aboutsummaryrefslogtreecommitdiff
path: root/utils
diff options
context:
space:
mode:
Diffstat (limited to 'utils')
-rw-r--r--utils/Makefile.in9
-rw-r--r--utils/README12
-rw-r--r--utils/find_roa/Makefile.in56
-rw-r--r--utils/find_roa/find_roa.c356
-rw-r--r--utils/find_roa/test_roa.sh35
-rw-r--r--utils/hashdir/Makefile.in55
-rw-r--r--utils/hashdir/hashdir.c217
-rw-r--r--utils/print_roa/Makefile.in52
-rw-r--r--utils/print_roa/print_roa.c384
-rwxr-xr-xutils/print_roa/strip_roa.sh39
-rw-r--r--utils/print_rpki_manifest/Makefile.in52
-rw-r--r--utils/print_rpki_manifest/print_rpki_manifest.c235
-rw-r--r--utils/scan_roas/Makefile.in52
-rw-r--r--utils/scan_roas/scan_roas.c305
-rw-r--r--utils/scan_routercerts/Makefile.in41
-rwxr-xr-xutils/scan_routercerts/scan_routercerts69
-rw-r--r--utils/uri/Makefile.in31
-rw-r--r--utils/uri/dot.awk34
-rw-r--r--utils/uri/table.awk35
-rw-r--r--utils/uri/uri.c248
20 files changed, 0 insertions, 2317 deletions
diff --git a/utils/Makefile.in b/utils/Makefile.in
deleted file mode 100644
index c89fdff5..00000000
--- a/utils/Makefile.in
+++ /dev/null
@@ -1,9 +0,0 @@
-# $Id$
-
-SUBDIRS = uri print_rpki_manifest print_roa hashdir find_roa scan_roas scan_routercerts
-
-all clean test distclean install deinstall uninstall::
- @for i in ${SUBDIRS}; do echo "Making $@ in $$i"; (cd $$i && ${MAKE} $@); done
-
-distclean::
- rm -f Makefile
diff --git a/utils/README b/utils/README
deleted file mode 100644
index edbd793b..00000000
--- a/utils/README
+++ /dev/null
@@ -1,12 +0,0 @@
-$Id$
-
-A collection of small RPKI utility programs which can be combined in
-various useful ways by relying parties or by rpkid test scripts.
-
-See:
-
-- The primary documentation at http://trac.rpki.net/
-
-- The PDF manual in ../doc/manual.pdf, or
-
-- The flat text page ../doc/doc.RPKI.Utils
diff --git a/utils/find_roa/Makefile.in b/utils/find_roa/Makefile.in
deleted file mode 100644
index 36c68e01..00000000
--- a/utils/find_roa/Makefile.in
+++ /dev/null
@@ -1,56 +0,0 @@
-# $Id$
-
-NAME = find_roa
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-
-ROA_DIR = ${abs_top_builddir}/rcynic/rcynic-data/authenticated
-
-TEST_ARGS = ${ROA_DIR} 10.3.0.44 10.2.0.6 10.0.0.0/24
-
-test: ${BIN}
-# if test -d ${ROA_DIR}; then ./${BIN} ${TEST_ARGS} ; else :; fi
- if test -d ${ROA_DIR}; then sh ./test_roa.sh ${TEST_ARGS} ; else :; fi
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -rf hashed-pem-dir
- rm -f Makefile
diff --git a/utils/find_roa/find_roa.c b/utils/find_roa/find_roa.c
deleted file mode 100644
index a14242c8..00000000
--- a/utils/find_roa/find_roa.c
+++ /dev/null
@@ -1,356 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2006--2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-#include <limits.h>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-#include <openssl/conf.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/cms.h>
-
-#include <rpki/roa.h>
-
-#ifndef FILENAME_MAX
-#define FILENAME_MAX 1024
-#endif
-
-#ifndef ADDR_RAW_BUF_LEN
-#define ADDR_RAW_BUF_LEN 16
-#endif
-
-
-
-/*
- * Error handling.
- */
-
-#define _lose(_msg_, _file_) \
- do { \
- if (_file_) \
- fprintf(stderr, "%s:%d: %s: %s\n", __FILE__, __LINE__, _msg_, _file_); \
- else \
- fprintf(stderr, "%s:%d: %s\n", __FILE__, __LINE__, _msg_); \
- fprintf(stderr, "%s: %s\n", _msg_, _file_); \
- } while (0)
-
-#define lose(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- goto done; \
- } while (0)
-
-#define lose_errno(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- perror(NULL); \
- goto done; \
- } while (0)
-
-#define lose_openssl(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- ERR_print_errors_fp(stderr); \
- goto done; \
- } while (0)
-
-
-/*
- * Extract a ROA prefix from the ASN.1 bitstring encoding.
- */
-static int extract_roa_prefix(unsigned char *addr,
- unsigned *prefixlen,
- const ASN1_BIT_STRING *bs,
- const unsigned afi)
-{
- unsigned length;
-
- switch (afi) {
- case IANA_AFI_IPV4: length = 4; break;
- case IANA_AFI_IPV6: length = 16; break;
- default: return 0;
- }
-
- if (bs->length < 0 || bs->length > length)
- return 0;
-
- if (bs->length > 0) {
- memcpy(addr, bs->data, bs->length);
- if ((bs->flags & 7) != 0) {
- unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
- addr[bs->length - 1] &= ~mask;
- }
- }
-
- memset(addr + bs->length, 0, length - bs->length);
-
- *prefixlen = (bs->length * 8) - (bs->flags & 7);
-
- return 1;
-}
-
-/*
- * Check str for a trailing suffix.
- */
-static int has_suffix(const char *str, const char *suffix)
-{
- size_t len_str, len_suffix;
- assert(str != NULL && suffix != NULL);
- len_str = strlen(str);
- len_suffix = strlen(suffix);
- return len_str >= len_suffix && !strcmp(str + len_str - len_suffix, suffix);
-}
-
-/*
- * Handle one object.
- */
-static void file_handler(const char *filename, const unsigned prefix_afi, const unsigned char *prefix, const unsigned long prefixlen)
-{
- unsigned char roa_prefix[ADDR_RAW_BUF_LEN];
- unsigned roa_prefixlen, roa_maxprefixlen, plen;
- CMS_ContentInfo *cms = NULL;
- BIO *b = NULL;
- ROA *r = NULL;
- int i, j, k, n;
- unsigned long asid;
-
- if (!(b = BIO_new_file(filename, "rb")))
- lose_openssl("Couldn't open CMS file", filename);
-
- if ((cms = d2i_CMS_bio(b, NULL)) == NULL)
- lose_openssl("Couldn't read CMS file", filename);
-
- BIO_free(b);
-
- if ((b = BIO_new(BIO_s_mem())) == NULL)
- lose_openssl("Couldn't open ROA", filename);
-
- if (CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0)
- lose_openssl("Couldn't parse ROA CMS", filename);
-
- if ((r = ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), b, NULL)) == NULL)
- lose_openssl("Couldn't parse ROA", filename);
-
- asid = (unsigned long) ASN1_INTEGER_get(r->asID);
-
- for (i = 0; i < sk_ROAIPAddressFamily_num(r->ipAddrBlocks); i++) {
- ROAIPAddressFamily *f = sk_ROAIPAddressFamily_value(r->ipAddrBlocks, i);
-
- /*
- * AFI must match, SAFI must be null
- */
- if (f->addressFamily->length != 2 ||
- prefix_afi != ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1])))
- continue;
-
- for (j = 0; j < sk_ROAIPAddress_num(f->addresses); j++) {
- ROAIPAddress *a = sk_ROAIPAddress_value(f->addresses, j);
-
- if (!extract_roa_prefix(roa_prefix, &roa_prefixlen, a->IPAddress, prefix_afi))
- lose("Malformed ROA", filename);
-
- /*
- * If the prefix we're looking for is bigger than the ROA
- * prefix, the ROA can't possibly cover.
