Commit 314b49df authored by Libor Peltan's avatar Libor Peltan

libdnssec: deleted structures unneeded anymore:

dnssec_kasp_t, dnssec_kasp_zone_t, dnssec_kasp_keystore_t, dnssec_kasp_store_functions_t
parent ade23475
......@@ -88,26 +88,16 @@ src/dnssec/lib/dnssec/random.h
src/dnssec/lib/dnssec/sign.h
src/dnssec/lib/dnssec/tsig.h
src/dnssec/lib/error.c
src/dnssec/lib/kasp/dir/dir.c
src/dnssec/lib/kasp/dir/escape.c
src/dnssec/lib/kasp/dir/escape.h
src/dnssec/lib/kasp/dir/file.c
src/dnssec/lib/kasp/dir/file.h
src/dnssec/lib/kasp/dir/json.c
src/dnssec/lib/kasp/dir/json.h
src/dnssec/lib/kasp/dir/keystore.c
src/dnssec/lib/kasp/dir/keystore.h
src/dnssec/lib/kasp/dir/policy.c
src/dnssec/lib/kasp/dir/policy.h
src/dnssec/lib/kasp/dir/zone.c
src/dnssec/lib/kasp/dir/zone.h
src/dnssec/lib/kasp/internal.h
src/dnssec/lib/kasp/kasp.c
src/dnssec/lib/kasp/keystore.c
src/dnssec/lib/kasp/keystore_open.c
src/dnssec/lib/kasp/policy.c
src/dnssec/lib/kasp/zone.c
src/dnssec/lib/kasp/zone.h
src/dnssec/lib/key/algorithm.c
src/dnssec/lib/key/algorithm.h
src/dnssec/lib/key/convert.c
......@@ -165,7 +155,6 @@ src/dnssec/tests/crypto.c
src/dnssec/tests/kasp_dir_escape.c
src/dnssec/tests/kasp_dir_file.c
src/dnssec/tests/kasp_policy.c
src/dnssec/tests/kasp_store.c
src/dnssec/tests/key.c
src/dnssec/tests/key_algorithm.c
src/dnssec/tests/key_ds.c
......
......@@ -75,26 +75,16 @@ libdnssec_la_SOURCES = \
lib/binary.c \
lib/crypto.c \
lib/error.c \
lib/kasp/dir/dir.c \
lib/kasp/dir/escape.c \
lib/kasp/dir/escape.h \
lib/kasp/dir/file.c \
lib/kasp/dir/file.h \
lib/kasp/dir/json.c \
lib/kasp/dir/json.h \
lib/kasp/dir/keystore.c \
lib/kasp/dir/keystore.h \
lib/kasp/dir/policy.c \
lib/kasp/dir/policy.h \
lib/kasp/dir/zone.c \
lib/kasp/dir/zone.h \
lib/kasp/internal.h \
lib/kasp/kasp.c \
lib/kasp/keystore.c \
lib/kasp/keystore_open.c \
lib/kasp/policy.c \
lib/kasp/zone.c \
lib/kasp/zone.h \
lib/key/algorithm.c \
lib/key/algorithm.h \
lib/key/convert.c \
......
......@@ -116,135 +116,6 @@ struct key_params {
typedef struct key_params key_params_t;
/*!
* DNSSEC KASP reference.
*/
typedef struct dnssec_kasp {
const struct dnssec_kasp_store_functions *functions;
void *ctx;
} dnssec_kasp_t;
/*!
* Initialize default KASP state store context.
*
* This KASP provider stores the state in JSON files in a directory.
*
* \param[out] kasp Pointer to KASP store instance.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_kasp_init_dir(dnssec_kasp_t **kasp);
/*!
* Deinitialize KASP store context.
*
* \param kasp KASP store handle.
*/
void dnssec_kasp_deinit(dnssec_kasp_t *kasp);
/*!
* Initialize KASP store.
*
* \param kasp KASP store handle.
* \param config KASP store configuration string.
*/
int dnssec_kasp_init(dnssec_kasp_t *kasp, const char *config);
/*!
* Open KASP store.
*
* \param kasp KASP store handle.
* \param config KASP store configuration string.
*/
int dnssec_kasp_open(dnssec_kasp_t *kasp, const char *config);
/*!
* Close KASP store.
*
* \param kasp KASP store to be closed.
*/
void dnssec_kasp_close(dnssec_kasp_t *kasp);
/*!
* Zone state structure in the KASP.
*/
typedef struct dnssec_kasp_zone {
char *name;
uint8_t *dname;
char *policy;
dnssec_list_t *keys;
dnssec_binary_t nsec3_salt;
time_t nsec3_salt_created;
} dnssec_kasp_zone_t;
/*!
* Create new KASP zone.
*
* \param name Name of the zone to be created.
*
* \return Pointer to KASP zone.
*/
dnssec_kasp_zone_t *dnssec_kasp_zone_new(const char *name);
/*!
* Free a KASP zone instance.
*
* \param zone Zone to be freed.
*/
void dnssec_kasp_zone_free(dnssec_kasp_zone_t *zone);
/*!
* Retrieve a zone from the KASP.
*
* \param[in] kasp KASP instance.
* \param[in] name Name of the zone to be retrieved.
* \param[out] zone Loaded zone.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_kasp_zone_load(dnssec_kasp_t *kasp, const char *name,
dnssec_kasp_zone_t **zone);
/*!
* Save the zone state into the KASP.
*
* \param kasp KASP instance.
* \param zone Zone to be saved.
*/
int dnssec_kasp_zone_save(dnssec_kasp_t *kasp, const dnssec_kasp_zone_t *zone);
/*!
* Remove zone from KASP.
*
* \param kasp KASP instance.
* \param zone_name Zone to be removed.
*/
int dnssec_kasp_zone_remove(dnssec_kasp_t *kasp, const char *zone_name);
/*!
* Get list of zone names in the KASP.
*
* \param[in] kasp KASP instance.
* \param[out] list List of zone names (as strings).
*/
int dnssec_kasp_zone_list(dnssec_kasp_t *kasp, dnssec_list_t **list);
/*!
* Check if a zone exists in the KASP.
*
* \param kasp KASP instance.
* \param zone_name Name of the zone.
*
* \return Error code.
* \retval DNSSEC_EOK Zone exists.
* \retval DNSSEC_NOT_FOUND Zone doesn't exist.
*/
int dnssec_kasp_zone_exists(dnssec_kasp_t *kasp, const char *zone_name);
/*!
* Zone key.
*/
......@@ -254,51 +125,6 @@ typedef struct dnssec_kasp_key {
dnssec_kasp_key_timing_t timing; /*!< Key timing information. */
} dnssec_kasp_key_t;
/*!
* Check if DNSKEY is published in the zone.
*/
bool dnssec_kasp_key_is_published(dnssec_kasp_key_timing_t *timing, time_t at);
/*!
* Check if RRSIGs are present in the zone.
*/
bool dnssec_kasp_key_is_active(dnssec_kasp_key_timing_t *timing, time_t at);
/*!
* Check if key is published or active.
*
* \param timing Key timing metadata.
* \param at Time to check the metadata against.
*/
bool dnssec_kasp_key_is_used(dnssec_kasp_key_timing_t *timing, time_t at);
/*!
* Get name of the zone.
*/
const char *dnssec_kasp_zone_get_name(dnssec_kasp_zone_t *zone);
/*!
* Get the set of keys associated with the zone.
*/
dnssec_list_t *dnssec_kasp_zone_get_keys(dnssec_kasp_zone_t *zone);
/*!
* Get zone policy name.
*
* \param zone KASP zone.
*
* \return Name of the policy, NULL if the policy is unset.
*/
const char *dnssec_kasp_zone_get_policy(dnssec_kasp_zone_t *zone);
/*!
* Set or clear zone policy name.
*
* \param zone KASP zone.
* \param name Name of the policy to set, NULL to clear the policy.
*/
int dnssec_kasp_zone_set_policy(dnssec_kasp_zone_t *zone, const char *name);
/*!
* Key and signature policy.
*
......@@ -361,67 +187,6 @@ int dnssec_kasp_policy_validate(const dnssec_kasp_policy_t *policy);
*/
void dnssec_kasp_policy_defaults(dnssec_kasp_policy_t *policy);
/*!
* Retrieve a policy from the KASP.
*
* \param[in] kasp KASP instance.
* \param[in] name Name of the policy.
* \param[out] policy Retrieved policy.
*/
int dnssec_kasp_policy_load(dnssec_kasp_t *kasp, const char *name,
dnssec_kasp_policy_t **policy);
/*!
* Save the policy into the KASP.
*
* \param kasp KASP instance.
* \param policy Policy to be saved.
*/
int dnssec_kasp_policy_save(dnssec_kasp_t *kasp, const dnssec_kasp_policy_t *policy);
/*!
* Remove a policy from the KASP.
*
* \param kasp KASP instance.
