add dns_view_addtrustedkey()

the new dns_view_addtrustedkey() function allows a view's trust anchors to be updated directly. this code was formerly in dns_client_addtrustedkey(), which is now a wrapper around dns_view_addtrustedkey().
2025-08-31 06:25:31 +00:00 · 2023-01-31 13:30:12 -08:00
parent 2587fefbaa
commit 33a741f897
4 changed files with 73 additions and 42 deletions
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -26,6 +26,7 @@
 #include <isc/file.h>
 #include <isc/hash.h>
 #include <isc/lex.h>
+#include <isc/md.h>
 #include <isc/result.h>
 #include <isc/stats.h>
 #include <isc/string.h>
@@ -2323,3 +2324,44 @@ dns_view_getdispatchmgr(dns_view_t *view) {
 	REQUIRE(DNS_VIEW_VALID(view));
 	return (view->dispatchmgr);
 }
+
+isc_result_t
+dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
+		       const dns_name_t *keyname, isc_buffer_t *databuf) {
+	isc_result_t result;
+	dns_name_t *name = NULL;
+	char rdatabuf[DST_KEY_MAXSIZE];
+	unsigned char digest[ISC_MAX_MD_SIZE];
+	dns_rdata_ds_t ds;
+	dns_rdata_t rdata;
+	isc_buffer_t b;
+
+	REQUIRE(DNS_VIEW_VALID(view));
+	REQUIRE(view->rdclass == dns_rdataclass_in);
+
+	DE_CONST(keyname, name);
+
+	if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
+		result = ISC_R_NOTIMPLEMENTED;
+		goto cleanup;
+	}
+
+	isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
+	dns_rdata_init(&rdata);
+	isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
+	CHECK(dns_rdata_fromwire(&rdata, view->rdclass, rdtype, databuf,
+				 DNS_DECOMPRESS_NEVER, &b));
+
+	if (rdtype == dns_rdatatype_ds) {
+		CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
+	} else {
+		CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
+					  digest, &ds));
+	}
+
+	CHECK(dns_keytable_add(view->secroots_priv, false, false, name, &ds,
+			       NULL, NULL));
+
+cleanup:
+	return (result);
+}