This file is indexed.

/usr/share/opendnssec/database_create.sqlite3 is in opendnssec-enforcer-sqlite3 1:1.4.3-3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
-- database_create - Create Database
--
-- Description:
--		This script creates the tables required for the KASP database.
--      Matches kaspimport.pl at 12/03/2009

-- Get rid of tables in reverse order

drop table if exists parameters_policies;
drop table if exists serialmodes;
drop table if exists parameters;
drop table if exists categories;
drop table if exists dnsseckeys;
drop table if exists zones;
drop table if exists keypairs;
drop table if exists securitymodules;
drop table if exists policies;
drop table if exists dbadmin;

-- Now for the tables that actually hold real data.

-- dbadmin - holds the version of the database
CREATE TABLE "dbadmin" (
    "version" INTEGER NOT NULL DEFAULT (1),
    "description" TEXT
);

insert into dbadmin values (3, "This needs to be in sync with the version defined in database.h");

-- security modules - store information about all the sms used
create table securitymodules (
  id            integer primary key autoincrement,    -- id for sm
  name          varchar(30) not null,  -- name of the sm
  capacity      mediumint not null,
  requirebackup tinyint default 1
);

-- categories - stores the possible categories (or uses) of parameters
create table categories (
  id            integer primary key autoincrement,    -- id for category_id
  name          varchar(30) not null  -- name of the category_id
);

-- parameters - stores the types of parameters available
create table parameters (
  id            integer primary key autoincrement,    -- id for parameters
  name          varchar(30) not null,  -- name of the parameter
  description   varchar(255), -- description of the paramter
  category_id         tinyint not null,      -- category_id of the parameter

  unique(name, category_id),
  foreign key (category_id) references categories (id)
);

create table serialmodes (
  id            integer primary key autoincrement,    -- id for serial mode
  name          varchar(30),  -- name of the serial mode
  description   varchar(255) -- description of the serial mode
);

-- policies - 
create table policies (
  id            integer primary key autoincrement,    -- id
  name          varchar(30) not null,  -- name of the policy
  description   varchar(255), -- description of the
  salt          varchar(512), -- value of the salt
  salt_stamp    varchar(64),  -- when the salt was generated
  audit         text, -- contents of <Audit>

  unique(name)
);

-- zones - stores the zones
create table zones(
  id            integer primary key autoincrement,    -- id
  name          varchar(300) not null ,  -- name of the parameter
  policy_id     mediumint not null,
  signconf      varchar(4096),  -- where is the signconf
  input         varchar(4096),  -- where is the input
  output        varchar(4096),  -- where is the output
  in_type       varchar(512),   -- input adapter type
  out_type      varchar(512),   -- output adapter type
  
  foreign key (policy_id) references policies (id)
);

-- stores the private key info
create table keypairs(
  id     integer primary key autoincrement,
  HSMkey_id  varchar(255) not null,
  algorithm     tinyint not null,             -- algorithm code
  size          smallint,
  securitymodule_id          tinyint,                      -- where the key is stored
  generate      varchar(64) null default null,  -- time key inserted into database
  policy_id        mediumint,
  compromisedflag tinyint,
  publickey     varchar(1024),                -- public key data
  pre_backup    varchar(64) null default null,  -- time when backup was started
  backup        varchar(64) null default null,  -- time when backup was finished
  fixedDate     tinyint default 0,            -- Set to 1 to stop dates from being set according to the policy timings        
  
  foreign key (securitymodule_id) references securitymodules (id),
  foreign key (policy_id) references policies (id)
);

-- stores meta data about keys (actual keys are in a (soft)hsm)
create table dnsseckeys (
  id            integer primary key autoincrement,  -- unique id of the key
  keypair_id    smallint,
  zone_id        mediumint,
  keytype       smallint not null,             -- zsk or ksk (use code in dnskey record)
  state         tinyint,                      -- state of the key (defines valid fields)
  publish       varchar(64) null default null,  -- time when key published into the zone
  ready         varchar(64) null default null,  -- time when the key is ready for use
  active        varchar(64) null default null,  -- time when the key was made active
  retire        varchar(64) null default null,  -- time when the key retires
  dead          varchar(64) null default null,  -- time when key is slated for removal

  foreign key (keypair_id) references keypairs (id)
);

