Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_15_...
[ipreg/bind9.git] / bin / dnssec / dnssec-settime.c
CommitLineData
553ead32 1/*
843d3896 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
553ead32 3 *
0c27b3fe
MA
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
843d3896
OS
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
553ead32
EH
10 */
11
553ead32
EH
12/*! \file */
13
cb6a185c 14#include <inttypes.h>
994e6569 15#include <stdbool.h>
553ead32
EH
16#include <stdlib.h>
17#include <unistd.h>
9edd523c 18#include <errno.h>
553ead32
EH
19#include <time.h>
20
21#include <isc/buffer.h>
22#include <isc/commandline.h>
747abb49 23#include <isc/file.h>
553ead32
EH
24#include <isc/hash.h>
25#include <isc/mem.h>
26#include <isc/print.h>
27#include <isc/string.h>
28#include <isc/util.h>
29
30#include <dns/keyvalues.h>
31#include <dns/result.h>
c514f38c 32#include <dns/log.h>
553ead32
EH
33
34#include <dst/dst.h>
35
c3b8130f 36#if USE_PKCS11
acbb301e
EH
37#include <pk11/result.h>
38#endif
39
553ead32
EH
40#include "dnssectool.h"
41
42const char *program = "dnssec-settime";
553ead32
EH
43
44static isc_mem_t *mctx = NULL;
45
debd489a
FD
46ISC_PLATFORM_NORETURN_PRE static void
47usage(void) ISC_PLATFORM_NORETURN_POST;
48
553ead32
EH
49static void
50usage(void) {
51 fprintf(stderr, "Usage:\n");
52 fprintf(stderr, " %s [options] keyfile\n\n", program);
53 fprintf(stderr, "Version: %s\n", VERSION);
eab9975b 54 fprintf(stderr, "General options:\n");
c3b8130f 55#if USE_PKCS11
ba751492
EH
56 fprintf(stderr, " -E engine: specify PKCS#11 provider "
57 "(default: %s)\n", PK11_LIB_LOCATION);
58#elif defined(USE_PKCS11)
b1fbf2a4 59 fprintf(stderr, " -E engine: specify OpenSSL engine "
ba751492 60 "(default \"pkcs11\")\n");
8b78c993 61#else
b1fbf2a4 62 fprintf(stderr, " -E engine: specify OpenSSL engine\n");
8b78c993 63#endif
553ead32
EH
64 fprintf(stderr, " -f: force update of old-style "
65 "keys\n");
66 fprintf(stderr, " -K directory: set key file location\n");
61bcc232 67 fprintf(stderr, " -L ttl: set default key TTL\n");
eab9975b 68 fprintf(stderr, " -v level: set level of verbosity\n");
42782931 69 fprintf(stderr, " -V: print version information\n");
eab9975b 70 fprintf(stderr, " -h: help\n");
553ead32 71 fprintf(stderr, "Timing options:\n");
eab9975b
EH
72 fprintf(stderr, " -P date/[+-]offset/none: set/unset key "
73 "publication date\n");
e939674d
MA
74 fprintf(stderr, " -P sync date/[+-]offset/none: set/unset "
75 "CDS and CDNSKEY publication date\n");
8ebf67b7 76 fprintf(stderr, " -A date/[+-]offset/none: set/unset key "
eab9975b 77 "activation date\n");
8ebf67b7 78 fprintf(stderr, " -R date/[+-]offset/none: set/unset key "
eab9975b 79 "revocation date\n");
8ebf67b7 80 fprintf(stderr, " -I date/[+-]offset/none: set/unset key "
b843f577 81 "inactivation date\n");
8ebf67b7 82 fprintf(stderr, " -D date/[+-]offset/none: set/unset key "
eab9975b 83 "deletion date\n");
e939674d
MA
84 fprintf(stderr, " -D sync date/[+-]offset/none: set/unset "
85 "CDS and CDNSKEY deletion date\n");
5201b96d
MK
86 fprintf(stderr, " -S <key>: generate a successor to an existing "
87 "key\n");
88 fprintf(stderr, " -i <interval>: prepublication interval for "
89 "successor key "
90 "(default: 30 days)\n");
eab9975b 91 fprintf(stderr, "Printing options:\n");
e939674d
MA
92 fprintf(stderr, " -p C/P/Psync/A/R/I/D/Dsync/all: print a "
93 "particular time value or values\n");
eab9975b
EH
94 fprintf(stderr, " -u: print times in unix epoch "
95 "format\n");
553ead32
EH
96 fprintf(stderr, "Output:\n");
97 fprintf(stderr, " K<name>+<alg>+<new id>.key, "
98 "K<name>+<alg>+<new id>.private\n");
99
100 exit (-1);
101}
102
103static void
994e6569 104printtime(dst_key_t *key, int type, const char *tag, bool epoch,
eab9975b
EH
105 FILE *stream)
106{
553ead32 107 isc_result_t result;
eab9975b
EH
108 const char *output = NULL;
109 isc_stdtime_t when;
553ead32 110
eab9975b
EH
111 if (tag != NULL)
112 fprintf(stream, "%s: ", tag);
553ead32 113
eab9975b
EH
114 result = dst_key_gettime(key, type, &when);
115 if (result == ISC_R_NOTFOUND) {
116 fprintf(stream, "UNSET\n");
117 } else if (epoch) {
118 fprintf(stream, "%d\n", (int) when);
119 } else {
af669cb4
MA
120 time_t timet = when;
121 output = ctime(&timet);
eab9975b
EH
122 fprintf(stream, "%s", output);
123 }
553ead32
EH
124}
125
126int
127main(int argc, char **argv) {
c6f4972c 128 isc_result_t result;
c6f4972c 129 const char *engine = NULL;
5b1c7ef3
MA
130 const char *filename = NULL;
131 char *directory = NULL;
c6f4972c
MA
132 char newname[1024];
133 char keystr[DST_KEY_FORMATSIZE];
134 char *endp, *p;
135 int ch;
c6f4972c
MA
136 const char *predecessor = NULL;
137 dst_key_t *prevkey = NULL;
138 dst_key_t *key = NULL;
139 isc_buffer_t buf;
140 dns_name_t *name = NULL;
141 dns_secalg_t alg = 0;
142 unsigned int size = 0;
cb6a185c 143 uint16_t flags = 0;
c6f4972c 144 int prepub = -1;
61bcc232 145 dns_ttl_t ttl = 0;
eab9975b 146 isc_stdtime_t now;
b843f577 147 isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
c8803902 148 isc_stdtime_t prevact = 0, previnact = 0, prevdel = 0;
994e6569
OS
149 bool setpub = false, setact = false;
150 bool setrev = false, setinact = false;
151 bool setdel = false, setttl = false;
152 bool unsetpub = false, unsetact = false;
153 bool unsetrev = false, unsetinact = false;
154 bool unsetdel = false;
155 bool printcreate = false, printpub = false;
156 bool printact = false, printrev = false;
157 bool printinact = false, printdel = false;
158 bool force = false;
159 bool epoch = false;
160 bool changed = false;
c514f38c 161 isc_log_t *log = NULL;
e939674d 162 isc_stdtime_t syncadd = 0, syncdel = 0;
994e6569
OS
163 bool unsetsyncadd = false, setsyncadd = false;
164 bool unsetsyncdel = false, setsyncdel = false;
165 bool printsyncadd = false, printsyncdel = false;
553ead32
EH
166
167 if (argc == 1)
168 usage();
169
170 result = isc_mem_create(0, 0, &mctx);
171 if (result != ISC_R_SUCCESS)
172 fatal("Out of memory");
173
11463c0a 174 setup_logging(mctx, &log);
c514f38c 175
c3b8130f 176#if USE_PKCS11
acbb301e
EH
177 pk11_result_register();
178#endif
553ead32
EH
179 dns_result_register();
180
994e6569 181 isc_commandline_errprint = false;
553ead32
EH
182
183 isc_stdtime_get(&now);
184
42782931 185#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:V"
c6f4972c 186 while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
553ead32 187 switch (ch) {
8b78c993
FD
188 case 'E':
189 engine = isc_commandline_argument;
190 break;
2847ddea 191 case 'f':
994e6569 192 force = true;
553ead32 193 break;
eab9975b
EH
194 case 'p':
195 p = isc_commandline_argument;
196 if (!strcasecmp(p, "all")) {
994e6569
OS
197 printcreate = true;
198 printpub = true;
199 printact = true;
200 printrev = true;
201 printinact = true;
202 printdel = true;
203 printsyncadd = true;
204 printsyncdel = true;
eab9975b
EH
205 break;
206 }
207
208 do {
209 switch (*p++) {
210 case 'C':
994e6569 211 printcreate = true;
eab9975b
EH
212 break;
213 case 'P':
f8432e3f
MA
214 if (!strncmp(p, "sync", 4)) {
215 p += 4;
994e6569 216 printsyncadd = true;
e939674d
MA
217 break;
218 }
994e6569 219 printpub = true;
eab9975b
