Remove trailing whitespaces

diff --git a/ext/ipcrypt/ipcrypt.h b/ext/ipcrypt/ipcrypt.h
index 5d07614a1320fddec775b0f4095a474ccefeb911..76b94f58d0bc33a94ef953c1a0d82dc729a89dd1 100644 (file)
--- a/ext/ipcrypt/ipcrypt.h
+++ b/ext/ipcrypt/ipcrypt.h
@@ -16,9 +16,9 @@ int ipcrypt_encrypt(unsigned char out[IPCRYPT_BYTES],
 int ipcrypt_decrypt(unsigned char out[IPCRYPT_BYTES],
                     const unsigned char in[IPCRYPT_BYTES],
                     const unsigned char key[IPCRYPT_KEYBYTES]);
-  
+
 #ifdef __cplusplus
 }  /* End of the 'extern "C"' block */
 #endif
-  
+
 #endif

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index acfc9d5c7456478cb35a507722a449a6f5019b9a..e1b6e1b20733963659e4e170e84ff7322a9b5965 100644 (file)
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -895,7 +895,7 @@ dnswasher_SOURCES = \
        statbag.cc \
        unix_utility.cc
 
-dnswasher_LDFLAGS =    $(AM_LDFLAGS) $(BOOST_PROGRAM_OPTIONS_LDFLAGS)  $(LIBCRYPTO_LDFLAGS) 
+dnswasher_LDFLAGS =    $(AM_LDFLAGS) $(BOOST_PROGRAM_OPTIONS_LDFLAGS) $(LIBCRYPTO_LDFLAGS)
 dnswasher_LDADD =      $(BOOST_PROGRAM_OPTIONS_LIBS) $(LIBCRYPTO_LIBS)
 
 dnsbulktest_SOURCES = \

diff --git a/pdns/dnsdist-lua-bindings.cc b/pdns/dnsdist-lua-bindings.cc
index b7702c0fcd62d88f674d726ff8ef808e5936610b..ba1e49b3f08659f26db879ef0ad52acf41836875 100644 (file)
--- a/pdns/dnsdist-lua-bindings.cc
+++ b/pdns/dnsdist-lua-bindings.cc
@@ -183,7 +183,7 @@ void setupLuaBindings(bool client)
       return makeIPCipherKey(password);
     });
 #endif /* HAVE_LIBCRYPTO */
-  
+
   /* DNSName */
   g_lua.registerFunction("isPartOf", &DNSName::isPartOf);
   g_lua.registerFunction<bool(DNSName::*)()>("chopOff", [](DNSName&dn ) { return dn.chopOff(); });

diff --git a/pdns/dnsdistdist/docs/reference/comboaddress.rst b/pdns/dnsdistdist/docs/reference/comboaddress.rst
index ca1262df2080fd8a224481767015db447176327a..7ecdfa6545f0055a71a299a6fcd0824e063e8f1f 100644 (file)
--- a/pdns/dnsdistdist/docs/reference/comboaddress.rst
+++ b/pdns/dnsdistdist/docs/reference/comboaddress.rst
@@ -31,9 +31,9 @@ ComboAddresses can be IPv4 or IPv6, and unless you want to know, you don't need
   .. method:: ComboAddress:ipencrypt(key) -> ComboAddress
 
     Encrypt this IP address as described in https://powerdns.org/ipcipher
-    
+
     :param string key: A 16 byte key. Note that this can be derived from a passphrase with the standalone function `makeIPCipherKey`
-  
+
   .. method:: ComboAddress:isIPv4() -> bool
 
     Returns true if the address is an IPv4, false otherwise

diff --git a/pdns/dnswasher.cc b/pdns/dnswasher.cc
index 0f81c385be7db7b2df6c9e3bcc25728ffce18e69..3ae3ea7ee3886043f7fdf6c37509ea630cd09bb7 100644 (file)
--- a/pdns/dnswasher.cc
+++ b/pdns/dnswasher.cc
@@ -72,7 +72,7 @@ public:
   {
     return std::unique_ptr<IPObfuscator>(new IPSeqObfuscator());
   }
-  
+
   uint32_t obf4(uint32_t orig) override
   {
     if(d_romap.count(orig))
@@ -132,7 +132,7 @@ public:
   {
     return std::unique_ptr<IPObfuscator>(new IPCipherObfuscator(key, decrypt));
   }
-  
+
   uint32_t obf4(uint32_t orig) override
   {
     ComboAddress ca;
@@ -172,7 +172,7 @@ try
     ("key,k", po::value<string>(), "base64 encoded 128 bit key for ipcipher")
     ("passphrase,p", po::value<string>(), "passphrase for ipcipher (will be used to derive key)")
     ("decrypt,d", "decrypt IP addresses with ipcipher");
-  
+
   po::options_description alloptions;
   po::options_description hidden("hidden options");
   hidden.add_options()
@@ -206,7 +206,7 @@ try
   }
 
   bool doDecrypt = g_vm.count("decrypt");
-  
+
   PcapPacketWriter pw(g_vm["outfile"].as<string>());
   std::unique_ptr<IPObfuscator> ipo;
 
@@ -222,7 +222,7 @@ try
   }
   else if(!g_vm.count("key") && g_vm.count("passphrase")) {
     string key = makeIPCipherKey(g_vm["passphrase"].as<string>());
-    
+
     ipo = IPCipherObfuscator::make(key, doDecrypt);
   }
   else {
@@ -237,21 +237,21 @@ try
     while(pr.getUDPPacket()) {
       if(ntohs(pr.d_udp->uh_dport)==53 || (ntohs(pr.d_udp->uh_sport)==53 && pr.d_len > sizeof(dnsheader))) {
         dnsheader* dh=(dnsheader*)pr.d_payload;
-        
+
         if (pr.d_ip->ip_v == 4){
           uint32_t *src=(uint32_t*)&pr.d_ip->ip_src;
           uint32_t *dst=(uint32_t*)&pr.d_ip->ip_dst;
-          
+
           if(dh->qr)
             *dst=ipo->obf4(*dst);
           else
             *src=ipo->obf4(*src);
-          
+
           pr.d_ip->ip_sum=0;
         } else if (pr.d_ip->ip_v == 6) {
           auto src=&pr.d_ip6->ip6_src;
           auto dst=&pr.d_ip6->ip6_dst;
-          
+
           if(dh->qr)
             *dst=ipo->obf6(*dst);
           else

diff --git a/pdns/ipcipher.cc b/pdns/ipcipher.cc
index 745fe4721f88a71759c0f7bad7a62c5ac59ae25b..57a2aa3f8a26dcf0b02e409d5b31ebe3f27531d1 100644 (file)
--- a/pdns/ipcipher.cc
+++ b/pdns/ipcipher.cc
@@ -22,7 +22,7 @@ static ComboAddress encryptCA4(const ComboAddress& ca, const std::string &key)
 {
   if(key.size() != 16)
     throw std::runtime_error("Need 128 bits of key for ipcrypt");
-  
+
   ComboAddress ret=ca;
 
   // always returns 0, has no failure mode
@@ -36,7 +36,7 @@ static ComboAddress decryptCA4(const ComboAddress& ca, const std::string &key)
 {
   if(key.size() != 16)
     throw std::runtime_error("Need 128 bits of key for ipcrypt");
-  
+
   ComboAddress ret=ca;
 
   // always returns 0, has no failure mode
@@ -57,7 +57,7 @@ static ComboAddress encryptCA6(const ComboAddress& ca, const std::string &key)
   AES_KEY wctx;
   AES_set_encrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
   AES_encrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
-              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);  
+              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);
 
   return ret;
 }
@@ -66,13 +66,13 @@ static ComboAddress decryptCA6(const ComboAddress& ca, const std::string &key)
 {
   if(key.size() != 16)
     throw std::runtime_error("Need 128 bits of key for ipcrypt");
-  
+
   ComboAddress ret=ca;
   AES_KEY wctx;
   AES_set_decrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
   AES_decrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
-              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);  
-  
+              (unsigned char*)&ret.sin6.sin6_addr.s6_addr, &wctx);
+
   return ret;
 }
 

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index ffad92e75bd45d2881e5a529e4a1d4b732ba4f63..1a93fd1d51b1be863d56339a6923d04e6e17e351 100644 (file)
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -77,7 +77,7 @@ void loadMainConfig(const std::string& configdir)
     exit(0);
   }
 
