31#include "cmdhandler.h"
37#include "clientpipe.h"
38#include "longgetopt.h"
48static const char *module_str =
"keystate_import_cmd";
53const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
54const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
58static int max(
int a,
int b) {
return a>b?a:b; }
59static int min(
int a,
int b) {
return a<b?a:b; }
64 const char *ckaid,
const char *rep,
const char *zonename,
65 int bits,
int alg,
int keytype,
unsigned int time)
70 libhsm_key_t *libhsmkey;
74 if (!(hsm_ctx = hsm_create_context())) {
77 if (!hsm_token_attached(hsm_ctx, rep)) {
78 if ((hsm_err = hsm_get_error(hsm_ctx))) {
79 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
80 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
84 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
85 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
87 hsm_destroy_context(hsm_ctx);
91 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
92 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
93 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
94 hsm_destroy_context(hsm_ctx);
97 libhsm_key_free(libhsmkey);
100 ods_log_error(
"[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
101 client_printf_err(sockfd,
"Already used this key with this locator: %s\n", ckaid);
103 hsm_destroy_context(hsm_ctx);
120 ods_log_error(
"[%s] hsm key creation failed, database or memory error", module_str);
122 hsm_destroy_context(hsm_ctx);
126 ods_log_debug(
"[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
128 hsm_destroy_context(hsm_ctx);
135 const char *ckaid,
const char *rep,
const char *zonename,
136 int alg,
int keystate,
int keytype,
unsigned int time,
int setmin,
db_value_t *hsmkey_id)
143 libhsm_key_t *libhsmkey;
147 if (!(hsm_ctx = hsm_create_context())) {
150 if (!hsm_token_attached(hsm_ctx, rep)) {
151 if ((hsm_err = hsm_get_error(hsm_ctx))) {
152 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
153 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
157 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
158 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
160 hsm_destroy_context(hsm_ctx);
164 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
165 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
166 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
167 hsm_destroy_context(hsm_ctx);
170 libhsm_key_free(libhsmkey);
172 ods_log_error(
"[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
173 hsm_destroy_context(hsm_ctx);
177 ods_log_error(
"[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
196 ods_log_error(
"[%s] key data creation failed, database or memory error", module_str);
199 hsm_destroy_context(hsm_ctx);
204 ods_log_debug(
"[%s] key data with this locator %s is created successfully", module_str, ckaid);
206 hsm_destroy_context(hsm_ctx);
214 const char *ckaid,
const char *rep,
const char *zonename,
215 int keystate,
int keytype,
unsigned int time,
db_value_t *hsmkeyid)
224 libhsm_key_t *libhsmkey;
228 if (!(hsm_ctx = hsm_create_context())) {
231 if (!hsm_token_attached(hsm_ctx, rep)) {
232 if ((hsm_err = hsm_get_error(hsm_ctx))) {
233 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
234 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
238 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
239 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
241 hsm_destroy_context(hsm_ctx);
245 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
246 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
247 client_printf(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
248 hsm_destroy_context(hsm_ctx);
251 libhsm_key_free(libhsmkey);
269 ods_log_error(
"[%s] key state creation for DS failed, database or memory error", module_str);
273 hsm_destroy_context(hsm_ctx);
287 ods_log_error(
"[%s] key state creation for DNSKEY failed, database or memory error", module_str);
291 hsm_destroy_context(hsm_ctx);
304 ods_log_error(
"[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
308 hsm_destroy_context(hsm_ctx);
330 ods_log_error(
"[%s] key state creation for RRSIG failed, database or memory error", module_str);
334 hsm_destroy_context(hsm_ctx);
337 ods_log_debug(
"[%s] key state with this locator %s is created successfully", module_str, ckaid);
342 hsm_destroy_context(hsm_ctx);
352 client_printf(sockfd,
354 " --cka_id <CKA_ID> aka -k\n"
355 " --repository <repository> aka -r\n"
356 " --zone <zone> aka -z\n"
357 " --bits <size> aka -b\n"
358 " --algorithm <algorithm> aka -g\n"
359 " --keystate <state> aka -e\n"
