OpenDNSSEC-enforcer 2.1.10
keystate_import_cmd.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2016 NLNet Labs
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 */
27
28#include "config.h"
29#include <getopt.h>
30
31#include "cmdhandler.h"
33#include "daemon/engine.h"
34#include "file.h"
35#include "log.h"
36#include "str.h"
37#include "clientpipe.h"
38#include "duration.h"
39#include "libhsm.h"
40#include "libhsmdns.h"
41#include "db/key_data.h"
42#include "db/db_error.h"
43
46
47static const char *module_str = "keystate_import_cmd";
48/* 5 states are: generate, publish, ready, active and retire */
49/* For every state we should specify the values of DS, DNSKEY, RRSIGDNSKEY
50 and RRSIG. These values can be HIDDEN(0), RUMOURED(1), OMNIPRESENT(2),
51 UNRETENTIVE(3), NA(4)*/
52const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
53const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
54const int ds_at_parent [5] = {0,0,1,3,5};
55
56
57static int max(int a, int b) { return a>b?a:b; }
58static int min(int a, int b) { return a<b?a:b; }
59
60
61int
63 const char *ckaid, const char *rep, const char *zonename,
64 int bits, int alg, int keytype, unsigned int time)
65{
66 hsm_ctx_t *hsm_ctx;
67 hsm_key_t *hsm_key = NULL;
68 char *hsm_err;
69 libhsm_key_t *libhsmkey;
70 zone_db_t *zone;
71
72 /* Create an HSM context and check that the repository exists */
73 if (!(hsm_ctx = hsm_create_context())) {
74 return -1;
75 }
76 if (!hsm_token_attached(hsm_ctx, rep)) {
77 if ((hsm_err = hsm_get_error(hsm_ctx))) {
78 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
79 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
80 free(hsm_err);
81 }
82 else {
83 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
84 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
85 }
86 hsm_destroy_context(hsm_ctx);
87 return -1;
88 }
89
90 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
91 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
92 client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
93 hsm_destroy_context(hsm_ctx);
94 return -1;
95 }
96 libhsm_key_free(libhsmkey);
97 hsm_key = hsm_key_new_get_by_locator(dbconn, ckaid);
98 if (hsm_key) {
99 ods_log_error("[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
100 client_printf_err(sockfd, "Already used this key with this locator: %s\n", ckaid);
102 hsm_destroy_context(hsm_ctx);
103 return -1;
104 }
105
106 zone = zone_db_new_get_by_name(dbconn, zonename);
107 if (!(hsm_key = hsm_key_new(dbconn))
109 || hsm_key_set_bits(hsm_key, bits)
115 || hsm_key_set_role(hsm_key, keytype)
118 {
119 ods_log_error("[%s] hsm key creation failed, database or memory error", module_str);
121 hsm_destroy_context(hsm_ctx);
122 zone_db_free(zone);
123 return -1;
124 }
125 ods_log_debug("[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
127 hsm_destroy_context(hsm_ctx);
128 zone_db_free(zone);
129 return 0;
130}
131
132int
134 const char *ckaid, const char *rep, const char *zonename,
135 int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
136{
137 key_data_t *key_data = NULL;
138 hsm_ctx_t *hsm_ctx;
139 char *hsm_err;
140 uint16_t tag;
141 hsm_key_t * hsmkey;
142 libhsm_key_t *libhsmkey;
143 zone_db_t *zone;
144
145 /* Create a HSM context and check that the repository exists */
146 if (!(hsm_ctx = hsm_create_context())) {
147 return -1;
148 }
149 if (!hsm_token_attached(hsm_ctx, rep)) {
150 if ((hsm_err = hsm_get_error(hsm_ctx))) {
151 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
152 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
153 free(hsm_err);
154 }
155 else {
156 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
157 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
158 }
159 hsm_destroy_context(hsm_ctx);
160 return -1;
161 }
162
163 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
164 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
165 client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
166 hsm_destroy_context(hsm_ctx);
167 return -1;
168 }
169 libhsm_key_free(libhsmkey);
170 if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, ckaid))) {
171 ods_log_error("[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
172 hsm_destroy_context(hsm_ctx);
173 return -1;
174 }
175 if (hsm_keytag(ckaid, alg, KEY_DATA_ROLE_SEP(keytype), &tag)) {
176 ods_log_error("[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
177 }
178
179 zone = zone_db_new_get_by_name(dbconn, zonename);
180 if (!(key_data = key_data_new(dbconn))
185 || key_data_set_introducing (key_data, keystate < 4 ? 1 : 0)
186 || key_data_set_active_zsk(key_data, keytype == 1 || keystate < 2 || keystate > 3 ? 0 : 1)
187 || key_data_set_publish(key_data,0 < keystate ? 1 : 0)
188 || key_data_set_active_ksk(key_data, keytype == 2 || keystate == 0 ? 0 : 1)
189 || key_data_set_role(key_data, keytype)
190 || key_data_set_ds_at_parent(key_data, keytype == 1 ? ds_at_parent[keystate] : 0)
194 {
195 ods_log_error("[%s] key data creation failed, database or memory error", module_str);
196 hsm_key_free(hsmkey);
198 hsm_destroy_context(hsm_ctx);
199 zone_db_free(zone);
200 return -1;
201 }
202 zone_db_free(zone);
203 ods_log_debug("[%s] key data with this locator %s is created successfully", module_str, ckaid);
205 hsm_destroy_context(hsm_ctx);
206 db_value_copy (hsmkey_id, hsm_key_id(hsmkey));
207 hsm_key_free(hsmkey);
208 return 0;
209}
210
211int
213 const char *ckaid, const char *rep, const char *zonename,
214 int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
215{
216 key_state_t *key_state = NULL;
217 hsm_ctx_t *hsm_ctx;
218 char *hsm_err;
219 int ttl;
220 key_data_t* key;
221 const db_value_t* keydataid;
223 libhsm_key_t *libhsmkey;
224 zone_db_t *zone;
225
226 /* Create a HSM context and check that the repository exists */
227 if (!(hsm_ctx = hsm_create_context())) {
228 return -1;
229 }
230 if (!hsm_token_attached(hsm_ctx, rep)) {
231 if ((hsm_err = hsm_get_error(hsm_ctx))) {
232 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
233 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
234 free(hsm_err);
235 }
236 else {
237 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
238 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
239 }
240 hsm_destroy_context(hsm_ctx);
241 return -1;
242 }
243
244 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
245 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
246 client_printf(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
247 hsm_destroy_context(hsm_ctx);
248 return -1;
249 }
250 libhsm_key_free(libhsmkey);
251 key = key_data_new_get_by_hsm_key_id(dbconn, hsmkeyid);
252 keydataid = key_data_id(key);
253
254 policy = policy_new(dbconn);
255 zone = zone_db_new_get_by_name(dbconn, zonename);
257 zone_db_free(zone);
258
259 if (!(key_state = key_state_new(dbconn))
265 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][0] : zsk_mapping[keystate][0])
267 {
268 ods_log_error("[%s] key state creation for DS failed, database or memory error", module_str);
269 key_data_free(key);
272 hsm_destroy_context(hsm_ctx);
273 return -1;
274 }
276
277 if (!(key_state = key_state_new(dbconn))
283 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][1] : zsk_mapping[keystate][1])
285 {
286 ods_log_error("[%s] key state creation for DNSKEY failed, database or memory error", module_str);
287 key_data_free(key);
290 hsm_destroy_context(hsm_ctx);
291 return -1;
292 }
294
295 if (!(key_state = key_state_new(dbconn))
300 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][2] : zsk_mapping[keystate][2])
302 {
303 ods_log_error("[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
304 key_data_free(key);
307 hsm_destroy_context(hsm_ctx);
308 return -1;
309 }
311
318
319 if (!(key_state = key_state_new(dbconn))
321 /* || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))*/
326 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][3] : zsk_mapping[keystate][3])
328 {
329 ods_log_error("[%s] key state creation for RRSIG failed, database or memory error", module_str);
330 key_data_free(key);
333 hsm_destroy_context(hsm_ctx);
334 return -1;
335 }
336 ods_log_debug("[%s] key state with this locator %s is created successfully", module_str, ckaid);
337
338 key_data_free(key);
341 hsm_destroy_context(hsm_ctx);
342
343 return 0;
344}
345
346
347
348static void
349usage(int sockfd)
350{
351 client_printf(sockfd,
352 "key import\n"
353 " --cka_id <CKA_ID> aka -k\n"
354 " --repository <repository> aka -r\n"
355 " --zone <zone> aka -z\n"
356 " --bits <size> aka -b\n"
357 " --algorithm <algorithm> aka -g\n"
358 " --keystate <state> aka -e\n"
359 " --keytype <type> aka -t\n"
360 " --inception_time <time> aka -w\n"
361 );
362}
363
364static void
365help(int sockfd)
366{
367 client_printf(sockfd,
368 "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
369 "\nOptions:\n"
370 "cka_id specify the locator of the key\n"
371 "repository name of the repository which the key must be stored\n"
372 "zone name of the zone for which this key is to be used\n"
373 "bits key size in bits\n"
374 "algorithm algorithm number \n"
375 "keystate state of the key in which the key will be after import\n"
376 "keytype type of the key, KSK, ZSK or CSK\n"
377 "inception_time time of inception\n\n");
378}
379
380static int
381run(int sockfd, cmdhandler_ctx_type* context, const char *cmd)
382{
383 #define NARGV 18
384 char buf[ODS_SE_MAXLINE];
385 const char *argv[NARGV];
386 int argc = 0, long_index = 0, opt = 0;
387 const char *ckaid = NULL;
388 const char *repository = NULL;
389 const char *zonename = NULL;
390 const char *bits = NULL;
391 const char *algorithm = NULL;
392 const char* keytype = NULL;
393 const char* keystate = NULL;
394 const char *time = NULL;
395 zone_db_t *zone = NULL;
396 time_t inception = 0;
397 struct tm tm;
398 int setmin;
399 db_value_t *hsmkey_id;
401 db_connection_t* dbconn = getconnectioncontext(context);
402
403 static struct option long_options[] = {
404 {"zone", required_argument, 0, 'z'},
405 {"cka_id", required_argument, 0, 'k'},
406 {"repository", required_argument, 0, 'r'},
407 {"bits", required_argument, 0, 'b'},
408 {"algorithm", required_argument, 0, 'g'},
409 {"keytype", required_argument, 0, 't'},
410 {"keystate", required_argument, 0, 'e'},
411 {"inception_time", required_argument, 0, 'w'},
412 {0, 0, 0, 0}
413 };
414
415 ods_log_debug("[%s] %s command", module_str, key_import_funcblock.cmdname);
416
417 /* Use buf as an intermediate buffer for the command.*/
418 strncpy(buf, cmd, sizeof(buf));
419 buf[sizeof(buf)-1] = '\0';
420
421 /* separate the arguments*/
422 argc = ods_str_explode(buf, NARGV, argv);
423 if (argc == -1) {
424 client_printf_err(sockfd, "too many arguments\n");
425 ods_log_error("[%s] too many arguments for %s command",
426 module_str, key_import_funcblock.cmdname);
427 return -1;
428 }
429
430 optind = 0;
431 while ((opt = getopt_long(argc, (char* const*)argv, "z:k:r:b:g:t:e:w:", long_options, &long_index)) != -1) {
432 switch (opt) {
433 case 'z':
434 zonename = optarg;
435 break;
436 case 'k':
437 ckaid = optarg;
438 break;
439 case 'r':
440 repository = optarg;
441 break;
442 case 'b':
443 bits = optarg;
444 break;
445 case 'g':
446 algorithm = optarg;
447 break;
448 case 't':
449 keytype = optarg;
450 break;
451 case 'e':
452 keystate = optarg;
453 break;
454 case 'w':
455 time = optarg;
456 break;
457 default:
458 client_printf_err(sockfd, "unknown arguments\n");
459 ods_log_error("[%s] unknown arguments for %s command",
460 module_str, key_import_funcblock.cmdname);
461 return -1;
462 }
463 }
464
465 if (keytype) {
466 if (strcasecmp(keytype, "KSK") && strcasecmp(keytype, "ZSK") && strcasecmp(keytype, "CSK")) {
467 ods_log_error("[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
468 client_printf_err(sockfd, "unknown keytype, should be one of KSK, ZSK, or CSK\n");
469 return -1;
470 }
471 }
472 else {
473 ods_log_error("[%s] specify keytype for command %s", module_str, cmd);
474 client_printf_err(sockfd, "specify keytype: ZSK, KSK or CSK\n");
475 return -1;
476 }
477
478 if (keystate) {
479 if (strcasecmp(keystate, "generate") && strcasecmp(keystate, "publish") && strcasecmp(keystate, "ready") && strcasecmp(keystate, "active") && strcasecmp(keystate, "retire") && strcasecmp(keystate, "revoke")) {
480 ods_log_error("[%s] unknown keystate", module_str);
481 client_printf_err(sockfd, "unknown keystate: states are generate, publish, ready, active or retire\n");
482 return -1;
483 }
484 }
485 else {
486 ods_log_error("[%s] specify keystate for command %s", module_str, cmd);
487 client_printf_err(sockfd, "specify keystate: generate, publish, ready, active or retire\n");
