From: job <job@openbsd.org>
Date: Mon, 11 Oct 2021 17:32:27 +0000 (+0000)
Subject: Fold bgpsec cert & traditional certs into same test
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=cf4481772845ace1507bfbe037752c04699049a0;p=openbsd

Fold bgpsec cert & traditional certs into same test
---

diff --git a/regress/usr.sbin/rpki-client/Makefile.inc b/regress/usr.sbin/rpki-client/Makefile.inc
index cb6d1e07398..cb5ef1b9a4f 100644
--- a/regress/usr.sbin/rpki-client/Makefile.inc
+++ b/regress/usr.sbin/rpki-client/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.13 2021/10/07 10:34:39 claudio Exp $
+# $OpenBSD: Makefile.inc,v 1.14 2021/10/11 17:32:27 job Exp $
 
 .PATH:		${.CURDIR}/../../../../usr.sbin/rpki-client
 
@@ -8,7 +8,6 @@ PROGS += test-gbr
 PROGS += test-mft
 PROGS += test-roa
 PROGS += test-tal
-PROGS += test-bgpsec
 
 .for p in ${PROGS}
 REGRESS_TARGETS += run-regress-$p
@@ -32,11 +31,6 @@ run-regress-test-cert: test-cert
 	./test-cert -v ${.CURDIR}/../cer/*.cer
 	./test-cert -vt ${TALARGS:S,,${.CURDIR}/../&,}
 
-SRCS_test-bgpsec+=	test-bgpsec.c cert.c cms.c x509.c ip.c as.c io.c \
-			log.c tal.c validate.c encoding.c
-run-regress-test-bgpsec: test-bgpsec
-	./test-bgpsec -v ${.CURDIR}/../bgpsec/*.cer
-
 SRCS_test-mft+=	test-mft.c mft.c cms.c x509.c io.c log.c validate.c \
 		encoding.c dummy.c
 run-regress-test-mft: test-mft
diff --git a/regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer b/regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer
deleted file mode 100644
index 5eb4fc0be20..00000000000
Binary files a/regress/usr.sbin/rpki-client/bgpsec/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer and /dev/null differ
diff --git a/regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer b/regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer
new file mode 100644
index 00000000000..5eb4fc0be20
Binary files /dev/null and b/regress/usr.sbin/rpki-client/cer/Vr46VDCUfrRNL9yZAy4mxfEAspQ.cer differ
diff --git a/regress/usr.sbin/rpki-client/test-bgpsec.c b/regress/usr.sbin/rpki-client/test-bgpsec.c
deleted file mode 100644
index 4ac3ada9a5a..00000000000
--- a/regress/usr.sbin/rpki-client/test-bgpsec.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*	$Id: test-bgpsec.c,v 1.2 2021/10/11 16:55:18 job Exp $ */
-/*
- * Copyright (c) 2021 Job Snijders <job@sobornost.net>
- * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/socket.h>
-#include <arpa/inet.h>
-
-#include <assert.h>
-#include <err.h>
-#include <inttypes.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/x509v3.h>
-
-#include "extern.h"
-
-#include "test-common.c"
-
-int verbose;
-
-static void
-cert_print(const struct cert *p)
-{
-	size_t	 i;
-	char	 buf1[64], buf2[64];
-	int	 sockt;
-	BIO	*bio_out = NULL;
-	char	 tbuf[21];
-
-	assert(p != NULL);
-
-	if ((bio_out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL)
-		errx(1, "BIO_new_fp");
-
-	printf("Subject key identifier: %s\n", pretty_key_id(p->ski));
-	printf("Authority key identifier: %s\n", pretty_key_id(p->aki));
-	printf("Authority info access: %s\n", p->aia);
-	printf("Revocation list: %s\n", p->crl);
-	strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires));
-	printf("Key valid until: %s\n", tbuf);
-
-	for (i = 0; i < p->asz; i++)
-		switch (p->as[i].type) {
-		case CERT_AS_ID:
-			printf("%5zu: AS: %"
-				PRIu32 "\n", i + 1, p->as[i].id);
-			break;
-		case CERT_AS_RANGE:
-			printf("%5zu: AS: %"
-				PRIu32 "--%" PRIu32 "\n", i + 1,
-				p->as[i].range.min, p->as[i].range.max);
-			break;
-		default:
-			printf("%5zu: AS: invalid element", i + 1);
-		}
-
-	printf("P-256 ECDSA key: %s", p->bgpsec_pubkey);
-}
-
-int
-main(int argc, char *argv[])
-{
-	int		 c, i, verb = 0;
-	X509		*xp = NULL;
-	struct cert	*p;
-
-	ERR_load_crypto_strings();
-	OpenSSL_add_all_ciphers();
-	OpenSSL_add_all_digests();
-
-	while ((c = getopt(argc, argv, "v")) != -1)
-		switch (c) {
-		case 'v':
-			verb++;
-			break;
-		default:
-			errx(1, "bad argument %c", c);
-		}
-
-	argv += optind;
-	argc -= optind;
-
-	if (argc == 0)
-		errx(1, "argument missing");
-
-	for (i = 0; i < argc; i++) {
-		p = cert_parse(&xp, argv[i]);
-		if (p == NULL)
-			break;
-		if (verb)
-			cert_print(p);
-		cert_free(p);
-		X509_free(xp);
-	}
-
-	EVP_cleanup();
-	CRYPTO_cleanup_all_ex_data();
-	ERR_free_strings();
-
-	if (i < argc)
-		errx(1, "test failed for %s", argv[i]);
-
-	printf("\nOK\n");
-	return 0;
-}
diff --git a/regress/usr.sbin/rpki-client/test-cert.c b/regress/usr.sbin/rpki-client/test-cert.c
index 3fa2e69386e..f7385d4f84e 100644
--- a/regress/usr.sbin/rpki-client/test-cert.c
+++ b/regress/usr.sbin/rpki-client/test-cert.c
@@ -1,4 +1,4 @@
-/*	$Id: test-cert.c,v 1.11 2021/10/07 10:34:39 claudio Exp $ */
+/*	$Id: test-cert.c,v 1.12 2021/10/11 17:32:27 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -46,19 +46,23 @@ cert_print(const struct cert *p)
 
