OpenDNSSEC-enforcer 2.1.13
policy_key_ext.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2014 Jerry Lundström <lundstrom.jerry@gmail.com>
3 * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
4 * Copyright (c) 2014 OpenDNSSEC AB (svb)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 *
28 */
29
30#include "policy_key.h"
31
32#include "db_error.h"
33#include "duration.h"
34#include "log.h"
35
36#include <string.h>
37
39 xmlNodePtr node;
40 xmlChar* xml_text = NULL;
41 duration_type* duration = NULL;
42 int algorithm_length = 0;
43 int standby = 0;
44 int manual_rollover = 0;
45 int rfc5011 = 0;
46 int rolltype = 0;
47
48 if (!policy_key) {
49 return DB_ERROR_UNKNOWN;
50 }
51 if (!key_node) {
52 return DB_ERROR_UNKNOWN;
53 }
54
55 if (!strcmp((char*)key_node->name, "KSK")) {
56 ods_log_deeebug("[policy_key_*_from_xml] KSK");
58 }
59 else if (!strcmp((char*)key_node->name, "ZSK")) {
60 ods_log_deeebug("[policy_key_*_from_xml] ZSK");
62 }
63 else if (!strcmp((char*)key_node->name, "CSK")) {
64 ods_log_deeebug("[policy_key_*_from_xml] CSK");
66 }
67 else {
68 return DB_ERROR_UNKNOWN;
69 }
70
71 for (node = key_node->children; node; node = node->next) {
72 if (node->type != XML_ELEMENT_NODE) {
73 continue;
74 }
75
76 if (!strcmp((char*)node->name, "Algorithm")) {
77 if ((xml_text = xmlGetProp(node, (xmlChar*)"length"))) {
78 algorithm_length = 1;
79 ods_log_deeebug("[policy_key_*_from_xml] algorithm length %s", (char*)xml_text);
80 if (policy_key_set_bits(policy_key, (unsigned int)atoi((char*)xml_text))) {
81 if (xml_text) {
82 xmlFree(xml_text);
83 }
84 return DB_ERROR_UNKNOWN;
85 }
86 if (xml_text) {
87 xmlFree(xml_text);
88 xml_text = NULL;
89 }
90 }
91 if (!(xml_text = xmlNodeGetContent(node))) {
92 return DB_ERROR_UNKNOWN;
93 }
94 ods_log_deeebug("[policy_key_*_from_xml] algorithm %s", (char*)xml_text);
95 if (policy_key_set_algorithm(policy_key, (unsigned int)atoi((char*)xml_text))) {
96 if (xml_text) {
97 xmlFree(xml_text);
98 }
99 return DB_ERROR_UNKNOWN;
100 }
101 if (xml_text) {
102 xmlFree(xml_text);
103 xml_text = NULL;
104 }
105 }
106 else if (!strcmp((char*)node->name, "Lifetime")) {
107 if (!(xml_text = xmlNodeGetContent(node))) {
108 return DB_ERROR_UNKNOWN;
109 }
110 ods_log_deeebug("[policy_key_*_from_xml] lifetime %s", (char*)xml_text);
111 if (!(duration = duration_create_from_string((char*)xml_text))) {
112 if (xml_text) {
113 xmlFree(xml_text);
114 }
115 return DB_ERROR_UNKNOWN;
116 }
117 if (xml_text) {
118 xmlFree(xml_text);
119 xml_text = NULL;
120 }
121 if (policy_key_set_lifetime(policy_key, duration2time(duration))) {
122 duration_cleanup(duration);
123 return DB_ERROR_UNKNOWN;
124 }
125 duration_cleanup(duration);
126 duration = NULL;
127 }
128 else if (!strcmp((char*)node->name, "Repository")) {
129 if (!(xml_text = xmlNodeGetContent(node))) {
130 return DB_ERROR_UNKNOWN;
131 }
132 ods_log_deeebug("[policy_key_*_from_xml] repository %s", (char*)xml_text);
133 if (policy_key_set_repository(policy_key, (char*)xml_text)) {
134 if (xml_text) {
135 xmlFree(xml_text);
136 }
137 return DB_ERROR_UNKNOWN;
138 }
139 if (xml_text) {
140 xmlFree(xml_text);
141 xml_text = NULL;
142 }
143 }
144 else if (!strcmp((char*)node->name, "Standby")) {
