From bfbdc2d77c11c10de4a146abb64055f501e81150 Mon Sep 17 00:00:00 2001 From: Bob Halley Date: Tue, 5 Apr 2011 15:04:02 +0100 Subject: [PATCH] remove old DNSSEC types --- dns/rdtypes/ANY/DNSKEY.py | 77 +++++++++++++++++- dns/rdtypes/ANY/KEY.py | 20 ----- dns/rdtypes/ANY/NXT.py | 99 ----------------------- dns/rdtypes/ANY/RRSIG.py | 141 +++++++++++++++++++++++++++++++- dns/rdtypes/ANY/SIG.py | 43 ---------- dns/rdtypes/ANY/__init__.py | 3 - dns/rdtypes/__init__.py | 2 - dns/rdtypes/keybase.py | 149 ---------------------------------- dns/rdtypes/sigbase.py | 155 ------------------------------------ tests/example | 41 +++++----- tests/example1.good | 9 +-- tests/example2.good | 9 +-- 12 files changed, 234 insertions(+), 514 deletions(-) delete mode 100644 dns/rdtypes/ANY/KEY.py delete mode 100644 dns/rdtypes/ANY/NXT.py delete mode 100644 dns/rdtypes/ANY/SIG.py delete mode 100644 dns/rdtypes/keybase.py delete mode 100644 dns/rdtypes/sigbase.py diff --git a/dns/rdtypes/ANY/DNSKEY.py b/dns/rdtypes/ANY/DNSKEY.py index ad66ef0c..dd417614 100644 --- a/dns/rdtypes/ANY/DNSKEY.py +++ b/dns/rdtypes/ANY/DNSKEY.py @@ -13,13 +13,82 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -import dns.rdtypes.keybase + +import struct + +import dns.exception +import dns.dnssec +import dns.rdata # flag constants SEP = 0x0001 REVOKE = 0x0080 ZONE = 0x0100 -class DNSKEY(dns.rdtypes.keybase.KEYBase): - """DNSKEY record""" - pass +class DNSKEY(dns.rdata.Rdata): + """DNSKEY record + + @ivar flags: the key flags + @type flags: int + @ivar protocol: the protocol for which this key may be used + @type protocol: int + @ivar algorithm: the algorithm used for the key + @type algorithm: int + @ivar key: the public key + @type key: string""" + + __slots__ = ['flags', 'protocol', 'algorithm', 'key'] + + def __init__(self, rdclass, rdtype, flags, protocol, algorithm, key): + super(DNSKEY, self).__init__(rdclass, rdtype) + self.flags = flags + self.protocol = protocol + self.algorithm = algorithm + self.key = key + + def to_text(self, origin=None, relativize=True, **kw): + return '%d %d %d %s' % (self.flags, self.protocol, self.algorithm, + dns.rdata._base64ify(self.key)) + + def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): + flags = tok.get_uint16() + protocol = tok.get_uint8() + algorithm = dns.dnssec.algorithm_from_text(tok.get_string()) + chunks = [] + while 1: + t = tok.get().unescape() + if t.is_eol_or_eof(): + break + if not t.is_identifier(): + raise dns.exception.SyntaxError + chunks.append(t.value) + b64 = ''.join(chunks) + key = b64.decode('base64_codec') + return cls(rdclass, rdtype, flags, protocol, algorithm, key) + + from_text = classmethod(from_text) + + def to_wire(self, file, compress = None, origin = None): + header = struct.pack("!HBB", self.flags, self.protocol, self.algorithm) + file.write(header) + file.write(self.key) + + def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): + if rdlen < 4: + raise dns.exception.FormError + header = struct.unpack('!HBB', wire[current : current + 4]) + current += 4 + rdlen -= 4 + key = wire[current : current + rdlen].unwrap() + return cls(rdclass, rdtype, header[0], header[1], header[2], + key) + + from_wire = classmethod(from_wire) + + def _cmp(self, other): + hs = struct.pack("!HBB", self.flags, self.protocol, self.algorithm) + ho = struct.pack("!HBB", other.flags, other.protocol, other.algorithm) + v = cmp(hs, ho) + if v == 0: + v = cmp(self.key, other.key) + return v diff --git a/dns/rdtypes/ANY/KEY.py b/dns/rdtypes/ANY/KEY.py deleted file mode 100644 index c8581edb..00000000 --- a/dns/rdtypes/ANY/KEY.py +++ /dev/null @@ -1,20 +0,0 @@ -# Copyright (C) 2003-2007, 2009, 2010 Nominum, Inc. -# -# Permission to