91 	{"ksk-rollover",	no_argument, NULL, '9'},
92 	{"ksk-status",		required_argument, NULL, '0'},
93 	{"ksk-roll-status",	required_argument, NULL, '0'},
94 	{"ksk-newkey",		required_argument, NULL, '1'},
95 	{"ksk-publish",		required_argument, NULL, '2'},
96 	{"ksk-delkey",		required_argument, NULL, '3'},
97 	{"ksk-roll-phase1",	required_argument, NULL, '1'},
98 	{"ksk-roll-phase2",	required_argument, NULL, '2'},
99 	{"ksk-roll-phase3",	required_argument, NULL, '3'},
100 	{"ksk",			no_argument, NULL, 'k'},
173 		case '9':		/* ksk rollover help */
176 		case '1':		/* ksk rollover: create new key */
177 		case '2':		/* ksk rollover: publish DS */
178 		case '3':		/* ksk rollover: delete old key */
179 		case '0':		/* ksk rollover: show current status */
182 				usage ("ksk rollover requires an domain argument", config);
231 		case 'k':		/* ksk only */
316 	case '1':	/* ksk rollover new key */
317 	case '2':	/* ksk rollover publish DS */
318 	case '3':	/* ksk rollover delete old key */
319 	case '0':	/* ksk rollover status */
366         fprintf (stderr, "('%s -9%s' prints out a brief description)\n", progname, loptstr ("|--ksk-rollover", ""));
368         lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname);
370         lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname);
372         lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname);
374         lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname);
386         fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t"));
425 	/* create a new key always in state published, which means "standby" for ksk */
458 	int	ksk;
464 		fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", ""));
471 		fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", ""));
478 		fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", ""));
483 		fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", ""));
492 		fatal ("ksk rollover: no domain!");
498 		fatal ("ksk rollover: domain %s not found!\n", keyname);
523 	ksk = 0;	/* count active(!) key signing keys */
529 				ksk++;
543 		fprintf (stdout, "\t # of active key signing keys %d\n", ksk);
554 		if ( parent_exist || ksk > 1 )
555 			fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n");
557 		fprintf (stdout, "create new ksk \n");
568 		if ( (dkp = (dki_t *)dki_findalgo (keylist, 1, conf->k_algo, 'a', 1)) == NULL )	/* find the oldest active ksk to create the parent file */
575 		if ( ksk < 2 )
586 		fprintf (stdout, "save new ksk in parent file\n");
587 		dkp = keylist->next;	/* set dkp to new ksk */
592 		if ( !parent_exist || ksk < 2 )
593 			fatal ("ksk-delkey only allowed after ksk-publish\n");
604 		fprintf (stdout, "old ksk renamed \n");
605 		dkp = keylist;	/* set dkp to old ksk */

Indexes created Tue Jul 24 14:28:13 CEST 2018