diff options
| author | Rob Austein <sra@hactrn.net> | 2013-11-20 22:52:33 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2013-11-20 22:52:33 +0000 |
| commit | 5df5a90b9f0b97bb61f7a52ff92763fe0e9978fe (patch) | |
| tree | f187444aa7c564cc37f88b6fbc89e625e6a56e04 | |
| parent | 9f5a854262c4072521ea5d6a98759f6b841aa3c3 (diff) | |
Add -c options to print_roa and print_rpki_manifest to dump the entire
CMS blob in (hideously ugly) text format. See #655.
svn path=/trunk/; revision=5590
| -rw-r--r-- | utils/print_roa/print_roa.c | 44 | ||||
| -rw-r--r-- | utils/print_rpki_manifest/print_rpki_manifest.c | 52 |
2 files changed, 65 insertions, 31 deletions
diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c index b788cb2e..a5dc0750 100644 --- a/utils/print_roa/print_roa.c +++ b/utils/print_roa/print_roa.c @@ -120,8 +120,16 @@ static void addr_expand(unsigned char *addr, * Read ROA (CMS object) in DER format. * * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1. + * + * Well, OK, this function has evolved to doing a lot more than just + * reading the object. Refactor or at least rename, someday. */ -static ROA *read_roa(const char *filename, const int print_cms, const int print_roa, const int print_signerinfo, const int print_brief, const int print_signingtime) +static ROA *read_roa(const char *filename, + const int print_cms, + const int print_roa, + const int print_signerinfo, + const int print_brief, + const int print_signingtime) { unsigned char addr[ADDR_RAW_BUF_LEN]; CMS_ContentInfo *cms = NULL; @@ -178,14 +186,6 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_ sk_X509_CRL_pop_free(crls, X509_CRL_free); } - if (print_cms) { - if ((b = BIO_new(BIO_s_fd())) == NULL) - goto done; - BIO_set_fd(b, 1, BIO_NOCLOSE); - CMS_ContentInfo_print_ctx(b, cms, 0, NULL); - BIO_free(b); - } - if ((b = BIO_new(BIO_s_mem())) == NULL || CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 || (r = ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), b, NULL)) == NULL) @@ -281,6 +281,17 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_ printf("\n"); } + if (print_cms) { + if (print_roa) + printf("\n"); + fflush(stdout); + if ((b = BIO_new(BIO_s_fd())) == NULL) + goto done; + BIO_set_fd(b, 1, BIO_NOCLOSE); + CMS_ContentInfo_print_ctx(b, cms, 0, NULL); + BIO_free(b); + } + done: if (ERR_peek_error()) ERR_print_errors_fp(stderr); @@ -296,24 +307,27 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_ */ int main (int argc, char *argv[]) { - int result = 0, brief = 0, signingtime = 0, c; + int result = 0, print_brief = 0, print_signingtime = 0, print_cms = 0, c; char *jane = argv[0]; ROA *r; OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); - while ((c = getopt(argc, argv, "bs")) != -1) { + while ((c = getopt(argc, argv, "bcs")) != -1) { switch (c) { case 'b': - brief = 1; + print_brief = 1; + break; + case 'c': + print_cms = 1; break; case 's': - signingtime = 1; + print_signingtime = 1; break; case '?': default: - fprintf(stderr, "usage: %s [-b] [-s] ROA [ROA...]\n", jane); + fprintf(stderr, "usage: %s [-b] [-c] [-s] ROA [ROA...]\n", jane); return 1; } } @@ -322,7 +336,7 @@ int main (int argc, char *argv[]) argv += optind; while (argc-- > 0) { - r = read_roa(*argv++, 0, 1, !brief, brief, signingtime); + r = read_roa(*argv++, print_cms, 1, !print_brief, print_brief, print_signingtime); result |= r == NULL; ROA_free(r); } diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c index f8c7a58f..f113e824 100644 --- a/utils/print_rpki_manifest/print_rpki_manifest.c +++ b/utils/print_rpki_manifest/print_rpki_manifest.c @@ -46,8 +46,14 @@ * Read manifest (CMS object) in DER format. * * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1. + * + * OK, this does more than just reading the CMS. Refactor or rename, someday. */ -static const Manifest *read_manifest(const char *filename, const int print_cms, const int print_manifest, const int print_signerinfo) + +static const Manifest *read_manifest(const char *filename, + const int print_cms, + const int print_manifest, + const int print_signerinfo) { CMS_ContentInfo *cms = NULL; const ASN1_OBJECT *oid = NULL; @@ -103,14 +109,6 @@ static const Manifest *read_manifest(const char *filename, const int print_cms, sk_X509_CRL_pop_free(crls, X509_CRL_free); } - if (print_cms) { - if ((b = BIO_new(BIO_s_fd())) == NULL) - goto done; - BIO_set_fd(b, 1, BIO_NOCLOSE); - CMS_ContentInfo_print_ctx(b, cms, 0, NULL); - BIO_free(b); - } - if ((b = BIO_new(BIO_s_mem())) == NULL || CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 || (m = ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), b, NULL)) == NULL) @@ -142,7 +140,18 @@ static const Manifest *read_manifest(const char *filename, const int print_cms, } if (X509_cmp_current_time(m->nextUpdate) < 0) - printf("MANIFEST HAS EXPIRED\n"); + printf("MANIFEST IS STALE\n"); + } + + if (print_cms) { + if (print_manifest) + printf("\n"); + fflush(stdout); + if ((b = BIO_new(BIO_s_fd())) == NULL) + goto done; + BIO_set_fd(b, 1, BIO_NOCLOSE); + CMS_ContentInfo_print_ctx(b, cms, 0, NULL); + BIO_free(b); } done: @@ -158,14 +167,25 @@ static const Manifest *read_manifest(const char *filename, const int print_cms, */ int main (int argc, char *argv[]) { - int result = 0; + int result = 0, print_cms = 0, c; + char *jane = argv[0]; + OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); - if (argc < 2) { - fprintf(stderr, "usage: %s manifest [manifest...]\n", argv[0]); - return 1; + + while ((c = getopt(argc, argv, "c")) != -1) { + switch (c) { + case 'c': + print_cms = 1; + break; + case '?': + default: + fprintf(stderr, "usage: %s [-c] manifest [manifest...]\n", jane); + return 1; + } } - while (--argc > 0) - result |= read_manifest(*++argv, 0, 1, 1) == NULL; + + while (argc-- > 0) + result |= read_manifest(*argv++, print_cms, 1, 1) == NULL; return result; } |