1 /* SPDX-License-Identifier: LGPL-2.1-or-later */ 2 #pragma once 3 4 typedef struct DnsTrustAnchor DnsTrustAnchor; 5 6 #include "hashmap.h" 7 #include "resolved-dns-answer.h" 8 #include "resolved-dns-rr.h" 9 10 /* This contains a fixed database mapping domain names to DS or DNSKEY records. */ 11 12 struct DnsTrustAnchor { 13 Hashmap *positive_by_key; 14 Set *negative_by_name; 15 Set *revoked_by_rr; 16 }; 17 18 int dns_trust_anchor_load(DnsTrustAnchor *d); 19 void dns_trust_anchor_flush(DnsTrustAnchor *d); 20 21 int dns_trust_anchor_lookup_positive(DnsTrustAnchor *d, const DnsResourceKey* key, DnsAnswer **answer); 22 int dns_trust_anchor_lookup_negative(DnsTrustAnchor *d, const char *name); 23 24 int dns_trust_anchor_check_revoked(DnsTrustAnchor *d, DnsResourceRecord *dnskey, DnsAnswer *rrs); 25 int dns_trust_anchor_is_revoked(DnsTrustAnchor *d, DnsResourceRecord *rr); 26