[Opendnssec-commits] yuri r7061 - branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey

commits at svn.opendnssec.org commits at svn.opendnssec.org
Tue Feb 26 17:04:55 CET 2013


Author: yuri
Date: Tue Feb 26 17:04:54 2013
New Revision: 7061
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7061

Log:
Append requirebackup property to new hsm keys

Modified:
   branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/backup_hsmkeys_task.cpp
   branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp

Modified: branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/backup_hsmkeys_task.cpp
==============================================================================
--- branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/backup_hsmkeys_task.cpp	Tue Feb 26 16:37:12 2013	(r7060)
+++ branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/backup_hsmkeys_task.cpp	Tue Feb 26 17:04:54 2013	(r7061)
@@ -202,6 +202,7 @@
 perform_backup_list(int sockfd, engineconfig_type *config, const char *repository)
 {
 	int keys_marked;
+	struct engineconfig_repository* hsm;
 	// check that we are using a compatible protobuf version.
 	GOOGLE_PROTOBUF_VERIFY_VERSION;
 	OrmConnRef conn;

Modified: branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp
==============================================================================
--- branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp	Tue Feb 26 16:37:12 2013	(r7060)
+++ branches/OpenDNSSEC-enforcer-ng/enforcer-ng/src/hsmkey/hsmkey_gen_task.cpp	Tue Feb 26 17:04:54 2013	(r7061)
@@ -110,7 +110,8 @@
 				  const char *repository,
 				  const char *policy_name,
 				  ::google::protobuf::uint32 algorithm,
-				  ::ods::hsmkey::keyrole role)
+				  ::ods::hsmkey::keyrole role,
+				  struct engineconfig_repository* hsm)
 {
 	// nothing todo !
 	if (ngen<=0) {
@@ -153,6 +154,14 @@
             key.set_role(role);
             key.set_key_type("RSA");
 
+            key.set_backedup(0);
+            key.set_backmeup(0);
+			while (hsm) {
+				if (strcmp(repository, hsm->name))
+					key.set_requirebackup(hsm->require_backup);
+				hsm = hsm->next;
+			}
+
 			{
 				// We do insertion of the generated key into the database here
 				// after generating of the key.
@@ -243,7 +252,7 @@
 
 static void
 generate_ksks(int sockfd, OrmConn conn, const ::ods::kasp::Policy &policy,
-			  time_t duration, pb::uint64 nzones)
+			  time_t duration, pb::uint64 nzones, struct engineconfig_repository* hsm)
 {
 	::ods::hsmkey::keyrole key_role = ::ods::hsmkey::KSK;
 	for (int k=0; k<policy.keys().ksk_size(); ++k) {
@@ -268,7 +277,7 @@
 								   key.repository().c_str(),
 								   policy.name().c_str(),
 								   key.algorithm(),
-								   key_role))
+								   key_role, hsm))
 			{
 				ods_log_error_and_printf(sockfd,module_str,
 										 "generating KSKs failed");
@@ -279,7 +288,7 @@
 
 static void
 generate_zsks(int sockfd, OrmConn conn, const ::ods::kasp::Policy &policy,
-			  time_t duration, pb::uint64 nzones)
+			  time_t duration, pb::uint64 nzones, struct engineconfig_repository* hsm)
 {
 	::ods::hsmkey::keyrole key_role = ::ods::hsmkey::ZSK;
 	for (int k=0; k<policy.keys().zsk_size(); ++k) {
@@ -304,7 +313,7 @@
 								   key.repository().c_str(),
 								   policy.name().c_str(),
 								   key.algorithm(),
-								   key_role))
+								   key_role, hsm))
 			{
 				ods_log_error_and_printf(sockfd,module_str,
 										 "generating ZSKs failed");
@@ -315,7 +324,7 @@
 
 static void
 generate_csks(int sockfd, OrmConn conn, const ::ods::kasp::Policy &policy,
-			  time_t duration, pb::uint64 nzones)
+			  time_t duration, pb::uint64 nzones, struct engineconfig_repository* hsm)
 {
 	::ods::hsmkey::keyrole key_role = ::ods::hsmkey::CSK;
 	for (int k=0; k<policy.keys().csk_size(); ++k) {
@@ -340,7 +349,7 @@
 								   key.repository().c_str(),
 								   policy.name().c_str(),
 								   key.algorithm(),
-								   key_role))
+								   key_role, hsm))
 			{
 				ods_log_error_and_printf(sockfd,module_str,
 										 "generating CSKs failed");
@@ -455,9 +464,9 @@
 		 * with the number of zones using this policy. */
 		if (count > 0 && kasp.policies(i).keys().zones_share_keys())
 			count = 1;
-		generate_ksks(sockfd, conn, kasp.policies(i), duration, count);
-		generate_zsks(sockfd, conn, kasp.policies(i), duration, count);
-		generate_csks(sockfd, conn, kasp.policies(i), duration, count);
+		generate_ksks(sockfd, conn, kasp.policies(i), duration, count, config->hsm);
+		generate_zsks(sockfd, conn, kasp.policies(i), duration, count, config->hsm);
+		generate_csks(sockfd, conn, kasp.policies(i), duration, count, config->hsm);
     }
 }
 



More information about the Opendnssec-commits mailing list