OpenDNSSEC-enforcer  2.1.9
keystate_import_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 NLNet Labs
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  *
26  */
27 
28 #include "config.h"
29 #include <getopt.h>
30 
31 #include "cmdhandler.h"
33 #include "daemon/engine.h"
34 #include "file.h"
35 #include "log.h"
36 #include "str.h"
37 #include "clientpipe.h"
38 #include "duration.h"
39 #include "libhsm.h"
40 #include "libhsmdns.h"
41 #include "db/key_data.h"
42 #include "db/db_error.h"
43 
46 
47 static const char *module_str = "keystate_import_cmd";
48 /* 5 states are: generate, publish, ready, active and retire */
49 /* For every state we should specify the values of DS, DNSKEY, RRSIGDNSKEY
50  and RRSIG. These values can be HIDDEN(0), RUMOURED(1), OMNIPRESENT(2),
51  UNRETENTIVE(3), NA(4)*/
52 const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
53 const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
54 const int ds_at_parent [5] = {0,0,1,3,5};
55 
56 
57 static int max(int a, int b) { return a>b?a:b; }
58 static int min(int a, int b) { return a<b?a:b; }
59 
60 
61 int
63  const char *ckaid, const char *rep, const char *zonename,
64  int bits, int alg, int keytype, unsigned int time)
65 {
66  hsm_ctx_t *hsm_ctx;
67  hsm_key_t *hsm_key = NULL;
68  char *hsm_err;
69  libhsm_key_t *libhsmkey;
70  zone_db_t *zone;
71 
72  /* Create an HSM context and check that the repository exists */
73  if (!(hsm_ctx = hsm_create_context())) {
74  return -1;
75  }
76  if (!hsm_token_attached(hsm_ctx, rep)) {
77  if ((hsm_err = hsm_get_error(hsm_ctx))) {
78  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
79  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
80  free(hsm_err);
81  }
82  else {
83  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
84  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
85  }
86  hsm_destroy_context(hsm_ctx);
87  return -1;
88  }
89 
90  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
91  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
92  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
93  hsm_destroy_context(hsm_ctx);
94  return -1;
95  }
96  libhsm_key_free(libhsmkey);
97  hsm_key = hsm_key_new_get_by_locator(dbconn, ckaid);
98  if (hsm_key) {
99  ods_log_error("[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
100  client_printf_err(sockfd, "Already used this key with this locator: %s\n", ckaid);
102  hsm_destroy_context(hsm_ctx);
103  return -1;
104  }
105 
106  zone = zone_db_new_get_by_name(dbconn, zonename);
107  if (!(hsm_key = hsm_key_new(dbconn))
109  || hsm_key_set_bits(hsm_key, bits)
112  || hsm_key_set_locator(hsm_key, ckaid)
115  || hsm_key_set_role(hsm_key, keytype)
118  {
119  ods_log_error("[%s] hsm key creation failed, database or memory error", module_str);
121  hsm_destroy_context(hsm_ctx);
122  zone_db_free(zone);
123  return -1;
124  }
125  ods_log_debug("[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
127  hsm_destroy_context(hsm_ctx);
128  zone_db_free(zone);
129  return 0;
130 }
131 
132 int
134  const char *ckaid, const char *rep, const char *zonename,
135  int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
136 {
137  key_data_t *key_data = NULL;
138  hsm_ctx_t *hsm_ctx;
139  char *hsm_err;
140  uint16_t tag;
141  hsm_key_t * hsmkey;
142  libhsm_key_t *libhsmkey;
143  zone_db_t *zone;
144 
145  /* Create a HSM context and check that the repository exists */
146  if (!(hsm_ctx = hsm_create_context())) {
147  return -1;
148  }
149  if (!hsm_token_attached(hsm_ctx, rep)) {
150  if ((hsm_err = hsm_get_error(hsm_ctx))) {
151  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
152  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
153  free(hsm_err);
154  }
155  else {
156  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
157  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
158  }
159  hsm_destroy_context(hsm_ctx);
160  return -1;
161  }
162 
163  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
164  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
165  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
166  hsm_destroy_context(hsm_ctx);
167  return -1;
168  }
169  libhsm_key_free(libhsmkey);
170  if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, ckaid))) {
171  ods_log_error("[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
172  hsm_destroy_context(hsm_ctx);
