hxtool: add generate-key command

This will help us not commit private keys in-tree for testing as we can now more easily generate them as needed.
2019-07-01 22:46:12 -05:00
parent 049d817c66
commit cc8a5c59a8
2 changed files with 34 additions and 0 deletions
--- a/lib/hx509/hxtool-commands.in
+++ b/lib/hx509/hxtool-commands.in
@@ -419,6 +419,28 @@ command = {
 	argument="ocsp/crl files"
 	help = "Print the OCSP/CRL files"
 }
+command = {
+	name = "generate-key"
+	option = {
+		long = "type"
+		type = "string"
+		help = "keytype"
+	}
+	option = {
+	        long = "key-bits"
+		type = "integer"
+		help = "number of bits in the generated key";
+	}
+	option = {
+		long = "verbose"
+		type = "flag"
+		help = "verbose status"
+	}
+	min_args="1"
+	max_args="1"
+	argument="output-file"
+	help = "Generate a private key"
+}
 command = {
 	name = "request-create"
 	option = {
--- a/lib/hx509/hxtool.c
+++ b/lib/hx509/hxtool.c
@@ -1316,6 +1316,18 @@ get_key(const char *fn, const char *type, int optbits,
    }
 }

+int
+generate_key(struct generate_key_options *opt, int argc, char **argv)
+{
+    hx509_private_key signer;
+    const char *type = opt->type_string ? opt->type_string : "rsa";
+    int bits = opt->key_bits_integer ? opt->key_bits_integer : 2048;
+
+    get_key(argv[0], type, bits, &signer);
+    hx509_private_key_free(&signer);
+    return 0;
+}
+
 int
 request_create(struct request_create_options *opt, int argc, char **argv)
 {