Commit 0ca663dc authored by Petr Špaček's avatar Petr Špaček

trust_anchors: add distrust function to remove TA

parent f57cf735
......@@ -370,6 +370,20 @@ local function add_file(path, unmanaged)
if managed then refresh_plan(keyset, 0 * sec, false) end
end
local function distrust(owner)
if not trust_anchors.keysets[owner] then
return false
end
if ta_update then
ta_update.stop(owner)
end
trust_anchors.keysets[owner] = nil
local store = kres.context().trust_anchors
C.kr_ta_del(store, owner)
return true
end
local function ta_str(owner)
local owner_str = kres.dname2str(owner) .. ' '
local msg = ''
......@@ -415,6 +429,7 @@ trust_anchors = {
-- If managed and the file doesn't exist, try bootstrapping the root into it.
add_file = add_file,
config = add_file,
distrust = distrust,
keyset_write = keyset_write,
keyset_publish = keyset_publish,
......
trust_anchors.keyfile_default = nil
local ffi = require('ffi')
......@@ -21,8 +22,23 @@ local function test_revoked_key()
same(root_ta.rrs.count, 1, 'the root TA set contains one RR')
end
local function test_distrust()
-- uses root key from the previous test
assert(trust_anchors.keysets['\0'], 'root key must be there from previous test')
local ta_c = kres.context().trust_anchors
local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
assert(root_ta ~= nil, 'we got non-NULL TA RRset')
assert(root_ta.rrs.count, 1, 'we have a root TA set to be deleted')
trust_anchors.distrust('\0')
same(trust_anchors.keysets['\0'], nil, 'Lua interface does not have the removed key')
local root_ta = ffi.C.kr_ta_get(ta_c, '\0')
same(root_ta == nil, true, 'C interface does not have the removed key')
end
return {
test_revoked_key()
test_revoked_key,
test_distrust
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment