OpenDNSSEC-enforcer  2.0.4
keystate_import_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2016 NLNet Labs
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  *
26  */
27 
28 #include "config.h"
29 
30 #include "daemon/cmdhandler.h"
31 #include "daemon/engine.h"
32 #include "file.h"
33 #include "log.h"
34 #include "str.h"
35 #include "clientpipe.h"
36 #include "duration.h"
37 #include "libhsm.h"
38 #include "libhsmdns.h"
39 #include "db/key_data.h"
40 #include "db/db_error.h"
41 
44 
45 static const char *module_str = "keystate_import_cmd";
46 /* 5 states are: generate, publish, ready, active and retire */
47 /* For every state we should specify the values of DS, DNSKEY, RRSIGDNSKEY
48  and RRSIG. These values can be HIDDEN(0), RUMOURED(1), OMNIPRESENT(2),
49  UNRETENTIVE(3), NA(4)*/
50 const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
51 const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
52 const int ds_at_parent [5] = {0,0,1,3,5};
53 
54 
55 static int max(int a, int b) { return a>b?a:b; }
56 static int min(int a, int b) { return a<b?a:b; }
57 
58 
59 int
61  const char *ckaid, const char *rep, const char *zonename,
62  int bits, int alg, int keytype, unsigned int time)
63 {
64  hsm_ctx_t *hsm_ctx;
65  hsm_key_t *hsm_key = NULL;
66  char *hsm_err;
67  libhsm_key_t *libhsmkey;
68  zone_t *zone;
69 
70  /* Create an HSM context and check that the repository exists */
71  if (!(hsm_ctx = hsm_create_context())) {
72  return -1;
73  }
74  if (!hsm_token_attached(hsm_ctx, rep)) {
75  if ((hsm_err = hsm_get_error(hsm_ctx))) {
76  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
77  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
78  free(hsm_err);
79  }
80  else {
81  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
82  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
83  }
84  hsm_destroy_context(hsm_ctx);
85  return -1;
86  }
87 
88  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
89  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
90  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
91  hsm_destroy_context(hsm_ctx);
92  return -1;
93  }
94  free(libhsmkey);
95  hsm_key = hsm_key_new_get_by_locator(dbconn, ckaid);
96  if (hsm_key) {
97  ods_log_error("[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
98  client_printf_err(sockfd, "Already used this key with this locator: %s\n", ckaid);
99  hsm_key_free(hsm_key);
100  hsm_destroy_context(hsm_ctx);
101  return -1;
102  }
103 
104  zone = zone_new_get_by_name(dbconn, zonename);
105  if (!(hsm_key = hsm_key_new(dbconn))
106  || hsm_key_set_algorithm(hsm_key, alg)
107  || hsm_key_set_bits(hsm_key, bits)
108  || hsm_key_set_inception(hsm_key, time)
110  || hsm_key_set_locator(hsm_key, ckaid)
111  || hsm_key_set_policy_id(hsm_key, zone_policy_id(zone))
112  || hsm_key_set_repository(hsm_key, rep)
113  || hsm_key_set_role(hsm_key, keytype)
115  || hsm_key_create(hsm_key))
116  {
117  ods_log_error("[%s] hsm key creation failed, database or memory error", module_str);
118  hsm_key_free(hsm_key);
119  hsm_destroy_context(hsm_ctx);
120  zone_free(zone);
121  return -1;
122  }
123  ods_log_debug("[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
124  hsm_key_free(hsm_key);
125  hsm_destroy_context(hsm_ctx);
126  zone_free(zone);
127  return 0;
128 }
129 
130 int
132  const char *ckaid, const char *rep, const char *zonename,
133  int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
134 {
135  key_data_t *key_data = NULL;
136  hsm_ctx_t *hsm_ctx;
137  char *hsm_err;
138  uint16_t tag;
139  hsm_key_t * hsmkey;
140  libhsm_key_t *libhsmkey;
141  zone_t *zone;
142 
