Managed GSS-TSIG key. More...

#include <managed_key.h>

Inheritance diagram for isc::gss_tsig::ManagedKey:

Public Types
enum	Status { NOT_READY , USABLE , EXPIRED , IN_ERROR }
	A key status. More...

Public Member Functions
	ManagedKey (const std::string &name)
	Constructor.

virtual	~ManagedKey ()=default
	Destructor.

virtual dns::TSIGContextPtr	createContext ()
	Create GssTsigContext context.

std::string	getKeyNameStr () const
	Get the key name as a string.

std::string	getParentID () const
	Get the DNS server (parent) ID.

Status	getStatus () const
	Get the key status.

TKeyExchangePtr &	getTKeyExchange ()
	Get the TKEY exchange.

TKeyExchange::Status	getTKeyStatus () const
	Get the TKEY exchange status.

void	operator() (TKeyExchange::Status tkey_status)
	The TKEY exchange completion handler.

void	setParentID (const std::string &parent_id)
	Set the DNS server (parent) ID.

void	setStatus (Status status)
	Set the key status.

void	setTKeyStatus (TKeyExchange::Status tkey_status)
	Set the TKEY exchange status.

isc::data::ElementPtr	toElement () const
	Unparse a key object.

Public Member Functions inherited from isc::gss_tsig::GssTsigKey
	GssTsigKey (const std::string &key_name, const std::vector< uint8_t > &import)
	Constructor.

	GssTsigKey (const std::string &key_name, gss_ctx_id_t sec_ctx=GSS_C_NO_CONTEXT)
	Constructor.

virtual	~GssTsigKey ()
	Destructor.

std::chrono::system_clock::time_point	getExpire () const
	Get the key expire.

uint32_t	getExpire32 () const
	Get the key expire (32 bits).

std::chrono::system_clock::time_point	getInception () const
	Get the key inception.

uint32_t	getInception32 () const
	Get the key inception (32 bits).

GssApiSecCtx &	getSecCtx ()
	Get the security context.

void	setExpire (const std::chrono::system_clock::time_point &expire)
	Set the key expire.

void	setInception (const std::chrono::system_clock::time_point &inception)
	Set the key inception.

Public Member Functions inherited from isc::d2::D2TsigKey
	D2TsigKey (const dns::Name &key_name, const dns::Name &algorithm_name, const void *secret, size_t secret_len, size_t digestbits=0)
	Constructor.

	D2TsigKey (const std::string &key_spec)
	Constructor.

virtual	~D2TsigKey ()
	Destructor.

virtual void	resetStats ()
	Reset statistics.

Public Member Functions inherited from isc::dns::TSIGKey
	TSIGKey (const Name &key_name, const Name &algorithm_name, const void *secret, size_t secret_len, size_t digestbits=0)
	Constructors, Assignment Operator and Destructor.

	TSIGKey (const std::string &str)
	Constructor from an input string.

	TSIGKey (const TSIGKey &source)
	The copy constructor.

virtual	~TSIGKey ()
	The destructor.

isc::cryptolink::HashAlgorithm	getAlgorithm () const
	Return the hash algorithm name in the form of cryptolink::HashAlgorithm.

const Name &	getAlgorithmName () const
	Return the algorithm name.

size_t	getDigestbits () const
	Return the minimum truncated length.

const Name &	getKeyName () const
	Getter Methods.

const void *	getSecret () const
	Return the value of the TSIG secret.

size_t	getSecretLength () const
	Return the length of the TSIG secret in bytes.

TSIGKey &	operator= (const TSIGKey &source)
	Assignment operator.

std::string	toText () const
	Converts the TSIGKey to a string value.

Public Member Functions inherited from isc::gss_tsig::TKeyExchange::Callback
virtual	~Callback ()
	Virtual destructor.

Public Member Functions inherited from isc::data::CfgToElement
virtual	~CfgToElement ()
	Destructor.

Static Public Member Functions
static std::string	genName (const std::string &server)
	Create a random name from a suffix.

static std::string	statusToText (Status status)
	Convert a status to its textual form.

