From cc8a5c59a842873e998220cc316ad43487c67776 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 1 Jul 2019 22:46:12 -0500
Subject: [PATCH] hxtool: add generate-key command

This will help us not commit private keys in-tree for testing as we can now
more easily generate them as needed.
---
 lib/hx509/hxtool-commands.in | 22 ++++++++++++++++++++++
 lib/hx509/hxtool.c           | 12 ++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/lib/hx509/hxtool-commands.in b/lib/hx509/hxtool-commands.in
index b772f2b10..f85db0533 100644
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -419,6 +419,28 @@ command = {
 	argument="ocsp/crl files"
 	help = "Print the OCSP/CRL files"
 }
+command = {
+	name = "generate-key"
+	option = {
+		long = "type"
+		type = "string"
+		help = "keytype"
+	}
+	option = {
+	        long = "key-bits"
+		type = "integer"
+		help = "number of bits in the generated key";
+	}
+	option = {
+		long = "verbose"
+		type = "flag"
+		help = "verbose status"
+	}
+	min_args="1"
+	max_args="1"
+	argument="output-file"
+	help = "Generate a private key"
+}
 command = {
 	name = "request-create"
 	option = {
diff --git a/lib/hx509/hxtool.c b/lib/hx509/hxtool.c
index 06345e9a8..5979d1e39 100644
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1316,6 +1316,18 @@ get_key(const char *fn, const char *type, int optbits,
     }
 }
 
+int
+generate_key(struct generate_key_options *opt, int argc, char **argv)
+{
+    hx509_private_key signer;
+    const char *type = opt->type_string ? opt->type_string : "rsa";
+    int bits = opt->key_bits_integer ? opt->key_bits_integer : 2048;
+
+    get_key(argv[0], type, bits, &signer);
+    hx509_private_key_free(&signer);
+    return 0;
+}
+
 int
 request_create(struct request_create_options *opt, int argc, char **argv)
 {