From 4bd1488d27eaedb5cc5c37ce4ab280b646e5bae4 Mon Sep 17 00:00:00 2001
From: Shreyas Zare <shreyas@technitium.com>
Date: Sat, 23 Apr 2022 17:47:03 +0530
Subject: [PATCH] DnssecPrivateKey: added validation check in RolloverDays.

---
 DnsServerCore/Dns/Dnssec/DnssecPrivateKey.cs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/DnsServerCore/Dns/Dnssec/DnssecPrivateKey.cs b/DnsServerCore/Dns/Dnssec/DnssecPrivateKey.cs
index 6b8f8876..184d7820 100644
--- a/DnsServerCore/Dns/Dnssec/DnssecPrivateKey.cs
+++ b/DnsServerCore/Dns/Dnssec/DnssecPrivateKey.cs
@@ -340,6 +340,18 @@ namespace DnsServerCore.Dns.Dnssec
                 {
                     if (value > 365)
                         throw new ArgumentOutOfRangeException(nameof(RolloverDays), "Zone Signing Key (ZSK) automatic rollover days valid range is 0-365.");
+
+                    switch (_state)
+                    {
+                        case DnssecPrivateKeyState.Generated:
+                        case DnssecPrivateKeyState.Published:
+                        case DnssecPrivateKeyState.Ready:
+                        case DnssecPrivateKeyState.Active:
+                            break;
+
+                        default:
+                            throw new ArgumentOutOfRangeException(nameof(RolloverDays), "Zone Signing Key (ZSK) automatic rollover cannot be set due to invalid key state.");
+                    }
                 }
                 else
                 {