community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make the function smaller

This commit is contained in:
Miek Gieben 2012-01-21 13:41:52 +01:00
parent f25584e94e
commit 00ec6a144a
1 changed files with 60 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
examples/q/q.go
View File

@ -143,6 +143,8 @@ forever:
}
if *check {
sigCheck(r.Reply, nameserver)
nsecCheck(r.Reply)
/*
if err := r.Reply.Nsec3Verify(r.Reply.Question[0]); err == nil {
//Could be: no nsec3 records
//fmt.Printf(";+ Correct authenticated denial of existence (NSEC3)\n")
@ -150,6 +152,7 @@ forever:
fmt.Printf(";- Incorrect authenticated denial of existence (NSEC3): %s\n",err.Error())
}
println()
*/
}
if *short {
@ -166,51 +169,32 @@ forever:
}
}
func sectionCheck(set []dns.RR, server string) {
for _, rr := range set {
if rr.Header().Rrtype == dns.TypeRRSIG {
rrset := getRRset(set, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
if key == nil {
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
}
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
} else {
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
}
}
}
}
func nsecCheck(in *dns.Msg) {
}
// Check the sigs in the msg, get the signer's key (additional query), get the
// rrset from the message, check the signature(s)
func sigCheck(in *dns.Msg, server string) {
for _, rr := range in.Answer {
if rr.Header().Rrtype == dns.TypeRRSIG {
rrset := getRRset(in.Answer, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
if key == nil {
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
}
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
} else {
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
}
}
}
for _, rr := range in.Ns {
if rr.Header().Rrtype == dns.TypeRRSIG {
rrset := getRRset(in.Ns, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
if key == nil {
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
}
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
} else {
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
}
}
}
for _, rr := range in.Extra {
if rr.Header().Rrtype == dns.TypeRRSIG {
rrset := getRRset(in.Extra, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
if key == nil {
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
}
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
} else {
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
}
}
}
sectionCheck(in.Answer, server)
sectionCheck(in.Ns, server)
sectionCheck(in.Extra, server)
}
// Return the RRset belonging to the signature with name and type t