38 static const char* hsm_str =
"hsm";
48 int result = hsm_open(filename, hsm_check_pin);
49 if (result != HSM_OK) {
50 char* error = hsm_get_error(NULL);
55 ods_log_crit(
"[%s] error opening libhsm (errno %i)", hsm_str,
60 ods_log_info(
"[%s] libhsm connection opened succesfully", hsm_str);
73 if (hsm_check_context(NULL) != HSM_OK) {
102 hsm_sign_params_free(key->
params);
117 if (hsm_check_context(NULL) != HSM_OK) {
141 if (!owner || !key_id) {
142 ods_log_error(
"[%s] unable to get key: missing required elements",
151 key_id->
params = hsm_sign_params_new();
153 key_id->
params->owner = ldns_rdf_clone(owner);
158 error = hsm_get_error(ctx);
162 }
else if (!retries) {
163 lhsm_clear_key_cache(key_id);
167 ods_log_error(
"[%s] unable to get key: create params for key %s "
177 error = hsm_get_error(ctx);
181 }
else if (!retries) {
182 lhsm_clear_key_cache(key_id);
187 ods_log_error(
"[%s] unable to get key: key %s not found", hsm_str,
196 error = hsm_get_error(ctx);
200 }
else if (!retries) {
201 lhsm_clear_key_cache(key_id);
205 ods_log_error(
"[%s] unable to get key: hsm failed to create dnskey",
209 key_id->
params->keytag = ldns_calc_keytag(key_id->
dnskey);
220 ldns_rdf* owner, time_t inception, time_t expiration)
224 ldns_rr* result = NULL;
225 hsm_sign_params_t* params = NULL;
228 if (!owner || !key_id || !rrset || !inception || !expiration) {
229 ods_log_error(
"[%s] unable to sign: missing required elements",
240 error = hsm_get_error(ctx);
244 }
else if (!retries) {
245 lhsm_clear_key_cache(key_id);
247 goto lhsm_sign_start;
249 ods_log_error(
"[%s] unable to sign: get key failed", hsm_str);
257 params = hsm_sign_params_new();
258 params->owner = ldns_rdf_clone(key_id->
params->owner);
260 params->flags = key_id->
flags;
261 params->inception = inception;
262 params->expiration = expiration;
263 params->keytag = ldns_calc_keytag(key_id->
dnskey);
265 ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
267 result = hsm_sign_rrset(ctx, rrset, key_id->
hsmkey, params);
268 hsm_sign_params_free(params);
270 error = hsm_get_error(ctx);
274 }
else if (!retries) {
275 lhsm_clear_key_cache(key_id);
277 goto lhsm_sign_start;
279 ods_log_crit(
"[%s] error signing rrset with libhsm", hsm_str);
const char * cfg_filename
void engine_stop_drudgers(engine_type *engine)
void ods_log_debug(const char *format,...)
void lhsm_check_connection(void *engine)
ldns_rr * lhsm_sign(hsm_ctx_t *ctx, ldns_rr_list *rrset, key_type *key_id, ldns_rdf *owner, time_t inception, time_t expiration)
void ods_log_info(const char *format,...)
enum ods_enum_status ods_status
void ods_log_error(const char *format,...)
void engine_start_drudgers(engine_type *engine)
void ods_log_crit(const char *format,...)
engineconfig_type * config
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
int lhsm_reopen(const char *filename)
hsm_sign_params_t * params
void ods_log_deeebug(const char *format,...)
#define ods_log_assert(x)
void ods_log_warning(const char *format,...)
int lhsm_open(const char *filename)