Blob Blame History Raw
INSERT INTO databaseVersion VALUES (NULL, 1, 1);

-- ~ ************
-- ~ ** policy table
-- ~ **
-- ~ **
-- ~ **
-- ~ **
-- ~ ************

INSERT INTO policy 
SELECT id, 1, name, description,
0, 0, 0,
0, 0, 0, 0,
86400, 0, 0,
0, 0, 0,
0, 0, 0,
0, 0, 0,
0, 0, 0,
0, 0, 0,
0, 0, 0,
0, 0, 0,
0
FROM REMOTE.policies;

UPDATE policy
SET signaturesResign = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'resign');

UPDATE policy
SET signaturesRefresh = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'refresh') ;

UPDATE policy
SET signaturesJitter = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'jitter');

UPDATE policy
SET signaturesInceptionOffset = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'clockskew');

UPDATE policy
SET signaturesValidityDefault = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'valdefault');

UPDATE policy
SET signaturesValidityDenial = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 1
		AND REMOTE.parameters.name = 'valdenial');

--MaxZoneTTL default 86400

-- We need the following mapping 1.4 -> 2.0 for denialType
-- 0 -> 1
-- 3 -> 0

UPDATE policy
SET denialType = (
	SELECT (~value)&1
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'version');

-- I'm pretty sure this is not the correct way to do it. It is aweful but
-- I can't figure it out how it would work for sqlite.
UPDATE policy
SET denialOptout = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'optout')
WHERE null !=  (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'optout');

UPDATE policy
SET denialTtl = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'ttl')
WHERE null != (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'ttl');

UPDATE policy
SET denialResalt = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'resalt')
WHERE null != (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'resalt');

UPDATE policy
SET denialAlgorithm = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'algorithm')
WHERE null != (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'algorithm');

UPDATE policy
SET denialIterations = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'iterations')
WHERE null != (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'iterations');

UPDATE policy
SET denialSaltLength = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'saltlength')
WHERE null != (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 2
		AND REMOTE.parameters.name = 'saltlength');

-- clumsy salt update. salt is optional in 1.4 but required in 2.0
-- sqlite is limited in what it can do in an update. I hope there is a
-- better way for this?

UPDATE policy
SET denialSalt = (
	SELECT salt
	FROM  REMOTE.policies
	WHERE REMOTE.policies.id = policy.id)
WHERE (
	SELECT salt
	FROM  REMOTE.policies
	WHERE REMOTE.policies.id = policy.id) != null;

UPDATE policy
SET denialSaltLastChange = (
	SELECT salt_stamp
	FROM  REMOTE.policies
	WHERE REMOTE.policies.id = policy.id)
WHERE (
	SELECT salt_stamp
	FROM  REMOTE.policies
	WHERE REMOTE.policies.id = policy.id) != null;

UPDATE policy
SET keysTtl = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 5
		AND REMOTE.parameters.name = 'ttl');

UPDATE policy
SET keysRetireSafety = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 5
		AND REMOTE.parameters.name = 'retiresafety');

UPDATE policy
SET keysPublishSafety = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 5
		AND REMOTE.parameters.name = 'publishsafety');

UPDATE policy
SET keysShared = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 5
		AND REMOTE.parameters.name = 'zones_share_keys');

UPDATE policy
SET keysPurgeAfter = COALESCE((
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 5
		AND REMOTE.parameters.name = 'purge'), 0);

UPDATE policy
SET zonePropagationDelay = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 7
		AND REMOTE.parameters.name = 'propagationdelay');

UPDATE policy
SET zoneSoaTtl = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 7
		AND REMOTE.parameters.name = 'ttl');

UPDATE policy
SET zoneSoaMinimum = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 7
		AND REMOTE.parameters.name = 'min');

-- Temporary mapping table between 1.4 and 2.0 SOA serial strategy
CREATE TABLE mapping (
	soa14 INTEGER,
	soa20 INTEGER
);
INSERT INTO mapping SELECT  1, 2;
INSERT INTO mapping SELECT  2, 0;
INSERT INTO mapping SELECT  3, 1;
INSERT INTO mapping SELECT  4, 3;

UPDATE policy
SET zoneSoaSerial = (
	SELECT mapping.soa20
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
        INNER JOIN mapping
        ON REMOTE.parameters_policies.value = mapping.soa14
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 7
		AND REMOTE.parameters.name = 'serial');

DROP TABLE mapping;

-- parentRegistrationDelay = 0 on 1.4

UPDATE policy
SET parentPropagationDelay = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 8
		AND REMOTE.parameters.name = 'propagationdelay');

UPDATE policy
SET parentDsTtl = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 8
		AND REMOTE.parameters.name = 'ttlds');

UPDATE policy
SET parentSoaTtl = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 8
		AND REMOTE.parameters.name = 'ttl');

UPDATE policy
SET parentSoaMinimum = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id 
	WHERE REMOTE.parameters_policies.policy_id = policy.id 
		AND REMOTE.parameters.category_id = 8
		AND REMOTE.parameters.name = 'min');

-- passthrough = 0

-- ~ ************
-- ~ ** policyKey table
-- ~ **
-- ~ ** For each policy in 1.4 add two keys: KSK and ZSK
-- ~ **
-- ~ **
-- ~ ************

-- Insert each KSK
INSERT INTO policyKey
SELECT null, 1, id,
		1, 0, 0,
		0, 0, 0,
		0, 0, 4
FROM REMOTE.policies;

-- Insert each ZSK
INSERT INTO policyKey
SELECT null, 1, id,
		2, 0, 0,
		0, 0, 0,
		0, 0, 1
FROM REMOTE.policies;

UPDATE policyKey
SET algorithm = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'algorithm')
WHERE policyKey.role = 1;

UPDATE policyKey
SET algorithm = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'algorithm')
WHERE policyKey.role = 2;

UPDATE policyKey
SET bits = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'bits')
WHERE policyKey.role = 1;

UPDATE policyKey
SET bits = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'bits')
WHERE policyKey.role = 2;

UPDATE policyKey
SET lifetime = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'lifetime')
WHERE policyKey.role = 1;

UPDATE policyKey
SET lifetime = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'lifetime')
WHERE policyKey.role = 2;

UPDATE policyKey
SET repository = (
	SELECT REMOTE.securitymodules.name
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	INNER JOIN REMOTE.securitymodules
	ON REMOTE.parameters_policies.value = REMOTE.securitymodules.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'repository')
WHERE policyKey.role = 1;

UPDATE policyKey
SET repository = (
	SELECT REMOTE.securitymodules.name
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	INNER JOIN REMOTE.securitymodules
	ON REMOTE.parameters_policies.value = REMOTE.securitymodules.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'repository')
WHERE policyKey.role = 2;

UPDATE policyKey
SET standby = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'standby')
WHERE policyKey.role = 1;

UPDATE policyKey
SET standby = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'standby')
WHERE policyKey.role = 2;

UPDATE policyKey
SET manualRollover = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 3
		AND REMOTE.parameters.name = 'manual_rollover')
WHERE policyKey.role = 1;

UPDATE policyKey
SET manualRollover = (
	SELECT value
	FROM  REMOTE.parameters_policies
	INNER JOIN REMOTE.parameters
	ON REMOTE.parameters_policies.parameter_id = REMOTE.parameters.id
	WHERE REMOTE.parameters_policies.policy_id = policyKey.policyId
		AND REMOTE.parameters.category_id = 4
		AND REMOTE.parameters.name = 'manual_rollover')
WHERE policyKey.role = 2;

-- rfc5011 = 0. 2.0 has no support
-- minimize already set

-- ~ ************
-- ~ ** hsmKey table
-- ~ **
-- ~ ** get from keypairs and dnsseckeys
-- ~ **
-- ~ **
-- ~ ************

