Validate key when loading from ISC map

cmouse · cmouse · commit 4414468dc8cd · 2015-03-30T15:48:38.000+03:00
diff --git a/pdns/pkcs11signers.cc b/pdns/pkcs11signers.cc
@@ -857,6 +857,21 @@ DNSCryptoKeyEngine::storvector_t PKCS11DNSCryptoKeyEngine::convertToISCVector()
   return storvect;
 };
 
+void PKCS11DNSCryptoKeyEngine::fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
+  drc.d_algorithm = atoi(stormap["algorithm"].c_str());
+  d_module = stormap["engine"];
+  d_slot_id = atoi(stormap["slot"].c_str());
+  d_pin = stormap["pin"];
+  d_label = stormap["label"];
+  // validate parameters
+
+  boost::shared_ptr<Pkcs11Token> d_slot;
+  d_slot = Pkcs11Token::GetToken(d_module, d_slot_id, d_label);
+  if (d_pin != "" && d_slot->LoggedIn() == false)
+    if (d_slot->Login(d_pin) == false)
+      throw PDNSException("Could not log in to token (PIN wrong?)");
+};
+
 DNSCryptoKeyEngine* PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
 {
   return new PKCS11DNSCryptoKeyEngine(algorithm);
diff --git a/pdns/pkcs11signers.hh b/pdns/pkcs11signers.hh
@@ -33,13 +33,7 @@ class PKCS11DNSCryptoKeyEngine : public DNSCryptoKeyEngine
     std::string getPublicKeyString() const;
     int getBits() const;
 
-    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap) {
-      drc.d_algorithm = atoi(stormap["algorithm"].c_str());
-      d_module = stormap["engine"];
-      d_slot_id = atoi(stormap["slot"].c_str());
-      d_pin = stormap["pin"];
-      d_label = stormap["label"];
-    };
+    void fromISCMap(DNSKEYRecordContent& drc, stormap_t& stormap);
 
     void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) { throw "Unimplemented"; };
     void fromPublicKeyString(const std::string& content) { throw "Unimplemented"; };
