OpenDNSSEC-enforcer  2.1.6
keystate_import_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 NLNet Labs
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  *
26  */
27 
28 #include "config.h"
29 #include <getopt.h>
30 
31 #include "cmdhandler.h"
33 #include "daemon/engine.h"
34 #include "file.h"
35 #include "log.h"
36 #include "str.h"
37 #include "clientpipe.h"
38 #include "duration.h"
39 #include "libhsm.h"
40 #include "libhsmdns.h"
41 #include "db/key_data.h"
42 #include "db/db_error.h"
43 
46 
47 static const char *module_str = "keystate_import_cmd";
48 /* 5 states are: generate, publish, ready, active and retire */
49 /* For every state we should specify the values of DS, DNSKEY, RRSIGDNSKEY
50  and RRSIG. These values can be HIDDEN(0), RUMOURED(1), OMNIPRESENT(2),
51  UNRETENTIVE(3), NA(4)*/
52 const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
53 const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
54 const int ds_at_parent [5] = {0,0,1,3,5};
55 
56 
57 static int max(int a, int b) { return a>b?a:b; }
58 static int min(int a, int b) { return a<b?a:b; }
59 
60 
61 int
63  const char *ckaid, const char *rep, const char *zonename,
64  int bits, int alg, int keytype, unsigned int time)
65 {
66  hsm_ctx_t *hsm_ctx;
67  hsm_key_t *hsm_key = NULL;
68  char *hsm_err;
69  libhsm_key_t *libhsmkey;
70  zone_db_t *zone;
71 
72  /* Create an HSM context and check that the repository exists */
73  if (!(hsm_ctx = hsm_create_context())) {
74  return -1;
75  }
76  if (!hsm_token_attached(hsm_ctx, rep)) {
77  if ((hsm_err = hsm_get_error(hsm_ctx))) {
78  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
79  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
80  free(hsm_err);
81  }
82  else {
83  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
84  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
85  }
86  hsm_destroy_context(hsm_ctx);
87  return -1;
88  }
89 
90  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
91  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
92  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
93  hsm_destroy_context(hsm_ctx);
94  return -1;
95  }
96  libhsm_key_free(libhsmkey);
97  hsm_key = hsm_key_new_get_by_locator(dbconn, ckaid);
98  if (hsm_key) {
99  ods_log_error("[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
100  client_printf_err(sockfd, "Already used this key with this locator: %s\n", ckaid);
102  hsm_destroy_context(hsm_ctx);
103  return -1;
104  }
105 
106  zone = zone_db_new_get_by_name(dbconn, zonename);
107  if (!(hsm_key = hsm_key_new(dbconn))
109  || hsm_key_set_bits(hsm_key, bits)
112  || hsm_key_set_locator(hsm_key, ckaid)
115  || hsm_key_set_role(hsm_key, keytype)
118  {
119  ods_log_error("[%s] hsm key creation failed, database or memory error", module_str);
121  hsm_destroy_context(hsm_ctx);
122  zone_db_free(zone);
123  return -1;
124  }
125  ods_log_debug("[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
127  hsm_destroy_context(hsm_ctx);
128  zone_db_free(zone);
129  return 0;
130 }
131 
132 int
134  const char *ckaid, const char *rep, const char *zonename,
135  int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
136 {
137  key_data_t *key_data = NULL;
138  hsm_ctx_t *hsm_ctx;
139  char *hsm_err;
140  uint16_t tag;
141  hsm_key_t * hsmkey;
142  libhsm_key_t *libhsmkey;
143  zone_db_t *zone;
144 
145  /* Create a HSM context and check that the repository exists */
146  if (!(hsm_ctx = hsm_create_context())) {
147  return -1;
148  }
149  if (!hsm_token_attached(hsm_ctx, rep)) {
150  if ((hsm_err = hsm_get_error(hsm_ctx))) {
151  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
152  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
153  free(hsm_err);
154  }
155  else {
156  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
157  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
158  }
159  hsm_destroy_context(hsm_ctx);
160  return -1;
161  }
162 
163  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
164  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
165  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
166  hsm_destroy_context(hsm_ctx);
167  return -1;
168  }
169  libhsm_key_free(libhsmkey);
170  if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, ckaid))) {
171  ods_log_error("[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
172  hsm_destroy_context(hsm_ctx);
173  return -1;
174  }
175  if (hsm_keytag(ckaid, alg, keytype == 1 ? 1 : 0, &tag)) {
176  ods_log_error("[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
177  }
178 
179  zone = zone_db_new_get_by_name(dbconn, zonename);
180  if (!(key_data = key_data_new(dbconn))
185  || key_data_set_introducing (key_data, keystate < 4 ? 1 : 0)
186  || key_data_set_active_zsk(key_data, keytype == 1 || keystate < 2 || keystate > 3 ? 0 : 1)
187  || key_data_set_publish(key_data,0 < keystate ? 1 : 0)
188  || key_data_set_active_ksk(key_data, keytype == 2 || keystate == 0 ? 0 : 1)
189  || key_data_set_role(key_data, keytype)
190  || key_data_set_ds_at_parent(key_data, keytype == 1 ? ds_at_parent[keystate] : 0)
194  {
195  ods_log_error("[%s] key data creation failed, database or memory error", module_str);
196  hsm_key_free(hsmkey);
198  hsm_destroy_context(hsm_ctx);
199  zone_db_free(zone);
200  return -1;
201  }
202  zone_db_free(zone);
203  ods_log_debug("[%s] key data with this locator %s is created successfully", module_str, ckaid);
205  hsm_destroy_context(hsm_ctx);
206  db_value_copy (hsmkey_id, hsm_key_id(hsmkey));
207  hsm_key_free(hsmkey);
208  return 0;
209 }
210 
211 int
213  const char *ckaid, const char *rep, const char *zonename,
214  int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
215 {
216  key_state_t *key_state = NULL;
217  hsm_ctx_t *hsm_ctx;
218  char *hsm_err;
219  int ttl;
220  key_data_t* key;
221  const db_value_t* keydataid;
222  policy_t* policy;
223  libhsm_key_t *libhsmkey;
224  zone_db_t *zone;
225 
226  /* Create a HSM context and check that the repository exists */
227  if (!(hsm_ctx = hsm_create_context())) {
228  return -1;
229  }
230  if (!hsm_token_attached(hsm_ctx, rep)) {
231  if ((hsm_err = hsm_get_error(hsm_ctx))) {
232  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
233  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
234  free(hsm_err);
235  }
236  else {
237  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
238  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
239  }
240  hsm_destroy_context(hsm_ctx);
241  return -1;
242  }
243 
244  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
245  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
246  client_printf(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
247  hsm_destroy_context(hsm_ctx);
248  return -1;
249  }
250  libhsm_key_free(libhsmkey);
251  key = key_data_new_get_by_hsm_key_id(dbconn, hsmkeyid);
252  keydataid = key_data_id(key);
253 
254  policy = policy_new(dbconn);
255  zone = zone_db_new_get_by_name(dbconn, zonename);
257  zone_db_free(zone);
258 
259  if (!(key_state = key_state_new(dbconn))
260  || key_state_set_key_data_id(key_state, keydataid)
265  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][0] : zsk_mapping[keystate][0])
267  {
268  ods_log_error("[%s] key state creation for DS failed, database or memory error", module_str);
269  key_data_free(key);
272  hsm_destroy_context(hsm_ctx);
273  return -1;
274  }
276 
277  if (!(key_state = key_state_new(dbconn))
278  || key_state_set_key_data_id(key_state, keydataid)
283  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][1] : zsk_mapping[keystate][1])
285  {
286  ods_log_error("[%s] key state creation for DNSKEY failed, database or memory error", module_str);
287  key_data_free(key);
290  hsm_destroy_context(hsm_ctx);
291  return -1;
292  }
294 
295  if (!(key_state = key_state_new(dbconn))
296  || key_state_set_key_data_id(key_state, keydataid)
300  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][2] : zsk_mapping[keystate][2])
302  {
303  ods_log_error("[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
304  key_data_free(key);
307  hsm_destroy_context(hsm_ctx);
308  return -1;
309  }
311 
318 
319  if (!(key_state = key_state_new(dbconn))
320  || key_state_set_key_data_id(key_state, keydataid)
321  /* || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))*/
325  || key_state_set_ttl (key_state, ttl)
326  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][3] : zsk_mapping[keystate][3])
328  {
329  ods_log_error("[%s] key state creation for RRSIG failed, database or memory error", module_str);
330  key_data_free(key);
333  hsm_destroy_context(hsm_ctx);
334  return -1;
335  }
336  ods_log_debug("[%s] key state with this locator %s is created successfully", module_str, ckaid);
337 
338  key_data_free(key);
341  hsm_destroy_context(hsm_ctx);
342 
343  return 0;
344 }
345 
346 
347 
348 static void
349 usage(int sockfd)
350 {
351  client_printf(sockfd,
352  "key import\n"
353  " --cka_id <CKA_ID> aka -k\n"
354  " --repository <repository> aka -r\n"
355  " --zone <zone> aka -z\n"
356  " --bits <size> aka -b\n"
357  " --algorithm <algorithm> aka -g\n"
358  " --keystate <state> aka -e\n"
359  " --keytype <type> aka -t\n"
360  " --inception_time <time> aka -w\n"
361  );
362 }
363 
364 static void
365 help(int sockfd)
366 {
367  client_printf(sockfd,
368  "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
369  "\nOptions:\n"
370  "cka_id specify the locator of the key\n"
371  "repository name of the repository which the key must be stored\n"
372  "zone name of the zone for which this key is to be used\n"
373  "bits key size in bits\n"
374  "algorithm algorithm number \n"
375  "keystate state of the key in which the key will be after import\n"
376  "keytype type of the key, KSK, ZSK or CSK\n"
377  "inception_time time of inception\n\n");
378 }
379 
380 static int
381 run(int sockfd, cmdhandler_ctx_type* context, const char *cmd)
382 {
383  #define NARGV 18
384  char buf[ODS_SE_MAXLINE];
385  const char *argv[NARGV];
386  int argc = 0, long_index = 0, opt = 0;
387  const char *ckaid = NULL;
388  const char *repository = NULL;
389  const char *zonename = NULL;
390  const char *bits = NULL;
391  const char *algorithm = NULL;
392  const char* keytype = NULL;
393  const char* keystate = NULL;
394  const char *time = NULL;
395  zone_db_t *zone = NULL;
396  time_t inception = 0;
397  struct tm tm;
398  int setmin;
399  db_value_t *hsmkey_id;
401  db_connection_t* dbconn = getconnectioncontext(context);
402 
403  static struct option long_options[] = {
404  {"zone", required_argument, 0, 'z'},
405  {"cka_id", required_argument, 0, 'k'},
406  {"repository", required_argument, 0, 'r'},
407  {"bits", required_argument, 0, 'b'},
408  {"algorithm", required_argument, 0, 'g'},
409  {"keytype", required_argument, 0, 't'},
410  {"keystate", required_argument, 0, 'e'},
411  {"inception_time", required_argument, 0, 'w'},
412  {0, 0, 0, 0}
413  };
414 
415  ods_log_debug("[%s] %s command", module_str, key_import_funcblock.cmdname);
416 
417  /* Use buf as an intermediate buffer for the command.*/
418  strncpy(buf, cmd, sizeof(buf));
419  buf[sizeof(buf)-1] = '\0';
420 
421  /* separate the arguments*/
422  argc = ods_str_explode(buf, NARGV, argv);
423  if (argc == -1) {
424  client_printf_err(sockfd, "too many arguments\n");
425  ods_log_error("[%s] too many arguments for %s command",
426  module_str, key_import_funcblock.cmdname);
427  return -1;
428  }
429 
430  optind = 0;
431  while ((opt = getopt_long(argc, (char* const*)argv, "z:k:r:b:g:t:e:w:", long_options, &long_index)) != -1) {
432  switch (opt) {
433  case 'z':
434  zonename = optarg;
435  break;
436  case 'k':
437  ckaid = optarg;
438  break;
439  case 'r':
440  repository = optarg;
441  break;
442  case 'b':
443  bits = optarg;
444  break;
445  case 'g':
446  algorithm = optarg;
447  break;
448  case 't':
449  keytype = optarg;
450  break;
451  case 'e':
452  keystate = optarg;
453  break;
454  case 'w':
455  time = optarg;
456  break;
457  default:
458  client_printf_err(sockfd, "unknown arguments\n");
459  ods_log_error("[%s] unknown arguments for %s command",
460  module_str, key_import_funcblock.cmdname);
461  return -1;
462  }
463  }
464 
465  if (keytype) {
466  if (strcasecmp(keytype, "KSK") && strcasecmp(keytype, "ZSK") && strcasecmp(keytype, "CSK")) {
467  ods_log_error("[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
468  client_printf_err(sockfd, "unknown keytype, should be one of KSK, ZSK, or CSK\n");
469  return -1;
470  }
471  }
472  else {
473  ods_log_error("[%s] specify keytype for command %s", module_str, cmd);
474  client_printf_err(sockfd, "specify keytype: ZSK, KSK or CSK\n");
475  return -1;
476  }
477 
478  if (keystate) {
479  if (strcasecmp(keystate, "generate") && strcasecmp(keystate, "publish") && strcasecmp(keystate, "ready") && strcasecmp(keystate, "active") && strcasecmp(keystate, "retire") && strcasecmp(keystate, "revoke")) {
480  ods_log_error("[%s] unknown keystate", module_str);
481  client_printf_err(sockfd, "unknown keystate: states are generate, publish, ready, active or retire\n");
482  return -1;
483  }
484  }
485  else {
486  ods_log_error("[%s] specify keystate for command %s", module_str, cmd);
487  client_printf_err(sockfd, "specify keystate: generate, publish, ready, active or retire\n");
488  return -1;
489  }
490 
491  if (!zonename) {
492  ods_log_error("[%s] expected --zone for %s command", module_str, key_import_funcblock.cmdname);
493  client_printf_err(sockfd, "expected --zone \n");
494  return -1;
495  }
496  if (zonename && !(zone = zone_db_new_get_by_name(dbconn, zonename))) {
497  ods_log_error("[%s] Unknown zone: %s", module_str, zonename);
498  client_printf_err(sockfd, "Unknown zone: %s\n", zonename);
499  return -1;
500  }
501  free(zone);
502  zone = NULL;
503 
504  if (!algorithm) {
505  ods_log_error("[%s] specify an algorithm for command %s", module_str, cmd);
506  client_printf_err(sockfd, "specify an algorithm\n");
507  return -1;
508  }
509  if (!bits) {
510  ods_log_error("[%s] specify bits for command %s", module_str, cmd);
511  client_printf_err(sockfd, "specify bits\n");
512  return -1;
513  }
514  if (!repository) {
515  ods_log_error("[%s] specify repository for command %s", module_str, cmd);
516  client_printf_err(sockfd, "specify repository \n");
517  return -1;
518  }
519 
520  if (time && strptime(time, "%Y-%m-%d-%H:%M:%S", &tm)) {
521  tm.tm_isdst = -1;
522  inception = mktime(&tm);
523  }
524  else {
525  ods_log_error("[%s] specify inception time for command %s", module_str, cmd);
526  client_printf_err(sockfd, "specify inception time YYYY-MM-DD-HH:MM:SS\n");
527  return -1;
528  }
529 
530  /* gen = 0, pub = 1, ready = 2, act = 3, ... */
531  int state = -1;
532  if (!strcasecmp(keystate, "generate"))
533  state = 0;
534  else if (!strcasecmp(keystate,"publish"))
535  state = 1;
536  else if (!strcasecmp(keystate, "ready"))
537  state = 2;
538  else if (!strcasecmp(keystate, "active"))
539  state = 3;
540  else if (!strcasecmp(keystate, "retire"))
541  state = 4;
542  else if (!strcasecmp(keystate, "revoke"))
543  state = 5;
544 
545  int type = -1;
546  if (!strcasecmp(keytype, "KSK"))
547  type = 1;
548  else if (!strcasecmp(keytype, "ZSK"))
549  type = 2;
550  else if (!strcasecmp(keytype, "CSK"))
551  type = 3;
552 
553  hsmkey_id = db_value_new();
554  zone = zone_db_new_get_by_name(dbconn, zonename);
556  zone_db_free(zone);
557  if (!policy_key) {
558  ods_log_error("Unable to get policyKey, database error!");
559  client_printf_err(sockfd, "Unable to get policyKey, database error!\n");
560  db_value_free((void*)hsmkey_id);
561  return -1;
562  }
563 
564  if (atoi(algorithm) != policy_key_algorithm(policy_key)) {
565  ods_log_error("Error: the given algorithm in import command doesn't match the algorithm in kasp");
566  client_printf_err(sockfd, "The given algorithm doesn't match the algorithm in kasp\n");
567  db_value_free((void*)hsmkey_id);
569  return -1;
570  }
571 
574 
575  /* perform task immediately */
576  if (perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (unsigned int)inception)
577  || perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (unsigned int)inception, setmin, hsmkey_id)
