1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136 | // Copyright (C) 2021-2024 Internet Systems Consortium, Inc. ("ISC")
//
// This Source Code Form is subject to the terms of the Kea Hooks Basic
// Commercial End User License Agreement v2.0. See COPYING file in the premium/
// directory.
#include <config.h>
#include <cryptolink/crypto_rng.h>
#include <gss_tsig_context.h><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <gss_tsig_log.h><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <managed_key.h><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <util/chrono_time_utils.h>
#include <cstring><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
#include <iostream><--- Include file: not found. Please note: Cppcheck does not need standard library headers to get proper results.
using namespace isc;
using namespace isc::data;
using namespace isc::dns;
using namespace isc::util;
using namespace std;
namespace isc {
namespace gss_tsig {
string
ManagedKey::statusToText(Status status) {
switch (status) {
case NOT_READY:
return ("not yet ready");
case USABLE:
return ("usable");
case EXPIRED:
return ("expired");
default:
return ("in error");
}
}
string
ManagedKey::genName(const string& suffix) {
uint32_t n;
vector<uint8_t> r = isc::cryptolink::random(sizeof(uint32_t));
memmove(&n, &r[0], sizeof(uint32_t));
ostringstream s;
s << n << "." << suffix;
return (s.str());
}
ManagedKey::ManagedKey(const string& name)
: GssTsigKey(name), parent_id_(""), status_(NOT_READY),
tkey_status_(TKeyExchange::OTHER), tkey_ex_(), mutex_(new mutex()) {
}
void
ManagedKey::operator()(TKeyExchange::Status tkey_status) {
bool success = true;
{
lock_guard<mutex> lock(*mutex_);
setTKeyStatus(tkey_status);
if (tkey_status == TKeyExchange::SUCCESS) {
setStatus(USABLE);
} else {
setStatus(IN_ERROR);
success = false;
}
}
if (success) {
LOG_DEBUG(gss_tsig_logger, log::DBGLVL_TRACE_BASIC,
GSS_TSIG_NEW_KEY_SETUP_SUCCEED)
.arg(getKeyName().toText(true));
} else {
LOG_WARN(gss_tsig_logger, GSS_TSIG_NEW_KEY_SETUP_FAILED)
.arg(getKeyName().toText(true))
.arg(TKeyExchange::statusToText(tkey_status));
}
if (getTKeyExchange() && getTKeyExchange()->getIOService()) {
getTKeyExchange()->getIOService()->post([this]() { getTKeyExchange().reset(); });
}
}
ElementPtr
ManagedKey::toElement() const {
ElementPtr map = Element::createMap();
// Name.
map->set("name", Element::create(getKeyNameStr()));
// Parent.
map->set("server-id", Element::create(getParentID()));
// Status.
map->set("status", Element::create(ManagedKey::statusToText(status_)));
// Per status extra information.
switch (status_) {
case USABLE:
case EXPIRED:
// Security context lifetime.
try {
if (sec_ctx_.get()) {
uint32_t lifetime = sec_ctx_->getLifetime();
map->set("security-context-lifetime",
Element::create(static_cast<long long>(lifetime)));
}
} catch (...) {
// Just ignore errors.
}
break;
case IN_ERROR:
// TKEY status.
map->set("tkey-status",
Element::create(TKeyExchange::statusToText(tkey_status_)));
break;
default:
// TKEY exchange.
map->set("tkey-exchange", Element::create(!!tkey_ex_));
break;
}
// Inception date.
map->set("inception-date", Element::create(clockToText(inception_)));
// Expire date.
map->set("expire-date", Element::create(clockToText(expire_)));
return (map);
}
TSIGContextPtr
ManagedKey::createContext() {
return (GssTsigContextPtr(new GssTsigContext(*this)));
}
} // end of namespace isc::gss_tsig
} // end of namespace isc
|