|
 |
d76c96 |
INSERT INTO databaseVersion VALUES (NULL, 1, 1);
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** policy table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
INSERT INTO policy
|
|
|
d76c96 |
SELECT id, 1, name, description,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0, 0,
|
|
|
d76c96 |
86400, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0
|
|
|
d76c96 |
FROM REMOTE.policies;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesResign = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'resign');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesRefresh = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'refresh') ;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesJitter = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'jitter');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesInceptionOffset = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'clockskew');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesValidityDefault = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'valdefault');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET signaturesValidityDenial = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 1
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'valdenial');
|
|
|
d76c96 |
|
|
|
d76c96 |
--MaxZoneTTL default 86400
|
|
|
d76c96 |
|
|
|
d76c96 |
-- We need the following mapping 1.4 -> 2.0 for denialType
|
|
|
d76c96 |
-- 0 -> 1
|
|
|
d76c96 |
-- 3 -> 0
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialType = (
|
|
|
d76c96 |
SELECT (~value)&1
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'version');
|
|
|
d76c96 |
|
|
|
d76c96 |
-- I'm pretty sure this is not the correct way to do it. It is aweful but
|
|
|
d76c96 |
-- I can't figure it out how it would work for sqlite.
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialOptout = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'optout')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'optout');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialTtl = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttl')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttl');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialResalt = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'resalt')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'resalt');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialAlgorithm = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'algorithm')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'algorithm');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialIterations = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'iterations')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'iterations');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialSaltLength = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'saltlength')
|
|
|
d76c96 |
WHERE null != (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 2
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'saltlength');
|
|
|
d76c96 |
|
|
|
d76c96 |
-- clumsy salt update. salt is optional in 1.4 but required in 2.0
|
|
|
d76c96 |
-- sqlite is limited in what it can do in an update. I hope there is a
|
|
|
d76c96 |
-- better way for this?
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialSalt = (
|
|
|
d76c96 |
SELECT salt
|
|
|
d76c96 |
FROM REMOTE.policies
|
|
|
d76c96 |
WHERE REMOTE.policies.id = policy.id)
|
|
|
d76c96 |
WHERE (
|
|
|
d76c96 |
SELECT salt
|
|
|
d76c96 |
FROM REMOTE.policies
|
|
|
d76c96 |
WHERE REMOTE.policies.id = policy.id) != null;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET denialSaltLastChange = (
|
|
|
d76c96 |
SELECT salt_stamp
|
|
|
d76c96 |
FROM REMOTE.policies
|
|
|
d76c96 |
WHERE REMOTE.policies.id = policy.id)
|
|
|
d76c96 |
WHERE (
|
|
|
d76c96 |
SELECT salt_stamp
|
|
|
d76c96 |
FROM REMOTE.policies
|
|
|
d76c96 |
WHERE REMOTE.policies.id = policy.id) != null;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET keysTtl = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 5
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttl');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET keysRetireSafety = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 5
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'retiresafety');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET keysPublishSafety = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 5
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'publishsafety');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET keysShared = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 5
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'zones_share_keys');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET keysPurgeAfter = COALESCE((
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 5
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'purge'), 0);
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET zonePropagationDelay = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 7
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'propagationdelay');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET zoneSoaTtl = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 7
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttl');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET zoneSoaMinimum = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 7
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'min');
|
|
|
d76c96 |
|
|
|
d76c96 |
-- Temporary mapping table between 1.4 and 2.0 SOA serial strategy
|
|
|
d76c96 |
CREATE TABLE mapping (
|
|
|
d76c96 |
soa14 INTEGER,
|
|
|
d76c96 |
soa20 INTEGER
|
|
|
d76c96 |
);
|
|
|
d76c96 |
INSERT INTO mapping SELECT 1, 2;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 2, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 3, 1;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 4, 3;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET zoneSoaSerial = (
|
|
|
d76c96 |
SELECT mapping.soa20
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
INNER JOIN mapping
|
|
|
d76c96 |
ON REMOTE.parameters_policies.value = mapping.soa14
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 7
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'serial');
|
|
|
d76c96 |
|
|
|
d76c96 |
DROP TABLE mapping;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- parentRegistrationDelay = 0 on 1.4
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET parentPropagationDelay = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 8
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'propagationdelay');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET parentDsTtl = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 8
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttlds');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET parentSoaTtl = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 8
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'ttl');
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policy
|
|
|
d76c96 |
SET parentSoaMinimum = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policy.id
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 8
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'min');
|
|
|
d76c96 |
|
|
|
d76c96 |
-- passthrough = 0
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** policyKey table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ** For each policy in 1.4 add two keys: KSK and ZSK
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
-- Insert each KSK
|
|
|
d76c96 |
INSERT INTO policyKey
|
|
|
d76c96 |
SELECT null, 1, id,
|
|
|
d76c96 |
1, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 4
|
|
|
d76c96 |
FROM REMOTE.policies;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- Insert each ZSK
|
|
|
d76c96 |
INSERT INTO policyKey
|
|
|
d76c96 |
SELECT null, 1, id,
|
|
|
d76c96 |
2, 0, 0,
|
|
|
d76c96 |
0, 0, 0,
|
|
|
d76c96 |
0, 0, 1
|
|
|
d76c96 |
FROM REMOTE.policies;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET algorithm = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'algorithm')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET algorithm = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'algorithm')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET bits = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'bits')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET bits = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'bits')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET lifetime = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'lifetime')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET lifetime = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'lifetime')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET repository = (
|
|
|
d76c96 |
SELECT REMOTE.securitymodules.name
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
INNER JOIN REMOTE.securitymodules
|
|
|
d76c96 |