143  /* Create a HSM context and check that the repository exists */
144  if (!(hsm_ctx = hsm_create_context())) {
145  return -1;
146  }
147  if (!hsm_token_attached(hsm_ctx, rep)) {
148  if ((hsm_err = hsm_get_error(hsm_ctx))) {
149  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
150  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
151  free(hsm_err);
152  }
153  else {
154  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
155  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
156  }
157  hsm_destroy_context(hsm_ctx);
158  return -1;
159  }
160 
161  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
162  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
163  client_printf_err(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
164  hsm_destroy_context(hsm_ctx);
165  return -1;
166  }
167  free(libhsmkey);
168  if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, ckaid))) {
169  ods_log_error("[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
170  hsm_destroy_context(hsm_ctx);
171  return -1;
172  }
173  if (hsm_keytag(ckaid, alg, keytype == 1 ? 1 : 0, &tag)) {
174  ods_log_error("[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
175  }
176 
177  zone = zone_new_get_by_name(dbconn, zonename);
178  if (!(key_data = key_data_new(dbconn))
179  || key_data_set_zone_id(key_data, zone_id(zone))
180  || key_data_set_hsm_key_id(key_data, hsm_key_id(hsmkey))
181  || key_data_set_algorithm (key_data, alg)
182  || key_data_set_inception(key_data, time)
183  || key_data_set_introducing (key_data, keystate < 4 ? 1 : 0)
184  || key_data_set_active_zsk(key_data, keytype == 1 || keystate < 2 || keystate > 3 ? 0 : 1)
185  || key_data_set_publish(key_data,0 < keystate ? 1 : 0)
186  || key_data_set_active_ksk(key_data, keytype == 2 || keystate == 0 ? 0 : 1)
187  || key_data_set_role(key_data, keytype)
188  || key_data_set_ds_at_parent(key_data, keytype == 1 ? ds_at_parent[keystate] : 0)
189  || key_data_set_keytag(key_data, tag)
190  || key_data_set_minimize(key_data,setmin)
191  || key_data_create(key_data))
192  {
193  ods_log_error("[%s] key data creation failed, database or memory error", module_str);
194  hsm_key_free(hsmkey);
195  key_data_free(key_data);
196  hsm_destroy_context(hsm_ctx);
197  zone_free(zone);
198  return -1;
199  }
200  zone_free(zone);
201  ods_log_debug("[%s] key data with this locator %s is created successfully", module_str, ckaid);
202  key_data_free(key_data);
203  hsm_destroy_context(hsm_ctx);
204  db_value_copy (hsmkey_id, hsm_key_id(hsmkey));
205  hsm_key_free(hsmkey);
206  return 0;
207 }
208 
209 int
211  const char *ckaid, const char *rep, const char *zonename,
212  int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
213 {
214  key_state_t *key_state = NULL;
215  hsm_ctx_t *hsm_ctx;
216  char *hsm_err;
217  int ttl;
218  key_data_t* key;
219  const db_value_t* keydataid;
220  policy_t* policy;
221  libhsm_key_t *libhsmkey;
222  zone_t *zone;
223 
224  /* Create a HSM context and check that the repository exists */
225  if (!(hsm_ctx = hsm_create_context())) {
226  return -1;
227  }
228  if (!hsm_token_attached(hsm_ctx, rep)) {
229  if ((hsm_err = hsm_get_error(hsm_ctx))) {
230  ods_log_error("[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
231  client_printf_err(sockfd, "Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
232  free(hsm_err);
233  }
234  else {
235  ods_log_error("[%s] Error: Unable to find repository %s in HSM", module_str, rep);
236  client_printf_err(sockfd, "Unable to find repository %s in HSM\n", rep);
237  }
238  hsm_destroy_context(hsm_ctx);
239  return -1;
240  }
241 
242  if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
243  ods_log_error("[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
244  client_printf(sockfd, "Unable to find the key with this locator: %s\n", ckaid);
245  hsm_destroy_context(hsm_ctx);
246  return -1;
247  }
248  free(libhsmkey);
249  key = key_data_new_get_by_hsm_key_id(dbconn, hsmkeyid);
250  keydataid = key_data_id(key);
251 
252  policy = policy_new(dbconn);
253  zone = zone_new_get_by_name(dbconn, zonename);
254  policy_get_by_id(policy, zone_policy_id(zone));
255  zone_free(zone);
256 
257  if (!(key_state = key_state_new(dbconn))
258  || key_state_set_key_data_id(key_state, keydataid)
260  || key_state_set_last_change (key_state, time)
261  || key_state_set_minimize(key_state, (key_data_minimize(key) >> 2) & 1)
262  || key_state_set_ttl (key_state, policy_parent_ds_ttl(policy))
263  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][0] : zsk_mapping[keystate][0])
264  || key_state_create(key_state))
265  {
266  ods_log_error("[%s] key state creation for DS failed, database or memory error", module_str);
267  key_data_free(key);
268  policy_free(policy);
269  key_state_free(key_state);
270  hsm_destroy_context(hsm_ctx);
271  return -1;
272  }
273  key_state_free(key_state);
274 
275  if (!(key_state = key_state_new(dbconn))
276  || key_state_set_key_data_id(key_state, keydataid)
278  || key_state_set_last_change (key_state, time)
279  || key_state_set_minimize(key_state, (key_data_minimize(key) >> 1) & 1)
280  || key_state_set_ttl (key_state, policy_keys_ttl(policy))
281  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][1] : zsk_mapping[keystate][1])
282  || key_state_create(key_state))
283  {
284  ods_log_error("[%s] key state creation for DNSKEY failed, database or memory error", module_str);
285  key_data_free(key);
286  policy_free(policy);
287  key_state_free(key_state);
288  hsm_destroy_context(hsm_ctx);
289  return -1;
290  }
291  key_state_free(key_state);
292 
293  if (!(key_state = key_state_new(dbconn))
294  || key_state_set_key_data_id(key_state, keydataid)
296  || key_state_set_last_change (key_state, time)
297  || key_state_set_ttl (key_state, policy_keys_ttl(policy))
298  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][2] : zsk_mapping[keystate][2])
299  || key_state_create(key_state))
300  {
301  ods_log_error("[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
302  key_data_free(key);
303  policy_free(policy);
304  key_state_free(key_state);
305  hsm_destroy_context(hsm_ctx);
306  return -1;
307  }
308  key_state_free(key_state);
309 
310  ttl = max(min(policy_zone_soa_ttl(policy), policy_zone_soa_minimum(policy)),
313  ? policy_denial_ttl(policy)
315  : policy_signatures_max_zone_ttl(policy)));
316 
317  if (!(key_state = key_state_new(dbconn))
318  || key_state_set_key_data_id(key_state, keydataid)
319  /* || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))*/
321  || key_state_set_last_change (key_state, time)
322  || key_state_set_minimize(key_state, key_data_minimize(key) & 1)
323  || key_state_set_ttl (key_state, ttl)
324  || key_state_set_state(key_state, keytype == 1 ? ksk_mapping[keystate][3] : zsk_mapping[keystate][3])
325  || key_state_create(key_state))
326  {
327  ods_log_error("[%s] key state creation for RRSIG failed, database or memory error", module_str);
328  key_data_free(key);
329  policy_free(policy);
330  key_state_free(key_state);
331  hsm_destroy_context(hsm_ctx);
332  return -1;
333  }
334  ods_log_debug("[%s] key state with this locator %s is created successfully", module_str, ckaid);
335 
336  key_data_free(key);
337  policy_free(policy);
338  key_state_free(key_state);
339  hsm_destroy_context(hsm_ctx);
340 
341  return 0;
342 }
343 
344 
345 
346 static void
347 usage(int sockfd)
348 {
349  client_printf(sockfd,
350  "key import\n"
351  " --cka_id <CKA_ID> aka -k\n"
352  " --repository <repository> aka -r\n"
353  " --zone <zone> aka -z\n"
354  " --bits <size> aka -b\n"
355  " --algorithm <algorithm> aka -g\n"
356  " --keystate <state> aka -e\n"
357  " --keytype <type> aka -t\n"
358  " --inception_time <time> aka -w\n"
359  );
360 }
361 
362 static void
363 help(int sockfd)
364 {
365  client_printf(sockfd,
366  "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
367  "\nOptions:\n"
368  "cka_id specify the locator of the key\n"
369  "repository name of the repository which the key must be stored\n"
370  "zone name of the zone for which this key is to be used\n"
371  "bits key size in bits\n"
372  "algorithm algorithm number \n"
373  "keystate state of the key in which the key will be after import\n"
374  "keytype type of the key, KSK, ZSK or CSK\n"
375  "inception_time time of inception\n\n");
376 }
377 
378 static int
379 handles(const char *cmd, ssize_t n)
380 {
381  return ods_check_command(cmd, n, key_import_funcblock()->cmdname)?1:0;
382 }
383 
384 static int
385 run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
386  db_connection_t *dbconn)
387 {
388  #define NARGV 16
389  char buf[ODS_SE_MAXLINE];
390  const char *argv[NARGV];
391  int argc;
392  const char *ckaid = NULL;
393  const char *repository = NULL;
394  const char *zonename = NULL;
395  const char *bits = NULL;
396  const char *algorithm = NULL;
397  const char* keytype = NULL;
398  const char* keystate = NULL;
399  const char *time = NULL;
400  zone_t *zone = NULL;
401  time_t inception = 0;
402  struct tm tm;
403  (void)engine;
404  int setmin;
405  db_value_t *hsmkey_id;
407 
408  ods_log_debug("[%s] %s command", module_str, key_import_funcblock()->cmdname);
409  cmd = ods_check_command(cmd, n, key_import_funcblock()->cmdname);
410 
411  /* Use buf as an intermediate buffer for the command.*/
412  strncpy(buf, cmd, sizeof(buf));
413  buf[sizeof(buf)-1] = '\0';
414 
415  /* separate the arguments*/
416  argc = ods_str_explode(buf, NARGV, argv);
417  if (argc > NARGV) {
418  ods_log_error("[%s] too many arguments for %s command", module_str, key_import_funcblock()->cmdname);
419  client_printf_err(sockfd,"too many arguments\n");
420  return -1;
421  }
422 
423  (void)ods_find_arg_and_param(&argc,argv, "cka_id","k",&ckaid);
424  (void)ods_find_arg_and_param(&argc,argv, "repository","r",&repository);
425  (void)ods_find_arg_and_param(&argc,argv, "bits","b",&bits);
426  (void)ods_find_arg_and_param(&argc,argv, "algorithm","g",&algorithm);
427  (void)ods_find_arg_and_param(&argc,argv,"zone","z",&zonename);
428  (void)ods_find_arg_and_param(&argc, argv, "keytype", "t", &keytype);
429  (void)ods_find_arg_and_param(&argc, argv, "keystate", "e", &keystate);
430  (void)ods_find_arg_and_param(&argc,argv, "inception_time","w",&time);
431 
432  if (keytype) {
433  if (strcasecmp(keytype, "KSK") && strcasecmp(keytype, "ZSK") && strcasecmp(keytype, "CSK")) {
434  ods_log_error("[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
435  client_printf_err(sockfd, "unknown keytype, should be one of KSK, ZSK, or CSK\n");
436  return -1;
437  }
438  }
439 
440  if (keystate) {
441  if (strcasecmp(keystate, "generate") && strcasecmp(keystate, "publish") && strcasecmp(keystate, "ready") && strcasecmp(keystate, "active") && strcasecmp(keystate, "retire") && strcasecmp(keystate, "revoke")) {
442  ods_log_error("[%s] unknown keystate", module_str);
443  client_printf_err(sockfd, "unknown keystate\n");
444  return -1;
445  }
446  }
447 
448  if (argc) {
449  ods_log_error("[%s] unknown arguments for %s command", module_str, key_import_funcblock()->cmdname);
450  client_printf_err(sockfd,"unknown arguments\n");
451  return -1;
452  }
453 
454  if (!zonename) {
455  ods_log_error("[%s] expected --zone for %s command", module_str, key_import_funcblock()->cmdname);
456  client_printf_err(sockfd, "expected --zone \n");
457  return -1;
458  }
459  if (zonename && !(zone = zone_new_get_by_name(dbconn, zonename))) {
460  ods_log_error("[%s] Unknown zone: %s", module_str, zonename);
461  client_printf_err(sockfd, "Unknown zone: %s\n", zonename);
462  return -1;
463  }
464  free(zone);
465  zone = NULL;
466 
467  if (strptime(time, "%Y-%m-%d-%H:%M:%S", &tm)) {
468  tm.tm_isdst = -1;
469  inception = mktime(&tm);
470  }
471 
472  /* gen = 0, pub = 1, ready = 2, act = 3, ... */
473  int state = -1;
474  if (!strcasecmp(keystate, "generate"))
475  state = 0;
476  else if (!strcasecmp(keystate,"publish"))
477  state = 1;
478  else if (!strcasecmp(keystate, "ready"))
479  state = 2;
480  else if (!strcasecmp(keystate, "active"))
481  state = 3;
482  else if (!strcasecmp(keystate, "retire"))
483  state = 4;
484  else if (!strcasecmp(keystate, "revoke"))
485  state = 5;
486 
487  int type = -1;
488  if (!strcasecmp(keytype, "KSK"))
489  type = 1;
490  else if (!strcasecmp(keytype, "ZSK"))
491  type = 2;
492  else if (!strcasecmp(keytype, "CSK"))
493  type = 3;
494 
495  hsmkey_id = db_value_new();
496  zone = zone_new_get_by_name(dbconn, zonename);
497  policy_key = policy_key_new_get_by_policyid_and_role(dbconn, zone_policy_id(zone), type);
498  zone_free(zone);
499  if (!policy_key) {
500  ods_log_error("Unable to get policyKey, database error!");
501  client_printf_err(sockfd, "Unable to get policyKey, database error!\n");
502  db_value_free((void*)hsmkey_id);
503  return -1;
504  }
505  if (atoi(algorithm) != policy_key_algorithm(policy_key)) {
506  ods_log_error("Error: the given algorithm in import command doesn't match the algorithm in kasp");
507  client_printf_err(sockfd, "The given algorithm doesn't match the algorithm in kasp\n");
508  db_value_free((void*)hsmkey_id);
509  policy_key_free(policy_key);
510  return -1;
511  }
512 
513  setmin = policy_key_minimize(policy_key);
514  policy_key_free(policy_key);
515 
516  /* perform task immediately */
517  if (perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (unsigned int)inception)
518  || perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (unsigned int)inception, setmin, hsmkey_id)
519  || perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (unsigned int)inception, hsmkey_id)) {
520  ods_log_error("[%s] Error: Unable to add key to the database", module_str);
521  db_value_free((void*)hsmkey_id);
522  return -1;
523  }
524  db_value_free((void*)hsmkey_id);
525  client_printf(sockfd, "Key imported into zone %s\n", zonename);
526  return 0;
527 }
528 
529 static struct cmd_func_block funcblock = {
530  "key import", &usage, &help, &handles, &run
531 };
532 
533 struct cmd_func_block*
535 {
536  return &funcblock;
537 }
538 
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
Definition: key_data.c:2530
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
Definition: key_data.c:880
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
Definition: key_state.c:482
void(* help)(int sockfd)
Definition: cmdhandler.h:64
const db_value_t * zone_policy_id(const zone_t *zone)
Definition: zone.c:736
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition: hsm_key.c:603
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition: hsm_key.c:658
const int ksk_mapping[5][4]
void ods_log_debug(const char *format,...)
