mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 15:45:25 +00:00
Code Issues Releases Wiki Activity

Make kasp opaque

Browse Source
This commit is contained in:
Matthijs Mekking
2019-11-04 16:26:39 +01:00
parent 70da58c871
commit f11ce44818
7 changed files with 298 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/dnssec/dnssec-keygen.c
View File

@@ -1187,7 +1187,7 @@ main(int argc, char **argv) {
fatal("failed to load dnssec-policy '%s'", fatal("failed to load dnssec-policy '%s'",
ctx.policy); ctx.policy);
} }
if (ISC_LIST_EMPTY(kasp->keys)) { if (ISC_LIST_EMPTY(dns_kasp_keys(kasp))) {
fatal("dnssec-policy '%s' has no keys " fatal("dnssec-policy '%s' has no keys "
"configured", ctx.policy); "configured", ctx.policy);
} }
@@ -1195,7 +1195,7 @@ main(int argc, char **argv) {
ctx.ttl = dns_kasp_dnskeyttl(kasp); ctx.ttl = dns_kasp_dnskeyttl(kasp);
ctx.setttl = true; ctx.setttl = true;
kaspkey = ISC_LIST_HEAD(kasp->keys); kaspkey = ISC_LIST_HEAD(dns_kasp_keys(kasp));
while (kaspkey != NULL) { while (kaspkey != NULL) {
ctx.use_nsec3 = false; ctx.use_nsec3 = false;

150
lib/dns/include/dns/kasp.h
View File

@@ -237,6 +237,16 @@ dns_kasp_sigrefresh(dns_kasp_t *kasp);
*\li signature refresh interval. *\li signature refresh interval.
*/ */
void
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set signature refresh interval.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_sigvalidity(dns_kasp_t *kasp); dns_kasp_sigvalidity(dns_kasp_t *kasp);
uint32_t uint32_t
@@ -253,10 +263,22 @@ dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp);
*\li signature validity. *\li signature validity.
*/ */
void
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value);
void
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set signature validity.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
dns_ttl_t dns_ttl_t
dns_kasp_dnskeyttl(dns_kasp_t *kasp); dns_kasp_dnskeyttl(dns_kasp_t *kasp);
/*%< /*%<
* Get dnskey ttl. * Get DNSKEY TTL.
* *
* Requires: * Requires:
* *
@@ -267,6 +289,16 @@ dns_kasp_dnskeyttl(dns_kasp_t *kasp);
*\li DNSKEY TTL. *\li DNSKEY TTL.
*/ */
void
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl);
/*%<
* Set DNSKEY TTL.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp); dns_kasp_publishsafety(dns_kasp_t *kasp);
/*%< /*%<
@@ -281,6 +313,16 @@ dns_kasp_publishsafety(dns_kasp_t *kasp);
*\li Publish safety interval. *\li Publish safety interval.
*/ */
void
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set publish safety interval.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_retiresafety(dns_kasp_t *kasp); dns_kasp_retiresafety(dns_kasp_t *kasp);
/*%< /*%<
@@ -295,6 +337,16 @@ dns_kasp_retiresafety(dns_kasp_t *kasp);
*\li Retire safety interval. *\li Retire safety interval.
*/ */
void
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set retire safety interval.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
dns_ttl_t dns_ttl_t
dns_kasp_zonemaxttl(dns_kasp_t *kasp); dns_kasp_zonemaxttl(dns_kasp_t *kasp);
/*%< /*%<
@@ -309,6 +361,16 @@ dns_kasp_zonemaxttl(dns_kasp_t *kasp);
*\li Maximum zone TTL. *\li Maximum zone TTL.
*/ */
void
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl);
/*%<
* Set maximum zone TTL.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp); dns_kasp_zonepropagationdelay(dns_kasp_t *kasp);
/*%< /*%<
@@ -323,6 +385,16 @@ dns_kasp_zonepropagationdelay(dns_kasp_t *kasp);
*\li Zone propagation delay. *\li Zone propagation delay.
*/ */
void
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set zone propagation delay.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
dns_ttl_t dns_ttl_t
dns_kasp_dsttl(dns_kasp_t *kasp); dns_kasp_dsttl(dns_kasp_t *kasp);
/*%< /*%<
@@ -337,6 +409,16 @@ dns_kasp_dsttl(dns_kasp_t *kasp);
*\li Expected parent DS TTL. *\li Expected parent DS TTL.
*/ */
void
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl);
/*%<
* Set DS TTL.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp); dns_kasp_parentpropagationdelay(dns_kasp_t *kasp);
/*%< /*%<
@@ -351,6 +433,16 @@ dns_kasp_parentpropagationdelay(dns_kasp_t *kasp);
*\li Parent zone propagation delay. *\li Parent zone propagation delay.
*/ */
void
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set parent propagation delay.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
uint32_t uint32_t
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp); dns_kasp_parentregistrationdelay(dns_kasp_t *kasp);
/*%< /*%<
@@ -365,6 +457,16 @@ dns_kasp_parentregistrationdelay(dns_kasp_t *kasp);
*\li Parent registration delay. *\li Parent registration delay.
*/ */
void
dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value);
/*%<
* Set parent registration delay.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*/
isc_result_t isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp); dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
/*%< /*%<
@@ -381,14 +483,56 @@ dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
*\li #ISC_R_NOTFOUND No matching kasp was found. *\li #ISC_R_NOTFOUND No matching kasp was found.
*/ */
dns_kasp_keylist_t
dns_kasp_keys(dns_kasp_t *kasp);
/*%<
* Get the list of kasp keys.
*
* Requires:
*
*\li 'kasp' is a valid, frozen kasp.
*
* Returns:
*
*\li #ISC_R_SUCCESS
*\li #ISC_R_NOMEMORY
*
*\li Other errors are possible.
*/
bool
dns_kasp_keylist_empty(dns_kasp_t *kasp);
/*%<
* Check if the keylist is empty.
*
* Requires:
*
*\li 'kasp' is a valid kasp.
*
* Returns:
*
*\li true if the keylist is empty, false otherwise.
*/
void
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key);
/*%<
* Add a key.
*
* Requires:
*
*\li 'kasp' is a valid, thawed kasp.
*\li 'key' is not NULL.
*/
isc_result_t isc_result_t
dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp); dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp);
/*%< /*%<
* Create a key inside a KASP. * Create a key inside a KASP.
* *
* Requires: * Requires:
* *
*\li 'mctx' is a valid memory context. *\li 'kasp' is a valid kasp.
* *
*\li keyp != NULL && *keyp == NULL *\li keyp != NULL && *keyp == NULL
* *

