Validate key when loading from ISC map

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 45639fe26a5c57f70a8307e9efa8fe35b9405a58..3c9c684d7c8645eefe25be63601019df25cef54d 100644 (file)
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -859,6 +859,21 @@ DNSCryptoKeyEngine::storvector_t PKCS11DNSCryptoKeyEngine::convertToISCVector()
   return storvect;
 };
 
+void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
+  drc.d_algorithm = atoi(stormap["algorithm"].c_str());
+  d_module = stormap["engine"];
+  d_slot_id = atoi(stormap["slot"].c_str());
+  d_pin = stormap["pin"];
+  d_label = stormap["label"];
+  // validate parameters
+
+  boost::shared_ptr<Pkcs11Token> d_slot;
+  d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+  if (d_pin != "" && d_slot->LoggedIn() == false)
+    if (d_slot->Login(d_pin) == false)
+      throw PDNSException("Could not log in to token (PIN wrong?)");
+};
+
 DNSCryptoKeyEngine* PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
 {
   return new PKCS11DNSCryptoKeyEngine(algorithm);

diff --git a/pdns/pkcs11signers.hh b/pdns/pkcs11signers.hh
index c80390536562608a639dc0abbe390a25c306e491..97277a9d54937c31866fae19e95ce0ed133495e9 100644 (file)
--- a/pdns/pkcs11signers.hh
+++ b/pdns/pkcs11signers.hh
@@ -36,13 +36,7 @@ class PKCS11DNSCryptoKeyEngine : public DNSCryptoKeyEngine
     std::string getPublicKeyString() const;
     int getBits() const;
 
-    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
-      drc.d_algorithm = atoi(stormap["algorithm"].c_str());
-      d_module = stormap["engine"];
-      d_slot_id = atoi(stormap["slot"].c_str());
-      d_pin = stormap["pin"];
-      d_label = stormap["label"];
-    };
+    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap);
 
     void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) { throw "Unimplemented"; };
     void fromPublicKeyString(const std::string& content) { throw "Unimplemented"; };