offline_ksk: keymgr generate-ksr requires specified from-to

2642d78c · Libor Peltan · Daniel Salzman · 99168b7a · 2642d78c · 2642d78c
Commit 2642d78c authored Dec 18, 2018 by Libor Peltan Committed by Daniel Salzman Dec 18, 2018
6 changed files
--- a/doc/man/keymgr.8in
+++ b/doc/man/keymgr.8in
@@ -140,7 +140,7 @@ Delete pre\-generated offline key\-related records in specified time interval.
 \fBdel\-all\-old\fP
 Delete old keys that are in state \(aqremoved\(aq.
 .TP
-\fBgenerate\-ksr\fP \fItimestamp\fP
+\fBgenerate\-ksr\fP \fItimestamp\-from\fP \fItimestamp\-to\fP
 Print to stdout KeySigningRequest based on pre\-generated ZSKs for specified period.
 .TP
 \fBsign\-ksr\fP \fIksr_file\fP

--- a/doc/man_keymgr.rst
+++ b/doc/man_keymgr.rst
@@ -117,7 +117,7 @@ Commands related to Offline KSK feature
 **del-all-old**
  Delete old keys that are in state 'removed'.

-**generate-ksr** *timestamp*
+**generate-ksr** *timestamp-from* *timestamp-to*
  Print to stdout KeySigningRequest based on pre-generated ZSKs for specified period.

 **sign-ksr** *ksr_file*

--- a/src/utils/keymgr/main.c
+++ b/src/utils/keymgr/main.c
@@ -85,7 +85,7 @@ static void print_help(void)
 	       "                 (syntax: del-offline <from> <to>)\n"
 	       "  del-all-old   Delete old keys that are in state 'removed'.\n"
 	       "  generate-ksr  Print to stdout KeySigningRequest based on pre-generated ZSKS.\n"
-	       "                 (syntax: generate-ksr <timestamp>)\n"
+	       "                 (syntax: generate-ksr <from> <to>)\n"
 	       "  sign-ksr      Read KeySigningRequest from a file, sign it and print SignedKeyResponse to stdout.\n"
 	       "                 (syntax: sign-ksr <ksr_file>)\n"
 	       "  import-skr    Import DNSKEY record signatures from a SignedKeyResponse.\n"
@@ -144,6 +144,13 @@ static int key_command(int argc, char *argv[], int opt_ind)
 		goto main_end; \
 	}

+#define CHECK_MISSING_ARG2(msg) \
+	if (argc < 4) { \
+		printf("%s\n", (msg)); \
+		ret = KNOT_EINVAL; \
+		goto main_end; \
+	}
+
 	bool print_ok_on_succes = true;
 	if (strcmp(argv[1], "generate") == 0) {
 		ret = keymgr_generate_key(&kctx, argc - 2, argv + 2);
@@ -229,17 +236,13 @@ static int key_command(int argc, char *argv[], int opt_ind)
 		CHECK_MISSING_ARG("Timestamp not specified");
 		ret = keymgr_print_offline_records(&kctx, argv[2], argc > 3 ? argv[3] : NULL);
 	} else if (strcmp(argv[1], "del-offline") == 0) {
-		if (argc < 4) {
-			printf("Timestamps from-to not specified\n");
-			ret = KNOT_EINVAL;
-			goto main_end;
-		}
+		CHECK_MISSING_ARG2("Timestamps from-to not specified");
 		ret = keymgr_delete_offline_records(&kctx, argv[2], argv[3]);
 	} else if (strcmp(argv[1], "del-all-old") == 0) {
 		ret = keymgr_del_all_old(&kctx);
 	} else if (strcmp(argv[1], "generate-ksr") == 0) {
-		CHECK_MISSING_ARG("Timestamp not specified");
-		ret = keymgr_print_ksr(&kctx, argv[2]);
+		CHECK_MISSING_ARG2("Timestamps from-to not specified");
+		ret = keymgr_print_ksr(&kctx, argv[2], argv[3]);
 		print_ok_on_succes = false;
 	} else if (strcmp(argv[1], "sign-ksr") == 0) {
 		CHECK_MISSING_ARG("Input file not specified");

--- a/src/utils/keymgr/offline_ksk.c
+++ b/src/utils/keymgr/offline_ksk.c
@@ -221,28 +221,29 @@ done:
 	return ret;
 }

-int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg)
+int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to)
 {
-	knot_time_t upto;
-	int ret = parse_timestamp(arg, &upto);
+	knot_time_t from, to;
+	int ret = parse_timestamp(arg_from, &from);
+	if (ret != KNOT_EOK) {
+		return ret;
+	}
+	ret = parse_timestamp(arg_to, &to);
 	if (ret != KNOT_EOK) {
 		return ret;
 	}

-	knot_time_t next = ctx->now;
-	ret = KNOT_EOK;
 	char *buf = NULL;
 	size_t buf_size = 4096;
-
-	while (ret == KNOT_EOK && knot_time_cmp(next, upto) < 0) {
-		ctx->now = next;
-		ret = ksr_once(ctx, &buf, &buf_size, &next);
+	while (ret == KNOT_EOK && knot_time_cmp(from, to) < 0) {
+		ctx->now = from;
+		ret = ksr_once(ctx, &buf, &buf_size, &from);
 	}
 	if (ret != KNOT_EOK) {
 		free(buf);
 		return ret;
 	}
-	ctx->now = upto;
+	ctx->now = to;
 	// force end of period as a KSR timestamp
 	ret = ksr_once(ctx, &buf, &buf_size, NULL);


--- a/src/utils/keymgr/offline_ksk.h
+++ b/src/utils/keymgr/offline_ksk.h
@@ -26,7 +26,7 @@ int keymgr_delete_offline_records(kdnssec_ctx_t *ctx, char *arg_from, char *arg_

 int keymgr_del_all_old(kdnssec_ctx_t *ctx);

-int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg);
+int keymgr_print_ksr(kdnssec_ctx_t *ctx, char *arg_from, char *arg_to);

 int keymgr_sign_ksr(kdnssec_ctx_t *ctx, const char *ksr_file);


--- a/tests-extra/tests/dnssec/offline_ksk/test.py
+++ b/tests-extra/tests/dnssec/offline_ksk/test.py
@@ -120,7 +120,7 @@ key_zsk1 = knot.key_gen(ZONE, ksk="false", created="+0", publish="+0", active="+
 KSR = knot.keydir + "/ksr"
 SKR = knot.keydir + "/skr"
 Keymgr.run_check(knot.confile, ZONE, "pregenerate", "+" + str(FUTURE))
-_, out, _ = Keymgr.run_check(knot.confile, ZONE, "generate-ksr", "+" + str(FUTURE))
+_, out, _ = Keymgr.run_check(knot.confile, ZONE, "generate-ksr", "+0", "+" + str(FUTURE))
 writef(KSR, out)
 _, out, _ = Keymgr.run_check(signer.confile, ZONE, "sign-ksr", KSR)
 writef(SKR, out)