]> granicus.if.org Git - pdns/commitdiff
Make sure they key isn't being reused
authorAki Tuomi <cmouse@cmouse.fi>
Sun, 29 Mar 2015 18:04:45 +0000 (21:04 +0300)
committerAki Tuomi <cmouse@desteem.org>
Mon, 30 Mar 2015 07:30:26 +0000 (10:30 +0300)
pdns/pdnssec.cc

index 8c0e85cdfbc2edd828296a8562bba58ec206fdaf..2a30210cec82b9b9310e40fe800dfd8fb2cece74 100644 (file)
@@ -2076,6 +2076,7 @@ try
     if (cmds[1] == "assign") {
       DNSCryptoKeyEngine::storvector_t storvect;
       DomainInfo di;
+      std::vector<DNSBackend::KeyData> keys;
 
       if (cmds.size() < 9) {
         std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module slot pin label" << std::endl;
@@ -2111,6 +2112,23 @@ try
      dpk.d_flags = (keyOrZone ? 257 : 256);
      dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
  
+     // make sure this key isn't being reused.
+     B.getDomainKeys(zone, 0, keys);
+     id = -1;
+
+     BOOST_FOREACH(DNSBackend::KeyData& kd, keys) {
+       if (kd.content == iscString.str()) {
+         // it's this one, I guess...
+         id = kd.id;
+         break;
+       }
+     }
+
+     if (id > -1) {
+       cerr << "You have already assigned this key with ID=" << id << std::endl;
+       return 1;
+     }
+
      if (!(id = dk.addKey(zone, dpk))) {
        cerr << "Unable to assign module slot to zone" << std::endl;
        return 1;
@@ -2118,8 +2136,6 @@ try
 
      // figure out key id.
 
-     std::vector<DNSBackend::KeyData> keys;
-
      B.getDomainKeys(zone, 0, keys);
 
      // validate which one got the key...