From f449f278dd3c70e479a035f50a9bb817a9b433ba Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:24:08 +0200 Subject: Adding upstream version 3.2.6. Signed-off-by: Daniel Baumann --- src/knot/dnssec/key-events.h | 69 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 src/knot/dnssec/key-events.h (limited to 'src/knot/dnssec/key-events.h') diff --git a/src/knot/dnssec/key-events.h b/src/knot/dnssec/key-events.h new file mode 100644 index 0000000..d216f90 --- /dev/null +++ b/src/knot/dnssec/key-events.h @@ -0,0 +1,69 @@ +/* Copyright (C) 2022 CZ.NIC, z.s.p.o. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ + +#pragma once + +#include "knot/dnssec/context.h" +#include "knot/dnssec/zone-events.h" + +/*! + * \brief Perform correct ZSK and KSK rollover action and plan next one. + * + * For given zone, check keys in KASP db and decide what shall be done + * according to their timers. Perform the action if they shall be done now, + * and tell the user the next time it shall be called. + * + * This function is optimized to be called from KEY_ROLLOVER_EVENT, + * but also during zone load so that the zone gets loaded already with + * proper DNSSEC chain. + * + * \param ctx Zone signing context + * \param flags Determine if some actions are forced + * \param reschedule Out: timestamp of desired next invoke + * + * \return KNOT_E* + */ +int knot_dnssec_key_rollover(kdnssec_ctx_t *ctx, zone_sign_roll_flags_t flags, + zone_sign_reschedule_t *reschedule); + +/*! + * \brief Get the key that ought to be retired by activating given new key. + * + * \param ctx DNSSEC context. + * \param newkey New key being rolled in. + * + * \return Old key being rolled out. + */ +knot_kasp_key_t *knot_dnssec_key2retire(kdnssec_ctx_t *ctx, knot_kasp_key_t *newkey); + +/*! + * \brief Set the submitted KSK to active state and the active one to retired + * + * \param ctx Zone signing context. + * \param retire_delay Retire event delay. + * + * \return KNOT_E* + */ +int knot_dnssec_ksk_sbm_confirm(kdnssec_ctx_t *ctx, uint32_t retire_delay); + +/*! + * \brief Is there a key in submission phase? + * + * \param ctx zone signing context + * + * \return False if there is no submitted key or if error; True otherwise + */ +bool zone_has_key_sbm(const kdnssec_ctx_t *ctx); -- cgit v1.2.3