From 84d575da7516cae1ee94099317cf0f8fae2c7ea1 Mon Sep 17 00:00:00 2001

From: Rob Crittenden <rcritten@redhat.com>

Date: Thu, 8 Apr 2021 14:07:22 -0400

Subject: [PATCH] Display not_before in getcert output

Including not_before can help with troubleshooting

renewal problems and if time needs to be reversed

helping identify the maximum one can go back.

https://bugzilla.redhat.com/show_bug.cgi?id=1940261

Signed-off-by: Rob Crittenden <rcritten@redhat.com>

---

 src/getcert.c               |  21 ++++-

 src/tdbush.c                |  10 ++-

 src/tdbusm-check.c          |  32 ++++++++

 src/tdbusm.c                | 150 ++++++++++++++++++++++++++++++++++++

 src/tdbusm.h                |   9 +++

 tests/028-dbus/expected.out |   4 +-

 tests/028-dbus/run.sh       |   1 +

 7 files changed, 220 insertions(+), 7 deletions(-)

diff --git a/src/getcert.c b/src/getcert.c

index 078f5aa1..4afafcb1 100644

--- a/src/getcert.c

+++ b/src/getcert.c

@@ -3389,7 +3389,7 @@ list(const char *argv0, int argc, const char **argv)

 	const char *capath, *request;

 	dbus_bool_t b;

 	char *s1, *s2, *s3, *s4, *s5, *s6;

-	long n1, n2;

+	long n1, n2, n3;

 	char **as, **as1, **as2, **as3, **as4, **as5, t[25];

 	int requests_only = 0, tracking_only = 0, verbose = 0, c, i, j;

 	unsigned int k;

@@ -3754,10 +3754,10 @@ list(const char *argv0, int argc, const char **argv)

 		/* Information from the certificate. */

 		rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE,

 				"get_cert_info", verbose);

-		if (cm_tdbusm_get_sssnasasasnas(rep, globals.tctx,

+		if (cm_tdbusm_get_sssnasasasnasn(rep, globals.tctx,

 						&s1, &s2, &s3, &n1,

 						&as1, &as2, &as3,

-						&n2, &as4) != 0) {

+						&n2, &as4, &n3) != 0) {

 			printf(_("Error parsing server response.\n"));

 			exit(1);

 		}

@@ -3768,6 +3768,21 @@ list(const char *argv0, int argc, const char **argv)

 		printf(_("\tissuer: %s\n"), s1);

 		printf(_("\tsubject: %s\n"), s3);

 		when = _("unknown");

+		if (n3 != 0) {

+			if (force_utc) {

+				when = cm_store_timestamp_from_time_for_display(n3, t);

+				printf(_("\tissued: %s\n"), when);

+			} else {

+				when = cm_store_local_timestamp_from_time_for_display(n3);

+				if (when != NULL) {

+					printf(_("\tissued: %s\n"), when);

+					free(when);

+				}

+			}

+		} else {

+			printf(_("\tissued: %s\n"), when);

+		}

+		when = _("unknown");

 		if (n1 != 0) {

 			if (force_utc) {

 				when = cm_store_timestamp_from_time_for_display(n1, t);

diff --git a/src/tdbush.c b/src/tdbush.c

index 3587f84f..6fc1b4be 100644

--- a/src/tdbush.c

+++ b/src/tdbush.c

@@ -2701,7 +2701,7 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,

 	rep = dbus_message_new_method_return(msg);

 	if (rep != NULL) {

 		eku = eku_splitv(entry, entry->cm_cert_eku);

-		cm_tdbusm_set_sssnasasasnas(rep,

+		cm_tdbusm_set_sssnasasasnasn(rep,

 					    entry->cm_cert_issuer,

 					    entry->cm_cert_serial,

 					    entry->cm_cert_subject,

@@ -2710,7 +2710,8 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg,

 					    (const char **) entry->cm_cert_hostname,

 					    (const char **) entry->cm_cert_principal,

 					    ku_from_string(entry->cm_cert_ku),

-					    (const char **) eku);

+					    (const char **) eku,

+					    entry->cm_cert_not_before);

 		dbus_connection_send(conn, rep, NULL);

 		dbus_message_unref(rep);

 		talloc_free(eku);

@@ -6563,7 +6564,10 @@ cm_tdbush_iface_request(void)

 										     DBUS_TYPE_ARRAY_AS_STRING

 										     DBUS_TYPE_STRING_AS_STRING,

 										     cm_tdbush_method_arg_out,

-										     NULL))))))))),

+								     make_method_arg("not_before",

+										     DBUS_TYPE_INT64_AS_STRING,

+										     cm_tdbush_method_arg_out,

+										     NULL)))))))))),

 								     NULL),

 				     make_interface_item(cm_tdbush_interface_property,

 							 make_property(CM_DBUS_PROP_CERT_ISSUER,

diff --git a/src/tdbusm-check.c b/src/tdbusm-check.c

index 385b1849..31880732 100644

--- a/src/tdbusm-check.c

+++ b/src/tdbusm-check.c

@@ -539,6 +539,38 @@ get_sssnasasasnas(DBusMessage *rep, int msgid)

 	return ret;

 }

 static int

+get_sssnasasasnasn(DBusMessage *rep, int msgid)

+{

+	int ret, i;

+	long n1, n2, n3;

+	char *s1, *s2, *s3, **as1, **as2, **as3, **as4;

+

+	ret = cm_tdbusm_get_sssnasasasnasn(rep, NULL,

+					  &s1, &s2, &s3, &n1,

+					  &as1, &as2, &as3, &n2, &as4, &n3;;

+	if (ret == 0) {

+		printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[",

+		       msgid, s1, s2, s3, n1);

+		for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) {

+			printf("%ss:%s", i > 0 ? "," : "", as1[i]);

+		}

+		printf("],[");

+		for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) {

+			printf("%ss:%s", i > 0 ? "," : "", as2[i]);

+		}

+		printf("],[");

+		for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) {

+			printf("%ss:%s", i > 0 ? "," : "", as3[i]);

+		}

+		printf("],n:%ld,n:%ld,[", n2, n3);

+		for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) {

+			printf("%ss:%s", i > 0 ? "," : "", as4[i]);

+		}

+		printf("]\n");

+	}

+	return ret;

+}

+static int

 get_sasasasnas(DBusMessage *rep, int msgid)

 {

 	int ret, i;

diff --git a/src/tdbusm.c b/src/tdbusm.c

index bc39e1d4..24e03e4c 100644

--- a/src/tdbusm.c

+++ b/src/tdbusm.c

@@ -935,6 +935,105 @@ cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,

 	return 0;

 }

+int

+cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,

+			    char **s1, char **s2, char **s3, long *n1,

+			    char ***as1, char ***as2, char ***as3,

+			    long *n2, char ***as4, long *n3)

+{

+	DBusError err;

+	char **tmp1, **tmp2, **tmp3, **tmp4;

+	int64_t i641, i642, i643;

+	int32_t i321, i322, i323;

+	int16_t i161, i162, i163;

+	int i, j, k, l;

+	*s1 = NULL;

+	*s2 = NULL;

+	*s3 = NULL;

+	*as1 = NULL;

+	*as2 = NULL;

+	*as3 = NULL;

+	*as4 = NULL;

+	dbus_error_init(&err;;

+	if (!dbus_message_get_args(msg, &err,

+				   DBUS_TYPE_STRING, s1,

+				   DBUS_TYPE_STRING, s2,

+				   DBUS_TYPE_STRING, s3,

+				   DBUS_TYPE_INT64, &i641,

+				   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i,

+				   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j,

+				   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k,

+				   DBUS_TYPE_INT64, &i642,

+				   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l,

+				   DBUS_TYPE_INT64, &i643,

+				   DBUS_TYPE_INVALID)) {

+		if (dbus_error_is_set(&err)) {

+			dbus_error_free(&err;;

+			dbus_error_init(&err;;

+		}

+		if (!dbus_message_get_args(msg, &err,

+					   DBUS_TYPE_STRING, s1,

+					   DBUS_TYPE_STRING, s2,

+					   DBUS_TYPE_STRING, s3,

+					   DBUS_TYPE_INT32, &i321,

+					   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+					   &tmp1, &i,

+					   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+					   &tmp2, &j,

+					   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+					   &tmp3, &k,

+					   DBUS_TYPE_INT32, &i322,

+					   DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+					   &tmp4, &l,

+					   DBUS_TYPE_INT32, &i323,

+					   DBUS_TYPE_INVALID)) {

+			if (dbus_error_is_set(&err)) {

+				dbus_error_free(&err;;

+				dbus_error_init(&err;;

+			}

+			if (!dbus_message_get_args(msg, &err,

+						   DBUS_TYPE_STRING, s1,

+						   DBUS_TYPE_STRING, s2,

+						   DBUS_TYPE_STRING, s3,

+						   DBUS_TYPE_INT16, &i161,

+						   DBUS_TYPE_ARRAY,

+						   DBUS_TYPE_STRING, &tmp1, &i,

+						   DBUS_TYPE_ARRAY,

+						   DBUS_TYPE_STRING, &tmp2, &j,

+						   DBUS_TYPE_ARRAY,

+						   DBUS_TYPE_STRING, &tmp3, &k,

+						   DBUS_TYPE_INT16, &i162,

+						   DBUS_TYPE_ARRAY,

+						   DBUS_TYPE_STRING, &tmp4, &l,

+						   DBUS_TYPE_INT16, &i163,

+						   DBUS_TYPE_INVALID)) {

+				if (dbus_error_is_set(&err)) {

+					dbus_error_free(&err;;

+					dbus_error_init(&err;;

+				}

+				return -1;

+			}

+			i321 = i161;

+			i322 = i162;

+			i323 = i163;

+		}

+		i641 = i321;

+		i642 = i322;

+		i643 = i323;

+	}

+	*s1 = *s1 ? talloc_strdup(parent, *s1) : NULL;

+	*s2 = *s2 ? talloc_strdup(parent, *s2) : NULL;

+	*s3 = *s3 ? talloc_strdup(parent, *s3) : NULL;

+	*n1 = i641;

+	*n2 = i642;

+	*n3 = i643;

+	*as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i);

+	*as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j);

+	*as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k);

+	*as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l);

+	return 0;

+}

+

 int

 cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s,

 			 char ***as1, char ***as2, char ***as3,

@@ -1856,6 +1955,57 @@ cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,

 	}

 }

+int

+cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,

+			    const char *s1, const char *s2, const char *s3,

+			    long n1, const char **as1, const char **as2,

+			    const char **as3, long n2, const char **as4,

+			    long n3)

+{

+	int64_t i1 = n1, i2 = n2, i3 = n3;

+	if (s1 == NULL) {

+		s1 = empty_string;

+	}

+	if (s2 == NULL) {

+		s2 = empty_string;

+	}

+	if (s3 == NULL) {

+		s3 = empty_string;

+	}

+	if (as1 == NULL) {

+		as1 = empty_string_array;

+	}

+	if (as2 == NULL) {

+		as2 = empty_string_array;

+	}

+	if (as3 == NULL) {

+		as3 = empty_string_array;

+	}

+	if (as4 == NULL) {

+		as4 = empty_string_array;

+	}

+	if (dbus_message_append_args(msg,

+				     DBUS_TYPE_STRING, &s1,

+				     DBUS_TYPE_STRING, &s2,

+				     DBUS_TYPE_STRING, &s3,

+				     DBUS_TYPE_INT64, &i1,

+				     DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+				     &as1, cm_tdbusm_array_length(as1),

+				     DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+				     &as2, cm_tdbusm_array_length(as2),

+				     DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+				     &as3, cm_tdbusm_array_length(as3),

+				     DBUS_TYPE_INT64, &i2,

+				     DBUS_TYPE_ARRAY, DBUS_TYPE_STRING,

+				     &as4, cm_tdbusm_array_length(as4),

+				     DBUS_TYPE_INT64, &i3,

+				     DBUS_TYPE_INVALID)) {

+		return 0;

+	} else {

+		return -1;

+	}

+}

+

 int

 cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s,

 			 const char **as1, const char **as2,

diff --git a/src/tdbusm.h b/src/tdbusm.h

index fe021eff..250a9b0a 100644

--- a/src/tdbusm.h

+++ b/src/tdbusm.h

@@ -55,6 +55,10 @@ int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent,

 			        char **s1, char **s2, char **s3, long *n1,

 			        char ***as1, char ***as2,

 			        char ***as3, long *n2, char ***as4);

+int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent,

+			        char **s1, char **s2, char **s3, long *n1,

+			        char ***as1, char ***as2,

+			        char ***as3, long *n2, char ***as4, long *n3);

 int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent,

 			     char **s,

 			     char ***as1, char ***as2,

@@ -124,6 +128,11 @@ int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg,

 			        const char *s3, long n1,

 			        const char **as1, const char **as2,

 			        const char **as3, long n2, const char **as4);

+int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg,

+			        const char *s1, const char *s2,

+			        const char *s3, long n1,

+			        const char **as1, const char **as2,

+			        const char **as3, long n2, const char **as4, long n3);

 int cm_tdbusm_set_sasasasnas(DBusMessage *msg,

 			     const char *s,

 			     const char **as1, const char **as2,

diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out

index ca7de34f..4cecbe15 100644

--- a/tests/028-dbus/expected.out

+++ b/tests/028-dbus/expected.out

@@ -11,6 +11,7 @@ Request ID 'Buddy':

 	CA: local

 	issuer: CN=$UUID,CN=Local Signing Authority

 	subject: CN=localhost

+	issued: sometime

 	expires: sometime

 	dns: localhost

 	principal name: host/localhost@LOCALHOST

@@ -269,6 +270,7 @@ OK

    <arg name="principal_names" type="as" direction="out"/>

    <arg name="key_usage" type="x" direction="out"/>

    <arg name="extended_key_usage" type="as" direction="out"/>

+   <arg name="not_before" type="x" direction="out"/>

   </method>

   <property name="issuer" type="s" access="read"/>

   <property name="serial" type="s" access="read"/>

@@ -430,7 +432,7 @@ Buddy

 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ]

-(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')))

+(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently))

 [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ]

 recently

diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh

index d0be6ad8..a457834f 100755

--- a/tests/028-dbus/run.sh

+++ b/tests/028-dbus/run.sh

@@ -42,5 +42,6 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \

        -e '/^-----BEGIN/,/^-----END/d' \

        -e "s|$libexecdir|\$libexecdir|g" \

        -e "s|$tmpdir|\$tmpdir|g" \

+       -e "s|issued:.*|issued: sometime|g" \

        -e "s|expires:.*|expires: sometime|g" \

        -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \

-- 

2.31.1