if managed then refresh_plan(keyset, 0 * sec, false) end
end
+local function distrust(owner)
+ if not trust_anchors.keysets[owner] then
+ return false
+ end
+
+ if ta_update then
+ ta_update.stop(owner)
+ end
+ trust_anchors.keysets[owner] = nil
+ local store = kres.context().trust_anchors
+ C.kr_ta_del(store, owner)
+ return true
+end
+
local function ta_str(owner)
local owner_str = kres.dname2str(owner) .. ' '
local msg = ''
-- If managed and the file doesn't exist, try bootstrapping the root into it.
add_file = add_file,
config = add_file,
+ distrust = distrust,
keyset_write = keyset_write,
keyset_publish = keyset_publish,
+trust_anchors.keyfile_default = nil
local ffi = require('ffi')
same(root_ta.rrs.count, 1, 'the root TA set contains one RR')
end
+local function test_distrust()
+ -- uses root key from the previous test
+ assert(trust_anchors.keysets['\0'], 'root key must be there from previous test')
+ local ta_c = kres.context().trust_anchors
+ local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
+ assert(root_ta ~= nil, 'we got non-NULL TA RRset')
+ assert(root_ta.rrs.count, 1, 'we have a root TA set to be deleted')
+
+ trust_anchors.distrust('\0')
+
+ same(trust_anchors.keysets['\0'], nil, 'Lua interface does not have the removed key')
+ local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
+ same(root_ta == nil, true, 'C interface does not have the removed key')
+end
return {
- test_revoked_key()
+ test_revoked_key,
+ test_distrust
}
projects / thirdparty / knot-resolver.git / commitdiff