173  return -1;
174  }
175  if (hsm_keytag(ckaid, alg, KEY_DATA_ROLE_SEP(keytype), &tag)) {
176  ods_log_error("[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
177  }
178 
179  zone = zone_db_new_get_by_name(dbconn, zonename);
180  if (!(key_data = key_data_new(dbconn))
185  || key_data_set_introducing (key_data, keystate < 4 ? 1 : 0)
186  || key_data_set_active_zsk(key_data, keytype == 1 || keystate < 2 || keystate > 3 ? 0 : 1)
187  || key_data_set_publish(key_data,0 < keystate ? 1 : 0)
188  || key_data_set_active_ksk(key_data, keytype == 2 || keystate == 0 ? 0 : 1)
189  || key_data_set_role(key_data, keytype)
190  || key_data_set_ds_at_parent(key_data, keytype == 1 ? ds_at_parent[keystate] : 0)
194  {
195  ods_log_error("[%s] key data creation failed, database or memory error", module_str);
196  hsm_key_free(hsmkey);
198  hsm_destroy_context(hsm_ctx);
199  zone_db_free(zone);
200  return -1;
201  }
202  zone_db_free(zone);
203  ods_log_debug("[%s] key data with this locator %s is created successfully", module_str, ckaid);
205  hsm_destroy_context(hsm_ctx);
206  db_value_copy (hsmkey_id, hsm_key_id(hsmkey));
207  hsm_key_free(hsmkey);
208  return 0;
209 }
210 
211 int
213  const char *ckaid, const char *rep, const char *zonename,
214  int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
215 {
216  key_state_t *key_state = NULL;
217  hsm_ctx_t *hsm_ctx;
218  char *hsm_err;
219  int ttl;
220  key_data_t* key;
221  const db_value_t* keydataid;
222  policy_t* policy;
223  libhsm_key_t *libhsmkey;
224  zone_db_t *zone;
225 
226  /* Create a HSM context and check that the repository exists */
227  if (!(hsm_ctx = hsm_create_context())) {
228  return -1;
229  }
230  if (!hsm_token_attached(hsm_ctx, rep)) {
231  if ((hsm_err = hsm_get_error(hsm_ctx))) {
232  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
233  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
234  free(hsm_err);
235  }
236  else {
237  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
238  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
239  }
240  hsm_destroy_context(hsm_ctx);
241  return -1;
242  }
243 
244  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
245  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
246  client_printf(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
247  hsm_destroy_context(hsm_ctx);
248  return -1;
249  }
250  libhsm_key_free(libhsmkey);
251  key = key_data_new_get_by_hsm_key_id(dbconn, hsmkeyid);
252  keydataid = key_data_id(key);
253 
254  policy = policy_new(dbconn);
255  zone = zone_db_new_get_by_name(dbconn, zonename);
257  zone_db_free(zone);
258 
259  if (!(key_state = key_state_new(dbconn))
260  || key_state_set_key_data_id(key_state, keydataid)
265  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][0] : zsk_mapping[keystate][0])
267  {
268  ods_log_error("[%s] key state creation for DS failed, database or memory error", module_str);
269  key_data_free(key);
272  hsm_destroy_context(hsm_ctx);
273  return -1;
274  }
276 
277  if (!(key_state = key_state_new(dbconn))
278  || key_state_set_key_data_id(key_state, keydataid)
283  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][1] : zsk_mapping[keystate][1])
285  {
286  ods_log_error("[%s] key state creation for DNSKEY failed, database or memory error", module_str);
287  key_data_free(key);
290  hsm_destroy_context(hsm_ctx);
291  return -1;
292  }
294 
295  if (!(key_state = key_state_new(dbconn))
296  || key_state_set_key_data_id(key_state, keydataid)
300  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][2] : zsk_mapping[keystate][2])
302  {
303  ods_log_error("[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
304  key_data_free(key);
307  hsm_destroy_context(hsm_ctx);
308  return -1;
309  }
311 
318 
319  if (!(key_state = key_state_new(dbconn))
320  || key_state_set_key_data_id(key_state, keydataid)
321  /* || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))*/
325  || key_state_set_ttl (key_state, ttl)
326  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][3] : zsk_mapping[keystate][3])
328  {
329  ods_log_error("[%s] key state creation for RRSIG failed, database or memory error", module_str);
330  key_data_free(key);
333  hsm_destroy_context(hsm_ctx);
334  return -1;
335  }
336  ods_log_debug("[%s] key state with this locator %s is created successfully", module_str, ckaid);
