OpenDNSSEC-enforcer 2.1.13
keystate_import_cmd.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2016 NLNet Labs
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 *
26 */
27
28#include "config.h"
29#include <getopt.h>
30
31#include "cmdhandler.h"
33#include "daemon/engine.h"
34#include "file.h"
35#include "log.h"
36#include "str.h"
37#include "clientpipe.h"
38#include "longgetopt.h"
39#include "duration.h"
40#include "libhsm.h"
41#include "libhsmdns.h"
42#include "db/key_data.h"
43#include "db/db_error.h"
44
47
48static const char *module_str = "keystate_import_cmd";
49/* 5 states are: generate, publish, ready, active and retire */
50/* For every state we should specify the values of DS, DNSKEY, RRSIGDNSKEY
51 and RRSIG. These values can be HIDDEN(0), RUMOURED(1), OMNIPRESENT(2),
52 UNRETENTIVE(3), NA(4)*/
53const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
54const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
55const int ds_at_parent [5] = {0,0,1,3,5};
56
57
58static int max(int a, int b) { return a>b?a:b; }
59static int min(int a, int b) { return a<b?a:b; }
60
61
62int
64 const char *ckaid, const char *rep, const char *zonename,
65 int bits, int alg, int keytype, unsigned int time)
66{
67 hsm_ctx_t *hsm_ctx;
68 hsm_key_t *hsm_key = NULL;
69 char *hsm_err;
70 libhsm_key_t *libhsmkey;
71 zone_db_t *zone;
72
73 /* Create an HSM context and check that the repository exists */
74 if (!(hsm_ctx = hsm_create_context())) {
75 return -1;
76 }
77 if (!hsm_token_attached(hsm_ctx, rep)) {
78 if ((hsm_err = hsm_get_error(hsm_ctx))) {
79 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
80 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
81 free(hsm_err);
82 }
83 else {
84 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
85 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
86 }
87 hsm_destroy_context(hsm_ctx);
88 return -1;
89 }
90
91 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
92 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
93 client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
94 hsm_destroy_context(hsm_ctx);
95 return -1;
96 }
97 libhsm_key_free(libhsmkey);
98 hsm_key = hsm_key_new_get_by_locator(dbconn, ckaid);
99 if (hsm_key) {
100 ods_log_error("[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
101 client_printf_err(sockfd, "Already used this key with this locator: %s\n", ckaid);
103 hsm_destroy_context(hsm_ctx);
104 return -1;
105 }
106
107 zone = zone_db_new_get_by_name(dbconn, zonename);
108 if (!(hsm_key = hsm_key_new(dbconn))
110 || hsm_key_set_bits(hsm_key, bits)
116 || hsm_key_set_role(hsm_key, keytype)
119 {
120 ods_log_error("[%s] hsm key creation failed, database or memory error", module_str);
122 hsm_destroy_context(hsm_ctx);
123 zone_db_free(zone);
124 return -1;
125 }
126 ods_log_debug("[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
128 hsm_destroy_context(hsm_ctx);
129 zone_db_free(zone);
130 return 0;
131}
132
133int
135 const char *ckaid, const char *rep, const char *zonename,
136 int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
137{
138 key_data_t *key_data = NULL;
139 hsm_ctx_t *hsm_ctx;
140 char *hsm_err;
141 uint16_t tag;
142 hsm_key_t * hsmkey;
143 libhsm_key_t *libhsmkey;
144 zone_db_t *zone;
145
146 /* Create a HSM context and check that the repository exists */
147 if (!(hsm_ctx = hsm_create_context())) {
148 return -1;
149 }
150 if (!hsm_token_attached(hsm_ctx, rep)) {
151 if ((hsm_err = hsm_get_error(hsm_ctx))) {
152 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
153 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
154 free(hsm_err);
155 }
156 else {
157 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
158 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
159 }
160 hsm_destroy_context(hsm_ctx);
161 return -1;
162 }
163
164 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
165 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
166 client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
167 hsm_destroy_context(hsm_ctx);
168 return -1;
169 }
170 libhsm_key_free(libhsmkey);
171 if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, ckaid))) {
