Use Signature to be more in line with the non-plural RR
This commit is contained in:
parent
cfc222de3d
commit
2fd0e458df
50
zone.go
50
zone.go
|
@ -107,7 +107,7 @@ func NewZone(origin string) *Zone {
|
||||||
// ZoneData holds all the RRs for a specific owner name.
|
// ZoneData holds all the RRs for a specific owner name.
|
||||||
type ZoneData struct {
|
type ZoneData struct {
|
||||||
RR map[uint16][]RR // Map of the RR type to the RR
|
RR map[uint16][]RR // Map of the RR type to the RR
|
||||||
Signatures map[uint16][]*RRSIG // DNSSEC signatures for the RRs, stored under type covered
|
Signature map[uint16][]*RRSIG // DNSSEC signatures for the RRs, stored under type covered
|
||||||
NonAuth bool // Always false, except for NSsets that differ from z.Origin
|
NonAuth bool // Always false, except for NSsets that differ from z.Origin
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -115,7 +115,7 @@ type ZoneData struct {
|
||||||
func NewZoneData() *ZoneData {
|
func NewZoneData() *ZoneData {
|
||||||
zd := new(ZoneData)
|
zd := new(ZoneData)
|
||||||
zd.RR = make(map[uint16][]RR)
|
zd.RR = make(map[uint16][]RR)
|
||||||
zd.Signatures = make(map[uint16][]*RRSIG)
|
zd.Signature = make(map[uint16][]*RRSIG)
|
||||||
return zd
|
return zd
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -131,8 +131,8 @@ func (zd *ZoneData) String() string {
|
||||||
// There is only one SOA, but it may have multiple sigs
|
// There is only one SOA, but it may have multiple sigs
|
||||||
if soa, ok := zd.RR[TypeSOA]; ok {
|
if soa, ok := zd.RR[TypeSOA]; ok {
|
||||||
s += soa[0].String() + "\n"
|
s += soa[0].String() + "\n"
|
||||||
if _, ok := zd.Signatures[TypeSOA]; ok {
|
if _, ok := zd.Signature[TypeSOA]; ok {
|
||||||
for _, sig := range zd.Signatures[TypeSOA] {
|
for _, sig := range zd.Signature[TypeSOA] {
|
||||||
s += sig.String() + "\n"
|
s += sig.String() + "\n"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -147,8 +147,8 @@ Types:
|
||||||
}
|
}
|
||||||
s += rr.String() + "\n"
|
s += rr.String() + "\n"
|
||||||
}
|
}
|
||||||
if _, ok := zd.Signatures[t]; ok {
|
if _, ok := zd.Signature[t]; ok {
|
||||||
for _, rr := range zd.Signatures[t] {
|
for _, rr := range zd.Signature[t] {
|
||||||
s += rr.String() + "\n"
|
s += rr.String() + "\n"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -157,8 +157,8 @@ Types:
|
||||||
// There is only one NSEC, but it may have multiple sigs
|
// There is only one NSEC, but it may have multiple sigs
|
||||||
if soa, ok := zd.RR[TypeNSEC]; ok {
|
if soa, ok := zd.RR[TypeNSEC]; ok {
|
||||||
s += soa[0].String() + "\n"
|
s += soa[0].String() + "\n"
|
||||||
if _, ok := zd.Signatures[TypeNSEC]; ok {
|
if _, ok := zd.Signature[TypeNSEC]; ok {
|
||||||
for _, sig := range zd.Signatures[TypeNSEC] {
|
for _, sig := range zd.Signature[TypeNSEC] {
|
||||||
s += sig.String() + "\n"
|
s += sig.String() + "\n"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -184,7 +184,7 @@ func (z *Zone) Insert(r RR) error {
|
||||||
switch t := r.Header().Rrtype; t {
|
switch t := r.Header().Rrtype; t {
|
||||||
case TypeRRSIG:
|
case TypeRRSIG:
|
||||||
sigtype := r.(*RRSIG).TypeCovered
|
sigtype := r.(*RRSIG).TypeCovered
|
||||||
zd.Signatures[sigtype] = append(zd.Signatures[sigtype], r.(*RRSIG))
|
zd.Signature[sigtype] = append(zd.Signature[sigtype], r.(*RRSIG))
|
||||||
case TypeNS:
|
case TypeNS:
|
||||||
// NS records with other names than z.Origin are non-auth
|
// NS records with other names than z.Origin are non-auth
|
||||||
if r.Header().Name != z.Origin {
|
if r.Header().Name != z.Origin {
|
||||||
|
@ -205,7 +205,7 @@ func (z *Zone) Insert(r RR) error {
|
||||||
switch t := r.Header().Rrtype; t {
|
switch t := r.Header().Rrtype; t {
|
||||||
case TypeRRSIG:
|
case TypeRRSIG:
|
||||||
sigtype := r.(*RRSIG).TypeCovered
|
sigtype := r.(*RRSIG).TypeCovered
|
||||||
zd.Signatures[sigtype] = append(zd.Signatures[sigtype], r.(*RRSIG))
|
zd.Signature[sigtype] = append(zd.Signature[sigtype], r.(*RRSIG))
|
||||||
case TypeNS:
|
case TypeNS:
|
||||||
if r.Header().Name != z.Origin {
|
if r.Header().Name != z.Origin {
|
||||||
zd.NonAuth = true
|
zd.NonAuth = true
|
||||||
|
@ -230,13 +230,13 @@ func (z *Zone) Remove(r RR) error {
|
||||||
switch t := r.Header().Rrtype; t {
|
switch t := r.Header().Rrtype; t {
|
||||||
case TypeRRSIG:
|
case TypeRRSIG:
|
||||||
sigtype := r.(*RRSIG).TypeCovered
|
sigtype := r.(*RRSIG).TypeCovered
|
||||||
for i, zr := range zd.Signatures[sigtype] {
|
for i, zr := range zd.Signature[sigtype] {
|
||||||
if r == zr {
|
if r == zr {
|
||||||
zd.Signatures[sigtype] = append(zd.Signatures[sigtype][:i], zd.Signatures[sigtype][i+1:]...)
|
zd.Signature[sigtype] = append(zd.Signature[sigtype][:i], zd.Signature[sigtype][i+1:]...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(zd.Signatures[sigtype]) == 0 {
|
if len(zd.Signature[sigtype]) == 0 {
|
||||||
delete(zd.Signatures, sigtype)
|
delete(zd.Signature, sigtype)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
for i, zr := range zd.RR[t] {
|
for i, zr := range zd.RR[t] {
|
||||||
|
@ -249,7 +249,7 @@ func (z *Zone) Remove(r RR) error {
|
||||||
delete(zd.RR, t)
|
delete(zd.RR, t)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(zd.RR) == 0 && len(zd.Signatures) == 0 {
|
if len(zd.RR) == 0 && len(zd.Signature) == 0 {
|
||||||
// Entire node is empty, remove it from the Zone too
|
// Entire node is empty, remove it from the Zone too
|
||||||
delete(z.Names, r.Header().Name)
|
delete(z.Names, r.Header().Name)
|
||||||
i := sort.SearchStrings(z.securityConfig.nsecNames, r.Header().Name)
|
i := sort.SearchStrings(z.securityConfig.nsecNames, r.Header().Name)
|
||||||
|
@ -304,8 +304,8 @@ func (z *Zone) RemoveRRset(s string, t uint16) error {
|
||||||
switch t {
|
switch t {
|
||||||
case TypeRRSIG:
|
case TypeRRSIG:
|
||||||
// empty all signature maps
|
// empty all signature maps
|
||||||
for cover, _ := range zd.Signatures {
|
for cover, _ := range zd.Signature {
|
||||||
delete(zd.Signatures, cover)
|
delete(zd.Signature, cover)
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
// empty all rr maps
|
// empty all rr maps
|
||||||
|
@ -313,7 +313,7 @@ func (z *Zone) RemoveRRset(s string, t uint16) error {
|
||||||
delete(zd.RR, t)
|
delete(zd.RR, t)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(zd.RR) == 0 && len(zd.Signatures) == 0 {
|
if len(zd.RR) == 0 && len(zd.Signature) == 0 {
|
||||||
// Entire node is empty, remove it from the Zone too
|
// Entire node is empty, remove it from the Zone too
|
||||||
delete(z.Names, s)
|
delete(z.Names, s)
|
