From ed01dc7c5f2f39e38e77ee9fa769ca8ef88c9e7d Mon Sep 17 00:00:00 2001
From: Bob Halley <halley@dnspython.org>
Date: Fri, 5 Sep 2014 08:09:44 -0700
Subject: [PATCH] Add CAA.

---
 dns/rdatatype.py       |  2 ++
 dns/rdtypes/ANY/CAA.py | 73 ++++++++++++++++++++++++++++++++++++++++++
 tests/example          |  6 ++++
 tests/example1.good    |  6 ++++
 tests/example2.good    |  6 ++++
 tests/example3.good    |  6 ++++
 6 files changed, 99 insertions(+)
 create mode 100644 dns/rdtypes/ANY/CAA.py

diff --git a/dns/rdatatype.py b/dns/rdatatype.py
index d5cc5cc8..d5d9f7ca 100644
--- a/dns/rdatatype.py
+++ b/dns/rdatatype.py
@@ -89,6 +89,7 @@ AXFR = 252
 MAILB = 253
 MAILA = 254
 ANY = 255
+CAA = 257
 TA = 32768
 DLV = 32769
 
@@ -152,6 +153,7 @@ _by_text = {
     'MAILB' : MAILB,
     'MAILA' : MAILA,
     'ANY' : ANY,
+    'CAA' : CAA,
     'TA' : TA,
     'DLV' : DLV,
     }
diff --git a/dns/rdtypes/ANY/CAA.py b/dns/rdtypes/ANY/CAA.py
new file mode 100644
index 00000000..74256064
--- /dev/null
+++ b/dns/rdtypes/ANY/CAA.py
@@ -0,0 +1,73 @@
+# Copyright (C) 2003-2007, 2009-2011 Nominum, Inc.
+#
+# Permission to use, copy, modify, and distribute this software and its
+# documentation for any purpose with or without fee is hereby granted,
+# provided that the above copyright notice and this permission notice
+# appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+import struct
+
+import dns.exception
+import dns.rdata
+import dns.tokenizer
+import dns.util
+
+class CAA(dns.rdata.Rdata):
+    """CAA (Certification Authority Authorization) record
+
+    @ivar flags: the flags
+    @type flags: int
+    @ivar tag: the tag
+    @type tag: string
+    @ivar value: the value
+    @type value: string
+    @see: RFC 6844"""
+
+    __slots__ = ['flags', 'tag', 'value']
+
+    def __init__(self, rdclass, rdtype, flags, tag, value):
+        super(CAA, self).__init__(rdclass, rdtype)
+        self.flags = flags
+        self.tag = tag
+        self.value = value
+
+    def to_text(self, origin=None, relativize=True, **kw):
+        return '%u %s "%s"' % (self.flags,
+                               dns.rdata._escapify(self.tag),
+                               dns.rdata._escapify(self.value))
+
+    def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True):
+        flags = tok.get_uint8()
+        tag = tok.get_string()
+        if len(tag) > 255:
+            raise dns.exception.SyntaxError("tag too long")
+        if not tag.isalnum():
+            raise dns.exception.SyntaxError("tag is not alphanumeric")
+        value = tok.get_string()
+        return cls(rdclass, rdtype, flags, tag, value)
+
+    from_text = classmethod(from_text)
+
+    def to_wire(self, file, compress = None, origin = None):
+        dns.util.write_uint8(file, self.flags)
+        l = len(self.tag)
+        assert l < 256
+        dns.util.write_uint8(file, l)
+        file.write(self.tag.encode('latin_1'))
+        file.write(self.value.encode('latin_1'))
+
+    @classmethod
+    def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None):
+        (flags, l) = struct.unpack('!BB', wire[current : current + 2])
+        current += 2
+        tag = wire[current : current + l].decode('latin_1')
+        value = wire[current + l:].decode('latin_1')
+        return cls(rdclass, rdtype, flags, tag, value)
