On Wed, Jan 05, 2022 at 11:45:55AM +0100, Claudio Jeker wrote:
> This changes the last proc_parser function over to not pass the entity to
> the function. In this case apart from file we also need to pass the public
> key of the TA and the tal identifier.
>
> Change is mechanical and makes all callers work the same way.
ok tb
> --
> :wq Claudio
>
> Index: parser.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
> retrieving revision 1.32
> diff -u -p -r1.32 parser.c
> --- parser.c 4 Jan 2022 18:41:32 -0000 1.32
> +++ parser.c 5 Jan 2022 09:49:07 -0000
> @@ -246,8 +246,7 @@ proc_parser_mft(char *file, const unsign
> * parse failure.
> */
> static struct cert *
> -proc_parser_cert(char *file, const unsigned char *der,
> - size_t len)
> +proc_parser_cert(char *file, const unsigned char *der, size_t len)
> {
> struct cert *cert;
> X509 *x509;
> @@ -325,8 +324,8 @@ proc_parser_cert(char *file, const unsig
> * parse failure.
> */
> static struct cert *
> -proc_parser_root_cert(const struct entity *entp, const unsigned char *der,
> - size_t len)
> +proc_parser_root_cert(char *file, const unsigned char *der, size_t len,
> + unsigned char *pkey, size_t pkeysz, int talid)
> {
> char subject[256];
> ASN1_TIME *notBefore, *notAfter;
> @@ -334,52 +333,49 @@ proc_parser_root_cert(const struct entit
> struct cert *cert;
> X509 *x509;
>
> - assert(entp->data != NULL);
> -
> /* Extract certificate data and X509. */
>
> - cert = ta_parse(&x509, entp->file, der, len, entp->data, entp->datasz);
> + cert = ta_parse(&x509, file, der, len, pkey, pkeysz);
> if (cert == NULL)
> return NULL;
>
> if ((name = X509_get_subject_name(x509)) == NULL) {
> - warnx("%s Unable to get certificate subject", entp->file);
> + warnx("%s Unable to get certificate subject", file);
> goto badcert;
> }
> if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) {
> - warnx("%s: Unable to parse certificate subject name",
> - entp->file);
> + warnx("%s: Unable to parse certificate subject name", file);
> goto badcert;
> }
> if ((notBefore = X509_get_notBefore(x509)) == NULL) {
> warnx("%s: certificate has invalid notBefore, subject='%s'",
> - entp->file, subject);
> + file, subject);
> goto badcert;
> }
> if ((notAfter = X509_get_notAfter(x509)) == NULL) {
> warnx("%s: certificate has invalid notAfter, subject='%s'",
> - entp->file, subject);
> + file, subject);
> goto badcert;
> }
> if (X509_cmp_current_time(notBefore) != -1) {
> - warnx("%s: certificate not yet valid, subject='%s'", entp->file,
> + warnx("%s: certificate not yet valid, subject='%s'", file,
> subject);
> goto badcert;
> }
> if (X509_cmp_current_time(notAfter) != 1) {
> - warnx("%s: certificate has expired, subject='%s'", entp->file,
> + warnx("%s: certificate has expired, subject='%s'", file,
> subject);
> goto badcert;
> }
> - if (!valid_ta(entp->file, &auths, cert)) {
> + if (!valid_ta(file, &auths, cert)) {
> warnx("%s: certificate not a valid ta, subject='%s'",
> - entp->file, subject);
> + file, subject);
> goto badcert;
> }
>
> X509_free(x509);
>
> - cert->talid = entp->talid;
> + cert->talid = talid;
>
> /*
> * Add valid roots to the RPKI auth tree.
> @@ -589,7 +585,9 @@ parse_entity(struct entityq *q, struct m
> break;
> case RTYPE_CER:
> if (entp->data != NULL)
> - cert = proc_parser_root_cert(entp, f, flen);
> + cert = proc_parser_root_cert(entp->file,
> + f, flen, entp->data, entp->datasz,
> + entp->talid);
> else
> cert = proc_parser_cert(entp->file, f, flen);
> c = (cert != NULL);
>