337 
338  key_data_free(key);
341  hsm_destroy_context(hsm_ctx);
342 
343  return 0;
344 }
345 
346 
347 
348 static void
349 usage(int sockfd)
350 {
351  client_printf(sockfd,
352  "key import\n"
353  " --cka_id <CKA_ID> aka -k\n"
354  " --repository <repository> aka -r\n"
355  " --zone <zone> aka -z\n"
356  " --bits <size> aka -b\n"
357  " --algorithm <algorithm> aka -g\n"
358  " --keystate <state> aka -e\n"
359  " --keytype <type> aka -t\n"
360  " --inception_time <time> aka -w\n"
361  );
362 }
363 
364 static void
365 help(int sockfd)
366 {
367  client_printf(sockfd,
368  "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
369  "\nOptions:\n"
370  "cka_id specify the locator of the key\n"
371  "repository name of the repository which the key must be stored\n"
372  "zone name of the zone for which this key is to be used\n"
373  "bits key size in bits\n"
374  "algorithm algorithm number \n"
375  "keystate state of the key in which the key will be after import\n"
376  "keytype type of the key, KSK, ZSK or CSK\n"
377  "inception_time time of inception\n\n");
378 }
379 
380 static int
381 run(int sockfd, cmdhandler_ctx_type* context, const char *cmd)
382 {
383  #define NARGV 18
384  char buf[ODS_SE_MAXLINE];
385  const char *argv[NARGV];
386  int argc = 0, long_index = 0, opt = 0;
387  const char *ckaid = NULL;
388  const char *repository = NULL;
389  const char *zonename = NULL;
390  const char *bits = NULL;
391  const char *algorithm = NULL;
392  const char* keytype = NULL;
393  const char* keystate = NULL;
394  const char *time = NULL;
395  zone_db_t *zone = NULL;
396  time_t inception = 0;
397  struct tm tm;
398  int setmin;
399  db_value_t *hsmkey_id;
401  db_connection_t* dbconn = getconnectioncontext(context);
402 
403  static struct option long_options[] = {
404  {"zone", required_argument, 0, 'z'},
405  {"cka_id", required_argument, 0, 'k'},
406  {"repository", required_argument, 0, 'r'},
407  {"bits", required_argument, 0, 'b'},
408  {"algorithm", required_argument, 0, 'g'},
409  {"keytype", required_argument, 0, 't'},
410  {"keystate", required_argument, 0, 'e'},
411  {"inception_time", required_argument, 0, 'w'},
412  {0, 0, 0, 0}
413  };
414 
415  ods_log_debug("[%s] %s command", module_str, key_import_funcblock.cmdname);
416 
417  /* Use buf as an intermediate buffer for the command.*/
418  strncpy(buf, cmd, sizeof(buf));
419  buf[sizeof(buf)-1] = '\0';
420 
421  /* separate the arguments*/
422  argc = ods_str_explode(buf, NARGV, argv);
423  if (argc == -1) {
424  client_printf_err(sockfd, "too many arguments\n");
425  ods_log_error("[%s] too many arguments for %s command",
426  module_str, key_import_funcblock.cmdname);
427  return -1;
428  }
429 
430  optind = 0;
431  while ((opt = getopt_long(argc, (char* const*)argv, "z:k:r:b:g:t:e:w:", long_options, &long_index)) != -1) {
432  switch (opt) {
433  case 'z':
434  zonename = optarg;
435  break;
436  case 'k':
437  ckaid = optarg;
438  break;
439  case 'r':
440  repository = optarg;
441  break;
442  case 'b':
443  bits = optarg;
444  break;
445  case 'g':
446  algorithm = optarg;
447  break;
448  case 't':
449  keytype = optarg;
450  break;
451  case 'e':
452  keystate = optarg;
453  break;
454  case 'w':
455  time = optarg;
456  break;
457  default:
458  client_printf_err(sockfd, "unknown arguments\n");
459  ods_log_error("[%s] unknown arguments for %s command",
460  module_str, key_import_funcblock.cmdname);
461  return -1;
462  }
463  }
464 
465  if (keytype) {
466  if (strcasecmp(keytype, "KSK") && strcasecmp(keytype, "ZSK") && strcasecmp(keytype, "CSK")) {
467  ods_log_error("[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
468  client_printf_err(sockfd, "unknown keytype, should be one of KSK, ZSK, or CSK\n");
469  return -1;
470  }
471  }
472  else {
473  ods_log_error("[%s] specify keytype for command %s", module_str, cmd);
474  client_printf_err(sockfd, "specify keytype: ZSK, KSK or CSK\n");
475  return -1;
476  }
477 
478  if (keystate) {
479  if (strcasecmp(keystate, "generate") && strcasecmp(keystate, "publish") && strcasecmp(keystate, "ready") && strcasecmp(keystate, "active") && strcasecmp(keystate, "retire") && strcasecmp(keystate, "revoke")) {
480  ods_log_error("[%s] unknown keystate", module_str);
481  client_printf_err(sockfd, "unknown keystate: states are generate, publish, ready, active or retire\n");
482  return -1;
483  }
484  }
485  else {
486  ods_log_error("[%s] specify keystate for command %s", module_str, cmd);
487  client_printf_err(sockfd, "specify keystate: generate, publish, ready, active or retire\n");
488  return -1;
489  }
490 
491  if (!zonename) {
492  ods_log_error("[%s] expected --zone for %s command", module_str, key_import_funcblock.cmdname);
493  client_printf_err(sockfd, "expected --zone \n");
494  return -1;
495  }
496  if (zonename && !(zone = zone_db_new_get_by_name(dbconn, zonename))) {
497  ods_log_error("[%s] Unknown zone: %s", module_str, zonename);
498  client_printf_err(sockfd, "Unknown zone: %s\n", zonename);
499  return -1;
500  }
501  free(zone);
502  zone = NULL;
503 
504  if (!algorithm) {
505  ods_log_error("[%s] specify an algorithm for command %s", module_str, cmd);
506  client_printf_err(sockfd, "specify an algorithm\n");
507  return -1;
508  }
509  if (!bits) {
510  ods_log_error("[%s] specify bits for command %s", module_str, cmd);
511  client_printf_err(sockfd, "specify bits\n");
512  return -1;
513  }
514  if (!repository) {
515  ods_log_error("[%s] specify repository for command %s", module_str, cmd);
516  client_printf_err(sockfd, "specify repository \n");
517  return -1;
518  }
519 
520  if (time && strptime(time, "%Y-%m-%d-%H:%M:%S", &tm)) {
521  tm.tm_isdst = -1;
522  inception = mktime(&tm);
523  }
524  else {
525  ods_log_error("[%s] specify inception time for command %s", module_str, cmd);
526  client_printf_err(sockfd, "specify inception time YYYY-MM-DD-HH:MM:SS\n");
527  return -1;
528  }
529 
530  /* gen = 0, pub = 1, ready = 2, act = 3, ... */
531  int state = -1;
532  if (!strcasecmp(keystate, "generate"))
533  state = 0;
534  else if (!strcasecmp(keystate,"publish"))
535  state = 1;
536  else if (!strcasecmp(keystate, "ready"))
537  state = 2;
538  else if (!strcasecmp(keystate, "active"))
539  state = 3;
540  else if (!strcasecmp(keystate, "retire"))
541  state = 4;
542  else if (!strcasecmp(keystate, "revoke"))
543  state = 5;
544 
545  int type = -1;
546  if (!strcasecmp(keytype, "KSK"))
547  type = 1;
548  else if (!strcasecmp(keytype, "ZSK"))
549  type = 2;
550  else if (!strcasecmp(keytype, "CSK"))
551  type = 3;
552 
553  hsmkey_id = db_value_new();
554  zone = zone_db_new_get_by_name(dbconn, zonename);
556  zone_db_free(zone);
557  if (!policy_key) {
558  ods_log_error("Unable to get policyKey, database error!");
559  client_printf_err(sockfd, "Unable to get policyKey, database error!\n");
560  db_value_free((void*)hsmkey_id);
561  return -1;
562  }
563 
564  if (atoi(algorithm) != policy_key_algorithm(policy_key)) {
565  ods_log_error("Error: the given algorithm in import command doesn't match the algorithm in kasp");
566  client_printf_err(sockfd, "The given algorithm doesn't match the algorithm in kasp\n");
567  db_value_free((void*)hsmkey_id);
569  return -1;
570  }
571 
574 
575  /* perform task immediately */
576  if (perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (unsigned int)inception)
577  || perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (unsigned int)inception, setmin, hsmkey_id)
578  || perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (unsigned int)inception, hsmkey_id)) {
579  ods_log_error("[%s] Error: Unable to add key to the database", module_str);
580  db_value_free((void*)hsmkey_id);
581  return -1;
582  }
583  db_value_free((void*)hsmkey_id);
584  client_printf(sockfd, "Key imported into zone %s\n", zonename);
585  return 0;
586 }
587 
588 struct cmd_func_block key_import_funcblock = {
589  "key import", &usage, &help, NULL, &run
590 };
db_value_t * db_value_new()
Definition: db_value.c:40
int db_value_copy(db_value_t *value, const db_value_t *from_value)
Definition: db_value.c:77
void db_value_free(db_value_t *value)
Definition: db_value.c:51
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition: hsm_key.c:244
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition: hsm_key.c:658
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition: hsm_key.c:625
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition: hsm_key.c:671
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition: hsm_key.c:638
int hsm_key_create(hsm_key_t *hsm_key)
Definition: hsm_key.c:927
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition: hsm_key.c:681
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition: hsm_key.c:694
