notafter; /* Not After of the TAK EE */
+       time_t           expires; /* when the signature path expires */
 };
 
 /*
@@ -326,6 +330,7 @@ struct geofeed {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           notbefore; /* EE cert's Not Before */
        time_t           notafter; /* Not After of the Geofeed EE */
+       time_t           expires; /* when the signature path expires */
        int              valid; /* all resources covered */
 };
 
@@ -341,6 +346,7 @@ struct gbr {
        time_t           signtime; /* CMS signing-time attribute */
        time_t           notbefore; /* EE cert's Not Before */
        time_t           notafter; /* Not After of the GBR EE */
+       time_t           expires; /* when the signature path expires */
 };
 
 struct aspa_provider {
@@ -364,7 +370,7 @@ struct aspa {
        time_t                   signtime; /* CMS signing-time attribute */
        time_t                   notbefore; /* EE cert's Not Before */
        time_t                   notafter; /* notAfter of the ASPA EE cert */
-       time_t                   expires; /* Transitive expiry moment */
+       time_t                   expires; /* when the signature path expires */
 };
 
 /*

diff --git a/usr.sbin/rpki-client/filemode.c b/usr.sbin/rpki-client/filemode.c
index 12649f2..4aaec7f 100644 (file)
--- a/usr.sbin/rpki-client/filemode.c
+++ b/usr.sbin/rpki-client/filemode.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: filemode.c,v 1.25 2023/03/13 18:02:58 job Exp $ */
+/*     $OpenBSD: filemode.c,v 1.26 2023/03/13 19:51:49 job Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -354,12 +354,13 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                        cert = cert_parse(file, cert);
                if (cert == NULL)
                        break;
-               cert_print(cert);
                aia = cert->aia;
                aki = cert->aki;
                x509 = cert->x509;
                if (X509_up_ref(x509) == 0)
                        errx(1, "%s: X509_up_ref failed", __func__);
+               expires = &cert->expires;
+               notafter = &cert->notafter;
                break;
        case RTYPE_CRL:
                crl = crl_parse(file, buf, len);
@@ -371,25 +372,28 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                mft = mft_parse(&x509, file, buf, len);
                if (mft == NULL)
                        break;
-               mft_print(x509, mft);
                aia = mft->aia;
                aki = mft->aki;
+               expires = &mft->expires;
+               notafter = &mft->nextupdate;
                break;
        case RTYPE_GBR:
                gbr = gbr_parse(&x509, file, buf, len);
                if (gbr == NULL)
                        break;
-               gbr_print(x509, gbr);
                aia = gbr->aia;
                aki = gbr->aki;
+               expires = &gbr->expires;
+               notafter = &gbr->notafter;
                break;
        case RTYPE_GEOFEED:
                geofeed = geofeed_parse(&x509, file, buf, len);
                if (geofeed == NULL)
                        break;
-               geofeed_print(x509, geofeed);
                aia = geofeed->aia;
                aki = geofeed->aki;
+               expires = &geofeed->expires;
+               notafter = &geofeed->notafter;
                break;
        case RTYPE_ROA:
                roa = roa_parse(&x509, file, buf, len);
@@ -404,17 +408,19 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                rsc = rsc_parse(&x509, file, buf, len);
                if (rsc == NULL)
                        break;
-               rsc_print(x509, rsc);
                aia = rsc->aia;
                aki = rsc->aki;
+               expires = &rsc->expires;
+               notafter = &rsc->notafter;
                break;
        case RTYPE_TAK:
                tak = tak_parse(&x509, file, buf, len);
                if (tak == NULL)
                        break;
-               tak_print(x509, tak);
                aia = tak->aia;
                aki = tak->aki;
+               expires = &tak->expires;
+               notafter = &tak->notafter;
                break;
        case RTYPE_TAL:
                tal = tal_parse(file, buf, len);
@@ -478,9 +484,24 @@ proc_parser_file(char *file, unsigned char *buf, size_t len)
                case RTYPE_ASPA:
                        aspa_print(x509, aspa);
                        break;
+               case RTYPE_GBR:
+                       gbr_print(x509, gbr);
+                       break;
+               case RTYPE_GEOFEED:
+                       geofeed_print(x509, geofeed);
+                       break;
+               case RTYPE_MFT:
+                       mft_print(x509, mft);
+                       break;
                case RTYPE_ROA:
                        roa_print(x509, roa);
                        break;
+               case RTYPE_RSC:
+                       rsc_print(x509, rsc);
+                       break;
+               case RTYPE_TAK:
+                       tak_print(x509, tak);
+                       break;
                default:
                        break;
                }

diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 63b7ff9..4c7cabb 100644 (file)
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print.c,v 1.33 2023/03/13 18:02:58 job Exp $ */
+/*     $OpenBSD: print.c,v 1.34 2023/03/13 19:51:49 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -184,6 +184,8 @@ cert_print(const struct cert *p)
                        printf("\t\"router_key\": \"%s\",\n", p->pubkey);
                printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
                printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+               if (p->expires)
+                       printf("\t\"expires\": %lld,\n", (long long)p->expires);
                printf("\t\"subordinate_resources\": [\n");
        } else {
                printf("Subject key identifier:   %s\n", pretty_key_id(p->ski));
@@ -392,6 +394,8 @@ mft_print(const X509 *x, const struct mft *p)
                            (long long)p->signtime);
                printf("\t\"valid_since\": %lld,\n", (long long)p->thisupdate);
                printf("\t\"valid_until\": %lld,\n", (long long)p->nextupdate);
+               if (p->expires)
+                       printf("\t\"expires\": %lld,\n", (long long)p->expires);
        } else {
                printf("Subject key identifier:   %s\n", pretty_key_id(p->ski));
                printf("Authority key identifier: %s\n", pretty_key_id(p->aki));
@@ -513,6 +517,8 @@ gbr_print(const X509 *x, const struct gbr *p)
                            (long long)p->signtime);
                printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
                printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+               if (p->expires)
+                       printf("\t\"expires\": %lld,\n", (long long)p->expires);
                printf("\t\"vcard\": \"");
                for (i = 0; i < strlen(p->vcard); i++) {
                        if (p->vcard[i] == '"')
@@ -559,6 +565,8 @@ rsc_print(const X509 *x, const struct rsc *p)
                            (long long)p->signtime);
                printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
                printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+               if (p->expires)
+                       printf("\t\"expires\": %lld,\n", (long long)p->expires);
                printf("\t\"signed_with_resources\": [\n");
        } else {
                printf("Subject key identifier:   %s\n", pretty_key_id(p->ski));
@@ -810,6 +818,8 @@ tak_print(const X509 *x, const struct tak *p)
                            (long long)p->signtime);
                printf("\t\"valid_since\": %lld,\n", (long long)p->notbefore);
                printf("\t\"valid_until\": %lld,\n", (long long)p->notafter);
+               if (p->expires)
+                       printf("\t\"expires\": %lld,\n", (long long)p->expires);
                printf("\t\"takeys\": [\n");
        } else {
                printf("Subject key identifier:   %s\n", pretty_key_id(p->ski));