1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/*
* revoke sets the revoke bit of a public key.
*
* (c) NLnet Labs, 2005 - 2008
* See the file LICENSE for the license
*/
#include "config.h"
#include <ldns/ldns.h>
#ifdef HAVE_SSL
#include <openssl/ssl.h>
#endif /* HAVE_SSL */
#include <errno.h>
static void
usage(FILE *fp, char *prog) {
fprintf(fp, "%s [-n] keyfile\n", prog);
fprintf(fp, " Revokes a key\n");
fprintf(fp, "Options:\n");
fprintf(fp, " -n: do not write to file but to stdout\n");
}
int
main(int argc, char *argv[])
{
FILE *keyfp;
char *keyname;
ldns_rr *k;
uint16_t flags;
char *program = argv[0];
int nofile = 0;
ldns_rdf *origin = NULL;
ldns_status result;
argv++, argc--;
while (argc && argv[0][0] == '-') {
if (strcmp(argv[0], "-n") == 0) {
nofile=1;
}
else {
usage(stderr, program);
exit(EXIT_FAILURE);
}
argv++, argc--;
}
if (argc != 1) {
usage(stderr, program);
exit(EXIT_FAILURE);
}
keyname = strdup(argv[0]);
keyfp = fopen(keyname, "r");
if (!keyfp) {
fprintf(stderr, "Failed to open public key file %s: %s\n", keyname,
strerror(errno));
exit(EXIT_FAILURE);
}
result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL);
/* what does this while loop do? */
while (result == LDNS_STATUS_SYNTAX_ORIGIN) {
result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL);
}
if (result != LDNS_STATUS_OK) {
fprintf(stderr, "Could not read public key from file %s: %s\n", keyname, ldns_get_errorstr_by_id(result));
exit(EXIT_FAILURE);
}
fclose(keyfp);
flags = ldns_read_uint16(ldns_rdf_data(ldns_rr_dnskey_flags(k)));
flags |= LDNS_KEY_REVOKE_KEY;
if (!ldns_rr_dnskey_set_flags(k,
ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, flags)))
{
fprintf(stderr, "Revocation failed\n");
exit(EXIT_FAILURE);
}
/* print the public key RR to .key */
if (nofile)
ldns_rr_print(stdout,k);
else {
keyfp = fopen(keyname, "w");
if (!keyfp) {
fprintf(stderr, "Unable to open %s: %s\n", keyname,
strerror(errno));
exit(EXIT_FAILURE);
} else {
ldns_rr_print(keyfp, k);
fclose(keyfp);
fprintf(stdout, "DNSKEY revoked\n");
}
}
free(keyname);
ldns_rr_free(k);
exit(EXIT_SUCCESS);
}
|
