This changes the last proc_parser function over to not pass the entity to
the function. In this case apart from file we also need to pass the public
key of the TA and the tal identifier.
Change is mechanical and makes all callers work the same way.
--
:wq Claudio
Index: parser.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/parser.c,v
retrieving revision 1.32
diff -u -p -r1.32 parser.c
--- parser.c 4 Jan 2022 18:41:32 -0000 1.32
+++ parser.c 5 Jan 2022 09:49:07 -0000
@@ -246,8 +246,7 @@ proc_parser_mft(char *file, const unsign
* parse failure.
*/
static struct cert *
-proc_parser_cert(char *file, const unsigned char *der,
- size_t len)
+proc_parser_cert(char *file, const unsigned char *der, size_t len)
{
struct cert *cert;
X509 *x509;
@@ -325,8 +324,8 @@ proc_parser_cert(char *file, const unsig
* parse failure.
*/
static struct cert *
-proc_parser_root_cert(const struct entity *entp, const unsigned char *der,
- size_t len)
+proc_parser_root_cert(char *file, const unsigned char *der, size_t len,
+ unsigned char *pkey, size_t pkeysz, int talid)
{
char subject[256];
ASN1_TIME *notBefore, *notAfter;
@@ -334,52 +333,49 @@ proc_parser_root_cert(const struct entit
struct cert *cert;
X509 *x509;
- assert(entp->data != NULL);
-
/* Extract certificate data and X509. */
- cert = ta_parse(&x509, entp->file, der, len, entp->data, entp->datasz);
+ cert = ta_parse(&x509, file, der, len, pkey, pkeysz);
if (cert == NULL)
return NULL;
if ((name = X509_get_subject_name(x509)) == NULL) {
- warnx("%s Unable to get certificate subject", entp->file);
+ warnx("%s Unable to get certificate subject", file);
goto badcert;
}
if (X509_NAME_oneline(name, subject, sizeof(subject)) == NULL) {
- warnx("%s: Unable to parse certificate subject name",
- entp->file);
+ warnx("%s: Unable to parse certificate subject name", file);
goto badcert;
}
if ((notBefore = X509_get_notBefore(x509)) == NULL) {
warnx("%s: certificate has invalid notBefore, subject='%s'",
- entp->file, subject);
+ file, subject);
goto badcert;
}
if ((notAfter = X509_get_notAfter(x509)) == NULL) {
warnx("%s: certificate has invalid notAfter, subject='%s'",
- entp->file, subject);
+ file, subject);
goto badcert;
}
if (X509_cmp_current_time(notBefore) != -1) {
- warnx("%s: certificate not yet valid, subject='%s'", entp->file,
+ warnx("%s: certificate not yet valid, subject='%s'", file,
subject);
goto badcert;
}
if (X509_cmp_current_time(notAfter) != 1) {
- warnx("%s: certificate has expired, subject='%s'", entp->file,
+ warnx("%s: certificate has expired, subject='%s'", file,
subject);
goto badcert;
}
- if (!valid_ta(entp->file, &auths, cert)) {
+ if (!valid_ta(file, &auths, cert)) {
warnx("%s: certificate not a valid ta, subject='%s'",
- entp->file, subject);
+ file, subject);
goto badcert;
}
X509_free(x509);
- cert->talid = entp->talid;
+ cert->talid = talid;
/*
* Add valid roots to the RPKI auth tree.
@@ -589,7 +585,9 @@ parse_entity(struct entityq *q, struct m
break;
case RTYPE_CER:
if (entp->data != NULL)
- cert = proc_parser_root_cert(entp, f, flen);
+ cert = proc_parser_root_cert(entp->file,
+ f, flen, entp->data, entp->datasz,
+ entp->talid);
else
cert = proc_parser_cert(entp->file, f, flen);
c = (cert != NULL);