145 standby = 1;
146 if (!(xml_text = xmlNodeGetContent(node))) {
147 return DB_ERROR_UNKNOWN;
148 }
149 ods_log_deeebug("[policy_key_*_from_xml] standby %s", (char*)xml_text);
150 if (policy_key_set_standby(policy_key, (unsigned int)atoi((char*)xml_text))) {
151 if (xml_text) {
152 xmlFree(xml_text);
153 }
154 return DB_ERROR_UNKNOWN;
155 }
156 if (xml_text) {
157 xmlFree(xml_text);
158 xml_text = NULL;
159 }
160 }
161 else if (!strcmp((char*)node->name, "ManualRollover")) {
162 manual_rollover = 1;
163 ods_log_deeebug("[policy_key_*_from_xml] manual rollover");
165 return DB_ERROR_UNKNOWN;
166 }
167 }
169 && !strcmp((char*)node->name, "KskRollType"))
170 {
171 rolltype = 1;
172 if (!(xml_text = xmlNodeGetContent(node))) {
173 return DB_ERROR_UNKNOWN;
174 }
175 ods_log_deeebug("[policy_key_*_from_xml] KSK rolltype %s", (char*)xml_text);
176 if (!strcmp((char*)xml_text, "KskDoubleRRset")) {
177 if (xml_text) {
178 xmlFree(xml_text);
179 xml_text = NULL;
180 }
182 return DB_ERROR_UNKNOWN;
183 }
184 }
185 else if (!strcmp((char*)xml_text, "KskDoubleDS")) {
186 if (xml_text) {
187 xmlFree(xml_text);
188 xml_text = NULL;
189 }
191 return DB_ERROR_UNKNOWN;
192 }
193 }
194 else if (!strcmp((char*)xml_text, "KskDoubleSignature")) {
195 if (xml_text) {
196 xmlFree(xml_text);
197 xml_text = NULL;
198 }
200 return DB_ERROR_UNKNOWN;
201 }
202 }
203 else {
204 if (xml_text) {
205 xmlFree(xml_text);
206 }
207 return DB_ERROR_UNKNOWN;
208 }
209 }
211 && !strcmp((char*)node->name, "ZskRollType"))
212 {
213 rolltype = 1;
214 if (!(xml_text = xmlNodeGetContent(node))) {
215 return DB_ERROR_UNKNOWN;
216 }
217 ods_log_deeebug("[policy_key_*_from_xml] ZSK rolltype %s", (char*)xml_text);
218 if (!strcmp((char*)xml_text, "ZskDoubleSignature")) {
219 if (xml_text) {
220 xmlFree(xml_text);
221 xml_text = NULL;
222 }
224 return DB_ERROR_UNKNOWN;
225 }
226 }
227 else if (!strcmp((char*)xml_text, "ZskPrePublication")) {
228 if (xml_text) {
229 xmlFree(xml_text);
230 xml_text = NULL;
231 }
233 return DB_ERROR_UNKNOWN;
234 }
235 }
236 else if (!strcmp((char*)xml_text, "ZskDoubleRRsig")) {
237 if (xml_text) {
238 xmlFree(xml_text);
239 xml_text = NULL;
240 }
242 return DB_ERROR_UNKNOWN;
243 }
244 }
245 else {
246 if (xml_text) {
247 xmlFree(xml_text);
248 }
249 return DB_ERROR_UNKNOWN;
250 }
251 }
253 && !strcmp((char*)node->name, "CskRollType"))
254 {
255 rolltype = 1;
256 if (!(xml_text = xmlNodeGetContent(node))) {
257 return DB_ERROR_UNKNOWN;
258 }
259 ods_log_deeebug("[policy_key_*_from_xml] CSK rolltype %s", (char*)xml_text);
260 if (!strcmp((char*)xml_text, "CskDoubleRRset")) {
261 if (xml_text) {
262 xmlFree(xml_text);
263 xml_text = NULL;
264 }
266 return DB_ERROR_UNKNOWN;
267 }
268 }
269 else if (!strcmp((char*)xml_text, "CskSingleSignature")) {
270 if (xml_text) {
271 xmlFree(xml_text);
272 xml_text = NULL;
273 }
275 return DB_ERROR_UNKNOWN;
276 }
277 }
278 else if (!strcmp((char*)xml_text, "CskDoubleDS")) {
279 if (xml_text) {
280 xmlFree(xml_text);
281 xml_text = NULL;
282 }
284 return DB_ERROR_UNKNOWN;
285 }
286 }
287 else if (!strcmp((char*)xml_text, "CskDoubleSignature")) {
288 if (xml_text) {
289 xmlFree(xml_text);
290 xml_text = NULL;
291 }
293 return DB_ERROR_UNKNOWN;
294 }
295 }
296 else if (!strcmp((char*)xml_text, "CskPrePublication")) {
297 if (xml_text) {
298 xmlFree(xml_text);
299 xml_text = NULL;
300 }
302 return DB_ERROR_UNKNOWN;
303 }
304 }
305 else {
306 if (xml_text) {
307 xmlFree(xml_text);
308 }
309 return DB_ERROR_UNKNOWN;
310 }
311 }
314 && !strcmp((char*)node->name, "RFC5011"))
315 {
316 rfc5011 = 1;
317 ods_log_deeebug("[policy_key_*_from_xml] rfc5011");
319 return DB_ERROR_UNKNOWN;
320 }
321 }
322 else {
323 return DB_ERROR_UNKNOWN;
324 }
325 }
326
327 if (xml_text) {
328 xmlFree(xml_text);
329 xml_text = NULL;
330 }
331 duration_cleanup(duration);
332 duration = NULL;
333
334 /*
335 * If we did not find these XML elements we need to disable them
336 */
337 if (!algorithm_length) {
338 ods_log_deeebug("[policy_key_*_from_xml] - algorithm length");
340 return DB_ERROR_UNKNOWN;
341 }
342 }
343 if (!standby) {
344 ods_log_deeebug("[policy_key_*_from_xml] - standby");
346 return DB_ERROR_UNKNOWN;
347 }
348 }
349 if (!manual_rollover) {
350 ods_log_deeebug("[policy_key_*_from_xml] - manual rollover");
352 return DB_ERROR_UNKNOWN;
353 }
354 }
355 if (!rolltype) {
357 ods_log_deeebug("[policy_key_*_from_xml] - minimize default KskDoubleSignature");
359 return DB_ERROR_UNKNOWN;
360 }
361 }
363 ods_log_deeebug("[policy_key_*_from_xml] - minimize default ZskPrePublication");
365 return DB_ERROR_UNKNOWN;
366 }
367 }
369 ods_log_deeebug("[policy_key_*_from_xml] - minimize default CskPrePublication");
371 return DB_ERROR_UNKNOWN;
372 }
373 }
374 else {
375 return DB_ERROR_UNKNOWN;
376 }
377 }
380 && !rfc5011)
381 {
382 ods_log_deeebug("[policy_key_*_from_xml] - rfc5011");
384 return DB_ERROR_UNKNOWN;
385 }
386 }
387
388 return DB_OK;
389}
#define DB_ERROR_UNKNOWN
Definition db_error.h:40
#define DB_OK
Definition db_error.h:36
int policy_key_set_minimize(policy_key_t *policy_key, unsigned int minimize)
Definition policy_key.c:692
int policy_key_set_role(policy_key_t *policy_key, policy_key_role_t role)
Definition policy_key.c:593
int policy_key_set_standby(policy_key_t *policy_key, unsigned int standby)
Definition policy_key.c:662
int policy_key_set_bits(policy_key_t *policy_key, unsigned int bits)
Definition policy_key.c:620
int policy_key_set_manual_rollover(policy_key_t *policy_key, unsigned int manual_rollover)
Definition policy_key.c:672
int policy_key_set_rfc5011(policy_key_t *policy_key, unsigned int rfc5011)
Definition policy_key.c:682
int policy_key_set_algorithm(policy_key_t *policy_key, unsigned int algorithm)
Definition policy_key.c:606
int policy_key_set_lifetime(policy_key_t *policy_key, unsigned int lifetime)
Definition policy_key.c:630
int policy_key_set_repository(policy_key_t *policy_key, const char *repository_text)
Definition policy_key.c:640
policy_key_role
Definition policy_key.h:40
@ POLICY_KEY_ROLE_KSK
Definition policy_key.h:42
@ POLICY_KEY_ROLE_CSK
Definition policy_key.h:44
@ POLICY_KEY_ROLE_ZSK
Definition policy_key.h:43
int policy_key_create_from_xml(policy_key_t *policy_key, xmlNodePtr key_node)
#define POLICY_KEY_MINIMIZE_DS
#define POLICY_KEY_MINIMIZE_NONE
#define POLICY_KEY_MINIMIZE_DNSKEY
#define POLICY_KEY_MINIMIZE_DS_AND_RRSIG
#define POLICY_KEY_MINIMIZE_RRSIG