ON REMOTE.parameters_policies.value = REMOTE.securitymodules.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'repository')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET repository = (
|
|
|
d76c96 |
SELECT REMOTE.securitymodules.name
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
INNER JOIN REMOTE.securitymodules
|
|
|
d76c96 |
ON REMOTE.parameters_policies.value = REMOTE.securitymodules.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'repository')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET standby = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'standby')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET standby = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'standby')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET manualRollover = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 3
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'manual_rollover')
|
|
|
d76c96 |
WHERE policyKey.role = 1;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE policyKey
|
|
|
d76c96 |
SET manualRollover = (
|
|
|
d76c96 |
SELECT value
|
|
|
d76c96 |
FROM REMOTE.parameters_policies
|
|
|
d76c96 |
INNER JOIN REMOTE.parameters
|
|
|
d76c96 |
ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
|
|
|
d76c96 |
WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
|
|
|
d76c96 |
AND REMOTE.parameters.category_id = 4
|
|
|
d76c96 |
AND REMOTE.parameters.name = 'manual_rollover')
|
|
|
d76c96 |
WHERE policyKey.role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- rfc5011 = 0. 2.0 has no support
|
|
|
d76c96 |
-- minimize already set
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** hsmKey table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ** get from keypairs and dnsseckeys
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
INSERT INTO hsmKey
|
|
|
d76c96 |
SELECT DISTINCT REMOTE.keypairs.id, 1, REMOTE.keypairs.policy_id,
|
|
|
d76c96 |
REMOTE.keypairs.HSMkey_id, 2, REMOTE.keypairs.size,
|
|
|
d76c96 |
REMOTE.keypairs.algorithm, (~(REMOTE.dnsseckeys.keytype)&1)+1,
|
|
|
d76c96 |
CASE WHEN REMOTE.keypairs.generate IS NOT NULL THEN
|
|
|
d76c96 |
strftime('%s', REMOTE.keypairs.generate)
|
|
|
d76c96 |
ELSE strftime("%s", "now") END,
|
|
|
d76c96 |
0,
|
|
|
d76c96 |
1, --only RSA supported
|
|
|
d76c96 |
REMOTE.securitymodules.name,
|
|
|
d76c96 |
0 --assume no backup
|
|
|
d76c96 |
FROM REMOTE.keypairs
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.keypairs.id = REMOTE.dnsseckeys.keypair_id
|
|
|
d76c96 |
JOIN REMOTE.securitymodules
|
|
|
d76c96 |
ON REMOTE.securitymodules.id = REMOTE.keypairs.securitymodule_id;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- For some policies put the keys in a shared state
|
|
|
d76c96 |
UPDATE hsmKey
|
|
|
d76c96 |
SET state = 3
|
|
|
d76c96 |
WHERE EXISTS
|
|
|
d76c96 |
(SELECT * FROM hsmKey AS h
|
|
|
d76c96 |
JOIN policy ON policy.id = h.policyId
|
|
|
d76c96 |
WHERE policy.keysShared AND hsmKey.id = h.id);
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** zone table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
INSERT INTO zone
|
|
|
d76c96 |
SELECT zones.id, 1, zones.policy_id,
|
|
|
d76c96 |
zones.name, 1, zones.signconf, 0,
|
|
|
d76c96 |
0,0,0,
|
|
|
d76c96 |
0,0,0,
|
|
|
d76c96 |
zones.in_type, zones.input,
|
|
|
d76c96 |
zones.out_type, zones.output,
|
|
|
d76c96 |
0,0,0
|
|
|
d76c96 |
FROM REMOTE.zones;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** keyData table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
-- Temporary mapping table between 1.4 states and 2.0 ds_at_parent states
|
|
|
d76c96 |
-- We are ignoring the fact this may set a DS state for a ZSK; We don't care
|
|
|
d76c96 |
CREATE TABLE mapping (
|
|
|
d76c96 |
state INTEGER,
|
|
|
d76c96 |
ds_state INTEGER
|
|
|
d76c96 |
);
|
|
|
d76c96 |
INSERT INTO mapping SELECT 1, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 2, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 3, 1;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 4, 3;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 5, 5;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 6, 5;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 7, 5;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 8, 5;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 9, 5;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 10, 5;
|
|
|
d76c96 |
|
|
|
d76c96 |
INSERT INTO keyData
|
|
|
d76c96 |
SELECT
|
|
|
d76c96 |
NULL, 1, REMOTE.dnsseckeys.zone_id,
|
|
|
d76c96 |
REMOTE.dnsseckeys.keypair_id, REMOTE.keypairs.algorithm,
|
|
|
d76c96 |
CASE WHEN REMOTE.dnsseckeys.publish IS NOT NULL THEN
|
|
|
d76c96 |
strftime('%s', REMOTE.dnsseckeys.publish)
|
|
|
d76c96 |
ELSE strftime("%s", "now") END,
|
|
|
d76c96 |
(~REMOTE.dnsseckeys.keytype&1)+1,
|
|
|
d76c96 |
REMOTE.dnsseckeys.state <= 4, -- introducing
|
|
|
d76c96 |
0, -- should revoke, not used
|
|
|
d76c96 |
0, -- standby
|
|
|
d76c96 |
REMOTE.dnsseckeys.state = 4 AND REMOTE.dnsseckeys.keytype = 256, --activeZSK:
|
|
|
d76c96 |
REMOTE.dnsseckeys.state >= 2 AND REMOTE.dnsseckeys.state <= 5, --publish
|
|
|
d76c96 |
REMOTE.dnsseckeys.state = 4 AND REMOTE.dnsseckeys.keytype = 257, --activeKSK:
|
|
|
d76c96 |
mapping.ds_state, --dsatparent
|
|
|
d76c96 |
1<<16, --keytag (crap, will 2.0 regenerate this?)
|
|
|
d76c96 |
(REMOTE.dnsseckeys.keytype&1)*3+1 --minimize
|
|
|
d76c96 |
FROM REMOTE.dnsseckeys
|
|
|
d76c96 |
JOIN REMOTE.keypairs
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = REMOTE.keypairs.id
|
|
|
d76c96 |
JOIN mapping
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.state = mapping.state
|
|
|
d76c96 |
WHERE EXISTS(select REMOTE.zones.id FROM REMOTE.zones WHERE REMOTE.zones.id = REMOTE.dnsseckeys.zone_id);
|
|
|
d76c96 |
|
|
|
d76c96 |
-- Everything that is just a ZSK must not have dsatparent set.
|
|
|
d76c96 |
UPDATE keyData
|
|
|
d76c96 |
SET dsatparent = 0
|
|
|
d76c96 |
WHERE role = 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
DROP TABLE mapping;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- If a active time is set for a ready KSK dsAtParent is submitted
|
|
|
d76c96 |
-- instead of submit
|
|
|
d76c96 |
UPDATE keyData
|
|
|
d76c96 |
SET dsatparent = 2
|
|
|
d76c96 |
WHERE keyData.dsAtParent = 1 AND keyData.id IN (
|
|
|
d76c96 |
SELECT keyData.id
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
WHERE REMOTE.dnsseckeys.active IS NOT NULL);
|
|
|
d76c96 |
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
-- ~ ** Keystate table
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ **
|
|
|
d76c96 |
-- ~ ************
|
|
|
d76c96 |
|
|
|
d76c96 |
CREATE TABLE mapping (
|
|
|
d76c96 |
state INTEGER,
|
|
|
d76c96 |
ds INTEGER,
|
|
|
d76c96 |
dk INTEGER,
|
|
|
d76c96 |
ks INTEGER,
|
|
|
d76c96 |
rs INTEGER
|
|
|
d76c96 |
);
|
|
|
d76c96 |
INSERT INTO mapping SELECT 1, 0, 0, 0, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 2, 0, 1, 1, 1;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 3, 0, 2, 2, 1;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 4, 2, 2, 2, 1;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 5, 3, 2, 2, 3;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 6, 0, 3, 3, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 7, 3, 0, 0, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 8, 3, 0, 0, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 9, 3, 0, 0, 0;
|
|
|
d76c96 |
INSERT INTO mapping SELECT 10, 3, 0, 0, 0;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- DS RECORDS
|
|
|
d76c96 |
INSERT INTO keyState
|
|
|
d76c96 |
SELECT NULL, 1, keyData.id, 0, mapping.ds, strftime("%s", "now"), (keyData.minimize>>2)&1, policy.parentDsTtl
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN zone
|
|
|
d76c96 |
ON zone.id = keyData.zoneId
|
|
|
d76c96 |
JOIN policy
|
|
|
d76c96 |
ON policy.id = zone.policyId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
JOIN mapping
|
|
|
d76c96 |
ON mapping.state = REMOTE.dnsseckeys.state;
|
|
|
d76c96 |
|
|
|
d76c96 |
UPDATE keyState
|
|
|
d76c96 |
SET state = 1
|
|
|
d76c96 |
WHERE keyState.state = 0 AND keyState.type = 0 AND keyState.id IN (
|
|
|
d76c96 |
SELECT keyState.id
|
|
|
d76c96 |
FROM keyState
|
|
|
d76c96 |
JOIN keyData
|
|
|
d76c96 |
ON keyData.id = keyState.keydataId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
WHERE REMOTE.dnsseckeys.active IS NOT NULL);
|
|
|
d76c96 |
|
|
|
d76c96 |
-- DNSKEY RECORDS
|
|
|
d76c96 |
INSERT INTO keyState
|
|
|
d76c96 |
SELECT NULL, 1, keyData.id, 2, mapping.dk, strftime("%s", "now"), (keyData.minimize>>1)&1, policy.keysTtl
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN zone
|
|
|
d76c96 |
ON zone.id = keyData.zoneId
|
|
|
d76c96 |
JOIN policy
|
|
|
d76c96 |
ON policy.id = zone.policyId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
JOIN mapping
|
|
|
d76c96 |
ON mapping.state = REMOTE.dnsseckeys.state;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- RRSIG DNSKEY RECORDS
|
|
|
d76c96 |
INSERT INTO keyState
|
|
|
d76c96 |
SELECT NULL, 1, keyData.id, 3, mapping.ks, strftime("%s", "now"), (keyData.minimize>>1)&1, policy.keysTtl
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN zone
