33#include "cmdhandler.h"
38#include "clientpipe.h"
42#include "longgetopt.h"
46static const char *module_str =
"keystate_rollover_cmd";
49perform_keystate_rollover(
int sockfd,
db_connection_t *dbconn,
const char * policyname,
50 const char *zonename,
int nkeyrole)
64 client_printf_err(sockfd,
"unknown policy %s\n", policyname);
68 ods_log_error(
"[%s] Error fetching zones", module_str);
69 client_printf_err(sockfd,
"[%s] Error fetching zones", module_str);
78 client_printf (sockfd,
"No keys to be rolled\n");
87 client_printf(sockfd,
"zone %s not found\n", zonename);
92 while (listsize > 0) {
99 client_printf(sockfd,
"rolling all keys for zone %s\n",
zone_db_name(zone));
100 ods_log_info(
"[%s] Manual rollover initiated for all keys on Zone: %s",
105 client_printf(sockfd,
"rolling KSK for zone %s\n",
zone_db_name(zone));
106 ods_log_info(
"[%s] Manual rollover initiated for KSK on Zone: %s", module_str,
zone_db_name(zone));
110 client_printf(sockfd,
"rolling ZSK for zone %s\n",
zone_db_name(zone));
111 ods_log_info(
"[%s] Manual rollover initiated for ZSK on Zone: %s", module_str,
zone_db_name(zone));
115 client_printf(sockfd,
"rolling CSK for zone %s\n",
zone_db_name(zone));
116 ods_log_info(
"[%s] Manual rollover initiated for CSK on Zone: %s", module_str,
zone_db_name(zone));
119 ods_log_assert(
false &&
"nkeyrole out of range");
120 ods_log_error_and_printf(sockfd, module_str,
121 "nkeyrole out of range");
126 ods_log_error_and_printf(sockfd, module_str,
127 "updating zone %s in the database failed",
zone_db_name(zone));
129 reterror = error || reterror;
142 client_printf(sockfd,
144 " --zone <zone> | --policy <policy> aka -z | -p \n"
145 " [--keytype <keytype>] aka -t\n"
153 client_printf(sockfd,
154 "Start a key rollover of the desired type *now*. The process is the same\n"
155 "as for the scheduled automated rollovers however it does not wait for\n"
156 "the keys lifetime to expire before rolling. The next rollover is due\n"
157 "after the newest key aged passed its lifetime.\n"
159 "zone limit the output to the given the zone\n"
160 "policy limit the output to the given the policy\n"
161 "keytype limit the output to the given type, can be KSK, ZSK or CSK (default is all)\n\n"
166run(cmdhandler_ctx_type* context,
int argc,
char* argv[])
168 int sockfd = context->sockfd;
169 struct longgetopt optctx;
170 int error, nkeytype = 0;
171 int long_index = 0, opt = 0;
172 const char *zone = NULL, *keytype = NULL, *
policy = NULL;
176 static struct option long_options[] = {
177 {
"zone", required_argument, 0,
'z'},
178 {
"policy", required_argument, 0,
'p'},
179 {
"keytype", required_argument, 0,
't'},
183 for(opt = longgetopt(argc, argv,
"p:z:t:", long_options, &long_index, &optctx); opt != -1;
184 opt = longgetopt(argc, argv, NULL, long_options, &long_index, &optctx)) {
187 zone = optctx.optarg;
193 keytype = optctx.optarg;
196 client_printf_err(sockfd,
"unknown arguments\n");
197 ods_log_error(
"[%s] unknown arguments for key rollover command", module_str);
203 ods_log_warning(
"[%s] expected either --zone <zone> or --policy <policy> for key rollover command", module_str);
204 client_printf(sockfd,
"expected either --zone <zone> or --policy <policy> option\n");
207 else if (zone &&
policy) {
208 ods_log_warning(
"[%s] expected either --zone <zone> or --policy <policy> for key rollover command", module_str);
209 client_printf(sockfd,
"expected either --zone <zone> or --policy <policy> option\n");
214 if (!strncasecmp(keytype,
"KSK", 3)) {
216 }
else if (!strncasecmp(keytype,
"ZSK", 3)) {
218 }
else if (!strncasecmp(keytype,
"CSK", 3)) {
221 ods_log_warning(
"[%s] given keytype \"%s\" invalid",
223 client_printf(sockfd,
"given keytype \"%s\" invalid\n",
229 error = perform_keystate_rollover(sockfd, dbconn,
policy, zone, nkeytype);
237 "key rollover", &usage, &help, NULL, NULL, &run, NULL
void enforce_task_flush_all(engine_type *engine, db_connection_t *dbconn)
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
engine_type * getglobalcontext(cmdhandler_ctx_type *context)
struct cmd_func_block key_rollover_funcblock
policy_t * policy_new(const db_connection_t *connection)
zone_list_db_t * policy_zone_list(policy_t *policy)
int policy_get_by_name(policy_t *policy, const char *name)
const char * policy_name(const policy_t *policy)
int policy_retrieve_zone_list(policy_t *policy)
void policy_free(policy_t *policy)
void zone_db_free(zone_db_t *zone)
int zone_db_set_roll_zsk_now(zone_db_t *zone, unsigned int roll_zsk_now)
int zone_db_set_roll_csk_now(zone_db_t *zone, unsigned int roll_csk_now)
const char * zone_db_name(const zone_db_t *zone)
zone_db_t * zone_list_db_get_next(zone_list_db_t *zone_list)
size_t zone_list_db_size(zone_list_db_t *zone_list)
int zone_db_set_roll_ksk_now(zone_db_t *zone, unsigned int roll_ksk_now)
int zone_db_update(zone_db_t *zone)
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
int zone_db_set_next_change(zone_db_t *zone, int next_change)