Permalink
Browse files

Validate key when loading from ISC map

  • Loading branch information...
1 parent c163d41 commit 4414468dc8cd0043725617e836c658b67812e51a @cmouse cmouse committed with cmouse Mar 29, 2015
Showing with 16 additions and 7 deletions.
  1. +15 −0 pdns/pkcs11signers.cc
  2. +1 −7 pdns/pkcs11signers.hh
View
@@ -857,6 +857,21 @@ DNSCryptoKeyEngine::storvector_t PKCS11DNSCryptoKeyEngine::convertToISCVector()
return storvect;
};
+void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
+ drc.d_algorithm = atoi(stormap["algorithm"].c_str());
+ d_module = stormap["engine"];
+ d_slot_id = atoi(stormap["slot"].c_str());
+ d_pin = stormap["pin"];
+ d_label = stormap["label"];
+ // validate parameters
+
+ boost::shared_ptr<Pkcs11Token> d_slot;
+ d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+ if (d_pin != "" && d_slot->LoggedIn() == false)
+ if (d_slot->Login(d_pin) == false)
+ throw PDNSException("Could not log in to token (PIN wrong?)");
+};
+
DNSCryptoKeyEngine* PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
{
return new PKCS11DNSCryptoKeyEngine(algorithm);
@@ -33,13 +33,7 @@ class PKCS11DNSCryptoKeyEngine : public DNSCryptoKeyEngine
std::string getPublicKeyString() const;
int getBits() const;
- void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
- drc.d_algorithm = atoi(stormap["algorithm"].c_str());
- d_module = stormap["engine"];
- d_slot_id = atoi(stormap["slot"].c_str());
- d_pin = stormap["pin"];
- d_label = stormap["label"];
- };
+ void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap);
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) { throw "Unimplemented"; };
void fromPublicKeyString(const std::string& content) { throw "Unimplemented"; };

0 comments on commit 4414468

Please sign in to comment.