Commit 99168b7a authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

offline_ksk: show-offline command can be used intervally

parent cc7c66c8
......@@ -130,8 +130,9 @@ owned by both zones equally.
\fBpregenerate\fP \fItimestamp\fP
Pre\-generate ZSKs for use with offline KSK, for the specified period starting from now.
.TP
\fBshow\-offline\fP \fItimestamp\fP
Print pre\-generated offline key\-related records for specified timestamp.
\fBshow\-offline\fP \fItimestamp\-from\fP [\fItimestamp\-to\fP]
Print pre\-generated offline key\-related records for specified time interval. If \fItimestamp_to\fP
is omitted, it will be to infinity.
.TP
\fBdel\-offline\fP \fItimestamp\-from\fP \fItimestamp\-to\fP
Delete pre\-generated offline key\-related records in specified time interval.
......
......@@ -107,8 +107,9 @@ Commands related to Offline KSK feature
**pregenerate** *timestamp*
Pre-generate ZSKs for use with offline KSK, for the specified period starting from now.
**show-offline** *timestamp*
Print pre-generated offline key-related records for specified timestamp.
**show-offline** *timestamp-from* [*timestamp-to*]
Print pre-generated offline key-related records for specified time interval. If *timestamp_to*
is omitted, it will be to infinity.
**del-offline** *timestamp-from* *timestamp-to*
Delete pre-generated offline key-related records in specified time interval.
......
......@@ -79,8 +79,8 @@ static void print_help(void)
" (syntax: pregenerate <timestamp>)\n"
" presign Pre-generate RRSIG signatures for pregenerated ZSKs.\n"
" (syntax: presign <timestamp>)\n"
" show-offline Print pre-generated offline key-related records for specified timestamp.\n"
" (syntax: show-offline <timestamp>)\n"
" show-offline Print pre-generated offline key-related records for specified time interval (possibly to infinity).\n"
" (syntax: show-offline <from> [<to>])\n"
" del-offline Delete pre-generated offline key-related records in specified time interval.\n"
" (syntax: del-offline <from> <to>)\n"
" del-all-old Delete old keys that are in state 'removed'.\n"
......@@ -227,7 +227,7 @@ static int key_command(int argc, char *argv[], int opt_ind)
ret = keymgr_pregenerate_zsks(&kctx, argv[2]);
} else if (strcmp(argv[1], "show-offline") == 0) {
CHECK_MISSING_ARG("Timestamp not specified");
ret = keymgr_print_offline_records(&kctx, argv[2]);
ret = keymgr_print_offline_records(&kctx, argv[2], argc > 3 ? argv[3] : NULL);
} else if (strcmp(argv[1], "del-offline") == 0) {
if (argc < 4) {
printf("Timestamps from-to not specified\n");
......
......@@ -126,30 +126,42 @@ static int dump_rrset_to_buf(const knot_rrset_t *rrset, char **buf, size_t *buf_
return knot_rrset_txt_dump(rrset, buf, buf_size, &style);
}
int keymgr_print_offline_records(kdnssec_ctx_t *ctx, char *arg)
static void print_header(const char *of_what, knot_time_t timestamp, const char *contents)
{
char date[64] = { 0 };
(void)knot_time_print(TIME_PRINT_ISO8601, timestamp, date, sizeof(date));
printf(";; %s %"PRIu64" (%s) =========\n%s", of_what,
timestamp, date, contents);
}
int keymgr_print_offline_records(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to)
{
knot_time_t when;
int ret = parse_timestamp(arg, &when);
knot_time_t from = 0, to = 0, next = 0;
int ret = parse_timestamp(arg_from, &from);
if (ret != KNOT_EOK) {
return ret;
}
knot_time_t next = 0;
key_records_t r;
memset(&r, 0, sizeof(r));
ret = kasp_db_load_offline_records(*ctx->kasp_db, ctx->zone->dname, when, &next, &r);
if (ret == KNOT_EOK) {
char *buf = NULL;
size_t buf_size = 512;
ret = key_records_dump(&buf, &buf_size, &r, true);
if (arg_to != NULL) {
ret = parse_timestamp(arg_to, &to);
if (ret != KNOT_EOK) {
return ret;
}
}
char *buf = NULL;
size_t buf_size = 512;
for (knot_time_t i = from; ret == KNOT_EOK && i != 0 && (arg_to == NULL || knot_time_cmp(i, to) < 0); i = next) {
key_records_t r = { { 0 } };
ret = kasp_db_load_offline_records(*ctx->kasp_db, ctx->zone->dname, i, &next, &r);
if (ret == KNOT_EOK) {
printf("%s", buf);
ret = KNOT_EOK;
ret = key_records_dump(&buf, &buf_size, &r, true);
}
free(buf);
printf("; next %"PRIu64"\n", next);
if (ret == KNOT_EOK) {
print_header("Offline records for", i, buf);
}
key_records_clear(&r);
}
key_records_clear(&r);
free(buf);
return ret;
}
......@@ -186,14 +198,6 @@ static void print_generated_message(void)
printf("generated at %s by Knot DNS %s\n", buf, VERSION);
}
static void print_header(const char *of_what, knot_time_t timestamp, const char *contents)
{
char date[64] = { 0 };
(void)knot_time_print(TIME_PRINT_ISO8601, timestamp, date, sizeof(date));
printf(";; %s %s %"PRIu64" (%s) =========\n%s", of_what, KSR_SKR_VER,
timestamp, date, contents);
}
static int ksr_once(kdnssec_ctx_t *ctx, char **buf, size_t *buf_size, knot_time_t *next_ksr)
{
knot_rrset_t *dnskey = NULL;
......@@ -204,7 +208,7 @@ static int ksr_once(kdnssec_ctx_t *ctx, char **buf, size_t *buf_size, knot_time_
}
ret = dump_rrset_to_buf(dnskey, buf, buf_size);
if (ret >= 0) {
print_header("KeySigningRequest", ctx->now, *buf);
print_header("KeySigningRequest "KSR_SKR_VER, ctx->now, *buf);
ret = KNOT_EOK;
}
......@@ -291,7 +295,7 @@ static int ksr_sign_dnskey(kdnssec_ctx_t *ctx, knot_rrset_t *zsk, knot_time_t no
}
ret = key_records_dump(&buf, &buf_size, &r, true);
if (ret == KNOT_EOK) {
print_header("SignedKeyResponse", ctx->now, buf);
print_header("SignedKeyResponse "KSR_SKR_VER, ctx->now, buf);
*next_sign = knot_get_next_zone_key_event(&keyset);
}
......
......@@ -20,7 +20,7 @@
int keymgr_pregenerate_zsks(kdnssec_ctx_t *ctx, char *arg);
int keymgr_print_offline_records(kdnssec_ctx_t *ctx, char *arg);
int keymgr_print_offline_records(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to);
int keymgr_delete_offline_records(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment