Add function to see if dst key uses kasp

For purposes of zones transitioning back to insecure mode, it is
practical to see if related keys have a state file associated.

(cherry picked from commit 8f2c5e45da47394c812f5499b2766b13387c7bbc)

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index aaa6479661d418fc8c86266cf53951380e9bc8fe..8bd0605e8370c1514493f934dcfb9cd5d9daad19 100644 (file)
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -649,12 +649,14 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
                                   filename, ".state");
                INSIST(result == ISC_R_SUCCESS);
 
+               key->kasp = false;
                result = dst_key_read_state(newfilename, mctx, &key);
-               if (result == ISC_R_FILENOTFOUND) {
+               if (result == ISC_R_SUCCESS) {
+                       key->kasp = true;
+               } else if (result == ISC_R_FILENOTFOUND) {
                        /* Having no state is valid. */
                        result = ISC_R_SUCCESS;
                }
-
                isc_mem_put(mctx, newfilename, newfilenamelen);
                newfilename = NULL;
                RETERR(result);
@@ -2600,6 +2602,8 @@ dst_key_goal(dst_key_t *key) {
        dst_key_state_t state;
        isc_result_t result;
 
+       REQUIRE(VALID_KEY(key));
+
        result = dst_key_getstate(key, DST_KEY_GOAL, &state);
        if (result == ISC_R_SUCCESS) {
                return (state);
@@ -2607,6 +2611,13 @@ dst_key_goal(dst_key_t *key) {
        return (DST_KEY_STATE_HIDDEN);
 }
 
+bool
+dst_key_haskasp(dst_key_t *key) {
+       REQUIRE(VALID_KEY(key));
+
+       return (key->kasp);
+}
+
 void
 dst_key_copy_metadata(dst_key_t *to, dst_key_t *from) {
        dst_key_state_t state;

diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
index ffccd92880fbcbaf4ef1569725ea84e17640b8f9..62526328515e2fd9e6fb6b3da58fd7a7a0ceb396 100644 (file)
--- a/lib/dns/dst_internal.h
+++ b/lib/dns/dst_internal.h
@@ -123,6 +123,7 @@ struct dst_key {
        bool keystateset[DST_MAX_KEYSTATES + 1];          /*%< data
                                                           * set? */
 
+       bool kasp;     /*%< key has kasp state */
        bool inactive; /*%< private key not present as it is
                        * inactive */
        bool external; /*%< external key */

diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 5ae0f87be917c06928779351b415e111ab9ab8b5..010bc99a3953a40922b50a1b0fe249d53433c085 100644 (file)
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -1103,6 +1103,15 @@ dst_key_isexternal(dst_key_t *key);
  *     'key' to be valid.
  */
 
+bool
+dst_key_haskasp(dst_key_t *key);
+/*%<
+ * Check if this key has state (and thus uses KASP).
+ *
+ * Requires:
+ *     'key' to be valid.
+ */
+
 bool
 dst_key_is_unused(dst_key_t *key);
 /*%<

diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 9c0e93201a03686ef4acd3095d992410a740ea5e..3a169309cd1b3265b260bf71f95aad256a98f7e4 100644 (file)
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -1469,6 +1469,7 @@ dst_key_getstate
 dst_key_gettime
 dst_key_getttl
 dst_key_goal
+dst_key_haskasp
 dst_key_id
 dst_key_is_active
 dst_key_is_published