def check_key(key, type, policy, kasp_file, denial_type)
alg = key.elements['Algorithm'].text
if (denial_type == "NSEC3")
if (!(["6","7","8","10"].include?alg))
log(LOG_ERR, "In policy #{policy}, incompatible algorithm (#{alg}) used for #{type} NSEC3" +
" in #{kasp_file} - should be 6,7,8 or 10")
end
end
begin
key_length = key.elements['Algorithm'].attributes['length'].to_i
if (key_length < 1024)
log(LOG_WARNING, "Key length of #{key_length} used for #{type} in #{policy}"+
" policy in #{kasp_file}. Should probably be 1024 or more")
elsif (key_length > 4096)
log(LOG_WARNING, "Key length of #{key_length} used for #{type} in #{policy}"+
" policy in #{kasp_file}. Should probably be 4096 or less")
end
rescue Exception
end
repository = key.elements['Repository'].text
if (!@repositories.keys.include?repository)
log(LOG_ERR, "Unknown repository (#{repository}) defined for #{type} in"+
" #{policy} policy in #{kasp_file}")
end
end