Store key store reference instead of name
When creating the kasp structure, instead of storing the name of the key store on keys, store a reference to the key store object instead. This requires to build the keystore list prior to creating the kasp structures, in the dnssec tools, the check code and the server code. We will create a builtin keystore called "key-directory" which means use the zone's key-directory as the key store. The check code changes, because now the keystore is looked up before creating the kasp structure (and if the keystore is not found, this is an error). Instead of looking up the keystore after all 'dnssec-policy' clauses have been read.
This commit is contained in:
Matthijs Mekking
@@ -256,13 +256,39 @@ progress(int p) {
|
||||
static void
|
||||
kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
|
||||
dns_kasp_t **kaspp) {
|
||||
isc_result_t result = ISC_R_NOTFOUND;
|
||||
const cfg_listelt_t *element;
|
||||
const cfg_obj_t *kasps = NULL;
|
||||
dns_kasp_t *kasp = NULL, *kasp_next;
|
||||
isc_result_t result = ISC_R_NOTFOUND;
|
||||
dns_kasplist_t kasplist;
|
||||
const cfg_obj_t *keystores = NULL;
|
||||
dns_keystore_t *ks = NULL, *ks_next;
|
||||
dns_keystorelist_t kslist;
|
||||
|
||||
ISC_LIST_INIT(kasplist);
|
||||
ISC_LIST_INIT(kslist);
|
||||
|
||||
(void)cfg_map_get(config, "key-store", &keystores);
|
||||
for (element = cfg_list_first(keystores); element != NULL;
|
||||
element = cfg_list_next(element))
|
||||
{
|
||||
cfg_obj_t *kconfig = cfg_listelt_value(element);
|
||||
ks = NULL;
|
||||
result = cfg_keystore_fromconfig(kconfig, mctx, lctx, &kslist,
|
||||
&ks);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
fatal("failed to configure key-store '%s': %s",
|
||||
cfg_obj_asstring(cfg_tuple_get(kconfig, "name")),
|
||||
isc_result_totext(result));
|
||||
}
|
||||
INSIST(ks != NULL);
|
||||
dns_keystore_detach(&ks);
|
||||
}
|
||||
/* Default key-directory key store. */
|
||||
ks = NULL;
|
||||
(void)cfg_keystore_fromconfig(NULL, mctx, lctx, engine, &kslist, &ks);
|
||||
INSIST(ks != NULL);
|
||||
dns_keystore_detach(&ks);
|
||||
|
||||
(void)cfg_map_get(config, "dnssec-policy", &kasps);
|
||||
for (element = cfg_list_first(kasps); element != NULL;
|
||||
@@ -277,7 +303,7 @@ kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
|
||||
}
|
||||
|
||||
result = cfg_kasp_fromconfig(kconfig, NULL, true, mctx, lctx,
|
||||
&kasplist, &kasp);
|
||||
&kslist, &kasplist, &kasp);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
fatal("failed to configure dnssec-policy '%s': %s",
|
||||
cfg_obj_asstring(cfg_tuple_get(kconfig, "name")),
|
||||
@@ -298,6 +324,15 @@ kasp_from_conf(cfg_obj_t *config, isc_mem_t *mctx, const char *name,
|
||||
ISC_LIST_UNLINK(kasplist, kasp, link);
|
||||
dns_kasp_detach(&kasp);
|
||||
}
|
||||
|
||||
/*
|
||||
* Cleanup keystore list.
|
||||
*/
|
||||
for (ks = ISC_LIST_HEAD(kslist); ks != NULL; ks = ks_next) {
|
||||
ks_next = ISC_LIST_NEXT(ks, link);
|
||||
ISC_LIST_UNLINK(kslist, ks, link);
|
||||
dns_keystore_detach(&ks);
|
||||
}
|
||||
}
|
||||
|
||||
static void
|
||||
|
||||
Reference in New Issue
Block a user