fatal("failed to load dnssec-policy '%s'",
ctx.policy);
}
- if (ISC_LIST_EMPTY(kasp->keys)) {
+ if (ISC_LIST_EMPTY(dns_kasp_keys(kasp))) {
fatal("dnssec-policy '%s' has no keys "
"configured", ctx.policy);
}
ctx.ttl = dns_kasp_dnskeyttl(kasp);
ctx.setttl = true;
- kaspkey = ISC_LIST_HEAD(kasp->keys);
+ kaspkey = ISC_LIST_HEAD(dns_kasp_keys(kasp));
while (kaspkey != NULL) {
ctx.use_nsec3 = false;
*\li signature refresh interval.
*/
+void
+dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set signature refresh interval.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_sigvalidity(dns_kasp_t *kasp);
uint32_t
*\li signature validity.
*/
+void
+dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value);
+void
+dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set signature validity.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
dns_ttl_t
dns_kasp_dnskeyttl(dns_kasp_t *kasp);
/*%<
- * Get dnskey ttl.
+ * Get DNSKEY TTL.
*
* Requires:
*
*\li DNSKEY TTL.
*/
+void
+dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl);
+/*%<
+ * Set DNSKEY TTL.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp);
/*%<
*\li Publish safety interval.
*/
+void
+dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set publish safety interval.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_retiresafety(dns_kasp_t *kasp);
/*%<
*\li Retire safety interval.
*/
+void
+dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set retire safety interval.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
dns_ttl_t
dns_kasp_zonemaxttl(dns_kasp_t *kasp);
/*%<
*\li Maximum zone TTL.
*/
+void
+dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl);
+/*%<
+ * Set maximum zone TTL.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp);
/*%<
*\li Zone propagation delay.
*/
+void
+dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set zone propagation delay.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
dns_ttl_t
dns_kasp_dsttl(dns_kasp_t *kasp);
/*%<
*\li Expected parent DS TTL.
*/
+void
+dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl);
+/*%<
+ * Set DS TTL.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp);
/*%<
*\li Parent zone propagation delay.
*/
+void
+dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set parent propagation delay.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
uint32_t
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp);
/*%<
*\li Parent registration delay.
*/
+void
+dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value);
+/*%<
+ * Set parent registration delay.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ */
+
isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
/*%<
*\li #ISC_R_NOTFOUND No matching kasp was found.
*/
+dns_kasp_keylist_t
+dns_kasp_keys(dns_kasp_t *kasp);
+/*%<
+ * Get the list of kasp keys.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, frozen kasp.
+ *
+ * Returns:
+ *
+ *\li #ISC_R_SUCCESS
+ *\li #ISC_R_NOMEMORY
+ *
+ *\li Other errors are possible.
+ */
+
+bool
+dns_kasp_keylist_empty(dns_kasp_t *kasp);
+/*%<
+ * Check if the keylist is empty.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid kasp.
+ *
+ * Returns:
+ *
+ *\li true if the keylist is empty, false otherwise.
+ */
+
+void
+dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key);
+/*%<
+ * Add a key.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, thawed kasp.
+ *\li 'key' is not NULL.
+ */
+
isc_result_t
-dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp);
+dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp);
/*%<
* Create a key inside a KASP.
*
* Requires:
*
- *\li 'mctx' is a valid memory context.
+ *\li 'kasp' is a valid kasp.
