aboutsummaryrefslogtreecommitdiff
path: root/rp/utils/find-roa-expiration
blob: 6a69eb7863616e9c6c091e9223574fc43c551e59 (plain) (blame) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

#!/usr/bin/env python
#
# $Id$
#
# Copyright (C) 2014  Dragon Research Labs ("DRL")
# Portions copyright (C) 2012  Internet Systems Consortium ("ISC")
# 
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notices and this permission notice appear in all copies.
# 
# THE SOFTWARE IS PROVIDED "AS IS" AND DRL AND ISC DISCLAIM ALL
# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL DRL OR
# ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.

"""
Look for ROAs for particular prefixes, like find_roa, then, for each
ROA we find, dig out the expiration times of all the certificates
involved in the authorization chain, all the way back to the root.
"""

import os
import sys
import subprocess
import rpki.POW

def filename_to_uri(filename):
  if not filename.startswith(sys.argv[1]):
    raise ValueError
  return "rsync://" + filename[len(sys.argv[1]):].lstrip("/")

def uri_to_filename(uri):
  if not uri.startswith("rsync://"):
    raise ValueError
  return sys.argv[1] + "/" + uri[len("rsync://"):]

def get_aia(x):
  for aia in x.getAIA() or ():
    if aia.startswith("rsync://"):
      return aia
  return None

for line in subprocess.check_output(["find_roa"] + sys.argv[1:]).splitlines():

  words = line.split()
  fn = words.pop()
  del words[-1]
  print " ".join(words)

  x = rpki.POW.CMS.derReadFile(fn).certs()[0]
  uri = get_aia(x)
  print x.getNotAfter(), filename_to_uri(fn)

  while uri:
    fn = uri_to_filename(uri)
    if os.path.exists(fn):
      x = rpki.POW.X509.derReadFile(fn)
      print x.getNotAfter(), uri
      uri = get_aia(x)
    else:
      print "***** MISSING ******", uri
      uri = None

  print
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-10 10:00:45 +0000