49 #include <libhsmdns.h>
50 #include <ldns/ldns.h>
66 #define HIDDEN KEY_STATE_STATE_HIDDEN
67 #define RUMOURED KEY_STATE_STATE_RUMOURED
68 #define OMNIPRESENT KEY_STATE_STATE_OMNIPRESENT
69 #define UNRETENTIVE KEY_STATE_STATE_UNRETENTIVE
70 #define NA KEY_STATE_STATE_NA
72 static const char *module_str =
"enforcer";
75 #define NOKEY_TIMEOUT 60
84 static int max(
int a,
int b) {
return a>b?a:b; }
85 static int min(
int a,
int b) {
return a<b?a:b; }
97 minTime(
const time_t t, time_t* min)
100 if ( (t < *min || *min < 0) && t >= 0 ) *min = t;
113 addtime(
const time_t t,
const int seconds)
115 struct tm *tp = localtime(&t);
117 tp->tm_sec += seconds;
322 for (i = 0; i < keylist_size; i++) {
323 if (match(keylist[i],
future_key, same_algorithm, mask) > 0)
339 if (!successor_key || !predecessor_key || !
future_key)
343 if (!
key_data_cmp(successor_key, predecessor_key))
return 0;
402 successor_rec(
key_data_t** keylist,
size_t keylist_size,
416 if (!successor_key) {
419 if (!predecessor_key) {
505 if (!cmp && isPotentialSuccessor(successor_key, predecessor_key,
future_key, type) > 0) {
573 if (successor_rec(keylist, keylist_size, from_key, predecessor_key,
future_key, type, deplist_ext) > 0) {
586 for (i = 0; i < keylist_size; i++) {
594 if (isPotentialSuccessor(successor_key, keylist[i],
future_key, type) > 0) {
604 if (successor_rec(keylist+1, keylist_size-1, successor_key, keylist[i],
future_key, type, deplist_ext) > 0) {
631 if (!successor_key) {
634 if (!predecessor_key) {
658 return successor_rec(keylist, keylist_size, successor_key, predecessor_key,
future_key, type, deplist);
668 exists_with_successor(
key_data_t** keylist,
size_t keylist_size,
688 for (i = 0; i < keylist_size; i++) {
689 if (match(keylist[i],
future_key, same_algorithm, successor_mask) < 1) {
693 for (j = 0; j < keylist_size; j++) {
695 || match(keylist[j],
future_key, same_algorithm, predecessor_mask) < 1)
700 if (successor(keylist, keylist_size, keylist[i], keylist[j],
future_key, type, deplist) > 0) {
715 unsignedOk(
key_data_t** keylist,
size_t keylist_size,
732 for (i = 0; i < keylist_size; i++) {
755 if (cmp_mask[0] ==
HIDDEN || cmp_mask[0] ==
NA) {
761 if (cmp_mask[1] ==
HIDDEN || cmp_mask[1] ==
NA) {
767 if (cmp_mask[2] ==
HIDDEN || cmp_mask[2] ==
NA) {
773 if (cmp_mask[3] ==
HIDDEN || cmp_mask[3] ==
NA) {
782 if (exists(keylist, keylist_size,
future_key, 1, cmp_mask) < 1) {
794 all_DS_hidden(
key_data_t** keylist,
size_t keylist_size,
804 for (i = 0; i < keylist_size; i++) {
808 if (state !=
HIDDEN && state !=
NA)
return 0;
835 return (exists(keylist, keylist_size,
future_key, 0, mask[0]) > 0
836 || exists(keylist, keylist_size,
future_key, 0, mask[1]) > 0);
867 return (exists(keylist, keylist_size,
future_key, 1, mask[0]) > 0
902 return (exists(keylist, keylist_size,
future_key, 1, mask[0]) > 0
906 || all_DS_hidden(keylist, keylist_size,
future_key) > 0);
916 dnssecApproval(
key_data_t** keylist,
size_t keylist_size,
947 || !rule1(keylist, keylist_size,
future_key, 0)
948 || rule1(keylist, keylist_size,
future_key, 1) > 0)
949 && (!rule2(keylist, keylist_size,
future_key, 0, deplist)
950 || rule2(keylist, keylist_size,
future_key, 1, deplist) > 0)
951 && (!rule3(keylist, keylist_size,
future_key, 0, deplist)
952 || rule3(keylist, keylist_size,
future_key, 1, deplist) > 0))
988 return addtime(lastchange, ttl
995 return addtime(lastchange, ttl
1002 return addtime(lastchange, ttl
1022 policyApproval(
key_data_t** keylist,
size_t keylist_size,
1101 return !(exists(keylist, keylist_size,
future_key, 1, mask[6]) > 0
1140 if (exists(keylist, keylist_size,
future_key, 1, mask[0]) > 0
1208 return max((
int)difftime(end_date, now), ttl);
1266 static const char *scmd =
"markSuccessors";
1272 if (!dbconn || !keylist || !