488 return -1;
489 }
490
491 if (!zonename) {
492 ods_log_error("[%s] expected --zone for %s command", module_str, key_import_funcblock.cmdname);
493 client_printf_err(sockfd, "expected --zone \n");
494 return -1;
495 }
496 if (zonename && !(zone = zone_db_new_get_by_name(dbconn, zonename))) {
497 ods_log_error("[%s] Unknown zone: %s", module_str, zonename);
498 client_printf_err(sockfd, "Unknown zone: %s\n", zonename);
499 return -1;
500 }
501 free(zone);
502 zone = NULL;
503
504 if (!algorithm) {
505 ods_log_error("[%s] specify an algorithm for command %s", module_str, cmd);
506 client_printf_err(sockfd, "specify an algorithm\n");
507 return -1;
508 }
509 if (!bits) {
510 ods_log_error("[%s] specify bits for command %s", module_str, cmd);
511 client_printf_err(sockfd, "specify bits\n");
512 return -1;
513 }
514 if (!repository) {
515 ods_log_error("[%s] specify repository for command %s", module_str, cmd);
516 client_printf_err(sockfd, "specify repository \n");
517 return -1;
518 }
519
520 if (time && strptime(time, "%Y-%m-%d-%H:%M:%S", &tm)) {
521 tm.tm_isdst = -1;
522 inception = mktime(&tm);
523 }
524 else {
525 ods_log_error("[%s] specify inception time for command %s", module_str, cmd);
526 client_printf_err(sockfd, "specify inception time YYYY-MM-DD-HH:MM:SS\n");
527 return -1;
528 }
529
530 /* gen = 0, pub = 1, ready = 2, act = 3, ... */
531 int state = -1;
532 if (!strcasecmp(keystate, "generate"))
533 state = 0;
534 else if (!strcasecmp(keystate,"publish"))
535 state = 1;
536 else if (!strcasecmp(keystate, "ready"))
537 state = 2;
538 else if (!strcasecmp(keystate, "active"))
539 state = 3;
540 else if (!strcasecmp(keystate, "retire"))
541 state = 4;
542 else if (!strcasecmp(keystate, "revoke"))
543 state = 5;
544
545 int type = -1;
546 if (!strcasecmp(keytype, "KSK"))
547 type = 1;
548 else if (!strcasecmp(keytype, "ZSK"))
549 type = 2;
550 else if (!strcasecmp(keytype, "CSK"))
551 type = 3;
552
553 hsmkey_id = db_value_new();
554 zone = zone_db_new_get_by_name(dbconn, zonename);
556 zone_db_free(zone);
557 if (!policy_key) {
558 ods_log_error("Unable to get policyKey, database error!");
559 client_printf_err(sockfd, "Unable to get policyKey, database error!\n");
560 db_value_free((void*)hsmkey_id);
561 return -1;
562 }
563
564 if (atoi(algorithm) != policy_key_algorithm(policy_key)) {
565 ods_log_error("Error: the given algorithm in import command doesn't match the algorithm in kasp");
566 client_printf_err(sockfd, "The given algorithm doesn't match the algorithm in kasp\n");
567 db_value_free((void*)hsmkey_id);
569 return -1;
570 }
571
574
575 /* perform task immediately */
576 if (perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (unsigned int)inception)
577 || perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (unsigned int)inception, setmin, hsmkey_id)
578 || perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (unsigned int)inception, hsmkey_id)) {
579 ods_log_error("[%s] Error: Unable to add key to the database", module_str);
580 db_value_free((void*)hsmkey_id);
581 return -1;
582 }
583 db_value_free((void*)hsmkey_id);
584 client_printf(sockfd, "Key imported into zone %s\n", zonename);
585 return 0;
586}
587
588struct cmd_func_block key_import_funcblock = {
589 "key import", &usage, &help, NULL, &run
590};
int db_value_copy(db_value_t *value, const db_value_t *from_value)
Definition: db_value.c:77
db_value_t * db_value_new()
Definition: db_value.c:40
void db_value_free(db_value_t *value)
Definition: db_value.c:51
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition: hsm_key.c:658
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition: hsm_key.c:625
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition: hsm_key.c:671
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition: hsm_key.c:1205
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition: hsm_key.c:244
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition: hsm_key.c:638
int hsm_key_create(hsm_key_t *hsm_key)
Definition: hsm_key.c:927
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition: hsm_key.c:681
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition: hsm_key.c:694
