bin/dnssec/dnssec-revoke.c

	dnssec-revoke.c revision 3523e19da21545ade45394cb64d7462f20b77347
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff/*
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater * Copyright (C) 2009-2012, 2014-2017  Internet Systems Consortium, Inc. ("ISC")
fcb54ce0a4f7377486df5bec83b3aa4711bf4131Mark Andrews *
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * This Source Code Form is subject to the terms of the Mozilla Public
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * License, v. 2.0. If a copy of the MPL was not distributed with this
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff * file, You can obtain one at http://mozilla.org/MPL/2.0/.
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff */
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews/*! \file */
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#include <config.h>
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#include <stdlib.h>
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews#include <unistd.h>
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff#include <isc/buffer.h>
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff#include <isc/commandline.h>
816496b22114ee7c2c15321c2c6cc4be77fdf822Mark Andrews#include <isc/entropy.h>
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence#include <isc/file.h>
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff#include <isc/hash.h>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include <isc/mem.h>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein#include <isc/print.h>
c803787146cadcb2d7e10cbf4491f3be513dfa1aMichael Graff#include <isc/string.h>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include <isc/util.h>
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include <dns/keyvalues.h>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#include <dns/result.h>
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff#include <dst/dst.h>
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff
058eeac2105c39e7cb31fb75ee0b473717ec3bbcMark Andrews#ifdef PKCS11CRYPTO
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <pk11/result.h>
3024dbecbac365171bc6de0f3fa04951d6558be3Michael Graff#endif
5fca48054b5e791a2fa0c5015bc3b6fef4fcdce1Andreas Gustafsson
f181f94ec8da8b1dbcc6353e8be965ea4a5ea282Michael Graff#include "dnssectool.h"
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrenceconst char *program = "dnssec-revoke";
440be4c866f6935ac069db79a414304507a664c2Michael Graffint verbose;
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
e45d323a2a0f4ca08d4b139546e60a5fa7bd3f0cMichael Graffstatic isc_mem_t    *mctx = NULL;
29f28fe573d4b3b318b3b026d567c1eb86738015Michael Graff
86944a4c8002e80ae9b6eb5a5e29b797879be45fMichael GraffISC_PLATFORM_NORETURN_PRE static void
21e7034ec046105c00a0dab86c83732e2e77ad99Michael Graffusage(void) ISC_PLATFORM_NORETURN_POST;
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graff
e51511aa3281f8dc384eb1283115c7f8d5c402aeMichael Graffstatic void
d1cbf714097e900ed1703529584d3e1a50e8a4a8Brian Wellingtonusage(void) {
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews    fprintf(stderr, "Usage:\n");
11efdeb076d65fa9f0c5fc067dc040e7c99dfba6Michael Graff    fprintf(stderr, "    %s [options] keyfile\n\n", program);
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence    fprintf(stderr, "Version: %s\n", VERSION);
8907d8fa04fdaa65baf0bc6b01230b2ebde93106Mark Andrews#if defined(PKCS11CRYPTO)
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff    fprintf(stderr, "    -E engine:    specify PKCS#11 provider "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff                    "(default: %s)\n", PK11_LIB_LOCATION);
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff#elif defined(USE_PKCS11)
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -E engine:    specify OpenSSL engine "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff                       "(default \"pkcs11\")\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff#else
31fab17bcdbe302592a6c0dc5374ef56333ee879Michael Graff    fprintf(stderr, "    -E engine:    specify OpenSSL engine\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff#endif
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews    fprintf(stderr, "    -f:       force overwrite\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -K directory: use directory for key files\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -h:       help\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -r:       remove old keyfiles after "
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff                       "creating revoked version\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -v level:     set level of verbosity\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "    -V: print version information\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "Output:\n");
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    fprintf(stderr, "     K<name>+<alg>+<new id>.key, "
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley                 "K<name>+<alg>+<new id>.private\n");
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley    exit (-1);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff}
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff
3115cd89bc1e1fd3ecc4705d253e3484a3f5c555Michael Graffint
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austeinmain(int argc, char **argv) {
3115cd89bc1e1fd3ecc4705d253e3484a3f5c555Michael Graff    isc_result_t result;
d947011dc393d9f9988d1349d585b246d19cc3c7Michael Graff#ifdef USE_PKCS11
49a940dc68b30d9e4f9e1bd3c0503d8b90bb1726Mark Andrews    const char *engine = PKCS11_ENGINE;
d947011dc393d9f9988d1349d585b246d19cc3c7Michael Graff#else
3115cd89bc1e1fd3ecc4705d253e3484a3f5c555Michael Graff    const char *engine = NULL;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff#endif
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    char const *filename = NULL;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    char *dir = NULL;
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff    char newname[1024], oldname[1024];
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    char keystr[DST_KEY_FORMATSIZE];
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    char *endp;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    int ch;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    isc_entropy_t *ectx = NULL;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    dst_key_t *key = NULL;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    isc_uint32_t flags;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    isc_buffer_t buf;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    isc_boolean_t force = ISC_FALSE;
