357                  << params->getPosition() << 
")");
 
  366    if (credentials_cache) {
 
  370    string retry_interval_origin = 
"default";
 
  371    string retry_interval_location = 
"";
 
  374    if (global_retry_interval) {
 
  375        retry_interval_origin = 
"global";
 
  376        retry_interval_location += 
" (";
 
  377        retry_interval_location += global_retry_interval->getPosition().str();
 
  378        retry_interval_location += 
")";
 
  379        global_retry_val = global_retry_interval->intValue();
 
  380        if ((global_retry_val < 0) ||
 
  381            (global_retry_val > numeric_limits<uint32_t>::max())) {
 
  383                      "range [0.." << numeric_limits<uint32_t>::max()
 
  384                      << 
"]" << retry_interval_location);
 
  388    string rekey_interval_origin = 
"default";
 
  389    string rekey_interval_location = 
"";
 
  392    if (global_rekey_interval) {
 
  393        rekey_interval_origin = 
"global";
 
  394        rekey_interval_location += 
" (";
 
  395        rekey_interval_location += global_rekey_interval->getPosition().str();
 
  396        rekey_interval_location += 
")";
 
  397        global_rekey_val = global_rekey_interval->intValue();
 
  398        if ((global_rekey_val < 0) ||
 
  399            (global_rekey_val > numeric_limits<uint32_t>::max())) {
 
  401                      "range [0.." << numeric_limits<uint32_t>::max()
 
  402                      << 
"]" << rekey_interval_location);
 
  406    string tkey_lifetime_origin = 
"default";
 
  407    string tkey_lifetime_location = 
"";
 
  410    if (global_tkey_lifetime) {
 
  411        tkey_lifetime_origin = 
"global";
 
  412        tkey_lifetime_location += 
" (";
 
  413        tkey_lifetime_location += global_tkey_lifetime->getPosition().str();
 
  414        tkey_lifetime_location += 
")";
 
  415        global_tkey_lifetime_val = global_tkey_lifetime->intValue();
 
  416        if ((global_tkey_lifetime_val < 0) ||
 
  417            (global_tkey_lifetime_val > numeric_limits<uint32_t>::max())) {
 
  419                      "range [0.." << numeric_limits<uint32_t>::max()
 
  420                      << 
"]" << tkey_lifetime_location);
 
  424    if (global_retry_val >= global_rekey_val) {
 
  426                  << 
" 'retry-interval' parameter" 
  427                  << retry_interval_location << 
" must be smaller then the " 
  428                  << rekey_interval_origin << 
" 'rekey-interval' parameter" 
  429                  << retry_interval_location << 
": range [0.." 
  430                  << global_rekey_val << 
"]");
 
  433    if (global_rekey_val >= global_tkey_lifetime_val) {
 
  435                  << 
" 'rekey-interval' parameter" 
  436                  << rekey_interval_location << 
" must be smaller than the " 
  437                  << tkey_lifetime_origin << 
" 'tkey-lifetime' parameter" 
  438                  << tkey_lifetime_location << 
": range [0.." 
  439                  << global_tkey_lifetime_val << 
"]");
 
  443    if (global_tkey_proto) {
 
  444        string val = global_tkey_proto->stringValue();
 
  445        if ((val != 
"UDP") && (val != 
"TCP")) {
 
  447                      "or TCP (" << global_tkey_proto->getPosition() << 
")");
 
  454    if (global_tkey_timeout) {
 
  455        int64_t val = global_tkey_timeout->intValue();
 
  456        if ((val < 0) || (val > numeric_limits<uint32_t>::max())) {
 
  458                      "range [0.." << numeric_limits<uint32_t>::max()
 
  459                      << 
"] (" << global_tkey_timeout->getPosition() << 
")");
 
  468    uint32_t max_tkey_lifetime = 0;
 
  469    for (
auto const& map : servers->listValue()) {
 
  475                      "maps (" << map->getPosition() << 
")");
 
  481                      << map->getPosition() << 
")");
 
  487                      "gss_tsig server entry (" << map->getPosition() << 
")");
 
  489        const string& 
id = id_elem->stringValue();
 
  492                      "gss_tsig server entry (" << map->getPosition() << 
")");
 
  496                      "gss_tsig server entry (" << map->getPosition() << 
")");
 
  501        if (domains_list && !domains_list->empty()) {
 
  502            for (
auto const& domain : domains_list->listValue()) {
 
  508                              << 
"must contain only strings (" 
  509                              << domain->getPosition() << 
")");
 
  512                static_cast<void>(domains.insert(domain->stringValue()));
 
  520                      "gss_tsig server entry (" << map->getPosition() << 
")");
 
  523            IOAddress addr(ip_address->stringValue());
 
  524            if (map->contains(
"port")) {
 
  526                                                      numeric_limits<uint16_t>::max()));
 
  527                srv.reset(
new DnsServer(
id, domains, addr,
 
  528                                        static_cast<uint16_t
>(port)));
 
  530                srv.reset(
new DnsServer(
id, domains, addr));
 
  534        } 
catch (
const std::exception& ex) {
 
  536                      << 
" (" << map->getPosition() << 
")");
 
  540        bool server_principal_global = 
false;
 
  541        if (!server_principal) {
 
  542            server_principal = params->get(
"server-principal");
 