future_key || !deplist || !zone) {
1298 for (i = 0; i < keylist_size; i++) {
1328 ods_log_error(
"[%s] %s: unable to create key dependency between %s and %s",
1353 const time_t now,
int allow_unsigned,
int *zone_updated,
1356 time_t returntime_zone = -1;
1358 static const char *scmd =
"updateZone";
1360 unsigned int j, change;
1370 time_t returntime_key;
1372 int key_data_updated, process, key_state_created;
1373 const db_enum_t* state_enum, *next_state_enum, *type_enum;
1378 ods_log_error(
"[%s] %s: no dbconn", module_str, scmd);
1379 return returntime_zone;
1383 ods_log_error(
"[%s] %s: no policy", module_str, scmd);
1384 return returntime_zone;
1388 ods_log_error(
"[%s] %s: no zone", module_str, scmd);
1389 return returntime_zone;
1391 if (!zone_updated) {
1393 ods_log_error(
"[%s] %s: no zone_updated", module_str, scmd);
1394 return returntime_zone;
1398 ods_log_error(
"[%s] %s: no keylist", module_str, scmd);
1399 return returntime_zone;
1403 ods_log_error(
"[%s] %s: no deplist", module_str, scmd);
1404 return returntime_zone;
1425 ods_log_error(
"[%s] %s: zone_db_set_ttl_end_ds() failed", module_str, scmd);
1437 for (i = 0; i < keylist_size; i++) {
1442 if (keylist_size < i) {
1450 ods_log_error(
"[%s] %s: zone_db_set_ttl_end_dk() failed", module_str, scmd);
1468 ods_log_error(
"[%s] %s: zone_db_set_ttl_end_rs() failed", module_str, scmd);
1479 for (i = 0; process && i < keylist_size; i++) {
1480 key_state_created = 0;
1491 ods_log_error(
"[%s] %s: key state DS creation failed", module_str, scmd);
1497 key_state_created = 1;
1503 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
1522 ods_log_error(
"[%s] %s: key state DNSKEY creation failed", module_str, scmd);
1528 key_state_created = 1;
1534 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
1552 ods_log_error(
"[%s] %s: key state RRSIGDNSKEY creation failed", module_str, scmd);
1558 key_state_created = 1;
1564 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
1583 ods_log_error(
"[%s] %s: key state RRSIG creation failed", module_str, scmd);
1589 key_state_created = 1;
1595 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
1604 if (key_state_created) {
1606 ods_log_error(
"[%s] %s: Unable to recache key states after creating some", module_str, scmd);
1619 for (i = 0; process && i < keylist_size; i++) {
1620 ods_log_verbose(
"[%s] %s: processing key %s %u", module_str, scmd,
1631 ods_log_error(
"[%s] %s: (state || next_state) == INVALID", module_str, scmd);
1663 if (state_enum->
value == (
int)state) {
1672 ods_log_verbose(
"[%s] %s: May %s %s %s in state %s transition to %s?", module_str, scmd,
1677 next_state_enum->
text);
1686 if (policyApproval(keylist, keylist_size, &
future_key, deplist) < 1) {
1689 ods_log_verbose(
"[%s] %s Policy says we can (1/3)", module_str, scmd);
1694 if (dnssecApproval(keylist, keylist_size, &
future_key, allow_unsigned, deplisttmp) < 1) {
1697 ods_log_verbose(
"[%s] %s DNSSEC says we can (2/3)", module_str, scmd);
1712 int zsk_out = exists(keylist, keylist_size, &
future_key,
1714 int zsk_in = exists(keylist, keylist_size, &
future_key,
1722 returntime_key = addtime(returntime_key,
1733 if (returntime_key > now) {
1734 minTime(returntime_key, &returntime_zone);
1738 ods_log_verbose(
"[%s] %s Timing says we can (3/3) now: %lu key: %lu",
1739 module_str, scmd, (
unsigned long)now, (
unsigned long)returntime_key);
1748 ods_log_crit(
"[%s] %s Ready for transition but key material not backed up yet (%s)",
1754 returntime_key = addtime(now, 60);
1755 minTime(returntime_key, &returntime_zone);
1766 key_data_updated = 0;
1783 key_data_updated = 1;
1788 key_data_updated = 1;
1802 key_data_updated = 1;
1812 key_data_updated = 1;
1819 if (key_data_updated) {
1821 ods_log_error(
"[%s] %s: key data update failed", module_str, scmd);
1834 ods_log_error(
"[%s] %s: key data reread failed", module_str, scmd);
1864 ods_log_error(
"[%s] %s: future key type error", module_str, scmd);
1874 ods_log_verbose(
"[%s] %s: Transitioning %s %s %s from %s to %s", module_str, scmd,
1879 next_state_enum->
text);
1886 ods_log_error(
"[%s] %s: key state transition failed", module_str, scmd);
1895 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
1904 if (markSuccessors(dbconn, keylist, keylist_size, &
future_key, deplisttmp, zone) < 0) {
1905 ods_log_error(
"[%s] %s: markSuccessors() error", module_str, scmd);
1915 ods_log_error(
"[%s] %s: Unable to recache key states after transition", module_str, scmd);
1923 }
while (process && change);
1925 return returntime_zone;
1940 if (!key_list || !pkey)
1994 static const char *scmd =
"existsPolicyForKey";
1998 if (!policykeylist) {
2012 ods_log_verbose(
"[%s] %s no hsmkey!", module_str, scmd);
2028 ods_log_verbose(
"[%s] %s not found such config", module_str, scmd);
2038 int max_inception = -1;
2040 if (!key_list || !pkey)
return -1;
2067 return max_inception;
2184 zone_db_t *zone,
const time_t now,
int *allow_unsigned,
int *zone_updated)
2186 time_t return_at = -1;
2196 static const char *scmd =
"updatePolicy";
2206 ods_log_error(
"[%s] %s: no dbconn", module_str, scmd);
2211 ods_log_error(
"[%s] %s: no policy", module_str, scmd);
2216 ods_log_error(
"[%s] %s: no zone", module_str, scmd);
2219 if (!allow_unsigned) {
2221 ods_log_error(
"[%s] %s: no allow_unsigned", module_str, scmd);
2224 if (!zone_updated) {
2226 ods_log_error(
"[%s] %s: no zone_updated", module_str, scmd);
2230 ods_log_verbose(
"[%s] %s: policyName: %s", module_str, scmd,
policy_name(
policy));
2238 ods_log_error(
"[%s] %s: error policy_get_policy_keys()", module_str, scmd);
2249 ods_log_error(
"[%s] %s: error zone_db_get_keys()", module_str, scmd);
2259 ret = existsPolicyForKey(policykeylist,
key);
2262 ods_log_error(
"[%s] %s: error existsPolicyForKey() < 0", module_str, scmd);
2273 ods_log_error(
"[%s] %s: error update mutkey", module_str, scmd);
2289 *allow_unsigned = pkey ? 0 : 1;
2295 ods_log_error(
"[%s] %s: zone_db_set_signconf_needs_writing() failed", module_str, scmd);
2308 force_roll = enforce_roll(zone, pkey);
2314 if (!key_for_conf(keylist, pkey)) {
2317 else if (!force_roll) {
2333 inception = last_inception_policy(keylist, pkey);
2334 if (inception != -1 &&
2338 minTime(t_ret, &return_at);
2339 setnextroll(zone, pkey, t_ret);
2348 ods_log_verbose(
"[%s] %s: New key needed for role %s",
2361 ods_log_error(
"[%s] %s: For policy %s %s key lifetime of %d "
2362 "is unreasonably short with respect to sum of parent "
2363 "TTL (%d) and key TTL (%d). Will not insert key!",
2367 setnextroll(zone, pkey, now);
2376 ods_log_crit(
"[%s] %s: For policy %s %s key lifetime of %d "
2377 "is unreasonably short with respect to sum of "
2378 "MaxZoneTTL (%d) and key TTL (%d). Will not insert key!",
2382 setnextroll(zone, pkey, now);
2392 hsmkey = getLastReusableKey(keylist, pkey);
2407 ods_log_warning(
"[%s] %s: No keys available in HSM for policy %s, retry in %d seconds",
2410 setnextroll(zone, pkey, now);
2414 ods_log_verbose(
"[%s] %s: got new key from HSM", module_str, scmd);
2451 ods_log_error(
"[%s] %s: error new key", module_str, scmd);