EH
220 break;
221 case 'A':
994e6569 222 printact = true;
eab9975b
EH
223 break;
224 case 'R':
994e6569 225 printrev = true;
eab9975b 226 break;
b843f577 227 case 'I':
994e6569 228 printinact = true;
eab9975b
EH
229 break;
230 case 'D':
f8432e3f
MA
231 if (!strncmp(p, "sync", 4)) {
232 p += 4;
994e6569 233 printsyncdel = true;
e939674d
MA
234 break;
235 }
994e6569 236 printdel = true;
eab9975b
EH
237 break;
238 case ' ':
239 break;
240 default:
241 usage();
242 break;
243 }
244 } while (*p != '\0');
245 break;
246 case 'u':
994e6569 247 epoch = true;
eab9975b 248 break;
2847ddea
TJ
249 case 'K':
250 /*
251 * We don't have to copy it here, but do it to
252 * simplify cleanup later
253 */
254 directory = isc_mem_strdup(mctx,
255 isc_commandline_argument);
256 if (directory == NULL) {
8d0a1ede 257 fatal("Failed to allocate memory for "
2847ddea
TJ
258 "directory");
259 }
553ead32 260 break;
61bcc232 261 case 'L':
a165a17a 262 ttl = strtottl(isc_commandline_argument);
994e6569 263 setttl = true;
61bcc232 264 break;
2847ddea 265 case 'v':
553ead32
EH
266 verbose = strtol(isc_commandline_argument, &endp, 0);
267 if (*endp != '\0')
268 fatal("-v must be followed by a number");
269 break;
2847ddea 270 case 'P':
e939674d
MA
271 /* -Psync ? */
272 if (isoptarg("sync", argv, usage)) {
273 if (unsetsyncadd || setsyncadd)
274 fatal("-P sync specified more than "
275 "once");
276
994e6569 277 changed = true;
e939674d
MA
278 syncadd = strtotime(isc_commandline_argument,
279 now, now, &setsyncadd);
280 unsetsyncadd = !setsyncadd;
281 break;
282 }
283 (void)isoptarg("dnskey", argv, usage);
d7201de0
AU
284 if (setpub || unsetpub)
285 fatal("-P specified more than once");
eab9975b 286
994e6569 287 changed = true;
a165a17a
EH
288 pub = strtotime(isc_commandline_argument,
289 now, now, &setpub);
290 unsetpub = !setpub;
553ead32 291 break;
2847ddea 292 case 'A':
d7201de0
AU
293 if (setact || unsetact)
294 fatal("-A specified more than once");
eab9975b 295
994e6569 296 changed = true;
a165a17a
EH
297 act = strtotime(isc_commandline_argument,
298 now, now, &setact);
299 unsetact = !setact;
553ead32 300 break;
2847ddea 301 case 'R':
d7201de0
AU
302 if (setrev || unsetrev)
303 fatal("-R specified more than once");
eab9975b 304
994e6569 305 changed = true;
a165a17a
EH
306 rev = strtotime(isc_commandline_argument,
307 now, now, &setrev);
308 unsetrev = !setrev;
553ead32 309 break;
b843f577
EH
310 case 'I':
311 if (setinact || unsetinact)
312 fatal("-I specified more than once");
eab9975b 313
994e6569 314 changed = true;
a165a17a
EH
315 inact = strtotime(isc_commandline_argument,
316 now, now, &setinact);
317 unsetinact = !setinact;
553ead32 318 break;
2847ddea 319 case 'D':
e939674d
MA
320 /* -Dsync ? */
321 if (isoptarg("sync", argv, usage)) {
322 if (unsetsyncdel || setsyncdel)
323 fatal("-D sync specified more than "
324 "once");
325
994e6569 326 changed = true;
e939674d
MA
327 syncdel = strtotime(isc_commandline_argument,
328 now, now, &setsyncdel);
329 unsetsyncdel = !setsyncdel;
330 break;
331 }
332 /* -Ddnskey ? */
333 (void)isoptarg("dnskey", argv, usage);
d7201de0
AU
334 if (setdel || unsetdel)
335 fatal("-D specified more than once");
eab9975b 336
994e6569 337 changed = true;
a165a17a
EH
338 del = strtotime(isc_commandline_argument,
339 now, now, &setdel);
340 unsetdel = !setdel;
553ead32 341 break;
c6f4972c
MA
342 case 'S':
343 predecessor = isc_commandline_argument;
344 break;
345 case 'i':
346 prepub = strtottl(isc_commandline_argument);
347 break;
2847ddea 348 case '?':
553ead32
EH
349 if (isc_commandline_option != '?')
350 fprintf(stderr, "%s: invalid argument -%c\n",
351 program, isc_commandline_option);
cdacec1d 352 /* FALLTHROUGH */
2847ddea 353 case 'h':
42782931 354 /* Does not return. */
553ead32
EH
355 usage();
356
42782931
MS
357 case 'V':
358 /* Does not return. */
359 version(program);
360
2847ddea 361 default:
553ead32
EH
362 fprintf(stderr, "%s: unhandled option -%c\n",
363 program, isc_commandline_option);
364 exit(1);
365 }
366 }
367
368 if (argc < isc_commandline_index + 1 ||
369 argv[isc_commandline_index] == NULL)
370 fatal("The key file name was not specified");
371 if (argc > isc_commandline_index + 1)
372 fatal("Extraneous arguments");
373
3a4f820d 374 result = dst_lib_init(mctx, engine);
553ead32 375 if (result != ISC_R_SUCCESS)
8b78c993
FD
376 fatal("Could not initialize dst: %s",
377 isc_result_totext(result));
553ead32 378
c6f4972c 379 if (predecessor != NULL) {
c6f4972c
MA
380 int major, minor;
381
382 if (prepub == -1)
383 prepub = (30 * 86400);
384
385 if (setpub || unsetpub)
386 fatal("-S and -P cannot be used together");
387 if (setact || unsetact)
388 fatal("-S and -A cannot be used together");
389
390 result = dst_key_fromnamedfile(predecessor, directory,
f428e385 391 DST_TYPE_PUBLIC |
c6f4972c
MA
392 DST_TYPE_PRIVATE,
393 mctx, &prevkey);
394 if (result != ISC_R_SUCCESS)
395 fatal("Invalid keyfile %s: %s",
396 filename, isc_result_totext(result));
0c91911b 397 if (!dst_key_isprivate(prevkey) && !dst_key_isexternal(prevkey))
c6f4972c
MA
398 fatal("%s is not a private key", filename);
399
400 name = dst_key_name(prevkey);
401 alg = dst_key_alg(prevkey);
402 size = dst_key_size(prevkey);
403 flags = dst_key_flags(prevkey);
404
405 dst_key_format(prevkey, keystr, sizeof(keystr));
406 dst_key_getprivateformat(prevkey, &major, &minor);
407 if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
408 fatal("Predecessor has incompatible format "
409 "version %d.%d\n\t", major, minor);
410
c8803902 411 result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
c6f4972c
MA
412 if (result != ISC_R_SUCCESS)
413 fatal("Predecessor has no activation date. "
414 "You must set one before\n\t"
415 "generating a successor.");
416
c8803902
CB
417 result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
418 &previnact);
c6f4972c
MA
419 if (result != ISC_R_SUCCESS)
420 fatal("Predecessor has no inactivation date. "
421 "You must set one before\n\t"
422 "generating a successor.");
5ac5300f 423
5201b96d
MK
424 pub = previnact - prepub;
425 act = previnact;
426
427 if ((previnact - prepub) < now && prepub != 0)
428 fatal("Time until predecessor inactivation is\n\t"
429 "shorter than the prepublication interval. "
430 "Either change\n\t"
431 "predecessor inactivation date, or use the -i "
432 "option to set\n\t"
433 "a shorter prepublication interval.");
c6f4972c 434
c8803902 435 result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
c6f4972c 436 if (result != ISC_R_SUCCESS)
c8803902 437 fprintf(stderr, "%s: warning: Predecessor has no "
c6f4972c
