Skip to content
This repository has been archived by the owner on Jun 7, 2024. It is now read-only.

shoehorn hickory's on-the-fly signing into the NameServer<Signed> API #46

Draft
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

japaric
Copy link
Collaborator

@japaric japaric commented Mar 12, 2024

this implementation is super hacky. we should probably add a new type state, e.g. OnTheFlySigning, to support
runtime ("on-the-fly") signing of records, which only BIND and hickory implement

Base automatically changed from ja-hickory-name-server to ja-refactor-impl March 28, 2024 22:44
@japaric japaric changed the base branch from ja-refactor-impl to main April 23, 2024 09:55
japaric added 2 commits April 23, 2024 11:59
this implementation is super hacky. we should probably add a
new type state, e.g. `OnTheFlySigning`, to support
runtime ("on-the-fly") signing of records, which only BIND and hickory
implement
@japaric japaric force-pushed the ja-hickory-name-server-with-actual-signing branch from 463d93e to 4012b34 Compare April 23, 2024 10:02
// -2 = use SHA256 for the DS hash
let key2ds = format!("cd {ZONES_DIR} && ldns-key2ds -n -2 {ZONE_FILENAME}.signed");
let ds: DS = container.stdout(&["sh", "-c", &key2ds])?.parse()?;
let state = if is_hickory {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Imho this function is quite large, maybe to code in the conditional can be extracted, something like:

let state = if implementation.is_hickory {
    // automatic on-the-fly
    hickory_sign_zonefile(&container, &zone_file, zone.clone())?
} else {
    // manual ahead-of-time signing
    manual_sign_zonefile(&container, &zone_file, zone.clone())?
}

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants