Update APNIC TALs

Their "current" TALs are not the ideal ones. Switch to the ones that feature HTTP. Spawned by #133.
NICMx · May 30, 2024 · 780b9f7 · 780b9f7
1 parent 409185e
commit 780b9f7
Showing 1 changed file with 37 additions and 58 deletions.
diff --git a/src/init.c b/src/init.c
@@ -1,62 +1,43 @@
 #include "init.h"
 
-#include "alloc.h"
 #include "config.h"
+#include "data_structure/path_builder.h"
 #include "http/http.h"
 #include "log.h"
 
 static int
-fetch_url(char const *url)
+fetch_url(char const *url, char const *filename)
 {
-	char const *prefix = "https://";
-	char const *dest_dir;
-	char const *dest_file;
-	char *dest;
-	size_t prefix_len;
-	size_t url_len;
-	size_t dest_dir_len;
-	size_t extra_slash;
-	size_t offset;
+	struct path_builder pb;
 	int error;
 
-	prefix_len = strlen(prefix);
-	url_len = strlen(url);
-	dest_dir = config_get_tal();
-	dest_dir_len = strlen(dest_dir);
-
-	if (url_len <= prefix_len ||
-	    strncasecmp(url, prefix, prefix_len) != 0)
-		return pr_op_err("Invalid HTTPS URL: '%s'", url);
-
-	dest_file = strrchr(url, '/') + 1;
-	if (*dest_file == '\0')
-		return pr_op_err("HTTPS URL '%s' must be a file location", url);
-
-	extra_slash = (dest_dir[dest_dir_len - 1] == '/') ? 0 : 1;
-
-	dest = pmalloc(dest_dir_len + extra_slash + strlen(dest_file) + 1);
-
-	offset = 0;
-	strcpy(dest + offset, dest_dir);
-	offset += dest_dir_len;
-	if (extra_slash) {
-		strcpy(dest + offset, "/");
-		offset += extra_slash;
-	}
-	strcpy(dest + offset, dest_file);
-	offset += strlen(dest_file);
-	dest[offset] = '\0';
+	pb_init(&pb);
+	error = pb_append(&pb, config_get_tal());
+	if (error)
+		goto pbfail;
+	error = pb_append(&pb, filename);
+	if (error)
+		goto pbfail;
 
-	error = http_direct_download(url, dest);
-	if (error) {
-		fprintf(stderr, "Couldn't fetch '%s'.\n", dest);
-		free(dest);
-		return error;
-	}
+	error = http_direct_download(url, pb.string);
+	if (error)
+		goto dlfail;
 
-	fprintf(stdout, "Successfully fetched '%s'!\n\n", dest);
-	free(dest);
+	fprintf(stdout, "Successfully fetched '%s'!\n\n", pb.string);
+	pb_cleanup(&pb);
 	return 0;
+
+pbfail:
+	fprintf(stderr, "Cannot determine destination path: %s\n",
+		strerror(abs(error)));
+	pb_cleanup(&pb);
+	return error;
+
+dlfail:
+	fprintf(stderr, "Couldn't fetch '%s': %s\n", pb.string,
+		strerror(abs(error)));
+	pb_cleanup(&pb);
+	return error;
 }
 
 int
@@ -65,53 +46,51 @@ download_tals(void)
 	int error;
 
 	/* https://afrinic.net/resource-certification/tal */
-	error = fetch_url("https://rpki.afrinic.net/tal/afrinic.tal");
+	error = fetch_url("https://rpki.afrinic.net/tal/afrinic.tal", "afrinic.tal");
 	if (error)
 		return error;
 
 	/*
 	 * https://www.apnic.net/community/security/resource-certification/tal-archive/
 	 *
-	 * APNIC is a bit weird. Some thoughts:
+	 * APNIC is weird:
 	 *
 	 * 1. The 6490 and ripe-validator TALs are obsolete, and Fort has never
 	 *    been compatible with them.
 	 * 2. apnic.tal is identical to apnic-rfc7730.tal, and neither of them
 	 *    contain HTTP URLs.
 	 * 3. apnic-rfc7730-https.tal is not actually compliant with RFC 7730;
-	 *    it's an RFC 8630 TAL. However, I'm wondering if there's a reason
-	 *    why they haven't upgraded it to their default TAL.
-	 *
-	 * I'll stick to the rsync-only one until I've tested it more.
+	 *    it's an RFC 8630 TAL. Despite seemingly not being the recommended
+	 *    one, both Routinator and rpki-client are using it.
 	 */
-	error = fetch_url("https://tal.apnic.net/apnic.tal");
+	error = fetch_url("https://tal.apnic.net/tal-archive/apnic-rfc7730-https.tal", "apnic.tal");
 	if (error)
 		return error;
 
 	/* https://www.arin.net/resources/manage/rpki/tal/ */
-	error = fetch_url("https://www.arin.net/resources/manage/rpki/arin.tal");
+	error = fetch_url("https://www.arin.net/resources/manage/rpki/arin.tal", "arin.tal");
 	if (error)
 		return error;
 
 	/* https://www.lacnic.net/4984/2/lacnic/rpki-rpki-trust-anchor */
-	error = fetch_url("https://www.lacnic.net/innovaportal/file/4983/1/lacnic.tal");
+	error = fetch_url("https://www.lacnic.net/innovaportal/file/4983/1/lacnic.tal", "lacnic.tal");
 	if (error)
 		return error;
 
 	/*
 	 * https://www.ripe.net/manage-ips-and-asns/resource-management/rpki/ripe-ncc-rpki-trust-anchor-structure
 	 * I wish they stated why they don't recommend the 8630 TAL.
 	 */
-	return fetch_url("https://tal.rpki.ripe.net/ripe-ncc.tal");
+	return fetch_url("https://tal.rpki.ripe.net/ripe-ncc.tal", "ripe-ncc.tal");
 }
 
 int
 download_tal0s(void)
 {
 	int error;
 
-	error = fetch_url("https://tal.apnic.net/apnic-as0.tal");
+	error = fetch_url("https://tal.apnic.net/tal-archive/apnic-as0-rfc7730-https.tal", "apnic-as0.tal");
 	if (error)
 		return error;
-	return fetch_url("https://www.lacnic.net/innovaportal/file/4983/1/lacnic-as0.tal");
+	return fetch_url("https://www.lacnic.net/innovaportal/file/4983/1/lacnic-as0.tal", "lacnic-as0.tal");
 }