109
lib/dns/kasp.c
View File

@@ -138,6 +138,13 @@ dns_kasp_sigrefresh(dns_kasp_t *kasp) {
return (kasp->signatures_refresh); return (kasp->signatures_refresh);
} }
void
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->signatures_refresh = value;
}
uint32_t uint32_t
dns_kasp_sigvalidity(dns_kasp_t *kasp) { dns_kasp_sigvalidity(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -145,6 +152,13 @@ dns_kasp_sigvalidity(dns_kasp_t *kasp) {
return (kasp->signatures_validity); return (kasp->signatures_validity);
} }
void
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->signatures_validity = value;
}
uint32_t uint32_t
dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) { dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -152,6 +166,13 @@ dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
return (kasp->signatures_validity_dnskey); return (kasp->signatures_validity_dnskey);
} }
void
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->signatures_validity = value;
}
dns_ttl_t dns_ttl_t
dns_kasp_dnskeyttl(dns_kasp_t *kasp) { dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -159,6 +180,13 @@ dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
return (kasp->dnskey_ttl); return (kasp->dnskey_ttl);
} }
void
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->dnskey_ttl = ttl;
}
uint32_t uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp) { dns_kasp_publishsafety(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -166,6 +194,13 @@ dns_kasp_publishsafety(dns_kasp_t *kasp) {
return (kasp->publish_safety); return (kasp->publish_safety);
} }
void
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->publish_safety = value;
}
uint32_t uint32_t
dns_kasp_retiresafety(dns_kasp_t *kasp) { dns_kasp_retiresafety(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -173,6 +208,13 @@ dns_kasp_retiresafety(dns_kasp_t *kasp) {
return (kasp->retire_safety); return (kasp->retire_safety);
} }
void
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->retire_safety = value;
}
dns_ttl_t dns_ttl_t
dns_kasp_zonemaxttl(dns_kasp_t *kasp) { dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -180,6 +222,13 @@ dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
return (kasp->zone_max_ttl); return (kasp->zone_max_ttl);
} }
void
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->zone_max_ttl = ttl;
}
uint32_t uint32_t
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) { dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -187,6 +236,13 @@ dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
return (kasp->zone_propagation_delay); return (kasp->zone_propagation_delay);
} }
void
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->zone_propagation_delay = value;
}
dns_ttl_t dns_ttl_t
dns_kasp_dsttl(dns_kasp_t *kasp) { dns_kasp_dsttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -194,6 +250,13 @@ dns_kasp_dsttl(dns_kasp_t *kasp) {
return (kasp->parent_ds_ttl); return (kasp->parent_ds_ttl);
} }
void
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->parent_ds_ttl = ttl;
}
uint32_t uint32_t
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) { dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -201,6 +264,13 @@ dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
return (kasp->parent_propagation_delay); return (kasp->parent_propagation_delay);
} }
void
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->parent_propagation_delay = value;
}
uint32_t uint32_t
dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) { dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp)); REQUIRE(DNS_KASP_VALID(kasp));
@@ -208,6 +278,13 @@ dns_kasp_parentregistrationdelay(dns_kasp_t *kasp) {
return (kasp->parent_registration_delay); return (kasp->parent_registration_delay);
} }
void
dns_kasp_setparentregistrationdelay(dns_kasp_t *kasp, uint32_t value) {
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
kasp->parent_registration_delay = value;
}
isc_result_t isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp) dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
{ {
@@ -234,16 +311,42 @@ dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
dns_kasp_keylist_t
dns_kasp_keys(dns_kasp_t *kasp)
{
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(kasp->frozen);
return (kasp->keys);
}
bool
dns_kasp_keylist_empty(dns_kasp_t *kasp)
{
REQUIRE(DNS_KASP_VALID(kasp));
return (ISC_LIST_EMPTY(kasp->keys));
}
void
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key)
{
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(!kasp->frozen);
REQUIRE(key != NULL);
ISC_LIST_APPEND(kasp->keys, key, link);
}
isc_result_t isc_result_t
dns_kasp_key_create(isc_mem_t* mctx, dns_kasp_key_t **keyp) dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp)
{ {
dns_kasp_key_t *key; dns_kasp_key_t *key;
REQUIRE(DNS_KASP_VALID(kasp));
REQUIRE(keyp != NULL && *keyp == NULL); REQUIRE(keyp != NULL && *keyp == NULL);
key = isc_mem_get(mctx, sizeof(*key)); key = isc_mem_get(kasp->mctx, sizeof(*key));
key->mctx = NULL; key->mctx = NULL;
isc_mem_attach(mctx, &key->mctx); isc_mem_attach(kasp->mctx, &key->mctx);
ISC_LINK_INIT(key, link); ISC_LINK_INIT(key, link);

