Add code for creating keystore from config

Add code for configuring keystore objects. Add this to the "kaspconf" code, as it is related to 'dnssec-policy' and it is too small to create a separate file for it.
2025-08-22 10:10:06 +00:00 · 2022-01-25 10:08:43 +01:00 · 2022-01-25 10:08:43 +01:00 · 3a86c07422
commit 3a86c07422
parent 0284482687
3 changed files with 116 additions and 2 deletions
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@ -106,8 +106,10 @@ typedef struct dns_kasp_nsec3param dns_kasp_nsec3param_t;
 typedef uint16_t		   dns_keyflags_t;
 typedef struct dns_keynode	   dns_keynode_t;
 typedef ISC_LIST(dns_keynode_t) dns_keynodelist_t;
-typedef struct dns_keytable	   dns_keytable_t;
-typedef uint16_t		   dns_keytag_t;
+typedef struct dns_keytable dns_keytable_t;
+typedef uint16_t	    dns_keytag_t;
+typedef struct dns_keystore dns_keystore_t;
+typedef ISC_LIST(dns_keystore_t) dns_keystorelist_t;
 typedef struct dns_loadctx	   dns_loadctx_t;
 typedef struct dns_loadmgr	   dns_loadmgr_t;
 typedef struct dns_masterrawheader dns_masterrawheader_t;
--- a/lib/isccfg/include/isccfg/kaspconf.h
+++ b/lib/isccfg/include/isccfg/kaspconf.h
@ -56,4 +56,32 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, dns_kasp_t *default_kasp,
 *\li  Other errors are possible.
 */

+isc_result_t
+cfg_keystore_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
+			isc_log_t *logctx, dns_keystorelist_t *keystorelist,
+			dns_keystore_t    **kspp);
+/*%<
+ * Create and configure a key store. If a 'keystorelist' is provided, a lookup
+ * happens and if a keystore already exists with the same name, no new one is
+ * created, and no attach to 'kspp' happens.
+ *
+ * Requires:
+ *
+ *\li  config != NULL
+
+ *\li  'mctx' is a valid memory context.
+ *
+ *\li  'logctx' is a valid logging context.
+ *
+ *\li  kspp != NULL && *kspp == NULL
+ *
+ * Returns:
+ *
+ *\li  #ISC_R_SUCCESS  If creating and configuring the keystore succeeds.
+ *\li  #ISC_R_EXISTS   If 'keystorelist' already has a keystore with 'name'.
+ *\li  #ISC_R_NOMEMORY
+ *
+ *\li  Other errors are possible.
+ */
+
 ISC_LANG_ENDDECLS
--- a/lib/isccfg/kaspconf.c
+++ b/lib/isccfg/kaspconf.c
@ -24,6 +24,7 @@
 #include <isc/util.h>

 #include <dns/kasp.h>
+#include <dns/keystore.h>
 #include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/nsec3.h>
@ -89,6 +90,23 @@ get_duration(const cfg_obj_t **maps, const char *option, const char *dfl) {
 	return (cfg_obj_asduration(obj));
 }

+/*
+ * Utility function for configuring strings.
+ */
+static const char *
+get_string(const cfg_obj_t **maps, const char *option) {
+	const cfg_obj_t *obj;
+	isc_result_t result;
+	obj = NULL;
+
+	result = confget(maps, option, &obj);
+	if (result == ISC_R_NOTFOUND) {
+		return (NULL);
+	}
+	INSIST(result == ISC_R_SUCCESS);
+	return (cfg_obj_asstring(obj));
+}
+
 /*
 * Create a new kasp key derived from configuration.
 */
@ -655,3 +673,69 @@ cleanup:
 	dns_kasp_detach(&kasp);
 	return (result);
 }
+
+isc_result_t
+cfg_keystore_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
+			isc_log_t *logctx, dns_keystorelist_t *keystorelist,
+			dns_keystore_t **kspp) {
+	isc_result_t result;
+	const cfg_obj_t *maps[2];
+	const cfg_obj_t *koptions = NULL;
+	const char *name = NULL;
+	dns_keystore_t *keystore = NULL;
+	int i = 0;
+
+	REQUIRE(config != NULL);
+	REQUIRE(kspp != NULL && *kspp == NULL);
+
+	name = cfg_obj_asstring(cfg_tuple_get(config, "name"));
+	INSIST(name != NULL);
+
+	result = dns_keystorelist_find(keystorelist, name, &keystore);
+
+	if (result == ISC_R_SUCCESS) {
+		cfg_obj_log(config, logctx, ISC_LOG_ERROR,
+			    "key-store: duplicate key-store found '%s'", name);
+		dns_keystore_detach(&keystore);
+		return (ISC_R_EXISTS);
+	}
+	if (result != ISC_R_NOTFOUND) {
+		cfg_obj_log(config, logctx, ISC_LOG_ERROR,
+			    "key-store: lookup '%s' failed: %s", name,
+			    isc_result_totext(result));
+		return (result);
+	}
+
+	/*
+	 * No key-store with configured name was found in list, create new one.
+	 */
+	INSIST(keystore == NULL);
+	result = dns_keystore_create(mctx, name, &keystore);
+	if (result != ISC_R_SUCCESS) {
+		return (result);
+	}
+	INSIST(keystore != NULL);
+
+	/* Now configure. */
+	INSIST(DNS_KEYSTORE_VALID(keystore));
+
+	if (config != NULL) {
+		koptions = cfg_tuple_get(config, "options");
+		maps[i++] = koptions;
+	}
+	maps[i] = NULL;
+
+	/* Configuration */
+	dns_keystore_setdirectory(keystore, get_string(maps, "directory"));
+	dns_keystore_setpkcs11uri(keystore, get_string(maps, "uri"));
+
+	/* Append it to the list for future lookups. */
+	ISC_LIST_APPEND(*keystorelist, keystore, link);
+	INSIST(!(ISC_LIST_EMPTY(*keystorelist)));
+
+	/* Success: Attach the keystore to the pointer and return. */
+	dns_keystore_attach(keystore, kspp);
+
+	/* Don't detach as keystore is on '*keystorelist' */
+	return (ISC_R_SUCCESS);
+}