Commit 2642d78c authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

offline_ksk: keymgr generate-ksr requires specified from-to

parent 99168b7a
......@@ -140,7 +140,7 @@ Delete pre\-generated offline key\-related records in specified time interval.
\fBdel\-all\-old\fP
Delete old keys that are in state \(aqremoved\(aq.
.TP
\fBgenerate\-ksr\fP \fItimestamp\fP
\fBgenerate\-ksr\fP \fItimestamp\-from\fP \fItimestamp\-to\fP
Print to stdout KeySigningRequest based on pre\-generated ZSKs for specified period.
.TP
\fBsign\-ksr\fP \fIksr_file\fP
......
......@@ -117,7 +117,7 @@ Commands related to Offline KSK feature
**del-all-old**
Delete old keys that are in state 'removed'.
**generate-ksr** *timestamp*
**generate-ksr** *timestamp-from* *timestamp-to*
Print to stdout KeySigningRequest based on pre-generated ZSKs for specified period.
**sign-ksr** *ksr_file*
......
......@@ -85,7 +85,7 @@ static void print_help(void)
" (syntax: del-offline <from> <to>)\n"
" del-all-old Delete old keys that are in state 'removed'.\n"
" generate-ksr Print to stdout KeySigningRequest based on pre-generated ZSKS.\n"
" (syntax: generate-ksr <timestamp>)\n"
" (syntax: generate-ksr <from> <to>)\n"
" sign-ksr Read KeySigningRequest from a file, sign it and print SignedKeyResponse to stdout.\n"
" (syntax: sign-ksr <ksr_file>)\n"
" import-skr Import DNSKEY record signatures from a SignedKeyResponse.\n"
......@@ -144,6 +144,13 @@ static int key_command(int argc, char *argv[], int opt_ind)
goto main_end; \
}
#define CHECK_MISSING_ARG2(msg) \
if (argc < 4) { \
printf("%s\n", (msg)); \
ret = KNOT_EINVAL; \
goto main_end; \
}
bool print_ok_on_succes = true;
if (strcmp(argv[1], "generate") == 0) {
ret = keymgr_generate_key(&kctx, argc - 2, argv + 2);
......@@ -229,17 +236,13 @@ static int key_command(int argc, char *argv[], int opt_ind)
CHECK_MISSING_ARG("Timestamp not specified");
ret = keymgr_print_offline_records(&kctx, argv[2], argc > 3 ? argv[3] : NULL);
} else if (strcmp(argv[1], "del-offline") == 0) {
if (argc < 4) {
printf("Timestamps from-to not specified\n");
ret = KNOT_EINVAL;
goto main_end;
}
CHECK_MISSING_ARG2("Timestamps from-to not specified");
ret = keymgr_delete_offline_records(&kctx, argv[2], argv[3]);
} else if (strcmp(argv[1], "del-all-old") == 0) {
ret = keymgr_del_all_old(&kctx);
} else if (strcmp(argv[1], "generate-ksr") == 0) {
CHECK_MISSING_ARG("Timestamp not specified");
ret = keymgr_print_ksr(&kctx, argv[2]);
CHECK_MISSING_ARG2("Timestamps from-to not specified");
ret = keymgr_print_ksr(&kctx, argv[2], argv[3]);
print_ok_on_succes = false;
} else if (strcmp(argv[1], "sign-ksr") == 0) {
CHECK_MISSING_ARG("Input file not specified");
......
......@@ -221,28 +221,29 @@ done:
return ret;
}
int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg)
int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to)
{
knot_time_t upto;
int ret = parse_timestamp(arg, &upto);
knot_time_t from, to;
int ret = parse_timestamp(arg_from, &from);
if (ret != KNOT_EOK) {
return ret;
}
ret = parse_timestamp(arg_to, &to);
if (ret != KNOT_EOK) {
return ret;
}
knot_time_t next = ctx->now;
ret = KNOT_EOK;
char *buf = NULL;
size_t buf_size = 4096;
while (ret == KNOT_EOK && knot_time_cmp(next, upto) < 0) {
ctx->now = next;
ret = ksr_once(ctx, &buf, &buf_size, &next);
while (ret == KNOT_EOK && knot_time_cmp(from, to) < 0) {
ctx->now = from;
ret = ksr_once(ctx, &buf, &buf_size, &from);
}
if (ret != KNOT_EOK) {
free(buf);
return ret;
}
ctx->now = upto;
ctx->now = to;
// force end of period as a KSR timestamp
ret = ksr_once(ctx, &buf, &buf_size, NULL);
......
......@@ -26,7 +26,7 @@ int keymgr_delete_offline_records(kdnssec_ctx_t *ctx, char *arg_from, char *arg_
int keymgr_del_all_old(kdnssec_ctx_t *ctx);
int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg);
int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to);
int keymgr_sign_ksr(kdnssec_ctx_t *ctx, const char *ksr_file);
......
......@@ -120,7 +120,7 @@ key_zsk1 = knot.key_gen(ZONE, ksk="false", created="+0", publish="+0", active="+
KSR = knot.keydir + "/ksr"
SKR = knot.keydir + "/skr"
Keymgr.run_check(knot.confile, ZONE, "pregenerate", "+" + str(FUTURE))
_, out, _ = Keymgr.run_check(knot.confile, ZONE, "generate-ksr", "+" + str(FUTURE))
_, out, _ = Keymgr.run_check(knot.confile, ZONE, "generate-ksr", "+0", "+" + str(FUTURE))
writef(KSR, out)
_, out, _ = Keymgr.run_check(signer.confile, ZONE, "sign-ksr", KSR)
writef(SKR, out)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment