From d18a96bc8d94a645bd443b0b1784c6ba48fe88b3 Mon Sep 17 00:00:00 2001
From: Liang Zhu <liangzhu@icsi.berkeley.edu>
Date: Mon, 6 Jul 2015 16:12:52 -0700
Subject: [PATCH] separated field for ocsp response timestamp and update
 baseline

---
 scripts/base/files/ocsp/main.bro                      | 11 +++++++----
 .../ocsp.log                                          |  6 +++---
 .../ocsp.log                                          |  6 +++---
 .../ocsp.log                                          |  6 +++---
 4 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/scripts/base/files/ocsp/main.bro b/scripts/base/files/ocsp/main.bro
index c5ccd6df7f..62a414d3cf 100644
--- a/scripts/base/files/ocsp/main.bro
+++ b/scripts/base/files/ocsp/main.bro
@@ -41,7 +41,7 @@ export {
 	## one ocsp response record
 	type Info_resp: record {
 		## time for the response
-	        ts:                 time    &log;
+	        ts:                 time;
 		## file id for this response
 		id:                 string  &log;
 		## connection id
@@ -89,6 +89,9 @@ export {
 		## request
 		req:                Info_req      &log  &optional;
 
+		## response timestamp
+		resp_ts:            time          &log  &optional;
+
 		## response
 		resp:               Info_resp     &log  &optional;
 	};
@@ -214,14 +217,14 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
 				{
 				# find a match
 				local req_rec: Info_req = Queue::get(conn$ocsp_requests[cert_id]);
-				Log::write(LOG, [$ts=req_rec$ts, $certId=req_rec$certId, $req=req_rec, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
+				Log::write(LOG, [$ts=req_rec$ts, $certId=req_rec$certId, $req=req_rec, $resp_ts=resp_rec$ts, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
 				if (Queue::len(conn$ocsp_requests[cert_id]) == 0)
 					delete conn$ocsp_requests[cert_id]; #if queue is empty, delete it?
 				}
 			else
 				{
 				# do not find a match; this is weird but log it
-				Log::write(LOG, [$ts=resp_rec$ts, $certId=resp_rec$certId, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
+				Log::write(LOG, [$ts=resp_rec$ts, $certId=resp_rec$certId, $resp_ts=resp_rec$ts, $resp=resp_rec, $cid=conn$id, $cuid=conn$uid]);
 				}
 			}
 		}
@@ -235,7 +238,7 @@ event ocsp_response(f: fa_file, resp_ref: opaque of ocsp_resp, resp: OCSP::Respo
 						   $version        = resp$version,
 						   $responderID    = resp$responderID,
 						   $producedAt     = resp$producedAt];
-		Log::write(LOG, [$ts=resp_rec_empty$ts, $resp=resp_rec_empty, $cid=conn$id, $cuid=conn$uid]);
+		Log::write(LOG, [$ts=resp_rec_empty$ts, $resp_ts=resp_rec_empty$ts, $resp=resp_rec_empty, $cid=conn$id, $cuid=conn$uid]);
 		}
 	}
 
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log
index c9a4964207..3ac21e3f22 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-only/ocsp.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-39-57
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#open	2015-07-06-23-03-35
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.046145	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	FMbJOe2y5n1E7iSVsg	0	-	-	-	-	-	-	-	-	-	-	-
-#close	2015-07-03-00-39-57
+#close	2015-07-06-23-03-35
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log
index feb466e43f..53c2b598d5 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-request-response/ocsp.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-40-58
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#open	2015-07-06-23-05-10
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.046145	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	FMbJOe2y5n1E7iSVsg	0	-	1434666864.070748	Fb215u2y5byABaV747	successful	Basic OCSP Response	0	C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2	20150618220334Z	good	20150618220334Z	20150620100334Z
-#close	2015-07-03-00-40-58
+#close	2015-07-06-23-05-10
diff --git a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log
index 7b86586eb8..4889fdc434 100644
--- a/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log
+++ b/testing/btest/Baseline/scripts.base.protocols.ssl.ocsp-response-only/ocsp.log
@@ -3,8 +3,8 @@
 #empty_field	(empty)
 #unset_field	-
 #path	ocsp
-#open	2015-07-03-00-38-40
-#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp.ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
+#open	2015-07-06-23-05-43
+#fields	ts	cid.orig_h	cid.orig_p	cid.resp_h	cid.resp_p	cuid	certId.hashAlgorithm	certId.issuerNameHash	certId.issuerKeyHash	certId.serialNumber	req.id	req.version	req.requestorName	resp_ts	resp.id	resp.responseStatus	resp.responseType	resp.version	resp.responderID	resp.producedAt	resp.certStatus	resp.thisUpdate	resp.nextUpdate
 #types	time	addr	port	addr	port	string	string	string	string	string	string	count	string	time	string	string	string	count	string	string	string	string	string
 1434666864.070748	192.168.6.109	34334	72.167.18.239	80	CXWv6p3arKYeMETxOg	sha1	B6080D5F6C6B76EB13E438A5F8660BA85233344E	40C2BD278ECC348330A233D7FB6CB3F0B42C80CE	081C862DC8AAC9	-	-	-	1434666864.070748	Fb215u2y5byABaV747	successful	Basic OCSP Response	0	C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2	20150618220334Z	good	20150618220334Z	20150620100334Z
-#close	2015-07-03-00-38-40
+#close	2015-07-06-23-05-43