From: Bob Halley Date: Tue, 13 Dec 2022 02:17:43 +0000 (-0800) Subject: Improve DNSSEC _doco, minor DNSSEC and typing tweaks. X-Git-Tag: v2.3.0rc1~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ca9f814fc2cd80f36a8c358e1b88138e2aa2639e;p=thirdparty%2Fdnspython.git Improve DNSSEC _doco, minor DNSSEC and typing tweaks. --- diff --git a/dns/asyncresolver.py b/dns/asyncresolver.py index 14a25a3b..506530e2 100644 --- a/dns/asyncresolver.py +++ b/dns/asyncresolver.py @@ -126,7 +126,7 @@ class Resolver(dns.resolver.BaseResolver): return answer async def resolve_address( - self, ipaddr: str, *args: Any, **kwargs: Dict[str, Any] + self, ipaddr: str, *args: Any, **kwargs: Any ) -> dns.resolver.Answer: """Use an asynchronous resolver to run a reverse query for PTR records. @@ -235,7 +235,7 @@ async def resolve( async def resolve_address( - ipaddr: str, *args: Any, **kwargs: Dict[str, Any] + ipaddr: str, *args: Any, **kwargs: Any ) -> dns.resolver.Answer: """Use a resolver to run a reverse query for PTR records. diff --git a/dns/dnssec.py b/dns/dnssec.py index c4aff957..11f0701e 100644 --- a/dns/dnssec.py +++ b/dns/dnssec.py @@ -529,8 +529,8 @@ def _sign( private_key: PrivateKey, signer: dns.name.Name, dnskey: DNSKEY, - inception: Optional[Union[datetime, str, float]] = None, - expiration: Optional[Union[datetime, str, float]] = None, + inception: Optional[Union[datetime, str, int, float]] = None, + expiration: Optional[Union[datetime, str, int, float]] = None, lifetime: Optional[int] = None, verify: bool = False, ) -> RRSIG: @@ -548,13 +548,22 @@ def _sign( *dnskey*, a ``DNSKEY`` matching ``private_key``. - *inception*, a ``datetime``, ``str``, or ``float``, signature inception; defaults to now. + *inception*, a ``datetime``, ``str``, ``int``, ``float`` or ``None``, the + signature inception time. If ``None``, the current time is used. If a ``str``, the + format is "YYYYMMDDHHMMSS" or alternatively the number of seconds since the UNIX + epoch in text form; this is the same the RRSIG rdata's text form. + Values of type `int` or `float` are interpreted as seconds since the UNIX epoch. - *expiration*, a ``datetime``, ``str`` or ``float``, signature expiration. May be specified as lifetime. + *expiration*, a ``datetime``, ``str``, ``int``, ``float`` or ``None``, the signature + expiration time. If ``None``, the expiration time will be the inception time plus + the value of the *lifetime* parameter. See the description of *inception* above + for how the various parameter types are interpreted. - *lifetime*, an ``int`` specifiying the signature lifetime in seconds. + *lifetime*, an ``int`` or ``None``, the signature lifetime in seconds. This + parameter is only meaningful if *expiration* is ``None``. - *verify*, a ``bool`` set to ``True`` if the signer should verify issued signaures. + *verify*, a ``bool``. If set to ``True``, the signer will verify signatures + after they are created; the default is ``False``. """ if isinstance(rrset, tuple): @@ -652,19 +661,7 @@ def _sign( else: raise TypeError("Unsupported key algorithm") - return RRSIG( - rdclass=rrsig_template.rdclass, - rdtype=rrsig_template.rdtype, - type_covered=rrsig_template.type_covered, - algorithm=rrsig_template.algorithm, - labels=rrsig_template.labels, - original_ttl=rrsig_template.original_ttl, - expiration=rrsig_template.expiration, - inception=rrsig_template.inception, - key_tag=rrsig_template.key_tag, - signer=rrsig_template.signer, - signature=signature, - ) + return cast(RRSIG, rrsig_template.replace(signature=signature)) def _make_rrsig_signature_data( @@ -797,13 +794,9 @@ def _make_dnskey( else: raise ValueError("unsupported ECDSA curve") - try: - if isinstance(algorithm, str): - algorithm = Algorithm[algorithm.upper()] - except Exception: - raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm) + the_algorithm = Algorithm.make(algorithm) - _ensure_algorithm_key_combination(algorithm, public_key) + _ensure_algorithm_key_combination(the_algorithm, public_key) if isinstance(public_key, rsa.RSAPublicKey): key_bytes = encode_rsa_public_key(public_key) @@ -827,7 +820,7 @@ def _make_dnskey( rdtype=dns.rdatatype.DNSKEY, flags=flags, protocol=protocol, - algorithm=algorithm, + algorithm=the_algorithm, key=key_bytes, ) diff --git a/dns/rdata.py b/dns/rdata.py index 5c70214b..1dd6ed90 100644 --- a/dns/rdata.py +++ b/dns/rdata.py @@ -414,7 +414,7 @@ class Rdata: ) -> "Rdata": raise NotImplementedError # pragma: no cover - def replace(self, **kwargs: Dict[str, Any]) -> "Rdata": + def replace(self, **kwargs: Any) -> "Rdata": """ Create a new Rdata instance based on the instance replace was invoked on. It is possible to pass different parameters to diff --git a/dns/resolver.py b/dns/resolver.py index 350cc33b..a5b66c1d 100644 --- a/dns/resolver.py +++ b/dns/resolver.py @@ -1271,9 +1271,7 @@ class Resolver(BaseResolver): True, ) - def resolve_address( - self, ipaddr: str, *args: Any, **kwargs: Dict[str, Any] - ) -> Answer: + def resolve_address(self, ipaddr: str, *args: Any, **kwargs: Any) -> Answer: """Use a resolver to run a reverse query for PTR records. This utilizes the resolve() method to perform a PTR lookup on the @@ -1413,7 +1411,7 @@ def query( ) -def resolve_address(ipaddr: str, *args: Any, **kwargs: Dict[str, Any]) -> Answer: +def resolve_address(ipaddr: str, *args: Any, **kwargs: Any) -> Answer: """Use a resolver to run a reverse query for PTR records. See ``dns.resolver.Resolver.resolve_address`` for more information on the diff --git a/dns/rrset.py b/dns/rrset.py index 4217a04a..3f22a90c 100644 --- a/dns/rrset.py +++ b/dns/rrset.py @@ -92,9 +92,7 @@ class RRset(dns.rdataset.Rdataset): return False return super().__eq__(other) - def match( # type: ignore[override] - self, *args: Any, **kwargs: Dict[str, Any] - ) -> bool: + def match(self, *args: Any, **kwargs: Any) -> bool: # type: ignore[override] """Does this rrset match the specified attributes? Behaves as :py:func:`full_match()` if the first argument is a