use, copy, modify, and distribute this software and its -# documentation for any purpose with or without fee is hereby granted, -# provided that the above copyright notice and this permission notice -# appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import dns.rdtypes.keybase - -class KEY(dns.rdtypes.keybase.KEYBase): - """KEY record""" - pass diff --git a/dns/rdtypes/ANY/NXT.py b/dns/rdtypes/ANY/NXT.py deleted file mode 100644 index 0bfe2f30..00000000 --- a/dns/rdtypes/ANY/NXT.py +++ /dev/null @@ -1,99 +0,0 @@ -# Copyright (C) 2003-2007, 2009, 2010 Nominum, Inc. -# -# Permission to use, copy, modify, and distribute this software and its -# documentation for any purpose with or without fee is hereby granted, -# provided that the above copyright notice and this permission notice -# appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import dns.exception -import dns.rdata -import dns.rdatatype -import dns.name - -class NXT(dns.rdata.Rdata): - """NXT record - - @ivar next: the next name - @type next: dns.name.Name object - @ivar bitmap: the type bitmap - @type bitmap: string - @see: RFC 2535""" - - __slots__ = ['next', 'bitmap'] - - def __init__(self, rdclass, rdtype, next, bitmap): - super(NXT, self).__init__(rdclass, rdtype) - self.next = next - self.bitmap = bitmap - - def to_text(self, origin=None, relativize=True, **kw): - next = self.next.choose_relativity(origin, relativize) - bits = [] - for i in xrange(0, len(self.bitmap)): - byte = ord(self.bitmap[i]) - for j in xrange(0, 8): - if byte & (0x80 >> j): - bits.append(dns.rdatatype.to_text(i * 8 + j)) - text = ' '.join(bits) - return '%s %s' % (next, text) - - def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): - next = tok.get_name() - next = next.choose_relativity(origin, relativize) - bitmap = ['\x00', '\x00', '\x00', '\x00', - '\x00', '\x00', '\x00', '\x00', - '\x00', '\x00', '\x00', '\x00', - '\x00', '\x00', '\x00', '\x00' ] - while 1: - token = tok.get().unescape() - if token.is_eol_or_eof(): - break - if token.value.isdigit(): - nrdtype = int(token.value) - else: - nrdtype = dns.rdatatype.from_text(token.value) - if nrdtype == 0: - raise dns.exception.SyntaxError("NXT with bit 0") - if nrdtype > 127: - raise dns.exception.SyntaxError("NXT with bit > 127") - i = nrdtype // 8 - bitmap[i] = chr(ord(bitmap[i]) | (0x80 >> (nrdtype % 8))) - bitmap = dns.rdata._truncate_bitmap(bitmap) - return cls(rdclass, rdtype, next, bitmap) - - from_text = classmethod(from_text) - - def to_wire(self, file, compress = None, origin = None): - self.next.to_wire(file, None, origin) - file.write(self.bitmap) - - def to_digestable(self, origin = None): - return self.next.to_digestable(origin) + self.bitmap - - def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): - (next, cused) = dns.name.from_wire(wire[: current + rdlen], current) - current += cused - rdlen -= cused - bitmap = wire[current : current + rdlen].unwrap() - if not origin is None: - next = next.relativize(origin) - return cls(rdclass, rdtype, next, bitmap) - - from_wire = classmethod(from_wire) - - def choose_relativity(self, origin = None, relativize = True): - self.next = self.next.choose_relativity(origin, relativize) - - def _cmp(self, other): - v = cmp(self.next, other.next) - if v == 0: - v = cmp(self.bitmap, other.bitmap) - return v diff --git a/dns/rdtypes/ANY/RRSIG.py b/dns/rdtypes/ANY/RRSIG.py index 0e4816f6..d760cec9 100644 --- a/dns/rdtypes/ANY/RRSIG.py +++ b/dns/rdtypes/ANY/RRSIG.py @@ -13,8 +13,143 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -import dns.rdtypes.sigbase +import calendar +import struct +import time -class RRSIG(dns.rdtypes.sigbase.SIGBase): - """RRSIG record""" +import dns.dnssec +import dns.exception +import dns.rdata +import dns.rdatatype + +class BadSigTime(dns.exception.DNSException): + """Raised when a SIG or RRSIG RR's time cannot be parsed.""" pass + +def sigtime_to_posixtime(what): + if len(what) != 14: + raise BadSigTime + year = int(what[0:4]) + month = int(what[4:6]) + day = int(what[6:8]) + hour = int(what[8:10]) + minute = int(what[10:12]) + second = int(what[12:14]) + return calendar.timegm((year, month, day, hour, minute, second, + 0, 0, 0)) + +def posixtime_to_sigtime(what): + return time.strftime('%Y%m%d%H%M%S', time.gmtime(what)) + +class RRSIG(dns.rdata.Rdata): + """RRSIG record + + @ivar type_covered: the rdata type this signature covers + @type type_covered: int + @ivar algorithm: the algorithm used for the sig + @type algorithm: int + @ivar labels: number of labels + @type labels: int + @ivar original_ttl: the original TTL + @type original_ttl: long + @ivar expiration: signature expiration time + @type expiration: long + @ivar inception: signature inception time + @type inception: long + @ivar key_tag: the key tag + @type key_tag: int + @ivar signer: the signer + @type signer: dns.name.Name object + @ivar signature: the signature + @type signature: string""" + + __slots__ = ['type_covered', 'algorithm', 'labels', 'original_ttl', + 'expiration', 'inception', 'key_tag', 'signer', + 'signature'] + + def __init__(self, rdclass, rdtype, type_covered, algorithm, labels, + original_ttl, expiration, inception, key_tag, signer, + signature): + super(RRSIG, self).__init__(rdclass, rdtype) + self.type_covered = type_covered + self.algorithm = algorithm + self.labels = labels + self.original_ttl = original_ttl + self.expiration = expiration + self.inception = inception + self.key_tag = key_tag + self.signer = signer + self.signature = signature + + def covers(self): + return self.type_covered + + def to_text(self, origin=None, relativize=True, **kw): + return '%s %d %d %d %s %s %d %s %s' % ( + dns.rdatatype.to_text(self.type_covered), + self.algorithm, + self.labels, + self.original_ttl, + posixtime_to_sigtime(self.expiration), + posixtime_to_sigtime(self.inception), + self.key_tag, + self.signer, + dns.rdata._base64ify(self.signature) + ) + + def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): + type_covered = dns.rdatatype.from_text(tok.get_string()) + algorithm = dns.dnssec.algorithm_from_text(tok.get_string()) + labels = tok.get_int() + original_ttl = tok.get_ttl() + expiration = sigtime_to_posixtime(tok.get_string()) + inception = sigtime_to_posixtime(tok.get_string()) + key_tag = tok.get_int() + signer = tok.get_name() + signer = signer.choose_relativity(origin, relativize) + chunks = [] + while 1: + t = tok.get().unescape() + if t.is_eol_or_eof(): + break + if not t.is_identifier(): + raise dns.exception.SyntaxError + chunks.append(t.value) + b64 = ''.join(chunks) + signature = b64.decode('base64_codec') + return cls(rdclass, rdtype, type_covered, algorithm, labels, + original_ttl, expiration, inception, key_tag, signer, + signature) + + from_text = classmethod(from_text) + + def to_wire(self, file, compress = None, origin = None): + header = struct.pack('!HBBIIIH', self.type_covered, + self.algorithm, self.labels, + self.original_ttl, self.expiration, + self.inception, self.key_tag) + file.write(header) + self.signer.to_wire(file, None, origin) + file.write(self.signature) + + def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): + header = struct.unpack('!HBBIIIH', wire[current : current + 18]) + current += 18 + rdlen -= 18 + (signer, cused) = dns.name.from_wire(wire[: current + rdlen], current) + current += cused + rdlen -= cused + if not origin is None: + signer = signer.relativize(origin) + signature = wire[current : current + rdlen].unwrap() + return cls(rdclass, rdtype, header[0], header[1], header[2], + header[3], header[4], header[5], header[6], signer, + signature) + + from_wire = classmethod(from_wire) + + def choose_relativity(self, origin = None, relativize = True): + self.signer = self.signer.choose_relativity(origin, relativize) + + def _cmp(self, other): + return self._wire_cmp(other) diff --git a/dns/rdtypes/ANY/SIG.py b/dns/rdtypes/ANY/SIG.py deleted file mode 100644 index 47686a91..00000000 --- a/dns/rdtypes/ANY/SIG.py +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright (C) 2003-2007, 2009, 2010 Nominum, Inc. -# -# Permission to use, copy, modify, and distribute this software and its -# documentation for any purpose with or without fee is hereby granted, -# provided that the above copyright notice and this permission notice -# appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import struct - -import dns.rdtypes.sigbase - -class SIG(dns.rdtypes.sigbase.SIGBase): - """SIG record""" - def to_digestable(self, origin = None): - return struct.pack('!HBBIIIH', self.type_covered, - self.algorithm, self.labels, - self.original_ttl, self.expiration, - self.inception, self.key_tag) + \ - self.signer.to_digestable(origin) + \ - self.signature - def _cmp(self, other): - hs = struct.pack('!HBBIIIH', self.type_covered, - self.algorithm, self.labels, - self.original_ttl, self.expiration, - self.inception, self.key_tag) - ho = struct.pack('!HBBIIIH', other.type_covered, - other.algorithm, other.labels, - other.original_ttl, other.expiration, - other.inception, other.key_tag) - v = cmp(hs, ho) - if v == 0: - v = cmp(self.signer, other.signer) - if v == 0: - v = cmp(self.signature, other.signature) - return v diff --git a/dns/rdtypes/ANY/__init__.py b/dns/rdtypes/ANY/__init__.py index 0815dd54..76815c46 100644 --- a/dns/rdtypes/ANY/__init__.py +++ b/dns/rdtypes/ANY/__init__.py @@ -27,19 +27,16 @@ __all__ = [ 'HINFO', 'HIP', 'ISDN', - 'KEY', 'LOC', 'MX', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', - 'NXT', 'PTR', 'RP', 'RRSIG', 'RT', - 'SIG', 'SOA', 'SPF', 'SSHFP', diff --git a/dns/rdtypes/__init__.py b/dns/rdtypes/__init__.py index 13282be7..fcc056f7 100644 --- a/dns/rdtypes/__init__.py +++ b/dns/rdtypes/__init__.py @@ -20,6 +20,4 @@ __all__ = [ 'IN', 'mxbase', 'nsbase', - 'sigbase', - 'keybase', ] diff --git a/dns/rdtypes/keybase.py b/dns/rdtypes/keybase.py deleted file mode 100644 index 10067051..00000000 --- a/dns/rdtypes/keybase.py +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright (C) 2004-2007, 2009, 2010 Nominum, Inc. -# -# Permission to use, copy, modify, and distribute this software and its -# documentation for any purpose with or without fee is hereby granted, -# provided that the above copyright notice and this permission notice -# appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import struct - -import dns.exception -import dns.dnssec -import dns.rdata - -_flags_from_text = { - 'NOCONF': (0x4000, 0xC000), - 'NOAUTH': (0x8000, 0xC000), - 'NOKEY': (0xC000, 0xC000), - 'FLAG2': (0x2000, 0x2000), - 'EXTEND': (0x1000, 0x1000), - 'FLAG4': (0x0800, 0x0800), - 'FLAG5': (0x0400, 0x0400), - 'USER': (0x0000, 0x0300), - 'ZONE': (0x0100, 0x0300), - 'HOST': (0x0200, 0x0300), - 'NTYP3': (0x0300, 0x0300), - 'FLAG8': (0x0080, 0x0080), - 'FLAG9': (0x0040, 0x0040), - 'FLAG10': (0x0020, 0x0020), - 'FLAG11': (0x0010, 0x0010), - 'SIG0': (0x0000, 0x000f), - 'SIG1': (0x0001, 0x000f), - 'SIG2': (0x0002, 0x000f), - 'SIG3': (0x0003, 0x000f), - 'SIG4': (0x0004, 0x000f), - 'SIG5': (0x0005, 0x000f), - 'SIG6': (0x0006, 0x000f), - 'SIG7': (0x0007, 0x000f), - 'SIG8': (0x0008, 0x000f), - 'SIG9': (0x0009, 0x000f), - 'SIG10': (0x000a, 0x000f), - 'SIG11': (0x000b, 0x000f), - 'SIG12': (0x000c, 0x000f), - 'SIG13': (0x000d, 0x000f), - 'SIG14': (0x000e, 0x000f), - 'SIG15': (0x000f, 0x000f), - } - -_protocol_from_text = { - 'NONE' : 0, - 'TLS' : 1, - 'EMAIL' : 2, - 'DNSSEC' : 3, - 'IPSEC' : 4, - 'ALL' : 255, - } - -class KEYBase(dns.rdata.Rdata): - """KEY-like record base - - @ivar flags: the key flags - @type flags: int - @ivar protocol: the protocol for which this key may be used - @type protocol: int - @ivar algorithm: the algorithm used for the key - @type algorithm: int - @ivar key: the public key - @type key: string""" - - __slots__ = ['flags', 'protocol', 'algorithm', 'key'] - - def __init__(self, rdclass, rdtype, flags, protocol, algorithm, key): - super(KEYBase, self).__init__(rdclass, rdtype) - self.flags = flags - self.protocol = protocol - self.algorithm = algorithm - self.key = key - - def to_text(self, origin=None, relativize=True, **kw): - return '%d %d %d %s' % (self.flags, self.protocol, self.algorithm, - dns.rdata._base64ify(self.key)) - - def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): - flags = tok.get_string() - if flags.isdigit(): - flags = int(flags) - else: - flag_names = flags.split('|') - flags = 0 - for flag in flag_names: - v = _flags_from_text.get(flag) - if v is None: - raise dns.exception.SyntaxError('unknown flag %s' % flag) - flags &= ~v[1] - flags |= v[0] - protocol = tok.get_string() - if protocol.isdigit(): - protocol = int(protocol) - else: - protocol = _protocol_from_text.get(protocol) - if protocol is None: - raise dns.exception.SyntaxError('unknown protocol %s' % protocol) - - algorithm = dns.dnssec.algorithm_from_text(tok.get_string()) - chunks = [] - while 1: - t = tok.get().unescape() - if t.is_eol_or_eof(): - break - if not t.is_identifier(): - raise dns.exception.SyntaxError - chunks.append(t.value) - b64 = ''.join(chunks) - key = b64.decode('base64_codec') - return cls(rdclass, rdtype, flags, protocol, algorithm, key) - - from_text = classmethod(from_text) - - def to_wire(self, file, compress = None, origin = None): - header = struct.pack("!HBB", self.flags, self.protocol, self.algorithm) - file.write(header) - file.write(self.key) - - def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): - if rdlen < 4: - raise dns.exception.FormError - header = struct.unpack('!HBB', wire[current : current + 4]) - current += 4 - rdlen -= 4 - key = wire[current : current + rdlen].unwrap() - return cls(rdclass, rdtype, header[0], header[1], header[2], - key) - - from_wire = classmethod(from_wire) - - def _cmp(self, other): - hs = struct.pack("!HBB", self.flags, self.protocol, self.algorithm) - ho = struct.pack("!HBB", other.flags, other.protocol, other.algorithm) - v = cmp(hs, ho) - if v == 0: - v = cmp(self.key, other.key) - return v diff --git a/dns/rdtypes/sigbase.py b/dns/rdtypes/sigbase.py deleted file mode 100644 index b3ffce57..00000000 --- a/dns/rdtypes/sigbase.py +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright (C) 2004-2007, 2009, 2010 Nominum, Inc. -# -# Permission to use, copy, modify, and distribute this software and its -# documentation for any purpose with or without fee is hereby granted, -# provided that the above copyright notice and this permission notice -# appear in all copies. -# -# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES -# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR -# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -import calendar -import struct -import time - -import dns.dnssec -import dns.exception -import dns.rdata -import dns.rdatatype - -class BadSigTime(dns.exception.DNSException): - """Raised when a SIG or RRSIG RR's time cannot be parsed.""" - pass - -def sigtime_to_posixtime(what): - if