1 files changed, 104 insertions, 0 deletions

diff --git a/examples/ldns-revoke.c b/examples/ldns-revoke.c
new file mode 100644
index 0000000..f46c98f
--- /dev/null
+++ b/examples/ldns-revoke.c
@@ -0,0 +1,104 @@
+/*
+ * revoke sets the revoke bit of a public key.
+ *
+ * (c) NLnet Labs, 2005 - 2008
+ * See the file LICENSE for the license
+ */
+
+#include "config.h"
+
+#include <ldns/ldns.h>
+#ifdef HAVE_SSL
+#include <openssl/ssl.h>
+#endif /* HAVE_SSL */
+
+#include <errno.h>
+
+static void
+usage(FILE *fp, char *prog) {
+	fprintf(fp, "%s [-n] keyfile\n", prog);
+	fprintf(fp, "  Revokes a key\n");
+	fprintf(fp, "Options:\n");
+	fprintf(fp, "  -n: do not write to file but to stdout\n");
+}
+
+int
+main(int argc, char *argv[])
+{
+	FILE *keyfp;
+	char *keyname;
+	ldns_rr *k;
+	uint16_t flags;
+	char *program = argv[0];
+	int nofile = 0;
+	ldns_rdf *origin = NULL;
+	ldns_status result;
+
+	argv++, argc--;
+	while (argc && argv[0][0] == '-') {
+		if (strcmp(argv[0], "-n") == 0) {
+			nofile=1;
+		}
+		else {
+			usage(stderr, program);
+			exit(EXIT_FAILURE);
+		}
+		argv++, argc--;
+	}
+
+	if (argc != 1) {
+		usage(stderr, program);
+		exit(EXIT_FAILURE);
+	}
+	keyname = strdup(argv[0]);
+
+	keyfp = fopen(keyname, "r");
+	if (!keyfp) {
+		fprintf(stderr, "Failed to open public key file %s: %s\n", keyname,
+				strerror(errno));
+		exit(EXIT_FAILURE);
+	}
+
+	result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL);
+	/* what does this while loop do? */
+	while (result == LDNS_STATUS_SYNTAX_ORIGIN) {
+		result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL);
+	}
+	if (result != LDNS_STATUS_OK) {
+		fprintf(stderr, "Could not read public key from file %s: %s\n", keyname, ldns_get_errorstr_by_id(result));
+		exit(EXIT_FAILURE);
+	}
+	fclose(keyfp);
+
+	flags = ldns_read_uint16(ldns_rdf_data(ldns_rr_dnskey_flags(k)));
+	flags |= LDNS_KEY_REVOKE_KEY;
+
+	if (!ldns_rr_dnskey_set_flags(k,
+		ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, flags)))
+	{
+		fprintf(stderr, "Revocation failed\n");
+		exit(EXIT_FAILURE);
+	}
+
+	/* print the public key RR to .key */
+
+	if (nofile)
+		ldns_rr_print(stdout,k);
+	else {
+		keyfp = fopen(keyname, "w");
+		if (!keyfp) {
+			fprintf(stderr, "Unable to open %s: %s\n", keyname,
+				strerror(errno));
+			exit(EXIT_FAILURE);
+		} else {
+			ldns_rr_print(keyfp, k);
+			fclose(keyfp);
+			fprintf(stdout, "DNSKEY revoked\n");
+		}
+	}
+
+	free(keyname);
+	ldns_rr_free(k);
+
+        exit(EXIT_SUCCESS);
+}