[thirdparty/pdns.git] / pdns / zonemd.hh

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#pragma once

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "dnsname.hh"
#include "qtype.hh"
#include "dnsrecords.hh"
#include "validate.hh"

class ZoneParserTNG;

namespace pdns
{
class ZoneMD
{
public:
  enum class Config : uint8_t
  {
    Ignore,
    Validate,
    Require
  };
  enum class Result : uint8_t
  {
    OK,
    NoValidationDone,
    ValidationFailure
  };

  ZoneMD(DNSName zone) :
    d_zone(std::move(zone))
  {}
  void readRecords(ZoneParserTNG& zpt);
  void readRecords(const std::vector<DNSRecord>& records);
  void readRecord(const DNSRecord& record);
  void processRecord(const DNSRecord& record);
  void verify(bool& validationDone, bool& validationOK);

  // Return the zone's apex DNSKEYs
  [[nodiscard]] const std::set<shared_ptr<const DNSKEYRecordContent>>& getDNSKEYs() const
  {
    return d_dnskeys;
  }

  // Return the zone's apex RRSIGs
  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs(QType requestedType)
  {
    if (d_rrsigs.count(requestedType) == 0) {
      d_rrsigs[requestedType] = {};
    }
    return d_rrsigs[requestedType];
  }

  // Return the zone's apex ZONEMDs
  [[nodiscard]] std::vector<shared_ptr<const ZONEMDRecordContent>> getZONEMDs() const
  {
    std::vector<shared_ptr<const ZONEMDRecordContent>> ret;
    ret.reserve(d_zonemdRecords.size());
    for (const auto& zonemd : d_zonemdRecords) {
      ret.emplace_back(zonemd.second.record);
    }
    return ret;
  }

  // Return the zone's apex NSECs with signatures
  [[nodiscard]] const ContentSigPair& getNSECs() const
  {
    return d_nsecs;
  }

  // Return the zone's apex NSEC3s with signatures
  [[nodiscard]] const ContentSigPair& getNSEC3s() const
  {
    const auto item = d_nsec3s.find(d_nsec3label);
    return item == d_nsec3s.end() ? empty : d_nsec3s.at(d_nsec3label);
  }

  [[nodiscard]] const DNSName& getNSEC3Label() const
  {
    return d_nsec3label;
  }

  [[nodiscard]] const std::vector<shared_ptr<const NSEC3PARAMRecordContent>>& getNSEC3Params() const
  {
    return d_nsec3params;
  }

private:
  using RRSetKey_t = std::pair<DNSName, QType>;
  using RRVector_t = std::vector<std::shared_ptr<const DNSRecordContent>>;

  struct CanonRRSetKeyCompare
  {
    bool operator()(const RRSetKey_t& lhs, const RRSetKey_t& rhs) const
    {
      // FIXME surely we can be smarter here
      if (lhs.first.canonCompare(rhs.first)) {
        return true;
      }
      if (rhs.first.canonCompare(lhs.first)) {
        return false;
      }
      return lhs.second < rhs.second;
    }
  };

  using RRSetMap_t = std::map<RRSetKey_t, RRVector_t, CanonRRSetKeyCompare>;

  struct ZoneMDAndDuplicateFlag
  {
    const std::shared_ptr<const ZONEMDRecordContent> record;
    bool duplicate;
  };

  // scheme,hashalgo -> zonemdrecord,duplicate
  std::map<pair<uint8_t, uint8_t>, ZoneMDAndDuplicateFlag> d_zonemdRecords;

  RRSetMap_t d_resourceRecordSets;
  std::map<RRSetKey_t, uint32_t> d_resourceRecordSetTTLs;

  std::shared_ptr<const SOARecordContent> d_soaRecordContent;
  std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
  std::map<QType, std::vector<shared_ptr<const RRSIGRecordContent>>> d_rrsigs;
  std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
  ContentSigPair d_nsecs;
  map<DNSName, ContentSigPair> d_nsec3s;
  DNSName d_nsec3label;
  const DNSName d_zone;
  const ContentSigPair empty;
};