360 " --keytype <type> aka -t\n"
361 " --inception_time <time> aka -w\n"
368 client_printf(sockfd,
369 "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
371 "cka_id specify the locator of the key\n"
372 "repository name of the repository which the key must be stored\n"
373 "zone name of the zone for which this key is to be used\n"
374 "bits key size in bits\n"
375 "algorithm algorithm number \n"
376 "keystate state of the key in which the key will be after import\n"
377 "keytype type of the key, KSK, ZSK or CSK\n"
378 "inception_time time of inception\n\n");
382run(cmdhandler_ctx_type* context,
int argc,
char* argv[])
384 int sockfd = context->sockfd;
385 struct longgetopt optctx;
386 int long_index = 0, opt = 0;
387 const char *ckaid = NULL;
388 const char *repository = NULL;
389 const char *zonename = NULL;
390 const char *bits = NULL;
391 const char *algorithm = NULL;
392 const char* keytype = NULL;
393 const char* keystate = NULL;
394 const char *time = NULL;
396 time_t inception = 0;
403 static struct option long_options[] = {
404 {
"zone", required_argument, 0,
'z'},
405 {
"cka_id", required_argument, 0,
'k'},
406 {
"repository", required_argument, 0,
'r'},
407 {
"bits", required_argument, 0,
'b'},
408 {
"algorithm", required_argument, 0,
'g'},
409 {
"keytype", required_argument, 0,
't'},
410 {
"keystate", required_argument, 0,
'e'},
411 {
"inception_time", required_argument, 0,
'w'},
415 for(opt = longgetopt(argc, argv,
"z:k:r:b:g:t:e:w:", long_options, &long_index, &optctx); opt != -1;
416 opt = longgetopt(argc, argv, NULL, long_options, &long_index, &optctx)) {
419 zonename = optctx.optarg;
422 ckaid = optctx.optarg;
425 repository = optctx.optarg;
428 bits = optctx.optarg;
431 algorithm = optctx.optarg;
434 keytype = optctx.optarg;
437 keystate = optctx.optarg;
440 time = optctx.optarg;
443 client_printf_err(sockfd,
"unknown arguments\n");
444 ods_log_error(
"[%s] unknown arguments for key import command", module_str);
450 if (strcasecmp(keytype,
"KSK") && strcasecmp(keytype,
"ZSK") && strcasecmp(keytype,
"CSK")) {
451 ods_log_error(
"[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
452 client_printf_err(sockfd,
"unknown keytype, should be one of KSK, ZSK, or CSK\n");
457 ods_log_error(
"[%s] specify keytype for command %s", module_str, argv[0]);
458 client_printf_err(sockfd,
"specify keytype: ZSK, KSK or CSK\n");
463 if (strcasecmp(keystate,
"generate") && strcasecmp(keystate,
"publish") && strcasecmp(keystate,
"ready") && strcasecmp(keystate,
"active") && strcasecmp(keystate,
"retire") && strcasecmp(keystate,
"revoke")) {
464 ods_log_error(
"[%s] unknown keystate", module_str);
465 client_printf_err(sockfd,
"unknown keystate: states are generate, publish, ready, active or retire\n");
470 ods_log_error(
"[%s] specify keystate for command %s", module_str, argv[0]);
471 client_printf_err(sockfd,
"specify keystate: generate, publish, ready, active or retire\n");
476 ods_log_error(
"[%s] expected --zone for key import command", module_str);
477 client_printf_err(sockfd,
"expected --zone \n");
481 ods_log_error(
"[%s] Unknown zone: %s", module_str, zonename);
482 client_printf_err(sockfd,
"Unknown zone: %s\n", zonename);
489 ods_log_error(
"[%s] specify an algorithm for command %s", module_str, argv[0]);
490 client_printf_err(sockfd,
"specify an algorithm\n");
494 ods_log_error(
"[%s] specify bits for command %s", module_str, argv[0]);
495 client_printf_err(sockfd,
"specify bits\n");
499 ods_log_error(
"[%s] specify repository for command %s", module_str, argv[0]);
500 client_printf_err(sockfd,
"specify repository \n");
504 if (time && strptime(time,
"%Y-%m-%d-%H:%M:%S", &tm)) {
506 inception = mktime(&tm);
508 ods_log_error(
"[%s] specify inception time for command %s", module_str, argv[0]);
509 client_printf_err(sockfd,
"specify inception time YYYY-MM-DD-HH:MM:SS\n");
515 if (!strcasecmp(keystate,
"generate"))
517 else if (!strcasecmp(keystate,
"publish"))
519 else if (!strcasecmp(keystate,
"ready"))
521 else if (!strcasecmp(keystate,
"active"))
523 else if (!strcasecmp(keystate,
"retire"))
525 else if (!strcasecmp(keystate,
"revoke"))
529 if (!strcasecmp(keytype,
"KSK"))
531 else if (!strcasecmp(keytype,
"ZSK"))
533 else if (!strcasecmp(keytype,
"CSK"))
541 ods_log_error(
"Unable to get policyKey, database error!");
542 client_printf_err(sockfd,
"Unable to get policyKey, database error!\n");
548 ods_log_error(
"Error: the given algorithm in import command doesn't match the algorithm in kasp");
549 client_printf_err(sockfd,