-  if(::arg()["config-name"]!="") 
+  if(::arg()["config-name"]!="")
     s_programname+="-"+::arg()["config-name"];
 
   string configname=::arg()["config-dir"]+"/"+s_programname+".conf";
@@ -113,22 +113,22 @@ void loadMainConfig(const std::string& configdir)
   g_log.toConsole(Logger::Error);   // so we print any errors
   BackendMakers().launch(::arg()["launch"]); // vrooooom!
   if(::arg().asNum("loglevel") >= 3) // so you can't kill our errors
-    g_log.toConsole((Logger::Urgency)::arg().asNum("loglevel"));  
+    g_log.toConsole((Logger::Urgency)::arg().asNum("loglevel"));
 
   //cerr<<"Backend: "<<::arg()["launch"]<<", '" << ::arg()["gmysql-dbname"] <<"'" <<endl;
 
   S.declare("qsize-q","Number of questions waiting for database attention");
-          
+
   ::arg().set("max-cache-entries", "Maximum number of cache entries")="1000000";
-  ::arg().set("cache-ttl","Seconds to store packets in the PacketCache")="20";              
+  ::arg().set("cache-ttl","Seconds to store packets in the PacketCache")="20";
   ::arg().set("negquery-cache-ttl","Seconds to store negative query results in the QueryCache")="60";
-  ::arg().set("query-cache-ttl","Seconds to store query results in the QueryCache")="20";              
+  ::arg().set("query-cache-ttl","Seconds to store query results in the QueryCache")="20";
   ::arg().set("default-soa-name","name to insert in the SOA record if none set in the backend")="a.misconfigured.powerdns.server";
   ::arg().set("default-soa-mail","mail address to insert in the SOA record if none set in the backend")="";
   ::arg().set("soa-refresh-default","Default SOA refresh")="10800";
   ::arg().set("soa-retry-default","Default SOA retry")="3600";
   ::arg().set("soa-expire-default","Default SOA expire")="604800";
-  ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";    
+  ::arg().set("soa-minimum-ttl","Default SOA minimum ttl")="3600";
   ::arg().set("chroot","Switch to this chroot jail")="";
   ::arg().set("dnssec-key-cache-ttl","Seconds to cache DNSSEC keys from the database")="30";
   ::arg().set("domain-metadata-cache-ttl","Seconds to cache domain metadata from the database")="60";
@@ -323,7 +323,7 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, const vect
       records.push_back(drr);
     }
   }
-  else 
+  else
     records=*suppliedrecords;
 
   for(auto &rr : records) { // we modify this
@@ -666,7 +666,7 @@ int increaseSerial(const DNSName& zone, DNSSECKeeper &dk)
     NSEC3PARAMRecordContent ns3pr;
     bool narrow;
     bool haveNSEC3=dk.getNSEC3PARAM(zone, &ns3pr, &narrow);
-  
+
     DNSName ordername;
     if(haveNSEC3) {
       if(!narrow)
@@ -717,7 +717,7 @@ void listKey(DomainInfo const &di, DNSSECKeeper& dk, bool printHeader = true) {
     spacelen = (std::to_string(key.first.getKey()->getBits()).length() >= 8) ? 1 : 8 - std::to_string(key.first.getKey()->getBits()).length();
     if (key.first.getKey()->getBits() < 1) {
       cout<<"invalid "<<endl;
-      continue; 
+      continue;
     } else {
       cout<<key.first.getKey()->getBits()<<string(spacelen, ' ');
     }
@@ -779,7 +779,7 @@ int listKeys(const string &zname, DNSSECKeeper& dk){
 int listZone(const DNSName &zone) {
   UeberBackend B;
   DomainInfo di;
-  
+
   if (! B.getDomainInfo(zone, di)) {
     cerr<<"Domain '"<<zone<<"' not found!"<<endl;
     return EXIT_FAILURE;
@@ -791,9 +791,9 @@ int listZone(const DNSName &zone) {
   
   while(di.backend->get(rr)) {
     if(rr.qtype.getCode()) {
-      if ( (rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::SRV || rr.qtype.getCode() == QType::MX || rr.qtype.getCode() == QType::CNAME) && !rr.content.empty() && rr.content[rr.content.size()-1] != '.') 
+      if ( (rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::SRV || rr.qtype.getCode() == QType::MX || rr.qtype.getCode() == QType::CNAME) && !rr.content.empty() && rr.content[rr.content.size()-1] != '.')
        rr.content.append(1, '.');
-       
+
       cout<<rr.qname<<"\t"<<rr.ttl<<"\tIN\t"<<rr.qtype.getName()<<"\t"<<rr.content<<"\n";
     }
   }
@@ -802,8 +802,8 @@ int listZone(const DNSName &zone) {
 }
 
 // lovingly copied from http://stackoverflow.com/questions/1798511/how-to-avoid-press-enter-with-any-getchar
-int read1char(){   
-    int c;   
+int read1char(){
+    int c;
     static struct termios oldt, newt;
 
     /*tcgetattr gets the parameters of the current terminal
@@ -815,7 +815,7 @@ int read1char(){
 
     /*ICANON normally takes care that one line at a time will be processed
     that means it will return if it sees a "\n" or an EOF or an EOL*/
-    newt.c_lflag &= ~(ICANON);          
+    newt.c_lflag &= ~(ICANON);
 
     /*Those new settings will be set to STDIN
     TCSANOW tells tcsetattr to change attributes immediately. */
@@ -832,7 +832,7 @@ int read1char(){
 int clearZone(DNSSECKeeper& dk, const DNSName &zone) {
   UeberBackend B;
   DomainInfo di;
-  
+
   if (! B.getDomainInfo(zone, di)) {
     cerr<<"Domain '"<<zone<<"' not found!"<<endl;
     return EXIT_FAILURE;
@@ -848,7 +848,7 @@ int clearZone(DNSSECKeeper& dk, const DNSName &zone) {
 int editZone(DNSSECKeeper& dk, const DNSName &zone) {
   UeberBackend B;
   DomainInfo di;
-  
+
   if (! B.getDomainInfo(zone, di)) {
     cerr<<"Domain '"<<zone<<"' not found!"<<endl;
     return EXIT_FAILURE;
@@ -938,7 +938,7 @@ int editZone(DNSSECKeeper& dk, const DNSName &zone) {
     cerr<<"\n";
     if(c!='a')
       post.clear();
-    if(c=='e') 
+    if(c=='e')
       goto editMore;
     else if(c=='r')
       goto editAgain;
@@ -1007,7 +1007,7 @@ static int xcryptIP(const std::string& cmd, const std::string& ip, const std::st
 {
 
   ComboAddress ca(ip), ret;
-  
+
   if(cmd=="ipencrypt")
     ret = encryptCA(ca, rkey);
   else
@@ -1028,7 +1028,7 @@ int loadZone(DNSName zone, const string& fname) {
   else {
     cerr<<"Creating '"<<zone<<"'"<<endl;
     B.createDomain(zone);
-    
+
     if(!B.getDomainInfo(zone, di)) {
       cerr<<"Domain '"<<zone<<"' was not created - perhaps backend ("<<::arg()["launch"]<<") does not support storing new zones."<<endl;
       return EXIT_FAILURE;
@@ -1036,13 +1036,13 @@ int loadZone(DNSName zone, const string& fname) {
   }
   DNSBackend* db = di.backend;
   ZoneParserTNG zpt(fname, zone);
-  
+
   DNSResourceRecord rr;
   if(!db->startTransaction(zone, di.id)) {
     cerr<<"Unable to start transaction for load of zone '"<<zone<<"'"<<endl;
     return EXIT_FAILURE;
   }
-  rr.domain_id=di.id;  
+  rr.domain_id=di.id;
   bool haveSOA = false;
   while(zpt.get(rr)) {
     if(!rr.qname.isPartOf(zone) && rr.qname!=zone) {
@@ -1080,7 +1080,7 @@ int createZone(const DNSName &zone, const DNSName& nsname) {
   rr.auth = 1;
   rr.ttl = ::arg().asNum("default-ttl");
   rr.qtype = "SOA";
-  
+
   string soa = (boost::format("%s %s 1")
                 % (nsname.empty() ? ::arg()["default-soa-name"] : nsname.toString())
                 % (::arg().isEmpty("default-soa-mail") ? (DNSName("hostmaster.") + zone).toString() : ::arg()["default-soa-mail"])
@@ -1097,7 +1097,7 @@ int createZone(const DNSName &zone, const DNSName& nsname) {
     rr.content=nsname.toStringNoDot();
     di.backend->feedRecord(rr, DNSName());
   }
-  
+
   di.backend->commitTransaction();
 
   return EXIT_SUCCESS;
@@ -1159,7 +1159,7 @@ int addOrReplaceRecord(bool addOrReplace, const vector<string>& cmds) {
   DNSName name;
   if(cmds[2]=="@")
     name=zone;
-  else 
+  else
     name=DNSName(cmds[2])+zone;
 
   rr.qtype = DNSRecordContent::TypeToNumber(cmds[3]);
@@ -1227,7 +1227,7 @@ int addOrReplaceRecord(bool addOrReplace, const vector<string>& cmds) {
     newrrs.push_back(rr);
   }
 
