Created
April 26, 2013 11:46
-
-
Save Habbie/5466886 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Index: pdns/pdnssec.cc | |
=================================================================== | |
--- pdns/pdnssec.cc (revision 3174) | |
+++ pdns/pdnssec.cc (working copy) | |
@@ -42,6 +42,49 @@ | |
return ret; | |
} | |
+static void algorithm2name(uint8_t algo, string &name) { | |
+ switch(algo) { | |
+ case 0: | |
+ name = "Reserved"; return; | |
+ case 1: | |
+ name = "RSAMD5"; return; | |
+ case 2: | |
+ name = "DH"; return; | |
+ case 3: | |
+ name = "DSA"; return; | |
+ case 4: | |
+ name = "ECC"; return; | |
+ case 5: | |
+ name = "RSASHA1"; return; | |
+ case 6: | |
+ name = "DSA-NSEC3-SHA1"; return; | |
+ case 7: | |
+ name = "RSASHA1-NSEC3-SHA1"; return; | |
+ case 8: | |
+ name = "RSASHA256"; return; | |
+ case 9: | |
+ name = "Reserved"; return; | |
+ case 10: | |
+ name = "RSASHA512"; return; | |
+ case 11: | |
+ name = "Reserved"; return; | |
+ case 12: | |
+ name = "ECC-GOST"; return; | |
+ case 13: | |
+ name = "ECDSAP256SHA256"; return; | |
+ case 14: | |
+ name = "ECDSAP384SHA384"; return; | |
+ case 252: | |
+ name = "INDIRECT"; return; | |
+ case 253: | |
+ name = "PRIVATEDNS"; return; | |
+ case 254: | |
+ name = "PRIVATEOID"; return; | |
+ default: | |
+ name = "Unallocated/Reserved"; return; | |
+ } | |
+}; | |
+ | |
static int shorthand2algorithm(const string &algorithm) | |
{ | |
if (!algorithm.compare("rsamd5")) return 1; | |
@@ -254,6 +297,8 @@ | |
} | |
} | |
+ | |
+ | |
if(realrr) | |
{ | |
//cerr<<"Total: "<<nonterm.size()<<" Insert: "<<insnonterm.size()<<" Delete: "<<delnonterm.size()<<endl; | |
@@ -568,19 +613,28 @@ | |
cout << "keys: "<<endl; | |
BOOST_FOREACH(DNSSECKeeper::keyset_t::value_type value, keyset) { | |
+ string algname; | |
+ algorithm2name(value.first.d_algorithm, algname); | |
cout<<"ID = "<<value.second.id<<" ("<<(value.second.keyOrZone ? "KSK" : "ZSK")<<"), tag = "<<value.first.getDNSKEY().getTag(); | |
- cout<<", algo = "<<(int)value.first.d_algorithm<<", bits = "<<value.first.getKey()->getBits()<<"\tActive: "<<value.second.active<< endl; | |
+ cout<<", algo = "<<(int)value.first.d_algorithm<<", bits = "<<value.first.getKey()->getBits()<<"\tActive: "<<value.second.active<< " ( " + algname + " ) "<<endl; | |
if(value.second.keyOrZone) { | |
- cout<<"KSK DNSKEY = "<<zone<<" IN DNSKEY "<< value.first.getDNSKEY().getZoneRepresentation() << endl; | |
- cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 1).getZoneRepresentation() << endl; | |
- cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << endl; | |
+ cout<<"KSK DNSKEY = "<<zone<<" IN DNSKEY "<< value.first.getDNSKEY().getZoneRepresentation() << " ; ( " + algname + " )" << endl; | |
+ cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 1).getZoneRepresentation() << " ; ( SHA1 digest )" << endl; | |
+ cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << " ; ( SHA256 digest )" << endl; | |
try { | |
string output=makeDSFromDNSKey(zone, value.first.getDNSKEY(), 3).getZoneRepresentation(); | |
- cout<<"DS = "<<zone<<" IN DS "<< output << endl; | |
+ cout<<"DS = "<<zone<<" IN DS "<< output << " ; ( GOST R 34.11-94 digest )" << endl; | |
} | |
catch(...) | |
{ | |
} | |
+ try { | |
+ string output=makeDSFromDNSKey(zone, value.first.getDNSKEY(), 4).getZoneRepresentation(); | |
+ cout<<"DS = "<<zone<<" IN DS "<< output << " ; ( SHA-384 digest )" << endl; | |
+ } | |
+ catch(...) | |
+ { | |
+ } | |
cout<<endl; | |
} | |
} | |
@@ -811,6 +865,8 @@ | |
cerr<<"add-zone-key ZONE zsk|ksk [bits]\n"; | |
cerr<<" [rsasha1|rsasha256|rsasha512|gost|ecdsa256|ecdsa384]\n"; | |
cerr<<" Add a ZSK or KSK to zone and specify algo&bits\n"; | |
+ cerr<<"generate-zone-key zsk|ksk [bits] [algorithm]\n"; | |
+ cerr<<" Generate a ZSK or KSK to stdout with specified algo&bits\n"; | |
cerr<<"check-zone ZONE Check a zone for correctness\n"; | |
cerr<<"check-all-zones Check all zones for correctness\n"; | |
cerr<<"create-bind-db FNAME Create DNSSEC db for BIND backend (bind-dnssec-db)\n"; | |
@@ -1277,6 +1333,18 @@ | |
cout << "Flags: " << dspk.d_flags << endl << | |
dspk.getKey()->convertToISC() << endl; | |
} | |
+ else if(cmds[0] == "remove-zone-key") { | |
+ if(cmds.size() < 3) { | |
+ cerr<<"Syntax: pdnssec remove-zone-key ZONE KEY-ID"<<endl; | |
+ return 0; | |
+ } | |
+ const string& zone=cmds[1]; | |
+ unsigned int id=atoi(cmds[2].c_str()); | |
+ if (!dk.removeKey(zone, id)) { | |
+ return 1; | |
+ } | |
+ return 0; | |
+ } | |
else { | |
cerr<<"Unknown command '"<<cmds[0]<<"'\n"; | |
return 1; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment