dnssec-revoke.c revision 3523e19da21545ade45394cb64d7462f20b77347
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * Copyright (C) 2009-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * This Source Code Form is subject to the terms of the Mozilla Public
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * License, v. 2.0. If a copy of the MPL was not distributed with this
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * file, You can obtain one at http://mozilla.org/MPL/2.0/.
11efdeb076d65fa9f0c5fc067dc040e7c99dfba6Michael Graff fprintf(stderr, " %s [options] keyfile\n\n", program);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff fprintf(stderr, " -E engine: specify PKCS#11 provider "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " -E engine: specify OpenSSL engine "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff "(default \"pkcs11\")\n");
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff fprintf(stderr, " -E engine: specify OpenSSL engine\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " -K directory: use directory for key files\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " -r: remove old keyfiles after "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff "creating revoked version\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " -v level: set level of verbosity\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " -V: print version information\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff fprintf(stderr, " K<name>+<alg>+<new id>.key, "
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley "K<name>+<alg>+<new id>.private\n");
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * We don't have to copy it here, but do it to
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * simplify cleanup later
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater dir = isc_mem_strdup(mctx, isc_commandline_argument);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater verbose = strtol(isc_commandline_argument, &endp, 0);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater fprintf(stderr, "%s: invalid argument -%c\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater /* FALLTHROUGH */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater /* Does not return. */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater /* Does not return. */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater fprintf(stderr, "%s: unhandled option -%c\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater fatal("The key file name was not specified");
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley result = isc_file_splitpath(mctx, argv[isc_commandline_index],
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater result = dst_lib_init2(mctx, ectx, engine,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater result = dst_key_fromnamedfile(filename, dir,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater fprintf(stdout, "%u\n", dst_key_rid(key));
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff fprintf(stderr, "%s: warning: Key is not flagged "
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff "as a KSK. Revoking a ZSK is "
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews "legal, but undefined.\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater dst_key_settime(key, DST_TIME_REVOKE, now);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff isc_buffer_init(&buf, newname, sizeof(newname));
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater dst_key_format(key, keystr, sizeof(keystr));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater fatal("Failed to write key %s: %s", keystr,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * Remove old key file, if told to (and if
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * it isn't the same as the new file)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater if (removefile && dst_key_alg(key) != DST_ALG_RSAMD5) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater isc_buffer_init(&buf, oldname, sizeof(oldname));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);