2470 ods_log_error(
"[%s] %s: error keytag", module_str, scmd);
2487 ods_log_error(
"[%s] %s: error key_data_create()", module_str, scmd);
2498 minTime(t_ret, &return_at);
2499 setnextroll(zone, pkey, t_ret);
2526 ods_log_error(
"[%s] %s: error update mutkey2", module_str, scmd);
2536 ods_log_verbose(
"[%s] %s: decommissioning old key: %s", module_str, scmd,
hsm_key_locator(hsmkey2));
2553 if (enforce_roll(zone, pkey)) {
2554 if (set_roll(zone, pkey, 0)) {
2556 ods_log_error(
"[%s] %s: error set_roll()", module_str, scmd);
2574 const int purgetime)
2576 static const char *scmd =
"removeDeadKeys";
2577 time_t first_purge = -1, key_time;
2578 size_t i, deplist2_size = 0;
2579 int key_purgable, cmp;
2590 if (deplist2_size > 0)
2592 for (i = 1; i < deplist2_size; i++)
2595 for (i = 0; i < keylist_size; i++) {
2599 for (j = 0; j<4; j++) {
2615 if (key_time != -1) key_time = addtime(key_time, purgetime);
2618 if (now >= key_time) {
2624 ods_log_info(
"[%s] %s deleting key: %s", module_str, scmd,
2633 ods_log_error(
"[%s] %s: key_state_delete() || key_data_delete() || hsm_key_factory_release_key() failed", module_str, scmd);
2640 minTime(key_time, &first_purge);
2644 for (j = 0; j < deplist2_size; j++) {
2645 if (!deplist2[j])
continue;
2648 ods_log_error(
"[%s] %s: cmp deplist from failed", module_str, scmd);
2655 ods_log_error(
"[%s] %s: key_dependency_delete() failed", module_str, scmd);
2661 for (i = 0; i < deplist2_size; i++){
2667 ods_log_info(
"[%s] %s: keys deleted from HSM: %d", module_str, scmd, deleteCount);
2675 int allow_unsigned = 0;
2676 time_t policy_return_time, zone_return_time, purge_return_time = -1, return_time;
2680 size_t keylist_size, i;
2682 static const char *scmd =
"update";
2683 int key_data_updated;
2686 ods_log_error(
"[%s] no engine", module_str);
2690 ods_log_error(
"[%s] no dbconn", module_str);
2694 ods_log_error(
"[%s] no zone", module_str);
2698 ods_log_error(
"[%s] no policy", module_str);
2701 if (!zone_updated) {
2702 ods_log_error(
"[%s] no zone_updated", module_str);
2706 ods_log_info(
"[%s] update zone: %s", module_str,
zone_db_name(zone));
2712 ods_log_info(
"[%s] KSK Rollover for zone %s is impending, "
2713 "rollover will happen at %s",
2721 ods_log_info(
"[%s] CSK Rollover for zone %s is impending, "
2722 "rollover will happen at %s",
2731 policy_return_time = updatePolicy(engine, dbconn,
policy, zone, now, &allow_unsigned, zone_updated);
2733 if (allow_unsigned) {
2734 ods_log_info(
"[%s] No keys configured for %s, zone will become unsigned eventually",
2743 ods_log_error(
"[%s] %s: error zone_db_get_key_dependencies()", module_str, scmd);
2749 ods_log_error(
"[%s] %s: error zone_db_get_keys()", module_str, scmd);
2766 ods_log_error(
"[%s] %s: error calloc(keylist_size)", module_str, scmd);
2771 for (i = 0; i < keylist_size; i++) {
2782 ods_log_error(
"[%s] %s: error key_data_list cache", module_str, scmd);
2783 for (i = 0; i < keylist_size; i++) {
2800 zone_return_time = updateZone(dbconn,
policy, zone, now, allow_unsigned, zone_updated,
2801 keylist, keylist_size, deplist);
2807 purge_return_time = removeDeadKeys(dbconn, keylist, keylist_size, deplist, now,
2816 for (i = 0; i < keylist_size; i++) {
2817 key_data_updated = 0;
2823 key_data_updated = 1;
2832 ods_log_error(
"[%s] %s: key_data_set_publish() failed",
2837 key_data_updated = 1;
2849 ods_log_error(
"[%s] %s: key_data_set_active_ksk() failed",
2854 key_data_updated = 1;
2866 ods_log_error(
"[%s] %s: key_data_set_active_zsk() failed",
2871 key_data_updated = 1;
2875 if (key_data_updated) {
2877 ods_log_error(
"[%s] %s: key_data_update() failed",
2887 for (i = 0; i < keylist_size; i++) {
2895 return_time = zone_return_time;
2896 minTime(policy_return_time, &return_time);
2910 minTime(purge_return_time, &return_time);
int db_value_cmp(const db_value_t *value_a, const db_value_t *value_b, int *result)
time_t update(engine_type *engine, db_connection_t *dbconn, zone_db_t *zone, policy_t const *policy, time_t now, int *zone_updated)
void hsm_key_free(hsm_key_t *hsm_key)
const char * hsm_key_repository(const hsm_key_t *hsm_key)
hsm_key_t * hsm_key_list_get_begin(hsm_key_list_t *hsm_key_list)
hsm_key_t * hsm_key_list_get_next(hsm_key_list_t *hsm_key_list)
void hsm_key_list_free(hsm_key_list_t *hsm_key_list)
unsigned int hsm_key_algorithm(const hsm_key_t *hsm_key)
unsigned int hsm_key_bits(const hsm_key_t *hsm_key)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
unsigned int hsm_key_inception(const hsm_key_t *hsm_key)
@ HSM_KEY_BACKUP_BACKUP_REQUESTED
@ HSM_KEY_BACKUP_BACKUP_REQUIRED
#define HSM_KEY_ROLE_SEP(role)
hsm_key_list_t * hsm_key_list_new_get_by_policy_key(const policy_key_t *pkey)
hsm_key_t * hsm_key_factory_get_key(engine_type *engine, const db_connection_t *connection, const policy_key_t *policy_key, hsm_key_state_t hsm_key_state)
int hsm_key_factory_delete_key(const db_connection_t *connection)
int hsm_key_factory_release_key_id(const db_value_t *hsm_key_id, const db_connection_t *connection)
int hsm_key_factory_release_key(hsm_key_t *hsm_key, const db_connection_t *connection)
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
int key_data_cmp(const key_data_t *key_data_a, const key_data_t *key_data_b)
const db_value_t * key_data_hsm_key_id(const key_data_t *key_data)
unsigned int key_data_active_ksk(const key_data_t *key_data)
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
size_t key_data_list_size(key_data_list_t *key_data_list)
int key_data_get_by_id(key_data_t *key_data, const db_value_t *id)
int key_data_update(key_data_t *key_data)
const db_value_t * key_data_id(const key_data_t *key_data)
int key_data_delete(key_data_t *key_data)
void key_data_free(key_data_t *key_data)
key_data_t * key_data_list_get_next(key_data_list_t *key_data_list)
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
const char * key_data_role_text(const key_data_t *key_data)
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
const key_data_t * key_data_list_begin(key_data_list_t *key_data_list)
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
unsigned int key_data_publish(const key_data_t *key_data)
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
void key_data_list_free(key_data_list_t *key_data_list)
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
unsigned int key_data_introducing(const key_data_t *key_data)
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
unsigned int key_data_inception(const key_data_t *key_data)
unsigned int key_data_active_zsk(const key_data_t *key_data)
key_data_t * key_data_list_get_begin(key_data_list_t *key_data_list)
key_data_t * key_data_new_copy(const key_data_t *key_data)
int key_data_cache_hsm_key(key_data_t *key_data)
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
int key_data_create(key_data_t *key_data)
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
key_data_t * key_data_new(const db_connection_t *connection)
unsigned int key_data_algorithm(const key_data_t *key_data)
hsm_key_t * key_data_get_hsm_key(const key_data_t *key_data)
unsigned int key_data_minimize(const key_data_t *key_data)
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
enum key_data_role key_data_role_t
@ KEY_DATA_DS_AT_PARENT_SUBMITTED
@ KEY_DATA_DS_AT_PARENT_RETRACT
@ KEY_DATA_DS_AT_PARENT_UNSUBMITTED
@ KEY_DATA_DS_AT_PARENT_SEEN
@ KEY_DATA_DS_AT_PARENT_SUBMIT
@ KEY_DATA_DS_AT_PARENT_RETRACTED
key_state_t * key_data_get_cached_dnskey(key_data_t *key_data)
int key_data_cache_key_states(key_data_t *key_data)
key_state_t * key_data_get_cached_rrsigdnskey(key_data_t *key_data)
const key_state_t * key_data_cached_rrsigdnskey(key_data_t *key_data)
const key_state_t * key_data_cached_dnskey(key_data_t *key_data)
const hsm_key_t * key_data_cached_hsm_key(const key_data_t *key_data)
key_state_t * key_data_get_cached_rrsig(key_data_t *key_data)
const key_state_t * key_data_cached_rrsig(key_data_t *key_data)
key_state_t * key_data_get_cached_ds(key_data_t *key_data)
const key_state_t * key_data_cached_ds(key_data_t *key_data)
void key_dependency_free(key_dependency_t *key_dependency)
key_dependency_t * key_dependency_list_get_next(key_dependency_list_t *key_dependency_list)
int key_dependency_set_zone_id(key_dependency_t *key_dependency, const db_value_t *zone_id)
const key_dependency_t * key_dependency_list_next(key_dependency_list_t *key_dependency_list)
const db_value_t * key_dependency_from_key_data_id(const key_dependency_t *key_dependency)
key_dependency_list_t * key_dependency_list_new_copy(const key_dependency_list_t *from_key_dependency_list)
key_data_t * key_dependency_get_from_key_data(const key_dependency_t *key_dependency)
int key_dependency_set_type(key_dependency_t *key_dependency, key_dependency_type_t type)
const key_dependency_t * key_dependency_list_begin(key_dependency_list_t *key_dependency_list)
key_dependency_t * key_dependency_list_get_begin(key_dependency_list_t *key_dependency_list)
void key_dependency_list_free(key_dependency_list_t *key_dependency_list)
size_t key_dependency_list_size(key_dependency_list_t *key_dependency_list)
int key_dependency_set_from_key_data_id(key_dependency_t *key_dependency, const db_value_t *from_key_data_id)
const db_value_t * key_dependency_to_key_data_id(const key_dependency_t *key_dependency)
int key_dependency_delete(key_dependency_t *key_dependency)
int key_dependency_create(key_dependency_t *key_dependency)
int key_dependency_set_to_key_data_id(key_dependency_t *key_dependency, const db_value_t *to_key_data_id)
key_dependency_t * key_dependency_new(const db_connection_t *connection)
enum key_dependency_type key_dependency_type_t
@ KEY_DEPENDENCY_TYPE_DNSKEY
@ KEY_DEPENDENCY_TYPE_RRSIGDNSKEY
@ KEY_DEPENDENCY_TYPE_RRSIG
unsigned int key_state_minimize(const key_state_t *key_state)
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
int key_state_delete(const key_state_t *key_state)
const char * key_state_state_text(const key_state_t *key_state)
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
void key_state_free(key_state_t *key_state)
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
key_state_t * key_state_new(const db_connection_t *connection)
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
const char * key_state_type_text(const key_state_t *key_state)
int key_state_create(key_state_t *key_state)
const db_enum_t key_state_enum_set_type[]
const db_enum_t key_state_enum_set_state[]
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
unsigned int key_state_last_change(const key_state_t *key_state)
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
int key_state_update(key_state_t *key_state)
enum key_state_state key_state_state_t
enum key_state_type key_state_type_t
@ KEY_STATE_TYPE_RRSIGDNSKEY
@ KEY_STATE_STATE_INVALID
const char * policy_name(const policy_t *policy)
unsigned int policy_zone_propagation_delay(const policy_t *policy)
unsigned int policy_signatures_validity_denial(const policy_t *policy)
unsigned int policy_keys_purge_after(const policy_t *policy)
unsigned int policy_parent_ds_ttl(const policy_t *policy)
unsigned int policy_signatures_resign(const policy_t *policy)
unsigned int policy_keys_ttl(const policy_t *policy)
unsigned int policy_parent_propagation_delay(const policy_t *policy)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
unsigned int policy_signatures_refresh(const policy_t *policy)
unsigned int policy_denial_ttl(const policy_t *policy)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
unsigned int policy_keys_shared(const policy_t *policy)
unsigned int policy_signatures_jitter(const policy_t *policy)
unsigned int policy_parent_registration_delay(const policy_t *policy)
unsigned int policy_signatures_validity_default(const policy_t *policy)
unsigned int policy_keys_publish_safety(const policy_t *policy)
unsigned int policy_keys_retire_safety(const policy_t *policy)
@ POLICY_DENIAL_TYPE_NSEC3
policy_key_list_t * policy_get_policy_keys(const policy_t *policy)
size_t policy_key_list_size(policy_key_list_t *policy_key_list)
const policy_key_t * policy_key_list_begin(policy_key_list_t *policy_key_list)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
unsigned int policy_key_lifetime(const policy_key_t *policy_key)
unsigned int policy_key_manual_rollover(const policy_key_t *policy_key)
const policy_key_t * policy_key_list_next(policy_key_list_t *policy_key_list)
const char * policy_key_repository(const policy_key_t *policy_key)
void policy_key_list_free(policy_key_list_t *policy_key_list)
const char * policy_key_role_text(const policy_key_t *policy_key)
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
unsigned int policy_key_bits(const policy_key_t *policy_key)
engineconfig_type * config
time_t rollover_notification
key_state_state_t next_state
key_dependency_type_t type
unsigned int next_zsk_roll
unsigned int next_csk_roll
unsigned int next_ksk_roll
unsigned int zone_db_roll_zsk_now(const zone_db_t *zone)
int zone_db_set_ttl_end_dk(zone_db_t *zone, unsigned int ttl_end_dk)
unsigned int zone_db_ttl_end_rs(const zone_db_t *zone)
int zone_db_set_signconf_needs_writing(zone_db_t *zone, unsigned int signconf_needs_writing)
const char * zone_db_name(const zone_db_t *zone)
unsigned int zone_db_ttl_end_ds(const zone_db_t *zone)
int zone_db_set_roll_zsk_now(zone_db_t *zone, unsigned int roll_zsk_now)
int zone_db_set_roll_csk_now(zone_db_t *zone, unsigned int roll_csk_now)
unsigned int zone_db_roll_ksk_now(const zone_db_t *zone)
unsigned int zone_db_next_ksk_roll(const zone_db_t *zone)
unsigned int zone_db_next_csk_roll(const zone_db_t *zone)
int zone_db_set_ttl_end_ds(zone_db_t *zone, unsigned int ttl_end_ds)
int zone_db_set_roll_ksk_now(zone_db_t *zone, unsigned int roll_ksk_now)
unsigned int zone_db_ttl_end_dk(const zone_db_t *zone)
unsigned int zone_db_signconf_needs_writing(const zone_db_t *zone)
unsigned int zone_db_roll_csk_now(const zone_db_t *zone)
int zone_db_set_ttl_end_rs(zone_db_t *zone, unsigned int ttl_end_rs)
const db_value_t * zone_db_id(const zone_db_t *zone)
key_data_list_t * zone_db_get_keys(const zone_db_t *zone)
key_dependency_list_t * zone_db_get_key_dependencies(const zone_db_t *zone)