Make sure they key isn't being reused

author Aki Tuomi <cmouse@cmouse.fi>

Sun, 29 Mar 2015 18:04:45 +0000 (21:04 +0300)

committer Aki Tuomi <cmouse@desteem.org>

Mon, 30 Mar 2015 07:30:26 +0000 (10:30 +0300)
author Aki Tuomi <cmouse@cmouse.fi>
Sun, 29 Mar 2015 18:04:45 +0000 (21:04 +0300)
committer Aki Tuomi <cmouse@desteem.org>
Mon, 30 Mar 2015 07:30:26 +0000 (10:30 +0300)
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc

index 8c0e85cdfbc2edd828296a8562bba58ec206fdaf..2a30210cec82b9b9310e40fe800dfd8fb2cece74 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -2076,6 +2076,7 @@ try
      if (cmds[1] == "assign") {
        DNSCryptoKeyEngine::storvector_t storvect;
        DomainInfo di;
+      std::vector<DNSBackend::KeyData> keys;
  
        if (cmds.size() < 9) {
          std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module slot pin label" << std::endl;
@@ -2111,6 +2112,23 @@ try
       dpk.d_flags = (keyOrZone ? 257 : 256);
       dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
   
+     // make sure this key isn't being reused.
+     B.getDomainKeys(zone, 0, keys);
+     id = -1;
+
+     BOOST_FOREACH(DNSBackend::KeyData& kd, keys) {
+       if (kd.content == iscString.str()) {
+         // it's this one, I guess...
+         id = kd.id;
+         break;
+       }
+     }
+
+     if (id > -1) {
+       cerr << "You have already assigned this key with ID=" << id << std::endl;
+       return 1;
+     }
+
       if (!(id = dk.addKey(zone, dpk))) {
         cerr << "Unable to assign module slot to zone" << std::endl;
         return 1;
@@ -2118,8 +2136,6 @@ try
  
       // figure out key id.
  
-     std::vector<DNSBackend::KeyData> keys;
-
       B.getDomainKeys(zone, 0, keys);
  
       // validate which one got the key...
author	Aki Tuomi <cmouse@cmouse.fi>
	Sun, 29 Mar 2015 18:04:45 +0000 (21:04 +0300)
committer	Aki Tuomi <cmouse@desteem.org>
	Mon, 30 Mar 2015 07:30:26 +0000 (10:30 +0300)