"The given algorithm doesn't match the algorithm in kasp\n");
559 if (
perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (
unsigned int)inception)
560 ||
perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (
unsigned int)inception, setmin, hsmkey_id)
561 ||
perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (
unsigned int)inception, hsmkey_id)) {
562 ods_log_error(
"[%s] Error: Unable to add key to the database", module_str);
567 client_printf(sockfd,
"Key imported into zone %s\n", zonename);
572 "key import", &usage, &help, NULL, NULL, &run, NULL
int db_value_copy(db_value_t *value, const db_value_t *from_value)
db_value_t * db_value_new()
void db_value_free(db_value_t *value)
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
void hsm_key_free(hsm_key_t *hsm_key)
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
hsm_key_t * hsm_key_new(const db_connection_t *connection)
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
int hsm_key_create(hsm_key_t *hsm_key)
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
enum hsm_key_state hsm_key_state_t
int key_data_set_minimize(key_data_t *key_data, unsigned int minimize)
const db_value_t * key_data_id(const key_data_t *key_data)
void key_data_free(key_data_t *key_data)
int key_data_set_role(key_data_t *key_data, key_data_role_t role)
int key_data_set_introducing(key_data_t *key_data, unsigned int introducing)
key_data_t * key_data_new_get_by_hsm_key_id(const db_connection_t *connection, const db_value_t *hsm_key_id)
int key_data_set_active_zsk(key_data_t *key_data, unsigned int active_zsk)
int key_data_set_publish(key_data_t *key_data, unsigned int publish)
int key_data_set_zone_id(key_data_t *key_data, const db_value_t *zone_id)
int key_data_set_algorithm(key_data_t *key_data, unsigned int algorithm)
int key_data_set_inception(key_data_t *key_data, unsigned int inception)
int key_data_set_hsm_key_id(key_data_t *key_data, const db_value_t *hsm_key_id)
int key_data_set_keytag(key_data_t *key_data, unsigned int keytag)
int key_data_create(key_data_t *key_data)
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
key_data_t * key_data_new(const db_connection_t *connection)
unsigned int key_data_minimize(const key_data_t *key_data)
int key_data_set_active_ksk(key_data_t *key_data, unsigned int active_ksk)
#define KEY_DATA_ROLE_SEP(role)
int key_state_set_minimize(key_state_t *key_state, unsigned int minimize)
key_state_t * key_state_new(const db_connection_t *connection)
int key_state_set_ttl(key_state_t *key_state, unsigned int ttl)
void key_state_free(key_state_t *key_state)
int key_state_set_last_change(key_state_t *key_state, unsigned int last_change)
int key_state_set_type(key_state_t *key_state, key_state_type_t type)
int key_state_create(key_state_t *key_state)
int key_state_set_key_data_id(key_state_t *key_state, const db_value_t *key_data_id)
int key_state_set_state(key_state_t *key_state, key_state_state_t state)
@ KEY_STATE_TYPE_RRSIGDNSKEY
int perform_keydata_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int alg, int keystate, int keytype, unsigned int time, int setmin, db_value_t *hsmkey_id)
int perform_hsmkey_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int bits, int alg, int keytype, unsigned int time)
const int ksk_mapping[5][4]
int perform_keystate_import(int sockfd, db_connection_t *dbconn, const char *ckaid, const char *rep, const char *zonename, int keystate, int keytype, unsigned int time, db_value_t *hsmkeyid)
const int zsk_mapping[5][4]
const int ds_at_parent[5]
struct cmd_func_block key_import_funcblock
policy_t * policy_new(const db_connection_t *connection)
unsigned int policy_parent_ds_ttl(const policy_t *policy)
unsigned int policy_keys_ttl(const policy_t *policy)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
unsigned int policy_denial_ttl(const policy_t *policy)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
int policy_get_by_id(policy_t *policy, const db_value_t *id)
void policy_free(policy_t *policy)
@ POLICY_DENIAL_TYPE_NSEC3
policy_key_t * policy_key_new_get_by_policyid_and_role(const db_connection_t *connection, const db_value_t *policyid, const policy_key_role_t role)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
void policy_key_free(policy_key_t *policy_key)
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
void zone_db_free(zone_db_t *zone)
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
const db_value_t * zone_db_id(const zone_db_t *zone)
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)