*
*\li keyp != NULL && *keyp == NULL
*
return (kasp->signatures_refresh);
}
+void
+dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->signatures_refresh = value;
+}
+
uint32_t
dns_kasp_sigvalidity(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->signatures_validity);
}
+void
+dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->signatures_validity = value;
+}
+
uint32_t
dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->signatures_validity_dnskey);
}
+void
+dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->signatures_validity = value;
+}
+
dns_ttl_t
dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->dnskey_ttl);
}
+void
+dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->dnskey_ttl = ttl;
+}
+
uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->publish_safety);
}
+void
+dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->publish_safety = value;
+}
+
uint32_t
dns_kasp_retiresafety(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->retire_safety);
}
+void
+dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->retire_safety = value;
+}
+
dns_ttl_t
dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->zone_max_ttl);
}
+void
+dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->zone_max_ttl = ttl;
+}
+
uint32_t
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->zone_propagation_delay);
}
+void
+dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->zone_propagation_delay = value;
+}
+
dns_ttl_t
dns_kasp_dsttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->parent_ds_ttl);
}
+void
+dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->parent_ds_ttl = ttl;
+}
+
uint32_t
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->parent_propagation_delay);
}
+void
+dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->parent_propagation_delay = value;
+}
+
uint32_t
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
return (kasp->parent_registration_delay);
}
+void
+dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ kasp->parent_registration_delay = value;
+}
+
isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
{
return (ISC_R_SUCCESS);
}
+dns_kasp_keylist_t
+dns_kasp_keys(dns_kasp_t *kasp)
+{
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(kasp->frozen);
+ return (kasp->keys);
+}
+
+bool
+dns_kasp_keylist_empty(dns_kasp_t *kasp)
+{
+ REQUIRE(DNS_KASP_VALID(kasp));
+ return (ISC_LIST_EMPTY(kasp->keys));
+}
+
+void
+dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key)
+{
+ REQUIRE(DNS_KASP_VALID(kasp));
+ REQUIRE(!kasp->frozen);
+ REQUIRE(key != NULL);
+
+ ISC_LIST_APPEND(kasp->keys, key, link);
+}
+
isc_result_t
-dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp)
+dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp)
{
dns_kasp_key_t *key;
+ REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(keyp != NULL && *keyp == NULL);
- key = isc_mem_get(mctx, sizeof(*key));
+ key = isc_mem_get(kasp->mctx, sizeof(*key));
key->mctx = NULL;
- isc_mem_attach(mctx, &key->mctx);
+ isc_mem_attach(kasp->mctx, &key->mctx);
ISC_LINK_INIT(key, link);
}
/* Create keys according to the policy, if come in short. */
- for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL;
+ for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
kkey = ISC_LIST_NEXT(kkey, link))
{
isc_stdtime_t retire = 0, active = 0, prepub = 0;
dns_journal_set_sourceserial
dns_journal_write_transaction
dns_journal_writediff
+dns_kasp_addkey
dns_kasp_attach
dns_kasp_create
dns_kasp_detach
dns_kasp_key_lifetime
dns_kasp_key_size
dns_kasp_key_zsk
+dns_kasp_keylist_empty
+dns_kasp_keys
dns_kasp_parentpropagationdelay
