Tool to print expiration date of ed25519_signing_cert

src/tools/Makefile.nmake

@@ -1,4 +1,4 @@
-all: tor-resolve.exe tor-gencert.exe
+all: tor-resolve.exe tor-gencert.exe tor-print-ed-signing-cert.exe
 
 CFLAGS = /I ..\win32 /I ..\..\..\build-alpha\include /I ..\common /I ..\or
 
@@ -15,5 +15,8 @@ tor-gencert.exe: tor-gencert.obj
 tor-resolve.exe: tor-resolve.obj
 	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-resolve.obj
 
+tor-print-ed-signing-cert.exe: tor-print-ed-signing-cert.obj
+	$(CC) $(CFLAGS) $(LIBS) ..\common\*.lib tor-print-ed-signing-cert.obj
+
 clean:
 	del *.obj *.lib *.exe

src/tools/include.am

@@ -1,4 +1,4 @@
-bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert
+bin_PROGRAMS+= src/tools/tor-resolve src/tools/tor-gencert src/tools/tor-print-ed-signing-cert
 
 if COVERAGE_ENABLED
 noinst_PROGRAMS+= src/tools/tor-cov-resolve src/tools/tor-cov-gencert
@@ -29,6 +29,15 @@ src_tools_tor_gencert_LDADD = \
 	@TOR_LIB_MATH@ @TOR_ZLIB_LIBS@ @TOR_OPENSSL_LIBS@ \
 	@TOR_LIB_WS32@ @TOR_LIB_IPHLPAPI@ @TOR_LIB_GDI@ @TOR_LIB_USERENV@ @CURVE25519_LIBS@
 
+src_tools_tor_print_ed_signing_cert_SOURCES = src/tools/tor-print-ed-signing-cert.c
+src_tools_tor_print_ed_signing_cert_LDFLAGS = @TOR_LDFLAGS_zlib@ @TOR_LDFLAGS_openssl@
+src_tools_tor_print_ed_signing_cert_LDADD = \
+	src/trunnel/libor-trunnel.a \
+        $(TOR_CRYPTO_LIBS) \
+        $(TOR_UTIL_LIBS) \
+	@TOR_LIB_MATH@ @TOR_OPENSSL_LIBS@ \
+	@TOR_LIB_WS32@ @TOR_LIB_USERENV@
+
 if COVERAGE_ENABLED
 src_tools_tor_cov_gencert_SOURCES = src/tools/tor-gencert.c
 src_tools_tor_cov_gencert_CPPFLAGS = $(AM_CPPFLAGS) $(TEST_CPPFLAGS)

src/tools/tor-print-ed-signing-cert.c

@@ -0,0 +1,65 @@
+/* Copyright (c) 2007-2018, The Tor Project, Inc. */
+/* See LICENSE for licensing information */
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include "ed25519_cert.h"
+#include "lib/crypt_ops/crypto_format.h"
+#include "lib/malloc/util_malloc.h"
+
+int
+main(int argc, char **argv)
+{
+  ed25519_cert_t *cert = NULL;
+
+  if (argc != 2) {
+    fprintf(stderr, "Usage:\n");
+    fprintf(stderr, "%s <path to ed25519_signing_cert file>\n", argv[0]);
+    return -1;
+  }
+
+  const char *filepath = argv[1];
+  char *got_tag = NULL;
+
+  uint8_t certbuf[256];
+  ssize_t cert_body_len = crypto_read_tagged_contents_from_file(
+                 filepath, "ed25519v1-cert",
+                 &got_tag, certbuf, sizeof(certbuf));
+
+  if (cert_body_len <= 0) {
+    fprintf(stderr, "crypto_read_tagged_contents_from_file failed with "
+                    "error: %s\n", strerror(errno));
+    return -2;
+  }
+
+  if (!got_tag) {
+    fprintf(stderr, "Found no tag\n");
+    return -3;
+  }
+
+  if (strcmp(got_tag, "type4") != 0) {
+    fprintf(stderr, "Wrong tag: %s\n", got_tag);
+    return -4;
+  }
+
+  tor_free(got_tag);
+
+  ssize_t parsed = ed25519_cert_parse(&cert, certbuf, cert_body_len);
+  if (parsed <= 0) {
+    fprintf(stderr, "ed25519_cert_parse failed with return value %zd\n",
+            parsed);
+    return -5;
+  }
+
+  time_t expires_at = (time_t)cert->exp_field * 60 * 60;
+
+  printf("Expires at: %s", ctime(&expires_at));
+
+  ed25519_cert_free(cert);
+
+  return 0;
+}
+