52 fprintf(stderr,
"%s (%s) version %s\n",
53 progname, PACKAGE_NAME, PACKAGE_VERSION);
60 "usage: %s [-c config] [-vVfh] [command [options]]\n",
63 fprintf(stderr,
" -h Print this usage information.\n");
64 fprintf(stderr,
" -v Increase verbosity.\n");
65 fprintf(stderr,
" -V Print version and exit.\n");
66 fprintf(stderr,
" -f Force, Assume yes on all questions.\n");
67 fprintf(stderr,
" -c <cfg> Use alternative conf.xml.\n");
69 fprintf(stderr,
"commands\n");
71 fprintf(stderr,
" login\n");
72 fprintf(stderr,
" logout\n");
73 fprintf(stderr,
" list [repository]\n");
74 fprintf(stderr,
" generate <repository> rsa|dsa|gost|ecdsa [keysize]\n");
75 fprintf(stderr,
" remove <id>\n");
76 fprintf(stderr,
" purge <repository>\n");
77 fprintf(stderr,
" dnskey <id> <name> <type> <algo>\n");
78 fprintf(stderr,
" test <repository>\n");
79 fprintf(stderr,
" info\n");
81 fprintf(stderr,
" debug\n");
88 printf(
"The tokens are now logged in.\n");
97 printf(
"Failed to erase the credentials.\n");
102 printf(
"The credentials has been erased.\n");
107 #pragma GCC diagnostic push
108 #pragma GCC diagnostic ignored "-Wformat-nonliteral"
110 cmd_list (
int argc,
char *argv[])
113 char *repository = NULL;
115 size_t key_count = 0;
116 size_t key_count_valid = 0;
119 const char *key_info_format =
"%-20s %-32s %-10s\n";
124 repository = argv[0];
134 fprintf(stdout,
"\nListing keys in repository: %s\n", repository);
137 fprintf(stdout,
"\nListing keys in all repositories.\n");
141 fprintf(stdout,
"%u %s found.\n\n", (
unsigned int) key_count,
142 (key_count > 1 || key_count == 0 ?
"keys" :
"key"));
149 fprintf(stdout, key_info_format,
"Repository",
"ID",
"Type");
150 fprintf(stdout, key_info_format,
"----------",
"--",
"----");
152 for (i = 0; i < key_count; i++) {
156 char const * key_id = NULL;
169 snprintf(key_type,
sizeof(key_type),
"%s/%lu",
171 key_id = key_info->
id;
173 snprintf(key_type,
sizeof(key_type),
"UNKNOWN");
177 printf(key_info_format, key->
modulename, key_id, key_type);
183 if (key_count != key_count_valid) {
185 invalid_keys = key_count - key_count_valid;
187 fprintf(stderr,
"Warning: %u %s not usable by OpenDNSSEC was found.\n",
188 (
unsigned int) invalid_keys, invalid_keys > 1 ?
"keys" :
"key");
193 #pragma GCC diagnostic pop
196 cmd_generate (
int argc,
char *argv[])
198 const char *repository = NULL;
200 unsigned int keysize = 1024;
204 if (argc < 2 || argc > 3) {
209 repository = argv[0];
219 keysize = atoi(argv[2]);
223 printf(
"Generating %d bit RSA key in repository: %s\n",
224 keysize, repository);
227 }
else if (!strcasecmp(
algorithm,
"dsa")) {
228 printf(
"Generating %d bit DSA key in repository: %s\n",
229 keysize, repository);
232 }
else if (!strcasecmp(
algorithm,
"gost")) {
233 printf(
"Generating 512 bit GOST key in repository: %s\n",
237 }
else if (!strcasecmp(
algorithm,
"ecdsa")) {
238 if (keysize == 256) {
239 printf(
"Generating a P-256 ECDSA key in repository: %s\n",
243 }
else if (keysize == 384) {
244 printf(
"Generating a P-384 ECDSA key in repository: %s\n",
249 printf(
"Invalid ECDSA key size: %d\n", keysize);
250 printf(
"Expecting 256 or 384.\n");
254 printf(
"Unknown algorithm: %s\n",
algorithm);
262 printf(
"Key generation successful: %s\n",
263 key_info ? key_info->
id :
"NULL");
268 printf(
"Key generation failed.\n");
276 cmd_remove (
int argc,
char *argv[])
293 printf(
"Key not found: %s\n",
id);
300 printf(
"Key remove successful.\n");
302 printf(
"Key remove failed.\n");
311 cmd_purge (
int argc,
char *argv[],
int force)
314 int final_result = 0;
318 char *repository = NULL;
321 size_t key_count = 0;
329 repository = argv[0];
339 printf(
"Purging all keys from repository: %s\n", repository);
342 printf(
"%u %s found.\n\n", (
unsigned int) key_count,
343 (key_count > 1 || key_count == 0 ?
