Add function to see if dst key uses kasp

For purposes of zones transitioning back to insecure mode, it is practical to see if related keys have a state file associated.
2025-08-30 22:15:20 +00:00 · 2020-12-03 10:19:38 +01:00
parent 756674f6d1
commit 8f2c5e45da
4 changed files with 24 additions and 2 deletions
--- a/lib/dns/dst_api.c
+++ b/lib/dns/dst_api.c
@@ -649,12 +649,14 @@ dst_key_fromnamedfile(const char *filename, const char *dirname, int type,
 				   filename, ".state");
 		INSIST(result == ISC_R_SUCCESS);

+		key->kasp = false;
 		result = dst_key_read_state(newfilename, mctx, &key);
-		if (result == ISC_R_FILENOTFOUND) {
+		if (result == ISC_R_SUCCESS) {
+			key->kasp = true;
+		} else if (result == ISC_R_FILENOTFOUND) {
 			/* Having no state is valid. */
 			result = ISC_R_SUCCESS;
 		}
-
 		isc_mem_put(mctx, newfilename, newfilenamelen);
 		newfilename = NULL;
 		RETERR(result);
@@ -2600,6 +2602,8 @@ dst_key_goal(dst_key_t *key) {
 	dst_key_state_t state;
 	isc_result_t result;

+	REQUIRE(VALID_KEY(key));
+
 	result = dst_key_getstate(key, DST_KEY_GOAL, &state);
 	if (result == ISC_R_SUCCESS) {
 		return (state);
@@ -2607,6 +2611,13 @@ dst_key_goal(dst_key_t *key) {
 	return (DST_KEY_STATE_HIDDEN);
 }

+bool
+dst_key_haskasp(dst_key_t *key) {
+	REQUIRE(VALID_KEY(key));
+
+	return (key->kasp);
+}
+
 void
 dst_key_copy_metadata(dst_key_t *to, dst_key_t *from) {
 	dst_key_state_t state;