Permalink
Browse files

Make sure they key isn't being reused

  • Loading branch information...
1 parent 0600350 commit c011a018055eedaff3b57cf846afe53a6af5de26 @cmouse cmouse committed with cmouse Mar 29, 2015
Showing with 18 additions and 2 deletions.
  1. +18 −2 pdns/pdnssec.cc
View
@@ -1976,6 +1976,7 @@ try
if (cmds[1] == "assign") {
DNSCryptoKeyEngine::storvector_t storvect;
DomainInfo di;
+ std::vector<DNSBackend::KeyData> keys;
if (cmds.size() < 9) {
std::cout << "Usage: pdnssec hsm assign zone algorithm ksk|zsk module slot pin label" << std::endl;
@@ -2011,15 +2012,30 @@ try
dpk.d_flags = (keyOrZone ? 257 : 256);
dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str())));
+ // make sure this key isn't being reused.
+ B.getDomainKeys(zone, 0, keys);
+ id = -1;
+
+ BOOST_FOREACH(DNSBackend::KeyData& kd, keys) {
+ if (kd.content == iscString.str()) {
+ // it's this one, I guess...
+ id = kd.id;
+ break;
+ }
+ }
+
+ if (id > -1) {
+ cerr << "You have already assigned this key with ID=" << id << std::endl;
+ return 1;
+ }
+
if (!(id = dk.addKey(zone, dpk))) {
cerr << "Unable to assign module slot to zone" << std::endl;
return 1;
}
// figure out key id.
- std::vector<DNSBackend::KeyData> keys;
-
B.getDomainKeys(zone, 0, keys);
// validate which one got the key...

0 comments on commit c011a01

Please sign in to comment.