OpenDNSSEC-signer  1.3.16
signconfparser.c
Go to the documentation of this file.
1 /*
2  * $Id: signconfparser.c 7350 2013-10-09 11:19:24Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "parser/confparser.h"
35 #include "parser/signconfparser.h"
36 #include "shared/allocator.h"
37 #include "shared/duration.h"
38 #include "shared/log.h"
39 #include "signer/keys.h"
40 
41 #include <libxml/parser.h>
42 #include <libxml/xpath.h>
43 #include <libxml/xpathInternals.h>
44 #include <libxml/xmlreader.h>
45 #include <stdlib.h>
46 
47 static const char* parser_str = "parser";
48 
49 
55 parse_sc_keys(allocator_type* allocator, const char* cfgfile)
56 {
57  xmlDocPtr doc = NULL;
58  xmlXPathContextPtr xpathCtx = NULL;
59  xmlXPathObjectPtr xpathObj = NULL;
60  xmlNode* curNode = NULL;
61  xmlChar* xexpr = NULL;
62  key_type* new_key = NULL;
63  keylist_type* kl = NULL;
64  char* locator = NULL;
65  char* flags = NULL;
66  char* algorithm = NULL;
67  int ksk, zsk, publish, i;
68 
69  if (!cfgfile) {
70  ods_log_error("[%s] could not parse <Keys>, no cfgfile given",
71  parser_str);
72  return NULL;
73  }
74  ods_log_assert(cfgfile);
75 
76  /* Load XML document */
77  doc = xmlParseFile(cfgfile);
78  if (doc == NULL) {
79  ods_log_error("[%s] could not parse <Keys>, xmlParseFile failed",
80  parser_str);
81  return NULL;
82  }
83  /* Create xpath evaluation context */
84  xpathCtx = xmlXPathNewContext(doc);
85  if(xpathCtx == NULL) {
86  xmlFreeDoc(doc);
87  ods_log_error("[%s] could not parse <Keys>, xmlXPathNewContext failed",
88  parser_str);
89  return NULL;
90  }
91  /* Evaluate xpath expression */
92  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
93  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
94  if(xpathObj == NULL) {
95  xmlXPathFreeContext(xpathCtx);
96  xmlFreeDoc(doc);
97  ods_log_error("[%s] could not parse <Keys>, xmlXPathEvalExpression "
98  "failed", parser_str);
99  return NULL;
100  }
101 
102  kl = keylist_create(allocator);
103  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
104  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
105  locator = NULL;
106  flags = NULL;
107  algorithm = NULL;
108  ksk = 0;
109  zsk = 0;
110  publish = 0;
111 
112  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
113  while (curNode) {
114  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
115  locator = (char *) xmlNodeGetContent(curNode);
116  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
117  algorithm = (char *) xmlNodeGetContent(curNode);
118  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
119  flags = (char *) xmlNodeGetContent(curNode);
120  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
121  ksk = 1;
122  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
123  zsk = 1;
124  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
125  publish = 1;
126  }
127  curNode = curNode->next;
128  }
129  if (locator && algorithm && flags) {
130  /* search for duplicates */
131  new_key = keylist_lookup(kl, locator);
132  if (new_key &&
133  new_key->algorithm == (uint8_t) atoi(algorithm) &&
134  new_key->flags == (uint32_t) atoi(flags) &&
135  new_key->publish == publish &&
136  new_key->ksk == ksk &&
137  new_key->zsk == zsk) {
138  /* duplicate */
139  ods_log_warning("[%s] found duplicate key %s, skipping",
140  parser_str, locator);
141  } else {
142  new_key = key_create(allocator, locator,
143  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
144  publish, ksk, zsk);
145  if (keylist_push(kl, new_key) != ODS_STATUS_OK) {
146  ods_log_error("[%s] failed to push key %s to keylist",
147  parser_str, locator);
148  }
149  }
150  } else {
151  ods_log_error("[%s] Key missing required elements, skipping",
152  parser_str);
153  }
154  free((void*)locator);
155  free((void*)algorithm);
156  free((void*)flags);
157  }
158  }
159 
160  xmlXPathFreeObject(xpathObj);
161  xmlXPathFreeContext(xpathCtx);