Definition: log.c:41
int db_value_copy(db_value_t *value, const db_value_t *from_value)
Definition: db_value.c:77
void db_value_free(db_value_t *value)
Definition: db_value.c:51
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition: hsm_key.c:681
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
Definition: policy.c:885
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition: hsm_key.c:584
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition: hsm_key.c:638
int(* run)(int sockfd, struct engine_struct *engine, const char *cmd, ssize_t n, db_connection_t *dbconn)
Definition: cmdhandler.h:79
const db_value_t * key_data_id(const key_data_t *key_data)
Definition: key_data.c:553
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition: hsm_key.c:694
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition: hsm_key.c:671
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition: hsm_key.c:648
const char * cmdname
Definition: cmdhandler.h:59
void ods_log_error(const char *format,...)
Definition: log.c:69
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
Definition: key_state.c:417
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
Definition: key_state.c:472
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
Definition: key_data.c:890
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
policy_denial_type
Definition: policy.h:40
int key_data_create(key_data_t *key_data)
Definition: key_data.c:1093
const int zsk_mapping[5][4]
void zone_free(zone_t *zone)
Definition: zone.c:325
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
Definition: key_data.c:851
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
Definition: key_state.c:436
void(* usage)(int sockfd)
Definition: cmdhandler.h:61
enum hsm_key_state hsm_key_state_t
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
Definition: key_state.c:449
unsigned int policy_zone_soa_ttl(const policy_t *policy)
Definition: policy.c:1013
void policy_free(policy_t *policy)
Definition: policy.c:518
void key_state_free(key_state_t *key_state)
Definition: key_state.c:214
key_data_t * key_data_new(const db_connection_t *connection)
Definition: key_data.c:264
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
Definition: key_data.c:923
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
zone_t * zone_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone.c:1569
unsigned int policy_parent_ds_ttl(const policy_t *policy)
Definition: policy.c:1061
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
Definition: policy_key.c:566
#define NARGV
unsigned int policy_denial_ttl(const policy_t *policy)
Definition: policy.c:909
int hsm_key_create(hsm_key_t *hsm_key)
Definition: hsm_key.c:927
db_value_t * db_value_new()
Definition: db_value.c:40
key_state_t * key_state_new(const db_connection_t *connection)
Definition: key_state.c:176
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
Definition: key_data.c:832
struct cmd_func_block * key_import_funcblock(void)
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
Definition: key_state.c:462
int key_state_create(key_state_t *key_state)
Definition: key_state.c:519
unsigned int key_data_minimize(const key_data_t *key_data)
Definition: key_data.c:775
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
Definition: key_data.c:933
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
Definition: policy_key.c:1562
const db_value_t * zone_id(const zone_t *zone)
Definition: zone.c:728
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:943
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
Definition: policy.h:60
Definition: zone.h:46
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition: policy_key.c:510
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
Definition: key_data.c:903
int(* handles)(const char *cmd, ssize_t n)
Definition: cmdhandler.h:67
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
Definition: key_data.c:956
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
Definition: key_data.c:913
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition: hsm_key.c:625
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
const int ds_at_parent[5]
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
Definition: policy.c:1021
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition: policy.c:1987
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
Definition: key_data.c:870
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition: hsm_key.c:1205
unsigned int policy_keys_ttl(const policy_t *policy)
Definition: policy.c:965
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition: hsm_key.c:244
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
Definition: key_data.c:966