[thirdparty/pdns.git] / pdns / zonemd.hh

/*
 * This file is part of PowerDNS or dnsdist.
 * Copyright -- PowerDNS.COM B.V. and its contributors
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of version 2 of the GNU General Public License as
 * published by the Free Software Foundation.
 *
 * In addition, for the avoidance of any doubt, permission is granted to
 * link this program with OpenSSL and to (re)distribute the binaries
 * produced as the result of such linking.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
#pragma once

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "dnsname.hh"
#include "qtype.hh"
#include "dnsrecords.hh"
#include "validate.hh"

class ZoneParserTNG;

namespace pdns
{
class ZoneMD
{
public:
  enum class Config : uint8_t
  {
    Ignore,
    Validate,
    Require
  };
  enum class Result : uint8_t
  {
    OK,
    NoValidationDone,
    ValidationFailure
  };

  ZoneMD(DNSName zone) :
    d_zone(std::move(zone))
  {}
  void readRecords(ZoneParserTNG& zpt);
  void readRecords(const std::vector<DNSRecord>& records);
  void readRecord(const DNSRecord& record);
  void processRecord(const DNSRecord& record);
  void verify(bool& validationDone, bool& validationOK);

  // Return the zone's apex DNSKEYs
  [[nodiscard]] const std::set<shared_ptr<const DNSKEYRecordContent>>& getDNSKEYs() const
  {
    return d_dnskeys;
  }

  // Return the zone's apex RRSIGs
  [[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs() const
  {
    return d_rrsigs;
  }

  // Return the zone's apex ZONEMDs
  [[nodiscard]] std::vector<shared_ptr<const ZONEMDRecordContent>> getZONEMDs() const
  {
    std::vector<shared_ptr<const ZONEMDRecordContent>> ret;
    ret.reserve(d_zonemdRecords.size());
    for (const auto& zonemd : d_zonemdRecords) {
      ret.emplace_back(zonemd.second.record);
    }
    return ret;
  }

  // Return the zone's apex NSECs with signatures
  [[nodiscard]] const ContentSigPair& getNSECs() const
  {
    return d_nsecs;
  }

  // Return the zone's apex NSEC3s with signatures
  [[nodiscard]] const ContentSigPair& getNSEC3s() const
  {
    const auto item = d_nsec3s.find(d_nsec3label);
    return item == d_nsec3s.end() ? empty : d_nsec3s.at(d_nsec3label);
  }

  [[nodiscard]] const DNSName& getNSEC3Label() const
  {
    return d_nsec3label;
  }

  [[nodiscard]] const std::vector<shared_ptr<const NSEC3PARAMRecordContent>>& getNSEC3Params() const
  {
    return d_nsec3params;
  }

private:
  using RRSetKey_t = std::pair<DNSName, QType>;
  using RRVector_t = std::vector<std::shared_ptr<const DNSRecordContent>>;

  struct CanonRRSetKeyCompare
  {
    bool operator()(const RRSetKey_t& lhs, const RRSetKey_t& rhs) const
    {
      // FIXME surely we can be smarter here
      if (lhs.first.canonCompare(rhs.first)) {
        return true;
      }
      if (rhs.first.canonCompare(lhs.first)) {
        return false;
      }
      return lhs.second < rhs.second;
    }
  };

  using RRSetMap_t = std::map<RRSetKey_t, RRVector_t, CanonRRSetKeyCompare>;

  struct ZoneMDAndDuplicateFlag
  {
    const std::shared_ptr<const ZONEMDRecordContent> record;
    bool duplicate;
  };

  // scheme,hashalgo -> zonemdrecord,duplicate
  std::map<pair<uint8_t, uint8_t>, ZoneMDAndDuplicateFlag> d_zonemdRecords;

  RRSetMap_t d_resourceRecordSets;
  std::map<RRSetKey_t, uint32_t> d_resourceRecordSetTTLs;

  std::shared_ptr<const SOARecordContent> d_soaRecordContent;
  std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
  std::vector<shared_ptr<const RRSIGRecordContent>> d_rrsigs;
  std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
  ContentSigPair d_nsecs;
  map<DNSName, ContentSigPair> d_nsec3s;
  DNSName d_nsec3label;
  const DNSName d_zone;
  const ContentSigPair empty;
};

