Fix issue 14 (#15)

handle duplicate key tags, gen duplicate key tags, other minor cleanup
2024-03-25 00:38:47 -04:00
parent 5fef1dcf24
commit 6118ae718e
10 changed files with 119 additions and 54 deletions
--- a/src/main/java/com/verisignlabs/dnssec/cl/CLBase.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/CLBase.java
@@ -101,8 +101,8 @@ public abstract class CLBase {
      opts.addOption("m", "multiline", false,
          "Output DNS records using 'multiline' format");

-      opts.addOption(Option.builder("v").longOpt("verbose").argName("level").optionalArg(true).desc(
-          "verbosity level -- 0 is silence, 3 is info, 5 is debug information, 6 is trace information. default is level 2 (warning)")
+      opts.addOption(Option.builder("v").longOpt("verbose").argName("level").hasArg().desc(
+          "verbosity level -- 0: silence, 1: error, 2: warning, 3: info, 4/5: fine, 6: finest; default: 2 (warning)")
          .build());

      opts.addOption(Option.builder("A").hasArg().argName("alias:original:mnemonic").longOpt("alg-alias")
--- a/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/KeyGen.java
@@ -53,6 +53,7 @@ public class KeyGen extends CLBase {
    public boolean kskFlag = false;
    public String owner = null;
    public long ttl = 86400;
+    public int givenKeyTag = -1;

    public CLIState() {
      super("jdnssec-keygen [..options..] name");
@@ -87,6 +88,8 @@ public class KeyGen extends CLBase {
          .desc("generated keyfiles are written to this directory").build());
      opts.addOption(Option.builder("T").hasArg().argName("ttl").longOpt("ttl")
          .desc("use this TTL for the generated DNSKEY records (default: 86400").build());
+      opts.addOption(Option.builder().hasArg().argName("tag").longOpt("with-tag")
+          .desc("Generate keys until tag is the given value.").build());

    }

@@ -133,6 +136,10 @@ public class KeyGen extends CLBase {
        ttl = parseInt(optstr, 86400);
      }

+      if ((optstr = cli.getOptionValue("with-tag")) != null) {
+        givenKeyTag = parseInt(optstr, -1);
+      }
+
      String[] args = cli.getArgs();

      if (args.length < 1) {
@@ -169,11 +176,12 @@ public class KeyGen extends CLBase {

    // Calculate our flags
    int flags = 0;
-    if (state.zoneKey)
+    if (state.zoneKey) {
      flags |= DNSKEYRecord.Flags.ZONE_KEY;
-    if (state.kskFlag)
+    }
+    if (state.kskFlag) {
      flags |= DNSKEYRecord.Flags.SEP_KEY;
-
+    }
    log.fine("create key pair with (name = " + ownerName + ", ttl = " + state.ttl
        + ", alg = " + state.algorithm + ", flags = " + flags + ", length = "
        + state.keylength + ")");
@@ -182,6 +190,12 @@ public class KeyGen extends CLBase {
        state.algorithm, flags, state.keylength,
        state.useLargeE);

+    // If we were asked to generate a duplicate keytag, keep trying until we get one
+    while (state.givenKeyTag >= 0 && pair.getDNSKEYFootprint() != state.givenKeyTag) {
+      pair = signer.generateKey(ownerName, state.ttl, DClass.IN, state.algorithm, flags, state.keylength,
+          state.useLargeE);
+    }
+
    if (state.outputfile != null) {
      BINDKeyUtils.writeKeyFiles(state.outputfile, pair, state.keydir);
    } else {