-- parameters_policies - join table to hold the values of parameters
create table parameters_policies (
  id            integer primary key autoincrement,    -- id
        parameter_id mediumint not null,
        policy_id mediumint not null,
        value int,                                -- integer value of this key
        foreign key (parameter_id) references parameters (id),
        foreign key (policy_id) references policies (id)
);

-- The VIEWS
drop view if exists PARAMETER_VIEW;

create view PARAMETER_VIEW as
select p.name as name, c.name as category, pp.parameter_id as parameter_id, 
    pp.value as value, pp.policy_id as policy_id 
from parameters_policies pp, parameters p, categories c
where pp.parameter_id = p.id
and p.category_id = c.id;

drop view if exists PARAMETER_LIST;
create view PARAMETER_LIST as
select p.name as name, c.name as category, p.id as parameter_id
from parameters p, categories c
where p.category_id = c.id;

drop view if exists KEYDATA_VIEW;
create view KEYDATA_VIEW as
select k.id as id, d.state as state, k.generate as generate, d.publish as publish,
    d.ready as ready, d.active as active, d.retire as retire, d.dead as dead, 
    d.keytype as keytype, k.algorithm as algorithm, k.HSMkey_id as location,
    d.zone_id as zone_id, k.policy_id as policy_id, 
    k.securitymodule_id as securitymodule_id, k.size as size,
    k.compromisedflag as compromisedflag,
    k.fixedDate as fixedDate
from  keypairs k left outer join dnsseckeys d
on k.id = d.keypair_id;

drop view if exists KEYALLOC_VIEW;
create view KEYALLOC_VIEW as
select v.id as id, location, algorithm, policy_id, securitymodule_id, size, compromisedflag, d.zone_id as zone_id from
(select k.id as id, k.HSMkey_id as location, z.id as zone_id, k.algorithm as algorithm, k.policy_id as policy_id, k.securitymodule_id as securitymodule_id, k.size as size,
    k.compromisedflag as compromisedflag
from keypairs k left join zones z where k.policy_id = z.policy_id )  v 
left outer join dnsseckeys d
on d.zone_id = v.zone_id
and d.keypair_id = v.id;

-- insert default data

-- default categories
insert into categories (id, name) values (1, "signature");
insert into categories (id, name) values (2, "denial");
insert into categories (id, name) values (3, "ksk");
insert into categories (id, name) values (4, "zsk");
insert into categories (id, name) values (5, "keys");
insert into categories (id, name) values (6, "enforcer");
insert into categories (id, name) values (7, "zone");
insert into categories (id, name) values (8, "parent");

-- default serial number modes
insert into serialmodes (id, name, description) values (1, "unixtime", "seconds since 1 Jan 1970");
insert into serialmodes (id, name, description) values (2, "counter", "add one everytime updated");
insert into serialmodes (id, name, description) values (3, "datecounter", "YYYYMMDDXX");
insert into serialmodes (id, name, description) values (4, "keep", "Signer should not change the serial");

-- default parameters
insert into parameters (name, description, category_id) select "resign", "re-signing interval", id from categories where name="signature";
insert into parameters (name, description, category_id) select "refresh", "how old a signature may become before it needs to be re-signed",id from categories where name="signature";
insert into parameters (name, description, category_id) select "jitter", "jitter to use in signature inception and expiration times", id from categories where name="signature";
insert into parameters (name, description, category_id) select "clockskew", "estimated max clockskew expected in clients", id from categories where name="signature";
insert into parameters (name, description, category_id) select "ttl", "ttl for RRSIGS", id from categories where name="signature";
insert into parameters (name, description, category_id) select "valdefault", "signature validity period", id from categories where name="signature";
insert into parameters (name, description, category_id) select "valdenial", "nsec(3) validity period", id from categories where name="signature";