* \param name Name of the policy to be removed.
*/
int dnssec_kasp_policy_remove(dnssec_kasp_t *kasp, const char *name);
/*!
* Get a list of policy names in the KASP.
*
* \param[in] kasp KASP instance.
* \param[out] list List of policy names (as strings).
*/
int dnssec_kasp_policy_list(dnssec_kasp_t *kasp, dnssec_list_t **list);
/*!
* Check if a policy exists in the KASP.
*
* \param kasp KASP instance.
* \param policy_name Name of the policy.
*
* \return Error code.
* \retval DNSSEC_EOK Policy exists.
* \retval DNSSEC_NOT_FOUND Policy doesn't exist.
*/
int dnssec_kasp_policy_exists(dnssec_kasp_t *kasp, const char *policy_name);
typedef struct dnssec_kasp_keystore {
char *name;
char *backend;
char *config;
} dnssec_kasp_keystore_t;
dnssec_kasp_keystore_t *dnssec_kasp_keystore_new(const char *name);
void dnssec_kasp_keystore_free(dnssec_kasp_keystore_t *keystore);
int dnssec_kasp_keystore_load(dnssec_kasp_t *kasp, const char *name, dnssec_kasp_keystore_t **keystore);
int dnssec_kasp_keystore_save(dnssec_kasp_t *kasp, const dnssec_kasp_keystore_t *keystore);
int dnssec_kasp_keystore_remove(dnssec_kasp_t *kasp, const char *name);
int dnssec_kasp_keystore_list(dnssec_kasp_t *kasp, dnssec_list_t **names);
int dnssec_kasp_keystore_exists(dnssec_kasp_t *kasp, const char *name);
/*
* TODO: workaround, PKCS 8 dir keystore needs to know KASP base path
*/
......@@ -429,58 +194,4 @@ int dnssec_kasp_keystore_exists(dnssec_kasp_t *kasp, const char *name);
#define DNSSEC_KASP_KEYSTORE_PKCS8 "pkcs8"
#define DNSSEC_KASP_KEYSTORE_PKCS11 "pkcs11"
struct dnssec_keystore;
int dnssec_kasp_keystore_init(dnssec_kasp_t *kasp, const char *backend,
const char *config, struct dnssec_keystore **store);
int dnssec_kasp_keystore_open(dnssec_kasp_t *kasp, const char *backend,
const char *config, struct dnssec_keystore **store);
/*!
* KASP store API implementation.
*/
typedef struct dnssec_kasp_store_functions {
int (*init)(const char *config);
// internal context initialization
int (*open)(void **ctx_ptr, const char *config);
void (*close)(void *ctx);
// internal information
const char *(*base_path)(void *ctx);
// zone serialization/deserialization
int (*zone_load)(void *ctx, dnssec_kasp_zone_t *zone);
int (*zone_save)(void *ctx, const dnssec_kasp_zone_t *zone);
int (*zone_remove)(void *ctx, const char *zone_name);
int (*zone_list)(void *ctx, dnssec_list_t *zone_names);
int (*zone_exists)(void *ctx, const char *zone_name);
// policy serialization/deserialization
int (*policy_load)(void *ctx, dnssec_kasp_policy_t *policy);
int (*policy_save)(void *ctx, const dnssec_kasp_policy_t *policy);
int (*policy_remove)(void *ctx, const char *name);
int (*policy_list)(void *ctx, dnssec_list_t *policy_names);
int (*policy_exists)(void *ctx, const char *name);
// keystore serialization/deserialization
int (*keystore_load)(void *ctx, dnssec_kasp_keystore_t *keystore);
int (*keystore_save)(void *ctx, const dnssec_kasp_keystore_t *keystore);
int (*keystore_remove)(void *ctx, const char *name);
int (*keystore_list)(void *ctx, dnssec_list_t *names);
int (*keystore_exists)(void *ctx, const char *name);
} dnssec_kasp_store_functions_t;
/*!
* Get KASP store API implementation.
*
* \return Pointer to functions.
*/
const dnssec_kasp_store_functions_t *dnssec_kasp_dir_api(void);
/*!
* Initialize custom KASP state store context.
*
* \param[out] kasp Pointer to KASP store instance.
*
* \return Error code, DNSSEC_EOK if successful.
*/
int dnssec_kasp_init_custom(dnssec_kasp_t **kasp,
const dnssec_kasp_store_functions_t *implementation);
/*! @} */
/* Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <assert.h>
#include <dirent.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include "error.h"
#include "fs.h"
#include "kasp/dir/file.h"
#include "kasp/dir/keystore.h"
#include "kasp/dir/policy.h"
#include "kasp/dir/zone.h"
#include "kasp/internal.h"
#include "kasp/zone.h"
#include "key.h"
#include "list.h"
#include "path.h"
#include "shared.h"
#define KASP_DIR_INIT_MODE (S_IRWXU|S_IRGRP|S_IXGRP)
typedef struct kasp_dir_ctx {
char *path;
} kasp_dir_ctx_t;
static int file_exists(const char *path)
{
if (access(path, F_OK) == 0) {
return DNSSEC_EOK;
} else if (errno == ENOENT) {
return DNSSEC_NOT_FOUND;
} else {
return dnssec_errno_to_error(errno);
}
}
/* -- generic entity encoding ---------------------------------------------- */
static int entity_remove(const char *entity, void *_ctx, const char *name)
{
assert(entity);
assert(_ctx);
assert(name);
kasp_dir_ctx_t *ctx = _ctx;
_cleanup_free_ char *config = file_from_entity(ctx->path, entity, name);
if (!config) {
return DNSSEC_ENOMEM;
}
if (unlink(config) != 0) {
return dnssec_errno_to_error(errno);
}
return DNSSEC_EOK;
}
static int entity_exists(const char *entity, void *_ctx, const char *name)
{
assert(entity);
assert(_ctx);
assert(name);
kasp_dir_ctx_t *ctx = _ctx;
_cleanup_free_ char *config = file_from_entity(ctx->path, entity, name);
if (!config) {
return DNSSEC_ENOMEM;
}
return file_exists(config);
}
static int entity_list(const char *entity, void *_ctx, dnssec_list_t *names)
{
assert(entity);
assert(_ctx);
assert(names);
kasp_dir_ctx_t *ctx = _ctx;
_cleanup_closedir_ DIR *dir = opendir(ctx->path);
if (!dir) {
return DNSSEC_NOT_FOUND;
}
errno = 0;
struct dirent *result;
while ((result = readdir(dir)) != NULL) {
char *zone = file_to_entity(entity, result->d_name);
if (zone) {
dnssec_list_append(names, zone);
}
}
if (errno != 0) {
return dnssec_errno_to_error(errno);
}
return DNSSEC_EOK;
}
#define entity_io(entity, ctx, object, callback) \
({ \
const char *path = ((kasp_dir_ctx_t *)ctx)->path; \
const char *name = object->name; \
_cleanup_free_ char *config = file_from_entity(path, entity, name); \
config ? callback(object, config) : DNSSEC_ENOMEM; \
})
/* -- internal API --------------------------------------------------------- */
static int kasp_dir_init(const char *config)
{
assert(config);
return fs_mkdir(config, KASP_DIR_INIT_MODE, true);
}
static int kasp_dir_open(void **ctx_ptr, const char *config)
{
assert(ctx_ptr);
assert(config);
kasp_dir_ctx_t *ctx = malloc(sizeof(*ctx));
if (!ctx) {
return DNSSEC_ENOMEM;
}
clear_struct(ctx);
ctx->path = path_normalize(config);
if (!ctx->path) {
free(ctx);
return DNSSEC_NOT_FOUND;
}
*ctx_ptr = ctx;
return DNSSEC_EOK;
}
static void kasp_dir_close(void *_ctx)
{
assert(_ctx);
kasp_dir_ctx_t *ctx = _ctx;
free(ctx->path);
free(ctx);
}
static const char *kasp_dir_base_path(void *_ctx)
{
assert(_ctx);
kasp_dir_ctx_t *ctx = _ctx;
return ctx->path;
}
/* -- entities ------------------------------------------------------------- */
#define ENTITY_ZONE "zone"
static int kasp_dir_zone_remove(void *ctx, const char *name)
{
return entity_remove(ENTITY_ZONE, ctx, name);
}
static int kasp_dir_zone_exists(void *ctx, const char *name)
{
return entity_exists(ENTITY_ZONE, ctx, name);
}
static int kasp_dir_zone_list(void *ctx, dnssec_list_t *names)
{
return entity_list(ENTITY_ZONE, ctx, names);
}
static int kasp_dir_zone_load(void *ctx, dnssec_kasp_zone_t *zone)
{
return entity_io(ENTITY_ZONE, ctx, zone, load_zone_config);
}
static int kasp_dir_zone_save(void *ctx, const dnssec_kasp_zone_t *zone)
{
return entity_io(ENTITY_ZONE, ctx, zone, save_zone_config);
}
#define ENTITY_POLICY "policy"
static int kasp_dir_policy_remove(void *ctx, const char *name)
{
return entity_remove(ENTITY_POLICY, ctx, name);
}
static int kasp_dir_policy_exists(void *ctx, const char *name)
{
return entity_exists(ENTITY_POLICY, ctx, name);
}
static int kasp_dir_policy_list(void *ctx, dnssec_list_t *names)
{
return entity_list(ENTITY_POLICY, ctx, names);
}
static int kasp_dir_policy_load(void *ctx, dnssec_kasp_policy_t *policy)
{
return entity_io(ENTITY_POLICY, ctx, policy, load_policy_config);
}
static int kasp_dir_policy_save(void *ctx, const dnssec_kasp_policy_t *policy)
{
return entity_io(ENTITY_POLICY, ctx, policy, save_policy_config);
}
#define ENTITY_KEYSTORE "keystore"
static int kasp_dir_keystore_remove(void *ctx, const char *name)
{
return entity_remove(ENTITY_KEYSTORE, ctx, name);
}
static int kasp_dir_keystore_exists(void *ctx, const char *name)
{
return entity_exists(ENTITY_KEYSTORE, ctx, name);
}
static int kasp_dir_keystore_list(void *ctx, dnssec_list_t *names)
{
return entity_list(ENTITY_KEYSTORE, ctx, names);
}
static int kasp_dir_keystore_load(void *ctx, dnssec_kasp_keystore_t *keystore)
{
return entity_io(ENTITY_KEYSTORE, ctx, keystore, load_keystore_config);
}
static int kasp_dir_keystore_save(void *ctx, const dnssec_kasp_keystore_t *keystore)
{
return entity_io(ENTITY_KEYSTORE, ctx, keystore, save_keystore_config);
}
#define ENTITY_CALLBACKS(name) \
.name##_load = kasp_dir_##name##_load, \
.name##_save = kasp_dir_##name##_save, \
.name##_remove = kasp_dir_##name##_remove, \
.name##_list = kasp_dir_##name##_list, \
.name##_exists = kasp_dir_##name##_exists
/* -- public API ----------------------------------------------------------- */
_public_
const dnssec_kasp_store_functions_t *dnssec_kasp_dir_api(void)
{
static const dnssec_kasp_store_functions_t api = {
.init = kasp_dir_init,
.open = kasp_dir_open,
.close = kasp_dir_close,
.base_path = kasp_dir_base_path,
ENTITY_CALLBACKS(zone),
ENTITY_CALLBACKS(policy),
ENTITY_CALLBACKS(keystore),
};
return &api;
}
_public_
int dnssec_kasp_init_dir(dnssec_kasp_t **kasp)
{
return dnssec_kasp_create(kasp, dnssec_kasp_dir_api());
}
_public_
int dnssec_kasp_init_custom(dnssec_kasp_t **kasp,
const dnssec_kasp_store_functions_t *implementation)
{
return dnssec_kasp_create(kasp, implementation);
}
/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <assert.h>
#include "error.h"
#include "kasp/dir/json.h"
#include "kasp/dir/keystore.h"
#include "kasp/internal.h"
#include "shared.h"
static const encode_attr_t ATTRIBUTES[] = {
#define off(member) offsetof(dnssec_kasp_keystore_t, member)
{ "backend", off(backend), encode_string, decode_string },
{ "config", off(config), encode_string, decode_string },
{ NULL }
};
static bool keystore_valid(const dnssec_kasp_keystore_t *keystore)
{
assert(keystore);
return keystore->backend && keystore->config;
}
static int import_keystore(dnssec_kasp_keystore_t *keystore, const json_t *json)
{
dnssec_kasp_keystore_t result = { 0 };
int r = decode_object(ATTRIBUTES, json, &result);
if (r != DNSSEC_EOK) {
return r;
}
if (!keystore_valid(&result)) {
kasp_keystore_cleanup(&result);
return DNSSEC_CONFIG_MALFORMED;
}
result.name = keystore->name;
*keystore = result;
return DNSSEC_EOK;
}
static int export_keystore(const dnssec_kasp_keystore_t *keystore, json_t **json)
{
assert(keystore);
assert(json);
if (!keystore_valid(keystore)) {
return DNSSEC_EINVAL;
}
return encode_object(ATTRIBUTES, keystore, json);
}
/* -- internal API --------------------------------------------------------- */
int load_keystore_config(dnssec_kasp_keystore_t *keystore, const char *filename)