valid = false;
+ if (ldns_rr_list_rr_count(rrset) < 1) {
+ return LDNS_STATUS_ERR;
+ }
+
if (ldns_rr_list_rr_count(rrsig) < 1) {
return LDNS_STATUS_CRYPTO_NO_RRSIG;
}
}
}
-/* print some of the elements of a signature */
-void
-print_rrsig_abbr(FILE *fp, ldns_rr *sig) {
+static void
+print_class_type(FILE *fp, ldns_rr *r)
+{
ldns_lookup_table *lt;
- if (!sig) {
+ lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(r));
+ if (lt) {
+ fprintf(fp, " %s", lt->name);
+ } else {
+ fprintf(fp, " CLASS%d", ldns_rr_get_class(r));
+ }
+ /* okay not THE way - but the quickest */
+ switch (ldns_rr_get_type(r)) {
+ case LDNS_RR_TYPE_RRSIG:
+ fprintf(fp, " RRSIG ");
+ break;
+ case LDNS_RR_TYPE_DNSKEY:
+ fprintf(fp, " DNSKEY ");
+ break;
+ case LDNS_RR_TYPE_DS:
+ fprintf(fp, " DS ");
+ break;
+ default:
+ break;
+ }
+}
+
+
+void
+print_ds_abbr(FILE *fp, ldns_rr *ds)
+{
+ if (!ds || (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS)) {
return;
}
- if (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG) {
+ ldns_rdf_print(fp, ldns_rr_owner(ds));
+ fprintf(fp, " %d", (int)ldns_rr_ttl(ds));
+ print_class_type(fp, ds);
+ ldns_rdf_print(fp, ldns_rr_rdf(ds, 0)); fprintf(fp, " ");
+ ldns_rdf_print(fp, ldns_rr_rdf(ds, 1)); fprintf(fp, " ");
+ ldns_rdf_print(fp, ldns_rr_rdf(ds, 2)); fprintf(fp, " ");
+ ldns_rdf_print(fp, ldns_rr_rdf(ds, 3)); fprintf(fp, " ");
+}
+
+/* print some of the elements of a signature */
+void
+print_rrsig_abbr(FILE *fp, ldns_rr *sig) {
+ if (!sig || (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG)) {
return;
}
ldns_rdf_print(fp, ldns_rr_owner(sig));
fprintf(fp, " %d", (int)ldns_rr_ttl(sig));
-
- lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(sig));
- if (lt) {
- fprintf(fp, " %s", lt->name);
- } else {
- fprintf(fp, " CLASS%d", ldns_rr_get_class(sig));
- }
- fprintf(fp, " RRSIG ");
+ print_class_type(fp, sig);
/* print a number of rdf's */
/* typecovered */
ldns_rdf_print(fp, ldns_rr_rdf(sig, 7));
}
-void
-print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig)
-{
- size_t i;
-
- for(i = 0; i < ldns_rr_list_rr_count(sig); i++) {
- print_rrsig_abbr(fp, ldns_rr_list_rr(sig, i));
- fputs("\n", fp);
- }
-}
-
void
print_dnskey_abbr(FILE *fp, ldns_rr *key)
{
- ldns_lookup_table *lt;
- if (!key) {
- return;
- }
-
- if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) {
+ if (!key || (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY)) {
return;
}
ldns_rdf_print(fp, ldns_rr_owner(key));
fprintf(fp, " %d", (int)ldns_rr_ttl(key));
-
- lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(key));
- if (lt) {
- fprintf(fp, " %s", lt->name);
- } else {
- fprintf(fp, " CLASS%d", ldns_rr_get_class(key));
- }
- fprintf(fp, " DNSKEY ");
+ print_class_type(fp, key);
/* print a number of rdf's */
/* flags */
(int)ldns_rr_dnskey_key_size(key));
}
+
+void
+print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr)
+{
+ size_t i;
+
+ for(i = 0; i < ldns_rr_list_rr_count(sig); i++) {
+ print_rrsig_abbr(fp, ldns_rr_list_rr(sig, i));
+ if (usr) {
+ fprintf(fp, "%s", usr);
+ }
+ fputs("\n", fp);
+ }
+}
+
void
-print_dnskey_list_abbr(FILE *fp, ldns_rr_list *key)
+print_dnskey_list_abbr(FILE *fp, ldns_rr_list *key, char *usr)
{
size_t i;
for(i = 0; i < ldns_rr_list_rr_count(key); i++) {
print_dnskey_abbr(fp, ldns_rr_list_rr(key, i));
+ if (usr) {
+ fprintf(fp, "%s", usr);
+ }
+ fputs("\n", fp);
+ }
+}
+
+/* need extra arg to put something after the RR's */
+void
+print_ds_list_abbr(FILE *fp, ldns_rr_list *ds, char *usr)
+{
+ size_t i;
+
+ for(i = 0; i < ldns_rr_list_rr_count(ds); i++) {
+ print_ds_abbr(fp, ldns_rr_list_rr(ds, i));
+ if (usr) {
+ fprintf(fp, "%s", usr);
+ }
fputs("\n", fp);
}
}
* print some rdfs of a signature
*/
void print_rrsig_abbr(FILE *fp, ldns_rr *sig);
-
/**
- * print some rdfs of a signature list
+ * print some rdfs of a dnskey
*/
-void print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig);
-
+void print_dnskey_abbr(FILE *fp, ldns_rr *key);
/**
- * print some rdfs of a dnskey
+ * print some rdfs of a ds
*/
-void print_dnskey_abbr(FILE *fp, ldns_rr *sig);
+void print_ds_abbr(FILE *fp, ldns_rr *ds);
/**
* print some rdfs of a dnskey list
*/
-void print_dnskey_list_abbr(FILE *fp, ldns_rr_list *sig);
+void print_dnskey_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr);
+/**
+ * print some rdfs of a signature list
+ */
+void print_rrsig_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr);
+/**
+ * print some rdfs of a ds list
+ */
+void print_ds_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr);
/**
* Alloc some memory, with error checking
static ldns_rr_list *
get_dnssec_rr(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **sig)
{
- ldns_pkt *p;
- ldns_rr_list *rr;
- ldns_rr_list *sigs;
+ ldns_pkt *p = NULL;
+ ldns_rr_list *rr = NULL;
+ ldns_rr_list *sigs = NULL;
/* ldns_resolver_set_dnssec(r, true); */
if (!p) {
return NULL;
}
+ /* ldns_pkt_print(stdout, p); */
rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER);
- /* there must be a sig there too... */
+ /* there SHOULD be a sig there too... */
sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
ldns_rr_list *sig_list;
ldns_rr_list *ds_list;
- ldns_rr_list *validated_key; /* keys that are cryptographic 'good' */
- ldns_rr_list *validated_ds; /* ds that are cryptographic 'good' */
+ ldns_rr_list *validated; /* stuff (DNSKEY/DS) that are cryptographic 'good' */
secure = true;
authname = NULL;
res = ldns_resolver_new();
sig_list = ldns_rr_list_new();
- validated_key = ldns_rr_list_new();
- validated_ds = ldns_rr_list_new();
-
+ validated = ldns_rr_list_new();
- if (!p || !res || !sig_list) {
+ if (!p || !res || !sig_list || !validated) {
error("Memory allocation failed");
return NULL;
}
key_list = get_key(res, authname, &sig_list);
if (key_list) {
- if (ldns_verify(key_list, sig_list, key_list, NULL) == LDNS_STATUS_OK) {
- ldns_rr_list_push_rr_list(key_list, validated_key);
- printf(";; DNSSEC RRs\n");
- print_dnskey_list_abbr(stdout, key_list);
- print_rrsig_list_abbr(stdout, sig_list);
- } else {
- printf(";; DNSSEC RRs\n");
- print_dnskey_list_abbr(stdout, key_list);
- /*
- printf(";; RRSIG RRs\n");
- print_rrsig_list_abbr(stdout, sig_list);
- */
+
+
+ printf(";; DNSSEC RRs\n");
+ print_dnskey_list_abbr(stdout, key_list, NULL);
+ print_rrsig_list_abbr(stdout, sig_list, NULL);
+ print_rrsig_list_abbr(stdout, validated, NULL);
+#if 0
+ if (sig_list) {
+ if (ldns_verify(key_list, sig_list, key_list, validated) ==
+ LDNS_STATUS_OK) {
+ print_dnskey_list_abbr(stdout, validated, "[Validated]");
+ }
}
+#endif
- ds_list = get_ds(res, authname, &sig_list);
} else {
printf(";; No DNSSEC RRs found, not attemping validation\n");
}
+ ds_list = get_ds(res, authname, &sig_list);
+ if (ds_list) {
+ print_ds_list_abbr(stdout, ds_list, NULL);
+ }
+
/* /DNSSEC */
labels[i] = ldns_dname_left_chop(labels[i - 1]);
}
+ /* DNSSEC */
/* recurse on the name at this server */
for(i = (ssize_t)labels_count_current - 1; i >= 0; i--) {
- /* DNSSEC */
key_list = get_key(res, labels[i], &sig_list);
+ ds_list = get_ds(res, labels[i], &sig_list);
if (key_list) {
- if (ldns_verify(key_list, sig_list, key_list, NULL) == LDNS_STATUS_OK) {
- ldns_rr_list_push_rr_list(key_list, validated_key);
- printf(";; DNSSEC RRs\n");
- print_dnskey_list_abbr(stdout, key_list);
- print_rrsig_list_abbr(stdout, sig_list);
-
- } else {
- printf(";; DNSSEC RRs\n");
- print_dnskey_list_abbr(stdout, key_list);
- /*
- printf(";; RRSIG RRs\n");
- print_rrsig_list_abbr(stdout, sig_list); puts("");
- */
- }
-
- ds_list = get_ds(res, labels[i], &sig_list);
+ printf(";; DNSSEC RRs\n");
+ print_dnskey_list_abbr(stdout, key_list, NULL);
+ print_rrsig_list_abbr(stdout, sig_list, NULL);
} else {
printf(";; No DNSSEC RRs found, not attemping validation\n");
}
+ if (ds_list) {
+ print_ds_list_abbr(stdout, ds_list, NULL);
+
+ }
- /* /DNSSEC */
ldns_rr_list_deep_free(sig_list);
sig_list = ldns_rr_list_new();
puts("");
}
+ /* /DNSSEC */
#if 0
if (fromlen) {
*fromlen = flen;
}
- dprintf("from len %d\n", (int)flen);
- }
+ }
/* recvfrom can also return 0 */
if (wire_size == -1 || wire_size == 0) {
}
}
-/* code from rdata.c */
-/* the other way around - for lua-ldns */
ldns_rdf *
ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port)
{
projects / thirdparty / ldns.git / commitdiff