INSERT INTO hsmKey
SELECT DISTINCT REMOTE.keypairs.id, 1, REMOTE.keypairs.policy_id,
REMOTE.keypairs.HSMkey_id, 2, REMOTE.keypairs.size, 
REMOTE.keypairs.algorithm,  (~(REMOTE.dnsseckeys.keytype)&1)+1, 
CASE WHEN REMOTE.keypairs.generate IS NOT NULL THEN 
	strftime('%s', REMOTE.keypairs.generate) 
	ELSE strftime("%s", "now") END, 
0, 
1, --only RSA supported
 REMOTE.securitymodules.name, 
0 --assume no backup 
FROM REMOTE.keypairs
JOIN REMOTE.dnsseckeys 
	ON REMOTE.keypairs.id = REMOTE.dnsseckeys.keypair_id
JOIN REMOTE.securitymodules 
	ON REMOTE.securitymodules.id = REMOTE.keypairs.securitymodule_id;

-- For some policies put the keys in a shared state
UPDATE hsmKey 
SET state = 3
WHERE EXISTS 
	(SELECT * FROM hsmKey AS h 
	JOIN policy ON policy.id = h.policyId 
	WHERE policy.keysShared AND hsmKey.id = h.id);

-- ~ ************
-- ~ ** zone table
-- ~ **
-- ~ ** 
-- ~ **
-- ~ **
-- ~ ************

INSERT INTO zone
SELECT zones.id, 1, zones.policy_id, 
	zones.name, 1, zones.signconf, 0,  
	0,0,0, 
	0,0,0,
	zones.in_type, zones.input,
	zones.out_type, zones.output,
	0,0,0
	FROM REMOTE.zones;

-- ~ ************
-- ~ ** keyData table
-- ~ **
-- ~ ** 
-- ~ **
-- ~ **
-- ~ ************

-- Temporary mapping table between 1.4 states and 2.0 ds_at_parent states
-- We are ignoring the fact this may set a DS state for a ZSK; We don't care
CREATE TABLE mapping (
	state INTEGER,
	ds_state INTEGER
);
INSERT INTO mapping SELECT  1, 0;
INSERT INTO mapping SELECT  2, 0;
INSERT INTO mapping SELECT  3, 1;
INSERT INTO mapping SELECT  4, 3;
INSERT INTO mapping SELECT  5, 5;
INSERT INTO mapping SELECT  6, 5;
INSERT INTO mapping SELECT  7, 5;
INSERT INTO mapping SELECT  8, 5;
INSERT INTO mapping SELECT  9, 5;
INSERT INTO mapping SELECT 10, 5;

INSERT INTO keyData
SELECT 
	NULL, 1, REMOTE.dnsseckeys.zone_id,
	REMOTE.dnsseckeys.keypair_id, REMOTE.keypairs.algorithm,
	CASE WHEN REMOTE.dnsseckeys.publish IS NOT NULL THEN 
		strftime('%s', REMOTE.dnsseckeys.publish) 
		ELSE strftime("%s", "now") END, 
	(~REMOTE.dnsseckeys.keytype&1)+1,
	REMOTE.dnsseckeys.state <= 4, -- introducing
	0, -- should revoke, not used
	0, -- standby
	REMOTE.dnsseckeys.state  = 4 AND REMOTE.dnsseckeys.keytype = 256, --activeZSK: 
	REMOTE.dnsseckeys.state >= 2 AND REMOTE.dnsseckeys.state <= 5, --publish
	REMOTE.dnsseckeys.state  = 4 AND REMOTE.dnsseckeys.keytype = 257, --activeKSK: 
	mapping.ds_state, --dsatparent
	1<<16, --keytag (crap, will 2.0 regenerate this?)
	(REMOTE.dnsseckeys.keytype&1)*3+1 --minimize
FROM REMOTE.dnsseckeys
JOIN REMOTE.keypairs 
	ON REMOTE.dnsseckeys.keypair_id = REMOTE.keypairs.id
JOIN mapping 
	ON REMOTE.dnsseckeys.state = mapping.state
WHERE EXISTS(select REMOTE.zones.id FROM REMOTE.zones WHERE REMOTE.zones.id = REMOTE.dnsseckeys.zone_id);

-- Everything that is just a ZSK must not have dsatparent set.
UPDATE keyData
SET dsatparent = 0
WHERE role = 2;

DROP TABLE mapping;

-- If a active time is set for a ready KSK dsAtParent is submitted 
-- instead of submit
UPDATE keyData
SET dsatparent = 2
WHERE keyData.dsAtParent = 1 AND keyData.id IN (
	SELECT keyData.id
	FROM keyData
	JOIN REMOTE.dnsseckeys
	ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
	WHERE REMOTE.dnsseckeys.active IS NOT NULL);


-- ~ ************
-- ~ ** Keystate table
-- ~ **
-- ~ ** 
-- ~ **
-- ~ **
-- ~ ************

CREATE TABLE mapping (
	state INTEGER,
	ds INTEGER,
	dk INTEGER,
	ks INTEGER,
	rs INTEGER
);
INSERT INTO mapping SELECT  1, 0, 0, 0, 0;
INSERT INTO mapping SELECT  2, 0, 1, 1, 1;
INSERT INTO mapping SELECT  3, 0, 2, 2, 1;
INSERT INTO mapping SELECT  4, 2, 2, 2, 1;
INSERT INTO mapping SELECT  5, 3, 2, 2, 3;
INSERT INTO mapping SELECT  6, 0, 3, 3, 0;
INSERT INTO mapping SELECT  7, 3, 0, 0, 0;
INSERT INTO mapping SELECT  8, 3, 0, 0, 0;
INSERT INTO mapping SELECT  9, 3, 0, 0, 0;
INSERT INTO mapping SELECT 10, 3, 0, 0, 0;

-- DS RECORDS
INSERT INTO keyState
SELECT NULL, 1, keyData.id, 0, mapping.ds, strftime("%s", "now"), (keyData.minimize>>2)&1, policy.parentDsTtl
FROM keyData
JOIN zone
	ON zone.id = keyData.zoneId
JOIN policy
	ON policy.id = zone.policyId
JOIN REMOTE.dnsseckeys
	ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
JOIN mapping
	ON mapping.state = REMOTE.dnsseckeys.state;

UPDATE keyState
SET state = 1
WHERE keyState.state = 0 AND keyState.type = 0 AND keyState.id IN (
	SELECT keyState.id
	FROM keyState
	JOIN keyData
		ON keyData.id = keyState.keydataId
	JOIN REMOTE.dnsseckeys
		ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
	WHERE REMOTE.dnsseckeys.active IS NOT NULL);

-- DNSKEY RECORDS
INSERT INTO keyState
SELECT NULL, 1, keyData.id, 2, mapping.dk, strftime("%s", "now"), (keyData.minimize>>1)&1, policy.keysTtl
FROM keyData
JOIN zone
	ON zone.id = keyData.zoneId
JOIN policy
	ON policy.id = zone.policyId
JOIN REMOTE.dnsseckeys
	ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
JOIN mapping
	ON mapping.state = REMOTE.dnsseckeys.state;

-- RRSIG DNSKEY RECORDS
INSERT INTO keyState
SELECT NULL, 1, keyData.id, 3, mapping.ks, strftime("%s", "now"), (keyData.minimize>>1)&1, policy.keysTtl
FROM keyData
JOIN zone
	ON zone.id = keyData.zoneId
JOIN policy
	ON policy.id = zone.policyId
JOIN REMOTE.dnsseckeys
	ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
JOIN mapping
	ON mapping.state = REMOTE.dnsseckeys.state;

