OpenDNSSEC-enforcer  2.0.4
hsm_key_factory.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
3  * Copyright (c) 2014 OpenDNSSEC AB (svb)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
29 #include "config.h"
30 
31 #include "db/hsm_key.h"
32 #include "db/policy.h"
33 #include "db/policy_key.h"
34 #include "db/key_data.h"
35 #include "log.h"
36 #include "scheduler/schedule.h"
37 #include "scheduler/task.h"
38 #include "enforcer/enforce_task.h"
39 #include "daemon/engine.h"
40 #include "duration.h"
41 #include "libhsm.h"
42 
43 #include <math.h>
44 #include <pthread.h>
45 
46 #include "hsmkey/hsm_key_factory.h"
47 
48 
53  time_t duration;
55 };
56 
57 static pthread_once_t __hsm_key_factory_once = PTHREAD_ONCE_INIT;
58 static pthread_mutex_t* __hsm_key_factory_lock = NULL;
59 
60 static void hsm_key_factory_init(void) {
61  pthread_mutexattr_t attr;
62 
63  if (!__hsm_key_factory_lock) {
64  if (!(__hsm_key_factory_lock = calloc(1, sizeof(pthread_mutex_t)))
65  || pthread_mutexattr_init(&attr)
66  || pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE)
67  || pthread_mutex_init(__hsm_key_factory_lock, &attr))
68  {
69  ods_log_error("[hsm_key_factory_init] mutex error");
70  if (__hsm_key_factory_lock) {
71  pthread_mutex_destroy(__hsm_key_factory_lock);
72  free(__hsm_key_factory_lock);
73  __hsm_key_factory_lock = NULL;
74  }
75  }
76  }
77 }
78 
80 {
81  if (__hsm_key_factory_lock) {
82  (void)pthread_mutex_destroy(__hsm_key_factory_lock);
83  free(__hsm_key_factory_lock);
84  __hsm_key_factory_lock = NULL;
85  }
86 }
87 
89  db_clause_list_t* clause_list;
90  hsm_key_t* hsm_key = NULL;
91  size_t num_keys;
92  zone_t* zone = NULL;
93  size_t num_zones;
94  ssize_t generate_keys;
95  libhsm_key_t *key = NULL;
96  hsm_ctx_t *hsm_ctx;
97  char* key_id;
98  hsm_repository_t* hsm;
99  char* hsm_err;
100 
101  if (!engine) {
102  return;
103  }
104  if (!policy_key) {
105  return;
106  }
107 
108  if (!__hsm_key_factory_lock) {
109  pthread_once(&__hsm_key_factory_once, hsm_key_factory_init);
110  if (!__hsm_key_factory_lock) {
111  ods_log_error("[hsm_key_factory_generate] mutex init error");
112  return;
113  }
114  }
115  if (pthread_mutex_lock(__hsm_key_factory_lock)) {
116  ods_log_error("[hsm_key_factory_generate] mutex lock error");
117  return;
118  }
119 
120  ods_log_debug("[hsm_key_factory_generate] repository %s role %s", policy_key_repository(policy_key), policy_key_role_text(policy_key));
121 
122  /*
123  * Get a count of unused keys that match our policy key to determine how
124  * many keys we need to make if any
125  */
126  if (!(clause_list = db_clause_list_new())
127  || !(hsm_key = hsm_key_new(connection))
128  || !hsm_key_policy_id_clause(clause_list, policy_key_policy_id(policy_key))
130  || !hsm_key_bits_clause(clause_list, policy_key_bits(policy_key))
131  || !hsm_key_algorithm_clause(clause_list, policy_key_algorithm(policy_key))
132  || !hsm_key_role_clause(clause_list, (hsm_key_role_t)policy_key_role(policy_key))
133  || !hsm_key_is_revoked_clause(clause_list, 0)
135  || !hsm_key_repository_clause(clause_list, policy_key_repository(policy_key))
136  || hsm_key_count(hsm_key, clause_list, &num_keys))
137  {
138  ods_log_error("[hsm_key_factory_generate] unable to count unused keys, database or memory allocation error");
139  hsm_key_free(hsm_key);
140  db_clause_list_free(clause_list);
141  pthread_mutex_unlock(__hsm_key_factory_lock);
142  return;
143  }
144  db_clause_list_free(clause_list);
145  hsm_key_free(hsm_key);
146 
147  /*
148  * Get the count of zones we have for the policy
149  */
150  if (!(clause_list = db_clause_list_new())
151  || !(zone = zone_new(connection))
152  || !zone_policy_id_clause(clause_list, policy_key_policy_id(policy_key))
153  || zone_count(zone, clause_list, &num_zones))
154  {
155  ods_log_error("[hsm_key_factory_generate] unable to count zones for policy, database or memory allocation error");
156  zone_free(zone);
157  db_clause_list_free(clause_list);
158  pthread_mutex_unlock(__hsm_key_factory_lock);
159  return;
160  }
161  zone_free(zone);
162  db_clause_list_free(clause_list);
163 
164  /*
165  * Calculate the number of keys we need to generate now but exit if we do
166  * not have to generate any keys
167  */
168  if (!policy_key_lifetime(policy_key)) {
169  pthread_mutex_unlock(__hsm_key_factory_lock);
170  return;
171  }
172  /* OPENDNSSEC-690: this function is called per-zone, and the policy id differs per zone, thus the
173  * keys generated will never be shared.
174  * Additionally, this used to calculate the number of keys to be generated based upon the
175  * duration, times the number of zones. Not only is this wrong when using shared keys, but
176  * also for non-shared keys, this function would be called per-zone, with a different id for each
177  * zone.
178  */
179  duration = (duration ? duration : engine->config->automatic_keygen_duration);
180  generate_keys = (ssize_t)ceil(duration / (double)policy_key_lifetime(policy_key));
181  if (num_zones == 0 || (ssize_t)num_keys >= generate_keys) {
182  pthread_mutex_unlock(__hsm_key_factory_lock);
183  return;
184  }
185 
186  if (policy != NULL) {
187  ods_log_info("%lu zone(s) found on policy \"%s\"", num_zones, policy_name(policy));
188  } else {
189  ods_log_info("%lu zone(s) found on policy <unknown>", num_zones);
190  }
191  ods_log_info("[hsm_key_factory_generate] %lu keys needed for %lu "
192  "zones covering %lld seconds, generating %lu keys for policy %s",
193  generate_keys, num_zones, (long long)duration,
194  (unsigned long)(generate_keys-num_keys), /* This is safe because we checked num_keys < generate_keys */
195  policy_name(policy));
196  generate_keys -= num_keys;
197  ods_log_info("%ld new %s(s) (%d bits) need to be created.", (long) generate_keys, policy_key_role_text(policy_key), policy_key_bits(policy_key));
198 
199  /*
200  * Create a HSM context and check that the repository exists
201  */
202  if (!(hsm_ctx = hsm_create_context())) {
203  pthread_mutex_unlock(__hsm_key_factory_lock);
204  return;
205  }
206  if (!hsm_token_attached(hsm_ctx, policy_key_repository(policy_key))) {
207  if ((hsm_err = hsm_get_error(hsm_ctx))) {
208  ods_log_error("[hsm_key_factory_generate] unable to check for repository %s, HSM error: %s", policy_key_repository(policy_key), hsm_err);
209  free(hsm_err);
210  }
211  else {
212  ods_log_error("[hsm_key_factory_generate] unable to find repository %s in HSM", policy_key_repository(policy_key));
213  }
214  hsm_destroy_context(hsm_ctx);
215  pthread_mutex_unlock(__hsm_key_factory_lock);
216  return;
217  }
218 
219  /*
220  * Generate a HSM keys
221  */
222  while (generate_keys--) {
223  /*
224  * Find the HSM repository to get the backup configuration
225  */
226  hsm = engine->config->repositories;
227  while (hsm) {
228  if (!strcmp(hsm->name, policy_key_repository(policy_key))) {
229  break;
230  }
231  hsm = hsm->next;
232  }
233  if (!hsm) {
234  ods_log_error("[hsm_key_factory_generate] unable to find repository %s needed for key generation", policy_key_repository(policy_key));
235  hsm_destroy_context(hsm_ctx);
236  pthread_mutex_unlock(__hsm_key_factory_lock);
237  return;
238  }
239 
240  if ((key = hsm_generate_rsa_key(hsm_ctx, policy_key_repository(policy_key), policy_key_bits(policy_key)))) {
241  /*
242  * The key ID is the locator and we check first that we can get it
243  */
244  if (!(key_id = hsm_get_key_id(hsm_ctx, key))) {
245  if ((hsm_err = hsm_get_error(hsm_ctx))) {
246  ods_log_error("[hsm_key_factory_generate] unable to get the ID of the key generated, HSM error: %s", hsm_err);
247  free(hsm_err);
248  }
249  else {
250  ods_log_error("[hsm_key_factory_generate] unable to get the ID of the key generated");
251  }
252  free(key);
253  hsm_destroy_context(hsm_ctx);
254  pthread_mutex_unlock(__hsm_key_factory_lock);
255  return;
256  }
257 
258  /*
259  * Create the HSM key (database object)
260  */
261  if (!(hsm_key = hsm_key_new(connection))
262  || hsm_key_set_algorithm(hsm_key, policy_key_algorithm(policy_key))
263  || hsm_key_set_backup(hsm_key, (hsm->require_backup ? HSM_KEY_BACKUP_BACKUP_REQUIRED : HSM_KEY_BACKUP_NO_BACKUP))
264  || hsm_key_set_bits(hsm_key, policy_key_bits(policy_key))
265  || hsm_key_set_inception(hsm_key, time_now())
267  || hsm_key_set_locator(hsm_key, key_id)
268  || hsm_key_set_policy_id(hsm_key, policy_key_policy_id(policy_key))
269  || hsm_key_set_repository(hsm_key, policy_key_repository(policy_key))
270  || hsm_key_set_role(hsm_key, (hsm_key_role_t)policy_key_role(policy_key))
272  || hsm_key_create(hsm_key))
273  {
274  ods_log_error("[hsm_key_factory_generate] hsm key creation failed, database or memory error");
275  hsm_key_free(hsm_key);
276  free(key_id);
277  free(key);
278  hsm_destroy_context(hsm_ctx);
279  pthread_mutex_unlock(__hsm_key_factory_lock);
280  return;
281  }
282 
283  ods_log_debug("[hsm_key_factory_generate] generated key %s successfully", key_id);
284 
285  hsm_key_free(hsm_key);
286  free(key_id);
287  free(key);
288  }
289  else {
290  if ((hsm_err = hsm_get_error(hsm_ctx))) {
291  ods_log_error("[hsm_key_factory_generate] key generation failed, HSM error: %s", hsm_err);
292  free(hsm_err);
293  }
294  else {
295  ods_log_error("[hsm_key_factory_generate] key generation failed");
296  }
297  hsm_destroy_context(hsm_ctx);
298  pthread_mutex_unlock(__hsm_key_factory_lock);
299  return;
300  }
301  }
302  hsm_destroy_context(hsm_ctx);
303  pthread_mutex_unlock(__hsm_key_factory_lock);
304 }
305 
308  const policy_key_t* policy_key;
309 
310  if (!engine) {
311  return;
312  }
313  if (!policy) {
314  return;
315  }
316  if (!connection) {
317  return;
318  }
319 
320  if (!__hsm_key_factory_lock) {
321  pthread_once(&__hsm_key_factory_once, hsm_key_factory_init);
322  if (!__hsm_key_factory_lock) {
323  ods_log_error("[hsm_key_factory_generate_policy] mutex init error");
324  return;
325  }
326  }
327  if (pthread_mutex_lock(__hsm_key_factory_lock)) {
328  ods_log_error("[hsm_key_factory_generate_policy] mutex lock error");
329  return;
330  }
331 
332  ods_log_debug("[hsm_key_factory_generate_policy] policy %s", policy_name(policy));
333 
334  /*
335  * Get all policy keys for the specified policy and generate new keys if
336  * needed
337  */
338  if (!(policy_key_list = policy_key_list_new_get_by_policy_id(connection, policy_id(policy)))) {
339  pthread_mutex_unlock(__hsm_key_factory_lock);
340  return;
341  }
342 
343  while ((policy_key = policy_key_list_next(policy_key_list))) {
344  hsm_key_factory_generate(engine, connection, policy, policy_key, duration);
345  }
346  policy_key_list_free(policy_key_list);
347  pthread_mutex_unlock(__hsm_key_factory_lock);
348 }
349 
352  const policy_t* policy;
354  const policy_key_t* policy_key;
355 
356  if (!engine) {
357  return;
358  }
359  if (!connection) {
360  return;
361  }
362 
363  if (!__hsm_key_factory_lock) {
364  pthread_once(&__hsm_key_factory_once, hsm_key_factory_init);
365  if (!__hsm_key_factory_lock) {
366  ods_log_error("[hsm_key_factory_generate_all] mutex init error");
367  return;
368  }
369  }
370  if (pthread_mutex_lock(__hsm_key_factory_lock)) {
371  ods_log_error("[hsm_key_factory_generate_all] mutex lock error");
372  return;
373  }
374 
375  ods_log_debug("[hsm_key_factory_generate_all] generating keys");
376 
377  /*
378  * Get all the policies and for each get all the policy keys and generate
379  * new keys for them if needed
380  */
381  if (!(policy_list = policy_list_new_get(connection))) {
382  pthread_mutex_unlock(__hsm_key_factory_lock);
383  return;
384  }
385  while ((policy = policy_list_next(policy_list))) {
386  if (!(policy_key_list = policy_key_list_new_get_by_policy_id(connection, policy_id(policy)))) {
387  continue;
388  }
389 
390  while ((policy_key = policy_key_list_next(policy_key_list))) {
391  hsm_key_factory_generate(engine, connection, policy, policy_key, duration);
392  }
393  policy_key_list_free(policy_key_list);
394  }
395  policy_list_free(policy_list);
396  pthread_mutex_unlock(__hsm_key_factory_lock);
397 }
