dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
dns_rdatatype_t rdtype, const dns_name_t *keyname,
isc_buffer_t *databuf) {
- isc_result_t result;
- dns_keytable_t *secroots = NULL;
- dns_name_t *name = NULL;
- char rdatabuf[DST_KEY_MAXSIZE];
- unsigned char digest[ISC_MAX_MD_SIZE];
- dns_rdata_ds_t ds;
- dns_rdata_t rdata;
- isc_buffer_t b;
-
REQUIRE(DNS_CLIENT_VALID(client));
REQUIRE(rdclass == dns_rdataclass_in);
- CHECK(dns_view_getsecroots(client->view, &secroots));
-
- DE_CONST(keyname, name);
-
- if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
- result = ISC_R_NOTIMPLEMENTED;
- goto cleanup;
- }
-
- isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
- dns_rdata_init(&rdata);
- isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
- CHECK(dns_rdata_fromwire(&rdata, rdclass, rdtype, databuf,
- DNS_DECOMPRESS_NEVER, &b));
-
- if (rdtype == dns_rdatatype_ds) {
- CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
- } else {
- CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
- digest, &ds));
- }
-
- CHECK(dns_keytable_add(secroots, false, false, name, &ds, NULL, NULL));
-
-cleanup:
- if (secroots != NULL) {
- dns_keytable_detach(&secroots);
- }
- return (result);
+ return (dns_view_addtrustedkey(client->view, rdtype, keyname, databuf));
}
dns_rdatatype_t rdtype, const dns_name_t *keyname,
isc_buffer_t *keydatabuf);
/*%<
- * Add a DNSSEC trusted key for the 'rdclass' class. A view for the 'rdclass'
- * class must be created beforehand. 'rdtype' is the type of the RR data
- * for the key, either DNSKEY or DS. 'keyname' is the DNS name of the key,
- * and 'keydatabuf' stores the RR data.
+ * Add a DNSSEC trusted key for the 'rdclass' class (only class 'IN' is
+ * currently supported). A view for the 'rdclass' class must be created
+ * beforehand. 'rdtype' is the type of the RR data for the key, either
+ * DNSKEY or DS. 'keyname' is the DNS name of the key, and 'keydatabuf'
+ * stores the RR data.
*
* Requires:
*
* by the resolver and request managers to send and receive DNS
* messages.
*/
+
+isc_result_t
+dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
+ const dns_name_t *keyname, isc_buffer_t *databuf);
+/*%<
+ * Add a DNSSEC trusted key to a view of class 'IN'. 'rdtype' is the type
+ * of the RR data for the key, either DNSKEY or DS. 'keyname' is the DNS
+ * name of the key, and 'databuf' stores the RR data.
+
+ * Requires:
+ *
+ *\li 'view' is a valid view.
+
+ *\li 'view' is class 'IN'.
+ *
+ *\li 'keyname' is a valid name.
+ *
+ *\li 'keydatabuf' is a valid buffer.
+ *
+ * Returns:
+ *
+ *\li #ISC_R_SUCCESS On success.
+ *
+ *\li Anything else Failure.
+ */
ISC_LANG_ENDDECLS
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/lex.h>
+#include <isc/md.h>
#include <isc/result.h>
#include <isc/stats.h>
#include <isc/string.h>
REQUIRE(DNS_VIEW_VALID(view));
return (view->dispatchmgr);
}
+
+isc_result_t
+dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
+ const dns_name_t *keyname, isc_buffer_t *databuf) {
+ isc_result_t result;
+ dns_name_t *name = NULL;
+ char rdatabuf[DST_KEY_MAXSIZE];
+ unsigned char digest[ISC_MAX_MD_SIZE];
+ dns_rdata_ds_t ds;
+ dns_rdata_t rdata;
+ isc_buffer_t b;
+
+ REQUIRE(DNS_VIEW_VALID(view));
+ REQUIRE(view->rdclass == dns_rdataclass_in);
+
+ DE_CONST(keyname, name);
+
+ if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
+ result = ISC_R_NOTIMPLEMENTED;
+ goto cleanup;
+ }
+
+ isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
+ dns_rdata_init(&rdata);
+ isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
+ CHECK(dns_rdata_fromwire(&rdata, view->rdclass, rdtype, databuf,
+ DNS_DECOMPRESS_NEVER, &b));
+
+ if (rdtype == dns_rdatatype_ds) {
+ CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
+ } else {
+ CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
+ digest, &ds));
+ }
+
+ CHECK(dns_keytable_add(view->secroots_priv, false, false, name, &ds,
+ NULL, NULL));
+
+cleanup:
+ return (result);
+}