[Opendnssec-commits] matthijs r7170 - in branches/OpenDNSSEC-CDS/enforcer-ng/src: enforcer keystate policy signconf xmlext-pb/test

commits at svn.opendnssec.org commits at svn.opendnssec.org
Mon Jun 24 16:37:09 CEST 2013


Author: matthijs
Date: Mon Jun 24 16:37:09 2013
New Revision: 7170
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7170

Log:
more fighting with proto and cpp

Modified:
   branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcer.cpp
   branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerdata.h
   branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.cpp
   branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.h
   branches/OpenDNSSEC-CDS/enforcer-ng/src/keystate/keystate.proto
   branches/OpenDNSSEC-CDS/enforcer-ng/src/policy/kasp.proto
   branches/OpenDNSSEC-CDS/enforcer-ng/src/signconf/signconf_task.cpp
   branches/OpenDNSSEC-CDS/enforcer-ng/src/xmlext-pb/test/main.cpp

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcer.cpp
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcer.cpp	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcer.cpp	Mon Jun 24 16:37:09 2013	(r7170)
@@ -1434,6 +1434,7 @@
 		k.setPublish(getState(k, DK, NULL) == OMN || getState(k, DK, NULL) == RUM);
 		k.setActiveKSK(getState(k, RD, NULL) == OMN || getState(k, RD, NULL) == RUM);
 		k.setActiveZSK(getState(k, RS, NULL) == OMN || getState(k, RS, NULL) == RUM);
+		k.setActiveCDS(getState(k, DS, NULL) == OMN || getState(k, DS, NULL) == RUM);
 	}
 
 	minTime(policy_return_time, zone_return_time);

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerdata.h
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerdata.h	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerdata.h	Mon Jun 24 16:37:09 2013	(r7170)
@@ -230,6 +230,7 @@
     virtual void setPublish(bool value) = 0;
     virtual void setActiveZSK(bool value) = 0;
     virtual void setActiveKSK(bool value) = 0;
+    virtual void setActiveCDS(bool value) = 0;
     
     virtual void setDsAtParent(DsAtParent value) = 0;
     virtual DsAtParent dsAtParent() = 0;

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.cpp
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.cpp	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.cpp	Mon Jun 24 16:37:09 2013	(r7170)
@@ -208,6 +208,11 @@
     _keydata->set_active_ksk(value);
 }
 
+void KeyDataPB::setActiveCDS(bool value)
+{
+    _keydata->set_active_cds(value);
+}
+
 DsAtParent KeyDataPB::dsAtParent()
 {
     return (DsAtParent)_keydata->ds_at_parent();

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.h
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.h	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/enforcer/enforcerzone.h	Mon Jun 24 16:37:09 2013	(r7170)
@@ -102,6 +102,7 @@
     virtual void setPublish(bool value);
     virtual void setActiveZSK(bool value);
     virtual void setActiveKSK(bool value);
+    virtual void setActiveCDS(bool value);
     
     /* Current state of the DS record at the parent */
     virtual DsAtParent dsAtParent();

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/keystate/keystate.proto
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/keystate/keystate.proto	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/keystate/keystate.proto	Mon Jun 24 16:37:09 2013	(r7170)
@@ -88,6 +88,7 @@
     optional bool active_ksk = 16 [default = false, (xml).path="ActiveKSK"];
     optional dsatparent ds_at_parent = 17 [default = unsubmitted, (xml).path="DSAtParent"];
     optional uint32 keytag = 18 [default = 0, (xml).path="Keytag"];
+    optional bool active_cds = 19 [default = false, (xml).path="ActiveCDS"];
 }
 
 message KeyState {

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/policy/kasp.proto
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/policy/kasp.proto	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/policy/kasp.proto	Mon Jun 24 16:37:09 2013	(r7170)
@@ -98,6 +98,7 @@
 	repeated Ksk ksk = 6 [(xml).path="KSK"]; // Key Signing Keys (KSK) parameters.
 	repeated Zsk zsk = 7 [(xml).path="ZSK"]; // Zone Signing Keys (ZSK) parameters.
 	repeated Csk csk = 8 [(xml).path="CSK"]; // Combined Signing Keys (CSK) paramters.
+	optional Cds cds = 9 [(xml).path="CDS"]; // Use CDS for key rollover ?
 }
 
 // These values correspond directly to the minimize flags. 3,6 & 7
@@ -120,6 +121,10 @@
 	CskDoubleSignature = 4;	//minimize DS
 	CskPrePublication = 5;	//minimize DS and RRSIG
 }
+enum CdsDigest {
+	CdsDigestSha1 = 1;
+	CdsDigestSha2 = 2;
+}
 
 message Ksk {
 	// anykey = generic key definition
@@ -133,7 +138,6 @@
 	// Ksk specific
 	optional bool rfc5011 = 7 [(xml).path="RFC5011"]; // Use RFC 5011 for key rollover ?
 	optional KskRollType rollover_type = 8 [default = KskDoubleSignature, (xml).path="KskRollType"]; // user friendly way of configure minimize flags
-	optional CDS cds = 9 [(xml).path="CDS"]; // Use CDS for key rollover ?
 }
 
 message Zsk {
@@ -160,11 +164,10 @@
 	// Ksk specific
 	optional bool rfc5011 = 7 [(xml).path="RFC5011"]; // Use RFC 5011 for key rollover ?
 	optional CskRollType rollover_type = 8 [default = CskPrePublication, (xml).path="CskRollType"]; // user friendly way of configure minimize flags
-	optional bool cds = 9 [(xml).path="CDS"]; // Use CDS for key rollover ?
 }
 
 message Cds {
-	repeated uint32 digest_type = 1 [(xml).path="DigestType"]; // Digest algorithm [0..255]
+	repeated CdsDigest digest = 1 [(xml).path="DigestType"]; // Digest algorithm [0..255]
 }
 
 message Zone {

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/signconf/signconf_task.cpp
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/signconf/signconf_task.cpp	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/signconf/signconf_task.cpp	Mon Jun 24 16:37:09 2013	(r7170)
@@ -142,7 +142,7 @@
 	
 	for (int k=0; k<ks_zone->keys_size(); ++k) {
 		const ::ods::keystate::KeyData &ks_key = ks_zone->keys(k);
-		
+
 		// first check whether we actually should write this key into the
 		// signer configuration.
 		if (!ks_key.publish() && !ks_key.active_ksk() && !ks_key.active_zsk())
@@ -169,7 +169,7 @@
 						(ks_key.role() == ::ods::keystate::ZSK
 						 || ks_key.role() == ::ods::keystate::CSK) );
 		sc_key->set_publish( ks_key.publish() );
-		
+
 		// The deactivate flag was intended to allow smooth key rollover.
 		// With the deactivate flag present a normal rollover would be 
 		// performed where signatures would be replaced immmediately.
@@ -179,6 +179,26 @@
 		// new signatures.
 		// Currently this flag is not supported by the signer engine.
 		// sc_key->set_deactivate(  );
+
+		if (policy->keys().has_cds()) {
+			const ::ods::kasp::Cds &kp_cds = policy->keys().cds();
+			ods_log_info("Kasp has cds info...");
+			if (ks_key.active_cds()) {
+				ods_log_info("Key cds is active..., #digests=%u", kp_cds.digest_size());
+				::ods::signconf::CDS *sc_cds = sc_key->mutable_cds();
+				for (int l=0; l < kp_cds.digest_size(); ++l) {
+					ods_log_info("Key cds add digest...");
+					sc_cds->add_digest_type(kp_cds.digest(l));
+				}
+			} else {
+				ods_log_info("Key cds is not active...");
+				sc_key->clear_cds();
+			}
+		} else {
+			ods_log_info("Kasp has no cds info...");
+			sc_key->clear_cds();
+		}
+
 	}
 	
 	const ::ods::kasp::Zone &kp_zone = policy->zone();

Modified: branches/OpenDNSSEC-CDS/enforcer-ng/src/xmlext-pb/test/main.cpp
==============================================================================
--- branches/OpenDNSSEC-CDS/enforcer-ng/src/xmlext-pb/test/main.cpp	Mon Jun 24 14:40:06 2013	(r7169)
+++ branches/OpenDNSSEC-CDS/enforcer-ng/src/xmlext-pb/test/main.cpp	Mon Jun 24 16:37:09 2013	(r7170)
@@ -37,6 +37,7 @@
 				"<Algorithm length=\"2048\">8</Algorithm>\n"
 				"<Lifetime>P1Y</Lifetime>\n"
 				"<Repository>SoftHSM</Repository>\n"
+				"<CDS><DigestType>1</DigestType></CDS>\n"
 			"</KSK>\n"
 			"<ZSK>\n"
 				"<Algorithm length=\"1024\">8</Algorithm>\n"



More information about the Opendnssec-commits mailing list