162  if (doc) {
163  xmlFreeDoc(doc);
164  }
165  return kl;
166 }
167 
168 
174 parse_sc_sig_resign_interval(const char* cfgfile)
175 {
176  duration_type* duration = NULL;
177  const char* str = parse_conf_string(cfgfile,
178  "//SignerConfiguration/Zone/Signatures/Resign",
179  1);
180  if (!str) {
181  return NULL;
182  }
183  duration = duration_create_from_string(str);
184  free((void*)str);
185  return duration;
186 }
187 
188 
190 parse_sc_sig_refresh_interval(const char* cfgfile)
191 {
192  duration_type* duration = NULL;
193  const char* str = parse_conf_string(cfgfile,
194  "//SignerConfiguration/Zone/Signatures/Refresh",
195  1);
196  if (!str) {
197  return NULL;
198  }
199  duration = duration_create_from_string(str);
200  free((void*)str);
201  return duration;
202 }
203 
204 
206 parse_sc_sig_validity_default(const char* cfgfile)
207 {
208  duration_type* duration = NULL;
209  const char* str = parse_conf_string(cfgfile,
210  "//SignerConfiguration/Zone/Signatures/Validity/Default",
211  1);
212  if (!str) {
213  return NULL;
214  }
215  duration = duration_create_from_string(str);
216  free((void*)str);
217  return duration;
218 }
219 
220 
222 parse_sc_sig_validity_denial(const char* cfgfile)
223 {
224  duration_type* duration = NULL;
225  const char* str = parse_conf_string(cfgfile,
226  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
227  1);
228  if (!str) {
229  return NULL;
230  }
231  duration = duration_create_from_string(str);
232  free((void*)str);
233  return duration;
234 }
235 
236 
238 parse_sc_sig_jitter(const char* cfgfile)
239 {
240  duration_type* duration = NULL;
241  const char* str = parse_conf_string(cfgfile,
242  "//SignerConfiguration/Zone/Signatures/Jitter",
243  1);
244  if (!str) {
245  return NULL;
246  }
247  duration = duration_create_from_string(str);
248  free((void*)str);
249  return duration;
250 }
251 
252 
254 parse_sc_sig_inception_offset(const char* cfgfile)
255 {
256  duration_type* duration = NULL;
257  const char* str = parse_conf_string(cfgfile,
258  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
259  1);
260  if (!str) {
261  return NULL;
262  }
263  duration = duration_create_from_string(str);
264  free((void*)str);
265  return duration;
266 }
267 
268 
270 parse_sc_dnskey_ttl(const char* cfgfile)
271 {
272  duration_type* duration = NULL;
273  const char* str = parse_conf_string(cfgfile,
274  "//SignerConfiguration/Zone/Keys/TTL",
275  1);
276  if (!str) {
277  return NULL;
278  }
279  duration = duration_create_from_string(str);
280  free((void*)str);
281  return duration;
282 }
283 
284 
286 parse_sc_nsec3param_ttl(const char* cfgfile)
287 {
288  duration_type* duration = NULL;
289  const char* str = parse_conf_string(cfgfile,
290  "//SignerConfiguration/Zone/Denial/NSEC3/TTL",
291  0);
292  if (!str) {
293  return NULL;
294  }
295  duration = duration_create_from_string(str);
296  free((void*)str);
297  return duration;
298 }
299 
300 
302 parse_sc_soa_ttl(const char* cfgfile)
303 {
304  duration_type* duration = NULL;
305  const char* str = parse_conf_string(cfgfile,
306  "//SignerConfiguration/Zone/SOA/TTL",
307  1);
308  if (!str) {
309  return NULL;
310  }
311  duration = duration_create_from_string(str);
312  free((void*)str);
313  return duration;
314 }
315 
316 
318 parse_sc_soa_min(const char* cfgfile)
319 {
320  duration_type* duration = NULL;
321  const char* str = parse_conf_string(cfgfile,
322  "//SignerConfiguration/Zone/SOA/Minimum",
323  1);
324  if (!str) {
325  return NULL;
326  }
327  duration = duration_create_from_string(str);
328  free((void*)str);
329  return duration;
330 }
331 
332 
337 ldns_rr_type
338 parse_sc_nsec_type(const char* cfgfile)
339 {
340  const char* str = parse_conf_string(cfgfile,
341  "//SignerConfiguration/Zone/Denial/NSEC3",
342  0);
343  if (str) {
344  free((void*)str);
345  return LDNS_RR_TYPE_NSEC3;
346  }
347 
