From: Pieter Lexis Date: Mon, 18 Sep 2017 07:28:59 +0000 (+0200) Subject: auth API: use default options for cryptokeys X-Git-Tag: rec-4.1.0-rc1~32^2~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43215ca6663fcd7ee0367a7d1884964772e47e49;p=thirdparty%2Fpdns.git auth API: use default options for cryptokeys --- diff --git a/docs/http-api/endpoint-cryptokeys.rst b/docs/http-api/endpoint-cryptokeys.rst index 0a7a98eaf6..ffb7fc61e1 100644 --- a/docs/http-api/endpoint-cryptokeys.rst +++ b/docs/http-api/endpoint-cryptokeys.rst @@ -17,6 +17,11 @@ These endpoints allow for the manipulation of DNSSEC crypto material. This method adds a new key to a zone. The key can either be generated or imported by supplying the ``content`` parameter. + if ``content``, ``bits`` and ``algo`` are null, a key will be generated based + on the :ref:`setting-default-ksk-algorithm` and :ref:`setting-default-ksk-size` + sttings for a KSK and the :ref:`setting-default-zsk-algorithm` and :ref:`setting-default-zsk-size` + options for a ZSK. + :param server_id: The name of the server :param zone_id: The id value of the :json:object:`Zone` :reqjson string content: The private key to use (The format used is compatible with BIND and NSD/LDNS) diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index 5e2576719f..791c9fb335 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -836,7 +836,7 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon int64_t insertedId; if (content.is_null()) { - int bits = 0; + int bits = keyOrZone ? ::arg().asNum("default-ksk-size") : ::arg().asNum("default-zsk-size"); auto docbits = document["bits"]; if (!docbits.is_null()) { if (!docbits.is_number() || (fmod(docbits.number_value(), 1.0) != 0) || docbits.int_value() < 0) { @@ -845,7 +845,7 @@ static void apiZoneCryptokeysPOST(DNSName zonename, HttpRequest *req, HttpRespon bits = docbits.int_value(); } } - int algorithm = 13; // ecdsa256 + int algorithm = DNSSECKeeper::shorthand2algorithm(keyOrZone ? ::arg()["default-ksk-algorithm"] : ::arg()["default-zsk-algorithm"]); auto providedAlgo = document["algo"]; if (providedAlgo.is_string()) { algorithm = DNSSECKeeper::shorthand2algorithm(providedAlgo.string_value());