||||||
i := sort.SearchStrings(z.securityConfig.nsecNames, s)
|
i := sort.SearchStrings(z.securityConfig.nsecNames, s)
|
||||||
|
@ -508,14 +508,14 @@ func (node *ZoneData) Sign(next string, keys map[*DNSKEY]PrivateKey, keytags map
|
||||||
if n[0].(*NSEC).NextDomain != next || !bitmapEqual {
|
if n[0].(*NSEC).NextDomain != next || !bitmapEqual {
|
||||||
n[0].(*NSEC).NextDomain = next
|
n[0].(*NSEC).NextDomain = next
|
||||||
n[0].(*NSEC).TypeBitMap = bitmap
|
n[0].(*NSEC).TypeBitMap = bitmap
|
||||||
node.Signatures[TypeNSEC] = nil // drop all sigs
|
node.Signature[TypeNSEC] = nil // drop all sigs
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// No NSEC at all, create one
|
// No NSEC at all, create one
|
||||||
nsec := &NSEC{Hdr: RR_Header{name, TypeNSEC, ClassINET, config.Minttl, 0}, NextDomain: next}
|
nsec := &NSEC{Hdr: RR_Header{name, TypeNSEC, ClassINET, config.Minttl, 0}, NextDomain: next}
|
||||||
nsec.TypeBitMap = bitmap
|
nsec.TypeBitMap = bitmap
|
||||||
node.RR[TypeNSEC] = []RR{nsec}
|
node.RR[TypeNSEC] = []RR{nsec}
|
||||||
node.Signatures[TypeNSEC] = nil // drop all sigs (just in case)
|
node.Signature[TypeNSEC] = nil // drop all sigs (just in case)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Walk all keys, and check the sigs
|
// Walk all keys, and check the sigs
|
||||||
|
@ -536,7 +536,7 @@ func (node *ZoneData) Sign(next string, keys map[*DNSKEY]PrivateKey, keytags map
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
j, q := signatures(node.Signatures[t], keytags[k])
|
j, q := signatures(node.Signature[t], keytags[k])
|
||||||
if q == nil || now.Sub(uint32ToTime(q.Expiration)) < config.Refresh { // no there, are almost expired
|
if q == nil || now.Sub(uint32ToTime(q.Expiration)) < config.Refresh { // no there, are almost expired
|
||||||
s := new(RRSIG)
|
s := new(RRSIG)
|
||||||
s.SignerName = k.Hdr.Name
|
s.SignerName = k.Hdr.Name
|
||||||
|
@ -551,20 +551,20 @@ func (node *ZoneData) Sign(next string, keys map[*DNSKEY]PrivateKey, keytags map
|
||||||
return e
|
return e
|
||||||
}
|
}
|
||||||
if q != nil {
|
if q != nil {
|
||||||
node.Signatures[t][j] = s // replace the signature
|
node.Signature[t][j] = s // replace the signature
|
||||||
} else {
|
} else {
|
||||||
node.Signatures[t] = append(node.Signatures[t], s) // add it
|
node.Signature[t] = append(node.Signature[t], s) // add it
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// All signatures have been made are refreshed. Now check the all signatures for expiraton
|
// All signatures have been made are refreshed. Now check the all signatures for expiraton
|
||||||
for i, s := range node.Signatures {
|
for i, s := range node.Signature {
|
||||||
// s is another slice
|
// s is another slice
|
||||||
for i1, s1 := range s {
|
for i1, s1 := range s {
|
||||||
if now.Sub(uint32ToTime(s1.Expiration)) < config.Refresh {
|
if now.Sub(uint32ToTime(s1.Expiration)) < config.Refresh {
|
||||||
// can only happen if made with an unknown key, drop the sig
|
// can only happen if made with an unknown key, drop the sig
|
||||||
node.Signatures[i] = append(node.Signatures[i][:i1], node.Signatures[i][i1+1:]...)
|
node.Signature[i] = append(node.Signature[i][:i1], node.Signature[i][i1+1:]...)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue