22#include <boost/lexical_cast.hpp>
64 key_name_(key_name), algorithm_name_(algorithm_name),
65 algorithm_(algorithm), digestbits_(digestbits),
73 algorithm_name_.downcase();
78 const void* secret,
size_t secret_len) :
80 key_name_(key_name), algorithm_name_(algorithm_name),
81 algorithm_(algorithm), digestbits_(digestbits),
82 secret_(static_cast<const uint8_t*>(secret),
83 static_cast<const uint8_t*>(secret) + secret_len)
90 algorithm_name_.downcase();
100 const void* secret,
size_t secret_len,
101 size_t digestbits ) : impl_(NULL) {
102 const HashAlgorithm algorithm = convertAlgorithmName(algorithm_name);
103 if ((secret != NULL && secret_len == 0) ||
104 (secret == NULL && secret_len != 0)) {
106 "TSIGKey secret and its length are inconsistent: " <<
107 key_name <<
":" << algorithm_name);
111 "TSIGKey with unknown algorithm has non empty secret: " <<
112 key_name <<
":" << algorithm_name);
114 if (secret == NULL) {
115 impl_ =
new TSIGKeyImpl(key_name, algorithm_name, algorithm,
118 impl_ =
new TSIGKeyImpl(key_name, algorithm_name, algorithm,
119 digestbits, secret, secret_len);
125 istringstream iss(str);
128 getline(iss, keyname_str,
':');
129 if (iss.fail() || iss.bad() || iss.eof()) {
134 getline(iss, secret_str,
':');
135 if (iss.fail() || iss.bad()) {
141 getline(iss, algo_str,
':');
143 if (iss.fail() || iss.bad()) {
149 getline(iss, dgstbt_str);
151 if (iss.fail() || iss.bad()) {
155 const Name algo_name(algo_str.empty() ?
"hmac-md5.sig-alg.reg.int" :
157 const HashAlgorithm algorithm = convertAlgorithmName(algo_name);
158 size_t digestbits = 0;
160 if (!dgstbt_str.empty()) {
161 digestbits = boost::lexical_cast<size_t>(dgstbt_str);
163 }
catch (
const boost::bad_lexical_cast&) {
165 "TSIG key with non-numeric digestbits: " << dgstbt_str);
168 vector<uint8_t> secret;
173 "TSIG key with unknown algorithm has non empty secret: "
177 if (secret.empty()) {
182 digestbits, &secret[0], secret.size());
197 if (
this == &source) {
239 return (impl_->
secret_.size());
245 const vector<uint8_t> secret_v(
static_cast<const uint8_t*
>(
getSecret()),
246 static_cast<const uint8_t*
>(
getSecret()) +
251 std::string dgstbt_str = boost::lexical_cast<std::string>(
static_cast<int>(digestbits));
262 static Name alg_name(
"hmac-md5.sig-alg.reg.int");
268 static Name alg_name(
"hmac-md5");
274 static Name alg_name(
"hmac-sha1");
280 static Name alg_name(
"hmac-sha256");
286 static Name alg_name(
"hmac-sha224");
292 static Name alg_name(
"hmac-sha384");
298 static Name alg_name(
"hmac-sha512");
304 static Name alg_name(
"gss-tsig");
323 return (impl_->
keys.size());
328 if (impl_->
keys.insert(
344 TSIGKeyRingImpl::TSIGKeyMap::const_iterator found =
345 impl_->
keys.find(key_name);
346 if (found == impl_->
keys.end()) {
354 TSIGKeyRingImpl::TSIGKeyMap::const_iterator found =
355 impl_->
keys.find(key_name);
356 if (found == impl_->
keys.end() ||
357 (*found).second.getAlgorithmName() != algorithm_name) {
This is a base class for exceptions thrown from the DNS library module.
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
A generic exception that is thrown if a parameter given to a method or function is considered invalid...
The Name class encapsulates DNS names.
~TSIGKeyRing()
The destructor.
unsigned int size() const
Return the number of keys stored in the TSIGKeyRing.
Result remove(const Name &key_name)
Remove a TSIGKey for the given name from the TSIGKeyRing.
TSIGKeyRing()
The default constructor.
Result add(const TSIGKey &key)
Add a TSIGKey to the TSIGKeyRing.
FindResult find(const Name &key_name) const
Find a TSIGKey for the given name in the TSIGKeyRing.
Result
Result codes of various public methods of TSIGKeyRing.
@ EXIST
A key is already stored in TSIGKeyRing.
@ NOTFOUND
The specified key is not found in TSIGKeyRing.
@ SUCCESS
The operation is successful.
static const Name & HMACMD5_NAME()
HMAC-MD5 (RFC2845)
static const Name & HMACSHA224_NAME()
HMAC-SHA256 (RFC4635)
const Name & getAlgorithmName() const
Return the algorithm name.
virtual ~TSIGKey()
The destructor.
static const Name & GSSTSIG_NAME()
GSS-TSIG (RFC3645)
size_t getDigestbits() const
Return the minimum truncated length.
static const Name & HMACSHA256_NAME()
HMAC-SHA256 (RFC4635)
TSIGKey & operator=(const TSIGKey &source)
Assignment operator.
isc::cryptolink::HashAlgorithm getAlgorithm() const
Return the hash algorithm name in the form of cryptolink::HashAlgorithm.
static const Name & HMACSHA1_NAME()
HMAC-SHA1 (RFC4635)
const Name & getKeyName() const
Return the key name.
static const Name & HMACMD5_SHORT_NAME()
static const Name & HMACSHA512_NAME()
HMAC-SHA256 (RFC4635)
TSIGKey(const Name &key_name, const Name &algorithm_name, const void *secret, size_t secret_len, size_t digestbits=0)
Constructor from key parameters.
static const Name & HMACSHA384_NAME()
HMAC-SHA256 (RFC4635)
std::string toText() const
Converts the TSIGKey to a string value.
size_t getSecretLength() const
Return the length of the TSIG secret in bytes.
const void * getSecret() const
Return the value of the TSIG secret.
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
HashAlgorithm
Hash algorithm identifiers.
@ UNKNOWN_HASH
This value can be used in conversion functions, to be returned when the input is unknown (but a value...
void decodeBase64(const std::string &input, std::vector< uint8_t > &result)
Decode a text encoded in the base64 format into the original data.
std::string encodeBase64(const std::vector< uint8_t > &binary)
Encode binary data in the base64 format.
Defines the logger used by the top-level component of kea-lfc.
A helper structure to represent the search result of TSIGKeyRing::find().
map< Name, TSIGKey > TSIGKeyMap
pair< Name, TSIGKey > NameAndKey
const isc::cryptolink::HashAlgorithm algorithm_
TSIGKeyImpl(const Name &key_name, const Name &algorithm_name, isc::cryptolink::HashAlgorithm algorithm, size_t digestbits, const void *secret, size_t secret_len)
TSIGKeyImpl(const Name &key_name, const Name &algorithm_name, isc::cryptolink::HashAlgorithm algorithm, size_t digestbits)
const vector< uint8_t > secret_