add --lifetime to ca command.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19604 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-12-31 01:10:00 +00:00
parent 7cabe3475e
commit 760f9d2de4
2 changed files with 19 additions and 0 deletions
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -466,6 +466,11 @@ command = {
 		type = "strings"
 		help = "Type of certificate to issue"
 	}
+	option = {
+		long = "lifetime"
+		type = "string"
+		help = "Lifetime of certificate"
+	}
 	option = {
 		long = "hostname"
 		type = "strings"
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -36,6 +36,7 @@ RCSID("$Id$");

 #include <hxtool-commands.h>
 #include <sl.h>
+#include <parse_time.h>

 static hx509_context context;

@@ -1215,6 +1216,7 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
    hx509_private_key private_key = NULL;
    hx509_name subject = NULL;
    SubjectPublicKeyInfo spki;
+    int delta = 0;

    memset(&spki, 0, sizeof(spki));

@@ -1232,6 +1234,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
 	    errx(1, "both --req and --ca-private-key used");
    }

+    if (opt->lifetime_string) {
+	delta = parse_time(opt->lifetime_string, "day");
+	if (delta < 0)
+	    errx(1, "Invalid lifetime: %s", opt->lifetime_string);
+    }
+
    if (opt->ca_certificate_string) {
 	hx509_query *q;

@@ -1341,6 +1349,12 @@ hxtool_ca(struct certificate_sign_options *opt, int argc, char **argv)
 	    hx509_err(context, ret, 1, "hx509_ca_tbs_set_proxy");
    }

+    if (delta) {
+	ret = hx509_ca_tbs_set_notAfter_lifetime(context, tbs, delta);
+	if (ret)
+	    hx509_err(context, ret, 1, "hx509_ca_tbs_set_notAfter_lifetime");
+    }	
+
    if (opt->self_signed_flag) {
 	ret = hx509_ca_sign_self(context, tbs, private_key, &cert);
 	if (ret)