/*!
* Generate new key with parameters from KASP policy and add it into zone.
*/
int generate_key(dnssec_event_ctx_t *ctx, bool ksk, dnssec_kasp_key_t **key_ptr)
{
assert(ctx);
assert(ctx->zone);
assert(ctx->keystore);
assert(ctx->policy);
dnssec_key_algorithm_t algorithm = ctx->policy->algorithm;
unsigned size = ksk ? ctx->policy->ksk_size : ctx->policy->zsk_size;
// generate key in the keystore
_cleanup_free_ char *id = NULL;
int r = dnssec_keystore_generate_key(ctx->keystore, algorithm, size, &id);
if (r != DNSSEC_EOK) {
return r;
}
// create KASP key
dnssec_key_t *dnskey = NULL;
r = dnssec_key_new(&dnskey);
if (r != DNSSEC_EOK) {
return r;
}
r = dnssec_key_set_dname(dnskey, ctx->zone->dname);
if (r != DNSSEC_EOK) {
dnssec_key_free(dnskey);
return r;
}
dnssec_key_set_flags(dnskey, dnskey_flags(ksk));
r = dnssec_key_import_keystore(dnskey, ctx->keystore, id, algorithm);
if (r != DNSSEC_EOK) {
dnssec_key_free(dnskey);
return r;
}
dnssec_kasp_key_t *key = calloc(1, sizeof(*key));
if (!key) {
dnssec_key_free(dnskey);
return DNSSEC_ENOMEM;
}
key->key = dnskey;
key->timing.created = ctx->now;
// add into KASP zone
dnssec_list_t *keys = dnssec_kasp_zone_get_keys(ctx->zone);
dnssec_list_append(keys, key);
if (key_ptr) {
*key_ptr = key;
}
return DNSSEC_EOK;
}
static void test_algorithm(dnssec_keystore_t *store,
const key_parameters_t *params)
{
char *id_generate = NULL;
char *id_import = NULL;
int r;
diag("algorithm %d, generated key", params->algorithm);
r = dnssec_keystore_generate_key(store, params->algorithm, params->bit_size, &id_generate);
ok(r == DNSSEC_EOK && id_generate != NULL, "dnssec_keystore_generate_key()");
test_key_use(store, params->algorithm, id_generate);
diag("algorithm %d, imported key", params->algorithm);
r = dnssec_keystore_import(store, ¶ms->pem, &id_import);
ok(r == DNSSEC_EOK && id_import != NULL, "dnssec_keystore_import()");
test_key_use(store, params->algorithm, id_import);
free(id_generate);
free(id_import);
}