  543            server_principal_global = 
true;
 
  545        if (!server_principal) {
 
  547                      "gss_tsig server entry (" << map->getPosition() << 
")");
 
  549        srv->setServerPrincipal(server_principal->stringValue());
 
  551            srv->buildKeyNameSuffix();
 
  552        } 
catch (
const std::exception& ex) {
 
  553            if (server_principal_global) {
 
  556                          << server_principal->getPosition() << 
")");
 
  559                          << 
" (" << server_principal->getPosition() << 
")");
 
  564        if (!gss_replay_flag) {
 
  565            gss_replay_flag = params->get(
"gss-replay-flag");
 
  567        if (gss_replay_flag) {
 
  568            srv->setGssReplayFlag(gss_replay_flag->boolValue());
 
  572        if (!gss_sequence_flag) {
 
  573            gss_sequence_flag = params->get(
"gss-sequence-flag");
 
  575        if (gss_sequence_flag) {
 
  576            srv->setGssSequenceFlag(gss_sequence_flag->boolValue());
 
  580        if (!cred_principal) {
 
  581            cred_principal = params->get(
"client-principal");
 
  583        if (cred_principal) {
 
  584            srv->setClientPrincipal(cred_principal->stringValue());
 
  587        retry_interval_location = 
"";
 
  589        if (!retry_interval) {
 
  590            retry_interval = global_retry_interval;
 
  592            retry_interval_origin = 
"server";
 
  595        if (retry_interval) {
 
  596            retry_interval_location += 
" (";
 
  597            retry_interval_location += retry_interval->getPosition().str();
 
  598            retry_interval_location += 
")";
 
  599            retry_val = retry_interval->intValue();
 
  600            if ((retry_val < 0) ||
 
  601                (retry_val > numeric_limits<uint32_t>::max())) {
 
  603                          "range [0.." << numeric_limits<uint32_t>::max()
 
  604                          << 
"]" << retry_interval_location);
 
  606            srv->setRetryInterval(retry_val);
 
  609        rekey_interval_location = 
"";
 
  611        if (!rekey_interval) {
 
  612            rekey_interval = global_rekey_interval;
 
  614            rekey_interval_origin = 
"server";
 
  617        if (rekey_interval) {
 
  618            rekey_interval_location += 
" (";
 
  619            rekey_interval_location += rekey_interval->getPosition().str();
 
  620            rekey_interval_location += 
")";
 
  621            rekey_val = rekey_interval->intValue();
 
  622            if ((rekey_val < 0) ||
 
  623                (rekey_val > numeric_limits<uint32_t>::max())) {
 
  625                          "range [0.." << numeric_limits<uint32_t>::max()
 
  626                          << 
"]" << rekey_interval_location);
 
  628            srv->setRekeyInterval(rekey_val);
 
  631        tkey_lifetime_location = 
"";
 
  633        if (!tkey_lifetime) {
 
  634            tkey_lifetime = global_tkey_lifetime;
 
  636            tkey_lifetime_origin = 
"server";
 
  640            tkey_lifetime_location += 
" (";
 
  641            tkey_lifetime_location += tkey_lifetime->getPosition().str();
 
  642            tkey_lifetime_location += 
")";
 
  643            tkey_lifetime_val = tkey_lifetime->intValue();
 
  644            if ((tkey_lifetime_val < 0) ||
 
  645                (tkey_lifetime_val > numeric_limits<uint32_t>::max())) {
 
  647                          "range [0.." << numeric_limits<uint32_t>::max()
 
  648                          << 
"]" << tkey_lifetime_location);
 
  650            srv->setKeyLifetime(tkey_lifetime_val);
 
  652        if (tkey_lifetime_val > max_tkey_lifetime) {
 
  653            max_tkey_lifetime = tkey_lifetime_val;
 
  656        if (retry_val >= rekey_val) {
 
  658                      << 
" 'retry-interval' parameter" 
  659                      << retry_interval_location << 
" must be smaller then the " 
  660                      << rekey_interval_origin << 
" 'rekey-interval' parameter" 
  661                      << retry_interval_location << 
": range [0.." 
  662                      << rekey_val << 
"]");
 
  665        if (rekey_val >= tkey_lifetime_val) {
 
  667                      << 
" 'rekey-interval' parameter" 
  668                      << rekey_interval_location << 
" must be smaller than the " 
  669                      << tkey_lifetime_origin << 
" 'tkey-lifetime' parameter" 
  670                      << tkey_lifetime_location << 
": range [0.." 
  671                      << tkey_lifetime_val << 
"]");
 
  676            tkey_proto = global_tkey_proto;
 
  679            string val = tkey_proto->stringValue();
 
  682            } 
else if (val == 
"TCP") {
 
  686                          "or TCP (" << tkey_proto->getPosition() << 
")");
 
  692            fallback = global_fallback;
 
  695            srv->setFallback(fallback->boolValue());
 
  700            tkey_timeout = global_tkey_timeout;
 
  703            int64_t val = tkey_timeout->intValue();
 
  704            if ((val < 0) || (val > numeric_limits<uint32_t>::max())) {
 
  706                          "range [0.." << numeric_limits<uint32_t>::max()
 
  707                          << 
"] (" << tkey_timeout->getPosition() << 
")");
 
  709            srv->setExchangeTimeout(val);