37 #include "clientpipe.h" 40 #include "libhsmdns.h" 47 static const char *module_str =
"keystate_export_cmd";
56 get_dnskey(
const char *
id,
const char *
zone,
const char *keytype,
int alg, uint32_t ttl)
59 hsm_sign_params_t *sign_params;
62 hsm_ctx_t *hsm_ctx = hsm_create_context();
67 if (!(key = hsm_find_key_by_id(hsm_ctx,
id))) {
68 hsm_destroy_context(hsm_ctx);
74 sign_params = hsm_sign_params_new();
75 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone);
76 sign_params->algorithm = (ldns_algorithm) alg;
77 sign_params->flags = LDNS_KEY_ZONE_KEY;
79 if (keytype && !strcasecmp(keytype,
"KSK"))
80 sign_params->flags = sign_params->flags | LDNS_KEY_SEP_KEY;
83 dnskey_rr = hsm_get_dnskey(hsm_ctx, key, sign_params);
86 hsm_sign_params_free(sign_params);
87 hsm_destroy_context(hsm_ctx);
90 if (ttl) ldns_rr_set_ttl(dnskey_rr, ttl);
106 print_ds_from_id(
int sockfd,
key_data_t *key,
const char *zone,
107 const char* state,
int bind_style)
119 if (!locator)
return 1;
128 if (!dnskey_rr)
return 1;
132 ds_sha_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
133 rrstr = ldns_rr2str(ds_sha_rr);
134 ldns_rr_free(ds_sha_rr);
136 (void)client_printf(sockfd,
";%s %s DS record (SHA1):\n%s", state,
key_data_role_text(key), rrstr);
139 ds_sha_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA256);
140 rrstr = ldns_rr2str(ds_sha_rr);
141 ldns_rr_free(ds_sha_rr);
143 (void)client_printf(sockfd,
";%s %s DS record (SHA256):\n%s", state,
key_data_role_text(key), rrstr);
146 rrstr = ldns_rr2str(dnskey_rr);
148 (void)client_printf(sockfd,
"%s", rrstr);
152 ldns_rr_free(dnskey_rr);
158 const char *zonename,
const char *keytype,
const char *keystate,
int all,
int bind_style)
164 const char *azonename = NULL;
177 ods_log_error(
"[%s] Error fetching from database", module_str);
184 client_printf_err(sockfd,
"Unable to get list of keys, memory allocation or database error!\n");
194 if (keystate && strcasecmp(
map_keystate(key), keystate)) {
198 if (!keytype && !keystate &&
209 ods_log_error(
"[%s] Error fetching from database", module_str);
210 client_printf_err(sockfd,
"Error fetching from database \n");
215 if (print_ds_from_id(sockfd, key, (
const char*)azonename?azonename:zonename, (
const char*)
map_keystate(key), bind_style)) {
217 client_printf_err(sockfd,
"Error in print_ds_from_id \n");
221 ods_log_error(
"[%s] Error fetching from database", module_str);
222 client_printf_err(sockfd,
"Error fetching from database \n");
236 client_printf(sockfd,
238 " --zone <zone> | --all aka -z | -a \n" 239 " [--keystate <state>] aka -e\n" 240 " [--keytype <type>] aka -t \n" 248 client_printf(sockfd,
249 "Export DNSKEY(s) for a given zone or all of them from the database.\n" 251 "zone|all name of the zone or all of them\n" 252 "keystate limit the output to a given state\n" 253 "keytype limit the output to a given type, can be ZSK, KSK, or CSK\n" 254 "ds export DS in BIND format which can be used for upload to a registry\n\n");
258 handles(
const char *cmd, ssize_t n)
268 char buf[ODS_SE_MAXLINE];
269 const char *argv[
NARGV];
271 const char *zonename = NULL;
272 const char* keytype = NULL;
273 const char* keystate = NULL;
282 strncpy(buf, cmd,
sizeof(buf));
283 buf[
sizeof(buf)-1] =
'\0';
286 argc = ods_str_explode(buf,
NARGV, argv);
290 client_printf_err(sockfd,
"too many arguments\n");
295 (void)ods_find_arg_and_param(&argc,argv,
"zone",
"z",&zonename);
296 (void)ods_find_arg_and_param(&argc, argv,
"keytype",
"t", &keytype);
297 (void)ods_find_arg_and_param(&argc, argv,
"keystate",
"e", &keystate);
298 all = ods_find_arg(&argc, argv,
"all",
"a") > -1 ? 1 : 0;
301 if (strcasecmp(keytype,
"KSK") && strcasecmp(keytype,
"ZSK") && strcasecmp(keytype,
"CSK")) {
302 ods_log_error(
"[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
303 client_printf_err(sockfd,
"unknown keytype, should be one of KSK, ZSK, or CSK\n");
309 if (strcasecmp(keystate,
"generate") && strcasecmp(keystate,
"publish") && strcasecmp(keystate,
"ready") && strcasecmp(keystate,
"active") && strcasecmp(keystate,
"retire") && strcasecmp(keystate,
"revoke")) {
311 client_printf_err(sockfd,
"unknown keystate\n");
316 if (ods_find_arg(&argc,argv,
"ds",
"d") >= 0) bds = 1;
321 client_printf_err(sockfd,
"unknown arguments\n");
325 if ((!zonename && !all) || (zonename && all)) {
327 client_printf_err(sockfd,
"expected either --zone or --all \n");
331 ods_log_error(
"[%s] Unknown zone: %s", module_str, zonename);
332 client_printf_err(sockfd,
"Unknown zone: %s\n", zonename);
339 if (keytype && !strcasecmp(keytype,
"ZSK") && !keystate)
342 else if (keystate && !keytype)
344 else if (keytype && !strcasecmp(keytype,
"KSK") && !keystate)
348 return perform_keystate_export(sockfd, dbconn, zonename, (
const char*) keytype, (
const char*) keystate, all, bds?1:0);
const char * key_data_role_text(const key_data_t *key_data)
void ods_log_debug(const char *format,...)
db_clause_list_t * db_clause_list_new(void)
int key_data_list_get_by_clauses(key_data_list_t *key_data_list, const db_clause_list_t *clause_list)
key_data_list_t * key_data_list_new_get(const db_connection_t *connection)
const db_value_t * key_data_zone_id(const key_data_t *key_data)
int zone_get_by_id(zone_t *zone, const db_value_t *id)
int(* run)(int sockfd, struct engine_struct *engine, const char *cmd, ssize_t n, db_connection_t *dbconn)
void ods_log_error(const char *format,...)
key_data_t * key_data_list_get_next(key_data_list_t *key_data_list)
void zone_free(zone_t *zone)
void db_clause_list_free(db_clause_list_t *clause_list)
void(* usage)(int sockfd)
db_clause_t * key_data_zone_id_clause(db_clause_list_t *clause_list, const db_value_t *zone_id)
zone_t * zone_new(const db_connection_t *connection)
int key_data_cache_key_states(key_data_t *key_data)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
zone_t * zone_new_get_by_name(const db_connection_t *connection, const char *name)
key_data_list_t * key_data_list_new(const db_connection_t *connection)
struct cmd_func_block * key_export_funcblock(void)
unsigned int key_state_ttl(const key_state_t *key_state)
const char * zone_name(const zone_t *zone)
const char * map_keystate(key_data_t *key)
const key_state_t * key_data_cached_ds(key_data_t *key_data)
int key_data_cache_hsm_key(key_data_t *key_data)
void key_data_list_free(key_data_list_t *key_data_list)
const key_state_t * key_data_cached_dnskey(key_data_t *key_data)
void key_data_free(key_data_t *key_data)
const db_value_t * zone_id(const zone_t *zone)
const hsm_key_t * key_data_hsm_key(const key_data_t *key_data)
unsigned int key_data_algorithm(const key_data_t *key_data)
int(* handles)(const char *cmd, ssize_t n)