 	assert(p != NULL);
 
-	printf("Manifest: %s\n", p->mft);
-	printf("caRepository: %s\n", p->repo);
-	if (p->notify != NULL)
-		printf("Notify URL: %s\n", p->notify);
-	if (p->crl != NULL)
-		printf("Revocation list: %s\n", p->crl);
 	printf("Subject key identifier: %s\n", pretty_key_id(p->ski));
 	if (p->aki != NULL)
 		printf("Authority key identifier: %s\n", pretty_key_id(p->aki));
 	if (p->aia != NULL)
 		printf("Authority info access: %s\n", p->aia);
+	if (p->mft != NULL)
+		printf("Manifest: %s\n", p->mft);
+	if (p->repo != NULL)
+		printf("caRepository: %s\n", p->repo);
+	if (p->notify != NULL)
+		printf("Notify URL: %s\n", p->notify);
+	if (p->bgpsec_pubkey != NULL)
+		printf("BGPsec P-256 ECDSA public key: %s\n", p->bgpsec_pubkey);
 	strftime(tbuf, sizeof(tbuf), "%FT%TZ", gmtime(&p->expires));
-	printf("CA valid until: %s\n", tbuf);
+	printf("Valid until: %s\n", tbuf);
+
+	printf("Subordinate Resources:\n");
 
 	for (i = 0; i < p->asz; i++)
 		switch (p->as[i].type) {
@@ -94,6 +98,7 @@ cert_print(const struct cert *p)
 			printf("%5zu: IP: %s--%s\n", i + 1, buf1, buf2);
 			break;
 		}
+
 }
 
 int