2
lib/dns/keymgr.c
View File

@@ -1330,7 +1330,7 @@ dns_keymgr_run(const dns_name_t *origin, dns_rdataclass_t rdclass,
} }
/* Create keys according to the policy, if come in short. */ /* Create keys according to the policy, if come in short. */
for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL; for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
kkey = ISC_LIST_NEXT(kkey, link)) kkey = ISC_LIST_NEXT(kkey, link))
{ {
isc_stdtime_t retire = 0, active = 0, prepub = 0; isc_stdtime_t retire = 0, active = 0, prepub = 0;

14
lib/dns/win32/libdns.def.in
View File

@@ -414,6 +414,7 @@ dns_journal_rollforward
dns_journal_set_sourceserial dns_journal_set_sourceserial
dns_journal_write_transaction dns_journal_write_transaction
dns_journal_writediff dns_journal_writediff
dns_kasp_addkey
dns_kasp_attach dns_kasp_attach
dns_kasp_create dns_kasp_create
dns_kasp_detach dns_kasp_detach
@@ -428,10 +429,23 @@ dns_kasp_key_ksk
dns_kasp_key_lifetime dns_kasp_key_lifetime
dns_kasp_key_size dns_kasp_key_size
dns_kasp_key_zsk dns_kasp_key_zsk
dns_kasp_keylist_empty
dns_kasp_keys
dns_kasp_parentpropagationdelay dns_kasp_parentpropagationdelay
dns_kasp_parentregistrationdelay dns_kasp_parentregistrationdelay
dns_kasp_publishsafety dns_kasp_publishsafety
dns_kasp_retiresafety dns_kasp_retiresafety
dns_kasp_setdnskeyttl
dns_kasp_setdsttl
dns_kasp_setparentpropagationdelay
dns_kasp_setparentregistrationdelay
dns_kasp_setpublishsafety
dns_kasp_setretiresafety
dns_kasp_setsigrefresh
dns_kasp_setsigvalidity
dns_kasp_setsigvalidity_dnskey
dns_kasp_setzonemaxttl
dns_kasp_setzonepropagationdelay
dns_kasp_signdelay dns_kasp_signdelay
dns_kasp_sigrefresh dns_kasp_sigrefresh
dns_kasp_sigvalidity dns_kasp_sigvalidity

2
lib/dns/zone.c
View File

@@ -7039,7 +7039,7 @@ signed_with_good_key(dns_zone_t* zone, dns_db_t *db, dns_dbnode_t *node,
int zsk_count = 0; int zsk_count = 0;
bool approved; bool approved;
for (kkey = ISC_LIST_HEAD(kasp->keys); kkey != NULL; for (kkey = ISC_LIST_HEAD(dns_kasp_keys(kasp)); kkey != NULL;
kkey = ISC_LIST_NEXT(kkey, link)) kkey = ISC_LIST_NEXT(kkey, link))
{ {
if (dns_kasp_key_algorithm(kkey) != dst_key_alg(key)) { if (dns_kasp_key_algorithm(kkey) != dst_key_alg(key)) {