172 ods_log_error("[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
173 hsm_destroy_context(hsm_ctx);
174 return -1;
175 }
176 if (hsm_keytag(ckaid, alg, KEY_DATA_ROLE_SEP(keytype), &tag)) {
177 ods_log_error("[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
178 }
179
180 zone = zone_db_new_get_by_name(dbconn, zonename);
181 if (!(key_data = key_data_new(dbconn))
186 || key_data_set_introducing (key_data, keystate < 4 ? 1 : 0)
187 || key_data_set_active_zsk(key_data, keytype == 1 || keystate < 2 || keystate > 3 ? 0 : 1)
188 || key_data_set_publish(key_data,0 < keystate ? 1 : 0)
189 || key_data_set_active_ksk(key_data, keytype == 2 || keystate == 0 ? 0 : 1)
190 || key_data_set_role(key_data, keytype)
191 || key_data_set_ds_at_parent(key_data, keytype == 1 ? ds_at_parent[keystate] : 0)
195 {
196 ods_log_error("[%s] key data creation failed, database or memory error", module_str);
197 hsm_key_free(hsmkey);
199 hsm_destroy_context(hsm_ctx);
200 zone_db_free(zone);
201 return -1;
202 }
203 zone_db_free(zone);
204 ods_log_debug("[%s] key data with this locator %s is created successfully", module_str, ckaid);
206 hsm_destroy_context(hsm_ctx);
207 db_value_copy (hsmkey_id, hsm_key_id(hsmkey));
208 hsm_key_free(hsmkey);
209 return 0;
210}
211
212int
214 const char *ckaid, const char *rep, const char *zonename,
215 int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
216{
217 key_state_t *key_state = NULL;
218 hsm_ctx_t *hsm_ctx;
219 char *hsm_err;
220 int ttl;
221 key_data_t* key;
222 const db_value_t* keydataid;
224 libhsm_key_t *libhsmkey;
225 zone_db_t *zone;
226
227 /* Create a HSM context and check that the repository exists */
228 if (!(hsm_ctx = hsm_create_context())) {
229 return -1;
230 }
231 if (!hsm_token_attached(hsm_ctx, rep)) {
232 if ((hsm_err = hsm_get_error(hsm_ctx))) {
233 ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
234 client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
235 free(hsm_err);
236 }
237 else {
238 ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
239 client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
240 }
241 hsm_destroy_context(hsm_ctx);
242 return -1;
243 }
244
245 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
246 ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
247 client_printf(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
248 hsm_destroy_context(hsm_ctx);
249 return -1;
250 }
251 libhsm_key_free(libhsmkey);
252 key = key_data_new_get_by_hsm_key_id(dbconn, hsmkeyid);
253 keydataid = key_data_id(key);
254
255 policy = policy_new(dbconn);
256 zone = zone_db_new_get_by_name(dbconn, zonename);
258 zone_db_free(zone);
259
260 if (!(key_state = key_state_new(dbconn))
266 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][0] : zsk_mapping[keystate][0])
268 {
269 ods_log_error("[%s] key state creation for DS failed, database or memory error", module_str);
270 key_data_free(key);
273 hsm_destroy_context(hsm_ctx);
274 return -1;
275 }
277
278 if (!(key_state = key_state_new(dbconn))
284 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][1] : zsk_mapping[keystate][1])
286 {
287 ods_log_error("[%s] key state creation for DNSKEY failed, database or memory error", module_str);
288 key_data_free(key);
291 hsm_destroy_context(hsm_ctx);
292 return -1;
293 }
295
296 if (!(key_state = key_state_new(dbconn))
301 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][2] : zsk_mapping[keystate][2])
303 {
304 ods_log_error("[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
305 key_data_free(key);
308 hsm_destroy_context(hsm_ctx);
309 return -1;
310 }
312
319
320 if (!(key_state = key_state_new(dbconn))
322 /* || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))*/
327 || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][3] : zsk_mapping[keystate][3])
329 {
330 ods_log_error("[%s] key state creation for RRSIG failed, database or memory error", module_str);
331 key_data_free(key);
334 hsm_destroy_context(hsm_ctx);
335 return -1;
336 }
337 ods_log_debug("[%s] key state with this locator %s is created successfully", module_str, ckaid);
338
339 key_data_free(key);
342 hsm_destroy_context(hsm_ctx);
343
344 return 0;
345}
346
347
348
349static void
350usage(int sockfd)
351{
352 client_printf(sockfd,
353 "key import\n"
354 " --cka_id <CKA_ID> aka -k\n"
355 " --repository <repository> aka -r\n"
356 " --zone <zone> aka -z\n"
357 " --bits <size> aka -b\n"
358 " --algorithm <algorithm> aka -g\n"
359 " --keystate <state> aka -e\n"
360 " --keytype <type> aka -t\n"
361 " --inception_time <time> aka -w\n"
362 );
363}
364
365static void
366help(int sockfd)
367{
368 client_printf(sockfd,
369 "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
370 "\nOptions:\n"
371 "cka_id specify the locator of the key\n"
372 "repository name of the repository which the key must be stored\n"
373 "zone name of the zone for which this key is to be used\n"
374 "bits key size in bits\n"
375 "algorithm algorithm number \n"
376 "keystate state of the key in which the key will be after import\n"
377 "keytype type of the key, KSK, ZSK or CSK\n"
378 "inception_time time of inception\n\n");
379}
380
381static int
382run(cmdhandler_ctx_type* context, int argc, char* argv[])
383{
384 int sockfd = context->sockfd;
385 struct longgetopt optctx;
386 int long_index = 0, opt = 0;
387 const char *ckaid = NULL;
388 const char *repository = NULL;
389 const char *zonename = NULL;
390 const char *bits = NULL;
391 const char *algorithm = NULL;
392 const char* keytype = NULL;
393 const char* keystate = NULL;
394 const char *time = NULL;
395 zone_db_t *zone = NULL;
396 time_t inception = 0;
397 struct tm tm;
398 int setmin;
399 db_value_t *hsmkey_id;
401 db_connection_t* dbconn = getconnectioncontext(context);
402
403 static struct option long_options[] = {
404 {"zone", required_argument, 0, 'z'},
405 {"cka_id", required_argument, 0, 'k'},
406 {"repository", required_argument, 0, 'r'},
407 {"bits", required_argument, 0, 'b'},
408 {"algorithm", required_argument, 0, 'g'},
409 {"keytype", required_argument, 0, 't'},
410 {"keystate", required_argument, 0, 'e'},
411 {"inception_time", required_argument, 0, 'w'},
412 {0, 0, 0, 0}
413 };
414
415 for(opt = longgetopt(argc, argv, "z:k:r:b:g:t:e:w:", long_options, &long_index, &optctx); opt != -1;
416 opt = longgetopt(argc, argv, NULL, long_options, &long_index, &optctx)) {
417 switch (opt) {
418 case 'z':
419 zonename = optctx.optarg;
420 break;
421 case 'k':
422 ckaid = optctx.optarg;
423 break;
424 case 'r':
425 repository = optctx.optarg;
426 break;
427 case 'b':
428 bits = optctx.optarg;
429 break;
430 case 'g':
431 algorithm = optctx.optarg;
432 break;
433 case 't':
434 keytype = optctx.optarg;
435 break;
436 case 'e':
437 keystate = optctx.optarg;
438 break;
439 case 'w':
440 time = optctx.optarg;
441 break;
442 default:
443 client_printf_err(sockfd, "unknown arguments\n");
444 ods_log_error("[%s] unknown arguments for key import command", module_str);
445 return -1;
446 }
447 }
448
449 if (keytype) {
450 if (strcasecmp(keytype, "KSK") && strcasecmp(keytype, "ZSK") && strcasecmp(keytype, "CSK")) {
451 ods_log_error("[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
452 client_printf_err(sockfd, "unknown keytype, should be one of KSK, ZSK, or CSK\n");
453 return -1;
454 }
455 }
456 else {
457 ods_log_error("[%s] specify keytype for command %s", module_str, argv[0]);
458 client_printf_err(sockfd, "specify keytype: ZSK, KSK or CSK\n");
459 return -1;
460 }
461
462 if (keystate) {
463 if (strcasecmp(keystate, "generate") && strcasecmp(keystate, "publish") && strcasecmp(keystate, "ready") && strcasecmp(keystate, "active") && strcasecmp(keystate, "retire") && strcasecmp(keystate, "revoke")) {
464 ods_log_error("[%s] unknown keystate", module_str);
465 client_printf_err(sockfd, "unknown keystate: states are generate, publish, ready, active or retire\n");
466 return -1;
467 }
468 }
469 else {
470 ods_log_error("[%s] specify keystate for command %s", module_str, argv[0]);
471 client_printf_err(sockfd, "specify keystate: generate, publish, ready, active or retire\n");
472 return -1;
473 }
474
475 if (!zonename) {
476 ods_log_error("[%s] expected --zone for key import command", module_str);
477 client_printf_err(sockfd, "expected --zone \n");
478 return -1;
479 }
480 if (zonename && !(zone = zone_db_new_get_by_name(dbconn, zonename))) {
