diff --git a/zone.go b/zone.go index a08ce216..988817f2 100644 --- a/zone.go +++ b/zone.go @@ -91,11 +91,10 @@ func NewZone(origin string) *Zone { // ZoneData holds all the RRs having their owner name equal to Name. type ZoneData struct { - Name string // Domain name for this node - RR map[uint16][]RR // Map of the RR type to the RR - Signatures map[uint16][]*RR_RRSIG // DNSSEC signatures for the RRs, stored under type covered - // moet een map[uint16]map[uint16]*RR_RRSIG worden, typeocvert + keyid - NonAuth bool // Always false, except for NSsets that differ from z.Origin + Name string // Domain name for this node + RR map[uint16][]RR // Map of the RR type to the RR + Signatures map[uint16]map[uint16]*RR_RRSIG // DNSSEC signatures for the RRs, stored under type covered and keytag + NonAuth bool // Always false, except for NSsets that differ from z.Origin *sync.RWMutex } @@ -104,7 +103,7 @@ func NewZoneData(s string) *ZoneData { zd := new(ZoneData) zd.Name = s zd.RR = make(map[uint16][]RR) - zd.Signatures = make(map[uint16][]*RR_RRSIG) + zd.Signatures = make(map[uint16]map[uint16]*RR_RRSIG) zd.RWMutex = new(sync.RWMutex) return zd } @@ -215,8 +214,7 @@ func (z *Zone) Insert(r RR) error { zd := NewZoneData(r.Header().Name) switch t := r.Header().Rrtype; t { case TypeRRSIG: - sigtype := r.(*RR_RRSIG).TypeCovered - zd.Signatures[sigtype] = append(zd.Signatures[sigtype], r.(*RR_RRSIG)) + zd.Signatures[r.(*RR_RRSIG).TypeCovered][r.(*RR_RRSIG).KeyTag] = r.(*RR_RRSIG) case TypeNS: // NS records with other names than z.Origin are non-auth if r.Header().Name != z.Origin { @@ -235,8 +233,7 @@ func (z *Zone) Insert(r RR) error { // Name already there switch t := r.Header().Rrtype; t { case TypeRRSIG: - sigtype := r.(*RR_RRSIG).TypeCovered - zd.Value.(*ZoneData).Signatures[sigtype] = append(zd.Value.(*ZoneData).Signatures[sigtype], r.(*RR_RRSIG)) + zd.Value.(*ZoneData).Signatures[r.(*RR_RRSIG).TypeCovered][r.(*RR_RRSIG).KeyTag] = r.(*RR_RRSIG) case TypeNS: if r.Header().Name != z.Origin { zd.Value.(*ZoneData).NonAuth = true @@ -264,19 +261,7 @@ func (z *Zone) Remove(r RR) error { remove := false switch t := r.Header().Rrtype; t { case TypeRRSIG: - sigtype := r.(*RR_RRSIG).TypeCovered - for i, zr := range zd.Value.(*ZoneData).Signatures[sigtype] { - if r == zr { - zd.Value.(*ZoneData).Signatures[sigtype] = append(zd.Value.(*ZoneData).Signatures[sigtype][:i], zd.Value.(*ZoneData).Signatures[sigtype][i+1:]...) - remove = true - } - } - if remove { - // If every Signature of the covering type is removed, removed the type from the map - if len(zd.Value.(*ZoneData).Signatures[sigtype]) == 0 { - delete(zd.Value.(*ZoneData).Signatures, sigtype) - } - } + delete(zd.Value.(*ZoneData).Signatures[r.(*RR_RRSIG).TypeCovered], r.(*RR_RRSIG).KeyTag) default: for i, zr := range zd.Value.(*ZoneData).RR[t] { // Matching RR @@ -285,11 +270,8 @@ func (z *Zone) Remove(r RR) error { remove = true } } - if remove { - // If every RR of this type is removed, removed the type from the map - if len(zd.Value.(*ZoneData).RR[t]) == 0 { - delete(zd.Value.(*ZoneData).RR, t) - } + if len(zd.Value.(*ZoneData).RR[t]) == 0 { + delete(zd.Value.(*ZoneData).RR, t) } } if !remove { @@ -556,7 +538,7 @@ func (node *ZoneData) Sign(next *ZoneData, keys map[*RR_DNSKEY]PrivateKey, keyta if e != nil { return e } - node.Signatures[t] = append(node.Signatures[t], s) + node.Signatures[t][keytags[k]] = s } } } @@ -574,8 +556,6 @@ func signatures(z *ZoneData, typecovered, keytag uint16) *RR_RRSIG { return nil } - - // timeToUint32 translates a time.Time to a 32 bit value which // can be used as the RRSIG's inception or expiration times. func timeToUint32(t time.Time) uint32 {