- */
- if (prefixlen < roa_prefixlen)
- continue;
-
- if (a->maxLength)
- roa_maxprefixlen = ASN1_INTEGER_get(a->maxLength);
- else
- roa_maxprefixlen = roa_prefixlen;
-
- /*
- * If the prefix we're looking for is smaller than the smallest
- * allowed slice of the ROA prefix, the ROA can't possibly
- * cover.
- */
- if (prefixlen > roa_maxprefixlen)
- continue;
-
- /*
- * If we get this far, we have to compare prefixes.
- */
- assert(roa_prefixlen <= ADDR_RAW_BUF_LEN * 8);
- plen = prefixlen < roa_prefixlen ? prefixlen : roa_prefixlen;
- k = 0;
- while (plen >= 8 && prefix[k] == roa_prefix[k]) {
- plen -= 8;
- k++;
- }
- if (plen > 8 || ((prefix[k] ^ roa_prefix[k]) & (0xFF << (8 - plen))) != 0)
- continue;
-
- /*
- * If we get here, we have a match.
- */
- printf("ASN %lu prefix ", asid);
- switch (prefix_afi) {
- case IANA_AFI_IPV4:
- printf("%u.%u.%u.%u", prefix[0], prefix[1], prefix[2], prefix[3]);
- break;
- case IANA_AFI_IPV6:
- for (n = 16; n > 1 && prefix[n-1] == 0x00 && prefix[n-2] == 0x00; n -= 2)
- ;
- for (k = 0; k < n; k += 2)
- printf("%x%s", (prefix[k] << 8) | prefix[k+1], (k < 14 ? ":" : ""));
- if (k < 16)
- printf(":");
- break;
- }
- printf("/%lu ROA %s\n", prefixlen, filename);
- goto done;
- }
- }
-
- done:
- BIO_free(b);
- CMS_ContentInfo_free(cms);
- ROA_free(r);
-}
-
-/*
- * Walk a directory tree
- */
-static int handle_directory(const char *name, const unsigned prefix_afi, const unsigned char *prefix, const unsigned long prefixlen)
-{
- char path[FILENAME_MAX];
- struct dirent *d;
- size_t len;
- DIR *dir;
- int ret = 0, need_slash;
-
- assert(name);
- len = strlen(name);
- assert(len > 0 && len < sizeof(path));
- need_slash = name[len - 1] != '/';
-
- if ((dir = opendir(name)) == NULL)
- lose_errno("Couldn't open directory", name);
-
- while ((d = readdir(dir)) != NULL) {
- if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
- continue;
- if (len + strlen(d->d_name) + need_slash >= sizeof(path))
- lose("Constructed path name too long", d->d_name);
- strcpy(path, name);
- if (need_slash)
- strcat(path, "/");
- strcat(path, d->d_name);
- switch (d->d_type) {
- case DT_DIR:
- if (!handle_directory(path, prefix_afi, prefix, prefixlen))
- lose("Directory walk failed", path);
- continue;
- default:
- if (has_suffix(path, ".roa"))
- file_handler(path, prefix_afi, prefix, prefixlen);
- continue;
- }
- }
-
- ret = 1;
-
- done:
- if (dir)
- closedir(dir);
- return ret;
-}
-
-static void usage (const char *jane, const int code)
-{
- fprintf(code ? stderr : stdout, "usage: %s authtree prefix [prefix...]\n", jane);
- exit(code);
-}
-
-int main (int argc, char *argv[])
-{
- unsigned char prefix[ADDR_RAW_BUF_LEN];
- unsigned long prefixlen;
- unsigned afi;
- char *s = NULL, *p = NULL;
- int i, len, ret = 1;
-
- if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")))
- usage(argv[0], 0);
-
- if (argc < 3)
- usage(argv[0], 1);
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- for (i = 2; i < argc; i++) {
-
- if ((s = strdup(argv[i])) == NULL)
- lose("Couldn't strdup()", argv[i]);
-
- if ((p = strchr(s, '/')) != NULL)
- *p++ = '\0';
-
- len = a2i_ipadd(prefix, s);
-
- switch (len) {
- case 4: afi = IANA_AFI_IPV4; break;
- case 16: afi = IANA_AFI_IPV6; break;
- default: lose("Unknown AFI", argv[i]);
- }
-
- if (p) {
- if (*p == '\0' ||
- (prefixlen = strtoul(p, &p, 10)) == ULONG_MAX ||
- *p != '\0' ||
- prefixlen > ADDR_RAW_BUF_LEN * 8)
- lose("Bad prefix length", argv[i]);
- } else {
- prefixlen = len * 8;
- }
-
- assert(prefixlen <= ADDR_RAW_BUF_LEN * 8);
-
- free(s);
- p = s = NULL;
-
- if (!handle_directory(argv[1], afi, prefix, prefixlen))
- goto done;
-
- }
-
- ret = 0;
-
- done:
- if (s)
- free(s);
- return ret;
-}
diff --git a/utils/find_roa/test_roa.sh b/utils/find_roa/test_roa.sh
deleted file mode 100644
index 43d20898..00000000
--- a/utils/find_roa/test_roa.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh -
-#
-# Copyright (C) 2008 American Registry for Internet Numbers ("ARIN")
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ARIN DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ARIN BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-# $Id$
-
-auth_dir="${1?"usage: $0 authenticated_certificate_tree prefix [prefix...]"}"
-
-rm -rf hashed-pem-dir
-mkdir hashed-pem-dir
-
-../hashdir/hashdir "$auth_dir" hashed-pem-dir >/dev/null
-
-./find_roa "$@" | awk '
- $1 == "ASN" && $3 == "prefix" && $5 == "ROA" {
- print "";
- print "Found match:"
- print;
- print "Verifying certificate chain and signatures:"
- roa = $6;
- if (!system("../../openssl/openssl/apps/openssl cms -verify -inform DER -out /dev/null -CApath hashed-pem-dir -in " roa))
- system("../print_roa/print_roa " roa);
- }'
diff --git a/utils/hashdir/Makefile.in b/utils/hashdir/Makefile.in
deleted file mode 100644
index c0cf448a..00000000
--- a/utils/hashdir/Makefile.in
+++ /dev/null
@@ -1,55 +0,0 @@
-# $Id$
-
-NAME = hashdir
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean::
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-INPUT = ${abs_top_builddir}/rcynic/rcynic-data/authenticated
-OUTPUT = hashed-pem-dir
-
-test: ${BIN}
- if test -d ${INPUT}; then rm -rf ${OUTPUT} && mkdir ${OUTPUT} && ./hashdir ${INPUT} ${OUTPUT}; else :; fi
-
-clean::
- rm -rf ${OUTPUT}
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/hashdir/hashdir.c b/utils/hashdir/hashdir.c
deleted file mode 100644
index 1b5b0f46..00000000
--- a/utils/hashdir/hashdir.c
+++ /dev/null
@@ -1,217 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2006--2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Read a directory tree of DER certificates and CRLs and copy
- * them into a PEM format directory with names in the hash format
- * that OpenSSL's lookup routines expect.
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-#include <limits.h>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/err.h>
-
-#ifndef FILENAME_MAX
-#define FILENAME_MAX 1024
-#endif
-
-static int verbose = 1;
-
-/*
- * Error handling.
- */
-
-#define _lose(_msg_, _file_) \
- do { \
- fprintf(stderr, "%s: %s\n", _msg_, _file_); \
- } while (0)
-
-#define lose(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- goto done; \
- } while (0)
-
-#define lose_errno(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- perror(NULL); \
- goto done; \
- } while (0)
-
-#define lose_openssl(_msg_, _file_) \
- do { \
- _lose(_msg_, _file_); \
- ERR_print_errors_fp(stderr); \
- goto done; \
- } while (0)
-
-/*
- * Check str for a trailing suffix.
