From f904f2a2282b55aabc94965fdf49d2b8c831101a Mon Sep 17 00:00:00 2001
From: job <job@openbsd.org>
Date: Thu, 9 Mar 2023 12:54:28 +0000
Subject: [PATCH] In filmode also show 'Not After' for GBR records

OK tb@
---
 usr.sbin/rpki-client/extern.h |  3 ++-
 usr.sbin/rpki-client/gbr.c    | 13 ++++++++++++-
 usr.sbin/rpki-client/print.c  |  4 +++-
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index 71158462650..2da10aeb394 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.169 2023/03/09 09:46:21 job Exp $ */
+/*	$OpenBSD: extern.h,v 1.170 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -333,6 +333,7 @@ struct gbr {
 	char		*sia; /* SIA signedObject */
 	char		*ski; /* SKI */
 	time_t		 signtime; /* CMS signing-time attribute */
+	time_t		 expires; /* Not After of the GBR EE */
 };
 
 struct aspa_provider {
diff --git a/usr.sbin/rpki-client/gbr.c b/usr.sbin/rpki-client/gbr.c
index a2cd97ea4a7..eaf0117b6f0 100644
--- a/usr.sbin/rpki-client/gbr.c
+++ b/usr.sbin/rpki-client/gbr.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: gbr.c,v 1.21 2023/03/09 09:46:21 job Exp $ */
+/*	$OpenBSD: gbr.c,v 1.22 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2020 Claudio Jeker <claudio@openbsd.org>
  *
@@ -46,6 +46,7 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 	size_t		 cmsz;
 	unsigned char	*cms;
 	time_t		 signtime;
+	const ASN1_TIME	*at;
 
 	memset(&p, 0, sizeof(struct parse));
 	p.fn = fn;
@@ -77,6 +78,16 @@ gbr_parse(X509 **x509, const char *fn, const unsigned char *der, size_t len)
 		goto out;
 	}
 
+	at = X509_get0_notAfter(*x509);
+	if (at == NULL) {
+		warnx("%s: X509_get0_notAfter failed", fn);
+		goto out;
+	}
+	if (!x509_get_time(at, &p.res->expires)) {
+		warnx("%s: ASN1_time_parse failed", fn);
+		goto out;
+	}
+
 	if (!x509_inherits(*x509)) {
 		warnx("%s: RFC 3779 extension not set to inherit", fn);
 		goto out;
diff --git a/usr.sbin/rpki-client/print.c b/usr.sbin/rpki-client/print.c
index 6db8e10a336..aa47d4bfadf 100644
--- a/usr.sbin/rpki-client/print.c
+++ b/usr.sbin/rpki-client/print.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: print.c,v 1.28 2023/03/09 09:46:21 job Exp $ */
+/*	$OpenBSD: print.c,v 1.29 2023/03/09 12:54:28 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -498,6 +498,7 @@ gbr_print(const X509 *x, const struct gbr *p)
 		if (p->signtime != 0)
 			printf("\t\"signing_time\": %lld,\n",
 			    (long long)p->signtime);
+		printf("\t\"valid_until\": %lld,\n", (long long)p->expires);
 		printf("\t\"vcard\": \"");
 		for (i = 0; i < strlen(p->vcard); i++) {
 			if (p->vcard[i] == '"')
@@ -519,6 +520,7 @@ gbr_print(const X509 *x, const struct gbr *p)
 		if (p->signtime != 0)
 			printf("Signing time:             %s\n",
 			    time2str(p->signtime));
+		printf("GBR valid until:          %s\n", time2str(p->expires));
 		printf("vcard:\n%s", p->vcard);
 	}
 }
-- 
2.20.1