31 #include "cmdhandler.h"
37 #include "clientpipe.h"
40 #include "libhsmdns.h"
47 static const char *module_str =
"keystate_import_cmd";
52 const int ksk_mapping[5][4] = {{0,0,0,4},{0,1,1,4},{1,2,2,4},{1,2,2,4},{3,2,2,4}};
53 const int zsk_mapping[5][4] = {{4,0,4,0},{4,1,4,0},{4,2,4,1},{4,2,4,2},{4,2,4,3}};
57 static int max(
int a,
int b) {
return a>b?a:b; }
58 static int min(
int a,
int b) {
return a<b?a:b; }
63 const char *ckaid,
const char *rep,
const char *zonename,
64 int bits,
int alg,
int keytype,
unsigned int time)
69 libhsm_key_t *libhsmkey;
73 if (!(hsm_ctx = hsm_create_context())) {
76 if (!hsm_token_attached(hsm_ctx, rep)) {
77 if ((hsm_err = hsm_get_error(hsm_ctx))) {
78 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
79 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
83 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
84 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
86 hsm_destroy_context(hsm_ctx);
90 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
91 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
92 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
93 hsm_destroy_context(hsm_ctx);
96 libhsm_key_free(libhsmkey);
99 ods_log_error(
"[%s] Error: Already used this key with this locator: %s", module_str, ckaid);
100 client_printf_err(sockfd,
"Already used this key with this locator: %s\n", ckaid);
102 hsm_destroy_context(hsm_ctx);
119 ods_log_error(
"[%s] hsm key creation failed, database or memory error", module_str);
121 hsm_destroy_context(hsm_ctx);
125 ods_log_debug(
"[%s] hsm key with this locator %s is created successfully", module_str, ckaid);
127 hsm_destroy_context(hsm_ctx);
134 const char *ckaid,
const char *rep,
const char *zonename,
135 int alg,
int keystate,
int keytype,
unsigned int time,
int setmin,
db_value_t *hsmkey_id)
142 libhsm_key_t *libhsmkey;
146 if (!(hsm_ctx = hsm_create_context())) {
149 if (!hsm_token_attached(hsm_ctx, rep)) {
150 if ((hsm_err = hsm_get_error(hsm_ctx))) {
151 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
152 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
156 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
157 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
159 hsm_destroy_context(hsm_ctx);
163 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
164 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
165 client_printf_err(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
166 hsm_destroy_context(hsm_ctx);
169 libhsm_key_free(libhsmkey);
171 ods_log_error(
"[%s] Error: Cannot get hsmkey %s from database, database error", module_str, ckaid);
172 hsm_destroy_context(hsm_ctx);
175 if (hsm_keytag(ckaid, alg, keytype == 1 ? 1 : 0, &tag)) {
176 ods_log_error(
"[%s] Error: Keytag for this key %s is not correct", module_str, ckaid);
195 ods_log_error(
"[%s] key data creation failed, database or memory error", module_str);
198 hsm_destroy_context(hsm_ctx);
203 ods_log_debug(
"[%s] key data with this locator %s is created successfully", module_str, ckaid);
205 hsm_destroy_context(hsm_ctx);
213 const char *ckaid,
const char *rep,
const char *zonename,
214 int keystate,
int keytype,
unsigned int time,
db_value_t *hsmkeyid)
223 libhsm_key_t *libhsmkey;
227 if (!(hsm_ctx = hsm_create_context())) {
230 if (!hsm_token_attached(hsm_ctx, rep)) {
231 if ((hsm_err = hsm_get_error(hsm_ctx))) {
232 ods_log_error(
"[%s] Error: Unable to check for the repository %s, HSM error: %s", module_str, rep, hsm_err);
233 client_printf_err(sockfd,
"Unable to check for the repository %s, HSM error: %s\n", rep, hsm_err);
237 ods_log_error(
"[%s] Error: Unable to find repository %s in HSM", module_str, rep);
238 client_printf_err(sockfd,
"Unable to find repository %s in HSM\n", rep);
240 hsm_destroy_context(hsm_ctx);
244 if (!(libhsmkey = hsm_find_key_by_id(hsm_ctx, ckaid))) {
245 ods_log_error(
"[%s] Error: Unable to find the key with this locator: %s", module_str, ckaid);
246 client_printf(sockfd,
"Unable to find the key with this locator: %s\n", ckaid);
247 hsm_destroy_context(hsm_ctx);
250 libhsm_key_free(libhsmkey);
268 ods_log_error(
"[%s] key state creation for DS failed, database or memory error", module_str);
272 hsm_destroy_context(hsm_ctx);
286 ods_log_error(
"[%s] key state creation for DNSKEY failed, database or memory error", module_str);
290 hsm_destroy_context(hsm_ctx);
303 ods_log_error(
"[%s] key state creation for RRSIGDNSKEY failed, database or memory error", module_str);
307 hsm_destroy_context(hsm_ctx);
329 ods_log_error(
"[%s] key state creation for RRSIG failed, database or memory error", module_str);
333 hsm_destroy_context(hsm_ctx);
336 ods_log_debug(
"[%s] key state with this locator %s is created successfully", module_str, ckaid);
341 hsm_destroy_context(hsm_ctx);
351 client_printf(sockfd,
353 " --cka_id <CKA_ID> aka -k\n"
354 " --repository <repository> aka -r\n"
355 " --zone <zone> aka -z\n"
356 " --bits <size> aka -b\n"
357 " --algorithm <algorithm> aka -g\n"
358 " --keystate <state> aka -e\n"
359 " --keytype <type> aka -t\n"
360 " --inception_time <time> aka -w\n"
367 client_printf(sockfd,
368 "Add a key which was created outside of the OpenDNSSEC into the enforcer database.\n"
370 "cka_id specify the locator of the key\n"
371 "repository name of the repository which the key must be stored\n"
372 "zone name of the zone for which this key is to be used\n"
373 "bits key size in bits\n"
374 "algorithm algorithm number \n"
375 "keystate state of the key in which the key will be after import\n"
376 "keytype type of the key, KSK, ZSK or CSK\n"
377 "inception_time time of inception\n\n");
381 run(
int sockfd, cmdhandler_ctx_type* context,
const char *cmd)
384 char buf[ODS_SE_MAXLINE];
385 const char *argv[
NARGV];
386 int argc = 0, long_index = 0, opt = 0;
387 const char *ckaid = NULL;
388 const char *repository = NULL;
389 const char *zonename = NULL;
390 const char *bits = NULL;
391 const char *algorithm = NULL;
392 const char* keytype = NULL;
393 const char* keystate = NULL;
394 const char *time = NULL;
396 time_t inception = 0;
403 static struct option long_options[] = {
404 {
"zone", required_argument, 0,
'z'},
405 {
"cka_id", required_argument, 0,
'k'},
406 {
"repository", required_argument, 0,
'r'},
407 {
"bits", required_argument, 0,
'b'},
408 {
"algorithm", required_argument, 0,
'g'},
409 {
"keytype", required_argument, 0,
't'},
410 {
"keystate", required_argument, 0,
'e'},
411 {
"inception_time", required_argument, 0,
'w'},
418 strncpy(buf, cmd,
sizeof(buf));
419 buf[
sizeof(buf)-1] =
'\0';
422 argc = ods_str_explode(buf,
NARGV, argv);
424 client_printf_err(sockfd,
"too many arguments\n");
425 ods_log_error(
"[%s] too many arguments for %s command",
431 while ((opt = getopt_long(argc, (
char*
const*)argv,
"z:k:r:b:g:t:e:w:", long_options, &long_index)) != -1) {
458 client_printf_err(sockfd,
"unknown arguments\n");
459 ods_log_error(
"[%s] unknown arguments for %s command",
466 if (strcasecmp(keytype,
"KSK") && strcasecmp(keytype,
"ZSK") && strcasecmp(keytype,
"CSK")) {
467 ods_log_error(
"[%s] unknown keytype, should be one of KSK, ZSK, or CSK", module_str);
468 client_printf_err(sockfd,
"unknown keytype, should be one of KSK, ZSK, or CSK\n");
473 ods_log_error(
"[%s] specify keytype for command %s", module_str, cmd);
474 client_printf_err(sockfd,
"specify keytype: ZSK, KSK or CSK\n");
479 if (strcasecmp(keystate,
"generate") && strcasecmp(keystate,
"publish") && strcasecmp(keystate,
"ready") && strcasecmp(keystate,
"active") && strcasecmp(keystate,
"retire") && strcasecmp(keystate,
"revoke")) {
480 ods_log_error(
"[%s] unknown keystate", module_str);
481 client_printf_err(sockfd,
"unknown keystate: states are generate, publish, ready, active or retire\n");
486 ods_log_error(
"[%s] specify keystate for command %s", module_str, cmd);
487 client_printf_err(sockfd,
"specify keystate: generate, publish, ready, active or retire\n");
493 client_printf_err(sockfd,
"expected --zone \n");
497 ods_log_error(
"[%s] Unknown zone: %s", module_str, zonename);
498 client_printf_err(sockfd,
"Unknown zone: %s\n", zonename);
505 ods_log_error(
"[%s] specify an algorithm for command %s", module_str, cmd);
506 client_printf_err(sockfd,
"specify an algorithm\n");
510 ods_log_error(
"[%s] specify bits for command %s", module_str, cmd);
511 client_printf_err(sockfd,
"specify bits\n");
515 ods_log_error(
"[%s] specify repository for command %s", module_str, cmd);
516 client_printf_err(sockfd,
"specify repository \n");
520 if (time && strptime(time,
"%Y-%m-%d-%H:%M:%S", &tm)) {
522 inception = mktime(&tm);
525 ods_log_error(
"[%s] specify inception time for command %s", module_str, cmd);
526 client_printf_err(sockfd,
"specify inception time YYYY-MM-DD-HH:MM:SS\n");
532 if (!strcasecmp(keystate,
"generate"))
534 else if (!strcasecmp(keystate,
"publish"))
536 else if (!strcasecmp(keystate,
"ready"))
538 else if (!strcasecmp(keystate,
"active"))
540 else if (!strcasecmp(keystate,
"retire"))
542 else if (!strcasecmp(keystate,
"revoke"))
546 if (!strcasecmp(keytype,
"KSK"))
548 else if (!strcasecmp(keytype,
"ZSK"))
550 else if (!strcasecmp(keytype,
"CSK"))
558 ods_log_error(
"Unable to get policyKey, database error!");
559 client_printf_err(sockfd,
"Unable to get policyKey, database error!\n");
565 ods_log_error(
"Error: the given algorithm in import command doesn't match the algorithm in kasp");
566 client_printf_err(sockfd,
"The given algorithm doesn't match the algorithm in kasp\n");
576 if (
perform_hsmkey_import(sockfd, dbconn, ckaid, repository, zonename, atoi(bits), atoi(algorithm), type, (
unsigned int)inception)
577 ||
perform_keydata_import(sockfd, dbconn, ckaid, repository, zonename, atoi(algorithm), state, type, (
unsigned int)inception, setmin, hsmkey_id)
578 ||
perform_keystate_import(sockfd, dbconn, ckaid, repository, zonename, state, type, (
unsigned int)inception, hsmkey_id)) {
579 ods_log_error(
"[%s] Error: Unable to add key to the database", module_str);
584 client_printf(sockfd,
"Key imported into zone %s\n", zonename);
589 "key import", &usage, &help, NULL, &run