35 #include "clientpipe.h" 38 #include "libhsmdns.h" 45 static const char *module_str =
"keystate_import_cmd";
50 const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
51 const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
55 static int max(
int a,
int b) {
return a>b?a:b; }
56 static int min(
int a,
int b) {
return a<b?a:b; }
61 const char *ckaid,
const char *rep,
const char *zonename,
62 int bits,
int alg,
int keytype,
unsigned int time)
67 libhsm_key_t *libhsmkey;
71 if (!(hsm_ctx = hsm_create_context())) {
74 if (!hsm_token_attached(hsm_ctx, rep)) {
75 if ((hsm_err = hsm_get_error(hsm_ctx))) {
76 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
77 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
81 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
82 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
84 hsm_destroy_context(hsm_ctx);
88 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
89 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
90 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
91 hsm_destroy_context(hsm_ctx);
97 ods_log_error(
"[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
98 client_printf_err(sockfd,
"Already used this key with this locator: %s\n", ckaid);
100 hsm_destroy_context(hsm_ctx);
117 ods_log_error(
"[%s] hsm key creation failed, database or memory error", module_str);
119 hsm_destroy_context(hsm_ctx);
123 ods_log_debug(
"[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
125 hsm_destroy_context(hsm_ctx);
132 const char *ckaid,
const char *rep,
const char *zonename,
133 int alg,
int keystate,
int keytype,
unsigned int time,
int setmin,
db_value_t *hsmkey_id)
140 libhsm_key_t *libhsmkey;
144 if (!(hsm_ctx = hsm_create_context())) {
147 if (!hsm_token_attached(hsm_ctx, rep)) {
148 if ((hsm_err = hsm_get_error(hsm_ctx))) {
149 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
150 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
154 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
155 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
157 hsm_destroy_context(hsm_ctx);
161 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
162 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
163 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
164 hsm_destroy_context(hsm_ctx);
169 ods_log_error(
"[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
170 hsm_destroy_context(hsm_ctx);
173 if (hsm_keytag(ckaid, alg, keytype == 1 ? 1 : 0, &tag)) {
174 ods_log_error(
"[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
193 ods_log_error(
"[%s] key data creation failed, database or memory error", module_str);
196 hsm_destroy_context(hsm_ctx);
201 ods_log_debug(
"[%s] key data with this locator %s is created successfully", module_str, ckaid);
203 hsm_destroy_context(hsm_ctx);
211 const char *ckaid,
const char *rep,
const char *zonename,
212 int keystate,
int keytype,
unsigned int time,
db_value_t *hsmkeyid)
221 libhsm_key_t *libhsmkey;
225 if (!(hsm_ctx = hsm_create_context())) {
228 if (!hsm_token_attached(hsm_ctx, rep)) {
229 if ((hsm_err = hsm_get_error(hsm_ctx))) {
230 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
231 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
235 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
236 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
238 hsm_destroy_context(hsm_ctx);
242 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
243 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
244 client_printf(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
245 hsm_destroy_context(hsm_ctx);
266 ods_log_error(
"[%s] key state creation for DS failed, database or memory error", module_str);
270 hsm_destroy_context(hsm_ctx);
284 ods_log_error(
"[%s] key state creation for DNSKEY failed, database or memory error", module_str);
288 hsm_destroy_context(hsm_ctx);
301 ods_log_error(
"[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
305 hsm_destroy_context(hsm_ctx);
327 ods_log_error(
"[%s] key state creation for RRSIG failed, database or memory error", module_str);
331 hsm_destroy_context(hsm_ctx);
334 ods_log_debug(
"[%s] key state with this locator %s is created successfully", module_str, ckaid);
339 hsm_destroy_context(hsm_ctx);
349 client_printf(sockfd,
351 " --cka_id <CKA_ID> aka -k\n" 352 " --repository <repository> aka -r\n" 353 " --zone <zone> aka -z\n" 354 " --bits <size> aka -b\n" 355 " --algorithm <algorithm> aka -g\n" 356 " --keystate <state> aka -e\n" 357 " --keytype <type> aka -t\n" 358 " --inception_time <time> aka -w\n" 365 client_printf(sockfd,
366 "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n" 368 "cka_id specify the locator of the key\n" 369 "repository name of the repository which the key must be stored\n" 370 "zone name of the zone for which this key is to be used\n" 371 "bits key size in bits\n" 372 "algorithm algorithm number \n" 373 "keystate state of the key in which the key will be after import\n" 374 "keytype type of the key, KSK, ZSK or CSK\n" 375 "inception_time time of inception\n\n");
379 handles(
const char *cmd, ssize_t n)
389 char buf[ODS_SE_MAXLINE];
390 const char *argv[
NARGV];
392 const char *ckaid = NULL;
393 const char *repository = NULL;
394 const char *zonename = NULL;
395 const char *bits = NULL;
396 const char *algorithm = NULL;
397 const char* keytype = NULL;
398 const char* keystate = NULL;
399 const char *time = NULL;
401 time_t inception = 0;
412 strncpy(buf, cmd,