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition: hsm_key.c:584
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition: hsm_key.c:603
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition: hsm_key.c:648
enum hsm_key_state hsm_key_state_t
@ HSM_KEY_STATE_PRIVATE
Definition: hsm_key.h:43
@ HSM_KEY_KEY_TYPE_RSA
Definition: hsm_key.h:61
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
Definition: key_data.c:966
const db_value_t * key_data_id(const key_data_t *key_data)
Definition: key_data.c:553
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
Definition: key_data.c:890
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
Definition: key_data.c:903
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
Definition: key_data.c:2530
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
Definition: key_data.c:913
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
Definition: key_data.c:923
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
Definition: key_data.c:832
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
Definition: key_data.c:870
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
Definition: key_data.c:880
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
Definition: key_data.c:851
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
Definition: key_data.c:956
int key_data_create(key_data_t *key_data)
Definition: key_data.c:1093
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:943
key_data_t * key_data_new(const db_connection_t *connection)
Definition: key_data.c:264
unsigned int key_data_minimize(const key_data_t *key_data)
Definition: key_data.c:775
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
Definition: key_data.c:933
#define KEY_DATA_ROLE_SEP(role)
Definition: key_data.h:48
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
Definition: key_state.c:472
key_state_t * key_state_new(const db_connection_t *connection)
Definition: key_state.c:176
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
Definition: key_state.c:482
void key_state_free(key_state_t *key_state)
Definition: key_state.c:214
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
Definition: key_state.c:462
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
Definition: key_state.c:436
int key_state_create(key_state_t *key_state)
Definition: key_state.c:519
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
Definition: key_state.c:417
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
Definition: key_state.c:449
@ KEY_STATE_TYPE_DNSKEY
Definition: key_state.h:44
@ KEY_STATE_TYPE_RRSIG
Definition: key_state.h:43
@ KEY_STATE_TYPE_DS
Definition: key_state.h:42
@ KEY_STATE_TYPE_RRSIGDNSKEY
Definition: key_state.h:45
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
const int ksk_mapping[5][4]
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
const int zsk_mapping[5][4]
const int ds_at_parent[5]
struct cmd_func_block key_import_funcblock
#define NARGV
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
unsigned int policy_parent_ds_ttl(const policy_t *policy)
Definition: policy.c:1061
unsigned int policy_keys_ttl(const policy_t *policy)
Definition: policy.c:965
unsigned int policy_zone_soa_ttl(const policy_t *policy)
Definition: policy.c:1013
unsigned int policy_zone_soa_minimum(const policy_t *policy)
Definition: policy.c:1021
unsigned int policy_denial_ttl(const policy_t *policy)
Definition: policy.c:909
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
Definition: policy.c:885
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition: policy.c:1987
void policy_free(policy_t *policy)
Definition: policy.c:518
policy_denial_type
Definition: policy.h:40
@ POLICY_DENIAL_TYPE_NSEC3
Definition: policy.h:43
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
Definition: policy_key.c:1562
unsigned int policy_key_minimize(const policy_key_t *policy_key)
Definition: policy_key.c:566
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition: policy_key.c:510
Definition: policy.h:60
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
Definition: zone_db.c:736
const db_value_t * zone_db_id(const zone_db_t *zone)
Definition: zone_db.c:728
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone_db.c:1569