- */
-static int has_suffix(const char *str, const char *suffix)
-{
- size_t len_str, len_suffix;
- assert(str != NULL && suffix != NULL);
- len_str = strlen(str);
- len_suffix = strlen(suffix);
- return len_str >= len_suffix && !strcmp(str + len_str - len_suffix, suffix);
-}
-
-/*
- * Handle one object.
- */
-static void file_handler(const char *filename, const char *targetdir)
-{
- char path[FILENAME_MAX];
- unsigned long hash;
- const char *fmt;
- X509_CRL *crl = NULL;
- X509 *cer = NULL;
- BIO *b = NULL;
- int i, is_crl;
-
- if (has_suffix(filename, ".cer"))
- is_crl = 0;
- else if (has_suffix(filename, ".crl"))
- is_crl = 1;
- else
- return; /* Ignore if neither certificate nor CRL */
-
- if (verbose)
- printf("Reading %s\n", filename);
-
- if (!(b = BIO_new_file(filename, "rb")))
- lose_openssl("Couldn't open input file", filename);
-
- if (is_crl
- ? !(crl = d2i_X509_CRL_bio(b, NULL))
- : !(cer = d2i_X509_bio(b, NULL)))
- lose_openssl("Couldn't read DER object", filename);
-
- BIO_free(b);
- b = NULL;
-
- if (is_crl) {
- hash = X509_NAME_hash(X509_CRL_get_issuer(crl));
- fmt = "%s/%08lx.r%d";
- } else {
- hash = X509_subject_name_hash(cer);
- fmt = "%s/%08lx.%d";
- }
-
- for (i = 0; i < INT_MAX; i++)
- if (snprintf(path, sizeof(path), fmt, targetdir, hash, i) == sizeof(path))
- lose("Path too long", filename);
- else if (access(path, F_OK))
- break;
- if (i == INT_MAX)
- lose("No pathname available", filename);
-
- if (verbose)
- printf("Writing %s\n", path);
-
- if (!(b = BIO_new_file(path, "w")))
- lose_openssl("Couldn't open output file", path);
-
- if (is_crl
- ? !PEM_write_bio_X509_CRL(b, crl)
- : !PEM_write_bio_X509(b, cer))
- lose_openssl("Couldn't write PEM object", path);
-
- done:
- X509_free(cer);
- X509_CRL_free(crl);
- BIO_free(b);
-}
-
-/*
- * Walk a directory tree
- */
-static int handle_directory(const char *name, const char *targetdir)
-{
- char path[FILENAME_MAX];
- struct dirent *d;
- size_t len;
- DIR *dir;
- int ret = 0, need_slash;
-
- assert(name);
- len = strlen(name);
- assert(len > 0 && len < sizeof(path));
- need_slash = name[len - 1] != '/';
-
- if ((dir = opendir(name)) == NULL)
- lose_errno("Couldn't open directory", name);
-
- while ((d = readdir(dir)) != NULL) {
- if (!strcmp(d->d_name, ".") || !strcmp(d->d_name, ".."))
- continue;
- if (len + strlen(d->d_name) + need_slash >= sizeof(path))
- lose("Constructed path name too long", d->d_name);
- strcpy(path, name);
- if (need_slash)
- strcat(path, "/");
- strcat(path, d->d_name);
- switch (d->d_type) {
- case DT_DIR:
- if (!handle_directory(path, targetdir))
- lose("Directory walk failed", path);
- continue;
- default:
- file_handler(path, targetdir);
- continue;
- }
- }
-
- ret = 1;
-
- done:
- if (dir)
- closedir(dir);
- return ret;
-}
-
-static void usage (const char *jane, const int code)
-{
- fprintf(code ? stderr : stdout, "usage: %s input-directory output-directory\n", jane);
- exit(code);
-}
-
-int main(int argc, char *argv[])
-{
- if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")))
- usage(argv[0], 0);
-
- if (argc != 3)
- usage(argv[0], 1);
-
- return !handle_directory(argv[1], argv[2]);
-}
diff --git a/utils/print_roa/Makefile.in b/utils/print_roa/Makefile.in
deleted file mode 100644
index 5999b351..00000000
--- a/utils/print_roa/Makefile.in
+++ /dev/null
@@ -1,52 +0,0 @@
-# $Id$
-
-NAME = print_roa
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-ROA_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication
-
-test: all
- -date -u +'now: %Y%m%d%H%M%SZ'
- if test -d ${ROA_DIR}; then find ${ROA_DIR} -type f -name '*.roa' -print -exec ./${BIN} {} \; ; else :; fi
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/print_roa/print_roa.c b/utils/print_roa/print_roa.c
deleted file mode 100644
index c88fc092..00000000
--- a/utils/print_roa/print_roa.c
+++ /dev/null
@@ -1,384 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Decoder test for ROAs.
- *
- * NB: This does -not- check the CMS signatures, just the encoding.
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <string.h>
-#include <getopt.h>
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-#include <openssl/conf.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/cms.h>
-
-#include <rpki/roa.h>
-
-/*
- * How much buffer space do we need for a raw address?
- */
-#define ADDR_RAW_BUF_LEN 16
-
-
-
-/*
- * Extract signing time from CMS message.
- */
-
-static char *
-extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen)
-{
- STACK_OF(CMS_SignerInfo) *sis = NULL;
- CMS_SignerInfo *si = NULL;
- X509_ATTRIBUTE *xa = NULL;
- ASN1_TYPE *so = NULL;
- int i = -1;
-
- if (cms == NULL ||
- buffer == NULL ||
- buflen < sizeof("20010401123456Z") ||
- (sis = CMS_get0_SignerInfos(cms)) == NULL ||
- sk_CMS_SignerInfo_num(sis) != 1 ||
- (si = sk_CMS_SignerInfo_value(sis, 0)) < 0 ||
- (i = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)) < 0 ||
- (xa = CMS_signed_get_attr(si, i)) == NULL ||
- xa->single ||
- sk_ASN1_TYPE_num(xa->value.set) != 1 ||
- (so = sk_ASN1_TYPE_value(xa->value.set, 0)) == NULL)
- return NULL;
-
- assert(buflen > 2);
- buffer[buflen - 1] = '\0';
-
- switch (so->type) {
- case V_ASN1_UTCTIME:
- strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20");
- return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3);
- case V_ASN1_GENERALIZEDTIME:
- return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1);
- default:
- return NULL;
- }
-}
-
-
-
-/*
- * Expand the bitstring form of an address into a raw byte array.
- * At the moment this is coded for simplicity, not speed.
- */
-static void addr_expand(unsigned char *addr,
- const ASN1_BIT_STRING *bs,
- const int length)
-{
- assert(bs->length >= 0 && bs->length <= length);
- if (bs->length > 0) {
- memcpy(addr, bs->data, bs->length);
- if ((bs->flags & 7) != 0) {
- unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
- addr[bs->length - 1] &= ~mask;
- }
- }
- memset(addr + bs->length, 0, length - bs->length);
-}
-
-/*
- * Extract the prefix length from a bitstring.
- */
-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
-
-/*
- * Read ROA (CMS object) in DER format.
- *
- * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1.
- *
- * Well, OK, this function has evolved to doing a lot more than just
- * reading the object. Refactor or at least rename, someday.