-- RRSIG RECORDS
INSERT INTO keyState
SELECT NULL, 1, keyData.id, 1, mapping.rs, strftime("%s", "now"), (keyData.minimize>>0)&1, policy.signaturesMaxZoneTtl
FROM keyData
JOIN zone
	ON zone.id = keyData.zoneId
JOIN policy
	ON policy.id = zone.policyId
JOIN REMOTE.dnsseckeys
	ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
JOIN mapping
	ON mapping.state = REMOTE.dnsseckeys.state;

--Set to OMN if Tactive + Dttl < Tnow
UPDATE keyState
SET state = 2
WHERE keyState.state = 1 AND keyState.type = 1 AND keyState.id IN (
        SELECT keyState.id
        FROM keyState
        JOIN keyData
                ON keyData.id = keyState.keydataId
        JOIN REMOTE.dnsseckeys
                ON REMOTE.dnsseckeys.keypair_id = keyData.hsmkeyid
        JOIN zone
                ON keyData.zoneId = zone.id
        JOIN policy
                ON policy.id = zone.policyId
        WHERE CAST(strftime("%s", REMOTE.dnsseckeys.active) + policy.signaturesValidityDefault as INTEGER) < strftime("%s", "now"));

--Force the RRSIG state in omnipresent if rumoured and there is no old ZSK
-- unretentive
UPDATE keyState 
SET state = 2
WHERE keyState.id IN (
SELECT rs.id FROM keyState AS rs 
JOIN keystate AS dk ON dk.keyDataId == rs.keyDataId
WHERE rs.type == 1 AND dk.type == 2 AND rs.state == 1 AND dk.state == 2
AND NOT EXISTS(
	SELECT* FROM keystate AS rs2
	JOIN keystate AS dk2 ON dk2.keyDataId == rs2.keyDataId
	WHERE rs2.type == 1 AND dk2.type == 2 AND rs2.state == 3 AND dk2.state == 2
));

DROP TABLE mapping;

-- We need to create records in the keydependency table in case we are in a
-- rollover. Only done for ZSK. For every introducing ZSK with RRSIG rumoured
-- that has an outroducing ZSK with RRSIG unretentive, we add a record.
INSERT INTO keyDependency
SELECT NULL, 0, keyData.zoneID, SUB.IDout, keyData.id, 1
FROM keyData
JOIN keyState AS KS1 
	ON KS1.keyDataId == keyData.id
JOIN keyState AS KS2 
	ON KS2.keyDataId == keyData.id
JOIN (
	SELECT keyData.id AS IDout, keyData.zoneID 
	FROM keyData
	JOIN keyState AS KS1 
		ON KS1.keyDataId == keyData.id
	JOIN keyState AS KS2 
		ON KS2.keyDataId == keyData.id
	WHERE KS1.type == 2 
		AND ks1.state = 2 
		AND KS2.type == 1 
		AND KS2.state == 3
		AND keyData.introducing == 0 
		AND keyData.role == 2
) AS SUB
	ON SUB.zoneId == keyData.zoneId
WHERE 
	KS1.type == 2 
	AND ks1.state = 2 
	AND KS2.type == 1 
	AND KS2.state == 1
	AND keyData.introducing == 1 
	AND keyData.role == 2;

-- ZSK
UPDATE keyState
SET state = 4
WHERE (keyState.type = 0 OR keyState.type = 3) AND keyDataId IN (
	SELECT keyData.id
	FROM keyData
	WHERE keyData.role = 2);

--KSK
UPDATE keyState
SET state = 4
WHERE keyState.type = 1 AND keyDataId IN (
	SELECT keyData.id
	FROM keyData
	WHERE keyData.role = 1);

-- For rpm based systems to see if db was migrated already. store opendnssec major minor version
CREATE TABLE rpm_migration (
        major INTEGER,
        minor INTEGER
);
INSERT INTO rpm_migration VALUES(2, 1);