From 84d575da7516cae1ee94099317cf0f8fae2c7ea1 Mon Sep 17 00:00:00 2001 From: Rob Crittenden Date: Thu, 8 Apr 2021 14:07:22 -0400 Subject: [PATCH] Display not_before in getcert output Including not_before can help with troubleshooting renewal problems and if time needs to be reversed helping identify the maximum one can go back. https://bugzilla.redhat.com/show_bug.cgi?id=1940261 Signed-off-by: Rob Crittenden --- src/getcert.c | 21 ++++- src/tdbush.c | 10 ++- src/tdbusm-check.c | 32 ++++++++ src/tdbusm.c | 150 ++++++++++++++++++++++++++++++++++++ src/tdbusm.h | 9 +++ tests/028-dbus/expected.out | 4 +- tests/028-dbus/run.sh | 1 + 7 files changed, 220 insertions(+), 7 deletions(-) diff --git a/src/getcert.c b/src/getcert.c index 078f5aa1..4afafcb1 100644 --- a/src/getcert.c +++ b/src/getcert.c @@ -3389,7 +3389,7 @@ list(const char *argv0, int argc, const char **argv) const char *capath, *request; dbus_bool_t b; char *s1, *s2, *s3, *s4, *s5, *s6; - long n1, n2; + long n1, n2, n3; char **as, **as1, **as2, **as3, **as4, **as5, t[25]; int requests_only = 0, tracking_only = 0, verbose = 0, c, i, j; unsigned int k; @@ -3754,10 +3754,10 @@ list(const char *argv0, int argc, const char **argv) /* Information from the certificate. */ rep = query_rep(bus, requests[i], CM_DBUS_REQUEST_INTERFACE, "get_cert_info", verbose); - if (cm_tdbusm_get_sssnasasasnas(rep, globals.tctx, + if (cm_tdbusm_get_sssnasasasnasn(rep, globals.tctx, &s1, &s2, &s3, &n1, &as1, &as2, &as3, - &n2, &as4) != 0) { + &n2, &as4, &n3) != 0) { printf(_("Error parsing server response.\n")); exit(1); } @@ -3768,6 +3768,21 @@ list(const char *argv0, int argc, const char **argv) printf(_("\tissuer: %s\n"), s1); printf(_("\tsubject: %s\n"), s3); when = _("unknown"); + if (n3 != 0) { + if (force_utc) { + when = cm_store_timestamp_from_time_for_display(n3, t); + printf(_("\tissued: %s\n"), when); + } else { + when = cm_store_local_timestamp_from_time_for_display(n3); + if (when != NULL) { + printf(_("\tissued: %s\n"), when); + free(when); + } + } + } else { + printf(_("\tissued: %s\n"), when); + } + when = _("unknown"); if (n1 != 0) { if (force_utc) { when = cm_store_timestamp_from_time_for_display(n1, t); diff --git a/src/tdbush.c b/src/tdbush.c index 3587f84f..6fc1b4be 100644 --- a/src/tdbush.c +++ b/src/tdbush.c @@ -2701,7 +2701,7 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg, rep = dbus_message_new_method_return(msg); if (rep != NULL) { eku = eku_splitv(entry, entry->cm_cert_eku); - cm_tdbusm_set_sssnasasasnas(rep, + cm_tdbusm_set_sssnasasasnasn(rep, entry->cm_cert_issuer, entry->cm_cert_serial, entry->cm_cert_subject, @@ -2710,7 +2710,8 @@ request_get_cert_info(DBusConnection *conn, DBusMessage *msg, (const char **) entry->cm_cert_hostname, (const char **) entry->cm_cert_principal, ku_from_string(entry->cm_cert_ku), - (const char **) eku); + (const char **) eku, + entry->cm_cert_not_before); dbus_connection_send(conn, rep, NULL); dbus_message_unref(rep); talloc_free(eku); @@ -6563,7 +6564,10 @@ cm_tdbush_iface_request(void) DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_STRING_AS_STRING, cm_tdbush_method_arg_out, - NULL))))))))), + make_method_arg("not_before", + DBUS_TYPE_INT64_AS_STRING, + cm_tdbush_method_arg_out, + NULL)))))))))), NULL), make_interface_item(cm_tdbush_interface_property, make_property(CM_DBUS_PROP_CERT_ISSUER, diff --git a/src/tdbusm-check.c b/src/tdbusm-check.c index 385b1849..31880732 100644 --- a/src/tdbusm-check.c +++ b/src/tdbusm-check.c @@ -539,6 +539,38 @@ get_sssnasasasnas(DBusMessage *rep, int msgid) return ret; } static int +get_sssnasasasnasn(DBusMessage *rep, int msgid) +{ + int ret, i; + long n1, n2, n3; + char *s1, *s2, *s3, **as1, **as2, **as3, **as4; + + ret = cm_tdbusm_get_sssnasasasnasn(rep, NULL, + &s1, &s2, &s3, &n1, + &as1, &as2, &as3, &n2, &as4, &n3); + if (ret == 0) { + printf("Message %d - s:%s,s:%s,s:%s," "n:%ld,[", + msgid, s1, s2, s3, n1); + for (i = 0; (as1 != NULL) && (as1[i] != NULL); i++) { + printf("%ss:%s", i > 0 ? "," : "", as1[i]); + } + printf("],["); + for (i = 0; (as2 != NULL) && (as2[i] != NULL); i++) { + printf("%ss:%s", i > 0 ? "," : "", as2[i]); + } + printf("],["); + for (i = 0; (as3 != NULL) && (as3[i] != NULL); i++) { + printf("%ss:%s", i > 0 ? "," : "", as3[i]); + } + printf("],n:%ld,n:%ld,[", n2, n3); + for (i = 0; (as4 != NULL) && (as4[i] != NULL); i++) { + printf("%ss:%s", i > 0 ? "," : "", as4[i]); + } + printf("]\n"); + } + return ret; +} +static int get_sasasasnas(DBusMessage *rep, int msgid) { int ret, i; diff --git a/src/tdbusm.c b/src/tdbusm.c index bc39e1d4..24e03e4c 100644 --- a/src/tdbusm.c +++ b/src/tdbusm.c @@ -935,6 +935,105 @@ cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent, return 0; } +int +cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent, + char **s1, char **s2, char **s3, long *n1, + char ***as1, char ***as2, char ***as3, + long *n2, char ***as4, long *n3) +{ + DBusError err; + char **tmp1, **tmp2, **tmp3, **tmp4; + int64_t i641, i642, i643; + int32_t i321, i322, i323; + int16_t i161, i162, i163; + int i, j, k, l; + *s1 = NULL; + *s2 = NULL; + *s3 = NULL; + *as1 = NULL; + *as2 = NULL; + *as3 = NULL; + *as4 = NULL; + dbus_error_init(&err); + if (!dbus_message_get_args(msg, &err, + DBUS_TYPE_STRING, s1, + DBUS_TYPE_STRING, s2, + DBUS_TYPE_STRING, s3, + DBUS_TYPE_INT64, &i641, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp1, &i, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp2, &j, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp3, &k, + DBUS_TYPE_INT64, &i642, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, &tmp4, &l, + DBUS_TYPE_INT64, &i643, + DBUS_TYPE_INVALID)) { + if (dbus_error_is_set(&err)) { + dbus_error_free(&err); + dbus_error_init(&err); + } + if (!dbus_message_get_args(msg, &err, + DBUS_TYPE_STRING, s1, + DBUS_TYPE_STRING, s2, + DBUS_TYPE_STRING, s3, + DBUS_TYPE_INT32, &i321, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &tmp1, &i, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &tmp2, &j, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &tmp3, &k, + DBUS_TYPE_INT32, &i322, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &tmp4, &l, + DBUS_TYPE_INT32, &i323, + DBUS_TYPE_INVALID)) { + if (dbus_error_is_set(&err)) { + dbus_error_free(&err); + dbus_error_init(&err); + } + if (!dbus_message_get_args(msg, &err, + DBUS_TYPE_STRING, s1, + DBUS_TYPE_STRING, s2, + DBUS_TYPE_STRING, s3, + DBUS_TYPE_INT16, &i161, + DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING, &tmp1, &i, + DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING, &tmp2, &j, + DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING, &tmp3, &k, + DBUS_TYPE_INT16, &i162, + DBUS_TYPE_ARRAY, + DBUS_TYPE_STRING, &tmp4, &l, + DBUS_TYPE_INT16, &i163, + DBUS_TYPE_INVALID)) { + if (dbus_error_is_set(&err)) { + dbus_error_free(&err); + dbus_error_init(&err); + } + return -1; + } + i321 = i161; + i322 = i162; + i323 = i163; + } + i641 = i321; + i642 = i322; + i643 = i323; + } + *s1 = *s1 ? talloc_strdup(parent, *s1) : NULL; + *s2 = *s2 ? talloc_strdup(parent, *s2) : NULL; + *s3 = *s3 ? talloc_strdup(parent, *s3) : NULL; + *n1 = i641; + *n2 = i642; + *n3 = i643; + *as1 = cm_tdbusm_take_dbus_string_array(parent, tmp1, i); + *as2 = cm_tdbusm_take_dbus_string_array(parent, tmp2, j); + *as3 = cm_tdbusm_take_dbus_string_array(parent, tmp3, k); + *as4 = cm_tdbusm_take_dbus_string_array(parent, tmp4, l); + return 0; +} + int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s, char ***as1, char ***as2, char ***as3, @@ -1856,6 +1955,57 @@ cm_tdbusm_set_sssnasasasnas(DBusMessage *msg, } } +int +cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg, + const char *s1, const char *s2, const char *s3, + long n1, const char **as1, const char **as2, + const char **as3, long n2, const char **as4, + long n3) +{ + int64_t i1 = n1, i2 = n2, i3 = n3; + if (s1 == NULL) { + s1 = empty_string; + } + if (s2 == NULL) { + s2 = empty_string; + } + if (s3 == NULL) { + s3 = empty_string; + } + if (as1 == NULL) { + as1 = empty_string_array; + } + if (as2 == NULL) { + as2 = empty_string_array; + } + if (as3 == NULL) { + as3 = empty_string_array; + } + if (as4 == NULL) { + as4 = empty_string_array; + } + if (dbus_message_append_args(msg, + DBUS_TYPE_STRING, &s1, + DBUS_TYPE_STRING, &s2, + DBUS_TYPE_STRING, &s3, + DBUS_TYPE_INT64, &i1, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &as1, cm_tdbusm_array_length(as1), + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &as2, cm_tdbusm_array_length(as2), + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &as3, cm_tdbusm_array_length(as3), + DBUS_TYPE_INT64, &i2, + DBUS_TYPE_ARRAY, DBUS_TYPE_STRING, + &as4, cm_tdbusm_array_length(as4), + DBUS_TYPE_INT64, &i3, + DBUS_TYPE_INVALID)) { + return 0; + } else { + return -1; + } +} + int cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s, const char **as1, const char **as2, diff --git a/src/tdbusm.h b/src/tdbusm.h index fe021eff..250a9b0a 100644 --- a/src/tdbusm.h +++ b/src/tdbusm.h @@ -55,6 +55,10 @@ int cm_tdbusm_get_sssnasasasnas(DBusMessage *msg, void *parent, char **s1, char **s2, char **s3, long *n1, char ***as1, char ***as2, char ***as3, long *n2, char ***as4); +int cm_tdbusm_get_sssnasasasnasn(DBusMessage *msg, void *parent, + char **s1, char **s2, char **s3, long *n1, + char ***as1, char ***as2, + char ***as3, long *n2, char ***as4, long *n3); int cm_tdbusm_get_sasasasnas(DBusMessage *msg, void *parent, char **s, char ***as1, char ***as2, @@ -124,6 +128,11 @@ int cm_tdbusm_set_sssnasasasnas(DBusMessage *msg, const char *s3, long n1, const char **as1, const char **as2, const char **as3, long n2, const char **as4); +int cm_tdbusm_set_sssnasasasnasn(DBusMessage *msg, + const char *s1, const char *s2, + const char *s3, long n1, + const char **as1, const char **as2, + const char **as3, long n2, const char **as4, long n3); int cm_tdbusm_set_sasasasnas(DBusMessage *msg, const char *s, const char **as1, const char **as2, diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out index ca7de34f..4cecbe15 100644 --- a/tests/028-dbus/expected.out +++ b/tests/028-dbus/expected.out @@ -11,6 +11,7 @@ Request ID 'Buddy': CA: local issuer: CN=$UUID,CN=Local Signing Authority subject: CN=localhost + issued: sometime expires: sometime dns: localhost principal name: host/localhost@LOCALHOST @@ -269,6 +270,7 @@ OK + @@ -430,7 +432,7 @@ Buddy [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_info ] -(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s'))) +(dbus.String('CN=$UUID,CN=Local Signing Authority'), dbus.String('$UUID'), dbus.String('CN=localhost'), dbus.Int64(tomorrow), dbus.Array([], signature=dbus.Signature('s')), dbus.Array([dbus.String('localhost')], signature=dbus.Signature('s')), dbus.Array([dbus.String('host/localhost@LOCALHOST')], signature=dbus.Signature('s')), dbus.Int64(9), dbus.Array([dbus.String('1.3.6.1.5.5.7.3.1')], signature=dbus.Signature('s')), dbus.Int64(recently)) [ /org/fedorahosted/certmonger/requests/Request2: org.fedorahosted.certmonger.request.get_cert_last_checked ] recently diff --git a/tests/028-dbus/run.sh b/tests/028-dbus/run.sh index d0be6ad8..a457834f 100755 --- a/tests/028-dbus/run.sh +++ b/tests/028-dbus/run.sh @@ -42,5 +42,6 @@ sed -r -e 's,CN=........-........-........-........,CN=$UUID,g' \ -e '/^-----BEGIN/,/^-----END/d' \ -e "s|$libexecdir|\$libexecdir|g" \ -e "s|$tmpdir|\$tmpdir|g" \ + -e "s|issued:.*|issued: sometime|g" \ -e "s|expires:.*|expires: sometime|g" \ -e "s|'(00)?[0-9a-fA-F]{32}|'"'$UUID|g' \ -- 2.31.1