- */
-static ROA *read_roa(const char *filename,
- const int print_cms,
- const int print_roa,
- const int print_signerinfo,
- const int print_brief,
- const int print_signingtime)
-{
- unsigned char addr[ADDR_RAW_BUF_LEN];
- CMS_ContentInfo *cms = NULL;
- const ASN1_OBJECT *oid = NULL;
- char *asID = NULL;
- BIGNUM *bn = NULL;
- ROA *r = NULL;
- char buf[512];
- BIO *b = NULL;
- int i, j, k, n;
-
- if ((b = BIO_new_file(filename, "r")) == NULL ||
- (cms = d2i_CMS_bio(b, NULL)) == NULL)
- goto done;
- BIO_free(b);
- b = NULL;
-
- if (print_signerinfo) {
- STACK_OF(CMS_SignerInfo) *signerInfos = CMS_get0_SignerInfos(cms);
- STACK_OF(X509) *certs = CMS_get1_certs(cms);
- STACK_OF(X509_CRL) *crls = CMS_get1_crls(cms);
- printf("Certificates: %d\n", certs ? sk_X509_num(certs) : 0);
- printf("CRLs: %d\n", crls ? sk_X509_CRL_num(crls) : 0);
- for (i = 0; i < sk_CMS_SignerInfo_num(signerInfos); i++) {
- CMS_SignerInfo *si = sk_CMS_SignerInfo_value(signerInfos, i);
- ASN1_OCTET_STRING *hash = NULL;
- printf("SignerId[%d]: ", i);
- if (CMS_SignerInfo_get0_signer_id(si, &hash, NULL, NULL) && hash != NULL)
- for (j = 0; j < hash->length; j++)
- printf("%02x%s", hash->data[j], j == hash->length - 1 ? "" : ":");
- else
- printf("[Could not read SID]");
- if (certs)
- for (j = 0; j < sk_X509_num(certs); j++)
- if (!CMS_SignerInfo_cert_cmp(si, sk_X509_value(certs, j)))
- printf(" [Matches certificate %d]", j);
- if ((j = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)) >= 0) {
- X509_ATTRIBUTE *xa = CMS_signed_get_attr(si, j);
- if (xa && !xa->single && sk_ASN1_TYPE_num(xa->value.set) == 1) {
- ASN1_TYPE *so = sk_ASN1_TYPE_value(xa->value.set, 0);
- switch (so->type) {
- case V_ASN1_UTCTIME:
- printf(" [signingTime(U) %s%s]",
- so->value.utctime->data[0] < '5' ? "20" : "19",
- so->value.utctime->data);
- break;
- case V_ASN1_GENERALIZEDTIME:
- printf(" [signingTime(G) %s]",
- so->value.generalizedtime->data);
- break;
- }
- }
- }
- printf("\n");
- }
- sk_X509_pop_free(certs, X509_free);
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- }
-
- if ((b = BIO_new(BIO_s_mem())) == NULL ||
- CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 ||
- (r = ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), b, NULL)) == NULL)
- goto done;
- BIO_free(b);
- b = NULL;
-
- if (print_roa) {
-
- bn = ASN1_INTEGER_to_BN(r->asID, NULL);
- asID = BN_bn2dec(bn);
-
- if (print_brief) {
-
- if (print_signingtime) {
- char buffer[sizeof("20010401123456Z")], *b;
- if (!extract_signingTime(cms, buffer, sizeof(buffer)))
- goto done;
- printf("%s ", buffer);
- }
-
- fputs(asID, stdout);
-
- } else {
-
- if ((oid = CMS_get0_eContentType(cms)) == NULL)
- goto done;
- OBJ_obj2txt(buf, sizeof(buf), oid, 0);
- printf("eContentType: %s\n", buf);
-
- if (r->version)
- printf("version: %ld\n", ASN1_INTEGER_get(r->version));
- else
- printf("version: 0 [Defaulted]\n");
- printf("asID: %s\n", asID);
- }
-
- for (i = 0; i < sk_ROAIPAddressFamily_num(r->ipAddrBlocks); i++) {
-
- ROAIPAddressFamily *f = sk_ROAIPAddressFamily_value(r->ipAddrBlocks, i);
-
- unsigned afi = (f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]);
-
- if (!print_brief) {
- printf(" addressFamily: %x", afi);
- if (f->addressFamily->length == 3)
- printf("[%x]", f->addressFamily->data[2]);
- printf("\n");
- }
-
- for (j = 0; j < sk_ROAIPAddress_num(f->addresses); j++) {
- ROAIPAddress *a = sk_ROAIPAddress_value(f->addresses, j);
-
- if (print_brief)
- printf(" ");
- else
- printf(" IPaddress: ");
-
- switch (afi) {
-
- case IANA_AFI_IPV4:
- addr_expand(addr, a->IPAddress, 4);
- printf("%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
- break;
-
- case IANA_AFI_IPV6:
- addr_expand(addr, a->IPAddress, 16);
- for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
- ;
- for (k = 0; k < n; k += 2)
- printf("%x%s", (addr[k] << 8) | addr[k+1], (k < 14 ? ":" : ""));
- if (k < 16)
- printf(":");
- if (k == 0)
- printf(":");
- break;
-
- default:
- if (!print_brief) {
- for (k = 0; k < a->IPAddress->length; k++)
- printf("%s%02x", (k > 0 ? ":" : ""), a->IPAddress->data[k]);
- printf("[%d]", (int) (a->IPAddress->flags & 7));
- }
- break;
-
- }
-
- printf("/%u", addr_prefixlen(a->IPAddress));
-
- if (a->maxLength)
- printf("-%ld", ASN1_INTEGER_get(a->maxLength));
-
- if (!print_brief)
- printf("\n");
- }
- }
- if (print_brief)
- printf("\n");
- }
-
- if (print_cms) {
- if (print_roa)
- printf("\n");
- fflush(stdout);
- if ((b = BIO_new(BIO_s_fd())) == NULL)
- goto done;
- BIO_set_fd(b, 1, BIO_NOCLOSE);
- CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
- BIO_free(b);
- b = NULL;
- }
-
- done:
- if (ERR_peek_error())
- ERR_print_errors_fp(stderr);
- BIO_free(b);
- BN_free(bn);
- if (asID)
- OPENSSL_free(asID);
- CMS_ContentInfo_free(cms);
- return r;
-}
-
-
-
-const static struct option longopts[] = {
- { "brief", no_argument, NULL, 'b' },
- { "print-cms", no_argument, NULL, 'c' },
- { "help", no_argument, NULL, 'h' },
- { "signingtime", no_argument, NULL, 's' },
- { NULL }
-};
-
-static int usage (const char *jane, const int code)
-{
- FILE *out = code ? stderr : stdout;
- int i;
-
- fprintf(out, "usage: %s [options] ROA [ROA...]\n", jane);
- fprintf(out, "options:\n");
- for (i = 0; longopts[i].name != NULL; i++)
- fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name);
-
- return code;
-}
-
-/*
- * Main program.
- */
-int main (int argc, char *argv[])
-{
- int result = 0, print_brief = 0, print_signingtime = 0, print_cms = 0, c;
- const char *jane = argv[0];
- ROA *r;
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- while ((c = getopt_long(argc, argv, "bchs", longopts, NULL)) != -1) {
- switch (c) {
- case 'b':
- print_brief = 1;
- break;
- case 'c':
- print_cms = 1;
- break;
- case 's':
- print_signingtime = 1;
- break;
- case 'h':
- return usage(jane, 0);
- default:
- return usage(jane, 1);
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 0)
- return usage(jane, 1);
-
- while (argc-- > 0) {
- r = read_roa(*argv++, print_cms, 1, !print_brief, print_brief, print_signingtime);
- result |= r == NULL;
- ROA_free(r);
- }
- return result;
-}
diff --git a/utils/print_roa/strip_roa.sh b/utils/print_roa/strip_roa.sh
deleted file mode 100755
index e2dacf86..00000000
--- a/utils/print_roa/strip_roa.sh
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh -
-# $Id$
-#
-# Copyright (C) 2010 Internet Systems Consortium ("ISC")
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-#
-# Strip boring parts of print_roa's output to make a (somewhat) terser
-# description, one line per ROA. This is intended for use in
-# comparing sets of ROAs using text comparision tools like "diff" or
-# "comm". One could definitely do something prettier, but this
-# suffices for basic tests.
-#
-# Use this as in a shell pipeline to postprocess print_roa's output.
