Add function to see if dst key uses kasp

For purposes of zones transitioning back to insecure mode, it is
practical to see if related keys have a state file associated.

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 215a133a69ab64fae93cb093ce7db129bb23bce3..a501d0be11f25d3c34f477ccf2abaf1328221df9 100644 (file)
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -649,12 +649,14 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
                                   filename, ".state");
                INSIST(result == ISC_R_SUCCESS);
 
+               key->kasp = false;
                result = dst_key_read_state(newfilename, mctx, &key);
-               if (result == ISC_R_FILENOTFOUND) {
+               if (result == ISC_R_SUCCESS) {
+                       key->kasp = true;
+               } else if (result == ISC_R_FILENOTFOUND) {
                        /* Having no state is valid. */
                        result = ISC_R_SUCCESS;
                }
-
                isc_mem_put(mctx, newfilename, newfilenamelen);
                newfilename = NULL;
                RETERR(result);
@@ -2600,6 +2602,8 @@ dst_key_goal(dst_key_t *key) {
        dst_key_state_t state;
        isc_result_t result;
 
+       REQUIRE(VALID_KEY(key));
+
        result = dst_key_getstate(key, DST_KEY_GOAL, &state);
        if (result == ISC_R_SUCCESS) {
                return (state);
@@ -2607,6 +2611,13 @@ dst_key_goal(dst_key_t *key) {
        return (DST_KEY_STATE_HIDDEN);
 }
 
+bool
+dst_key_haskasp(dst_key_t *key) {
+       REQUIRE(VALID_KEY(key));
+
+       return (key->kasp);
+}
+
 void
 dst_key_copy_metadata(dst_key_t *to, dst_key_t *from) {
        dst_key_state_t state;

diff --git a/lib/dns/dst_internal.h b/lib/dns/dst_internal.h
index b40107880d0e4b9f71e7b8662695ee6d117bbba2..43ab84ab15e59677bf6323c43c36ab35c96f61b4 100644 (file)
--- a/lib/dns/dst_internal.h
+++ b/lib/dns/dst_internal.h
@@ -123,6 +123,7 @@ struct dst_key {
        bool keystateset[DST_MAX_KEYSTATES + 1];          /*%< data
                                                           * set? */
 
+       bool kasp;     /*%< key has kasp state */
        bool inactive; /*%< private key not present as it is
                        * inactive */
        bool external; /*%< external key */

diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index 5ae0f87be917c06928779351b415e111ab9ab8b5..010bc99a3953a40922b50a1b0fe249d53433c085 100644 (file)
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -1103,6 +1103,15 @@ dst_key_isexternal(dst_key_t *key);
  *     'key' to be valid.
  */
 
+bool
+dst_key_haskasp(dst_key_t *key);
+/*%<
+ * Check if this key has state (and thus uses KASP).
+ *
+ * Requires:
+ *     'key' to be valid.
+ */
+
 bool
 dst_key_is_unused(dst_key_t *key);
 /*%<

diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in
index 4f88cbb98f14542e0dd1d34694692e79dd0eec3e..6e723fe2b8ac03decf8fb6c034dbb458257b4d4f 100644 (file)
--- a/lib/dns/win32/libdns.def.in
+++ b/lib/dns/win32/libdns.def.in
@@ -1452,6 +1452,7 @@ dst_key_getstate
 dst_key_gettime
 dst_key_getttl
 dst_key_goal
+dst_key_haskasp
 dst_key_id
 dst_key_is_active
 dst_key_is_published