def Auditor.check_key_config(keys, unsigned_keys, key_cache, config, auditor)
keys.each {|l_rr|
found_unsigned = false
unsigned_keys.each {|uk|
if ((uk.key_tag == l_rr.key_tag) && (uk.key == l_rr.key) && (uk.name == l_rr.name))
found_unsigned = true
break
end
}
next if found_unsigned
if (!key_cache.include_key?l_rr)
l_rr.public_key
if (l_rr.sep_key?)
if !Auditor.match_key_config(l_rr, config.keys.ksks)
auditor.log(LOG_ERR, "New KSK DNSKEY has incorrect algorithm (was #{l_rr.algorithm}) or alg_length (was #{l_rr.key_length})")
end
else
if !Auditor.match_key_config(l_rr, config.keys.zsks)
auditor.log(LOG_ERR, "New ZSK DNSKEY has incorrect algorithm (was #{l_rr.algorithm}) or alg_length (was #{l_rr.key_length})")
end
end
if (l_rr.flags & ~RR::DNSKEY::SEP_KEY & ~RR::DNSKEY::REVOKED_KEY & ~RR::DNSKEY::ZONE_KEY > 0)
auditor.log(LOG_ERR, "DNSKEY has invalid flags : #{l_rr}")
end
if (config.keys.ttl != l_rr.ttl)
auditor.log(LOG_ERR, "Key #{l_rr.key_tag} has incorrect TTL : #{l_rr.ttl} instead of zone policy #{config.keys.ttl}")
end
end
}
end