1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120 | // Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
#ifndef GSS_TSIG_KEY_H
#define GSS_TSIG_KEY_H
#include <d2srv/d2_tsig_key.h>
#include <gss_tsig_api.h>
#include <boost/shared_ptr.hpp>
#include <chrono>
namespace isc {
namespace gss_tsig {
/// @brief GSS-TSIG extension of the D2 TSIG key class.
///
/// Implements a @c isc::d2::D2TsigKey derived class which can be
/// used as the value of D2TsigKeyPtr so with minimal or no update to the
/// DNS++ library. The class adds to the D2TsigKey base a GSS-API security
/// context maintaining 1::1 binding the key and it including for the
/// lifetime: e.g. to get a fresh GSS-API security context a fresh object
/// must be created.
class GssTsigKey : public d2::D2TsigKey {
public:
/// @brief Constructor.
///
/// @param key_name Domain name of the key.
/// @param sec_ctx Security context (can be 0).
GssTsigKey(const std::string& key_name,<--- Class 'GssTsigKey' has a constructor with 1 argument that is not explicit. [+]Class 'GssTsigKey' has a constructor with 1 argument that is not explicit. Such, so called "Converting constructors", should in general be explicit for type safety reasons as that prevents unintended implicit conversions.
gss_ctx_id_t sec_ctx = GSS_C_NO_CONTEXT);
/// @brief Constructor.
///
/// Use the gss_import_sec_context GSS-API function. This constructor
/// is expected to be used for restoring / importing a security context
/// saved on disk.
///
/// @param key_name Domain name of the key.
/// @param import Vector of byte representing the GSS-API security context.
GssTsigKey(const std::string& key_name,
const std::vector<uint8_t>& import);
/// @brief Destructor.
virtual ~GssTsigKey();<--- Destructor in derived class
/// @brief Get the security context.
///
/// @note: By construction the sec_ctx_ pointer is never null but
/// the security context lifetime is the same as the key object.
///
/// @return The security context.
GssApiSecCtx& getSecCtx() {
return (*sec_ctx_);
}
/// @brief Get the key inception.
///
/// @return The key inception date.
std::chrono::system_clock::time_point getInception() const {
return (inception_);
}
/// @brief Get the key inception (32 bits).
///
/// @return The key inception date as a 32 bit unsigned.
uint32_t getInception32() const {
std::time_t inception = std::chrono::system_clock::to_time_t(inception_);
return (static_cast<uint32_t>(inception));
}
/// @brief Set the key inception.
///
/// @param inception The new key inception date.
void setInception(const std::chrono::system_clock::time_point& inception) {
inception_ = inception;
}
/// @brief Get the key expire.
///
/// @return The key expire date.
std::chrono::system_clock::time_point getExpire() const {
return (expire_);
}
/// @brief Get the key expire (32 bits).
///
/// @return The key expire date as a 32 bit unsigned.
uint32_t getExpire32() const {
std::time_t expire = std::chrono::system_clock::to_time_t(expire_);
return (static_cast<uint32_t>(expire));
}
/// @brief Set the key expire.
///
/// @param expire The new key expire date.
void setExpire(const std::chrono::system_clock::time_point& expire) {
expire_ = expire;
}
protected:
/// @brief GSS-API security context.
std::unique_ptr<GssApiSecCtx> sec_ctx_;
/// @brief The key inception date.
std::chrono::system_clock::time_point inception_;
/// @brief The key expire date.
std::chrono::system_clock::time_point expire_;
};
/// @brief Type of pointer to a GSS-TSIG key.
typedef boost::shared_ptr<GssTsigKey> GssTsigKeyPtr;
} // end of namespace isc::gss_tsig
} // end of namespace isc
#endif // GSS_TSIG_KEY_H
|