Make the function smaller
This commit is contained in:
parent
f25584e94e
commit
00ec6a144a
|
@ -143,6 +143,8 @@ forever:
|
|||
}
|
||||
if *check {
|
||||
sigCheck(r.Reply, nameserver)
|
||||
nsecCheck(r.Reply)
|
||||
/*
|
||||
if err := r.Reply.Nsec3Verify(r.Reply.Question[0]); err == nil {
|
||||
//Could be: no nsec3 records
|
||||
//fmt.Printf(";+ Correct authenticated denial of existence (NSEC3)\n")
|
||||
|
@ -150,6 +152,7 @@ forever:
|
|||
fmt.Printf(";- Incorrect authenticated denial of existence (NSEC3): %s\n",err.Error())
|
||||
}
|
||||
println()
|
||||
*/
|
||||
|
||||
}
|
||||
if *short {
|
||||
|
@ -166,51 +169,32 @@ forever:
|
|||
}
|
||||
}
|
||||
|
||||
func sectionCheck(set []dns.RR, server string) {
|
||||
for _, rr := range set {
|
||||
if rr.Header().Rrtype == dns.TypeRRSIG {
|
||||
rrset := getRRset(set, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
|
||||
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
|
||||
if key == nil {
|
||||
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
||||
}
|
||||
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
||||
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
} else {
|
||||
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func nsecCheck(in *dns.Msg) {
|
||||
}
|
||||
|
||||
// Check the sigs in the msg, get the signer's key (additional query), get the
|
||||
// rrset from the message, check the signature(s)
|
||||
func sigCheck(in *dns.Msg, server string) {
|
||||
for _, rr := range in.Answer {
|
||||
if rr.Header().Rrtype == dns.TypeRRSIG {
|
||||
rrset := getRRset(in.Answer, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
|
||||
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
|
||||
if key == nil {
|
||||
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
||||
}
|
||||
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
||||
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
} else {
|
||||
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
}
|
||||
}
|
||||
}
|
||||
for _, rr := range in.Ns {
|
||||
if rr.Header().Rrtype == dns.TypeRRSIG {
|
||||
rrset := getRRset(in.Ns, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
|
||||
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
|
||||
if key == nil {
|
||||
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
||||
}
|
||||
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
||||
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
} else {
|
||||
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
}
|
||||
}
|
||||
}
|
||||
for _, rr := range in.Extra {
|
||||
if rr.Header().Rrtype == dns.TypeRRSIG {
|
||||
rrset := getRRset(in.Extra, rr.Header().Name, rr.(*dns.RR_RRSIG).TypeCovered)
|
||||
key := getKey(rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag, server)
|
||||
if key == nil {
|
||||
fmt.Printf(";? DNSKEY %s/%d not found\n", rr.(*dns.RR_RRSIG).SignerName, rr.(*dns.RR_RRSIG).KeyTag)
|
||||
}
|
||||
if err := rr.(*dns.RR_RRSIG).Verify(key, rrset); err != nil {
|
||||
fmt.Printf(";- Bogus signature, %s does not RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
} else {
|
||||
fmt.Printf(";+ Secure signature, %s validates RRSet with DNSKEY %s/%d\n", shortSig(rr.(*dns.RR_RRSIG)), key.Header().Name, key.KeyTag())
|
||||
}
|
||||
}
|
||||
}
|
||||
sectionCheck(in.Answer, server)
|
||||
sectionCheck(in.Ns, server)
|
||||
sectionCheck(in.Extra, server)
|
||||
}
|
||||
|
||||
// Return the RRset belonging to the signature with name and type t
|
||||
|
|
Loading…
Reference in New Issue