Merge branch 'keymgr_set_flags' into 'master'

keymgr: recompute keytag after key flag change...

See merge request !1268

doc/man/keymgr.8in

@@ -190,7 +190,7 @@ If set to \fByes\fP, the key will be used for signing zone (except DNSKEY rrset)
 be set concurrently with the \fBksk\fP flag.
 .TP
 \fBsep\fP
-Overrides the standard setting of the Secure Entry Point flag for the generated key.
+Overrides the standard setting of the Secure Entry Point flag.
 .UNINDENT
 .sp
 The following arguments are timestamps of key lifetime (see DNSSEC Key states):

doc/man_keymgr.rst

@@ -163,7 +163,7 @@ Arguments are separated by space, each of them is in format 'name=value'.
   be set concurrently with the **ksk** flag.
 
 **sep**
-  Overrides the standard setting of the Secure Entry Point flag for the generated key.
+  Overrides the standard setting of the Secure Entry Point flag.
 
 The following arguments are timestamps of key lifetime (see :ref:`DNSSEC Key states`):
 

src/utils/keymgr/functions.c

@@ -145,7 +145,7 @@ static bool genkeyargs(int argc, char *argv[], bool just_timing,
 			bitmap_set(flags, DNSKEY_GENERATE_KSK, str2bool(argv[i] + 4));
 		} else if (strncasecmp(argv[i], "zsk=", 4) == 0) {
 			bitmap_set(flags, DNSKEY_GENERATE_ZSK, str2bool(argv[i] + 4));
-		} else if (!just_timing && strncasecmp(argv[i], "sep=", 4) == 0) {
+		} else if (strncasecmp(argv[i], "sep=", 4) == 0) {
 			bitmap_set(flags, DNSKEY_GENERATE_SEP_SPEC, true);
 			bitmap_set(flags, DNSKEY_GENERATE_SEP_ON, str2bool(argv[i] + 4));
 		} else if (!just_timing && strncasecmp(argv[i], "size=", 5) == 0) {
@@ -816,8 +816,14 @@ int keymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[])
 			return ret;
 		}
 		key->timing = temp;
-		key->is_ksk = (flags & DNSKEY_GENERATE_KSK);
-		key->is_zsk = (flags & DNSKEY_GENERATE_ZSK);
+		if (key->is_ksk != (bool)(flags & DNSKEY_GENERATE_KSK) ||
+		    key->is_zsk != (bool)(flags & DNSKEY_GENERATE_ZSK) ||
+		    flags & DNSKEY_GENERATE_SEP_SPEC) {
+			normalize_generate_flags(&flags);
+			key->is_ksk = (flags & DNSKEY_GENERATE_KSK);
+			key->is_zsk = (flags & DNSKEY_GENERATE_ZSK);
+			return dnssec_key_set_flags(key->key, dnskey_flags(flags & DNSKEY_GENERATE_SEP_ON));
+		}
 		return KNOT_EOK;
 	}
 	return KNOT_EINVAL;