3ac63b472022ff92691d1fe69ac715a729671965Michael Graff    isc_boolean_t removefile = ISC_FALSE;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    isc_boolean_t id = ISC_FALSE;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff    if (argc == 1)
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff        usage();
64828244e04e86dfa40f0a4f0c05f27923da499dMichael Graff
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff    result = isc_mem_create(0, 0, &mctx);
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews    if (result != ISC_R_SUCCESS)
213973a334f92d4aef4ef62b4538fc2e4d0e8082Michael Graff        fatal("Out of memory");
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff#ifdef PKCS11CRYPTO
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews    pk11_result_register();
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff#endif
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff    dns_result_register();
fe14eafefa91fada7cea0a55b09196c01477406cBob Halley
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff    isc_commandline_errprint = ISC_FALSE;
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff    while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        switch (ch) {
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff            case 'E':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            engine = isc_commandline_argument;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'f':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            force = ISC_TRUE;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
b239c8294a5653d21876d084e0c5b029f6b9fc5dMichael Graff            case 'K':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            /*
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater             * We don't have to copy it here, but do it to
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater             * simplify cleanup later
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater             */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            dir = isc_mem_strdup(mctx, isc_commandline_argument);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            if (dir == NULL) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                fatal("Failed to allocate memory for "
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                      "directory");
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'r':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            removefile = ISC_TRUE;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'R':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            id = ISC_TRUE;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'v':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            verbose = strtol(isc_commandline_argument, &endp, 0);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            if (*endp != '\0')
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                fatal("-v must be followed by a number");
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            break;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case '?':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            if (isc_commandline_option != '?')
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                fprintf(stderr, "%s: invalid argument -%c\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                    program, isc_commandline_option);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            /* FALLTHROUGH */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'h':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            /* Does not return. */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            usage();
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            case 'V':
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            /* Does not return. */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            version(program);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            default:
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            fprintf(stderr, "%s: unhandled option -%c\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                program, isc_commandline_option);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            exit(1);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (argc < isc_commandline_index + 1 ||
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        argv[isc_commandline_index] == NULL)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        fatal("The key file name was not specified");
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (argc > isc_commandline_index + 1)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        fatal("Extraneous arguments");
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff    if (dir != NULL) {
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley        filename = argv[isc_commandline_index];
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley    } else {
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley        result = isc_file_splitpath(mctx, argv[isc_commandline_index],
8cdfd17426179ae6f629a9b7475d46a22f535047Bob Halley                        &dir, &filename);
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein        if (result != ISC_R_SUCCESS)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff            fatal("cannot process filename %s: %s",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                  argv[isc_commandline_index],
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                  isc_result_totext(result));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        if (strcmp(dir, ".") == 0) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            isc_mem_free(mctx, dir);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            dir = NULL;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (ectx == NULL)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        setup_entropy(mctx, NULL, &ectx);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (result != ISC_R_SUCCESS)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        fatal("Could not initialize hash");