insert into parameters (name, description, category_id) select "ttl", "ttl for nsec(3) rrs", id from categories where name="denial";
insert into parameters (name, description, category_id) select "version", "nsec version (0 or 3)", id from categories where name="denial";
insert into parameters (name, description, category_id) select "optout", "opt out flag for nsec3", id from categories where name="denial";
insert into parameters (name, description, category_id) select "resalt", "re-salting interval", id from categories where name="denial";
insert into parameters (name, description, category_id) select "algorithm", "nsec3 algorithm", id from categories where name="denial";
insert into parameters (name, description, category_id) select "iterations", "nsec3 iterations", id from categories where name="denial";
insert into parameters (name, description, category_id) select "saltlength", "nsec3 salt length", id from categories where name="denial";

insert into parameters (name, description, category_id) select "ttl", "ttl for ksk rrs", id from categories where name="keys";
insert into parameters (name, description, category_id) select "retiresafety", "ksk retirement safety factor", id from categories where name="keys";
insert into parameters (name, description, category_id) select "publishsafety", "ksk publish safety factor", id from categories where name="keys";

insert into parameters (name, description, category_id) select "algorithm", "ksk algorithm", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "bits", "ksk key size", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "lifetime", "ksk lifetime", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "standby", "number of ksks is use at any one time", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "repository", "default ksk sm (for newly generated keys)", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "rfc5011", "are we doing rfc5011?", id from categories where name="ksk";

insert into parameters (name, description, category_id) select "algorithm", "zsk algorithm", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "bits", "zsk key size", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "lifetime", "zsk lifetime", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "standby", "number of zsks is use at any one time", id from categories where name="zsk";
insert into parameters (name, description, category_id) select "repository", "default zsk sm (for newly generated keys)", id from categories where name="zsk";

insert into parameters (name, description, category_id) select "propagationdelay", "Dp", id from categories where name="zone";
insert into parameters (name, description, category_id) select "ttl", "ttl of the soa", id from categories where name="zone";
insert into parameters (name, description, category_id) select "min", "min of the soa", id from categories where name="zone";
insert into parameters (name, description, category_id) select "serial", "how serial no are changed", id from categories where name="zone";

insert into parameters (name, description, category_id) select "propagationdelay", "Dp", id from categories where name="parent";
insert into parameters (name, description, category_id) select "ttl", "ttl of the soa", id from categories where name="parent";
insert into parameters (name, description, category_id) select "min", "min of the soa", id from categories where name="parent";
insert into parameters (name, description, category_id) select "ttlds", "ttl of the ds", id from categories where name="parent";

--insert into parameters (name, description, category_id) select "keycreate", "policy for key creation 0=fill the hsm, 1=only generate minimum needed", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "interval", "run interval", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "keygeninterval", "interval between key generation runs", id from categories where name="enforcer";
insert into parameters (name, description, category_id) select "backupdelay", "how old must a new key be before it can be assumed to have been backed up", id from categories where name="enforcer";

insert into parameters (name, description, category_id) select "zones_share_keys", "do all zones on this policy share the same keys", id from categories where name="keys";
insert into parameters (name, description, category_id) select "registrationdelay", "Dr", id from categories where name="parent";

insert into parameters (name, description, category_id) select "manual_rollover", "Do not automatically roll ksks when their time is up", id from categories where name="ksk";
insert into parameters (name, description, category_id) select "manual_rollover", "Do not automatically roll zsks when their time is up", id from categories where name="zsk";

insert into parameters (name, description, category_id) select "purge", "interval that dead keys can stay in the database", id from categories where name="keys";

--insert into parameters (name, description, category_id) select "audit", "placeholder for audit tag", id from categories where name="audit";


-- Indexes for foreign keys
CREATE INDEX idx1 on dnsseckeys ( zone_id );
CREATE INDEX idx2 on dnsseckeys ( keypair_id );
CREATE INDEX idx3 on keypairs ( securitymodule_id );
CREATE INDEX idx4 on keypairs ( policy_id );
CREATE INDEX idx5 on zones ( policy_id );
CREATE INDEX idx6 on parameters ( category_id );
CREATE INDEX idx7 on parameters_policies ( parameter_id );
CREATE INDEX idx8 on parameters_policies ( policy_id );