# File ../../auditor/lib/kasp_auditor/changed_config.rb, line 269 def check_key_config(store_keys, config_keys, timestamp) # There is a ZSK lifetime for each ZSK element in the Keys config - [alg, alg_length, standby, lifetime] tuple # How do we identify each ZSK tuple? by algorithm/length - and hope that all aren't changed at once? # Or can we simply identify ones which *have not* changed? # i.e. go through, and if we don't recognise a ZSK or KSK, then set the timestamp to the new timestamp for that ZSK/KSK # and remember to remove ones we have seen in the past if we no longer see them now! used_config_keys = [] store_keys.each {|key| zsk_unchanged = false config_index = 0 config_keys.each {|config_zsk| zsk_unchanged = ((config_zsk.algorithm == key.value[0]) && (config_zsk.alg_length == key.value[1]) && (config_zsk.standby == key.value[2]) && (config_zsk.standby == key.value[3])) break if zsk_unchanged config_index += 1 } if (zsk_unchanged) # Mark the fact that we have used this config_zsk used_config_keys.push(config_index) else # This ZSK is no longer found. So - do we create a new ZSK, and delete the old one? store_keys.delete(key) end } # Now what about the config_zsk blocks which have not been used? index = 0 config_keys.each {|config_key| next if (used_config_keys.include?index) # This config_zsk was not used - create a new ZSK Element for it k = Key.new([config_key.algorithm, config_key.alg_length, config_key.standby, config_key.lifetime], timestamp) store_keys.push(k) index += 1 } end