-
-awk '
- /Certificate/ {
- roa[++n] = "";
- }
- /asID|addressFamily|IPaddress/ {
- roa[n] = roa[n] " " $0;
- }
- END {
- for (i in roa)
- print roa[i];
- }
-' |
-tr -s \\011 \\040 |
-sort -u
diff --git a/utils/print_rpki_manifest/Makefile.in b/utils/print_rpki_manifest/Makefile.in
deleted file mode 100644
index 22f1b16b..00000000
--- a/utils/print_rpki_manifest/Makefile.in
+++ /dev/null
@@ -1,52 +0,0 @@
-# $Id$
-
-NAME = print_rpki_manifest
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-MANIFEST_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication
-
-test: all
- -date -u +'now: %Y%m%d%H%M%SZ'
- if test -d ${MANIFEST_DIR}; then find ${MANIFEST_DIR} -type f -name '*.mnf' -print -exec ./${BIN} {} \; ; else :; fi
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/print_rpki_manifest/print_rpki_manifest.c b/utils/print_rpki_manifest/print_rpki_manifest.c
deleted file mode 100644
index f55f9916..00000000
--- a/utils/print_rpki_manifest/print_rpki_manifest.c
+++ /dev/null
@@ -1,235 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Decoder test for RPKI manifests.
- *
- * NB: This does -not- check the CMS signatures, just the encoding.
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <getopt.h>
-
-#include <openssl/bn.h>
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-#include <openssl/conf.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/cms.h>
-
-#include <rpki/manifest.h>
-
-/*
- * Read manifest (CMS object) in DER format.
- *
- * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1.
- *
- * OK, this does more than just reading the CMS. Refactor or rename, someday.
- */
-
-static const Manifest *read_manifest(const char *filename,
- const int print_cms,
- const int print_manifest,
- const int print_signerinfo)
-{
- CMS_ContentInfo *cms = NULL;
- const ASN1_OBJECT *oid = NULL;
- const Manifest *m = NULL;
- char *mftnum = NULL;
- BIGNUM *bn = NULL;
- char buf[512];
- BIO *b = NULL;
- int i, j;
-
- if ((b = BIO_new_file(filename, "r")) == NULL ||
- (cms = d2i_CMS_bio(b, NULL)) == NULL)
- goto done;
- BIO_free(b);
- b = NULL;
-
- if (print_signerinfo) {
- STACK_OF(CMS_SignerInfo) *signerInfos = CMS_get0_SignerInfos(cms);
- STACK_OF(X509) *certs = CMS_get1_certs(cms);
- STACK_OF(X509_CRL) *crls = CMS_get1_crls(cms);
- printf("Certificates: %d\n", certs ? sk_X509_num(certs) : 0);
- printf("CRLs: %d\n", crls ? sk_X509_CRL_num(crls) : 0);
- for (i = 0; i < sk_CMS_SignerInfo_num(signerInfos); i++) {
- CMS_SignerInfo *si = sk_CMS_SignerInfo_value(signerInfos, i);
- ASN1_OCTET_STRING *hash = NULL;
- printf("SignerId[%d]: ", i);
- if (CMS_SignerInfo_get0_signer_id(si, &hash, NULL, NULL) && hash != NULL)
- for (j = 0; j < hash->length; j++)
- printf("%02x%s", hash->data[j], j == hash->length - 1 ? "" : ":");
- else
- printf("[Could not read SID]");
- if (certs)
- for (j = 0; j < sk_X509_num(certs); j++)
- if (!CMS_SignerInfo_cert_cmp(si, sk_X509_value(certs, j)))
- printf(" [Matches certificate %d]", j);
- if ((j = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)) >= 0) {
- X509_ATTRIBUTE *xa = CMS_signed_get_attr(si, j);
- if (xa && !xa->single && sk_ASN1_TYPE_num(xa->value.set) == 1) {
- ASN1_TYPE *so = sk_ASN1_TYPE_value(xa->value.set, 0);
- switch (so->type) {
- case V_ASN1_UTCTIME:
- printf(" [signingTime(U) %s%s]",
- so->value.utctime->data[0] < '5' ? "20" : "19",
- so->value.utctime->data);
- break;
- case V_ASN1_GENERALIZEDTIME:
- printf(" [signingTime(G) %s]",
- so->value.generalizedtime->data);
- break;
- }
- }
- }
- printf("\n");
- }
- sk_X509_pop_free(certs, X509_free);
- sk_X509_CRL_pop_free(crls, X509_CRL_free);
- }
-
- if ((b = BIO_new(BIO_s_mem())) == NULL ||
- CMS_verify(cms, NULL, NULL, NULL, b, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 ||
- (m = ASN1_item_d2i_bio(ASN1_ITEM_rptr(Manifest), b, NULL)) == NULL)
- goto done;
- BIO_free(b);
- b = NULL;
-
- if (print_manifest) {
-
- if ((oid = CMS_get0_eContentType(cms)) == NULL)
- goto done;
- OBJ_obj2txt(buf, sizeof(buf), oid, 0);
- printf("eContentType: %s\n", buf);
-
- if (m->version)
- printf("version: %ld\n", ASN1_INTEGER_get(m->version));
- else
- printf("version: 0 [Defaulted]\n");
-
- bn = ASN1_INTEGER_to_BN(m->manifestNumber, NULL);
- mftnum = BN_bn2dec(bn);
- printf("manifestNumber: %s\n", mftnum);
-
- printf("thisUpdate: %s\n", m->thisUpdate->data);
- printf("nextUpdate: %s\n", m->nextUpdate->data);
- OBJ_obj2txt(buf, sizeof(buf), m->fileHashAlg, 0);
- printf("fileHashAlg: %s\n", buf);
-
- for (i = 0; i < sk_FileAndHash_num(m->fileList); i++) {
- FileAndHash *fah = sk_FileAndHash_value(m->fileList, i);
- printf("fileList[%3d]: ", i);
- for (j = 0; j < fah->hash->length; j++)
- printf("%02x%s", fah->hash->data[j], j == fah->hash->length - 1 ? " " : ":");
- printf(" %s\n", fah->file->data);
- }
-
- if (X509_cmp_current_time(m->nextUpdate) < 0)
- printf("MANIFEST IS STALE\n");
- }
-
- if (print_cms) {
- if (print_manifest)
- printf("\n");
- fflush(stdout);
- if ((b = BIO_new(BIO_s_fd())) == NULL)
- goto done;
- BIO_set_fd(b, 1, BIO_NOCLOSE);
- CMS_ContentInfo_print_ctx(b, cms, 0, NULL);
- BIO_free(b);
- b = NULL;
- }
-
- done:
- if (ERR_peek_error())
- ERR_print_errors_fp(stderr);
- BIO_free(b);
- BN_free(bn);
- if (mftnum)
- OPENSSL_free(mftnum);
- CMS_ContentInfo_free(cms);
- return m;
-}
-
-
-
-const static struct option longopts[] = {
- { "print-cms", no_argument, NULL, 'c' },
- { "help", no_argument, NULL, 'h' },
- { NULL }
-};
-
-static int usage (const char *jane, const int code)
-{
- FILE *out = code ? stderr : stdout;
- int i;
-
- fprintf(out, "usage: %s [options] manifest [manifest...]\n", jane);
- fprintf(out, "options:\n");
- for (i = 0; longopts[i].name != NULL; i++)
- fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name);
-
- return code;
-}
-
-/*
- * Main program.
- */
-int main (int argc, char *argv[])
-{
- int result = 0, print_cms = 0, c;
- const char *jane = argv[0];
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- while ((c = getopt_long(argc, argv, "ch", longopts, NULL)) != -1) {
- switch (c) {
- case 'c':
- print_cms = 1;
- break;
- case 'h':
- return usage(jane, 0);
- default:
- return usage(jane, 1);
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 0)
- return usage(jane, 1);
-
- while (argc-- > 0)
- result |= read_manifest(*argv++, print_cms, 1, 1) == NULL;
- return result;
-}
diff --git a/utils/scan_roas/Makefile.in b/utils/scan_roas/Makefile.in
deleted file mode 100644
index 7707969c..00000000
--- a/utils/scan_roas/Makefile.in
+++ /dev/null
@@ -1,52 +0,0 @@
-# $Id$
-
-NAME = scan_roas
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-ROA_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication
-
-test: all
- -date -u +'now: %Y%m%d%H%M%SZ'
- if test -d ${ROA_DIR}; then ./${BIN} ${ROA_DIR} ; else :; fi
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/scan_roas/scan_roas.c b/utils/scan_roas/scan_roas.c
deleted file mode 100644
index f32e3827..00000000
--- a/utils/scan_roas/scan_roas.c
+++ /dev/null
@@ -1,305 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2011 Internet Systems Consortium ("ISC")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Decoder test for ROAs.