398 
399 static task_type* hsm_key_factory_generate_task(task_type *task) {
400  struct __hsm_key_factory_task* task2;
401  policy_t* policy;
402 
403  if (!task) {
404  return NULL;
405  }
406  task2 = (struct __hsm_key_factory_task*)task->context;
407  if (!task2
408  || !(task2->engine)
409  || !(task2->policy_key))
410  {
411  task_cleanup(task);
412  if (task2) {
413  free(task2);
414  }
415  return NULL;
416  }
417  if ((policy = policy_new(task->dbconn)) != NULL) {
418  if (policy_get_by_id(policy, policy_key_policy_id(task2->policy_key))) {
419  policy_free(policy);
420  policy = NULL;
421  }
422  }
423 
424  ods_log_debug("[hsm_key_factory_generate_task] generate for policy key [duration: %lu]", (unsigned long)task2->duration);
425  hsm_key_factory_generate(task2->engine, task->dbconn, policy, task2->policy_key, task2->duration);
426  ods_log_debug("[hsm_key_factory_generate_task] generate for policy key done");
427  policy_key_free(task2->policy_key);
428  task2->policy_key = NULL;
429  if(policy != NULL) {
430  policy_free(policy);
431  policy = NULL;
432  }
433  if (task2->reschedule_enforce_task)
434  flush_enforce_task(task2->engine, 1);
435  task_cleanup(task);
436  return NULL;
437 }
438 
439 static task_type* hsm_key_factory_generate_policy_task(task_type *task) {
440  struct __hsm_key_factory_task* task2;
441 
442  if (!task) {
443  return NULL;
444  }
445  task2 = (struct __hsm_key_factory_task*)task->context;
446  if (!task2
447  || !(task2->engine)
448  || !(task2->policy))
449  {
450  task_cleanup(task);
451  if (task2) {
452  free(task2);
453  }
454  return NULL;
455  }
456 
457  ods_log_debug("[hsm_key_factory_generate_policy_task] generate for policy [duration: %lu]", (unsigned long) task2->duration);
458  hsm_key_factory_generate_policy(task2->engine, task->dbconn, task2->policy, task2->duration);
459  ods_log_debug("[hsm_key_factory_generate_policy_task] generate for policy done");
460  task_cleanup(task);
461  return NULL;
462 }
463 
464 static task_type* hsm_key_factory_generate_all_task(task_type *task) {
465  struct __hsm_key_factory_task* task2;
466 
467  if (!task) {
468  return NULL;
469  }
470  task2 = (struct __hsm_key_factory_task*)task->context;
471  if (!task->dbconn
472  || !task2
473  || !task2->engine)
474  {
475  task_cleanup(task);
476  if (task2) {
477  free(task2);
478  }
479  return NULL;
480  }
481 
482  ods_log_debug("[hsm_key_factory_generate_all_task] generate for all policies [duration: %lu]", (unsigned long)task2->duration);
483  hsm_key_factory_generate_all(task2->engine, task->dbconn, task2->duration);
484  ods_log_debug("[hsm_key_factory_generate_all_task] generate for all policies done");
485  task_cleanup(task);
486  return NULL;
487 }
488 
489 static task_type* hsm_key_factory_clean_context(task_type *task)
490 {
491  free(task->context);
492  task->context = NULL;
493  return task;
494 }
495 
505 static int
506 hsm_key_factory_schedule_generate(engine_type* engine,
507  const policy_key_t* policy_key_orig, time_t duration,
509 {
510  task_id what_id;
512  task_type* task = NULL;
513  struct __hsm_key_factory_task* task2 = NULL;
514 
515  if (!(task2 = calloc(1, sizeof(struct __hsm_key_factory_task)))) {
516  return 1;
517  }
518  if (!(policy_key = policy_key_new_copy(policy_key_orig))) {
519  free(task2);
520  return 1;
521  }
522 
523  task2->engine = engine;
524  task2->policy_key = policy_key;
525  task2->duration = duration;
527 
528  what_id = task_register("hsmkeygen", "hsm_key_factory_schedule_generation",
529  hsm_key_factory_generate_task);
530  if (what_id == TASK_NONE
531  || !(task = task_create(what_id, time_now(), "policy_key",
532  "hsmkeygen", task2, hsm_key_factory_clean_context))
533  || schedule_task(engine->taskq, task) != ODS_STATUS_OK)
534  {
535  if (!task) {
536  free(task2);
537  policy_key_free(policy_key);
538  }
539  task_cleanup(task);
540  return 1;
541  }
542  return 0;
543 }
544 
546  const policy_t* policy_orig, time_t duration)
547 {
548  task_id what_id;
549  policy_t* policy;
550  task_type* task = NULL;
551  struct __hsm_key_factory_task* task2 = NULL;
552 
553  if (!(task2 = calloc(1, sizeof(struct __hsm_key_factory_task)))) {
554  return 1;
555  }
556  if (!(policy = policy_new_copy(policy_orig))) {
557  free(task2);
558  return 1;
559  }
560 
561  task2->engine = engine;
562  task2->policy = policy;
563  task2->duration = duration;
564 
565  what_id = task_register("hsmkeygen", "hsm_key_factory_schedule_generation_policy",
566  hsm_key_factory_generate_policy_task);
567  if (what_id == TASK_NONE
568  || !(task = task_create(what_id, time_now(), "policy",
569  "hsmkeygen", task2, hsm_key_factory_clean_context))
570  || schedule_task(engine->taskq, task) != ODS_STATUS_OK)
571  {
572  if (!task) {
573  free(task2);
574  policy_free(policy);
575  }
576  task_cleanup(task);
577  return 1;
578  }
579  return 0;
580 }
581 
583  task_id what_id;
584  task_type* task = NULL;
585  struct __hsm_key_factory_task* task2 = NULL;
586 
587  if (!(task2 = calloc(1, sizeof(struct __hsm_key_factory_task)))) {
588  return 1;
589  }
590 
591  task2->engine = engine;
592  task2->duration = duration;
593  task2->policy_key = NULL;
594 
595  what_id = task_register("hsmkeygen", "hsm_key_factory_schedule_generation",
596  hsm_key_factory_generate_all_task);
597  if (what_id == TASK_NONE
598  || !(task = task_create(what_id, time_now(), "all policies",
599  "hsmkeygen", task2, hsm_key_factory_clean_context))
600  || schedule_task(engine->taskq, task) != ODS_STATUS_OK)
601  {
602  if (!task) free(task2);
603  task_cleanup(task);
604  return 1;
605  }
606  return 0;
607 }
608 
610  const db_connection_t* connection, const policy_key_t* policy_key,
612 {
613  db_clause_list_t* clause_list;
616 
617  if (!connection) {
618  return NULL;
619  }
620  if (!policy_key) {
621  return NULL;
622  }
623  if (hsm_key_state != HSM_KEY_STATE_PRIVATE
624  && hsm_key_state != HSM_KEY_STATE_SHARED)
625  {
626  return NULL;
627  }
628 
629  ods_log_debug("[hsm_key_factory_get_key] get %s key", (hsm_key_state == HSM_KEY_STATE_PRIVATE ? "private" : "shared"));
630 
631  /*
632  * Get a list of unused HSM keys matching our requirments
633  */
634  if (!(clause_list = db_clause_list_new())
635  || !hsm_key_policy_id_clause(clause_list, policy_key_policy_id(policy_key))
637  || !hsm_key_bits_clause(clause_list, policy_key_bits(policy_key))
638  || !hsm_key_algorithm_clause(clause_list, policy_key_algorithm(policy_key))
639  || !hsm_key_role_clause(clause_list, (hsm_key_role_t)policy_key_role(policy_key))
640  || !hsm_key_is_revoked_clause(clause_list, 0)
642  || !hsm_key_repository_clause(clause_list, policy_key_repository(policy_key))
643  || !(hsm_key_list = hsm_key_list_new_get_by_clauses(connection, clause_list)))
644  {
645  ods_log_error("[hsm_key_factory_get_key] unable to list keys, database or memory allocation error");
646  db_clause_list_free(clause_list);
647  return NULL;
648  }
649  db_clause_list_free(clause_list);
650 
651  /*
652  * If there are no keys returned in the list we schedule generation and
653  * return NULL
654  */
655  if (!(hsm_key = hsm_key_list_get_next(hsm_key_list))) {
656  ods_log_warning("[hsm_key_factory_get_key] no keys available");
657  hsm_key_factory_schedule_generate(engine, policy_key, 0, 1);
658  hsm_key_list_free(hsm_key_list);
659  return NULL;
660  }
661  hsm_key_list_free(hsm_key_list);
662 
663  /*
664  * Update the state of the returned HSM key
665  */
666  if (hsm_key_set_state(hsm_key, hsm_key_state)
667  || hsm_key_update(hsm_key))
668  {
669  ods_log_debug("[hsm_key_factory_get_key] unable to update fetched key");
670  hsm_key_free(hsm_key);
671  return NULL;
672  }
673 
674  /*
675  * Schedule generation because we used up a key and return the HSM key
676  */
677  ods_log_debug("[hsm_key_factory_get_key] key allocated");
678  hsm_key_factory_schedule_generate(engine, policy_key, 0, 0);
679  return hsm_key;
680 }
681 
684  db_clause_list_t* clause_list = NULL;
685  key_data_t* key_data = NULL;
686  size_t count;
687 
688  if (!hsm_key_id) {
689  return 1;
690  }
691  if (!connection) {
692  return 1;
693  }
694 
695  if (!(hsm_key = hsm_key_new(connection))
696  || !(clause_list = db_clause_list_new())
697  || !(key_data = key_data_new(connection))
698  || !key_data_hsm_key_id_clause(clause_list, hsm_key_id)
699  || key_data_count(key_data, clause_list, &count))
700  {
701  ods_log_debug("[hsm_key_factory_release_key_id] unable to check usage of hsm_key, database or memory allocation error");
702  key_data_free(key_data);
703  db_clause_list_free(clause_list);
704  hsm_key_free(hsm_key);
705  return 1;
706  }
707  key_data_free(key_data);
708  db_clause_list_free(clause_list);
709 
710  if (count > 0) {
711  ods_log_debug("[hsm_key_factory_release_key_id] unable to release hsm_key, in use");
712  hsm_key_free(hsm_key);
713  return 0;
714  }
715 
716  if (hsm_key_get_by_id(hsm_key, hsm_key_id)) {
717  ods_log_debug("[hsm_key_factory_release_key_id] unable to fetch hsm_key");
718  hsm_key_free(hsm_key);
719  return 1;
720  }
721 
722  if (hsm_key_state(hsm_key) == HSM_KEY_STATE_DELETE) {
723  ods_log_debug("[hsm_key_factory_release_key_id] hsm_key already DELETE (?)");
724  hsm_key_free(hsm_key);
725  return 0;
726  }
727 
729  || hsm_key_update(hsm_key))
730  {
731  ods_log_debug("[hsm_key_factory_release_key_id] unable to change hsm_key state to DELETE");
732  hsm_key_free(hsm_key);
733  return 1;
734  }
735  ods_log_debug("[hsm_key_factory_release_key_id] key %s marked DELETE", hsm_key_locator(hsm_key));
736 
737  hsm_key_free(hsm_key);
738  return 0;
739 }
740 
742  db_clause_list_t* clause_list = NULL;
743  key_data_t* key_data = NULL;
744  size_t count;
745 
746  if (!hsm_key) {
747  return 1;
748  }
749  if (!connection) {
750  return 1;
751  }
752 
753  if (!(clause_list = db_clause_list_new())
754  || !(key_data = key_data_new(connection))
755  || !key_data_hsm_key_id_clause(clause_list, hsm_key_id(hsm_key))
756  || key_data_count(key_data, clause_list, &count))
757  {
758  ods_log_debug("[hsm_key_factory_release_key] unable to check usage of hsm_key, database or memory allocation error");
759  key_data_free(key_data);
760  db_clause_list_free(clause_list);
761  return 1;
762  }
763  key_data_free(key_data);
764  db_clause_list_free(clause_list);
765 
766  if (count > 0) {
767  ods_log_debug("[hsm_key_factory_release_key] unable to release hsm_key, in use");
768  return 0;
769  }
770 
771  if (hsm_key_state(hsm_key) == HSM_KEY_STATE_DELETE) {
772  ods_log_debug("[hsm_key_factory_release_key] hsm_key already DELETE (?)");
773  return 0;
774  }
775 
777  || hsm_key_update(hsm_key))
778  {
779  ods_log_debug("[hsm_key_factory_release_key] unable to change hsm_key state to DELETE");
780  return 1;
781  }
782  ods_log_debug("[hsm_key_factory_release_key] key %s marked DELETE", hsm_key_locator(hsm_key));
783 
784  return 0;
785 }
const policy_key_t * policy_key_list_next(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1378
Definition: task.h:42
int hsm_key_set_locator(hsm_key_t *hsm_key, const char *locator_text)
Definition: hsm_key.c:603
int hsm_key_set_role(hsm_key_t *hsm_key, hsm_key_role_t role)
Definition: hsm_key.c:658
void policy_list_free(policy_list_t *policy_list)
Definition: policy.c:2664
void ods_log_debug(const char *format,...)
Definition: log.c:41
hsm_key_t * hsm_key_factory_get_key(engine_type *engine, const db_connection_t *connection, const policy_key_t *policy_key, hsm_key_state_t hsm_key_state)
db_clause_list_t * db_clause_list_new(void)
Definition: db_clause.c:202
int hsm_key_set_key_type(hsm_key_t *hsm_key, hsm_key_key_type_t key_type)
Definition: hsm_key.c:681
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
policy_key_t * policy_key
int hsm_key_get_by_id(hsm_key_t *hsm_key, const db_value_t *id)
Definition: hsm_key.c:1102
void hsm_key_factory_generate_policy(engine_type *engine, const db_connection_t *connection, const policy_t *policy, time_t duration)
int hsm_key_set_policy_id(hsm_key_t *hsm_key, const db_value_t *policy_id)
Definition: hsm_key.c:584
time_t automatic_keygen_duration
Definition: cfg.h:77
void ods_log_info(const char *format,...)
Definition: log.c:55
int hsm_key_set_bits(hsm_key_t *hsm_key, unsigned int bits)
Definition: hsm_key.c:638
int hsm_key_set_repository(hsm_key_t *hsm_key, const char *repository_text)
Definition: hsm_key.c:694
int hsm_key_set_inception(hsm_key_t *hsm_key, unsigned int inception)
Definition: hsm_key.c:671
int hsm_key_set_algorithm(hsm_key_t *hsm_key, unsigned int algorithm)
Definition: hsm_key.c:648
void * context
Definition: task.h:68
ods_status schedule_task(schedule_type *schedule, task_type *task)
Definition: schedule.c:401
void ods_log_error(const char *format,...)
Definition: log.c:69
int hsm_key_set_backup(hsm_key_t *hsm_key, hsm_key_backup_t backup)
Definition: hsm_key.c:716
db_clause_t * key_data_hsm_key_id_clause(db_clause_list_t *clause_list, const db_value_t *hsm_key_id)
Definition: key_data.c:1003
enum task_id_enum task_id
Definition: task.h:53
hsm_key_state
Definition: hsm_key.h:40
void zone_free(zone_t *zone)
Definition: zone.c:325
void db_clause_list_free(db_clause_list_t *clause_list)
Definition: db_clause.c:209
db_clause_t * hsm_key_is_revoked_clause(db_clause_list_t *clause_list, unsigned int is_revoked)
Definition: hsm_key.c:840
int hsm_key_factory_release_key(hsm_key_t *hsm_key, const db_connection_t *connection)
int hsm_key_update(hsm_key_t *hsm_key)
Definition: hsm_key.c:1225
enum hsm_key_state hsm_key_state_t
void hsm_key_factory_deinit(void)
engineconfig_type * config
Definition: engine.h:53
const char * policy_key_repository(const policy_key_t *policy_key)
Definition: policy_key.c:534
void policy_free(policy_t *policy)
Definition: policy.c:518
int hsm_key_count(hsm_key_t *hsm_key, db_clause_list_t *clause_list, size_t *count)
Definition: hsm_key.c:1435
int zone_count(zone_t *zone, db_clause_list_t *clause_list, size_t *count)
Definition: zone.c:1930
hsm_repository_t * repositories
Definition: cfg.h:78
zone_t * zone_new(const db_connection_t *connection)
Definition: zone.c:287
unsigned int policy_key_lifetime(const policy_key_t *policy_key)
Definition: policy_key.c:526
key_data_t * key_data_new(const db_connection_t *connection)
Definition: key_data.c:264
void task_cleanup(task_type *task)
Definition: task.c:147
db_connection_t * dbconn
Definition: task.h:71
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
void hsm_key_factory_generate(engine_type *engine, const db_connection_t *connection, const policy_t *policy, const policy_key_t *policy_key, time_t duration)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
Definition: hsm_key.c:520
int hsm_key_factory_schedule_generate_all(engine_type *engine, time_t duration)
policy_list_t * policy_list_new_get(const db_connection_t *connection)
Definition: policy.c:3076
db_clause_t * hsm_key_policy_id_clause(db_clause_list_t *clause_list, const db_value_t *policy_id)
Definition: hsm_key.c:729
policy_t * policy_new_copy(const policy_t *policy)
Definition: policy.c:499
db_clause_t * hsm_key_repository_clause(db_clause_list_t *clause_list, const char *repository_text)
Definition: hsm_key.c:882
int hsm_key_create(hsm_key_t *hsm_key)
Definition: hsm_key.c:927
const char * policy_key_role_text(const policy_key_t *policy_key)
Definition: policy_key.c:494
hsm_key_t * hsm_key_list_get_next(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1990
const policy_t * policy_list_next(policy_list_t *policy_list)
Definition: policy.c:3211
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
schedule_type * taskq
Definition: engine.h:55
int hsm_key_factory_schedule_generate_policy(engine_type *engine, const policy_t *policy_orig, time_t duration)
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
task_id task_register(const char *short_name, const char *long_name, how_type how)
Definition: task.c:82
void hsm_key_factory_generate_all(engine_type *engine, const db_connection_t *connection, time_t duration)
hsm_key_list_t * hsm_key_list_new_get_by_clauses(const db_connection_t *connection, const db_clause_list_t *clause_list)
Definition: hsm_key.c:1726
task_type * task_create(task_id what_id, time_t when, const char *who, const char *what, void *context, how_type clean_context)
Definition: task.c:110
Definition: policy.h:60
Definition: zone.h:46
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
Definition: policy_key.c:510
int hsm_key_set_state(hsm_key_t *hsm_key, hsm_key_state_t state)
Definition: hsm_key.c:625
db_clause_t * hsm_key_algorithm_clause(db_clause_list_t *clause_list, unsigned int algorithm)
Definition: hsm_key.c:798
db_clause_t * hsm_key_bits_clause(db_clause_list_t *clause_list, unsigned int bits)
Definition: hsm_key.c:777
db_clause_t * zone_policy_id_clause(db_clause_list_t *clause_list, const db_value_t *policy_id)
Definition: zone.c:1179
policy_key_t * policy_key_new_copy(const policy_key_t *policy_key)
Definition: policy_key.c:227
void hsm_key_list_free(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1496
policy_key_role
Definition: policy_key.h:40
unsigned int policy_key_bits(const policy_key_t *policy_key)
Definition: policy_key.c:518
void policy_key_list_free(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1006
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
int key_data_count(key_data_t *key_data, db_clause_list_t *clause_list, size_t *count)
Definition: key_data.c:1633
const db_value_t * policy_id(const policy_t *policy)
Definition: policy.c:805
const db_value_t * policy_key_policy_id(const policy_key_t *policy_key)
Definition: policy_key.c:478
void ods_log_warning(const char *format,...)
Definition: log.c:62
int policy_get_by_id(policy_t *policy, const db_value_t *id)
Definition: policy.c:1987
int hsm_key_factory_release_key_id(const db_value_t *hsm_key_id, const db_connection_t *connection)
int flush_enforce_task(engine_type *engine, bool enforce_all)
Definition: enforce_task.c:323
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
db_clause_t * hsm_key_key_type_clause(db_clause_list_t *clause_list, hsm_key_key_type_t key_type)
Definition: hsm_key.c:861
policy_key_list_t * policy_key_list_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: policy_key.c:1299
db_clause_t * hsm_key_role_clause(db_clause_list_t *clause_list, hsm_key_role_t role)
Definition: hsm_key.c:819
enum hsm_key_role hsm_key_role_t
hsm_key_t * hsm_key_new(const db_connection_t *connection)
Definition: hsm_key.c:244
db_clause_t * hsm_key_state_clause(db_clause_list_t *clause_list, hsm_key_state_t state)
Definition: hsm_key.c:756