From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sun, 29 Mar 2015 17:43:13 +0000 (+0300)
Subject: Validate key when loading from ISC map
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~33^2~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3a3ecb9d8085ceeee861c8cc37e6bcef88f8760b;p=thirdparty%2Fpdns.git

Validate key when loading from ISC map
---

diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
index 45639fe26a..3c9c684d7c 100644
--- a/pdns/pkcs11signers.cc
+++ b/pdns/pkcs11signers.cc
@@ -859,6 +859,21 @@ DNSCryptoKeyEngine::storvector_t PKCS11DNSCryptoKeyEngine::convertToISCVector()
   return storvect;
 };
 
+void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
+  drc.d_algorithm = atoi(stormap["algorithm"].c_str());
+  d_module = stormap["engine"];
+  d_slot_id = atoi(stormap["slot"].c_str());
+  d_pin = stormap["pin"];
+  d_label = stormap["label"];
+  // validate parameters
+
+  boost::shared_ptr<Pkcs11Token> d_slot;
+  d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+  if (d_pin != "" && d_slot->LoggedIn() == false)
+    if (d_slot->Login(d_pin) == false)
+      throw PDNSException("Could not log in to token (PIN wrong?)");
+};
+
 DNSCryptoKeyEngine* PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
 {
   return new PKCS11DNSCryptoKeyEngine(algorithm);
diff --git a/pdns/pkcs11signers.hh b/pdns/pkcs11signers.hh
index c803905365..97277a9d54 100644
--- a/pdns/pkcs11signers.hh
+++ b/pdns/pkcs11signers.hh
@@ -36,13 +36,7 @@ class PKCS11DNSCryptoKeyEngine : public DNSCryptoKeyEngine
     std::string getPublicKeyString() const;
     int getBits() const;
 
-    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
-      drc.d_algorithm = atoi(stormap["algorithm"].c_str());
-      d_module = stormap["engine"];
-      d_slot_id = atoi(stormap["slot"].c_str());
-      d_pin = stormap["pin"];
-      d_label = stormap["label"];
-    };
+    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap);
 
     void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) { throw "Unimplemented"; };
     void fromPublicKeyString(const std::string& content) { throw "Unimplemented"; };