Add -c options to print_roa and print_rpki_manifest to dump the entire

CMS blob in (hideously ugly) text format. See #655. svn path=/trunk/; revision=5590
author: Rob Austein <sra@hactrn.net> 2013-11-20 22:52:33 +0000
committer: Rob Austein <sra@hactrn.net> 2013-11-20 22:52:33 +0000
commit: 5df5a90b9f0b97bb61f7a52ff92763fe0e9978fe (patch)
tree: f187444aa7c564cc37f88b6fbc89e625e6a56e04 /utils
parent: 9f5a854262c4072521ea5d6a98759f6b841aa3c3 (diff)
2 files changed, 65 insertions, 31 deletions
diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c
index b788cb2e..a5dc0750 100644
--- a/utils/print_roa/print_roa.c
+++ b/utils/print_roa/print_roa.c
@@ -120,8 +120,16 @@ static void addr_expand(unsigned char *addr,
  * Read ROA (CMS object) in DER format.
  *
  * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1.
+ *
+ * Well, OK, this function has evolved to doing a lot more than just
+ * reading the object.  Refactor or at least rename, someday.
  */
-static ROA *read_roa(const char *filename, const int print_cms, const int print_roa, const int print_signerinfo, const int print_brief, const int print_signingtime)
+static ROA *read_roa(const char *filename,
+		     const int print_cms,
+		     const int print_roa,
+		     const int print_signerinfo,
+		     const int print_brief,
+		     const int print_signingtime)
 {
   unsigned char addr[ADDR_RAW_BUF_LEN];
   CMS_ContentInfo *cms = NULL;
@@ -178,14 +186,6 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
   }
 
-  if (print_cms) {
-    if ((b = BIO_new(BIO_s_fd())) == NULL)
-      goto done;
-    BIO_set_fd(b, 1, BIO_NOCLOSE);
-    CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
-    BIO_free(b);
-  }
-
   if ((b = BIO_new(BIO_s_mem())) == NULL ||
       CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 ||
       (r = ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), b, NULL)) == NULL)
@@ -281,6 +281,17 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_
       printf("\n");
   }
 
+  if (print_cms) {
+    if (print_roa)
+      printf("\n");
+    fflush(stdout);
+    if ((b = BIO_new(BIO_s_fd())) == NULL)
+      goto done;
+    BIO_set_fd(b, 1, BIO_NOCLOSE);
+    CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
+    BIO_free(b);
+  }
+
  done:
   if (ERR_peek_error())
     ERR_print_errors_fp(stderr);
@@ -296,24 +307,27 @@ static ROA *read_roa(const char *filename, const int print_cms, const int print_
  */
 int main (int argc, char *argv[])
 {
-  int result = 0, brief = 0, signingtime = 0, c;
+  int result = 0, print_brief = 0, print_signingtime = 0, print_cms = 0, c;
   char *jane = argv[0];
   ROA *r;
 
   OpenSSL_add_all_algorithms();
   ERR_load_crypto_strings();
 
-  while ((c = getopt(argc, argv, "bs")) != -1) {
+  while ((c = getopt(argc, argv, "bcs")) != -1) {
     switch (c) {
     case 'b':
-      brief = 1;
+      print_brief = 1;
+      break;
+    case 'c':
+      print_cms = 1;
       break;
     case 's':
-      signingtime = 1;
+      print_signingtime = 1;
       break;
     case '?':
     default:
-      fprintf(stderr, "usage: %s [-b] [-s] ROA [ROA...]\n", jane);
+      fprintf(stderr, "usage: %s [-b] [-c] [-s] ROA [ROA...]\n", jane);
       return 1;
     }
   }
@@ -322,7 +336,7 @@ int main (int argc, char *argv[])
   argv += optind;
 
   while (argc-- > 0) {
-    r = read_roa(*argv++, 0, 1, !brief, brief, signingtime);
+    r = read_roa(*argv++, print_cms, 1, !print_brief, print_brief, print_signingtime);
     result |=  r == NULL;
     ROA_free(r);
   }
diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c
index f8c7a58f..f113e824 100644
--- a/utils/print_rpki_manifest/print_rpki_manifest.c
+++ b/utils/print_rpki_manifest/print_rpki_manifest.c
@@ -46,8 +46,14 @@
  * Read manifest (CMS object) in DER format.
  *
  * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1.
+ *
+ * OK, this does more than just reading the CMS.  Refactor or rename, someday.
  */
-static const Manifest *read_manifest(const char *filename, const int print_cms, const int print_manifest, const int print_signerinfo)
+
+static const Manifest *read_manifest(const char *filename,
+				     const int print_cms,
+				     const int print_manifest,
+				     const int print_signerinfo)
 {
   CMS_ContentInfo *cms = NULL;
   const ASN1_OBJECT *oid = NULL;
@@ -103,14 +109,6 @@ static const Manifest *read_manifest(const char *filename, const int print_cms,
     sk_X509_CRL_pop_free(crls, X509_CRL_free);
   }
 
-  if (print_cms) {
-    if ((b = BIO_new(BIO_s_fd())) == NULL)
-      goto done;
-    BIO_set_fd(b, 1, BIO_NOCLOSE);
-    CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
-    BIO_free(b);
-  }
-
   if ((b = BIO_new(BIO_s_mem())) == NULL ||
       CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 ||
       (m = ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), b, NULL)) == NULL)
@@ -142,7 +140,18 @@ static const Manifest *read_manifest(const char *filename, const int print_cms,
     }
 
     if (X509_cmp_current_time(m->nextUpdate) < 0)
-      printf("MANIFEST HAS EXPIRED\n");
+      printf("MANIFEST IS STALE\n");
+  }
+
+  if (print_cms) {
+    if (print_manifest)
+      printf("\n");
+    fflush(stdout);
+    if ((b = BIO_new(BIO_s_fd())) == NULL)
+      goto done;
+    BIO_set_fd(b, 1, BIO_NOCLOSE);
+    CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
+    BIO_free(b);
   }
 
  done:
@@ -158,14 +167,25 @@ static const Manifest *read_manifest(const char *filename, const int print_cms,
  */
 int main (int argc, char *argv[])
 {
-  int result = 0;
+  int result = 0, print_cms = 0, c;
+  char *jane = argv[0];
+
   OpenSSL_add_all_algorithms();
   ERR_load_crypto_strings();
-  if (argc < 2) {
-    fprintf(stderr, "usage: %s manifest [manifest...]\n", argv[0]);
-    return 1;
+
+  while ((c = getopt(argc, argv, "c")) != -1) {
+    switch (c) {
+    case 'c':
+      print_cms = 1;
+      break;
+    case '?':
+    default:
+      fprintf(stderr, "usage: %s [-c] manifest [manifest...]\n", jane);
+      return 1;
+    }
   }
-  while (--argc > 0)
-    result |=  read_manifest(*++argv, 0, 1, 1) == NULL;
+
+  while (argc-- > 0)
+    result |=  read_manifest(*argv++, print_cms, 1, 1) == NULL;
   return result;
 }
author	Rob Austein <sra@hactrn.net>	2013-11-20 22:52:33 +0000
committer	Rob Austein <sra@hactrn.net>	2013-11-20 22:52:33 +0000
commit	5df5a90b9f0b97bb61f7a52ff92763fe0e9978fe (patch)
tree	f187444aa7c564cc37f88b6fbc89e625e6a56e04 /utils
parent	9f5a854262c4072521ea5d6a98759f6b841aa3c3 (diff)