}
Commit	Line	Data
e21df721 O	1	/*
	2	* This file is part of PowerDNS or dnsdist.
	3	* Copyright -- PowerDNS.COM B.V. and its contributors
	4	*
	5	* This program is free software; you can redistribute it and/or modify
	6	* it under the terms of version 2 of the GNU General Public License as
	7	* published by the Free Software Foundation.
	8	*
	9	* In addition, for the avoidance of any doubt, permission is granted to
	10	* link this program with OpenSSL and to (re)distribute the binaries
	11	* produced as the result of such linking.
	12	*
	13	* This program is distributed in the hope that it will be useful,
	14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	16	* GNU General Public License for more details.
	17	*
	18	* You should have received a copy of the GNU General Public License
	19	* along with this program; if not, write to the Free Software
	20	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
	21	*/
	22	#pragma once
	23
efe79e15	24	#ifdef HAVE_CONFIG_H
e21df721	25	#include "config.h"
efe79e15 OM	26	#endif
	27
	28	#include "dnsname.hh"
	29	#include "qtype.hh"
	30	#include "dnsrecords.hh"
95b66e0d	31	#include "validate.hh"
e21df721	32
e21df721 O	33	class ZoneParserTNG;
	34
	35	namespace pdns
	36	{
efe79e15 OM	37	class ZoneMD
	38	{
	39	public:
5ee5e1e6 OM	40	enum class Config : uint8_t
	41	{
	42	Ignore,
af5b15bc OM	43	Validate,
af5b15bc OM	44	Require
5ee5e1e6 OM	45	};
	46	enum class Result : uint8_t
	47	{
	48	OK,
	49	NoValidationDone,
	50	ValidationFailure
	51	};
5ecf9d92	52
7dcdce8c OM	53	ZoneMD(DNSName zone) :
7dcdce8c OM	54	d_zone(std::move(zone))
efe79e15 OM	55	{}
efe79e15 OM	56	void readRecords(ZoneParserTNG& zpt);
5ecf9d92	57	void readRecords(const std::vector<DNSRecord>& records);
1c3bc297	58	void readRecord(const DNSRecord& record);
7dcdce8c	59	void processRecord(const DNSRecord& record);
efe79e15 OM	60	void verify(bool& validationDone, bool& validationOK);
efe79e15 OM	61
e5163239	62	// Return the zone's apex DNSKEYs
7dcdce8c	63	[[nodiscard]] const std::set<shared_ptr<const DNSKEYRecordContent>>& getDNSKEYs() const
e5163239 OM	64	{
	65	return d_dnskeys;
	66	}
	67
	68	// Return the zone's apex RRSIGs
7dcdce8c	69	[[nodiscard]] const std::vector<shared_ptr<const RRSIGRecordContent>>& getRRSIGs() const
e5163239 OM	70	{
	71	return d_rrsigs;
	72	}
	73
	74	// Return the zone's apex ZONEMDs
7dcdce8c	75	[[nodiscard]] std::vector<shared_ptr<const ZONEMDRecordContent>> getZONEMDs() const
e5163239	76	{
d06dcda4	77	std::vector<shared_ptr<const ZONEMDRecordContent>> ret;
7dcdce8c	78	ret.reserve(d_zonemdRecords.size());
e5163239 OM	79	for (const auto& zonemd : d_zonemdRecords) {
	80	ret.emplace_back(zonemd.second.record);
	81	}
	82	return ret;
5e7dd5e9 OM	83	}
5e7dd5e9 OM	84
95b66e0d	85	// Return the zone's apex NSECs with signatures
7dcdce8c	86	[[nodiscard]] const ContentSigPair& getNSECs() const
95b66e0d OM	87	{
	88	return d_nsecs;
	89	}
	90
	91	// Return the zone's apex NSEC3s with signatures
7dcdce8c	92	[[nodiscard]] const ContentSigPair& getNSEC3s() const
95b66e0d	93	{
7dcdce8c OM	94	const auto item = d_nsec3s.find(d_nsec3label);
7dcdce8c OM	95	return item == d_nsec3s.end() ? empty : d_nsec3s.at(d_nsec3label);
95b66e0d OM	96	}
95b66e0d OM	97
7dcdce8c	98	[[nodiscard]] const DNSName& getNSEC3Label() const
2088c7b8	99	{
3cb47b35 OM	100	return d_nsec3label;
	101	}
	102
7dcdce8c	103	[[nodiscard]] const std::vector<shared_ptr<const NSEC3PARAMRecordContent>>& getNSEC3Params() const
2088c7b8 OM	104	{
	105	return d_nsec3params;
	106	}
	107
efe79e15	108	private:
d06dcda4 RG	109	using RRSetKey_t = std::pair<DNSName, QType>;
d06dcda4 RG	110	using RRVector_t = std::vector<std::shared_ptr<const DNSRecordContent>>;
efe79e15	111
5fca0ca2	112	struct CanonRRSetKeyCompare
efe79e15	113	{
7dcdce8c	114	bool operator()(const RRSetKey_t& lhs, const RRSetKey_t& rhs) const
efe79e15 OM	115	{
efe79e15 OM	116	// FIXME surely we can be smarter here
7dcdce8c	117	if (lhs.first.canonCompare(rhs.first)) {
efe79e15 OM	118	return true;
efe79e15 OM	119	}
7dcdce8c	120	if (rhs.first.canonCompare(lhs.first)) {
efe79e15 OM	121	return false;
efe79e15 OM	122	}
7dcdce8c	123	return lhs.second < rhs.second;
efe79e15 OM	124	}
	125	};
	126
d06dcda4	127	using RRSetMap_t = std::map<RRSetKey_t, RRVector_t, CanonRRSetKeyCompare>;
efe79e15 OM	128
	129	struct ZoneMDAndDuplicateFlag
	130	{
d06dcda4	131	const std::shared_ptr<const ZONEMDRecordContent> record;
efe79e15 OM	132	bool duplicate;
	133	};
	134
	135	// scheme,hashalgo -> zonemdrecord,duplicate
	136	std::map<pair<uint8_t, uint8_t>, ZoneMDAndDuplicateFlag> d_zonemdRecords;
	137
	138	RRSetMap_t d_resourceRecordSets;
	139	std::map<RRSetKey_t, uint32_t> d_resourceRecordSetTTLs;
	140
d06dcda4 RG	141	std::shared_ptr<const SOARecordContent> d_soaRecordContent;
	142	std::set<shared_ptr<const DNSKEYRecordContent>> d_dnskeys;
	143	std::vector<shared_ptr<const RRSIGRecordContent>> d_rrsigs;
	144	std::vector<shared_ptr<const NSEC3PARAMRecordContent>> d_nsec3params;
95b66e0d	145	ContentSigPair d_nsecs;
2088c7b8	146	map<DNSName, ContentSigPair> d_nsec3s;
3cb47b35	147	DNSName d_nsec3label;
efe79e15	148	const DNSName d_zone;
2088c7b8	149	const ContentSigPair empty;
efe79e15	150	};
e21df721 O	151
e21df721 O	152	}