-  
+
   di.backend->replaceRRSet(di.id, name, rr.qtype, newrrs);
   // need to be explicit to bypass the ueberbackend cache!
   di.backend->lookup(rr.qtype, name, 0, di.id);
@@ -1239,7 +1239,7 @@ int addOrReplaceRecord(bool addOrReplace, const vector<string>& cmds) {
 }
 
 // delete-rrset zone name type
-int deleteRRSet(const std::string& zone_, const std::string& name_, const std::string& type_) 
+int deleteRRSet(const std::string& zone_, const std::string& name_, const std::string& type_)
 {
   UeberBackend B;
   DomainInfo di;
@@ -1252,7 +1252,7 @@ int deleteRRSet(const std::string& zone_, const std::string& name_, const std::s
   DNSName name;
   if(name_=="@")
     name=zone;
-  else 
+  else
     name=DNSName(name_)+zone;
 
   QType qt(QType::chartocode(type_.c_str()));
@@ -1317,16 +1317,16 @@ void testSpeed(DNSSECKeeper& dk, const DNSName& zone, const string& remote, int
   rr.ttl=3600;
   rr.auth=1;
   rr.qclass = QClass::IN;
-  
+
   UeberBackend db("key-only");
-  
+
   if ( ! db.backends.size() )
   {
     throw runtime_error("No backends available for DNSSEC key storage");
   }
 
   ChunkedSigningPipe csp(DNSName(zone), 1, cores);
-  
+
   vector<DNSZoneRecord> signatures;
   uint32_t rnd;
   unsigned char* octets = (unsigned char*)&rnd;
@@ -1335,10 +1335,10 @@ void testSpeed(DNSSECKeeper& dk, const DNSName& zone, const string& remote, int
   dt.set();
   for(unsigned int n=0; n < 100000; ++n) {
     rnd = dns_random(UINT32_MAX);
-    snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d", 
+    snprintf(tmp, sizeof(tmp), "%d.%d.%d.%d",
       octets[0], octets[1], octets[2], octets[3]);
     rr.content=tmp;
-    
+
     snprintf(tmp, sizeof(tmp), "r-%u", rnd);
     rr.qname=DNSName(tmp)+zone;
     DNSZoneRecord dzr;
@@ -1384,7 +1384,7 @@ void verifyCrypto(const string& zone)
       toSign.push_back(DNSRecordContent::mastermake(rr.qtype.getCode(), 1, rr.content));
     }
   }
-  
+
   string msg = getMessageForRRSET(qname, rrc, toSign);
   cerr<<"Verify: "<<DNSCryptoKeyEngine::makeFromPublicKeyString(drc.d_algorithm, drc.d_key)->verify(msg, rrc.d_signature)<<endl;
   if(dsrc.d_digesttype) {
@@ -1886,7 +1886,7 @@ int addOrSetMeta(const DNSName& zone, const string& kind, const vector<string>&
 
 int main(int argc, char** argv)
 try
-{  
+{
   po::options_description desc("Allowed options");
   desc.add_options()
     ("help,h", "produce help message")
@@ -1964,14 +1964,14 @@ try
 #ifdef HAVE_P11KIT1
     cout<<"hsm assign ZONE ALGORITHM {ksk|zsk} MODULE SLOT PIN LABEL"<<endl<<
           "                                   Assign a hardware signing module to a ZONE"<<endl;
-    cout<<"hsm create-key ZONE KEY-ID [BITS]  Create a key using hardware signing module for ZONE (use assign first)"<<endl; 
+    cout<<"hsm create-key ZONE KEY-ID [BITS]  Create a key using hardware signing module for ZONE (use assign first)"<<endl;
     cout<<"                                   BITS defaults to 2048"<<endl;
 #endif
     cout<<"increase-serial ZONE               Increases the SOA-serial by 1. Uses SOA-EDIT"<<endl;
     cout<<"import-tsig-key NAME ALGORITHM KEY Import TSIG key"<<endl;
     cout<<"import-zone-key ZONE FILE          Import from a file a private key, ZSK or KSK"<<endl;
     cout<<"       [active|inactive] [ksk|zsk] Defaults to KSK and active"<<endl;
-    cout<<"ipdecrypt IP passphrase/key [key]  Encrypt IP address using passphrase or base64 key"<<endl;    
+    cout<<"ipdecrypt IP passphrase/key [key]  Encrypt IP address using passphrase or base64 key"<<endl;
     cout<<"ipencrypt IP passphrase/key [key]  Encrypt IP address using passphrase or base64 key"<<endl;
     cout<<"load-zone ZONE FILE                Load ZONE from FILE, possibly creating zone or atomically"<<endl;
     cout<<"                                   replacing contents"<<endl;
@@ -2107,8 +2107,8 @@ try
       return 0;
     }
     unsigned int exitCode = 0;
-    for(unsigned int n = 1; n < cmds.size(); ++n) 
-      if (!rectifyZone(dk, DNSName(cmds[n]))) 
+    for(unsigned int n = 1; n < cmds.size(); ++n)
+      if (!rectifyZone(dk, DNSName(cmds[n])))
        exitCode = 1;
     return exitCode;
   }
@@ -2276,7 +2276,7 @@ try
         active=false;
       } else if(pdns_stou(cmds[n])) {
         bits = pdns_stou(cmds[n]);
-      } else { 
+      } else {
         cerr<<"Unknown algorithm, key flag or size '"<<cmds[n]<<"'"<<endl;
         exit(EXIT_FAILURE);;
       }
@@ -2427,7 +2427,7 @@ try
       }
       dk.commitTransaction();
     }
-    
+
     for(const auto& zone : mustRectify)
       rectifyZone(dk, zone);
 
@@ -2525,7 +2525,7 @@ try
   else if(cmds[0]=="set-presigned") {
     if(cmds.size() < 2) {
       cerr<<"Syntax: pdnsutil set-presigned ZONE"<<endl;
-      return 0; 
+      return 0;
     }
     if (! dk.setPresigned(DNSName(cmds[1]))) {
       cerr << "Could not set presigned for " << cmds[1] << " (is DNSSEC enabled in your backend?)" << endl;
@@ -2563,7 +2563,7 @@ try
   else if(cmds[0]=="unset-presigned") {
     if(cmds.size() < 2) {
       cerr<<"Syntax: pdnsutil unset-presigned ZONE"<<endl;
-      return 0;  
+      return 0;
     }
     if (! dk.unsetPresigned(DNSName(cmds[1]))) {
       cerr << "Could not unset presigned on for " << cmds[1] << endl;
@@ -2609,7 +2609,7 @@ try
     if(narrow) {
       cerr<<"The '"<<zone<<"' zone uses narrow NSEC3, but calculating hash anyhow"<<endl;
     }
-      
+
     cout<<toBase32Hex(hashQNameWithSalt(ns3pr, record))<<endl;
   }
   else if(cmds[0]=="unset-nsec3") {
@@ -2633,7 +2633,7 @@ try
     unsigned int id=pdns_stou(cmds[2]);
     DNSSECPrivateKey dpk=dk.getKeyById(DNSName(zone), id);
     cout << dpk.getKey()->convertToISC() <<endl;
-  }  
+  }
   else if(cmds[0]=="increase-serial") {
     if (cmds.size() < 2) {
       cerr<<"Syntax: pdnsutil increase-serial ZONE"<<endl;
@@ -2662,14 +2662,14 @@ try
     DNSKEYRecordContent drc;
     shared_ptr<DNSCryptoKeyEngine> key(DNSCryptoKeyEngine::makeFromPEMString(drc, raw));
     dpk.setKey(key);
-    
+
     dpk.d_algorithm = pdns_stou(cmds[3]);
-    
+
     if(dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1)
       dpk.d_algorithm = DNSSECKeeper::RSASHA1;
-      
+
     cerr<<(int)dpk.d_algorithm<<endl;
-    
+
     if(cmds.size() > 4) {
       if(pdns_iequals(cmds[4], "ZSK"))
         dpk.d_flags = 256;
@@ -2695,7 +2695,7 @@ try
     } else {
       cout<<std::to_string(id)<<endl;
     }
-    
+
   }
   else if(cmds[0]=="import-zone-key") {
     if(cmds.size() < 3) {
@@ -2709,11 +2709,11 @@ try
     shared_ptr<DNSCryptoKeyEngine> key(DNSCryptoKeyEngine::makeFromISCFile(drc, fname.c_str()));
     dpk.setKey(key);
     dpk.d_algorithm = drc.d_algorithm;
-    
+
     if(dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1)
       dpk.d_algorithm = DNSSECKeeper::RSASHA1;
-    
-    dpk.d_flags = 257; 
+
+    dpk.d_flags = 257;
     bool active=true;
 
     for(unsigned int n = 3; n < cmds.size(); ++n) {
@@ -2725,10 +2725,10 @@ try
         active = 1;
       else if(pdns_iequals(cmds[n], "passive") || pdns_iequals(cmds[n], "inactive")) // passive eventually needs to be removed
         active = 0;
-      else { 
+      else {
         cerr<<"Unknown key flag '"<<cmds[n]<<"'"<<endl;
         exit(1);
-      }          
+      }
     }
     int64_t id;
     if (!dk.addKey(DNSName(zone), dpk, id, active)) {
@@ -2806,14 +2806,14 @@ try
         }
       }
     }
-    dpk->create(bits); 
-    dspk.setKey(dpk); 
-    dspk.d_algorithm = algorithm; 
-    dspk.d_flags = keyOrZone ? 257 : 256; 
+    dpk->create(bits);
+    dspk.setKey(dpk);
+    dspk.d_algorithm = algorithm;
+    dspk.d_flags = keyOrZone ? 257 : 256;
 
-    // print key to stdout 
-    cout << "Flags: " << dspk.d_flags << endl << 
-             dspk.getKey()->convertToISC() << endl; 
+    // print key to stdout
+    cout << "Flags: " << dspk.d_flags << endl <<
+             dspk.getKey()->convertToISC() << endl;
   } else if (cmds[0]=="generate-tsig-key") {
     string usage = "Syntax: " + cmds[0] + " name (hmac-md5|hmac-sha1|hmac-sha224|hmac-sha256|hmac-sha384|hmac-sha512)";
     if (cmds.size() < 3) {
@@ -2896,7 +2896,7 @@ try
         return 1;
      }
      UeberBackend B("default");
-     std::vector<std::string> meta; 
+     std::vector<std::string> meta;
      if (!B.getDomainMetadata(zname, metaKey, meta)) {
        cerr << "Failure enabling TSIG key " << name << " for " << zname << endl;
        return 1;
@@ -2978,7 +2978,7 @@ try
       for(const auto& each_meta: meta) {
         cout << each_meta.first << " = " << boost::join(each_meta.second, ", ") << endl;
       }
-    }  
+    }
     return 0;
 
   } else if (cmds[0]=="set-meta" || cmds[0]=="add-meta") {
@@ -3044,11 +3044,11 @@ try
          pub_label = label;
 
       std::ostringstream iscString;
-      iscString << "Private-key-format: v1.2" << std::endl << 
-        "Algorithm: " << algorithm << std::endl << 
+      iscString << "Private-key-format: v1.2" << std::endl <<
+        "Algorithm: " << algorithm << std::endl <<
         "Engine: " << module << std::endl <<
         "Slot: " << slot << std::endl <<
-        "PIN: " << pin << std::endl << 
+        "PIN: " << pin << std::endl <<
         "Label: " << label << std::endl <<
         "PubLabel: " << pub_label << std::endl;
 
@@ -3103,19 +3103,19 @@ try
         cerr << "Unable to create key for unknown zone '" << zone << "'" << std::endl;
         return 1;
       }
- 
+
       id = pdns_stou(cmds[3]);
-      std::vector<DNSBackend::KeyData> keys; 
+      std::vector<DNSBackend::KeyData> keys;
       if (!B.getDomainKeys(zone, keys)) {
         cerr << "No keys found for zone " << zone << std::endl;
         return 1;
-      } 
+      }
 
       std::shared_ptr<DNSCryptoKeyEngine> dke = nullptr;
-      // lookup correct key      
+      // lookup correct key
       for(DNSBackend::KeyData &kd :  keys) {
         if (kd.id == id) {
-          // found our key. 
+          // found our key.
           DNSKEYRecordContent dkrc;
           dke = DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content);
         }
@@ -3144,7 +3144,7 @@ try
     }
 #else
     cerr<<"PKCS#11 support not enabled"<<endl;
-    return 1; 
+    return 1;
 #endif
   } else if (cmds[0] == "b2b-migrate") {
     if (cmds.size() < 3) {