OpenDNSSEC-signer  1.3.15
signconfparser.c
Go to the documentation of this file.
1 /*
2  * $Id: signconfparser.c 5809 2011-10-25 11:12:50Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "parser/confparser.h"
35 #include "parser/signconfparser.h"
36 #include "shared/allocator.h"
37 #include "shared/duration.h"
38 #include "shared/log.h"
39 #include "signer/keys.h"
40 
41 #include <libxml/parser.h>
42 #include <libxml/xpath.h>
43 #include <libxml/xpathInternals.h>
44 #include <libxml/xmlreader.h>
45 #include <stdlib.h>
46 
47 static const char* parser_str = "parser";
48 
49 
55 parse_sc_keys(allocator_type* allocator, const char* cfgfile)
56 {
57  xmlDocPtr doc = NULL;
58  xmlXPathContextPtr xpathCtx = NULL;
59  xmlXPathObjectPtr xpathObj = NULL;
60  xmlNode* curNode = NULL;
61  xmlChar* xexpr = NULL;
62  key_type* new_key = NULL;
63  keylist_type* kl = NULL;
64  char* locator = NULL;
65  char* flags = NULL;
66  char* algorithm = NULL;
67  int ksk, zsk, publish, i;
68 
69  if (!cfgfile) {
70  ods_log_error("[%s] could not parse <Keys>, no cfgfile given",
71  parser_str);
72  return NULL;
73  }
74  ods_log_assert(cfgfile);
75 
76  /* Load XML document */
77  doc = xmlParseFile(cfgfile);
78  if (doc == NULL) {
79  ods_log_error("[%s] could not parse <Keys>, xmlParseFile failed",
80  parser_str);
81  return NULL;
82  }
83  /* Create xpath evaluation context */
84  xpathCtx = xmlXPathNewContext(doc);
85  if(xpathCtx == NULL) {
86  xmlFreeDoc(doc);
87  ods_log_error("[%s] could not parse <Keys>, xmlXPathNewContext failed",
88  parser_str);
89  return NULL;
90  }
91  /* Evaluate xpath expression */
92  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
93  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
94  if(xpathObj == NULL) {
95  xmlXPathFreeContext(xpathCtx);
96  xmlFreeDoc(doc);
97  ods_log_error("[%s] could not parse <Keys>, xmlXPathEvalExpression "
98  "failed", parser_str);
99  return NULL;
100  }
101 
102  kl = keylist_create(allocator);
103  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
104  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
105  locator = NULL;
106  flags = NULL;
107  algorithm = NULL;
108  ksk = 0;
109  zsk = 0;
110  publish = 0;
111 
112  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
113  while (curNode) {
114  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
115  locator = (char *) xmlNodeGetContent(curNode);
116  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
117  algorithm = (char *) xmlNodeGetContent(curNode);
118  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
119  flags = (char *) xmlNodeGetContent(curNode);
120  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
121  ksk = 1;
122  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
123  zsk = 1;
124  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
125  publish = 1;
126  }
127  curNode = curNode->next;
128  }
129  if (locator && algorithm && flags) {
130  /* search for duplicates */
131  new_key = keylist_lookup(kl, locator);
132  if (new_key &&
133  new_key->algorithm == (uint8_t) atoi(algorithm) &&
134  new_key->flags == (uint32_t) atoi(flags) &&
135  new_key->publish == publish &&
136  new_key->ksk == ksk &&
137  new_key->zsk == zsk) {
138  /* duplicate */
139  ods_log_warning("[%s] found duplicate key %s, skipping",
140  parser_str, locator);
141  } else {
142  new_key = key_create(allocator, locator,
143  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
144  publish, ksk, zsk);
145  if (keylist_push(kl, new_key) != ODS_STATUS_OK) {
146  ods_log_error("[%s] failed to push key %s to keylist",
147  parser_str, locator);
148  }
149  }
150  } else {
151  ods_log_error("[%s] Key missing required elements, skipping",
152  parser_str);
153  }
154  free((void*)locator);
155  free((void*)algorithm);
156  free((void*)flags);
157  }
158  }
159 
160  xmlXPathFreeObject(xpathObj);
161  xmlXPathFreeContext(xpathCtx);
162  if (doc) {
163  xmlFreeDoc(doc);
164  }
165  return kl;
166 }
167 
168 
174 parse_sc_sig_resign_interval(const char* cfgfile)
175 {
176  duration_type* duration = NULL;
177  const char* str = parse_conf_string(cfgfile,
178  "//SignerConfiguration/Zone/Signatures/Resign",
179  1);
180  if (!str) {
181  return NULL;
182  }
183  duration = duration_create_from_string(str);
184  free((void*)str);
185  return duration;
186 }
187 
188 
190 parse_sc_sig_refresh_interval(const char* cfgfile)
191 {
192  duration_type* duration = NULL;
193  const char* str = parse_conf_string(cfgfile,
194  "//SignerConfiguration/Zone/Signatures/Refresh",
195  1);
196  if (!str) {
197  return NULL;
198  }
199  duration = duration_create_from_string(str);
200  free((void*)str);
201  return duration;
202 }
203 
204 
206 parse_sc_sig_validity_default(const char* cfgfile)
207 {
208  duration_type* duration = NULL;
209  const char* str = parse_conf_string(cfgfile,
210  "//SignerConfiguration/Zone/Signatures/Validity/Default",
211  1);
212  if (!str) {
213  return NULL;
214  }
215  duration = duration_create_from_string(str);
216  free((void*)str);
217  return duration;
218 }
219 
220 
222 parse_sc_sig_validity_denial(const char* cfgfile)
223 {
224  duration_type* duration = NULL;
225  const char* str = parse_conf_string(cfgfile,
226  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
227  1);
228  if (!str) {
229  return NULL;
230  }
231  duration = duration_create_from_string(str);
232  free((void*)str);
233  return duration;
234 }
235 
236 
238 parse_sc_sig_jitter(const char* cfgfile)
239 {
240  duration_type* duration = NULL;
241  const char* str = parse_conf_string(cfgfile,
242  "//SignerConfiguration/Zone/Signatures/Jitter",
243  1);
244  if (!str) {
245  return NULL;
246  }
247  duration = duration_create_from_string(str);
248  free((void*)str);
249  return duration;
250 }
251 
252 
254 parse_sc_sig_inception_offset(const char* cfgfile)
255 {
256  duration_type* duration = NULL;
257  const char* str = parse_conf_string(cfgfile,
258  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
259  1);
260  if (!str) {
261  return NULL;
262  }
263  duration = duration_create_from_string(str);
264  free((void*)str);
265  return duration;
266 }
267 
268 
270 parse_sc_dnskey_ttl(const char* cfgfile)
271 {
272  duration_type* duration = NULL;
273  const char* str = parse_conf_string(cfgfile,
274  "//SignerConfiguration/Zone/Keys/TTL",
275  1);
276  if (!str) {
277  return NULL;
278  }
279  duration = duration_create_from_string(str);
280  free((void*)str);
281  return duration;
282 }
283 
284 
286 parse_sc_soa_ttl(const char* cfgfile)
287 {
288  duration_type* duration = NULL;
289  const char* str = parse_conf_string(cfgfile,
290  "//SignerConfiguration/Zone/SOA/TTL",
291  1);
292  if (!str) {
293  return NULL;
294  }
295  duration = duration_create_from_string(str);
296  free((void*)str);
297  return duration;
298 }
299 
300 
302 parse_sc_soa_min(const char* cfgfile)
303 {
304  duration_type* duration = NULL;
305  const char* str = parse_conf_string(cfgfile,
306  "//SignerConfiguration/Zone/SOA/Minimum",
307  1);
308  if (!str) {
309  return NULL;
310  }
311  duration = duration_create_from_string(str);
312  free((void*)str);
313  return duration;
314 }
315 
316 
321 ldns_rr_type
322 parse_sc_nsec_type(const char* cfgfile)
323 {
324  const char* str = parse_conf_string(cfgfile,
325  "//SignerConfiguration/Zone/Denial/NSEC3",
326  0);
327  if (str) {
328  free((void*)str);
329  return LDNS_RR_TYPE_NSEC3;
330  }
331 
332  str = parse_conf_string(cfgfile,
333  "//SignerConfiguration/Zone/Denial/NSEC",
334  0);
335  if (str) {
336  free((void*)str);
337  return LDNS_RR_TYPE_NSEC;
338  }
339 
340  return LDNS_RR_TYPE_FIRST;
341 }
342 
343 
348 uint32_t
349 parse_sc_nsec3_algorithm(const char* cfgfile)
350 {
351  int ret = 0;
352  const char* str = parse_conf_string(cfgfile,
353  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
354  1);
355  if (str) {
356  if (strlen(str) > 0) {
357  ret = atoi(str);
358  }
359  free((void*)str);
360  }
361  return ret;
362 }
363 
364 
365 uint32_t
366 parse_sc_nsec3_iterations(const char* cfgfile)
367 {
368  int ret = 0;
369  const char* str = parse_conf_string(cfgfile,
370  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
371  1);
372  if (str) {
373  if (strlen(str) > 0) {
374  ret = atoi(str);
375  }
376  free((void*)str);
377  }
378  return ret;
379 }
380 
381 
382 int
383 parse_sc_nsec3_optout(const char* cfgfile)
384 {
385  int ret = 0;
386  const char* str = parse_conf_string(cfgfile,
387  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
388  0);
389  if (str) {
390  ret = 1;
391  free((void*)str);
392  }
393  return ret;
394 }
395 
396 
397 int
398 parse_sc_audit(const char* cfgfile)
399 {
400  int ret = 0;
401  const char* str = parse_conf_string(cfgfile,
402  "//SignerConfiguration/Zone/Audit",
403  0);
404  if (str) {
405  ret = 1;
406  free((void*)str);
407  }
408  return ret;
409 }
410 
411 
416 const char*
417 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
418 {
419  const char* dup = NULL;
420  const char* str = parse_conf_string(
421  cfgfile,
422  "//SignerConfiguration/Zone/SOA/Serial",
423  1);
424 
425  if (str) {
426  dup = allocator_strdup(allocator, str);
427  free((void*)str);
428  }
429  return dup;
430 }
431 
432 
433 const char*
434 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
435 {
436  const char* dup = NULL;
437  const char* str = parse_conf_string(
438  cfgfile,
439  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
440  1);
441 
442  if (str) {
443  dup = allocator_strdup(allocator, str);
444  free((void*)str);
445  }
446  return dup;
447 }