"keys" :
"key"));
349 if (key_count == 0) {
355 printf(
"Are you sure you want to remove ALL keys from repository %s ? (YES/NO) ", repository);
356 fresult = fgets(confirm,
sizeof(confirm) - 1, stdin);
357 if (fresult == NULL || strncasecmp(confirm,
"yes", 3) != 0) {
358 printf(
"\npurge cancelled.\n");
363 printf(
"\nStarting purge...\n");
365 for (i = 0; i < key_count; i++) {
373 printf(
"Key remove successful: %s\n",
374 key_info ? key_info->
id :
"NULL");
376 printf(
"Key remove failed: %s\n",
377 key_info ? key_info->
id :
"NULL");
385 printf(
"Purge done.\n");
391 cmd_dnskey (
int argc,
char *argv[])
407 id = strdup(argv[0]);
408 name = strdup(argv[1]);
409 type = atoi(argv[2]);
410 algo = atoi(argv[3]);
415 printf(
"Key not found: %s\n",
id);
421 if (type != LDNS_KEY_ZONE_KEY && type != LDNS_KEY_ZONE_KEY + LDNS_KEY_SEP_KEY) {
422 printf(
"Invalid key type: %i\n", type);
423 printf(
"Please use: %i or %i\n", LDNS_KEY_ZONE_KEY, LDNS_KEY_ZONE_KEY + LDNS_KEY_SEP_KEY);
432 case LDNS_SIGN_RSAMD5:
433 case LDNS_SIGN_RSASHA1:
434 case LDNS_SIGN_RSASHA1_NSEC3:
435 case LDNS_SIGN_RSASHA256:
436 case LDNS_SIGN_RSASHA512:
438 printf(
"Not an RSA key, the key is of algorithm %s.\n", key_info->
algorithm_name);
447 case LDNS_SIGN_DSA_NSEC3:
449 printf(
"Not a DSA key, the key is of algorithm %s.\n", key_info->
algorithm_name);
457 case LDNS_SIGN_ECC_GOST:
459 printf(
"Not a GOST key, the key is of algorithm %s.\n", key_info->
algorithm_name);
468 #if !defined LDNS_BUILD_CONFIG_USE_ECDSA || LDNS_BUILD_CONFIG_USE_ECDSA
469 case LDNS_SIGN_ECDSAP256SHA256:
471 printf(
"Not an ECDSA key, the key is of algorithm %s.\n", key_info->
algorithm_name);
478 if (key_info->
keysize != 256) {
479 printf(
"The key is a ECDSA/%lu, expecting ECDSA/256 for this algorithm.\n", key_info->
keysize);
487 case LDNS_SIGN_ECDSAP384SHA384:
489 printf(
"Not an ECDSA key, the key is of algorithm %s.\n", key_info->
algorithm_name);
496 if (key_info->
keysize != 384) {
497 printf(
"The key is a ECDSA/%lu, expecting ECDSA/384 for this algorithm.\n", key_info->
keysize);
507 printf(
"Invalid algorithm: %i\n", algo);
518 sign_params->
flags = type;
519 sign_params->
owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, name);
521 sign_params->
keytag = ldns_calc_keytag(dnskey_rr);
523 ldns_rr_print(stdout, dnskey_rr);
526 ldns_rr_free(dnskey_rr);
537 char *repository = NULL;
540 repository = strdup(argv[0]);
544 printf(
"Testing repository: %s\n\n", repository);
546 if (repository) free(repository);
582 while ((ch = getopt(argc, argv,
"c:vVhf")) != -1) {
615 if (!strcasecmp(argv[0],
"logout")) {
616 if (config) free(config);
624 fprintf(stderr,
"%s\n", error);
631 openlog(
"hsmutil", LOG_PID, LOG_USER);
633 if (!strcasecmp(argv[0],
"login")) {
636 result = cmd_login();
637 }
else if (!strcasecmp(argv[0],
"list")) {
640 result = cmd_list(argc, argv);
641 }
else if (!strcasecmp(argv[0],
"generate")) {
644 result = cmd_generate(argc, argv);
645 }
else if (!strcasecmp(argv[0],
"remove")) {
648 result = cmd_remove(argc, argv);
649 }
else if (!strcasecmp(argv[0],
"purge")) {
652 result = cmd_purge(argc, argv, force);
653 }
else if (!strcasecmp(argv[0],
"dnskey")) {
656 result = cmd_dnskey(argc, argv);
657 }
else if (!strcasecmp(argv[0],
"test")) {
660 result = cmd_test(argc, argv,
ctx);
661 }
else if (!strcasecmp(argv[0],
"info")) {
664 result = cmd_info(
ctx);
665 }
else if (!strcasecmp(argv[0],
"debug")) {
668 result = cmd_debug(
ctx);
676 if (config) free(config);