diff --git a/tests/example b/tests/example
index 37a90a2a..07394ae8 100644
--- a/tests/example
+++ b/tests/example
@@ -227,3 +227,9 @@ nsec302			NSEC3 1 1 12 - 2t7b4g4vsa5smi47k61mv5bv1a22bojr MX DNSKEY NS SOA NSEC3
 nsec3param01		NSEC3PARAM 1 1 12 aabbccdd
 nsec3param02		NSEC3PARAM 1 1 12 -
 hip01			HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs1.example.com. rvs2
+caa01			CAA 0 issue "ca.example.net"
+caa02			CAA 0 iodef "mailto:security@example.com"
+caa03			CAA 0 iodef "http://iodef.example.com/"
+caa04			CAA 0 issue "ca.example.net; account=230123"
+caa05			CAA 0 issue "ca.example.net; policy=ev"
+caa06			CAA 128 tbs "Unknown"
diff --git a/tests/example1.good b/tests/example1.good
index 100842e2..62e8e287 100644
--- a/tests/example1.good
+++ b/tests/example1.good
@@ -14,6 +14,12 @@ apl01 3600 IN APL 1:192.168.32.0/21 !1:192.168.38.0/28
 apl02 3600 IN APL 1:224.0.0.0/4 2:FF00:0:0:0:0:0:0:0/8
 b 300 IN CNAME foo.net.
 c 300 IN A 73.80.65.49
+caa01 3600 IN CAA 0 issue "ca.example.net"
+caa02 3600 IN CAA 0 iodef "mailto:security@example.com"
+caa03 3600 IN CAA 0 iodef "http://iodef.example.com/"
+caa04 3600 IN CAA 0 issue "ca.example.net; account=230123"
+caa05 3600 IN CAA 0 issue "ca.example.net; policy=ev"
+caa06 3600 IN CAA 128 tbs "Unknown"
 cert01 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz 45IkskceFGgiWCn/GxHhai6VAuHAoNUz 4YoU1tVfSCSqQYn6//11U6Nld80jEeC8 aTrO+KKmCaY=
 cname01 3600 IN CNAME cname-target.
 cname02 3600 IN CNAME cname-target
diff --git a/tests/example2.good b/tests/example2.good
index ac3261c4..4a920125 100644
--- a/tests/example2.good
+++ b/tests/example2.good
@@ -14,6 +14,12 @@ apl01.example. 3600 IN APL 1:192.168.32.0/21 !1:192.168.38.0/28
 apl02.example. 3600 IN APL 1:224.0.0.0/4 2:FF00:0:0:0:0:0:0:0/8
 b.example. 300 IN CNAME foo.net.
 c.example. 300 IN A 73.80.65.49
+caa01.example. 3600 IN CAA 0 issue "ca.example.net"
+caa02.example. 3600 IN CAA 0 iodef "mailto:security@example.com"
+caa03.example. 3600 IN CAA 0 iodef "http://iodef.example.com/"
+caa04.example. 3600 IN CAA 0 issue "ca.example.net; account=230123"
+caa05.example. 3600 IN CAA 0 issue "ca.example.net; policy=ev"
+caa06.example. 3600 IN CAA 128 tbs "Unknown"
 cert01.example. 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz 45IkskceFGgiWCn/GxHhai6VAuHAoNUz 4YoU1tVfSCSqQYn6//11U6Nld80jEeC8 aTrO+KKmCaY=
 cname01.example. 3600 IN CNAME cname-target.
 cname02.example. 3600 IN CNAME cname-target.example.
diff --git a/tests/example3.good b/tests/example3.good
index 100842e2..62e8e287 100644
--- a/tests/example3.good
+++ b/tests/example3.good
@@ -14,6 +14,12 @@ apl01 3600 IN APL 1:192.168.32.0/21 !1:192.168.38.0/28
 apl02 3600 IN APL 1:224.0.0.0/4 2:FF00:0:0:0:0:0:0:0/8
 b 300 IN CNAME foo.net.
 c 300 IN A 73.80.65.49
+caa01 3600 IN CAA 0 issue "ca.example.net"
+caa02 3600 IN CAA 0 iodef "mailto:security@example.com"
+caa03 3600 IN CAA 0 iodef "http://iodef.example.com/"
+caa04 3600 IN CAA 0 issue "ca.example.net; account=230123"
+caa05 3600 IN CAA 0 issue "ca.example.net; policy=ev"
+caa06 3600 IN CAA 128 tbs "Unknown"
 cert01 3600 IN CERT 65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu/vILz 45IkskceFGgiWCn/GxHhai6VAuHAoNUz 4YoU1tVfSCSqQYn6//11U6Nld80jEeC8 aTrO+KKmCaY=
 cname01 3600 IN CNAME cname-target.
 cname02 3600 IN CNAME cname-target
-- 
2.47.3