578  || perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (unsigned int)inception, hsmkey_id)) {
579  ods_log_error("[%s] Error: Unable to add key to the database", module_str);
580  db_value_free((void*)hsmkey_id);
581  return -1;
582  }
583  db_value_free((void*)hsmkey_id);
584  client_printf(sockfd, "Key imported into zone %s\n", zonename);
585  return 0;
586 }
587 
588 struct cmd_func_block key_import_funcblock = {
589  "key import", &usage, &help, NULL, &run
590 };
hsm_key_set_state
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition: hsm_key.c:625
key_data_set_zone_id
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
Definition: key_data.c:832
hsm_key_set_bits
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition: hsm_key.c:638
db_value
Definition: db_value.h:48
zone_db_id
const db_value_t * zone_db_id(const zone_db_t *zone)
Definition: zone_db.c:728
hsm_key_set_inception
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition: hsm_key.c:671
hsm_key_id
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
key_data_new
key_data_t * key_data_new(const db_connection_t *connection)
Definition: key_data.c:264
key_state_set_ttl
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
Definition: key_state.c:482
enforcercommands.h
zsk_mapping
const int zsk_mapping[5][4]
Definition: keystate_import_cmd.c:53
hsm_key_new
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition: hsm_key.c:244
db_value_new
db_value_t * db_value_new()
Definition: db_value.c:40
key_data_set_ds_at_parent
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:943
key_import_funcblock
struct cmd_func_block key_import_funcblock
Definition: keystate_import_cmd.c:588
key_state_set_minimize
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
Definition: key_state.c:472
hsm_key_state_t
enum hsm_key_state hsm_key_state_t
zone_db_free
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
key_state_set_state
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
Definition: key_state.c:449
key_data_set_introducing
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
Definition: key_data.c:903
perform_keystate_import
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
Definition: keystate_import_cmd.c:212
policy_key_algorithm
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition: policy_key.c:510
hsm_key_set_locator
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition: hsm_key.c:603
zone_db_new_get_by_name
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone_db.c:1569
key_data_set_keytag
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
Definition: key_data.c:956
key_state
Definition: key_state.h:65
db_error.h
keystate_list_cmd.h
hsm_key_set_key_type
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition: hsm_key.c:681
policy_keys_ttl
unsigned int policy_keys_ttl(const policy_t *policy)
Definition: policy.c:965
perform_keydata_import
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
Definition: keystate_import_cmd.c:133
key_data_set_hsm_key_id
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
Definition: key_data.c:851
key_state_create
int key_state_create(key_state_t *key_state)
Definition: key_state.c:519
policy_signatures_max_zone_ttl
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
Definition: policy.c:885
policy_denial_type
policy_denial_type
Definition: policy.h:40
hsm_key_set_repository
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition: hsm_key.c:694
key_data_free
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
policy_zone_soa_ttl
unsigned int policy_zone_soa_ttl(const policy_t *policy)
Definition: policy.c:1013
policy_free
void policy_free(policy_t *policy)
Definition: policy.c:518
hsm_key_set_policy_id
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition: hsm_key.c:584
zone_db
Definition: zone_db.h:46
zone_db_policy_id
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
Definition: zone_db.c:736
hsm_key_create
int hsm_key_create(hsm_key_t *hsm_key)
Definition: hsm_key.c:927
key_data_set_role
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
Definition: key_data.c:890
hsm_key_set_algorithm
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition: hsm_key.c:648
hsm_key
Definition: hsm_key.h:77
getconnectioncontext
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
Definition: enforcercommands.c:110
key_data_set_publish
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
Definition: key_data.c:923
key_data_minimize
unsigned int key_data_minimize(const key_data_t *key_data)
Definition: key_data.c:775
key_data_set_minimize
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
Definition: key_data.c:966
key_state_set_type
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
Definition: key_state.c:436
key_data_set_inception
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
Definition: key_data.c:880
key_data_create
int key_data_create(key_data_t *key_data)
Definition: key_data.c:1093
HSM_KEY_STATE_PRIVATE
@ HSM_KEY_STATE_PRIVATE
Definition: hsm_key.h:43
policy_zone_soa_minimum
unsigned int policy_zone_soa_minimum(const policy_t *policy)
Definition: policy.c:1021
policy_key
Definition: policy_key.h:54
policy_denial_ttl
unsigned int policy_denial_ttl(const policy_t *policy)
Definition: policy.c:909
policy_key_free
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
key_data_set_active_zsk
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
Definition: key_data.c:913
policy_parent_ds_ttl
unsigned int policy_parent_ds_ttl(const policy_t *policy)
Definition: policy.c:1061
policy_new
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
db_value_copy
int db_value_copy(db_value_t *value, const db_value_t *from_value)
Definition: db_value.c:77
key_state_set_last_change
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
Definition: key_state.c:462
KEY_STATE_TYPE_RRSIGDNSKEY
@ KEY_STATE_TYPE_RRSIGDNSKEY
Definition: key_state.h:45
ksk_mapping
const int ksk_mapping[5][4]
Definition: keystate_import_cmd.c:52
KEY_STATE_TYPE_DNSKEY
@ KEY_STATE_TYPE_DNSKEY
Definition: key_state.h:44
keystate_import_cmd.h
policy_key_new_get_by_policyid_and_role
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
Definition: policy_key.c:1562
policy
Definition: policy.h:60
key_data_set_algorithm
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
Definition: key_data.c:870
KEY_STATE_TYPE_RRSIG
@ KEY_STATE_TYPE_RRSIG
Definition: key_state.h:43
policy_key_minimize
unsigned int policy_key_minimize(const policy_key_t *policy_key)
Definition: policy_key.c:566
NARGV
#define NARGV
key_data_set_active_ksk
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
Definition: key_data.c:933
policy_get_by_id
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition: policy.c:1987
hsm_key_new_get_by_locator
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition: hsm_key.c:1205
HSM_KEY_KEY_TYPE_RSA
@ HSM_KEY_KEY_TYPE_RSA
Definition: hsm_key.h:59
engine.h
db_value_free
void db_value_free(db_value_t *value)
Definition: db_value.c:51
ds_at_parent
const int ds_at_parent[5]
Definition: keystate_import_cmd.c:54
key_data_new_get_by_hsm_key_id
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
Definition: key_data.c:2530
hsm_key_set_role
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition: hsm_key.c:658
db_connection
Definition: db_connection.h:46
key_state_set_key_data_id
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
Definition: key_state.c:417
key_data_id
const db_value_t * key_data_id(const key_data_t *key_data)
Definition: key_data.c:553
hsm_key_free
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
perform_hsmkey_import
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
Definition: keystate_import_cmd.c:62
POLICY_DENIAL_TYPE_NSEC3
@ POLICY_DENIAL_TYPE_NSEC3
Definition: policy.h:43
key_state_new
key_state_t * key_state_new(const db_connection_t *connection)
Definition: key_state.c:176
key_data
Definition: key_data.h:66
key_data.h
KEY_STATE_TYPE_DS
@ KEY_STATE_TYPE_DS
Definition: key_state.h:42
key_state_free
void key_state_free(key_state_t *key_state)
Definition: key_state.c:214