sizeof(buf));
413 buf[
sizeof(buf)-1] =
'\0';
416 argc = ods_str_explode(buf,
NARGV, argv);
419 client_printf_err(sockfd,
"too many arguments\n");
423 (void)ods_find_arg_and_param(&argc,argv,
"cka_id",
"k",&ckaid);
424 (void)ods_find_arg_and_param(&argc,argv,
"repository",
"r",&repository);
425 (void)ods_find_arg_and_param(&argc,argv,
"bits",
"b",&bits);
426 (void)ods_find_arg_and_param(&argc,argv,
"algorithm",
"g",&algorithm);
427 (void)ods_find_arg_and_param(&argc,argv,
"zone",
"z",&zonename);
428 (void)ods_find_arg_and_param(&argc, argv,
"keytype",
"t", &keytype);
429 (void)ods_find_arg_and_param(&argc, argv,
"keystate",
"e", &keystate);
430 (void)ods_find_arg_and_param(&argc,argv,
"inception_time",
"w",&time);
433 if (strcasecmp(keytype,
"KSK") && strcasecmp(keytype,
"ZSK") && strcasecmp(keytype,
"CSK")) {
434 ods_log_error(
"[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
435 client_printf_err(sockfd,
"unknown keytype, should be one of KSK, ZSK, or CSK\n");
441 if (strcasecmp(keystate,
"generate") && strcasecmp(keystate,
"publish") && strcasecmp(keystate,
"ready") && strcasecmp(keystate,
"active") && strcasecmp(keystate,
"retire") && strcasecmp(keystate,
"revoke")) {
443 client_printf_err(sockfd,
"unknown keystate\n");
450 client_printf_err(sockfd,
"unknown arguments\n");
456 client_printf_err(sockfd,
"expected --zone \n");
460 ods_log_error(
"[%s] Unknown zone: %s", module_str, zonename);
461 client_printf_err(sockfd,
"Unknown zone: %s\n", zonename);
467 if (strptime(time,
"%Y-%m-%d-%H:%M:%S", &tm)) {
469 inception = mktime(&tm);
474 if (!strcasecmp(keystate,
"generate"))
476 else if (!strcasecmp(keystate,
"publish"))
478 else if (!strcasecmp(keystate,
"ready"))
480 else if (!strcasecmp(keystate,
"active"))
482 else if (!strcasecmp(keystate,
"retire"))
484 else if (!strcasecmp(keystate,
"revoke"))
488 if (!strcasecmp(keytype,
"KSK"))
490 else if (!strcasecmp(keytype,
"ZSK"))
492 else if (!strcasecmp(keytype,
"CSK"))
501 client_printf_err(sockfd,
"Unable to get policyKey, database error!\n");
506 ods_log_error(
"Error: the given algorithm in import command doesn't match the algorithm in kasp");
507 client_printf_err(sockfd,
"The given algorithm doesn't match the algorithm in kasp\n");
517 if (
perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (
unsigned int)inception)
518 ||
perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (
unsigned int)inception, setmin, hsmkey_id)
519 ||
perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (
unsigned int)inception, hsmkey_id)) {
520 ods_log_error(
"[%s] Error: Unable to add key to the database", module_str);
525 client_printf(sockfd,
"Key imported into zone %s\n", zonename);
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
const db_value_t * zone_policy_id(const zone_t *zone)
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
const int ksk_mapping[5][4]
void ods_log_debug(const char *format,...)
int db_value_copy(db_value_t *value, const db_value_t *from_value)
void db_value_free(db_value_t *value)
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
int(* run)(int sockfd, struct engine_struct *engine, const char *cmd, ssize_t n, db_connection_t *dbconn)
const db_value_t * key_data_id(const key_data_t *key_data)
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
void ods_log_error(const char *format,...)
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
int key_data_create(key_data_t *key_data)
const int zsk_mapping[5][4]
void zone_free(zone_t *zone)
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
void(* usage)(int sockfd)
enum hsm_key_state hsm_key_state_t
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
void policy_free(policy_t *policy)
void key_state_free(key_state_t *key_state)
key_data_t * key_data_new(const db_connection_t *connection)
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
policy_t * policy_new(const db_connection_t *connection)
zone_t * zone_new_get_by_name(const db_connection_t *connection, const char *name)
unsigned int policy_parent_ds_ttl(const policy_t *policy)
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
unsigned int policy_denial_ttl(const policy_t *policy)
int hsm_key_create(hsm_key_t *hsm_key)
db_value_t * db_value_new()
key_state_t * key_state_new(const db_connection_t *connection)
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
struct cmd_func_block * key_import_funcblock(void)
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
int key_state_create(key_state_t *key_state)
unsigned int key_data_minimize(const key_data_t *key_data)
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
void key_data_free(key_data_t *key_data)
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
const db_value_t * zone_id(const zone_t *zone)
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
void hsm_key_free(hsm_key_t *hsm_key)
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
int(* handles)(const char *cmd, ssize_t n)
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
const int ds_at_parent[5]
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
int policy_get_by_id(policy_t *policy, const db_value_t *id)
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
void policy_key_free(policy_key_t *policy_key)
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
unsigned int policy_keys_ttl(const policy_t *policy)
hsm_key_t * hsm_key_new(const db_connection_t *connection)
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)