348  str = parse_conf_string(cfgfile,
349  "//SignerConfiguration/Zone/Denial/NSEC",
350  0);
351  if (str) {
352  free((void*)str);
353  return LDNS_RR_TYPE_NSEC;
354  }
355 
356  return LDNS_RR_TYPE_FIRST;
357 }
358 
359 
364 uint32_t
365 parse_sc_nsec3_algorithm(const char* cfgfile)
366 {
367  int ret = 0;
368  const char* str = parse_conf_string(cfgfile,
369  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
370  1);
371  if (str) {
372  if (strlen(str) > 0) {
373  ret = atoi(str);
374  }
375  free((void*)str);
376  }
377  return ret;
378 }
379 
380 
381 uint32_t
382 parse_sc_nsec3_iterations(const char* cfgfile)
383 {
384  int ret = 0;
385  const char* str = parse_conf_string(cfgfile,
386  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
387  1);
388  if (str) {
389  if (strlen(str) > 0) {
390  ret = atoi(str);
391  }
392  free((void*)str);
393  }
394  return ret;
395 }
396 
397 
398 int
399 parse_sc_nsec3_optout(const char* cfgfile)
400 {
401  int ret = 0;
402  const char* str = parse_conf_string(cfgfile,
403  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
404  0);
405  if (str) {
406  ret = 1;
407  free((void*)str);
408  }
409  return ret;
410 }
411 
412 
413 int
414 parse_sc_audit(const char* cfgfile)
415 {
416  int ret = 0;
417  const char* str = parse_conf_string(cfgfile,
418  "//SignerConfiguration/Zone/Audit",
419  0);
420  if (str) {
421  ret = 1;
422  free((void*)str);
423  }
424  return ret;
425 }
426 
427 
432 const char*
433 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
434 {
435  const char* dup = NULL;
436  const char* str = parse_conf_string(
437  cfgfile,
438  "//SignerConfiguration/Zone/SOA/Serial",
439  1);
440 
441  if (str) {
442  dup = allocator_strdup(allocator, str);
443  free((void*)str);
444  }
445  return dup;
446 }
447 
448 
449 const char*
450 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
451 {
452  const char* dup = NULL;
453  const char* str = parse_conf_string(
454  cfgfile,
455  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
456  1);
457 
458  if (str) {
459  dup = allocator_strdup(allocator, str);
460  free((void*)str);
461  }
462  return dup;
463 }
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
int publish
Definition: keys.h:64
int zsk
Definition: keys.h:66
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
duration_type * parse_sc_soa_ttl(const char *cfgfile)
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
void ods_log_error(const char *format,...)
Definition: log.c:349
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
ods_status keylist_push(keylist_type *kl, key_type *key)
Definition: keys.c:299
key_type * key_create(allocator_type *allocator, const char *locator, uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk)
Definition: keys.c:49
keylist_type * parse_sc_keys(allocator_type *allocator, const char *cfgfile)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
keylist_type * keylist_create(allocator_type *allocator)
Definition: keys.c:268
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
duration_type * parse_sc_nsec3param_ttl(const char *cfgfile)
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:122
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
const char * parse_conf_string(const char *cfgfile, const char *expr, int required)
Definition: confparser.c:234
int ksk
Definition: keys.h:65
uint8_t algorithm
Definition: keys.h:62
key_type * keylist_lookup(keylist_type *list, const char *locator)
Definition: keys.c:330
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
int parse_sc_audit(const char *cfgfile)
#define ods_log_assert(x)
Definition: log.h:141
duration_type * duration_create_from_string(const char *str)
Definition: duration.c:125
uint32_t flags
Definition: keys.h:63
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
void ods_log_warning(const char *format,...)
Definition: log.c:333
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)