Extend -f filemode to decode & print TAL details

"fine" claudio@ tb@

diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 54139b3..d1a54f4 100644 (file)
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print.c,v 1.6 2022/03/21 10:39:51 claudio Exp $ */
+/*     $OpenBSD: print.c,v 1.7 2022/04/12 11:05:50 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -25,6 +25,8 @@
 #include <string.h>
 #include <time.h>
 
+#include <openssl/evp.h>
+
 #include "extern.h"
 
 static const char *
@@ -62,10 +64,41 @@ time2str(time_t t)
 void
 tal_print(const struct tal *p)
 {
-       size_t   i;
-
+       char                    *ski;
+       EVP_PKEY                *pk;
+       RSA                     *r;
+       const unsigned char     *der;
+       unsigned char           *rder = NULL;
+       unsigned char            md[SHA_DIGEST_LENGTH];
+       int                      rder_len;
+       size_t                   i;
+
+       printf("Trust anchor name: %s\n", p->descr);
+
+       der = p->pkey;
+       pk = d2i_PUBKEY(NULL, &der, p->pkeysz);
+       if (pk == NULL)
+               errx(1, "d2i_PUBKEY failed in %s", __func__);
+
+       r = EVP_PKEY_get0_RSA(pk);
+       if (r == NULL)
+               errx(1, "EVP_PKEY_get0_RSA failed in %s", __func__);
+       if ((rder_len = i2d_RSAPublicKey(r, &rder)) <= 0)
+               errx(1, "i2d_RSAPublicKey failed in %s", __func__);
+
+       if (!EVP_Digest(rder, rder_len, md, NULL, EVP_sha1(), NULL))
+               errx(1, "EVP_Digest failed in %s", __func__);
+
+       ski = hex_encode(md, SHA_DIGEST_LENGTH);
+       printf("Subject key identifier: %s\n", pretty_key_id(ski));
+
+       printf("Trust anchor locations:\n");
        for (i = 0; i < p->urisz; i++)
-               printf("%5zu: URI: %s\n", i + 1, p->uri[i]);
+               printf("%5zu: %s\n", i + 1, p->uri[i]);
+
+       EVP_PKEY_free(pk);
+       free(rder);
+       free(ski);
 }
 
 void

diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index 56164f1..7bfed64 100644 (file)
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: rpki-client.8,v 1.57 2022/03/31 17:27:31 naddy Exp $
+.\"    $OpenBSD: rpki-client.8,v 1.58 2022/04/12 11:05:50 job Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: April 12 2022 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -99,7 +99,9 @@ and
 .Fl -address
 flags and connect with rsync-protocol locations.
 .It Fl f Ar
-Validate the
+Decode the
+. Em TAL
+or validate the
 .Em Signed Object
 in
 .Ar file