Validation fixes, still not perfect, but much nicer
This commit is contained in:
parent
76d4547fbf
commit
ef2e12b0dd
37
dnssec.go
37
dnssec.go
|
@ -285,7 +285,7 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
|
|||
|
||||
// Verify validates an RRSet with the signature and key. This is only the
|
||||
// cryptographic test, the signature validity period must be checked separately.
|
||||
// This function (temporary) modifies the RR for the validation to work.
|
||||
// This function modifies the rdata of some RRs (lowercases domain names) for the validation to work.
|
||||
func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
|
||||
// First the easy checks
|
||||
if s.KeyTag != k.KeyTag() {
|
||||
|
@ -493,8 +493,7 @@ func (p wireSlice) Less(i, j int) bool {
|
|||
}
|
||||
func (p wireSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
|
||||
|
||||
// Return the raw signature data.
|
||||
// TODO: the rr rdata is lowercased for some records
|
||||
// Return the raw signature data.
|
||||
func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) {
|
||||
wires := make(wireSlice, len(rrset))
|
||||
for i, r := range rrset {
|
||||
|
@ -514,32 +513,62 @@ func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) {
|
|||
// SRV, DNAME, A6
|
||||
switch x := r1.(type) {
|
||||
case *RR_NS:
|
||||
p := x.Ns
|
||||
defer func() { x.Ns = p }()
|
||||
x.Ns = strings.ToLower(x.Ns)
|
||||
case *RR_CNAME:
|
||||
x.Cname = strings.ToLower(x.Cname)
|
||||
p := x.Target
|
||||
defer func() { x.Target = p }()
|
||||
x.Target = strings.ToLower(x.Target)
|
||||
case *RR_SOA:
|
||||
p := x.Ns
|
||||
q := x.Mbox
|
||||
defer func() { x.Ns = p }()
|
||||
defer func() { x.Mbox = q }()
|
||||
x.Ns = strings.ToLower(x.Ns)
|
||||
x.Mbox = strings.ToLower(x.Mbox)
|
||||
case *RR_MB:
|
||||
p := x.Mb
|
||||
defer func() { x.Mb = p }()
|
||||
x.Mb = strings.ToLower(x.Mb)
|
||||
case *RR_MG:
|
||||
p := x.Mg
|
||||
defer func() { x.Mg = p }()
|
||||
x.Mg = strings.ToLower(x.Mg)
|
||||
case *RR_MR:
|
||||
p := x.Mr
|
||||
defer func() { x.Mr = p }()
|
||||
x.Mr = strings.ToLower(x.Mr)
|
||||
case *RR_PTR:
|
||||
p := x.Ptr
|
||||
defer func() { x.Ptr = p }()
|
||||
x.Ptr = strings.ToLower(x.Ptr)
|
||||
case *RR_MINFO:
|
||||
p := x.Rmail
|
||||
q := x.Email
|
||||
defer func() { x.Rmail = p }()
|
||||
defer func() { x.Email = q }()
|
||||
x.Rmail = strings.ToLower(x.Rmail)
|
||||
x.Email = strings.ToLower(x.Email)
|
||||
case *RR_MX:
|
||||
p := x.Mx
|
||||
defer func() { x.Mx = p }()
|
||||
x.Mx = strings.ToLower(x.Mx)
|
||||
case *RR_NAPTR:
|
||||
p := x.Replacement
|
||||
defer func() { x.Replacement = p }()
|
||||
x.Replacement = strings.ToLower(x.Replacement)
|
||||
case *RR_KX:
|
||||
p := x.Exchanger
|
||||
defer func() { x.Exchanger = p }()
|
||||
x.Exchanger = strings.ToLower(x.Exchanger)
|
||||
case *RR_SRV:
|
||||
p := x.Target
|
||||
defer func() { x.Target = p }()
|
||||
x.Target = strings.ToLower(x.Target)
|
||||
case *RR_DNAME:
|
||||
p := x.Target
|
||||
defer func() { x.Target = p }()
|
||||
x.Target = strings.ToLower(x.Target)
|
||||
}
|
||||
// 6.2. Canonical RR Form. (5) - origTTL
|
||||
|
|
4
types.go
4
types.go
|
@ -187,11 +187,11 @@ func (rr *RR_CNAME) Header() *RR_Header {
|
|||
}
|
||||
|
||||
func (rr *RR_CNAME) String() string {
|
||||
return rr.Hdr.String() + rr.Cname
|
||||
return rr.Hdr.String() + rr.Target
|
||||
}
|
||||
|
||||
func (rr *RR_CNAME) Len() int {
|
||||
l := len(rr.Cname) + 1
|
||||
l := len(rr.Target) + 1
|
||||
return rr.Hdr.Len() + l
|
||||
}
|
||||
|
||||
|
|
10
zscan_rr.go
10
zscan_rr.go
|
@ -56,7 +56,7 @@ func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
|
|||
//r, e = setLOC(h, c, f)
|
||||
// TODO
|
||||
goto Slurp
|
||||
// These types have a variable ending either chunks of txt or chunks/base64 or hex.
|
||||
// These types have a variable ending: either chunks of txt or chunks/base64 or hex.
|
||||
// They need to search for the end of the RR themselves, hence they look for the ending
|
||||
// newline. Thus there is no need to slurp the remainder, because there is none.
|
||||
case TypeDNSKEY:
|
||||
|
@ -185,13 +185,13 @@ func setCNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
|
|||
rr.Hdr = h
|
||||
|
||||
l := <-c
|
||||
rr.Cname = l.token
|
||||
rr.Target = l.token
|
||||
_, ld, ok := IsDomainName(l.token)
|
||||
if !ok {
|
||||
return nil, &ParseError{f, "bad CNAME Cname", l}
|
||||
return nil, &ParseError{f, "bad CNAME Target", l}
|
||||
}
|
||||
if rr.Cname[ld-1] != '.' {
|
||||
rr.Cname = appendOrigin(rr.Cname, o)
|
||||
if rr.Target[ld-1] != '.' {
|
||||
rr.Target = appendOrigin(rr.Target, o)
|
||||
}
|
||||
return rr, nil
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue