certtool: allow --update-certificate to replace public key

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

1 files changed, 16 insertions, 1 deletions

diff --git a/src/certtool.c b/src/certtool.c
index 88f8fc52f1..a755e1bca3 100644
--- a/src/certtool.c
+++ b/src/certtool.c
@@ -1085,6 +1085,8 @@ static void update_signed_certificate(common_info_st * cinfo)
 	gnutls_x509_crt_t crt;
 	int result;
 	gnutls_privkey_t ca_key;
+	gnutls_privkey_t pkey;
+	gnutls_pubkey_t pubkey;
 	gnutls_x509_crt_t ca_crt;
 	gnutls_datum_t out;
 	time_t tim;
@@ -1092,6 +1094,7 @@ static void update_signed_certificate(common_info_st * cinfo)
 
 	fprintf(stdlog, "Generating a signed certificate...\n");
 
+
 	ca_key = load_ca_private_key(cinfo);
 	ca_crt = load_ca_cert(1, cinfo);
 	crt = load_cert(1, cinfo);
@@ -1107,7 +1110,6 @@ static void update_signed_certificate(common_info_st * cinfo)
 	}
 
 	tim = get_expiration_date();
-
 	result = gnutls_x509_crt_set_expiration_time(crt, tim);
 	if (result < 0) {
 		fprintf(stderr, "set_expiration: %s\n",
@@ -1115,6 +1117,19 @@ static void update_signed_certificate(common_info_st * cinfo)
 		app_exit(1);
 	}
 
+	pkey = load_private_key(0, cinfo);
+	pubkey = load_public_key_or_import(0, pkey, cinfo);
+
+	if (pubkey) {
+		fprintf(stderr, "Updating public key\n");
+		result = gnutls_x509_crt_set_pubkey(crt, pubkey);
+		if (result < 0) {
+			fprintf(stderr, "cannot set public key: %s\n",
+				gnutls_strerror(result));
+			app_exit(1);
+		}
+	}
+
 	fprintf(stderr, "\n\nSigning certificate...\n");
 
 	if (cinfo->rsa_pss_sign)