len(what) != 14: - raise BadSigTime - year = int(what[0:4]) - month = int(what[4:6]) - day = int(what[6:8]) - hour = int(what[8:10]) - minute = int(what[10:12]) - second = int(what[12:14]) - return calendar.timegm((year, month, day, hour, minute, second, - 0, 0, 0)) - -def posixtime_to_sigtime(what): - return time.strftime('%Y%m%d%H%M%S', time.gmtime(what)) - -class SIGBase(dns.rdata.Rdata): - """SIG-like record base - - @ivar type_covered: the rdata type this signature covers - @type type_covered: int - @ivar algorithm: the algorithm used for the sig - @type algorithm: int - @ivar labels: number of labels - @type labels: int - @ivar original_ttl: the original TTL - @type original_ttl: long - @ivar expiration: signature expiration time - @type expiration: long - @ivar inception: signature inception time - @type inception: long - @ivar key_tag: the key tag - @type key_tag: int - @ivar signer: the signer - @type signer: dns.name.Name object - @ivar signature: the signature - @type signature: string""" - - __slots__ = ['type_covered', 'algorithm', 'labels', 'original_ttl', - 'expiration', 'inception', 'key_tag', 'signer', - 'signature'] - - def __init__(self, rdclass, rdtype, type_covered, algorithm, labels, - original_ttl, expiration, inception, key_tag, signer, - signature): - super(SIGBase, self).__init__(rdclass, rdtype) - self.type_covered = type_covered - self.algorithm = algorithm - self.labels = labels - self.original_ttl = original_ttl - self.expiration = expiration - self.inception = inception - self.key_tag = key_tag - self.signer = signer - self.signature = signature - - def covers(self): - return self.type_covered - - def to_text(self, origin=None, relativize=True, **kw): - return '%s %d %d %d %s %s %d %s %s' % ( - dns.rdatatype.to_text(self.type_covered), - self.algorithm, - self.labels, - self.original_ttl, - posixtime_to_sigtime(self.expiration), - posixtime_to_sigtime(self.inception), - self.key_tag, - self.signer, - dns.rdata._base64ify(self.signature) - ) - - def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): - type_covered = dns.rdatatype.from_text(tok.get_string()) - algorithm = dns.dnssec.algorithm_from_text(tok.get_string()) - labels = tok.get_int() - original_ttl = tok.get_ttl() - expiration = sigtime_to_posixtime(tok.get_string()) - inception = sigtime_to_posixtime(tok.get_string()) - key_tag = tok.get_int() - signer = tok.get_name() - signer = signer.choose_relativity(origin, relativize) - chunks = [] - while 1: - t = tok.get().unescape() - if t.is_eol_or_eof(): - break - if not t.is_identifier(): - raise dns.exception.SyntaxError - chunks.append(t.value) - b64 = ''.join(chunks) - signature = b64.decode('base64_codec') - return cls(rdclass, rdtype, type_covered, algorithm, labels, - original_ttl, expiration, inception, key_tag, signer, - signature) - - from_text = classmethod(from_text) - - def to_wire(self, file, compress = None, origin = None): - header = struct.pack('!HBBIIIH', self.type_covered, - self.algorithm, self.labels, - self.original_ttl, self.expiration, - self.inception, self.key_tag) - file.write(header) - self.signer.to_wire(file, None, origin) - file.write(self.signature) - - def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): - header = struct.unpack('!HBBIIIH', wire[current : current + 18]) - current += 18 - rdlen -= 18 - (signer, cused) = dns.name.from_wire(wire[: current + rdlen], current) - current += cused - rdlen -= cused - if not origin is None: - signer = signer.relativize(origin) - signature = wire[current : current + rdlen].unwrap() - return cls(rdclass, rdtype, header[0], header[1], header[2], - header[3], header[4], header[5], header[6], signer, - signature) - - from_wire = classmethod(from_wire) - - def choose_relativity(self, origin = None, relativize = True): - self.signer = self.signer.choose_relativity(origin, relativize) - - def _cmp(self, other): - return self._wire_cmp(other) diff --git a/tests/example b/tests/example index e8fed116..2f753a2f 100644 --- a/tests/example +++ b/tests/example @@ -101,16 +101,17 @@ isdn01 ISDN "isdn-address" isdn02 ISDN "isdn-address" "subaddress" isdn03 ISDN "isdn-address" isdn04 ISDN "isdn-address" "subaddress" -key01 KEY 512 255 1 ( - AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR - yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 - GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o - jqf0BaqHT+8= ) -key02 KEY HOST|FLAG4 DNSSEC RSAMD5 ( - AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR - yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 - GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o - jqf0BaqHT+8= ) +;; dnspython no longer supports old DNSSEC +;;key01 KEY 512 255 1 ( +;; AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR +;; yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 +;; GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o +;; jqf0BaqHT+8= ) +;;key02 KEY HOST|FLAG4 DNSSEC RSAMD5 ( +;; AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR +;; yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 +;; GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o +;; jqf0BaqHT+8= ) kx01 KX 10 kdc kx02 KX 10 . loc01 LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20m 2000m 20m @@ -137,10 +138,10 @@ nsap-ptr01 NSAP-PTR foo. NSAP-PTR . nsap01 NSAP 0x47000580005a0000000001e133ffffff00016100 nsap02 NSAP 0x47.000580005a0000000001e133ffffff000161.00 -nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT ) -nxt02 NXT . ( NSAP-PTR NXT ) -nxt03 NXT . ( A ) -nxt04 NXT . ( 127 ) +;;nxt01 NXT a.secure ( NS SOA MX SIG KEY LOC NXT ) +;;nxt02 NXT . ( NSAP-PTR NXT ) +;;nxt03 NXT . ( A ) +;;nxt04 NXT . ( 127 ) ptr01 PTR example. px01 PX 65535 foo. bar. px02 PX 65535 . . @@ -154,11 +155,11 @@ $ORIGIN s.example. ns A 73.80.65.49 $ORIGIN example. $TTL 3600 ; 1 hour -sig01 SIG NXT 1 3 3600 ( - 20200101000000 20030101000000 2143 foo - MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi - WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl - d80jEeC8aTrO+KKmCaY= ) +;;sig01 SIG NXT 1 3 3600 ( +;; 20200101000000 20030101000000 2143 foo +;; MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgi +;; WCn/GxHhai6VAuHAoNUz4YoU1tVfSCSqQYn6//11U6Nl +;; d80jEeC8aTrO+KKmCaY= ) srv01 SRV 0 0 0 . srv02 SRV 65535 65535 65535 old-slow-box.example.com. $TTL 301 ; 5 minutes 1 second @@ -202,7 +203,7 @@ dnskey01 DNSKEY 512 255 1 ( yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o jqf0BaqHT+8= ) -dnskey02 DNSKEY HOST|FLAG4 DNSSEC RSAMD5 ( +dnskey02 DNSKEY 257 3 RSAMD5 ( AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aR yzWZriO6i2odGWWQVucZqKVsENW91IOW4vqudngPZsY3 GvQ/xVA8/7pyFj6b7Esga60zyGW6LFe9r8n6paHrlG5o diff --git a/tests/example1.good b/tests/example1.good index ca5ead63..0834d171 100644 --- a/tests/example1.good +++ b/tests/example1.good @@ -27,7 +27,7 @@ dname01 3600 IN DNAME dname-target. dname02 3600 IN DNAME dname-target dname03 3600 IN DNAME . dnskey01 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= -dnskey02 3600 IN DNSKEY 2560 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= +dnskey02 3600 IN DNSKEY 257 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= ds01 3600 IN DS 12345 3 1 123456789abcdef67890123456789abcdef67890 e 300 IN MX 10 mail e 300 IN TXT "one" @@ -51,8 +51,6 @@ isdn01 3600 IN ISDN "isdn-address" isdn02 3600 IN ISDN "isdn-address" "subaddress" isdn03 3600 IN ISDN "isdn-address" isdn04 