}
Commit	Line	Data
e21df721 O	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
	22	#pragma once
	23
efe79e15	24	#ifdef HAVE_CONFIG_H
e21df721	25	#include "config.h"
efe79e15 OM	26	#endif
	27
	28	#include "dnsname.hh"
	29	#include "qtype.hh"
	30	#include "dnsrecords.hh"
95b66e0d	31	#include "validate.hh"
e21df721	32
e21df721 O	33	class ZoneParserTNG;
	34
	35	namespace pdns
	36	{
efe79e15 OM	37	class ZoneMD
	38	{
	39	public:
5ee5e1e6 OM	40	enum class Config : uint8_t
	41	{
	42	Ignore,
af5b15bc OM	43	Validate,
af5b15bc OM	44	Require
5ee5e1e6 OM	45	};
	46	enum class Result : uint8_t
	47	{
	48	OK,
	49	NoValidationDone,
	50	ValidationFailure
	51	};
5ecf9d92	52
7dcdce8c OM	53	ZoneMD(DNSName zone) :
7dcdce8c OM	54	d_zone(std::move(zone))
efe79e15 OM	55	{}
efe79e15 OM	56	void readRecords(ZoneParserTNG& zpt);
5ecf9d92	57	void readRecords(const std::vector<DNSRecord>& records);
1c3bc297	58	void readRecord(const DNSRecord& record);
7dcdce8c	59	void processRecord(const DNSRecord& record);
efe79e15 OM	60	void verify(bool& validationDone, bool& validationOK);
efe79e15 OM	61
e5163239	62	// Return the zone's apex DNSKEYs
7dcdce8c	63	[[nodiscard]] const std::set<shared_ptr<const DNSKEYRecordContent>>& getDNSKEYs() const
e5163239 OM	64	{
	65	return d_dnskeys;
	66	}
	67
	68	// Return the zone's apex RRSIGs
c7f594e2	69	[[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs(QType requestedType)
e5163239	70	{
c7f594e2 OM	71	if (d_rrsigs.count(requestedType) == 0) {
	72	d_rrsigs[requestedType] = {};
	73	}
	74	return d_rrsigs[requestedType];
e5163239 OM	75	}
	76
	77	// Return the zone's apex ZONEMDs
7dcdce8c	78	[[nodiscard]] std::vector<shared_ptr<const ZONEMDRecordContent>> getZONEMDs() const
e5163239	79	{
d06dcda4	80	std::vector<shared_ptr<const ZONEMDRecordContent>> ret;
7dcdce8c	81	ret.reserve(d_zonemdRecords.size());
e5163239 OM	82	for (const auto& zonemd : d_zonemdRecords) {
	83	ret.emplace_back(zonemd.second.record);
	84	}
	85	return ret;
5e7dd5e9 OM	86	}
5e7dd5e9 OM	87
95b66e0d	88	// Return the zone's apex NSECs with signatures
7dcdce8c	89	[[nodiscard]] const ContentSigPair& getNSECs() const
95b66e0d OM	90	{
	91	return d_nsecs;
	92	}
	93
	94	// Return the zone's apex NSEC3s with signatures
7dcdce8c	95	[[nodiscard]] const ContentSigPair& getNSEC3s() const
95b66e0d	96	{
7dcdce8c OM	97	const auto item = d_nsec3s.find(d_nsec3label);
7dcdce8c OM	98	return item == d_nsec3s.end() ? empty : d_nsec3s.at(d_nsec3label);
95b66e0d OM	99	}
95b66e0d OM	100
7dcdce8c	101	[[nodiscard]] const DNSName& getNSEC3Label() const
2088c7b8	102	{
3cb47b35 OM	103	return d_nsec3label;
	104	}
	105
7dcdce8c	106	[[nodiscard]] const std::vector<shared_ptr<const NSEC3PARAMRecordContent>>& getNSEC3Params() const
2088c7b8 OM	107	{
	108	return d_nsec3params;
	109	}
	110
efe79e15	111	private:
d06dcda4 RG	112	using RRSetKey_t = std::pair<DNSName, QType>;
d06dcda4 RG	113	using RRVector_t = std::vector<std::shared_ptr<const DNSRecordContent>>;
efe79e15	114
5fca0ca2	115	struct CanonRRSetKeyCompare
efe79e15	116	{
7dcdce8c	117	bool operator()(const RRSetKey_t& lhs, const RRSetKey_t& rhs) const
efe79e15 OM	118	{
efe79e15 OM	119	// FIXME surely we can be smarter here
7dcdce8c	120	if (lhs.first.canonCompare(rhs.first)) {
efe79e15 OM	121	return true;
efe79e15 OM	122	}
7dcdce8c	123	if (rhs.first.canonCompare(lhs.first)) {
efe79e15 OM	124	return false;
efe79e15 OM	125	}
7dcdce8c	126	return lhs.second < rhs.second;
efe79e15 OM	127	}
	128	};
	129
d06dcda4	130	using RRSetMap_t = std::map<RRSetKey_t, RRVector_t, CanonRRSetKeyCompare>;
efe79e15 OM	131
	132	struct ZoneMDAndDuplicateFlag
	133	{
d06dcda4	134	const std::shared_ptr<const ZONEMDRecordContent> record;
efe79e15 OM	135	bool duplicate;
	136	};
	137
	138	// scheme,hashalgo -> zonemdrecord,duplicate
	139	std::map<pair<uint8_t, uint8_t>, ZoneMDAndDuplicateFlag> d_zonemdRecords;
	140
	141	RRSetMap_t d_resourceRecordSets;
	142	std::map<RRSetKey_t, uint32_t> d_resourceRecordSetTTLs;
	143
d06dcda4 RG	144	std::shared_ptr<const SOARecordContent> d_soaRecordContent;
d06dcda4 RG	145	std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
c7f594e2	146	std::map<QType, std::vector<shared_ptr<const RRSIGRecordContent>>> d_rrsigs;
d06dcda4	147	std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
95b66e0d	148	ContentSigPair d_nsecs;
2088c7b8	149	map<DNSName, ContentSigPair> d_nsec3s;
3cb47b35	150	DNSName d_nsec3label;
efe79e15	151	const DNSName d_zone;
2088c7b8	152	const ContentSigPair empty;
efe79e15	153	};
e21df721 O	154
e21df721 O	155	}