|
|
|
d76c96 |
ON zone.id = keyData.zoneId
|
|
|
d76c96 |
JOIN policy
|
|
|
d76c96 |
ON policy.id = zone.policyId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
JOIN mapping
|
|
|
d76c96 |
ON mapping.state = REMOTE.dnsseckeys.state;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- RRSIG RECORDS
|
|
|
d76c96 |
INSERT INTO keyState
|
|
|
d76c96 |
SELECT NULL, 1, keyData.id, 1, mapping.rs, strftime("%s", "now"), (keyData.minimize>>0)&1, policy.signaturesMaxZoneTtl
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN zone
|
|
|
d76c96 |
ON zone.id = keyData.zoneId
|
|
|
d76c96 |
JOIN policy
|
|
|
d76c96 |
ON policy.id = zone.policyId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
JOIN mapping
|
|
|
d76c96 |
ON mapping.state = REMOTE.dnsseckeys.state;
|
|
|
d76c96 |
|
|
|
d76c96 |
--Set to OMN if Tactive + Dttl < Tnow
|
|
|
d76c96 |
UPDATE keyState
|
|
|
d76c96 |
SET state = 2
|
|
|
d76c96 |
WHERE keyState.state = 1 AND keyState.type = 1 AND keyState.id IN (
|
|
|
d76c96 |
SELECT keyState.id
|
|
|
d76c96 |
FROM keyState
|
|
|
d76c96 |
JOIN keyData
|
|
|
d76c96 |
ON keyData.id = keyState.keydataId
|
|
|
d76c96 |
JOIN REMOTE.dnsseckeys
|
|
|
d76c96 |
ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
|
|
|
d76c96 |
JOIN zone
|
|
|
d76c96 |
ON keyData.zoneId = zone.id
|
|
|
d76c96 |
JOIN policy
|
|
|
d76c96 |
ON policy.id = zone.policyId
|
|
|
d76c96 |
WHERE CAST(strftime("%s", REMOTE.dnsseckeys.active) + policy.signaturesValidityDefault as INTEGER) < strftime("%s", "now"));
|
|
|
d76c96 |
|
|
|
d76c96 |
--Force the RRSIG state in omnipresent if rumoured and there is no old ZSK
|
|
|
d76c96 |
-- unretentive
|
|
|
d76c96 |
UPDATE keyState
|
|
|
d76c96 |
SET state = 2
|
|
|
d76c96 |
WHERE keyState.id IN (
|
|
|
d76c96 |
SELECT rs.id FROM keyState AS rs
|
|
|
d76c96 |
JOIN keystate AS dk ON dk.keyDataId == rs.keyDataId
|
|
|
d76c96 |
WHERE rs.type == 1 AND dk.type == 2 AND rs.state == 1 AND dk.state == 2
|
|
|
d76c96 |
AND NOT EXISTS(
|
|
|
d76c96 |
SELECT* FROM keystate AS rs2
|
|
|
d76c96 |
JOIN keystate AS dk2 ON dk2.keyDataId == rs2.keyDataId
|
|
|
d76c96 |
WHERE rs2.type == 1 AND dk2.type == 2 AND rs2.state == 3 AND dk2.state == 2
|
|
|
d76c96 |
));
|
|
|
d76c96 |
|
|
|
d76c96 |
DROP TABLE mapping;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- We need to create records in the keydependency table in case we are in a
|
|
|
d76c96 |
-- rollover. Only done for ZSK. For every introducing ZSK with RRSIG rumoured
|
|
|
d76c96 |
-- that has an outroducing ZSK with RRSIG unretentive, we add a record.
|
|
|
d76c96 |
INSERT INTO keyDependency
|
|
|
d76c96 |
SELECT NULL, 0, keyData.zoneID, SUB.IDout, keyData.id, 1
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN keyState AS KS1
|
|
|
d76c96 |
ON KS1.keyDataId == keyData.id
|
|
|
d76c96 |
JOIN keyState AS KS2
|
|
|
d76c96 |
ON KS2.keyDataId == keyData.id
|
|
|
d76c96 |
JOIN (
|
|
|
d76c96 |
SELECT keyData.id AS IDout, keyData.zoneID
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
JOIN keyState AS KS1
|
|
|
d76c96 |
ON KS1.keyDataId == keyData.id
|
|
|
d76c96 |
JOIN keyState AS KS2
|
|
|
d76c96 |
ON KS2.keyDataId == keyData.id
|
|
|
d76c96 |
WHERE KS1.type == 2
|
|
|
d76c96 |
AND ks1.state = 2
|
|
|
d76c96 |
AND KS2.type == 1
|
|
|
d76c96 |
AND KS2.state == 3
|
|
|
d76c96 |
AND keyData.introducing == 0
|
|
|
d76c96 |
AND keyData.role == 2
|
|
|
d76c96 |
) AS SUB
|
|
|
d76c96 |
ON SUB.zoneId == keyData.zoneId
|
|
|
d76c96 |
WHERE
|
|
|
d76c96 |
KS1.type == 2
|
|
|
d76c96 |
AND ks1.state = 2
|
|
|
d76c96 |
AND KS2.type == 1
|
|
|
d76c96 |
AND KS2.state == 1
|
|
|
d76c96 |
AND keyData.introducing == 1
|
|
|
d76c96 |
AND keyData.role == 2;
|
|
|
d76c96 |
|
|
|
d76c96 |
-- ZSK
|
|
|
d76c96 |
UPDATE keyState
|
|
|
d76c96 |
SET state = 4
|
|
|
d76c96 |
WHERE (keyState.type = 0 OR keyState.type = 3) AND keyDataId IN (
|
|
|
d76c96 |
SELECT keyData.id
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
WHERE keyData.role = 2);
|
|
|
d76c96 |
|
|
|
d76c96 |
--KSK
|
|
|
d76c96 |
UPDATE keyState
|
|
|
d76c96 |
SET state = 4
|
|
|
d76c96 |
WHERE keyState.type = 1 AND keyDataId IN (
|
|
|
d76c96 |
SELECT keyData.id
|
|
|
d76c96 |
FROM keyData
|
|
|
d76c96 |
WHERE keyData.role = 1);
|
|
|
d76c96 |
|
|
|
d76c96 |
-- For rpm based systems to see if db was migrated already. store opendnssec major minor version
|
|
|
d76c96 |
CREATE TABLE rpm_migration (
|
|
|
d76c96 |
major INTEGER,
|
|
|
d76c96 |
minor INTEGER
|
|
|
d76c96 |
);
|
|
|
d76c96 |
INSERT INTO rpm_migration VALUES(2, 1);
|
|
|
d76c96 |
|