mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 05:28:00 +00:00
Make kasp opaque
This commit is contained in:
Matthijs Mekking
parent
70da58c871
commit
f11ce44818
@ -1187,7 +1187,7 @@ main(int argc, char **argv) {
|
||||
fatal("failed to load dnssec-policy '%s'",
|
||||
ctx.policy);
|
||||
}
|
||||
if (ISC_LIST_EMPTY(kasp->keys)) {
|
||||
if (ISC_LIST_EMPTY(dns_kasp_keys(kasp))) {
|
||||
fatal("dnssec-policy '%s' has no keys "
|
||||
"configured", ctx.policy);
|
||||
}
|
||||
@ -1195,7 +1195,7 @@ main(int argc, char **argv) {
|
||||
ctx.ttl = dns_kasp_dnskeyttl(kasp);
|
||||
ctx.setttl = true;
|
||||
|
||||
kaspkey = ISC_LIST_HEAD(kasp->keys);
|
||||
kaspkey = ISC_LIST_HEAD(dns_kasp_keys(kasp));
|
||||
|
||||
while (kaspkey != NULL) {
|
||||
ctx.use_nsec3 = false;
|
||||
|
||||
@ -237,6 +237,16 @@ dns_kasp_sigrefresh(dns_kasp_t *kasp);
|
||||
*\li signature refresh interval.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set signature refresh interval.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_sigvalidity(dns_kasp_t *kasp);
|
||||
uint32_t
|
||||
@ -253,10 +263,22 @@ dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp);
|
||||
*\li signature validity.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value);
|
||||
void
|
||||
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set signature validity.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_dnskeyttl(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
* Get dnskey ttl.
|
||||
* Get DNSKEY TTL.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
@ -267,6 +289,16 @@ dns_kasp_dnskeyttl(dns_kasp_t *kasp);
|
||||
*\li DNSKEY TTL.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl);
|
||||
/*%<
|
||||
* Set DNSKEY TTL.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_publishsafety(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -281,6 +313,16 @@ dns_kasp_publishsafety(dns_kasp_t *kasp);
|
||||
*\li Publish safety interval.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set publish safety interval.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_retiresafety(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -295,6 +337,16 @@ dns_kasp_retiresafety(dns_kasp_t *kasp);
|
||||
*\li Retire safety interval.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set retire safety interval.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_zonemaxttl(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -309,6 +361,16 @@ dns_kasp_zonemaxttl(dns_kasp_t *kasp);
|
||||
*\li Maximum zone TTL.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl);
|
||||
/*%<
|
||||
* Set maximum zone TTL.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -323,6 +385,16 @@ dns_kasp_zonepropagationdelay(dns_kasp_t *kasp);
|
||||
*\li Zone propagation delay.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set zone propagation delay.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_dsttl(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -337,6 +409,16 @@ dns_kasp_dsttl(dns_kasp_t *kasp);
|
||||
*\li Expected parent DS TTL.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl);
|
||||
/*%<
|
||||
* Set DS TTL.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -351,6 +433,16 @@ dns_kasp_parentpropagationdelay(dns_kasp_t *kasp);
|
||||
*\li Parent zone propagation delay.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set parent propagation delay.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
uint32_t
|
||||
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
@ -365,6 +457,16 @@ dns_kasp_parentregistrationdelay(dns_kasp_t *kasp);
|
||||
*\li Parent registration delay.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value);
|
||||
/*%<
|
||||
* Set parent registration delay.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
|
||||
/*%<
|
||||
@ -381,14 +483,56 @@ dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
|
||||
*\li #ISC_R_NOTFOUND No matching kasp was found.
|
||||
*/
|
||||
|
||||
dns_kasp_keylist_t
|
||||
dns_kasp_keys(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
* Get the list of kasp keys.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, frozen kasp.
|
||||
*
|
||||
* Returns:
|
||||
*
|
||||
*\li #ISC_R_SUCCESS
|
||||
*\li #ISC_R_NOMEMORY
|
||||
*
|
||||
*\li Other errors are possible.