481 ods_log_error("[%s] Unknown zone: %s", module_str, zonename);
482 client_printf_err(sockfd, "Unknown zone: %s\n", zonename);
483 return -1;
484 }
485 free(zone);
486 zone = NULL;
487
488 if (!algorithm) {
489 ods_log_error("[%s] specify an algorithm for command %s", module_str, argv[0]);
490 client_printf_err(sockfd, "specify an algorithm\n");
491 return -1;
492 }
493 if (!bits) {
494 ods_log_error("[%s] specify bits for command %s", module_str, argv[0]);
495 client_printf_err(sockfd, "specify bits\n");
496 return -1;
497 }
498 if (!repository) {
499 ods_log_error("[%s] specify repository for command %s", module_str, argv[0]);
500 client_printf_err(sockfd, "specify repository \n");
501 return -1;
502 }
503
504 if (time && strptime(time, "%Y-%m-%d-%H:%M:%S", &tm)) {
505 tm.tm_isdst = -1;
506 inception = mktime(&tm);
507 } else {
508 ods_log_error("[%s] specify inception time for command %s", module_str, argv[0]);
509 client_printf_err(sockfd, "specify inception time YYYY-MM-DD-HH:MM:SS\n");
510 return -1;
511 }
512
513 /* gen = 0, pub = 1, ready = 2, act = 3, ... */
514 int state = -1;
515 if (!strcasecmp(keystate, "generate"))
516 state = 0;
517 else if (!strcasecmp(keystate,"publish"))
518 state = 1;
519 else if (!strcasecmp(keystate, "ready"))
520 state = 2;
521 else if (!strcasecmp(keystate, "active"))
522 state = 3;
523 else if (!strcasecmp(keystate, "retire"))
524 state = 4;
525 else if (!strcasecmp(keystate, "revoke"))
526 state = 5;
527
528 int type = -1;
529 if (!strcasecmp(keytype, "KSK"))
530 type = 1;
531 else if (!strcasecmp(keytype, "ZSK"))
532 type = 2;
533 else if (!strcasecmp(keytype, "CSK"))
534 type = 3;
535
536 hsmkey_id = db_value_new();
537 zone = zone_db_new_get_by_name(dbconn, zonename);
539 zone_db_free(zone);
540 if (!policy_key) {
541 ods_log_error("Unable to get policyKey, database error!");
542 client_printf_err(sockfd, "Unable to get policyKey, database error!\n");
543 db_value_free((void*)hsmkey_id);
544 return -1;
545 }
546
547 if (atoi(algorithm) != policy_key_algorithm(policy_key)) {
548 ods_log_error("Error: the given algorithm in import command doesn't match the algorithm in kasp");
549 client_printf_err(sockfd, "The given algorithm doesn't match the algorithm in kasp\n");
550 db_value_free((void*)hsmkey_id);
552 return -1;
553 }
554
557
558 /* perform task immediately */
559 if (perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (unsigned int)inception)
560 || perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (unsigned int)inception, setmin, hsmkey_id)
561 || perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (unsigned int)inception, hsmkey_id)) {
562 ods_log_error("[%s] Error: Unable to add key to the database", module_str);
563 db_value_free((void*)hsmkey_id);
564 return -1;
565 }
566 db_value_free((void*)hsmkey_id);
567 client_printf(sockfd, "Key imported into zone %s\n", zonename);
568 return 0;
569}
570
571struct cmd_func_block key_import_funcblock = {
572 "key import", &usage, &help, NULL, NULL, &run, NULL
573};
int db_value_copy(db_value_t *value, const db_value_t *from_value)
Definition db_value.c:77
db_value_t * db_value_new()
Definition db_value.c:40
void db_value_free(db_value_t *value)
Definition db_value.c:51
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
void hsm_key_free(hsm_key_t *hsm_key)
Definition hsm_key.c:286
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition hsm_key.c:658
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition hsm_key.c:625
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition hsm_key.c:671
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition hsm_key.c:1205
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition hsm_key.c:244
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition hsm_key.c:638
int hsm_key_create(hsm_key_t *hsm_key)
Definition hsm_key.c:927
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition hsm_key.c:681
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition hsm_key.c:694
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition hsm_key.c:584
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition hsm_key.c:504
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition hsm_key.c:603
