OpenDNSSEC-enforcer  2.1.6
policy_key_ext.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014 Jerry Lundström <lundstrom.jerry@gmail.com>
3  * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
4  * Copyright (c) 2014 OpenDNSSEC AB (svb)
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  *
28  */
29 
30 #include "policy_key.h"
31 
32 #include "db_error.h"
33 #include "duration.h"
34 #include "log.h"
35 
36 #include <string.h>
37 
39  xmlNodePtr node;
40  xmlChar* xml_text = NULL;
41  duration_type* duration = NULL;
42  int algorithm_length = 0;
43  int standby = 0;
44  int manual_rollover = 0;
45  int rfc5011 = 0;
46  int rolltype = 0;
47 
48  if (!policy_key) {
49  return DB_ERROR_UNKNOWN;
50  }
51  if (!key_node) {
52  return DB_ERROR_UNKNOWN;
53  }
54 
55  if (!strcmp((char*)key_node->name, "KSK")) {
56  ods_log_deeebug("[policy_key_*_from_xml] KSK");
58  }
59  else if (!strcmp((char*)key_node->name, "ZSK")) {
60  ods_log_deeebug("[policy_key_*_from_xml] ZSK");
62  }
63  else if (!strcmp((char*)key_node->name, "CSK")) {
64  ods_log_deeebug("[policy_key_*_from_xml] CSK");
66  }
67  else {
68  return DB_ERROR_UNKNOWN;
69  }
70 
71  for (node = key_node->children; node; node = node->next) {
72  if (node->type != XML_ELEMENT_NODE) {
73  continue;
74  }
75 
76  if (!strcmp((char*)node->name, "Algorithm")) {
77  if ((xml_text = xmlGetProp(node, (xmlChar*)"length"))) {
78  algorithm_length = 1;
79  ods_log_deeebug("[policy_key_*_from_xml] algorithm length %s", (char*)xml_text);
80  if (policy_key_set_bits(policy_key, (unsigned int)atoi((char*)xml_text))) {
81  if (xml_text) {
82  xmlFree(xml_text);
83  }
84  return DB_ERROR_UNKNOWN;
85  }
86  if (xml_text) {
87  xmlFree(xml_text);
88  xml_text = NULL;
89  }
90  }
91  if (!(xml_text = xmlNodeGetContent(node))) {
92  return DB_ERROR_UNKNOWN;
93  }
94  ods_log_deeebug("[policy_key_*_from_xml] algorithm %s", (char*)xml_text);
95  if (policy_key_set_algorithm(policy_key, (unsigned int)atoi((char*)xml_text))) {
96  if (xml_text) {
97  xmlFree(xml_text);
98  }
99  return DB_ERROR_UNKNOWN;
100  }
101  if (xml_text) {
102  xmlFree(xml_text);
103  xml_text = NULL;
104  }
105  }
106  else if (!strcmp((char*)node->name, "Lifetime")) {
107  if (!(xml_text = xmlNodeGetContent(node))) {
108  return DB_ERROR_UNKNOWN;
109  }
110  ods_log_deeebug("[policy_key_*_from_xml] lifetime %s", (char*)xml_text);
111  if (!(duration = duration_create_from_string((char*)xml_text))) {
112  if (xml_text) {
113  xmlFree(xml_text);
114  }
115  return DB_ERROR_UNKNOWN;
116  }
117  if (xml_text) {
118  xmlFree(xml_text);
119  xml_text = NULL;
120  }
121  if (policy_key_set_lifetime(policy_key, duration2time(duration))) {
122  duration_cleanup(duration);
123  return DB_ERROR_UNKNOWN;
124  }
125  duration_cleanup(duration);
126  duration = NULL;
127  }
128  else if (!strcmp((char*)node->name, "Repository")) {
129  if (!(xml_text = xmlNodeGetContent(node))) {
130  return DB_ERROR_UNKNOWN;
131  }
132  ods_log_deeebug("[policy_key_*_from_xml] repository %s", (char*)xml_text);
133  if (policy_key_set_repository(policy_key, (char*)xml_text)) {
134  if (xml_text) {
135  xmlFree(xml_text);
136  }
137  return DB_ERROR_UNKNOWN;
138  }
139  if (xml_text) {
140  xmlFree(xml_text);
141  xml_text = NULL;
142  }
143  }
144  else if (!strcmp((char*)node->name, "Standby")) {
145  standby = 1;
146  if (!(xml_text = xmlNodeGetContent(node))) {
147  return DB_ERROR_UNKNOWN;
148  }
149  ods_log_deeebug("[policy_key_*_from_xml] standby %s", (char*)xml_text);
150  if (policy_key_set_standby(policy_key, (unsigned int)atoi((char*)xml_text))) {