54
lib/isccfg/kaspconf.c
View File

@@ -71,7 +71,7 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t* kasp)
dns_kasp_key_t *key = NULL; dns_kasp_key_t *key = NULL;
/* Create a new key reference. */ /* Create a new key reference. */
result = dns_kasp_key_create(kasp->mctx, &key); result = dns_kasp_key_create(kasp, &key);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
return (result); return (result);
} }
@@ -103,8 +103,7 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t* kasp)
key->length = cfg_obj_asuint32(obj); key->length = cfg_obj_asuint32(obj);
} }
} }
ISC_LIST_APPEND(kasp->keys, key, link); dns_kasp_addkey(kasp, key);
ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys)));
return (result); return (result);
} }
@@ -158,20 +157,21 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, isc_mem_t* mctx,
maps[i] = NULL; maps[i] = NULL;
/* Configuration: Signatures */ /* Configuration: Signatures */
kasp->signatures_refresh = get_duration( dns_kasp_setsigrefresh(kasp, get_duration(maps, "signatures-refresh",
maps, "signatures-refresh", DNS_KASP_SIG_REFRESH); DNS_KASP_SIG_REFRESH));
kasp->signatures_validity = get_duration( dns_kasp_setsigvalidity(kasp, get_duration(maps, "signatures-validity",
maps, "signatures-validity", DNS_KASP_SIG_VALIDITY); DNS_KASP_SIG_VALIDITY));
kasp->signatures_validity_dnskey = get_duration( dns_kasp_setsigvalidity_dnskey(kasp, get_duration(maps,
maps, "signatures-validity-dnskey", "signatures-validity-dnskey",
DNS_KASP_SIG_VALIDITY_DNSKEY); DNS_KASP_SIG_VALIDITY_DNSKEY));
/* Configuration: Keys */ /* Configuration: Keys */
kasp->dnskey_ttl = get_duration(maps, "dnskey-ttl", DNS_KASP_KEY_TTL); dns_kasp_setdnskeyttl(kasp, get_duration(maps, "dnskey-ttl",
kasp->publish_safety = get_duration(maps, "publish-safety", DNS_KASP_KEY_TTL));
DNS_KASP_PUBLISH_SAFETY); dns_kasp_setpublishsafety(kasp, get_duration(maps, "publish-safety",
kasp->retire_safety = get_duration(maps, "retire-safety", DNS_KASP_PUBLISH_SAFETY));
DNS_KASP_RETIRE_SAFETY); dns_kasp_setretiresafety(kasp, get_duration(maps, "retire-safety",
DNS_KASP_RETIRE_SAFETY));
(void)confget(maps, "keys", &keys); (void)confget(maps, "keys", &keys);
if (keys == NULL) { if (keys == NULL) {
@@ -190,26 +190,24 @@ cfg_kasp_fromconfig(const cfg_obj_t *config, isc_mem_t* mctx,
} }
} }
} }
ISC_INSIST(!(ISC_LIST_EMPTY(kasp->keys))); ISC_INSIST(!(dns_kasp_keylist_empty(kasp)));
/* Configuration: Zone settings */ /* Configuration: Zone settings */
kasp->zone_max_ttl = get_duration(maps, "zone-max-ttl", dns_kasp_setzonemaxttl(kasp, get_duration(maps, "zone-max-ttl",
DNS_KASP_ZONE_MAXTTL); DNS_KASP_ZONE_MAXTTL));
kasp->zone_propagation_delay = get_duration(maps, dns_kasp_setzonepropagationdelay(kasp, get_duration(maps,
"zone-propagation-delay", "zone-propagation-delay",
DNS_KASP_ZONE_PROPDELAY); DNS_KASP_ZONE_PROPDELAY));
/* Configuration: Parent settings */ /* Configuration: Parent settings */
kasp->parent_ds_ttl = get_duration(maps, "parent-ds-ttl", dns_kasp_setdsttl(kasp, get_duration(maps, "parent-ds-ttl",
DNS_KASP_DS_TTL); DNS_KASP_DS_TTL));
kasp->parent_propagation_delay = get_duration( dns_kasp_setparentpropagationdelay(kasp, get_duration(maps,
maps,
"parent-propagation-delay", "parent-propagation-delay",
DNS_KASP_PARENT_PROPDELAY); DNS_KASP_PARENT_PROPDELAY));
kasp->parent_registration_delay = get_duration( dns_kasp_setparentregistrationdelay(kasp, get_duration(maps,
maps,
"parent-registration-delay", "parent-registration-delay",
DNS_KASP_PARENT_REGDELAY); DNS_KASP_PARENT_REGDELAY));
// TODO: Rest of the configuration // TODO: Rest of the configuration