Changeset 1724
- Timestamp:
- 09/23/10 22:44:47 (3 years ago)
- Location:
- trunk/pdns/pdns
- Files:
-
- 3 modified
-
dnsseckeeper.cc (modified) (4 diffs)
-
dnsseckeeper.hh (modified) (1 diff)
-
pdnssec.cc (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/pdns/dnsseckeeper.cc
r1645 r1724 78 78 79 79 if(dpk) { 80 80 getRSAKeyFromISC(&dpk->d_key.getContext(), dir_itr->path().file_string().c_str()); 81 81 82 83 84 85 86 87 88 82 if(getNSEC3PARAM(zone)) { 83 dpk->d_algorithm = 7; 84 } 85 else { 86 dpk->d_algorithm = 5; 87 } 88 89 89 } 90 90 return true; … … 139 139 } 140 140 141 /* 141 142 bool zskSortByDates(const DNSSECKeeper::zskset_t::value_type& a, const DNSSECKeeper::zskset_t::value_type& b) 142 143 { … … 145 146 tie(b.second.beginValidity, b.second.endValidity); 146 147 } 148 * */ 147 149 void DNSSECKeeper::deleteZSKFor(const std::string& zname, const std::string& fname) 148 150 { … … 235 237 236 238 KeyMetaData kmd; 239 /* 237 240 kmd.beginValidity=timegm(&ts1); 238 241 kmd.endValidity=timegm(&ts2); 239 242 time_t now=time(0); 240 kmd.active = now > kmd.beginValidity && now < kmd.endValidity; 243 */ 244 kmd.active = 1; // XXX FIXME GOOD ONE! // now > kmd.beginValidity && now < kmd.endValidity; 241 245 kmd.fname = dir_itr->leaf(); 242 246 zskset.push_back(make_pair(dpk, kmd)); 243 247 } 244 sort(zskset.begin(), zskset.end(), zskSortByDates);248 // sort(zskset.begin(), zskset.end(), zskSortByDates); 245 249 } 246 250 -
trunk/pdns/pdns/dnsseckeeper.hh
r1645 r1724 85 85 struct KeyMetaData 86 86 { 87 time_t beginValidity, endValidity; // wart88 87 bool active; 89 88 string fname; 90 }; 89 }; 90 typedef std::vector<std::pair<DNSSECPrivateKey, KeyMetaData> > zskset_t; 91 91 92 public: 92 93 explicit DNSSECKeeper(const std::string& dirname) : d_dirname(dirname){} 94 93 95 bool haveKSKFor(const std::string& zone, DNSSECPrivateKey* ksk=0); 94 96 95 typedef std::vector<std::pair<DNSSECPrivateKey, KeyMetaData> > zskset_t;96 97 zskset_t getZSKsFor(const std::string& zone, bool all=false); 97 98 void addZSKFor(const std::string& zname, int algorithm, bool next=false); 99 98 100 void deleteZSKFor(const std::string& zname, const std::string& fname); 99 101 100 102 void secureZone(const std::string& fname, int algorithm); 103 101 104 bool getNSEC3PARAM(const std::string& zname, NSEC3PARAMRecordContent* n3p=0); 102 105 void setNSEC3PARAM(const std::string& zname, const NSEC3PARAMRecordContent* n3p); -
trunk/pdns/pdns/pdnssec.cc
r1648 r1724 234 234 235 235 BOOST_FOREACH(DNSSECKeeper::zskset_t::value_type value, zskset) { 236 cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<< ", "<<humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;236 cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<endl; // ", "<<humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl; 237 237 if(value.second.active) 238 238 inforce++; 239 if( value.second.endValidity < now - 2*86400) { //'expired more than two days ago'239 if(!value.second.active) { // was: 'expired more than two days ago' 240 240 cout<<"\tThis key is no longer used and too old to keep around, deleting!\n"; 241 241 dk.deleteZSKFor(zone, value.second.fname); 242 } else if(value.second.endValidity < now){ // 'expired more than two days ago'242 } else /* if( value.second.endValidity < now ) */{ // 'expired more than two days ago' 243 243 cout<<"\tThis key is no longer in active use, but needs to linger\n"; 244 244 } … … 291 291 cout << "ZSKs for zone '"<<zone<<"':"<<endl; 292 292 BOOST_FOREACH(DNSSECKeeper::zskset_t::value_type value, zskset) { 293 cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<", "<< humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl;293 cout<<"Tag = "<<value.first.getDNSKEY().getTag()<<"\tActive: "<<value.second.active<<", "<< endl; // humanTime(value.second.beginValidity)<<" - "<<humanTime(value.second.endValidity)<<endl; 294 294 } 295 295 }
