aboutsummaryrefslogtreecommitdiff
path: root/utils/uri
diff options
context:
space:
mode:
Diffstat (limited to 'utils/uri')
-rw-r--r--utils/uri/Makefile.in31
-rw-r--r--utils/uri/dot.awk34
-rw-r--r--utils/uri/table.awk35
-rw-r--r--utils/uri/uri.c248
4 files changed, 0 insertions, 348 deletions
diff --git a/utils/uri/Makefile.in b/utils/uri/Makefile.in
deleted file mode 100644
index fc545060..00000000
--- a/utils/uri/Makefile.in
+++ /dev/null
@@ -1,31 +0,0 @@
-# $Id$
-
-NAME = uri
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-test:
- @true
-
-install deinstall uninstall:
- @true
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/uri/dot.awk b/utils/uri/dot.awk
deleted file mode 100644
index ca1b490b..00000000
--- a/utils/uri/dot.awk
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/awk -f
-# $Id$
-#
-# This doesn't really work right yet, and even if it did, the graph
-# it would generate would be hopelessly large.
-
-BEGIN {
- cmd = "find /var/rcynic/data/unauthenticated -type f -name '*.cer' -print0 | xargs -0 ./uri -d";
- while ((cmd | getline) == 1) {
- if ($1 == "File") {
- sub("/var/rcynic/data/unauthenticated/", "rsync://");
- u = $2;
- uri[u] = ++n;
- continue;
- }
- if ($1 == "SIA:") {
- sia[u] = $2;
- continue;
- }
- if ($1 == "AIA:") {
- aia[u] = $2;
- continue;
- }
- }
- print "digraph rpki {";
- for (u in uri) {
- printf "n%06d\t[ label=\"%s\" ];\n", uri[u], u;
- if (sia[u])
- printf "n%06d -> n%06d\t [ color=blue ];\n", uri[u], uri[sia[u]];
- if (aia[u])
- printf "n%06d -> n%06d\t [ color=green ];\n", uri[u], uri[aia[u]];
- }
- print "}";
-}
diff --git a/utils/uri/table.awk b/utils/uri/table.awk
deleted file mode 100644
index d8627f67..00000000
--- a/utils/uri/table.awk
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/awk -f
-# $Id$
-#
-# Reformat uri.c's output in a way that's more useful
-# for some kinds of scripting. Perhaps this functionality should be
-# part of uri.c itself, but for now this script will do.
-
-BEGIN {
- cmd = "find /var/rcynic/data/unauthenticated -type f -name '*.cer' -print0 | xargs -0 ./uri -d";
- while ((cmd | getline) == 1) {
- if ($1 == "File") {
- if (f)
- print f, u, a, s, c;
- a = s = c = "-";
- f = $2;
- sub("/var/rcynic/data/unauthenticated/","rsync://");
- u = $2;
- continue;
- }
- if ($1 == "SIA:") {
- s = $2;
- continue;
- }
- if ($1 == "AIA:") {
- a = $2;
- continue;
- }
- if ($1 == "CRL:") {
- c = $2;
- continue;
- }
- }
- if (f != "-")
- print f, u, a, s, c;
-}
diff --git a/utils/uri/uri.c b/utils/uri/uri.c
deleted file mode 100644
index 6353e8e5..00000000
--- a/utils/uri/uri.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2006--2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Extract and test URIs from certificates. This is a unit test of
- * rcynic code, a utility, or both, depending on how it turns out.
- *
- * NB: OpenSSL insures that IA5 strings are null-terminated, so it's safe
- * for us to ignore the length count.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <getopt.h>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-static const unsigned char id_ad_caIssuers[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x2}; /* 1.3.6.1.5.5.7.48.2 */
-static const unsigned char id_ad_caRepository[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x5}; /* 1.3.6.1.5.5.7.48.5 */
-static const unsigned char id_ad_signedObjectRepository[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x9}; /* 1.3.6.1.5.5.7.48.9 */
-static const unsigned char id_ad_rpkiManifest[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0xa}; /* 1.3.6.1.5.5.7.48.10 */
-static const unsigned char id_ad_signedObject[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0xb}; /* 1.3.6.1.5.5.7.48.11 */
-
-static X509 *read_cert(const char *filename, int format, int verbose)
-{
- BIO *b = BIO_new_file(filename, "r");
- STACK_OF(X509) *certs = NULL;
- CMS_ContentInfo *cms = NULL;
- X509 *x = NULL;
-
- if (b == NULL)
- return NULL;
-
- switch (format) {
- case 'p':
- x = PEM_read_bio_X509(b, NULL, NULL, NULL);
- break;
- case 'd':
- x = d2i_X509_bio(b, NULL);
- break;
- }
-
- if (x == NULL) {
- BIO_reset(b);
- switch (format) {
- case 'p':
- cms = PEM_read_bio_CMS(b, NULL, NULL, NULL);
- break;
- case 'd':
- cms = d2i_CMS_bio(b, NULL);
- break;
- }
- if (cms != NULL && (certs = CMS_get1_certs(cms)) != NULL)
- x = sk_X509_shift(certs);
- }
-
- if (x != NULL && verbose) {
- X509_print_fp(stdout, x);
- printf("\n");
- }
-
- sk_X509_pop_free(certs, X509_free);
- CMS_ContentInfo_free(cms);
- BIO_free(b);
- return x;
-}
-
-enum decode_errors {
- decode_ok,
- decode_no_extension,
- decode_not_exactly_one_DistributionPointName,
- decode_has_reasons,
- decode_has_CRLissuer,
- decode_no_distributionPoint,
- decode_not_GeneralName,
- decode_not_URI,
-};
-
-static enum decode_errors decode_crldp(X509 *x, int verbose, int spaces)
-{
- enum decode_errors err = decode_ok;
- STACK_OF(DIST_POINT) *ds = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
- DIST_POINT *d;
- GENERAL_NAME *n;
- int i;
-
- if (!ds) {
- err = decode_no_extension;
- } else if (sk_DIST_POINT_num(ds) != 1) {
- err = decode_not_exactly_one_DistributionPointName;
- } else if ((d = sk_DIST_POINT_value(ds, 0))->reasons) {
- err = decode_has_reasons;
- } else if (d->CRLissuer) {
- err = decode_has_CRLissuer;
- } else if (!d->distpoint) {
- err = decode_no_distributionPoint;
- } else if (d->distpoint->type != 0) {
- err = decode_not_GeneralName;
- } else {
- for (i = 0; i < sk_GENERAL_NAME_num(d->distpoint->name.fullname); i++) {
- n = sk_GENERAL_NAME_value(d->distpoint->name.fullname, i);
- if (n->type != GEN_URI) {
- err = decode_not_GeneralName;
- break;
- }
- printf(" CRLDP: %s%s", n->d.uniformResourceIdentifier->data, spaces ? "" : "\n");
- }
- }
-
- sk_DIST_POINT_pop_free(ds, DIST_POINT_free);
- return err;
-}
-
-#define decode_xia(_x_, _v_, _s_, _tag_, _nid_, _oid_) \
- _decode_xia(_x_, _v_, _s_, _tag_, _nid_, _oid_, sizeof(_oid_))
-
-static enum decode_errors _decode_xia(X509 *x,
- int verbose,
- int spaces,
- char *tag,
- int nid,
- const unsigned char *oid,
- int oidlen)
-{
- enum decode_errors err = decode_ok;
- AUTHORITY_INFO_ACCESS *as = X509_get_ext_d2i(x, nid, NULL, NULL);
- ACCESS_DESCRIPTION *a;
- int i;
-
- if (!as) {
- err = decode_no_extension;
- } else {
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(as); i++) {
- a = sk_ACCESS_DESCRIPTION_value(as, i);
- if (a->location->type != GEN_URI) {
- err = decode_not_URI;
- break;
- }
- if (a->method->length == oidlen && !memcmp(a->method->data, oid, oidlen))
- printf(" %s: %s%s", tag, a->location->d.uniformResourceIdentifier->data, spaces ? "" : "\n");
- }
- }
-
- sk_ACCESS_DESCRIPTION_pop_free(as, ACCESS_DESCRIPTION_free);
- return err;
-}
-
-
-
-const static struct option longopts[] = {
- { "der", no_argument, NULL, 'd' },
- { "help", no_argument, NULL, 'h' },
- { "pem", no_argument, NULL, 'p' },
- { "spaces", no_argument, NULL, 's' },
- { "verbose", no_argument, NULL, 'v' },
- { NULL }
-};
-
-static int usage (const char *jane, const int code)
-{
- FILE *out = code ? stderr : stdout;
- int i;
-
- fprintf(out, "usage: %s [-p | -d] cert [cert...]\n", jane);
- fprintf(out, "options:\n");
- for (i = 0; longopts[i].name != NULL; i++)
- fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name);
-
- return code;
-}
-
-int main(int argc, char *argv[])
-{
- int c, format = 'd', spaces = 0, verbose = 0;
- const char *jane = argv[0];
- X509 *x;
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- while ((c = getopt(argc, argv, "pdsv")) > 0) {
- switch (c) {
- case 'v':
- verbose = 1;
- break;
- case 'p':
- case 'd':
- format = c;
- break;
- case 's':
- spaces = 1;
- break;
- case 'h':
- return usage(jane, 0);
- default:
- return usage(jane, 1);
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 0)
- return usage(jane, 1);
-
- while (argc-- > 0) {
- printf(spaces ? "%s" : "File: %s\n", *argv);
- if ((x = read_cert(*argv++, format, verbose)) == NULL) {
- printf("Couldn't read certificate, skipping\n");
- continue;
- }
- decode_xia(x, verbose, spaces, "AIA:caIssuers", NID_info_access, id_ad_caIssuers);
- decode_xia(x, verbose, spaces, "SIA:caRepository", NID_sinfo_access, id_ad_caRepository);
- decode_xia(x, verbose, spaces, "SIA:signedObjectRepository", NID_sinfo_access, id_ad_signedObjectRepository);
- decode_xia(x, verbose, spaces, "SIA:rpkiManifest", NID_sinfo_access, id_ad_rpkiManifest);
- decode_xia(x, verbose, spaces, "SIA:signedObject", NID_sinfo_access, id_ad_signedObject);
- decode_crldp(x, verbose, spaces);
- if (spaces)
- putchar('\n');
- X509_free(x);
- }
-
- return 0;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-13 04:48:25 +0000