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition: hsm_key.c:584
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition: hsm_key.c:1205
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition: hsm_key.c:603
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition: hsm_key.c:648
enum hsm_key_state hsm_key_state_t
@ HSM_KEY_STATE_PRIVATE
Definition: hsm_key.h:43
@ HSM_KEY_KEY_TYPE_RSA
Definition: hsm_key.h:61
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
Definition: key_data.c:966
const db_value_t * key_data_id(const key_data_t *key_data)
Definition: key_data.c:553
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
Definition: key_data.c:890
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
Definition: key_data.c:903
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
Definition: key_data.c:913
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
Definition: key_data.c:923
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
Definition: key_data.c:832
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
Definition: key_data.c:870
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
Definition: key_data.c:880
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
Definition: key_data.c:851
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
Definition: key_data.c:956
int key_data_create(key_data_t *key_data)
Definition: key_data.c:1093
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:943
key_data_t * key_data_new(const db_connection_t *connection)
Definition: key_data.c:264
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
Definition: key_data.c:2530
unsigned int key_data_minimize(const key_data_t *key_data)
Definition: key_data.c:775
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
Definition: key_data.c:933
#define KEY_DATA_ROLE_SEP(role)
Definition: key_data.h:48
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
Definition: key_state.c:472
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
Definition: key_state.c:482
void key_state_free(key_state_t *key_state)
Definition: key_state.c:214
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
Definition: key_state.c:462
key_state_t * key_state_new(const db_connection_t *connection)
Definition: key_state.c:176
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
Definition: key_state.c:436
int key_state_create(key_state_t *key_state)
Definition: key_state.c:519
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
Definition: key_state.c:417
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
Definition: key_state.c:449
@ KEY_STATE_TYPE_DNSKEY
Definition: key_state.h:44
@ KEY_STATE_TYPE_RRSIG
Definition: key_state.h:43
@ KEY_STATE_TYPE_DS
Definition: key_state.h:42
@ KEY_STATE_TYPE_RRSIGDNSKEY
Definition: key_state.h:45
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
const int ksk_mapping[5][4]
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
const int zsk_mapping[5][4]
const int ds_at_parent[5]
struct cmd_func_block key_import_funcblock
#define NARGV
unsigned int policy_parent_ds_ttl(const policy_t *policy)
Definition: policy.c:1061
unsigned int policy_keys_ttl(const policy_t *policy)
Definition: policy.c:965
unsigned int policy_zone_soa_ttl(const policy_t *policy)
Definition: policy.c:1013
unsigned int policy_zone_soa_minimum(const policy_t *policy)
Definition: policy.c:1021
unsigned int policy_denial_ttl(const policy_t *policy)
Definition: policy.c:909
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
Definition: policy.c:885
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition: policy.c:1987
void policy_free(policy_t *policy)
Definition: policy.c:518
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
policy_denial_type
Definition: policy.h:40
@ POLICY_DENIAL_TYPE_NSEC3
Definition: policy.h:43
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
Definition: policy_key.c:1562
unsigned int policy_key_minimize(const policy_key_t *policy_key)
Definition: policy_key.c:566
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition: policy_key.c:510
Definition: policy.h:60
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
const db_value_t * zone_db_id(const zone_db_t *zone)
Definition: zone_db.c:728
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
Definition: zone_db.c:736
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone_db.c:1569