dns_kasp_parentregistrationdelay
dns_kasp_publishsafety
dns_kasp_retiresafety
+dns_kasp_setdnskeyttl
+dns_kasp_setdsttl
+dns_kasp_setparentpropagationdelay
+dns_kasp_setparentregistrationdelay
+dns_kasp_setpublishsafety
+dns_kasp_setretiresafety
+dns_kasp_setsigrefresh
+dns_kasp_setsigvalidity
+dns_kasp_setsigvalidity_dnskey
+dns_kasp_setzonemaxttl
+dns_kasp_setzonepropagationdelay
dns_kasp_signdelay
dns_kasp_sigrefresh
dns_kasp_sigvalidity
int zsk_count = 0;
bool approved;
- for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL;
+ for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
kkey = ISC_LIST_NEXT(kkey, link))
{
if (dns_kasp_key_algorithm(kkey) != dst_key_alg(key)) {
dns_kasp_key_t *key = NULL;
/* Create a new key reference. */
- result = dns_kasp_key_create(kasp->mctx, &key);
+ result = dns_kasp_key_create(kasp, &key);
if (result != ISC_R_SUCCESS) {
return (result);
}
key->length = cfg_obj_asuint32(obj);
}
}
- ISC_LIST_APPEND(kasp->keys, key, link);
- ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys)));
+ dns_kasp_addkey(kasp, key);
return (result);
}
maps[i] = NULL;
/* Configuration: Signatures */
- kasp->signatures_refresh = get_duration(
- maps, "signatures-refresh", DNS_KASP_SIG_REFRESH);
- kasp->signatures_validity = get_duration(
- maps, "signatures-validity", DNS_KASP_SIG_VALIDITY);
- kasp->signatures_validity_dnskey = get_duration(
- maps, "signatures-validity-dnskey",
- DNS_KASP_SIG_VALIDITY_DNSKEY);
+ dns_kasp_setsigrefresh(kasp, get_duration(maps, "signatures-refresh",
+ DNS_KASP_SIG_REFRESH));
+ dns_kasp_setsigvalidity(kasp, get_duration(maps, "signatures-validity",
+ DNS_KASP_SIG_VALIDITY));
+ dns_kasp_setsigvalidity_dnskey(kasp, get_duration(maps,
+ "signatures-validity-dnskey",
+ DNS_KASP_SIG_VALIDITY_DNSKEY));
/* Configuration: Keys */
- kasp->dnskey_ttl = get_duration(maps, "dnskey-ttl", DNS_KASP_KEY_TTL);
- kasp->publish_safety = get_duration(maps, "publish-safety",
- DNS_KASP_PUBLISH_SAFETY);
- kasp->retire_safety = get_duration(maps, "retire-safety",
- DNS_KASP_RETIRE_SAFETY);
+ dns_kasp_setdnskeyttl(kasp, get_duration(maps, "dnskey-ttl",
+ DNS_KASP_KEY_TTL));
+ dns_kasp_setpublishsafety(kasp, get_duration(maps, "publish-safety",
+ DNS_KASP_PUBLISH_SAFETY));
+ dns_kasp_setretiresafety(kasp, get_duration(maps, "retire-safety",
+ DNS_KASP_RETIRE_SAFETY));
(void)confget(maps, "keys", &keys);
if (keys == NULL) {
}
}
}
- ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys)));
+ ISC_INSIST(!(dns_kasp_keylist_empty(kasp)));
/* Configuration: Zone settings */
- kasp->zone_max_ttl = get_duration(maps, "zone-max-ttl",
- DNS_KASP_ZONE_MAXTTL);
- kasp->zone_propagation_delay = get_duration(maps,
- "zone-propagation-delay",
- DNS_KASP_ZONE_PROPDELAY);
+ dns_kasp_setzonemaxttl(kasp, get_duration(maps, "zone-max-ttl",
+ DNS_KASP_ZONE_MAXTTL));
+ dns_kasp_setzonepropagationdelay(kasp, get_duration(maps,
+ "zone-propagation-delay",
+ DNS_KASP_ZONE_PROPDELAY));
/* Configuration: Parent settings */
- kasp->parent_ds_ttl = get_duration(maps, "parent-ds-ttl",
- DNS_KASP_DS_TTL);
- kasp->parent_propagation_delay = get_duration(
- maps,
+ dns_kasp_setdsttl(kasp, get_duration(maps, "parent-ds-ttl",
+ DNS_KASP_DS_TTL));
+ dns_kasp_setparentpropagationdelay(kasp, get_duration(maps,
"parent-propagation-delay",
- DNS_KASP_PARENT_PROPDELAY);
- kasp->parent_registration_delay = get_duration(
- maps,
+ DNS_KASP_PARENT_PROPDELAY));
+ dns_kasp_setparentregistrationdelay(kasp, get_duration(maps,
"parent-registration-delay",
- DNS_KASP_PARENT_REGDELAY);
+ DNS_KASP_PARENT_REGDELAY));
// TODO: Rest of the configuration
projects / thirdparty / bind9.git / commitdiff
