Make zone.Signatures a map of a map

zone.go

@@ -91,11 +91,10 @@ func NewZone(origin string) *Zone {
 
 // ZoneData holds all the RRs having their owner name equal to Name.
 type ZoneData struct {
-	Name       string                 // Domain name for this node
-	RR         map[uint16][]RR        // Map of the RR type to the RR
-	Signatures map[uint16][]*RR_RRSIG // DNSSEC signatures for the RRs, stored under type covered
-	// moet een map[uint16]map[uint16]*RR_RRSIG worden, typeocvert + keyid
-	NonAuth    bool                   // Always false, except for NSsets that differ from z.Origin
+	Name       string                          // Domain name for this node
+	RR         map[uint16][]RR                 // Map of the RR type to the RR
+	Signatures map[uint16]map[uint16]*RR_RRSIG // DNSSEC signatures for the RRs, stored under type covered and keytag
+	NonAuth    bool                            // Always false, except for NSsets that differ from z.Origin
 	*sync.RWMutex
 }
 
@@ -104,7 +103,7 @@ func NewZoneData(s string) *ZoneData {
 	zd := new(ZoneData)
 	zd.Name = s
 	zd.RR = make(map[uint16][]RR)
-	zd.Signatures = make(map[uint16][]*RR_RRSIG)
+	zd.Signatures = make(map[uint16]map[uint16]*RR_RRSIG)
 	zd.RWMutex = new(sync.RWMutex)
 	return zd
 }
@@ -215,8 +214,7 @@ func (z *Zone) Insert(r RR) error {
 		zd := NewZoneData(r.Header().Name)
 		switch t := r.Header().Rrtype; t {
 		case TypeRRSIG:
-			sigtype := r.(*RR_RRSIG).TypeCovered
-			zd.Signatures[sigtype] = append(zd.Signatures[sigtype], r.(*RR_RRSIG))
+			zd.Signatures[r.(*RR_RRSIG).TypeCovered][r.(*RR_RRSIG).KeyTag] = r.(*RR_RRSIG)
 		case TypeNS:
 			// NS records with other names than z.Origin are non-auth
 			if r.Header().Name != z.Origin {
@@ -235,8 +233,7 @@ func (z *Zone) Insert(r RR) error {
 	// Name already there
 	switch t := r.Header().Rrtype; t {
 	case TypeRRSIG:
-		sigtype := r.(*RR_RRSIG).TypeCovered
-		zd.Value.(*ZoneData).Signatures[sigtype] = append(zd.Value.(*ZoneData).Signatures[sigtype], r.(*RR_RRSIG))
+		zd.Value.(*ZoneData).Signatures[r.(*RR_RRSIG).TypeCovered][r.(*RR_RRSIG).KeyTag] = r.(*RR_RRSIG)
 	case TypeNS:
 		if r.Header().Name != z.Origin {
 			zd.Value.(*ZoneData).NonAuth = true
@@ -264,19 +261,7 @@ func (z *Zone) Remove(r RR) error {
 	remove := false
 	switch t := r.Header().Rrtype; t {
 	case TypeRRSIG:
-		sigtype := r.(*RR_RRSIG).TypeCovered
-		for i, zr := range zd.Value.(*ZoneData).Signatures[sigtype] {
-			if r == zr {
-				zd.Value.(*ZoneData).Signatures[sigtype] = append(zd.Value.(*ZoneData).Signatures[sigtype][:i], zd.Value.(*ZoneData).Signatures[sigtype][i+1:]...)
-				remove = true
-			}
-		}
-		if remove {
-			// If every Signature of the covering type is removed, removed the type from the map
-			if len(zd.Value.(*ZoneData).Signatures[sigtype]) == 0 {
-				delete(zd.Value.(*ZoneData).Signatures, sigtype)
-			}
-		}
+		delete(zd.Value.(*ZoneData).Signatures[r.(*RR_RRSIG).TypeCovered], r.(*RR_RRSIG).KeyTag)
 	default:
 		for i, zr := range zd.Value.(*ZoneData).RR[t] {
 			// Matching RR
@@ -285,11 +270,8 @@ func (z *Zone) Remove(r RR) error {
 				remove = true
 			}
 		}
-		if remove {
-			// If every RR of this type is removed, removed the type from the map
-			if len(zd.Value.(*ZoneData).RR[t]) == 0 {
-				delete(zd.Value.(*ZoneData).RR, t)
-			}
+		if len(zd.Value.(*ZoneData).RR[t]) == 0 {
+			delete(zd.Value.(*ZoneData).RR, t)
 		}
 	}
 	if !remove {
@@ -556,7 +538,7 @@ func (node *ZoneData) Sign(next *ZoneData, keys map[*RR_DNSKEY]PrivateKey, keyta
 				if e != nil {
 					return e
 				}
-				node.Signatures[t] = append(node.Signatures[t], s)
+				node.Signatures[t][keytags[k]] = s
 			}
 		}
 	}
@@ -574,8 +556,6 @@ func signatures(z *ZoneData, typecovered, keytag uint16) *RR_RRSIG {
 	return nil
 }
 
-
-
 // timeToUint32 translates a time.Time to a 32 bit value which                      
 // can be used as the RRSIG's inception or expiration times.
 func timeToUint32(t time.Time) uint32 {