A small keymgr change

If we are updating the lifetime, and it was not set before, also set/update the Retired and Removed timing metadata.
2025-03-04 08:19:43 +01:00
parent 4788bf948c
commit b87ce7f331
2 changed files with 3 additions and 7 deletions
--- a/bin/tests/system/kasp/ns3/setup.sh
+++ b/bin/tests/system/kasp/ns3/setup.sh
@@ -314,6 +314,7 @@ private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$ZSK" >>"$infile"
 cp $infile $zonefile
 $SIGNER -PS -x -s now-2w -e now-1mi -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
 $SETTIME -s -g HIDDEN "$ZSK" >settime.out.$zone.3 2>&1
+echo "Lifetime: 31536000" >>"${ZSK}".state # PT1Y
 # An old key that is being purged should not prevent keymgr to be run.
 T1="now-1y"
 T2="now-2y"
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -387,7 +387,7 @@ keymgr_key_retire(dns_dnsseckey_t *key, dns_kasp_t *kasp, isc_stdtime_t now) {
 static void
 keymgr_key_update_lifetime(dns_dnsseckey_t *key, dns_kasp_t *kasp,
 			   isc_stdtime_t now, uint32_t lifetime) {
-	uint32_t l;
+	uint32_t l = 0;
 	dst_key_state_t g = HIDDEN;
 	isc_result_t r;

@@ -395,12 +395,7 @@ keymgr_key_update_lifetime(dns_dnsseckey_t *key, dns_kasp_t *kasp,
 	r = dst_key_getnum(key->key, DST_NUM_LIFETIME, &l);
 	/* Initialize lifetime. */
 	if (r != ISC_R_SUCCESS) {
-		dst_key_setnum(key->key, DST_NUM_LIFETIME, lifetime);
-		return;
-	}
-	/* Skip keys that are still hidden or already retiring. */
-	if (g != OMNIPRESENT) {
-		return;
+		l = lifetime - 1;
 	}
 	/* Update lifetime and timing metadata. */
 	if (l != lifetime) {