From: Chris Hofstaedtler <chris.hofstaedtler@deduktiva.com>
Date: Sat, 12 Aug 2023 11:40:06 +0000 (+0200)
Subject: API Auth: extract addDefaultDNSSECKeys out of updateDomainSettingsFromDocument
X-Git-Tag: rec-5.0.0-alpha1~24^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ea32ea1a48eeeb936a3fa763d4ccbcd47275f75;p=thirdparty%2Fpdns.git

API Auth: extract addDefaultDNSSECKeys out of updateDomainSettingsFromDocument
---

diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index dfd6e627c1..6e0b25de27 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -618,6 +618,31 @@ static void throwUnableToSecure(const DNSName& zonename) {
       + "capable backends are loaded, or because the backends have DNSSEC disabled. Check your configuration.");
 }
 
+/*
+ * Add KSK and ZSK to an existing zone. Algorithms and sizes will be chosen per configuration.
+*/
+static void addDefaultDNSSECKeys(DNSSECKeeper& dk, const DNSName& zonename) {
+  checkDefaultDNSSECAlgos();
+  int k_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
+  int z_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
+  int k_size = arg().asNum("default-ksk-size");
+  int z_size = arg().asNum("default-zsk-size");
+
+  if (k_algo != -1) {
+    int64_t id;
+    if (!dk.addKey(zonename, true, k_algo, id, k_size)) {
+      throwUnableToSecure(zonename);
+    }
+  }
+
+  if (z_algo != -1) {
+    int64_t id;
+    if (!dk.addKey(zonename, false, z_algo, id, z_size)) {
+      throwUnableToSecure(zonename);
+    }
+  }
+}
+
 static void extractDomainInfoFromDocument(const Json& document, boost::optional<DomainInfo::DomainKind>& kind, boost::optional<vector<ComboAddress>>& masters, boost::optional<DNSName>& catalog, boost::optional<string>& account)
 {
   if (document["kind"].is_string()) {
@@ -737,26 +762,7 @@ static void updateDomainSettingsFromDocument(UeberBackend& B, DomainInfo& di, co
   if (dnssecInJSON) {
     if (dnssecDocVal) {
       if (!isDNSSECZone) {
-        checkDefaultDNSSECAlgos();
-
-        int k_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-ksk-algorithm"]);
-        int z_algo = DNSSECKeeper::shorthand2algorithm(::arg()["default-zsk-algorithm"]);
-        int k_size = arg().asNum("default-ksk-size");
-        int z_size = arg().asNum("default-zsk-size");
-
-        if (k_algo != -1) {
-          int64_t id;
-          if (!dk.addKey(zonename, true, k_algo, id, k_size)) {
-            throwUnableToSecure(zonename);
-          }
-        }
-
-        if (z_algo != -1) {
-          int64_t id;
-          if (!dk.addKey(zonename, false, z_algo, id, z_size)) {
-            throwUnableToSecure(zonename);
-          }
-        }
+        addDefaultDNSSECKeys(dk, zonename);
 
         // Used later for NSEC3PARAM
         isDNSSECZone = dk.isSecuredZone(zonename);