1 /* Copyright (C) 2015-2017 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz> 2 * SPDX-License-Identifier: GPL-3.0-or-later 3 */ 4 5 #pragma once 6 7 #include "lib/defines.h" 8 #include "lib/generic/map.h" 9 #include <libknot/rrset.h> 10 11 /** 12 * Find TA RRSet by name. 13 * @param trust_anchors trust store 14 * @param name name of the TA 15 * @return non-empty RRSet or NULL 16 */ 17 KR_EXPORT 18 knot_rrset_t *kr_ta_get(map_t *trust_anchors, const knot_dname_t *name); 19 20 /** 21 * Add TA to trust store. DS or DNSKEY types are supported. 22 * @param trust_anchors trust store 23 * @param name name of the TA 24 * @param type RR type of the TA (DS or DNSKEY) 25 * @param ttl 26 * @param rdata 27 * @param rdlen 28 * @return 0 or an error 29 */ 30 KR_EXPORT 31 int kr_ta_add(map_t *trust_anchors, const knot_dname_t *name, uint16_t type, 32 uint32_t ttl, const uint8_t *rdata, uint16_t rdlen); 33 34 struct kr_context; 35 36 /** 37 * Return pointer to the name of the closest positive trust anchor or NULL. 38 * 39 * "Closest" means on path towards root. Closer negative anchor results into NULL. 40 * @param type serves as a shorthand because DS needs to start one level higher. 41 */ 42 KR_PURE 43 const knot_dname_t * kr_ta_closest(const struct kr_context *ctx, const knot_dname_t *name, 44 const uint16_t type); 45 46 /** 47 * Remove TA from trust store. 48 * @param trust_anchors trust store 49 * @param name name of the TA 50 * @return 0 or an error 51 */ 52 KR_EXPORT 53 int kr_ta_del(map_t *trust_anchors, const knot_dname_t *name); 54 55 /** 56 * Clear trust store. 57 * @param trust_anchors trust store 58 */ 59 KR_EXPORT 60 void kr_ta_clear(map_t *trust_anchors); 61 62