rpms
/
certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity
certmonger/SOURCES/0006-Display-not_before-in-...

387 lines
13 KiB
Diff
Raw Blame History

From 84d575da7516cae1ee94099317cf0f8fae2c7ea1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 8 Apr 2021 14:07:22 -0400
Subject: [PATCH] Display not_before in getcert output
Including not_before can help with troubleshooting
renewal problems and if time needs to be reversed
helping identify the maximum one can go back.
https://bugzilla.redhat.com/show_bug.cgi?id=1940261
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/getcert.c | 21 ++++-
src/tdbush.c | 10 ++-
src/tdbusm-check.c | 32 ++++++++
src/tdbusm.c | 150 ++++++++++++++++++++++++++++++++++++
src/tdbusm.h | 9 +++
tests/028-dbus/expected.out | 4 +-
tests/028-dbus/run.sh | 1 +
7 files changed, 220 insertions(+), 7 deletions(-)
diff --git a/src/getcert.c b/src/getcert.c
index 078f5aa1..4afafcb1 100644
--- a/src/getcert.c
+++ b/src/getcert.c
@@ -3389,7 +3389,7 @@ list(const char *argv0, int argc, const char **argv)
const char *capath, *request;
dbus_bool_t b;
char *s1, *s2, *s3, *s4, *s5, *s6;
- long n1, n2;
+ long n1, n2, n3;
char **as, **as1, **as2, **as3, **as4, **as5, t[25];
int requests_only = 0, tracking_only = 0, verbose = 0, c, i, j;
unsigned int k;
@@ -3754,10 +3754,10 @@ list(const char *argv0, int argc, const char **argv)
/* Information from the certificate. */
rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE,
"get_cert_info", verbose);
- if (cm_tdbusm_get_sssnasasasnas(rep, globals.tctx,
+ if (cm_tdbusm_get_sssnasasasnasn(rep, globals.tctx,
&s1, &s2, &s3, &n1,
&as1, &as2, &as3,
- &n2, &as4) != 0) {
+ &n2, &as4, &n3) != 0) {
printf(_("Error parsing server response.\n"));
exit(1);
}
@@ -3768,6 +3768,21 @@ list(const char *argv0, int argc, const char **argv)
printf(_("\tissuer: %s\n"), s1);
printf(_("\tsubject: %s\n"), s3);
when = _("unknown");
+ if (n3 != 0) {
+ if (force_utc) {
+ when = cm_store_timestamp_from_time_for_display(n3, t);
+ printf(_("\tissued: %s\n"), when);
+ } else {
+ when = cm_store_local_timestamp_from_time_for_display(n3);
+ if (when != NULL) {
+ printf(_("\tissued: %s\n"), when);
+ free(when);
+ }
+ }
+ } else {
+ printf(_("\tissued: %s\n"), when);
+ }
+ when = _("unknown");
if (n1 != 0) {
if (force_utc) {
when = cm_store_timestamp_from_time_for_display(n1, t);
diff --git a/src/tdbush.c b/src/tdbush.c
index 3587f84f..6fc1b4be 100644
--- a/src/tdbush.c
+++ b/src/tdbush.c
@@ -2701,7 +2701,7 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,
rep = dbus_message_new_method_return(msg);
if (rep != NULL) {
eku = eku_splitv(entry, entry->cm_cert_eku);
- cm_tdbusm_set_sssnasasasnas(rep,
+ cm_tdbusm_set_sssnasasasnasn(rep,
entry->cm_cert_issuer,
entry->cm_cert_serial,
entry->cm_cert_subject,
@@ -2710,7 +2710,8 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,
(const char **) entry->cm_cert_hostname,
(const char **) entry->cm_cert_principal,
ku_from_string(entry->cm_cert_ku),
- (const char **) eku);
+ (const char **) eku,
+ entry->cm_cert_not_before);
dbus_connection_send(conn, rep, NULL);
dbus_message_unref(rep);
talloc_free(eku);
@@ -6563,7 +6564,10 @@ cm_tdbush_iface_request(void)
DBUS_TYPE_ARRAY_AS_STRING
DBUS_TYPE_STRING_AS_STRING,
cm_tdbush_method_arg_out,
- NULL))))))))),
+ make_method_arg("not_before",
+ DBUS_TYPE_INT64_AS_STRING,
+ cm_tdbush_method_arg_out,
+ NULL)))))))))),
NULL),
make_interface_item(cm_tdbush_interface_property,
make_property(CM_DBUS_PROP_CERT_ISSUER,
diff --git a/src/tdbusm-check.c b/src/tdbusm-check.c
index 385b1849..31880732 100644
--- a/src/tdbusm-check.c
+++ b/src/tdbusm-check.c
@@ -539,6 +539,38 @@ get_sssnasasasnas(DBusMessage *rep, int msgid)
return ret;
}
static int
+get_sssnasasasnasn(DBusMessage *rep, int msgid)
+{
+ int ret, i;
+ long n1, n2, n3;
+ char *s1, *s2, *s3, **as1, **as2, **as3, **as4;
+
+ ret = cm_tdbusm_get_sssnasasasnasn(rep, NULL,
+ &s1, &s2, &s3, &n1,
+ &as1, &as2, &as3, &n2, &as4, &n3);
+ if (ret == 0) {
+ printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[",
+ msgid, s1, s2, s3, n1);
+ for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) {
+ printf("%ss:%s", i > 0 ? "," : "", as1[i]);
+ }
+ printf("],[");
+ for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) {
+ printf("%ss:%s", i > 0 ? "," : "", as2[i]);
+ }
+ printf("],[");
+ for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) {
+ printf("%ss:%s", i > 0 ? "," : "", as3[i]);
+ }
+ printf("],n:%ld,n:%ld,[", n2, n3);
+ for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) {
+ printf("%ss:%s", i > 0 ? "," : "", as4[i]);
+ }
+ printf("]\n");
+ }
+ return ret;
+}
+static int
get_sasasasnas(DBusMessage *rep, int msgid)
{
int ret, i;
diff --git a/src/tdbusm.c b/src/tdbusm.c
index bc39e1d4..24e03e4c 100644
--- a/src/tdbusm.c
+++ b/src/tdbusm.c
@@ -935,6 +935,105 @@ cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,
return 0;
}
+int
+cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,
+ char **s1, char **s2, char **s3, long *n1,
+ char ***as1, char ***as2, char ***as3,
+ long *n2, char ***as4, long *n3)
+{
+ DBusError err;
+ char **tmp1, **tmp2, **tmp3, **tmp4;
+ int64_t i641, i642, i643;
+ int32_t i321, i322, i323;
+ int16_t i161, i162, i163;
+ int i, j, k, l;
+ *s1 = NULL;
+ *s2 = NULL;
+ *s3 = NULL;
+ *as1 = NULL;
+ *as2 = NULL;
+ *as3 = NULL;
+ *as4 = NULL;
+ dbus_error_init(&err);
+ if (!dbus_message_get_args(msg, &err,
+ DBUS_TYPE_STRING, s1,
+ DBUS_TYPE_STRING, s2,
+ DBUS_TYPE_STRING, s3,
+ DBUS_TYPE_INT64, &i641,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k,
+ DBUS_TYPE_INT64, &i642,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l,
+ DBUS_TYPE_INT64, &i643,
+ DBUS_TYPE_INVALID)) {
+ if (dbus_error_is_set(&err)) {
+ dbus_error_free(&err);
+ dbus_error_init(&err);
+ }
+ if (!dbus_message_get_args(msg, &err,
+ DBUS_TYPE_STRING, s1,
+ DBUS_TYPE_STRING, s2,
+ DBUS_TYPE_STRING, s3,
+ DBUS_TYPE_INT32, &i321,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &tmp1, &i,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &tmp2, &j,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &tmp3, &k,
+ DBUS_TYPE_INT32, &i322,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &tmp4, &l,
+ DBUS_TYPE_INT32, &i323,
+ DBUS_TYPE_INVALID)) {
+ if (dbus_error_is_set(&err)) {
+ dbus_error_free(&err);
+ dbus_error_init(&err);
+ }
+ if (!dbus_message_get_args(msg, &err,
+ DBUS_TYPE_STRING, s1,
+ DBUS_TYPE_STRING, s2,
+ DBUS_TYPE_STRING, s3,
+ DBUS_TYPE_INT16, &i161,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING, &tmp1, &i,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING, &tmp2, &j,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING, &tmp3, &k,
+ DBUS_TYPE_INT16, &i162,
+ DBUS_TYPE_ARRAY,
+ DBUS_TYPE_STRING, &tmp4, &l,
+ DBUS_TYPE_INT16, &i163,
+ DBUS_TYPE_INVALID)) {
+ if (dbus_error_is_set(&err)) {
+ dbus_error_free(&err);
+ dbus_error_init(&err);
+ }
+ return -1;
+ }
+ i321 = i161;
+ i322 = i162;
+ i323 = i163;
+ }
+ i641 = i321;
+ i642 = i322;
+ i643 = i323;
+ }
+ *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL;
+ *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL;
+ *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL;
+ *n1 = i641;
+ *n2 = i642;
+ *n3 = i643;
+ *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i);
+ *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j);
+ *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k);
+ *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l);
+ return 0;
+}
+
int
cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s,
char ***as1, char ***as2, char ***as3,
@@ -1856,6 +1955,57 @@ cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,