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition hsm_key.c:648
enum hsm_key_state hsm_key_state_t
@ HSM_KEY_STATE_PRIVATE
Definition hsm_key.h:43
@ HSM_KEY_KEY_TYPE_RSA
Definition hsm_key.h:61
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
Definition key_data.c:966
const db_value_t * key_data_id(const key_data_t *key_data)
Definition key_data.c:553
void key_data_free(key_data_t *key_data)
Definition key_data.c:304
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
Definition key_data.c:890
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
Definition key_data.c:903
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
Definition key_data.c:2530
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
Definition key_data.c:913
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
Definition key_data.c:923
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
Definition key_data.c:832
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
Definition key_data.c:870
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
Definition key_data.c:880
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
Definition key_data.c:851
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
Definition key_data.c:956
int key_data_create(key_data_t *key_data)
Definition key_data.c:1093
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition key_data.c:943
key_data_t * key_data_new(const db_connection_t *connection)
Definition key_data.c:264
unsigned int key_data_minimize(const key_data_t *key_data)
Definition key_data.c:775
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
Definition key_data.c:933
#define KEY_DATA_ROLE_SEP(role)
Definition key_data.h:48
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
Definition key_state.c:472
key_state_t * key_state_new(const db_connection_t *connection)
Definition key_state.c:176
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
Definition key_state.c:482
void key_state_free(key_state_t *key_state)
Definition key_state.c:214
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
Definition key_state.c:462
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
Definition key_state.c:436
int key_state_create(key_state_t *key_state)
Definition key_state.c:519
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
Definition key_state.c:417
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
Definition key_state.c:449
@ KEY_STATE_TYPE_DNSKEY
Definition key_state.h:44
@ KEY_STATE_TYPE_RRSIG
Definition key_state.h:43
@ KEY_STATE_TYPE_DS
Definition key_state.h:42
@ KEY_STATE_TYPE_RRSIGDNSKEY
Definition key_state.h:45
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
const int ksk_mapping[5][4]
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
const int zsk_mapping[5][4]
const int ds_at_parent[5]
struct cmd_func_block key_import_funcblock
policy_t * policy_new(const db_connection_t *connection)
Definition policy.c:479
unsigned int policy_parent_ds_ttl(const policy_t *policy)
Definition policy.c:1061
unsigned int policy_keys_ttl(const policy_t *policy)
Definition policy.c:965
unsigned int policy_zone_soa_ttl(const policy_t *policy)
Definition policy.c:1013
unsigned int policy_zone_soa_minimum(const policy_t *policy)
Definition policy.c:1021
unsigned int policy_denial_ttl(const policy_t *policy)
Definition policy.c:909
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
Definition policy.c:885
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition policy.c:1987
void policy_free(policy_t *policy)
Definition policy.c:518
policy_denial_type
Definition policy.h:40
@ POLICY_DENIAL_TYPE_NSEC3
Definition policy.h:43
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
Definition policy_key.c:566
void policy_key_free(policy_key_t *policy_key)
Definition policy_key.c:246
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition policy_key.c:510
void zone_db_free(zone_db_t *zone)
Definition zone_db.c:325
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
Definition zone_db.c:736
const db_value_t * zone_db_id(const zone_db_t *zone)
Definition zone_db.c:728
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition zone_db.c:1569