|
||||
*/
|
||||
|
||||
bool
|
||||
dns_kasp_keylist_empty(dns_kasp_t *kasp);
|
||||
/*%<
|
||||
* Check if the keylist is empty.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid kasp.
|
||||
*
|
||||
* Returns:
|
||||
*
|
||||
*\li true if the keylist is empty, false otherwise.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key);
|
||||
/*%<
|
||||
* Add a key.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'kasp' is a valid, thawed kasp.
|
||||
*\li 'key' is not NULL.
|
||||
*/
|
||||
|
||||
isc_result_t
|
||||
dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp);
|
||||
dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp);
|
||||
/*%<
|
||||
* Create a key inside a KASP.
|
||||
*
|
||||
* Requires:
|
||||
*
|
||||
*\li 'mctx' is a valid memory context.
|
||||
*\li 'kasp' is a valid kasp.
|
||||
*
|
||||
*\li keyp != NULL && *keyp == NULL
|
||||
*
|
||||
|
||||
109
lib/dns/kasp.c
109
lib/dns/kasp.c
@ -138,6 +138,13 @@ dns_kasp_sigrefresh(dns_kasp_t *kasp) {
|
||||
return (kasp->signatures_refresh);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->signatures_refresh = value;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_sigvalidity(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -145,6 +152,13 @@ dns_kasp_sigvalidity(dns_kasp_t *kasp) {
|
||||
return (kasp->signatures_validity);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->signatures_validity = value;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -152,6 +166,13 @@ dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
|
||||
return (kasp->signatures_validity_dnskey);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->signatures_validity = value;
|
||||
}
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -159,6 +180,13 @@ dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
|
||||
return (kasp->dnskey_ttl);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->dnskey_ttl = ttl;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_publishsafety(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -166,6 +194,13 @@ dns_kasp_publishsafety(dns_kasp_t *kasp) {
|
||||
return (kasp->publish_safety);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->publish_safety = value;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_retiresafety(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -173,6 +208,13 @@ dns_kasp_retiresafety(dns_kasp_t *kasp) {
|
||||
return (kasp->retire_safety);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->retire_safety = value;
|
||||
}
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -180,6 +222,13 @@ dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
|
||||
return (kasp->zone_max_ttl);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->zone_max_ttl = ttl;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -187,6 +236,13 @@ dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
|
||||
return (kasp->zone_propagation_delay);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->zone_propagation_delay = value;
|
||||
}
|
||||
|
||||
dns_ttl_t
|
||||
dns_kasp_dsttl(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -194,6 +250,13 @@ dns_kasp_dsttl(dns_kasp_t *kasp) {
|
||||
return (kasp->parent_ds_ttl);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->parent_ds_ttl = ttl;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -201,6 +264,13 @@ dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
|
||||
return (kasp->parent_propagation_delay);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->parent_propagation_delay = value;
|
||||
}
|
||||
|
||||
uint32_t
|
||||
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
@ -208,6 +278,13 @@ dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) {
|
||||
return (kasp->parent_registration_delay);
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value) {
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
kasp->parent_registration_delay = value;
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
|
||||
{
|
||||
@ -234,16 +311,42 @@ dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
|
||||
return (ISC_R_SUCCESS);
|
||||
}
|
||||
|
||||
dns_kasp_keylist_t
|
||||
dns_kasp_keys(dns_kasp_t *kasp)
|
||||
{
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(kasp->frozen);
|
||||
return (kasp->keys);
|
||||
}
|
||||
|
||||
bool
|
||||
dns_kasp_keylist_empty(dns_kasp_t *kasp)
|
||||
{
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
return (ISC_LIST_EMPTY(kasp->keys));
|
||||
}
|
||||
|
||||
void
|
||||
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key)
|
||||
{
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(!kasp->frozen);
|
||||
REQUIRE(key != NULL);
|
||||
|
||||
ISC_LIST_APPEND(kasp->keys, key, link);
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp)
|
||||
dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp)
|
||||
{
|
||||
dns_kasp_key_t *key;
|
||||
|
||||
REQUIRE(DNS_KASP_VALID(kasp));
|
||||
REQUIRE(keyp != NULL && *keyp == NULL);
|
||||
|
||||
key = isc_mem_get(mctx, sizeof(*key));
|
||||
key = isc_mem_get(kasp->mctx, sizeof(*key));
|
||||
key->mctx = NULL;
|
||||
isc_mem_attach(mctx, &key->mctx);
|
||||
isc_mem_attach(kasp->mctx, &key->mctx);
|
||||
|
||||
ISC_LINK_INIT(key, link);
|
||||
|
||||
|
||||
@ -1330,7 +1330,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
|
||||
}
|
||||
|
||||
/* Create keys according to the policy, if come in short. */
|
||||
for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL;
|
||||
for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
|
||||
kkey = ISC_LIST_NEXT(kkey, link))
|
||||
{
|
||||
isc_stdtime_t retire = 0, active = 0, prepub = 0;
|
||||
|
||||
@ -414,6 +414,7 @@ dns_journal_rollforward
|
||||
dns_journal_set_sourceserial
|
||||
dns_journal_write_transaction
|
||||
dns_journal_writediff
|
||||
dns_kasp_addkey
|
||||
dns_kasp_attach
|
||||
dns_kasp_create
|
||||
dns_kasp_detach
|
||||
@ -428,10 +429,23 @@ dns_kasp_key_ksk
|
||||
dns_kasp_key_lifetime
|
||||
dns_kasp_key_size
|
||||
dns_kasp_key_zsk
|
||||
dns_kasp_keylist_empty
|
||||
dns_kasp_keys
|
||||
dns_kasp_parentpropagationdelay
|
||||
dns_kasp_parentregistrationdelay
|
||||
dns_kasp_publishsafety
|
||||
dns_kasp_retiresafety
|
||||
dns_kasp_setdnskeyttl
|
||||
dns_kasp_setdsttl
|
||||
dns_kasp_setparentpropagationdelay
|
||||
dns_kasp_setparentregistrationdelay
|
||||
dns_kasp_setpublishsafety
|
||||
dns_kasp_setretiresafety
|
||||
dns_kasp_setsigrefresh
|
||||
dns_kasp_setsigvalidity
|
||||
dns_kasp_setsigvalidity_dnskey
|
||||
dns_kasp_setzonemaxttl
|
||||
dns_kasp_setzonepropagationdelay
|
||||
dns_kasp_signdelay
|
||||
dns_kasp_sigrefresh
|
||||
dns_kasp_sigvalidity
|
||||
|
||||
@ -7039,7 +7039,7 @@ signed_with_good_key(dns_zone_t* zone, dns_db_t *db, dns_dbnode_t *node,
|
||||
int zsk_count = 0;
|
||||
bool approved;
|
||||
|
||||
for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL;
|
||||
for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
|
||||
kkey = ISC_LIST_NEXT(kkey, link))
|
||||
{
|
||||
if (dns_kasp_key_algorithm(kkey) != dst_key_alg(key)) {
|
||||
|
||||
@ -71,7 +71,7 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t* kasp)
|
||||
dns_kasp_key_t *key = NULL;
|
||||
|
||||
/* Create a new key reference. */
|
||||