}
}
+int
+cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,
+ const char *s1, const char *s2, const char *s3,
+ long n1, const char **as1, const char **as2,
+ const char **as3, long n2, const char **as4,
+ long n3)
+{
+ int64_t i1 = n1, i2 = n2, i3 = n3;
+ if (s1 == NULL) {
+ s1 = empty_string;
+ }
+ if (s2 == NULL) {
+ s2 = empty_string;
+ }
+ if (s3 == NULL) {
+ s3 = empty_string;
+ }
+ if (as1 == NULL) {
+ as1 = empty_string_array;
+ }
+ if (as2 == NULL) {
+ as2 = empty_string_array;
+ }
+ if (as3 == NULL) {
+ as3 = empty_string_array;
+ }
+ if (as4 == NULL) {
+ as4 = empty_string_array;
+ }
+ if (dbus_message_append_args(msg,
+ DBUS_TYPE_STRING, &s1,
+ DBUS_TYPE_STRING, &s2,
+ DBUS_TYPE_STRING, &s3,
+ DBUS_TYPE_INT64, &i1,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &as1, cm_tdbusm_array_length(as1),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &as2, cm_tdbusm_array_length(as2),
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &as3, cm_tdbusm_array_length(as3),
+ DBUS_TYPE_INT64, &i2,
+ DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,
+ &as4, cm_tdbusm_array_length(as4),
+ DBUS_TYPE_INT64, &i3,
+ DBUS_TYPE_INVALID)) {
+ return 0;
+ } else {
+ return -1;
+ }
+}
+
int
cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s,
const char **as1, const char **as2,
diff --git a/src/tdbusm.h b/src/tdbusm.h
index fe021eff..250a9b0a 100644
--- a/src/tdbusm.h
+++ b/src/tdbusm.h
@@ -55,6 +55,10 @@ int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,
char **s1, char **s2, char **s3, long *n1,
char ***as1, char ***as2,
char ***as3, long *n2, char ***as4);
+int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,
+ char **s1, char **s2, char **s3, long *n1,
+ char ***as1, char ***as2,
+ char ***as3, long *n2, char ***as4, long *n3);
int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent,
char **s,
char ***as1, char ***as2,
@@ -124,6 +128,11 @@ int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,
const char *s3, long n1,
const char **as1, const char **as2,
const char **as3, long n2, const char **as4);
+int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,
+ const char *s1, const char *s2,
+ const char *s3, long n1,
+ const char **as1, const char **as2,
+ const char **as3, long n2, const char **as4, long n3);
int cm_tdbusm_set_sasasasnas(DBusMessage *msg,
const char *s,
const char **as1, const char **as2,
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
index ca7de34f..4cecbe15 100644
--- a/tests/028-dbus/expected.out
+++ b/tests/028-dbus/expected.out
@@ -11,6 +11,7 @@ Request ID 'Buddy':
CA: local
issuer: CN=$UUID,CN=Local Signing Authority
subject: CN=localhost
+ issued: sometime
expires: sometime
dns: localhost
principal name: host/localhost@LOCALHOST
@@ -269,6 +270,7 @@ OK
<arg name="principal_names" type="as" direction="out"/>
<arg name="key_usage" type="x" direction="out"/>
<arg name="extended_key_usage" type="as" direction="out"/>
+ <arg name="not_before" type="x" direction="out"/>
</method>
<property name="issuer" type="s" access="read"/>
<property name="serial" type="s" access="read"/>
@@ -430,7 +432,7 @@ Buddy
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]
-(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))
+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently))
[ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]
recently
diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh
index d0be6ad8..a457834f 100755
--- a/tests/028-dbus/run.sh
+++ b/tests/028-dbus/run.sh
@@ -42,5 +42,6 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \
-e '/^-----BEGIN/,/^-----END/d' \
-e "s|$libexecdir|\$libexecdir|g" \
-e "s|$tmpdir|\$tmpdir|g" \
+ -e "s|issued:.*|issued: sometime|g" \
-e "s|expires:.*|expires: sometime|g" \
-e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink