In filmode also show 'Not After' for GBR records

OK tb@

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 7115846..2da10ae 100644 (file)
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: extern.h,v 1.169 2023/03/09 09:46:21 job Exp $ */
+/*     $OpenBSD: extern.h,v 1.170 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -333,6 +333,7 @@ struct gbr {
        char            *sia; /* SIA signedObject */
        char            *ski; /* SKI */
        time_t           signtime; /* CMS signing-time attribute */
+       time_t           expires; /* Not After of the GBR EE */
 };
 
 struct aspa_provider {

diff --git a/usr.sbin/rpki-client/gbr.c b/usr.sbin/rpki-client/gbr.c
index a2cd97e..eaf0117 100644 (file)
--- a/usr.sbin/rpki-client/gbr.c
+++ b/usr.sbin/rpki-client/gbr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: gbr.c,v 1.21 2023/03/09 09:46:21 job Exp $ */
+/*     $OpenBSD: gbr.c,v 1.22 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
  *
@@ -46,6 +46,7 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
        size_t           cmsz;
        unsigned char   *cms;
        time_t           signtime;
+       const ASN1_TIME *at;
 
        memset(&p, 0, sizeof(struct parse));
        p.fn = fn;
@@ -77,6 +78,16 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
                goto out;
        }
 
+       at = X509_get0_notAfter(*x509);
+       if (at == NULL) {
+               warnx("%s: X509_get0_notAfter failed", fn);
+               goto out;
+       }
+       if (!x509_get_time(at, &p.res->expires)) {
+               warnx("%s: ASN1_time_parse failed", fn);
+               goto out;
+       }
+
        if (!x509_inherits(*x509)) {
                warnx("%s: RFC 3779 extension not set to inherit", fn);
                goto out;

diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 6db8e10..aa47d4b 100644 (file)
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: print.c,v 1.28 2023/03/09 09:46:21 job Exp $ */
+/*     $OpenBSD: print.c,v 1.29 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -498,6 +498,7 @@ gbr_print(const X509 *x, const struct gbr *p)
                if (p->signtime != 0)
                        printf("\t\"signing_time\": %lld,\n",
                            (long long)p->signtime);
+               printf("\t\"valid_until\": %lld,\n", (long long)p->expires);
                printf("\t\"vcard\": \"");
                for (i = 0; i < strlen(p->vcard); i++) {
                        if (p->vcard[i] == '"')
@@ -519,6 +520,7 @@ gbr_print(const X509 *x, const struct gbr *p)
                if (p->signtime != 0)
                        printf("Signing time:             %s\n",
                            time2str(p->signtime));
+               printf("GBR valid until:          %s\n", time2str(p->expires));
                printf("vcard:\n%s", p->vcard);
        }
 }