result = dns_kasp_key_create(kasp->mctx, &key);
|
||||
result = dns_kasp_key_create(kasp, &key);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
return (result);
|
||||
}
|
||||
@ -103,8 +103,7 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t* kasp)
|
||||
key->length = cfg_obj_asuint32(obj);
|
||||
}
|
||||
}
|
||||
ISC_LIST_APPEND(kasp->keys, key, link);
|
||||
ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys)));
|
||||
dns_kasp_addkey(kasp, key);
|
||||
return (result);
|
||||
}
|
||||
|
||||
@ -158,20 +157,21 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, isc_mem_t* mctx,
|
||||
maps[i] = NULL;
|
||||
|
||||
/* Configuration: Signatures */
|
||||
kasp->signatures_refresh = get_duration(
|
||||
maps, "signatures-refresh", DNS_KASP_SIG_REFRESH);
|
||||
kasp->signatures_validity = get_duration(
|
||||
maps, "signatures-validity", DNS_KASP_SIG_VALIDITY);
|
||||
kasp->signatures_validity_dnskey = get_duration(
|
||||
maps, "signatures-validity-dnskey",
|
||||
DNS_KASP_SIG_VALIDITY_DNSKEY);
|
||||
dns_kasp_setsigrefresh(kasp, get_duration(maps, "signatures-refresh",
|
||||
DNS_KASP_SIG_REFRESH));
|
||||
dns_kasp_setsigvalidity(kasp, get_duration(maps, "signatures-validity",
|
||||
DNS_KASP_SIG_VALIDITY));
|
||||
dns_kasp_setsigvalidity_dnskey(kasp, get_duration(maps,
|
||||
"signatures-validity-dnskey",
|
||||
DNS_KASP_SIG_VALIDITY_DNSKEY));
|
||||
|
||||
/* Configuration: Keys */
|
||||
kasp->dnskey_ttl = get_duration(maps, "dnskey-ttl", DNS_KASP_KEY_TTL);
|
||||
kasp->publish_safety = get_duration(maps, "publish-safety",
|
||||
DNS_KASP_PUBLISH_SAFETY);
|
||||
kasp->retire_safety = get_duration(maps, "retire-safety",
|
||||
DNS_KASP_RETIRE_SAFETY);
|
||||
dns_kasp_setdnskeyttl(kasp, get_duration(maps, "dnskey-ttl",
|
||||
DNS_KASP_KEY_TTL));
|
||||
dns_kasp_setpublishsafety(kasp, get_duration(maps, "publish-safety",
|
||||
DNS_KASP_PUBLISH_SAFETY));
|
||||
dns_kasp_setretiresafety(kasp, get_duration(maps, "retire-safety",
|
||||
DNS_KASP_RETIRE_SAFETY));
|
||||
|
||||
(void)confget(maps, "keys", &keys);
|
||||
if (keys == NULL) {
|
||||
@ -190,26 +190,24 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, isc_mem_t* mctx,
|
||||
}
|
||||
}
|
||||
}
|
||||
ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys)));
|
||||
ISC_INSIST(!(dns_kasp_keylist_empty(kasp)));
|
||||
|
||||
/* Configuration: Zone settings */
|
||||
kasp->zone_max_ttl = get_duration(maps, "zone-max-ttl",
|
||||
DNS_KASP_ZONE_MAXTTL);
|
||||
kasp->zone_propagation_delay = get_duration(maps,
|
||||
"zone-propagation-delay",
|
||||
DNS_KASP_ZONE_PROPDELAY);
|
||||
dns_kasp_setzonemaxttl(kasp, get_duration(maps, "zone-max-ttl",
|
||||
DNS_KASP_ZONE_MAXTTL));
|
||||
dns_kasp_setzonepropagationdelay(kasp, get_duration(maps,
|
||||
"zone-propagation-delay",
|
||||
DNS_KASP_ZONE_PROPDELAY));
|
||||
|
||||
/* Configuration: Parent settings */
|
||||
kasp->parent_ds_ttl = get_duration(maps, "parent-ds-ttl",
|
||||
DNS_KASP_DS_TTL);
|
||||
kasp->parent_propagation_delay = get_duration(
|
||||
maps,
|
||||
dns_kasp_setdsttl(kasp, get_duration(maps, "parent-ds-ttl",
|
||||
DNS_KASP_DS_TTL));
|
||||
dns_kasp_setparentpropagationdelay(kasp, get_duration(maps,
|
||||
"parent-propagation-delay",
|
||||
DNS_KASP_PARENT_PROPDELAY);
|
||||
kasp->parent_registration_delay = get_duration(
|
||||
maps,
|
||||
DNS_KASP_PARENT_PROPDELAY));
|
||||
dns_kasp_setparentregistrationdelay(kasp, get_duration(maps,
|
||||
"parent-registration-delay",
|
||||
DNS_KASP_PARENT_REGDELAY);
|
||||
DNS_KASP_PARENT_REGDELAY));
|
||||
|
||||
// TODO: Rest of the configuration
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user