From: Miod Vallat <miod.vallat@open-xchange.com>
Date: Thu, 16 Jan 2025 08:02:26 +0000 (+0100)
Subject: Apply the same "fetch key after add" verification logic to import-zone-key*.
X-Git-Tag: dnsdist-2.0.0-alpha1~104^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=345edfbf55ba61a2d70ed1654e19bc6379779b34;p=thirdparty%2Fpdns.git

Apply the same "fetch key after add" verification logic to import-zone-key*.
---

diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc
index 67e23192c7..ca0f1c8958 100644
--- a/pdns/pdnsutil.cc
+++ b/pdns/pdnsutil.cc
@@ -2899,6 +2899,26 @@ static int unpublishZoneKey(vector<string>& cmds)
   return 0;
 }
 
+static int checkZoneKey(DNSSECKeeper &dsk, DNSName &zone, int64_t keyId)
+{
+  if (keyId == -1) {
+    cerr<<std::to_string(keyId)<<": Key was added, but backend does not support returning of key id"<<endl;
+    return 0;
+  }
+  if (keyId < -1) {
+    cerr<<std::to_string(keyId)<<": Key was added, but there was a failure while returning the key id"<<endl;
+    return 1;
+  }
+  try {
+    dsk.getKeyById(zone, keyId);
+    cout<<std::to_string(keyId)<<endl;
+  } catch (std::exception& exc) {
+    cerr<<std::to_string(keyId)<<": Key was added, but there was a failure while reading it back: " <<exc.what()<<endl;
+    return 1;
+  }
+  return 0;
+}
+
 static int addZoneKey(vector<string>& cmds)
 {
   if(cmds.size() < 3 ) {
@@ -2971,21 +2991,7 @@ static int addZoneKey(vector<string>& cmds)
   if (bits != 0) {
     cerr<<"Requested specific key size of "<<bits<<" bits"<<endl;
   }
-  if (id == -1) {
-    cerr<<std::to_string(id)<<": Key was added, but backend does not support returning of key id"<<endl;
-  } else if (id < -1) {
-    cerr<<std::to_string(id)<<": Key was added, but there was a failure while returning the key id"<<endl;
-    return 1;
-  } else {
-    try {
-      dk.getKeyById(zone, id);
-      cout<<std::to_string(id)<<endl;
-    } catch (std::exception& e) {
-      cerr<<std::to_string(id)<<": Key was added, but there was a failure while reading it back: " <<e.what()<<endl;
-      return 1;
-    }
-  }
-  return 0;
+  return checkZoneKey(dk, zone, id);
 }
 
 static int removeZoneKey(vector<string>& cmds)
@@ -3567,7 +3573,7 @@ static int importZoneKeyPEM(vector<string>& cmds)
     return 1;
   }
 
-  const string zone = cmds.at(1);
+  DNSName zone(cmds.at(1));
   const string filename = cmds.at(2);
   const auto algorithm = pdns::checked_stoi<unsigned int>(cmds.at(3));
 
@@ -3615,21 +3621,11 @@ static int importZoneKeyPEM(vector<string>& cmds)
 
   DNSSECKeeper dk; //NOLINT(readability-identifier-length)
   int64_t id{-1}; // NOLINT(readability-identifier-length)
-  if (!dk.addKey(DNSName(zone), dpk, id)) {
+  if (!dk.addKey(zone, dpk, id)) {
     cerr << "Adding key failed, perhaps DNSSEC not enabled in configuration?" << endl;
     return 1;
   }
-
-  if (id == -1) {
-    cerr << std::to_string(id) << "Key was added, but backend does not support returning of key id" << endl;
-    }
-  else if (id < -1) {
-    cerr << std::to_string(id) << "Key was added, but there was a failure while returning the key id" << endl;
-  }
-  else {
-    cout << std::to_string(id) << endl;
-  }
-  return 0;
+  return checkZoneKey(dk, zone, id);
 }
 
 static int importZoneKey(vector<string>& cmds)
@@ -3638,7 +3634,7 @@ static int importZoneKey(vector<string>& cmds)
     cerr<<"Syntax: pdnsutil import-zone-key ZONE FILE [ksk|zsk] [active|inactive]"<<endl;
     return 1;
   }
-  string zone = cmds.at(1);
+  DNSName zone(cmds.at(1));
   string fname = cmds.at(2);
   DNSKEYRecordContent drc;
   shared_ptr<DNSCryptoKeyEngine> key(DNSCryptoKeyEngine::makeFromISCFile(drc, fname.c_str()));
@@ -3681,18 +3677,11 @@ static int importZoneKey(vector<string>& cmds)
 
   DNSSECKeeper dk; //NOLINT(readability-identifier-length)
   int64_t id{-1}; // NOLINT(readability-identifier-length)
-  if (!dk.addKey(DNSName(zone), dpk, id, active, published)) {
+  if (!dk.addKey(zone, dpk, id, active, published)) {
     cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
     return 1;
   }
-  if (id == -1) {
-    cerr<<std::to_string(id)<<"Key was added, but backend does not support returning of key id"<<endl;
-  } else if (id < -1) {
-    cerr<<std::to_string(id)<<"Key was added, but there was a failure while returning the key id"<<endl;
-  } else {
-    cout<<std::to_string(id)<<endl;
-  }
-  return 0;
+  return checkZoneKey(dk, zone, id);
 }
 
 static int expotZoneDNSKey(vector<string>& cmds)