Static Public Member Functions inherited from isc::dns::TSIGKey
static const Name &	GSSTSIG_NAME ()

static const Name &	HMACMD5_NAME ()
	Well known algorithm names as defined in RFC2845 and RFC4635.

static const Name &	HMACMD5_SHORT_NAME ()

static const Name &	HMACSHA1_NAME ()

static const Name &	HMACSHA224_NAME ()

static const Name &	HMACSHA256_NAME ()

static const Name &	HMACSHA384_NAME ()

static const Name &	HMACSHA512_NAME ()

Public Attributes
boost::scoped_ptr< std::mutex >	mutex_
	Mutex for protecting key state.

Additional Inherited Members
Protected Attributes inherited from isc::gss_tsig::GssTsigKey
std::chrono::system_clock::time_point	expire_
	The key expire date.

std::chrono::system_clock::time_point	inception_
	The key inception date.

std::unique_ptr< GssApiSecCtx >	sec_ctx_
	GSS-API security context.

Detailed Description

Managed GSS-TSIG key.

This class extends GssTsigKey with data which are defined in headers which include the class definition.

Definition at line 23 of file managed_key.h.

Member Enumeration Documentation

◆ Status

enum isc::gss_tsig::ManagedKey::Status

A key status.

Standard flow is initialized as not ready, after the setup usable and at expire finishes as expired. When the setup fails it is in error, the TKEY exchange status giving more details on the failure reason.

Enumerator
NOT_READY	Not yet ready (not yet usable).
USABLE	Usable.
EXPIRED	Expired (no longer usable).
IN_ERROR	Setup failed.

Definition at line 32 of file managed_key.h.

Constructor & Destructor Documentation

◆ ManagedKey()

isc::gss_tsig::ManagedKey::ManagedKey ( const std::string & name )

Constructor.

Parameters

name Key name.

Definition at line 50 of file managed_key.cc.

References isc::gss_tsig::GssTsigKey::GssTsigKey(), mutex_, and NOT_READY.

Here is the call graph for this function:

◆ ~ManagedKey()

virtual isc::gss_tsig::ManagedKey::~ManagedKey ( )

virtualdefault

Destructor.

Member Function Documentation

◆ createContext()

TSIGContextPtr isc::gss_tsig::ManagedKey::createContext ( )

virtual

Create GssTsigContext context.

Note: overwritten isc::d2::D2TsigKey method.

Returns: The specific GssTsigContext of the GssTsigKey.

Reimplemented from isc::d2::D2TsigKey.

Definition at line 131 of file managed_key.cc.

◆ genName()

string isc::gss_tsig::ManagedKey::genName ( const std::string & server )

static

Create a random name from a suffix.

Parameters

server The server suffix.

Definition at line 41 of file managed_key.cc.

References isc::cryptolink::random().

Referenced by isc::gss_tsig::GssTsigImpl::createKey().

Here is the call graph for this function:

◆ getKeyNameStr()

std::string isc::gss_tsig::ManagedKey::getKeyNameStr ( ) const

inline

Get the key name as a string.

Returns: the key name as a string.

Definition at line 53 of file managed_key.h.

References isc::dns::TSIGKey::getKeyName(), and isc::dns::TSIGKey::toText().

Referenced by toElement().

Here is the call graph for this function:

◆ getParentID()

std::string isc::gss_tsig::ManagedKey::getParentID ( ) const

inline

Get the DNS server (parent) ID.

Returns: The DNS server (parent) ID.

Definition at line 60 of file managed_key.h.

Referenced by toElement().

◆ getStatus()

Status isc::gss_tsig::ManagedKey::getStatus ( ) const

inline

Get the key status.

Returns: The key status.

Definition at line 74 of file managed_key.h.

◆ getTKeyExchange()

TKeyExchangePtr & isc::gss_tsig::ManagedKey::getTKeyExchange ( )

inline

Get the TKEY exchange.

Returns: A reference to the TKEY exchange pointer.

Definition at line 102 of file managed_key.h.

Referenced by operator()().

◆ getTKeyStatus()

TKeyExchange::Status isc::gss_tsig::ManagedKey::getTKeyStatus ( ) const

inline

Get the TKEY exchange status.

Returns: The TKEY exchange status.

Definition at line 88 of file managed_key.h.

◆ operator()()

void isc::gss_tsig::ManagedKey::operator() ( TKeyExchange::Status tkey_status )

virtual

The TKEY exchange completion handler.

Parameters

tkey_status The completion status.

Implements isc::gss_tsig::TKeyExchange::Callback.

Definition at line 56 of file managed_key.cc.

References isc::log::DBGLVL_TRACE_BASIC, isc::dns::TSIGKey::getKeyName(), getTKeyExchange(), isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::GSS_TSIG_NEW_KEY_SETUP_FAILED, isc::gss_tsig::GSS_TSIG_NEW_KEY_SETUP_SUCCEED, IN_ERROR, LOG_DEBUG, LOG_WARN, mutex_, setStatus(), setTKeyStatus(), isc::gss_tsig::TKeyExchange::statusToText(), isc::gss_tsig::TKeyExchange::SUCCESS, isc::dns::TSIGKey::toText(), and USABLE.

Here is the call graph for this function:

◆ setParentID()

void isc::gss_tsig::ManagedKey::setParentID ( const std::string & parent_id )

inline

Set the DNS server (parent) ID.

Parameters

parent_id DNS server (parent) ID.

Definition at line 67 of file managed_key.h.

◆ setStatus()

void isc::gss_tsig::ManagedKey::setStatus ( Status status )

inline

Set the key status.

Parameters

status The new key status.

Definition at line 81 of file managed_key.h.

Referenced by operator()().

◆ setTKeyStatus()

void isc::gss_tsig::ManagedKey::setTKeyStatus ( TKeyExchange::Status tkey_status )

inline

Set the TKEY exchange status.

Parameters

tkey_status The new TKEY exchange status.

Definition at line 95 of file managed_key.h.

Referenced by operator()().

◆ statusToText()

string isc::gss_tsig::ManagedKey::statusToText ( Status status )

static

Convert a status to its textual form.

Definition at line 27 of file managed_key.cc.

References EXPIRED, NOT_READY, and USABLE.

Referenced by toElement().

◆ toElement()

ElementPtr isc::gss_tsig::ManagedKey::toElement ( ) const

virtual

Unparse a key object.

Used to get the full state of a key:

name
status
security-context-lifetime (usable or expired key)
tkey-status (in case of error)
tkey-exchange (not yet ready key)
inception-date
expire-date

Returns: a pointer to unparsed key object.

Implements isc::data::CfgToElement.

Definition at line 83 of file managed_key.cc.

References isc::util::clockToText(), Element::create(), Element::createMap(), isc::gss_tsig::GssTsigKey::expire_, EXPIRED, getKeyNameStr(), getParentID(), IN_ERROR, isc::gss_tsig::GssTsigKey::inception_, isc::gss_tsig::GssTsigKey::sec_ctx_, statusToText(), isc::gss_tsig::TKeyExchange::statusToText(), and USABLE.

Here is the call graph for this function:

Member Data Documentation

◆ mutex_

boost::scoped_ptr<std::mutex> isc::gss_tsig::ManagedKey::mutex_

Mutex for protecting key state.

Definition at line 152 of file managed_key.h.

Referenced by ManagedKey(), and operator()().

The documentation for this class was generated from the following files:

Public Types

Public Member Functions

Static Public Member Functions

Public Attributes

Additional Inherited Members

Detailed Description

Member Enumeration Documentation

◆ Status

Constructor & Destructor Documentation

◆ ManagedKey()

◆ ~ManagedKey()

Member Function Documentation

◆ createContext()

◆ genName()

◆ getKeyNameStr()

◆ getParentID()

◆ getStatus()

◆ getTKeyExchange()

◆ getTKeyStatus()

◆ operator()()

◆ setParentID()

◆ setStatus()

◆ setTKeyStatus()

◆ statusToText()

◆ toElement()

Member Data Documentation

◆ mutex_