Upgrade find-roa-expiration to supported tool, per user request.

See #633, #685.

svn path=/branches/tk685/; revision=5777

2 files changed, 62 insertions, 1 deletions

diff --git a/rp/utils/Makefile.in b/rp/utils/Makefile.in
index 137230b4..b4a178ff 100644
--- a/rp/utils/Makefile.in
+++ b/rp/utils/Makefile.in
@@ -23,7 +23,7 @@ abs_top_builddir = @abs_top_builddir@
 
 BINS		= find_roa hashdir print_rpki_manifest print_roa scan_roas uri
 
-SCRIPTS		= scan_routercerts
+SCRIPTS		= scan_routercerts find-roa-expiration
 
 all:: ${BINS}
 
diff --git a/rp/utils/find-roa-expiration b/rp/utils/find-roa-expiration
new file mode 100755
index 00000000..1401dc42
--- /dev/null
+++ b/rp/utils/find-roa-expiration
@@ -0,0 +1,61 @@
+# $Id$
+# 
+# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
+# 
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+"""
+Look for ROAs for particular prefixes, like find_roa, then, for each
+ROA we find, dig out the expiration times of all the certificates
+involved in the authorization chain, all the way back to the root.
+"""
+
+import sys
+import subprocess
+import rpki.POW
+
+def filename_to_uri(filename):
+  if not filename.startswith(sys.argv[1]):
+    raise ValueError
+  return "rsync://" + filename[len(sys.argv[1]):].lstrip("/")
+
+def uri_to_filename(uri):
+  if not uri.startswith("rsync://"):
+    raise ValueError
+  return sys.argv[1] + "/" + uri[len("rsync://"):]
+
+def get_aia(x):
+  for i in xrange(x.countExtensions()):
+    ext = x.getExtension(i)
+    if ext[0] == "authorityInfoAccess":
+      return ext[2][ext[2].index("rsync://"):]
+  return None
+
+for line in subprocess.check_output(["find_roa"] + sys.argv[1:]).splitlines():
+
+  words = line.split()
+  fn = words.pop()
+  del words[-1]
+  print " ".join(words)
+
+  x = rpki.POW.CMS.derReadFile(fn).certs()[0]
+  uri = get_aia(x)
+  print x.getNotAfter(), filename_to_uri(fn)
+
+  while uri:
+    fn = uri_to_filename(uri)
+    x = rpki.POW.X509.derReadFile(fn)
+    print x.getNotAfter(), uri
+    uri = get_aia(x)
+
+  print