3600 IN ISDN "isdn-address" "subaddress" -key01 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= -key02 3600 IN KEY 2560 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= kx01 3600 IN KX 10 kdc kx02 3600 IN KX 10 . loc01 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20.00m 2000.00m 20.00m @@ -77,10 +75,6 @@ nsec301 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX nsec302 3600 IN NSEC3 1 1 12 - 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM nsec3param01 3600 IN NSEC3PARAM 1 1 12 aabbccdd nsec3param02 3600 IN NSEC3PARAM 1 1 12 - -nxt01 3600 IN NXT a.secure NS SOA MX SIG KEY LOC NXT -nxt02 3600 IN NXT . NSAP-PTR NXT -nxt03 3600 IN NXT . A -nxt04 3600 IN NXT . TYPE127 ptr01 3600 IN PTR @ px01 3600 IN PX 65535 foo. bar. px02 3600 IN PX 65535 . . @@ -91,7 +85,6 @@ rt01 3600 IN RT 0 intermediate-host rt02 3600 IN RT 65535 . s 300 IN NS ns.s ns.s 300 IN A 73.80.65.49 -sig01 3600 IN SIG NXT 1 3 3600 20200101000000 20030101000000 2143 foo MxFcby9k/yvedMfQgKzhH5er0Mu/vILz 45IkskceFGgiWCn/GxHhai6VAuHAoNUz 4YoU1tVfSCSqQYn6//11U6Nld80jEeC8 aTrO+KKmCaY= spf 3600 IN SPF "v=spf1 mx -all" srv01 3600 IN SRV 0 0 0 . srv02 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. diff --git a/tests/example2.good b/tests/example2.good index c923c09b..de4bcd59 100644 --- a/tests/example2.good +++ b/tests/example2.good @@ -27,7 +27,7 @@ dname01.example. 3600 IN DNAME dname-target. dname02.example. 3600 IN DNAME dname-target.example. dname03.example. 3600 IN DNAME . dnskey01.example. 3600 IN DNSKEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= -dnskey02.example. 3600 IN DNSKEY 2560 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= +dnskey02.example. 3600 IN DNSKEY 257 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= ds01.example. 3600 IN DS 12345 3 1 123456789abcdef67890123456789abcdef67890 e.example. 300 IN MX 10 mail.example. e.example. 300 IN TXT "one" @@ -51,8 +51,6 @@ isdn01.example. 3600 IN ISDN "isdn-address" isdn02.example. 3600 IN ISDN "isdn-address" "subaddress" isdn03.example. 3600 IN ISDN "isdn-address" isdn04.example. 3600 IN ISDN "isdn-address" "subaddress" -key01.example. 3600 IN KEY 512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= -key02.example. 3600 IN KEY 2560 3 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRu niJDBzC7w0aRyzWZriO6i2odGWWQVucZ qKVsENW91IOW4vqudngPZsY3GvQ/xVA8 /7pyFj6b7Esga60zyGW6LFe9r8n6paHr lG5ojqf0BaqHT+8= kx01.example. 3600 IN KX 10 kdc.example. kx02.example. 3600 IN KX 10 . loc01.example. 3600 IN LOC 60 9 0.000 N 24 39 0.000 E 10.00m 20.00m 2000.00m 20.00m @@ -77,10 +75,6 @@ nsec301.example. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr nsec302.example. 3600 IN NSEC3 1 1 12 - 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM nsec3param01.example. 3600 IN NSEC3PARAM 1 1 12 aabbccdd nsec3param02.example. 3600 IN NSEC3PARAM 1 1 12 - -nxt01.example. 3600 IN NXT a.secure.example. NS SOA MX SIG KEY LOC NXT -nxt02.example. 3600 IN NXT . NSAP-PTR NXT -nxt03.example. 3600 IN NXT . A -nxt04.example. 3600 IN NXT . TYPE127 ptr01.example. 3600 IN PTR example. px01.example. 3600 IN PX 65535 foo. bar. px02.example. 3600 IN PX 65535 . . @@ -91,7 +85,6 @@ rt01.example. 3600 IN RT 0 intermediate-host.example. rt02.example. 3600 IN RT 65535 . s.example. 300 IN NS ns.s.example. ns.s.example. 300 IN A 73.80.65.49 -sig01.example. 3600 IN SIG NXT 1 3 3600 20200101000000 20030101000000 2143 foo.example. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz 45IkskceFGgiWCn/GxHhai6VAuHAoNUz 4YoU1tVfSCSqQYn6//11U6Nld80jEeC8 aTrO+KKmCaY= spf.example. 3600 IN SPF "v=spf1 mx -all" srv01.example. 3600 IN SRV 0 0 0 . srv02.example. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. -- 2.47.3