1 files changed, 27 insertions, 8 deletions

diff --git a/bin/dnssec/dnssec-settime.c b/bin/dnssec/dnssec-settime.c
index f7f4486..a7fbed3 100644
--- a/bin/dnssec/dnssec-settime.c
+++ b/bin/dnssec/dnssec-settime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009-2012  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2013  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -20,7 +20,6 @@
 
 #include <config.h>
 
-#include <libgen.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <errno.h>
@@ -140,6 +139,7 @@ main(int argc, char **argv) {
 	int		prepub = -1;
 	isc_stdtime_t	now;
 	isc_stdtime_t	pub = 0, act = 0, rev = 0, inact = 0, del = 0;
+	isc_stdtime_t	prevact = 0, previnact = 0, prevdel = 0;
 	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
 	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
 	isc_boolean_t	setdel = ISC_FALSE;
@@ -344,7 +344,6 @@ main(int argc, char **argv) {
 
 	if (predecessor != NULL) {
 		char keystr[DST_KEY_FORMATSIZE];
-		isc_stdtime_t when;
 		int major, minor;
 
 		if (prepub == -1)
@@ -376,19 +375,20 @@ main(int argc, char **argv) {
 			fatal("Predecessor has incompatible format "
 			      "version %d.%d\n\t", major, minor);
 
-		result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
+		result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &prevact);
 		if (result != ISC_R_SUCCESS)
 			fatal("Predecessor has no activation date. "
 			      "You must set one before\n\t"
 			      "generating a successor.");
 
-		result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
+		result = dst_key_gettime(prevkey, DST_TIME_INACTIVE,
+					 &previnact);
 		if (result != ISC_R_SUCCESS)
 			fatal("Predecessor has no inactivation date. "
 			      "You must set one before\n\t"
 			      "generating a successor.");
 
-		pub = act - prepub;
+		pub = prevact - prepub;
 		if (pub < now && prepub != 0)
 			fatal("Predecessor will become inactive before the\n\t"
 			      "prepublication period ends.  Either change "
@@ -396,13 +396,18 @@ main(int argc, char **argv) {
 			      "or use the -i option to set a shorter "
 			      "prepublication interval.");
 
-		result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
+		result = dst_key_gettime(prevkey, DST_TIME_DELETE, &prevdel);
 		if (result != ISC_R_SUCCESS)
-			fprintf(stderr, "%s: WARNING: Predecessor has no "
+			fprintf(stderr, "%s: warning: Predecessor has no "
 					"removal date;\n\t"
 					"it will remain in the zone "
 					"indefinitely after rollover.\n",
 					program);
+		else if (prevdel < previnact)
+			fprintf(stderr, "%s: warning: Predecessor is "
+					"scheduled to be deleted\n\t"
+					"before it is scheduled to be "
+					"inactive.\n", program);
 
 		changed = setpub = setact = ISC_TRUE;
 		dst_key_free(&prevkey);
@@ -464,6 +469,20 @@ main(int argc, char **argv) {
 			fatal("Key flags mismatch");
 	}
 
+	prevdel = previnact = 0;
+	if ((setdel && setinact && del < inact) ||
+	    (dst_key_gettime(key, DST_TIME_INACTIVE,
+			     &previnact) == ISC_R_SUCCESS &&
+	     setdel && !setinact && del < previnact) ||
+	    (dst_key_gettime(key, DST_TIME_DELETE,
+			     &prevdel) == ISC_R_SUCCESS &&
+	     setinact && !setdel && prevdel < inact) ||
+	    (!setdel && !setinact && prevdel < previnact))
+		fprintf(stderr, "%s: warning: Key is scheduled to "
+				"be deleted before it is\n\t"
+				"scheduled to be inactive.\n",
+			program);
+
 	if (force)
 		set_keyversion(key);
 	else