data += rrsig.to_wire(origin=origin)[:18]
data += rrsig.signer.to_digestable(origin)
- if rrsig.labels < len(rrname) - 1:
+ # Derelativize the name before considering labels.
+ rrname = rrname.derelativize(origin)
+
+ if len(rrname) - 1 < rrsig.labels:
+ raise ValidationFailure('owner name longer than RRSIG labels')
+ elif rrsig.labels < len(rrname) - 1:
suffix = rrname.split(rrsig.labels + 1)[1]
rrname = dns.name.from_text('*', suffix)
- rrnamebuf = rrname.to_digestable(origin)
+ rrnamebuf = rrname.to_digestable()
rrfixed = struct.pack('!HHI', rdataset.rdtype, rdataset.rdclass,
rrsig.original_ttl)
rrlist = sorted(rdataset)
dns.dnssec.validate(rsasha512_ns, rsasha512_ns_rrsig, rsasha512_keys,
None, rsasha512_when)
- def testWildcardGood(self):
+ def testWildcardGoodAndBad(self):
dns.dnssec.validate(wildcard_txt, wildcard_txt_rrsig,
wildcard_keys, None, wildcard_when)
dns.dnssec.validate(abc_txt, abc_txt_rrsig, wildcard_keys, None,
wildcard_when)
+ com_name = dns.name.from_text('com.')
+ com_txt = clone_rrset(wildcard_txt, com_name)
+ com_txt_rrsig = clone_rrset(wildcard_txt_rrsig, abc_name)
+ with self.assertRaises(dns.dnssec.ValidationFailure):
+ dns.dnssec.validate_rrsig(com_txt, com_txt_rrsig[0], wildcard_keys,
+ None, wildcard_when)
+
def testAlternateParameterFormats(self): # type: () -> None
# Pass rrset and rrsigset as (name, rdataset) tuples, not rrsets
rrset = (abs_soa.name, abs_soa.to_rdataset())
projects / thirdparty / dnspython.git / commitdiff
