// cerr<<"Hit!"<<endl;
if(dpk) {
- getRSAKeyFromISC(&dpk->d_key.getContext(), dir_itr->path().file_string().c_str());
+ getRSAKeyFromISC(&dpk->d_key.getContext(), dir_itr->path().file_string().c_str());
- if(getNSEC3PARAM(zone)) {
- dpk->d_algorithm = 7;
- }
- else {
- dpk->d_algorithm = 5;
- }
-
+ if(getNSEC3PARAM(zone)) {
+ dpk->d_algorithm = 7;
+ }
+ else {
+ dpk->d_algorithm = 5;
+ }
+
}
return true;
}
}
+/*
bool zskSortByDates(const DNSSECKeeper::zskset_t::value_type& a, const DNSSECKeeper::zskset_t::value_type& b)
{
return
tie(a.second.beginValidity, a.second.endValidity) <
tie(b.second.beginValidity, b.second.endValidity);
}
+* */
void DNSSECKeeper::deleteZSKFor(const std::string& zname, const std::string& fname)
{
unlink((d_dirname +"/"+ zname +"/zsks/"+fname).c_str());
ts2.tm_mon--;
KeyMetaData kmd;
+ /*
kmd.beginValidity=timegm(&ts1);
kmd.endValidity=timegm(&ts2);
time_t now=time(0);
- kmd.active = now > kmd.beginValidity && now < kmd.endValidity;
+ */
+ kmd.active = 1; // XXX FIXME GOOD ONE! // now > kmd.beginValidity && now < kmd.endValidity;
kmd.fname = dir_itr->leaf();
zskset.push_back(make_pair(dpk, kmd));
}
- sort(zskset.begin(), zskset.end(), zskSortByDates);
+ // sort(zskset.begin(), zskset.end(), zskSortByDates);
}
return zskset;
public:
struct KeyMetaData
{
- time_t beginValidity, endValidity; // wart
bool active;
string fname;
- };
+ };
+ typedef std::vector<std::pair<DNSSECPrivateKey, KeyMetaData> > zskset_t;
+
public:
explicit DNSSECKeeper(const std::string& dirname) : d_dirname(dirname){}
+
bool haveKSKFor(const std::string& zone, DNSSECPrivateKey* ksk=0);
- typedef std::vector<std::pair<DNSSECPrivateKey, KeyMetaData> > zskset_t;
zskset_t getZSKsFor(const std::string& zone, bool all=false);
void addZSKFor(const std::string& zname, int algorithm, bool next=false);
+
void deleteZSKFor(const std::string& zname, const std::string& fname);
void secureZone(const std::string& fname, int algorithm);
+
bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0);
void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent* n3p);
cout<<"There were ZSKs already for zone '"<<zone<<"': "<<endl;
BOOST_FOREACH(DNSSECKeeper::zskset_t::value_type value, zskset) {
- cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<", "<<humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;
+ cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<endl; // ", "<<humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;
if(value.second.active)
inforce++;
- if(value.second.endValidity < now - 2*86400) { // 'expired more than two days ago'
+ if(!value.second.active) { // was: 'expired more than two days ago'
cout<<"\tThis key is no longer used and too old to keep around, deleting!\n";
dk.deleteZSKFor(zone, value.second.fname);
- } else if(value.second.endValidity < now) { // 'expired more than two days ago'
+ } else /* if( value.second.endValidity < now ) */{ // 'expired more than two days ago'
cout<<"\tThis key is no longer in active use, but needs to linger\n";
}
}
else {
cout << "ZSKs for zone '"<<zone<<"':"<<endl;
BOOST_FOREACH(DNSSECKeeper::zskset_t::value_type value, zskset) {
- cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<", "<< humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;
+ cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<", "<< endl; // humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;
}
}
}
projects / pdns / commitdiff