- *
- * NB: This does -not- check the CMS signatures, just the encoding.
- */
-
-#include <assert.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <string.h>
-#include <dirent.h>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-#include <openssl/conf.h>
-#include <openssl/rand.h>
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/cms.h>
-
-#include <rpki/roa.h>
-
-/*
- * How much buffer space do we need for a raw address?
- */
-#define ADDR_RAW_BUF_LEN 16
-
-/*
- * How long can a filesystem path be?
- */
-#define PATH_MAX 2048
-
-
-
-/*
- * Extract signing time from CMS message.
- */
-
-static char *
-extract_signingTime(CMS_ContentInfo *cms, char *buffer, size_t buflen)
-{
- STACK_OF(CMS_SignerInfo) *sis = NULL;
- CMS_SignerInfo *si = NULL;
- X509_ATTRIBUTE *xa = NULL;
- ASN1_TYPE *so = NULL;
- int i = -1;
-
- if (cms == NULL ||
- buffer == NULL ||
- buflen < sizeof("20010401123456Z") ||
- (sis = CMS_get0_SignerInfos(cms)) == NULL ||
- sk_CMS_SignerInfo_num(sis) != 1 ||
- (si = sk_CMS_SignerInfo_value(sis, 0)) < 0 ||
- (i = CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1)) < 0 ||
- (xa = CMS_signed_get_attr(si, i)) == NULL ||
- xa->single ||
- sk_ASN1_TYPE_num(xa->value.set) != 1 ||
- (so = sk_ASN1_TYPE_value(xa->value.set, 0)) == NULL)
- return NULL;
-
- assert(buflen > 2);
- buffer[buflen - 1] = '\0';
-
- switch (so->type) {
- case V_ASN1_UTCTIME:
- strcpy(buffer, (so->value.utctime->data[0] >= '5') ? "19" : "20");
- return strncpy(buffer + 2, (const char *) so->value.utctime->data, buflen - 3);
- case V_ASN1_GENERALIZEDTIME:
- return strncpy(buffer, (const char *) so->value.generalizedtime->data, buflen - 1);
- default:
- return NULL;
- }
-}
-
-
-
-/*
- * Expand the bitstring form of an address into a raw byte array.
- * At the moment this is coded for simplicity, not speed.
- */
-static void addr_expand(unsigned char *addr,
- const ASN1_BIT_STRING *bs,
- const int length)
-{
- assert(bs->length >= 0 && bs->length <= length);
- if (bs->length > 0) {
- memcpy(addr, bs->data, bs->length);
- if ((bs->flags & 7) != 0) {
- unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
- addr[bs->length - 1] &= ~mask;
- }
- }
- memset(addr + bs->length, 0, length - bs->length);
-}
-
-/*
- * Extract the prefix length from a bitstring.
- */
-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
-
-/*
- * Read ROA (CMS object) in DER format.
- *
- * NB: When invoked this way, CMS_verify() does -not- verify, it just decodes the ASN.1.
- */
-static int read_roa(const char *filename)
-{
- char buffer[sizeof("20010401123456Z")], *b;
- unsigned char addr[ADDR_RAW_BUF_LEN];
- CMS_ContentInfo *cms = NULL;
- const ASN1_OBJECT *oid = NULL;
- ROA *r = NULL;
- char buf[512];
- BIO *bio;
- int i, j, k, n, ok;
-
- if ((bio = BIO_new_file(filename, "r")) == NULL ||
- (cms = d2i_CMS_bio(bio, NULL)) == NULL)
- goto done;
- BIO_free(bio);
-
- if ((bio = BIO_new(BIO_s_mem())) == NULL ||
- CMS_verify(cms, NULL, NULL, NULL, bio, CMS_NOCRL | CMS_NO_SIGNER_CERT_VERIFY | CMS_NO_ATTR_VERIFY | CMS_NO_CONTENT_VERIFY) <= 0 ||
- (r = ASN1_item_d2i_bio(ASN1_ITEM_rptr(ROA), bio, NULL)) == NULL)
- goto done;
-
- if (!extract_signingTime(cms, buffer, sizeof(buffer)))
- goto done;
- printf("%s ", buffer);
-
- printf("%ld", ASN1_INTEGER_get(r->asID));
-
- for (i = 0; i < sk_ROAIPAddressFamily_num(r->ipAddrBlocks); i++) {
-
- ROAIPAddressFamily *f = sk_ROAIPAddressFamily_value(r->ipAddrBlocks, i);
-
- unsigned afi = (f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]);
-
- for (j = 0; j < sk_ROAIPAddress_num(f->addresses); j++) {
- ROAIPAddress *a = sk_ROAIPAddress_value(f->addresses, j);
-
- printf(" ");
-
- switch (afi) {
-
- case IANA_AFI_IPV4:
- addr_expand(addr, a->IPAddress, 4);
- printf("%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
- break;
-
- case IANA_AFI_IPV6:
- addr_expand(addr, a->IPAddress, 16);
- for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
- ;
- for (k = 0; k < n; k += 2)
- printf("%x%s", (addr[k] << 8) | addr[k+1], (k < 14 ? ":" : ""));
- if (k < 16)
- printf(":");
- if (k == 0)
- printf(":");
- break;
-
- default:
- break;
- }
-
- printf("/%u", addr_prefixlen(a->IPAddress));
-
- if (a->maxLength)
- printf("-%ld", ASN1_INTEGER_get(a->maxLength));
- }
- }
- printf("\n");
-
- done:
- ok = r != NULL;
-
- if (ERR_peek_error())
- ERR_print_errors_fp(stderr);
- BIO_free(bio);
- CMS_ContentInfo_free(cms);
- ROA_free(r);
-
- return ok;
-}
-
-
-
-/**
- * Check str for a trailing suffix.
- */
-static int endswith(const char *str, const char *suffix)
-{
- size_t len_str, len_suffix;
- assert(str != NULL && suffix != NULL);
- len_str = strlen(str);
- len_suffix = strlen(suffix);
- return len_str >= len_suffix && !strcmp(str + len_str - len_suffix, suffix);
-}
-
-
-
-/**
- * Walk directory tree, looking for ROAs.
- */
-static int walk(const char *name)
-{
- int need_slash, ok = 1;
- char path[PATH_MAX];
- struct dirent *d;
- size_t len;
- DIR *dir;
-
- assert(name);
- len = strlen(name);
-
- assert(len > 0 && len < sizeof(path));
- need_slash = name[len - 1] != '/';
-
- if ((dir = opendir(name)) == NULL)
- return 0;
-
- while ((d = readdir(dir)) != NULL) {
- if (!strcmp(d->d_name, ".") ||
- !strcmp(d->d_name, ".."))
- continue;
- if (len + strlen(d->d_name) + need_slash >= sizeof(path)) {
- ok = 0;
- goto done;
- }
- strcpy(path, name);
- if (need_slash)
- strcat(path, "/");
- strcat(path, d->d_name);
- switch (d->d_type) {
- case DT_DIR:
- ok &= walk(path);
- continue;
- default:
- if (endswith(path, ".roa"))
- ok &= read_roa(path);
- continue;
- }
- }
-
- done:
- closedir(dir);
- return ok;
-}
-
-
-
-static void usage (const char *jane, const int code)
-{
- fprintf(code ? stderr : stdout, "usage: %s authtree [authtree...]\n", jane);
- exit(code);
-}
-
-/*
- * Main program.
- */
-int main (int argc, char *argv[])
-{
- int i, ok = 1;
-
- if (argc == 2 && (!strcmp(argv[1], "-h") || !strcmp(argv[1], "--help")))
- usage(argv[0], 0);
-
- if (argc < 2)
- usage(argv[0], 1);
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- for (i = 1; i < argc; i++)
- ok &= walk(argv[i]);
-
- return !ok;
-}
diff --git a/utils/scan_routercerts/Makefile.in b/utils/scan_routercerts/Makefile.in
deleted file mode 100644
index 715d1325..00000000
--- a/utils/scan_routercerts/Makefile.in
+++ /dev/null
@@ -1,41 +0,0 @@
-# $Id$
-
-NAME = scan_routercerts
-
-BIN = ${NAME}
-
-INSTALL = @INSTALL@ -m 555
-
-prefix = @prefix@
-exec_prefix = @exec_prefix@
-datarootdir = @datarootdir@
-datadir = @datadir@
-localstatedir = @localstatedir@
-sharedstatedir = @sharedstatedir@
-sysconfdir = @sysconfdir@
-bindir = @bindir@
-sbindir = @sbindir@
-libexecdir = @libexecdir@
-libdir = @libdir@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all clean:
- @true
-
-ROUTERCERT_DIR = ${abs_top_builddir}/rpkid/tests/smoketest.dir/publication
-
-test: all
- -date -u +'now: %Y%m%d%H%M%SZ'
- if test -d ${ROUTERCERT_DIR}; then ./${BIN} ; else :; fi
-
-install: all
- if test -d ${DESTDIR}${bindir} ; then :; else ${INSTALL} -d ${DESTDIR}${bindir}; fi
- ${INSTALL} ${BIN} ${DESTDIR}${bindir}
-
-deinstall uninstall:
- rm -f ${DESTDIR}${bindir}/${BIN}
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/scan_routercerts/scan_routercerts b/utils/scan_routercerts/scan_routercerts
deleted file mode 100755
index 342fa272..00000000
--- a/utils/scan_routercerts/scan_routercerts
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/usr/bin/env python
-# $Id$
-#
-# Copyright (C) 2014 Dragon Research Labs ("DRL")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND DRL DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS. IN NO EVENT SHALL DRL BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-"""
-Scan rcynic validated output looking for router certificates, print
-out stuff that the rpki-rtr code cares about.
-"""
-
-# This program represents a weird temporary state, mostly to avoid
-# diving into a recursive yak shaving exercise.
-#
-# Under the old scheme, anything used by the RP code should be either
-# C code or pure Python code using just the standard libraries. This
-# has gotten silly, but we haven't yet refactored the current packaged
-# builds from two packages into three (adding a -libs package).
-#
-# So, by rights, this program should be a C monstrosity written using
-# the OpenSSL C API. I started coding it that way, but it was just
-# too painful for something we're probably going to rewrite as a few
-# lines of Python once we refactor, but by the same token I didn't
-# want to delay router certificate support until the refactoring.
-#
-# So this program anticipates the new scheme of things, but makes one
-# concession to current reality: if it has a problem importing the
-# RPKI-specific libraries, it just quietly exits as if everything were
-# fine and there simply are no router certificates to report. This
-# isn't the right answer in the long run, but will suffice to avoid
-# further bald yaks.
-
-import os
-import sys
-import base64
-
-try:
- import rpki.POW
- import rpki.oids
-except ImportError:
- sys.exit(0)
-
-rcynic_dir = sys.argv[1]
-
-for root, dirs, files in os.walk(rcynic_dir):
- for fn in files:
- if not fn.endswith(".cer"):
- continue
- x = rpki.POW.X509.derReadFile(os.path.join(root, fn))
-
- if rpki.oids.id_kp_bgpsec_router not in (x.getEKU() or ()):
- continue
-
- sys.stdout.write(base64.urlsafe_b64encode(x.getSKI()).rstrip("="))
- for min_asn, max_asn in x.getRFC3779()[0]:
- for asn in xrange(min_asn, max_asn + 1):
- sys.stdout.write(" %s" % asn)
- sys.stdout.write(" %s\n" % base64.b64encode(x.getPublicKey().derWritePublic()))
diff --git a/utils/uri/Makefile.in b/utils/uri/Makefile.in
deleted file mode 100644
index fc545060..00000000
--- a/utils/uri/Makefile.in
+++ /dev/null
@@ -1,31 +0,0 @@
-# $Id$
-
-NAME = uri
-
-BIN = ${NAME}
-SRC = ${NAME}.c
-OBJ = ${NAME}.o
-
-CFLAGS = @CFLAGS@
-LDFLAGS = @LDFLAGS@
-LIBS = @LIBS@
-
-abs_top_srcdir = @abs_top_srcdir@
-abs_top_builddir = @abs_top_builddir@
-
-all: ${BIN}
-
-clean:
- rm -rf ${BIN} ${OBJ} ${BIN}.dSYM
-
-${BIN}: ${SRC}
- ${CC} ${CFLAGS} -o $@ ${SRC} ${LDFLAGS} ${LIBS}
-
-test:
- @true
-
-install deinstall uninstall:
- @true
-
-distclean: clean
- rm -f Makefile
diff --git a/utils/uri/dot.awk b/utils/uri/dot.awk
deleted file mode 100644
index ca1b490b..00000000
--- a/utils/uri/dot.awk
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/usr/bin/awk -f
-# $Id$
-#
-# This doesn't really work right yet, and even if it did, the graph
-# it would generate would be hopelessly large.
-
-BEGIN {
- cmd = "find /var/rcynic/data/unauthenticated -type f -name '*.cer' -print0 | xargs -0 ./uri -d";
- while ((cmd | getline) == 1) {
- if ($1 == "File") {
- sub("/var/rcynic/data/unauthenticated/", "rsync://");
- u = $2;
- uri[u] = ++n;
- continue;
- }
- if ($1 == "SIA:") {
- sia[u] = $2;
- continue;
- }
- if ($1 == "AIA:") {
- aia[u] = $2;
- continue;
- }
- }
- print "digraph rpki {";
- for (u in uri) {
- printf "n%06d\t[ label=\"%s\" ];\n", uri[u], u;
- if (sia[u])
- printf "n%06d -> n%06d\t [ color=blue ];\n", uri[u], uri[sia[u]];
- if (aia[u])
- printf "n%06d -> n%06d\t [ color=green ];\n", uri[u], uri[aia[u]];
- }
- print "}";
-}
diff --git a/utils/uri/table.awk b/utils/uri/table.awk
deleted file mode 100644
index d8627f67..00000000
--- a/utils/uri/table.awk
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/usr/bin/awk -f
-# $Id$
-#
-# Reformat uri.c's output in a way that's more useful
-# for some kinds of scripting. Perhaps this functionality should be
-# part of uri.c itself, but for now this script will do.
-
-BEGIN {
- cmd = "find /var/rcynic/data/unauthenticated -type f -name '*.cer' -print0 | xargs -0 ./uri -d";
- while ((cmd | getline) == 1) {
- if ($1 == "File") {
- if (f)
- print f, u, a, s, c;
- a = s = c = "-";
- f = $2;
- sub("/var/rcynic/data/unauthenticated/","rsync://");
- u = $2;
- continue;
- }
- if ($1 == "SIA:") {
- s = $2;
- continue;
- }
- if ($1 == "AIA:") {
- a = $2;
- continue;
- }
- if ($1 == "CRL:") {
- c = $2;
- continue;
- }
- }
- if (f != "-")
- print f, u, a, s, c;
-}
diff --git a/utils/uri/uri.c b/utils/uri/uri.c
deleted file mode 100644
index 6353e8e5..00000000
--- a/utils/uri/uri.c
+++ /dev/null
@@ -1,248 +0,0 @@
-/*
- * Copyright (C) 2014 Dragon Research Labs ("DRL")
- * Portions copyright (C) 2006--2008 American Registry for Internet Numbers ("ARIN")
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notices and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ARIN DISCLAIM ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DRL OR
- * ARIN BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
- * OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
- * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*
- * Extract and test URIs from certificates. This is a unit test of
- * rcynic code, a utility, or both, depending on how it turns out.
- *
- * NB: OpenSSL insures that IA5 strings are null-terminated, so it's safe
- * for us to ignore the length count.
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <getopt.h>
-
-#include <openssl/bio.h>
-#include <openssl/pem.h>
-#include <openssl/err.h>
-#include <openssl/cms.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include <openssl/safestack.h>
-
-static const unsigned char id_ad_caIssuers[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x2}; /* 1.3.6.1.5.5.7.48.2 */
-static const unsigned char id_ad_caRepository[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x5}; /* 1.3.6.1.5.5.7.48.5 */
-static const unsigned char id_ad_signedObjectRepository[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0x9}; /* 1.3.6.1.5.5.7.48.9 */
-static const unsigned char id_ad_rpkiManifest[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0xa}; /* 1.3.6.1.5.5.7.48.10 */
-static const unsigned char id_ad_signedObject[] = {0x2b, 0x6, 0x1, 0x5, 0x5, 0x7, 0x30, 0xb}; /* 1.3.6.1.5.5.7.48.11 */
-
-static X509 *read_cert(const char *filename, int format, int verbose)
-{
- BIO *b = BIO_new_file(filename, "r");
- STACK_OF(X509) *certs = NULL;
- CMS_ContentInfo *cms = NULL;
- X509 *x = NULL;
-
- if (b == NULL)
- return NULL;
-
- switch (format) {
- case 'p':
- x = PEM_read_bio_X509(b, NULL, NULL, NULL);
- break;
- case 'd':
- x = d2i_X509_bio(b, NULL);
- break;
- }
-
- if (x == NULL) {
- BIO_reset(b);
- switch (format) {
- case 'p':
- cms = PEM_read_bio_CMS(b, NULL, NULL, NULL);
- break;
- case 'd':
- cms = d2i_CMS_bio(b, NULL);
- break;
- }
- if (cms != NULL && (certs = CMS_get1_certs(cms)) != NULL)
- x = sk_X509_shift(certs);
- }
-
- if (x != NULL && verbose) {
- X509_print_fp(stdout, x);
- printf("\n");
- }
-
- sk_X509_pop_free(certs, X509_free);
- CMS_ContentInfo_free(cms);
- BIO_free(b);
- return x;
-}
-
-enum decode_errors {
- decode_ok,
- decode_no_extension,
- decode_not_exactly_one_DistributionPointName,
- decode_has_reasons,
- decode_has_CRLissuer,
- decode_no_distributionPoint,
- decode_not_GeneralName,
- decode_not_URI,
-};
-
-static enum decode_errors decode_crldp(X509 *x, int verbose, int spaces)
-{
- enum decode_errors err = decode_ok;
- STACK_OF(DIST_POINT) *ds = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
- DIST_POINT *d;
- GENERAL_NAME *n;
- int i;
-
- if (!ds) {
- err = decode_no_extension;
- } else if (sk_DIST_POINT_num(ds) != 1) {
- err = decode_not_exactly_one_DistributionPointName;
- } else if ((d = sk_DIST_POINT_value(ds, 0))->reasons) {
- err = decode_has_reasons;
- } else if (d->CRLissuer) {
- err = decode_has_CRLissuer;
- } else if (!d->distpoint) {
- err = decode_no_distributionPoint;
- } else if (d->distpoint->type != 0) {
- err = decode_not_GeneralName;
- } else {
- for (i = 0; i < sk_GENERAL_NAME_num(d->distpoint->name.fullname); i++) {
- n = sk_GENERAL_NAME_value(d->distpoint->name.fullname, i);
- if (n->type != GEN_URI) {
- err = decode_not_GeneralName;
- break;
- }
- printf(" CRLDP: %s%s", n->d.uniformResourceIdentifier->data, spaces ? "" : "\n");
- }
- }
-
- sk_DIST_POINT_pop_free(ds, DIST_POINT_free);
- return err;
-}
-
-#define decode_xia(_x_, _v_, _s_, _tag_, _nid_, _oid_) \
- _decode_xia(_x_, _v_, _s_, _tag_, _nid_, _oid_, sizeof(_oid_))
-
-static enum decode_errors _decode_xia(X509 *x,
- int verbose,
- int spaces,
- char *tag,
- int nid,
- const unsigned char *oid,
- int oidlen)
-{
- enum decode_errors err = decode_ok;
- AUTHORITY_INFO_ACCESS *as = X509_get_ext_d2i(x, nid, NULL, NULL);
- ACCESS_DESCRIPTION *a;
- int i;
-
- if (!as) {
- err = decode_no_extension;
- } else {
- for (i = 0; i < sk_ACCESS_DESCRIPTION_num(as); i++) {
- a = sk_ACCESS_DESCRIPTION_value(as, i);
- if (a->location->type != GEN_URI) {
- err = decode_not_URI;
- break;
- }
- if (a->method->length == oidlen && !memcmp(a->method->data, oid, oidlen))
- printf(" %s: %s%s", tag, a->location->d.uniformResourceIdentifier->data, spaces ? "" : "\n");
- }
- }
-
- sk_ACCESS_DESCRIPTION_pop_free(as, ACCESS_DESCRIPTION_free);
- return err;
-}
-
-
-
-const static struct option longopts[] = {
- { "der", no_argument, NULL, 'd' },
- { "help", no_argument, NULL, 'h' },
- { "pem", no_argument, NULL, 'p' },
- { "spaces", no_argument, NULL, 's' },
- { "verbose", no_argument, NULL, 'v' },
- { NULL }
-};
-
-static int usage (const char *jane, const int code)
-{
- FILE *out = code ? stderr : stdout;
- int i;
-
- fprintf(out, "usage: %s [-p | -d] cert [cert...]\n", jane);
- fprintf(out, "options:\n");
- for (i = 0; longopts[i].name != NULL; i++)
- fprintf(out, " -%c --%s\n", longopts[i].val, longopts[i].name);
-
- return code;
-}
-
-int main(int argc, char *argv[])
-{
- int c, format = 'd', spaces = 0, verbose = 0;
- const char *jane = argv[0];
- X509 *x;
-
- OpenSSL_add_all_algorithms();
- ERR_load_crypto_strings();
-
- while ((c = getopt(argc, argv, "pdsv")) > 0) {
- switch (c) {
- case 'v':
- verbose = 1;
- break;
- case 'p':
- case 'd':
- format = c;
- break;
- case 's':
- spaces = 1;
- break;
- case 'h':
- return usage(jane, 0);
- default:
- return usage(jane, 1);
- }
- }
-
- argc -= optind;
- argv += optind;
-
- if (argc == 0)
- return usage(jane, 1);
-
- while (argc-- > 0) {
- printf(spaces ? "%s" : "File: %s\n", *argv);
- if ((x = read_cert(*argv++, format, verbose)) == NULL) {
- printf("Couldn't read certificate, skipping\n");
- continue;
- }
- decode_xia(x, verbose, spaces, "AIA:caIssuers", NID_info_access, id_ad_caIssuers);
- decode_xia(x, verbose, spaces, "SIA:caRepository", NID_sinfo_access, id_ad_caRepository);
- decode_xia(x, verbose, spaces, "SIA:signedObjectRepository", NID_sinfo_access, id_ad_signedObjectRepository);
- decode_xia(x, verbose, spaces, "SIA:rpkiManifest", NID_sinfo_access, id_ad_rpkiManifest);
- decode_xia(x, verbose, spaces, "SIA:signedObject", NID_sinfo_access, id_ad_signedObject);
- decode_crldp(x, verbose, spaces);
- if (spaces)
- putchar('\n');
- X509_free(x);
- }
-
- return 0;
-}
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 16:50:15 +0000