certtool: allow --update-certificate to replace public key

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/src/certtool.c b/src/certtool.c
index 88f8fc52f1afcb11b686834f70471b1356fe090f..a755e1bca3419ac349f5472f25c0db9bfc7afa45 100644 (file)
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1085,6 +1085,8 @@ static void update_signed_certificate(common_info_st * cinfo)
        gnutls_x509_crt_t crt;
        int result;
        gnutls_privkey_t ca_key;
+       gnutls_privkey_t pkey;
+       gnutls_pubkey_t pubkey;
        gnutls_x509_crt_t ca_crt;
        gnutls_datum_t out;
        time_t tim;
@@ -1092,6 +1094,7 @@ static void update_signed_certificate(common_info_st * cinfo)
 
        fprintf(stdlog, "Generating a signed certificate...\n");
 
+
        ca_key = load_ca_private_key(cinfo);
        ca_crt = load_ca_cert(1, cinfo);
        crt = load_cert(1, cinfo);
@@ -1107,7 +1110,6 @@ static void update_signed_certificate(common_info_st * cinfo)
        }
 
        tim = get_expiration_date();
-
        result = gnutls_x509_crt_set_expiration_time(crt, tim);
        if (result < 0) {
                fprintf(stderr, "set_expiration: %s\n",
@@ -1115,6 +1117,19 @@ static void update_signed_certificate(common_info_st * cinfo)
                app_exit(1);
        }
 
+       pkey = load_private_key(0, cinfo);
+       pubkey = load_public_key_or_import(0, pkey, cinfo);
+
+       if (pubkey) {
+               fprintf(stderr, "Updating public key\n");
+               result = gnutls_x509_crt_set_pubkey(crt, pubkey);
+               if (result < 0) {
+                       fprintf(stderr, "cannot set public key: %s\n",
+                               gnutls_strerror(result));
+                       app_exit(1);
+               }
+       }
+
        fprintf(stderr, "\n\nSigning certificate...\n");
 
        if (cinfo->rsa_pss_sign)