[#3133] Checkpoint

Author: fxdupont

doc/examples/ddns/all-keys.json

@@ -138,6 +138,14 @@
 
             // Secret of the TSIG key (required) in base-64.
             "secret": "LSWXnfkKZjdPJI5QxlpnfQ=="
+        },
+        {
+            "name": "d2.sha1.key",
+            "algorithm": "HMAC-SHA1",
+
+            // An alternative to secret: specify a file where the secret
+            // can be found. i.e. the secret is the content of the file.
+            "secret-file": "/tmp/d2-sha1-secret"
         }
     ],
 

doc/examples/ddns/sample1.json

@@ -134,6 +134,11 @@
             "algorithm": "HMAC-SHA1",
             "secret": "hRrp29wzUv3uzSNRLlY68w=="
         },
+        {
+            "name": "d2.sha256.key",
+            "algorithm": "HMAC-SHA256",
+            "secret-file": "/tmp/d2-sha256-secret"
+        },
         {
             "name": "d2.sha512.key",
             "algorithm": "HMAC-SHA512",

doc/sphinx/arm/ddns.rst

@@ -408,6 +408,10 @@ Every entry in the list has three parameters:
    key. This value is case-sensitive and must exactly match the value
    specified on the DNS server(s). It is a base64-encoded text value.
 
+- ``secret-file`` - since Kea 2.5.8 a more secure alternative is supported:
+  specify a file name where the secret can be found, i.e. the base64-encoded
+  secret is the content of the file.
+
 As an example, suppose that a domain D2 will be updating is maintained
 by a BIND 9 DNS server, which requires dynamic updates to be secured
 with TSIG. Suppose further that the entry for the TSIG key in BIND 9's

src/bin/d2/tests/d2_simple_parser_unittest.cc

@@ -91,7 +91,7 @@ bool checkKey(TSIGKeyInfoPtr key, const std::string& name,
         (key->getName() == name) &&
         (key->getAlgorithm() == algorithm)  &&
         (key->getDigestbits() == digestbits) &&
-        (key->getSecret() ==  secret)  &&
+        (key->getSecret() == secret)  &&
         (key->getTSIGKey())));
 }
 
@@ -508,7 +508,7 @@ class DdnsDomainParserTest : public D2SimpleParserTest {
     void addKey(const std::string& name, const std::string& algorithm,
                 const std::string& secret) {
         TSIGKeyInfoPtr key_info(new TSIGKeyInfo(name, algorithm, secret));
-        (*keys_)[name]=key_info;
+        (*keys_)[name] = key_info;
     }
 
     /// @brief Adds DDNS Domain values to the given DDNS Domain element

src/bin/d2/tests/parser_unittest.cc

@@ -298,7 +298,7 @@ TEST(ParserTest, file) {
     configs.push_back("sample1.json");
     configs.push_back("template.json");
 
-    for (int i = 0; i<configs.size(); i++) {
+    for (size_t i = 0; i < configs.size(); ++i) {
         testFile(string(CFG_EXAMPLES) + "/" + configs[i]);
     }
 }

src/bin/d2/tests/testdata/get_config.json

@@ -92,6 +92,12 @@
                 "name": "d2.sha1.key",
                 "secret": "hRrp29wzUv3uzSNRLlY68w=="
             },
+            {
+                "algorithm": "HMAC-SHA256",
+                "digest-bits": 0,
+                "name": "d2.sha256.key",
+                "secret-file": "/tmp/d2-sha256-secret"
+            },
             {
                 "algorithm": "HMAC-SHA512",
                 "digest-bits": 256,