151  if (xml_text) {
152  xmlFree(xml_text);
153  }
154  return DB_ERROR_UNKNOWN;
155  }
156  if (xml_text) {
157  xmlFree(xml_text);
158  xml_text = NULL;
159  }
160  }
161  else if (!strcmp((char*)node->name, "ManualRollover")) {
162  manual_rollover = 1;
163  ods_log_deeebug("[policy_key_*_from_xml] manual rollover");
165  return DB_ERROR_UNKNOWN;
166  }
167  }
169  && !strcmp((char*)node->name, "KskRollType"))
170  {
171  rolltype = 1;
172  if (!(xml_text = xmlNodeGetContent(node))) {
173  return DB_ERROR_UNKNOWN;
174  }
175  ods_log_deeebug("[policy_key_*_from_xml] KSK rolltype %s", (char*)xml_text);
176  if (!strcmp((char*)xml_text, "KskDoubleRRset")) {
177  if (xml_text) {
178  xmlFree(xml_text);
179  xml_text = NULL;
180  }
182  return DB_ERROR_UNKNOWN;
183  }
184  }
185  else if (!strcmp((char*)xml_text, "KskDoubleDS")) {
186  if (xml_text) {
187  xmlFree(xml_text);
188  xml_text = NULL;
189  }
191  return DB_ERROR_UNKNOWN;
192  }
193  }
194  else if (!strcmp((char*)xml_text, "KskDoubleSignature")) {
195  if (xml_text) {
196  xmlFree(xml_text);
197  xml_text = NULL;
198  }
200  return DB_ERROR_UNKNOWN;
201  }
202  }
203  else {
204  if (xml_text) {
205  xmlFree(xml_text);
206  }
207  return DB_ERROR_UNKNOWN;
208  }
209  }
211  && !strcmp((char*)node->name, "ZskRollType"))
212  {
213  rolltype = 1;
214  if (!(xml_text = xmlNodeGetContent(node))) {
215  return DB_ERROR_UNKNOWN;
216  }
217  ods_log_deeebug("[policy_key_*_from_xml] ZSK rolltype %s", (char*)xml_text);
218  if (!strcmp((char*)xml_text, "ZskDoubleSignature")) {
219  if (xml_text) {
220  xmlFree(xml_text);
221  xml_text = NULL;
222  }
224  return DB_ERROR_UNKNOWN;
225  }
226  }
227  else if (!strcmp((char*)xml_text, "ZskPrePublication")) {
228  if (xml_text) {
229  xmlFree(xml_text);
230  xml_text = NULL;
231  }
233  return DB_ERROR_UNKNOWN;
234  }
235  }
236  else if (!strcmp((char*)xml_text, "ZskDoubleRRsig")) {
237  if (xml_text) {
238  xmlFree(xml_text);
239  xml_text = NULL;
240  }
242  return DB_ERROR_UNKNOWN;
243  }
244  }
245  else {
246  if (xml_text) {
247  xmlFree(xml_text);
248  }
249  return DB_ERROR_UNKNOWN;
250  }
251  }
253  && !strcmp((char*)node->name, "CskRollType"))
254  {
255  rolltype = 1;
256  if (!(xml_text = xmlNodeGetContent(node))) {
257  return DB_ERROR_UNKNOWN;
258  }
259  ods_log_deeebug("[policy_key_*_from_xml] CSK rolltype %s", (char*)xml_text);
260  if (!strcmp((char*)xml_text, "CskDoubleRRset")) {
261  if (xml_text) {
262  xmlFree(xml_text);
263  xml_text = NULL;
264  }
266  return DB_ERROR_UNKNOWN;
267  }
268  }
269  else if (!strcmp((char*)xml_text, "CskSingleSignature")) {
270  if (xml_text) {
271  xmlFree(xml_text);
272  xml_text = NULL;
273  }
275  return DB_ERROR_UNKNOWN;
276  }
277  }
278  else if (!strcmp((char*)xml_text, "CskDoubleDS")) {
279  if (xml_text) {
280  xmlFree(xml_text);
281  xml_text = NULL;
282  }
284  return DB_ERROR_UNKNOWN;
285  }
286  }
287  else if (!strcmp((char*)xml_text, "CskDoubleSignature")) {
288  if (xml_text) {
289  xmlFree(xml_text);
290  xml_text = NULL;
291  }
293  return DB_ERROR_UNKNOWN;
294  }
295  }
296  else if (!strcmp((char*)xml_text, "CskPrePublication")) {
297  if (xml_text) {
298  xmlFree(xml_text);
299  xml_text = NULL;
300  }
302  return DB_ERROR_UNKNOWN;
303  }
304  }
305  else {
306  if (xml_text) {
307  xmlFree(xml_text);
308  }
309  return DB_ERROR_UNKNOWN;
310  }
311  }
314  && !strcmp((char*)node->name, "RFC5011"))
315  {
316  rfc5011 = 1;
317  ods_log_deeebug("[policy_key_*_from_xml] rfc5011");
319  return DB_ERROR_UNKNOWN;
