Add dst_key_role function

Change the static function 'get_ksk_zsk' to a library function that
can be used to determine the role of a dst_key. Add checks if the
boolean parameters to store the role are not NULL. Rename to
'dst_key_role'.

diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
index 6a2e018517c8099b8d87dc7b5a7a2ba3208b7983..884537c2e417f32f4cfa4787ae2e101945184e78 100644 (file)
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -2372,20 +2372,31 @@ dst_key_is_unused(dst_key_t *key) {
        return (true);
 }
 
-static void
-get_ksk_zsk(dst_key_t *key, bool *ksk, bool *zsk) {
+isc_result_t
+dst_key_role(dst_key_t *key, bool *ksk, bool *zsk) {
        bool k = false, z = false;
+       isc_result_t result, ret = ISC_R_SUCCESS;
 
-       if (dst_key_getbool(key, DST_BOOL_KSK, &k) == ISC_R_SUCCESS) {
-               *ksk = k;
-       } else {
-               *ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0);
+       if (ksk != NULL) {
+               result = dst_key_getbool(key, DST_BOOL_KSK, &k);
+               if (result == ISC_R_SUCCESS) {
+                       *ksk = k;
+               } else {
+                       *ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0);
+                       ret = result;
+               }
        }
-       if (dst_key_getbool(key, DST_BOOL_ZSK, &z) == ISC_R_SUCCESS) {
-               *zsk = z;
-       } else {
-               *zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0);
+
+       if (zsk != NULL) {
+               result = dst_key_getbool(key, DST_BOOL_ZSK, &z);
+               if (result == ISC_R_SUCCESS) {
+                       *zsk = z;
+               } else {
+                       *zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0);
+                       ret = result;
+               }
        }
+       return (ret);
 }
 
 /* Hints on key whether it can be published and/or used for signing. */
@@ -2444,7 +2455,7 @@ dst_key_is_active(dst_key_t *key, isc_stdtime_t now) {
                time_ok = (when <= now);
        }
 
-       get_ksk_zsk(key, &ksk, &zsk);
+       (void)dst_key_role(key, &ksk, &zsk);
 
        /* Check key states:
         * KSK: If the DS is RUMOURED or OMNIPRESENT the key is considered
@@ -2505,7 +2516,7 @@ dst_key_is_signing(dst_key_t *key, int role, isc_stdtime_t now,
                time_ok = (when <= now);
        }
 
-       get_ksk_zsk(key, &ksk, &zsk);
+       (void)dst_key_role(key, &ksk, &zsk);
 
        /* Check key states:
         * If the RRSIG state is RUMOURED or OMNIPRESENT, it means the key

diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
index f219aa8e31652702017b3b25e0812fd5f734bcd8..2f9877be432fc345d8fab4aa6df4a1334797af4e 100644 (file)
--- a/lib/dns/include/dst/dst.h
+++ b/lib/dns/include/dst/dst.h
@@ -1180,6 +1180,15 @@ dst_key_goal(dst_key_t *key);
  *     'key' to be valid.
  */
 
+isc_result_t
+dst_key_role(dst_key_t *key, bool *ksk, bool *zsk);
+/*%<
+ * Get the key role. A key can have the KSK or the ZSK role, or both.
+ *
+ * Requires:
+ *     'key' to be valid.
+ */
+
 void
 dst_key_copy_metadata(dst_key_t *to, dst_key_t *from);
 /*%<