From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Thu, 27 Jan 2011 12:59:01 +0000 (+0000)
Subject: further spiff up verify-crypto, now correctly processes samples from draft-ietf-dnsex... 
X-Git-Tag: auth-3.0~328
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c3e260948e640ec84c161ad1d6eba9ce50c30224;p=thirdparty%2Fpdns.git

further spiff up verify-crypto, now correctly processes samples from draft-ietf-dnsext-ecdsa


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1919 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index cc67d00445..ecab770f13 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -182,19 +182,25 @@ void verifyCrypto(const string& zone)
   DNSResourceRecord rr;
   DNSKEYRecordContent drc;
   RRSIGRecordContent rrc;
+  DSRecordContent dsrc;
   vector<shared_ptr<DNSRecordContent> > toSign;
   unsigned int ttl;
-  string qname;
-  
+  string qname, apex;
+  dsrc.d_digesttype=0;
   while(zpt.get(rr)) {
     if(rr.qtype.getCode() == QType::DNSKEY) {
       cerr<<"got DNSKEY!"<<endl;
+      apex=rr.qname;
       drc = *dynamic_cast<DNSKEYRecordContent*>(DNSRecordContent::mastermake(QType::DNSKEY, 1, rr.content));
     }
     else if(rr.qtype.getCode() == QType::RRSIG) {
       cerr<<"got RRSIG"<<endl;
       rrc = *dynamic_cast<RRSIGRecordContent*>(DNSRecordContent::mastermake(QType::RRSIG, 1, rr.content));
     }
+    else if(rr.qtype.getCode() == QType::DS) {
+      cerr<<"got DS"<<endl;
+      dsrc = *dynamic_cast<DSRecordContent*>(DNSRecordContent::mastermake(QType::DS, 1, rr.content));
+    }
     else {
       qname = rr.qname;
       ttl = rr.ttl;
@@ -203,7 +209,12 @@ void verifyCrypto(const string& zone)
   }
   DNSPrivateKey* dpk = DNSPrivateKey::makeFromPublicKeyString(drc.d_algorithm, drc.d_key);
   string hash = getHashForRRSET(qname, rrc, toSign);        
+  
   cerr<<"Verify: "<<dpk->verify(hash, rrc.d_signature)<<endl;
+  if(dsrc.d_digesttype) {
+    cerr<<"Calculated DS: "<<apex<<" IN DS "<<makeDSFromDNSKey(apex, drc, dsrc.d_digesttype).getZoneRepresentation()<<endl;
+    cerr<<"Original DS:   "<<apex<<" IN DS "<<dsrc.getZoneRepresentation()<<endl;
+  }
 }
 
 void showZone(DNSSECKeeper& dk, const std::string& zone)