320  }
321  }
322  else {
323  return DB_ERROR_UNKNOWN;
324  }
325  }
326 
327  if (xml_text) {
328  xmlFree(xml_text);
329  xml_text = NULL;
330  }
331  duration_cleanup(duration);
332  duration = NULL;
333 
334  /*
335  * If we did not find these XML elements we need to disable them
336  */
337  if (!algorithm_length) {
338  ods_log_deeebug("[policy_key_*_from_xml] - algorithm length");
340  return DB_ERROR_UNKNOWN;
341  }
342  }
343  if (!standby) {
344  ods_log_deeebug("[policy_key_*_from_xml] - standby");
346  return DB_ERROR_UNKNOWN;
347  }
348  }
349  if (!manual_rollover) {
350  ods_log_deeebug("[policy_key_*_from_xml] - manual rollover");
352  return DB_ERROR_UNKNOWN;
353  }
354  }
355  if (!rolltype) {
357  ods_log_deeebug("[policy_key_*_from_xml] - minimize default KskDoubleSignature");
359  return DB_ERROR_UNKNOWN;
360  }
361  }
363  ods_log_deeebug("[policy_key_*_from_xml] - minimize default ZskPrePublication");
365  return DB_ERROR_UNKNOWN;
366  }
367  }
369  ods_log_deeebug("[policy_key_*_from_xml] - minimize default CskPrePublication");
371  return DB_ERROR_UNKNOWN;
372  }
373  }
374  else {
375  return DB_ERROR_UNKNOWN;
376  }
377  }
380  && !rfc5011)
381  {
382  ods_log_deeebug("[policy_key_*_from_xml] - rfc5011");
384  return DB_ERROR_UNKNOWN;
385  }
386  }
387 
388  return DB_OK;
389 }
policy_key_set_lifetime
int policy_key_set_lifetime(policy_key_t *policy_key, unsigned int lifetime)
Definition: policy_key.c:630
POLICY_KEY_ROLE_KSK
@ POLICY_KEY_ROLE_KSK
Definition: policy_key.h:42
policy_key_set_standby
int policy_key_set_standby(policy_key_t *policy_key, unsigned int standby)
Definition: policy_key.c:662
POLICY_KEY_MINIMIZE_RRSIG
#define POLICY_KEY_MINIMIZE_RRSIG
Definition: policy_key_ext.h:36
db_error.h
POLICY_KEY_MINIMIZE_NONE
#define POLICY_KEY_MINIMIZE_NONE
Definition: policy_key_ext.h:35
POLICY_KEY_MINIMIZE_DNSKEY
#define POLICY_KEY_MINIMIZE_DNSKEY
Definition: policy_key_ext.h:37
policy_key_set_repository
int policy_key_set_repository(policy_key_t *policy_key, const char *repository_text)
Definition: policy_key.c:640
policy_key_role
policy_key_role
Definition: policy_key.h:40
policy_key_set_minimize
int policy_key_set_minimize(policy_key_t *policy_key, unsigned int minimize)
Definition: policy_key.c:692
policy_key_create_from_xml
int policy_key_create_from_xml(policy_key_t *policy_key, xmlNodePtr key_node)
Definition: policy_key_ext.c:38
policy_key
Definition: policy_key.h:54
policy_key_set_algorithm
int policy_key_set_algorithm(policy_key_t *policy_key, unsigned int algorithm)
Definition: policy_key.c:606
POLICY_KEY_ROLE_ZSK
@ POLICY_KEY_ROLE_ZSK
Definition: policy_key.h:43
POLICY_KEY_ROLE_CSK
@ POLICY_KEY_ROLE_CSK
Definition: policy_key.h:44
policy_key_set_role
int policy_key_set_role(policy_key_t *policy_key, policy_key_role_t role)
Definition: policy_key.c:593
policy_key_set_manual_rollover
int policy_key_set_manual_rollover(policy_key_t *policy_key, unsigned int manual_rollover)
Definition: policy_key.c:672
policy_key.h
policy_key_set_bits
int policy_key_set_bits(policy_key_t *policy_key, unsigned int bits)
Definition: policy_key.c:620
DB_ERROR_UNKNOWN
#define DB_ERROR_UNKNOWN
Definition: db_error.h:40
DB_OK
#define DB_OK
Definition: db_error.h:36
policy_key_set_rfc5011
int policy_key_set_rfc5011(policy_key_t *policy_key, unsigned int rfc5011)
Definition: policy_key.c:682
POLICY_KEY_MINIMIZE_DS_AND_RRSIG
#define POLICY_KEY_MINIMIZE_DS_AND_RRSIG
Definition: policy_key_ext.h:39
POLICY_KEY_MINIMIZE_DS
#define POLICY_KEY_MINIMIZE_DS
Definition: policy_key_ext.h:38