MA
438 "removal date;\n\t"
439 "it will remain in the zone "
440 "indefinitely after rollover.\n",
441 program);
c8803902
CB
442 else if (prevdel < previnact)
443 fprintf(stderr, "%s: warning: Predecessor is "
444 "scheduled to be deleted\n\t"
445 "before it is scheduled to be "
446 "inactive.\n", program);
c6f4972c 447
994e6569 448 changed = setpub = setact = true;
c6f4972c
MA
449 } else {
450 if (prepub < 0)
451 prepub = 0;
452
453 if (prepub > 0) {
454 if (setpub && setact && (act - prepub) < pub)
455 fatal("Activation and publication dates "
456 "are closer together than the\n\t"
457 "prepublication interval.");
458
459 if (setpub && !setact) {
994e6569 460 setact = true;
c6f4972c
MA
461 act = pub + prepub;
462 } else if (setact && !setpub) {
994e6569 463 setpub = true;
c6f4972c
MA
464 pub = act - prepub;
465 }
466
467 if ((act - prepub) < now)
468 fatal("Time until activation is shorter "
469 "than the\n\tprepublication interval.");
470 }
471 }
472
473 if (directory != NULL) {
474 filename = argv[isc_commandline_index];
475 } else {
476 result = isc_file_splitpath(mctx, argv[isc_commandline_index],
477 &directory, &filename);
478 if (result != ISC_R_SUCCESS)
479 fatal("cannot process filename %s: %s",
480 argv[isc_commandline_index],
481 isc_result_totext(result));
482 }
483
553ead32
EH
484 result = dst_key_fromnamedfile(filename, directory,
485 DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
486 mctx, &key);
487 if (result != ISC_R_SUCCESS)
488 fatal("Invalid keyfile %s: %s",
489 filename, isc_result_totext(result));
490
0c91911b 491 if (!dst_key_isprivate(key) && !dst_key_isexternal(key))
553ead32
EH
492 fatal("%s is not a private key", filename);
493
77b8f88f 494 dst_key_format(key, keystr, sizeof(keystr));
553ead32 495
c6f4972c
MA
496 if (predecessor != NULL) {
497 if (!dns_name_equal(name, dst_key_name(key)))
498 fatal("Key name mismatch");
499 if (alg != dst_key_alg(key))
500 fatal("Key algorithm mismatch");
501 if (size != dst_key_size(key))
502 fatal("Key size mismatch");
503 if (flags != dst_key_flags(key))
504 fatal("Key flags mismatch");
505 }
506
c8803902
CB
507 prevdel = previnact = 0;
508 if ((setdel && setinact && del < inact) ||
509 (dst_key_gettime(key, DST_TIME_INACTIVE,
510 &previnact) == ISC_R_SUCCESS &&
f6096b95 511 setdel && !setinact && !unsetinact && del < previnact) ||
c8803902
CB
512 (dst_key_gettime(key, DST_TIME_DELETE,
513 &prevdel) == ISC_R_SUCCESS &&
f6096b95
EH
514 setinact && !setdel && !unsetdel && prevdel < inact) ||
515 (!setdel && !unsetdel && !setinact && !unsetinact &&
33036556 516 prevdel != 0 && prevdel < previnact))
c8803902
CB
517 fprintf(stderr, "%s: warning: Key is scheduled to "
518 "be deleted before it is\n\t"
519 "scheduled to be inactive.\n",
520 program);
521
c0214996
EH
522 if (force)
523 set_keyversion(key);
524 else
525 check_keyversion(key, keystr);
553ead32
EH
526
527 if (verbose > 2)
528 fprintf(stderr, "%s: %s\n", program, keystr);
529
eab9975b
EH
530 /*
531 * Set time values.
532 */
533 if (setpub)
534 dst_key_settime(key, DST_TIME_PUBLISH, pub);
535 else if (unsetpub)
536 dst_key_unsettime(key, DST_TIME_PUBLISH);
537
538 if (setact)
539 dst_key_settime(key, DST_TIME_ACTIVATE, act);
540 else if (unsetact)
541 dst_key_unsettime(key, DST_TIME_ACTIVATE);
542
543 if (setrev) {
b843f577 544 if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
d7201de0 545 fprintf(stderr, "%s: warning: Key %s is already "
eab9975b
EH
546 "revoked; changing the revocation date "
547 "will not affect this.\n",
548 program, keystr);
53c22b8e
EH
549 if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0)
550 fprintf(stderr, "%s: warning: Key %s is not flagged as "
551 "a KSK, but -R was used. Revoking a "
552 "ZSK is legal, but undefined.\n",
553 program, keystr);
eab9975b
EH
554 dst_key_settime(key, DST_TIME_REVOKE, rev);
555 } else if (unsetrev) {
d7201de0
AU
556 if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
557 fprintf(stderr, "%s: warning: Key %s is already "
eab9975b
EH
558 "revoked; removing the revocation date "
559 "will not affect this.\n",
560 program, keystr);
561 dst_key_unsettime(key, DST_TIME_REVOKE);
d7201de0 562 }
eab9975b 563
b843f577
EH
564 if (setinact)
565 dst_key_settime(key, DST_TIME_INACTIVE, inact);
566 else if (unsetinact)
567 dst_key_unsettime(key, DST_TIME_INACTIVE);
eab9975b
EH
568
569 if (setdel)
570 dst_key_settime(key, DST_TIME_DELETE, del);
571 else if (unsetdel)
572 dst_key_unsettime(key, DST_TIME_DELETE);
573
e939674d
MA
574 if (setsyncadd)
575 dst_key_settime(key, DST_TIME_SYNCPUBLISH, syncadd);
576 else if (unsetsyncadd)
577 dst_key_unsettime(key, DST_TIME_SYNCPUBLISH);
578
579 if (setsyncdel)
580 dst_key_settime(key, DST_TIME_SYNCDELETE, syncdel);
581 else if (unsetsyncdel)
582 dst_key_unsettime(key, DST_TIME_SYNCDELETE);
583
61bcc232
EH
584 if (setttl)
585 dst_key_setttl(key, ttl);
586
10a759ce
EH
587 /*
588 * No metadata changes were made but we're forcing an upgrade
589 * to the new format anyway: use "-P now -A now" as the default
590 */
591 if (force && !changed) {
592 dst_key_settime(key, DST_TIME_PUBLISH, now);
593 dst_key_settime(key, DST_TIME_ACTIVATE, now);
994e6569 594 changed = true;
10a759ce
EH
595 }
596
597 if (!changed && setttl)
994e6569 598 changed = true;
10a759ce 599
eab9975b
EH
600 /*
601 * Print out time values, if -p was used.
602 */
603 if (printcreate)
604 printtime(key, DST_TIME_CREATED, "Created", epoch, stdout);
605
606 if (printpub)
607 printtime(key, DST_TIME_PUBLISH, "Publish", epoch, stdout);
608
609 if (printact)
610 printtime(key, DST_TIME_ACTIVATE, "Activate", epoch, stdout);
611
612 if (printrev)
613 printtime(key, DST_TIME_REVOKE, "Revoke", epoch, stdout);
614
b843f577
EH
615 if (printinact)
616 printtime(key, DST_TIME_INACTIVE, "Inactive", epoch, stdout);
eab9975b
EH
617
618 if (printdel)
619 printtime(key, DST_TIME_DELETE, "Delete", epoch, stdout);
620
e939674d
MA
621 if (printsyncadd)
622 printtime(key, DST_TIME_SYNCPUBLISH, "SYNC Publish",
623 epoch, stdout);
624
625 if (printsyncdel)
626 printtime(key, DST_TIME_SYNCDELETE, "SYNC Delete",
627 epoch, stdout);
628
eab9975b 629 if (changed) {
553ead32 630 isc_buffer_init(&buf, newname, sizeof(newname));
2847ddea
TJ
631 result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory,
632 &buf);
633 if (result != ISC_R_SUCCESS) {
634 fatal("Failed to build public key filename: %s",
635 isc_result_totext(result));
636 }
553ead32
EH
637
638 result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
639 directory);
640 if (result != ISC_R_SUCCESS) {
77b8f88f 641 dst_key_format(key, keystr, sizeof(keystr));
553ead32
EH
642 fatal("Failed to write key %s: %s", keystr,
643 isc_result_totext(result));
644 }
645
646 printf("%s\n", newname);
647
648 isc_buffer_clear(&buf);
2847ddea
TJ
649 result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory,
650 &buf);
651 if (result != ISC_R_SUCCESS) {
652 fatal("Failed to build private key filename: %s",
653 isc_result_totext(result));
654 }
553ead32
EH
655 printf("%s\n", newname);
656 }
657
bc8f8249
MA
658 if (prevkey != NULL)
659 dst_key_free(&prevkey);
553ead32 660 dst_key_free(&key);
586e65ea 661 dst_lib_destroy();
553ead32
EH
662 if (verbose > 10)
663 isc_mem_stats(mctx, stdout);
c514f38c 664 cleanup_logging(&log);
2847ddea 665 isc_mem_free(mctx, directory);
553ead32
EH
666 isc_mem_destroy(&mctx);
667
668 return (0);
669}