From: Aki Tuomi <cmouse@cmouse.fi>
Date: Sun, 29 Mar 2015 18:04:45 +0000 (+0300)
Subject: Make sure they key isn't being reused
X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~98^2~33^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=629b6616aa4fcc2585d9bc1877eba8e05f558783;p=thirdparty%2Fpdns.git

Make sure they key isn't being reused
---

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 8c0e85cdfb..2a30210cec 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -2076,6 +2076,7 @@ try
     if (cmds[1] == "assign") {
       DNSCryptoKeyEngine::storvector_t storvect;
       DomainInfo di;
+      std::vector<DNSBackend::KeyData> keys;
 
       if (cmds.size() < 9) {
         std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module slot pin label" << std::endl;
@@ -2111,6 +2112,23 @@ try
      dpk.d_flags = (keyOrZone ? 257 : 256);
      dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
  
+     // make sure this key isn't being reused.
+     B.getDomainKeys(zone, 0, keys);
+     id = -1;
+
+     BOOST_FOREACH(DNSBackend::KeyData& kd, keys) {
+       if (kd.content == iscString.str()) {
+         // it's this one, I guess...
+         id = kd.id;
+         break;
+       }
+     }
+
+     if (id > -1) {
+       cerr << "You have already assigned this key with ID=" << id << std::endl;
+       return 1;
+     }
+
      if (!(id = dk.addKey(zone, dpk))) {
        cerr << "Unable to assign module slot to zone" << std::endl;
        return 1;
@@ -2118,8 +2136,6 @@ try
 
      // figure out key id.
 
-     std::vector<DNSBackend::KeyData> keys;
-
      B.getDomainKeys(zone, 0, keys);
 
      // validate which one got the key...