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    result = dst_lib_init2(mctx, ectx, engine,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (result != ISC_R_SUCCESS)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        fatal("Could not initialize dst: %s",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater              isc_result_totext(result));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    isc_entropy_stopcallbacksources(ectx);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    result = dst_key_fromnamedfile(filename, dir,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                       DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff                       mctx, &key);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff    if (result != ISC_R_SUCCESS)
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein        fatal("Invalid keyfile name %s: %s",
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff              filename, isc_result_totext(result));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    if (id) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        fprintf(stdout, "%u\n", dst_key_rid(key));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        goto cleanup;
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater    }
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff    dst_key_format(key, keystr, sizeof(keystr));
bb143613cf26e0f27dfd9caf1a7336065d064b26Michael Graff
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein    if (verbose > 2)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        fprintf(stderr, "%s: %s\n", program, keystr);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff    if (force)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        set_keyversion(key);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff    else
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        check_keyversion(key, keystr);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff    flags = dst_key_flags(key);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff    if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein        isc_stdtime_t now;
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        if ((flags & DNS_KEYFLAG_KSK) == 0)
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff            fprintf(stderr, "%s: warning: Key is not flagged "
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff                    "as a KSK. Revoking a ZSK is "
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews                    "legal, but undefined.\n",
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                    program);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        isc_stdtime_get(&now);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        dst_key_settime(key, DST_TIME_REVOKE, now);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        isc_buffer_init(&buf, newname, sizeof(newname));
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        if (access(newname, F_OK) == 0 && !force) {
57ecc983c0b37ce7dbccf28f44c6bffdfd6491f7Andreas Gustafsson            fatal("Key file %s already exists; "
57ecc983c0b37ce7dbccf28f44c6bffdfd6491f7Andreas Gustafsson                  "use -f to force overwrite", newname);
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff        }
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                    dir);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        if (result != ISC_R_SUCCESS) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            dst_key_format(key, keystr, sizeof(keystr));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            fatal("Failed to write key %s: %s", keystr,
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater                  isc_result_totext(result));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        isc_buffer_clear(&buf);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        dst_key_buildfilename(key, 0, dir, &buf);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        printf("%s\n", newname);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        /*
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater         * Remove old key file, if told to (and if
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater         * it isn't the same as the new file)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater         */
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        if (removefile && dst_key_alg(key) != DST_ALG_RSAMD5) {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            isc_buffer_init(&buf, oldname, sizeof(oldname));
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater            dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff            if (strcmp(oldname, newname) == 0)
66bd3b3c6b171271c705b897823dcdcf29464698Michael Graff                goto cleanup;
11fcc67616fac1bc6a28b3d4fed24641137888e7Michael Graff            (void)unlink(oldname);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff            isc_buffer_clear(&buf);
ad3a5c4b7e21af04d1b872f933c2e19e5c0a135bMichael Graff            dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
d8590892d10fc9528b0dde7e2781935e7b8d7a87Michael Graff            (void)unlink(oldname);
439c0011e642fb1d26011116144af698125262dbMichael Graff        }
439c0011e642fb1d26011116144af698125262dbMichael Graff    } else {
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        dst_key_format(key, keystr, sizeof(keystr));
439c0011e642fb1d26011116144af698125262dbMichael Graff        fatal("Key %s is already revoked", keystr);
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrews    }
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
bcf369e513a1cc2209e2a987f5772afa79813540Mark Andrewscleanup:
439c0011e642fb1d26011116144af698125262dbMichael Graff    dst_key_free(&key);
439c0011e642fb1d26011116144af698125262dbMichael Graff    dst_lib_destroy();
c803787146cadcb2d7e10cbf4491f3be513dfa1aMichael Graff    isc_hash_destroy();
e34efaccfaab4dbbe45edd0a58e2b6e930e5784bMichael Graff    cleanup_entropy(&ectx);
d98c74e2ec5b96bd22aa4ed6d893e8993787493bMichael Graff    if (verbose > 10)
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater        isc_mem_stats(mctx, stdout);
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff    if (dir != NULL)
ff9bb3fc5453bbf310b67c560fbf04a5c0fb60daMichael Graff        isc_mem_free(mctx, dir);
439c0011e642fb1d26011116144af698125262dbMichael Graff    isc_mem_destroy(&mctx);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater
439c0011e642fb1d26011116144af698125262dbMichael Graff    return (0);
f172f06ff2e7609dd7d91914a44b4e24cff8bb7aAutomatic Updater}
dd95acdbce0e2a2775391709cdfca0a9eda7e8f7Mark Andrews