dnsruby 1.37 → 1.38
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/Dnsruby/resource/DNSKEY.rb +3 -1
- data/lib/Dnsruby/resource/RRSIG.rb +1 -1
- data/lib/Dnsruby/resource/resource.rb +2 -0
- data/lib/Dnsruby/single_verifier.rb +41 -39
- data/lib/dnsruby.rb +2 -1
- data/test/tc_verifier.rb +82 -2
- metadata +3 -15
- data/demo/digroot.rb +0 -92
- data/html/created.rid +0 -1
- data/html/fr_class_index.html +0 -117
- data/html/fr_file_index.html +0 -82
- data/html/fr_method_index.html +0 -364
- data/html/index.html +0 -24
- data/lib/Dnsruby/resource/delete_me.rhtml +0 -6
- data/lib/Dnsruby/select_thread.rb.michael.rb +0 -602
- data/test/tc_auth.rb +0 -49
- data/test/ts_queue.rb +0 -3
@@ -64,7 +64,7 @@ module Dnsruby
|
|
64
64
|
|
65
65
|
def algorithm=(a)
|
66
66
|
if (a.instance_of?String)
|
67
|
-
if (a.
|
67
|
+
if (a.to_i > 0)
|
68
68
|
a = a.to_i
|
69
69
|
end
|
70
70
|
end
|
@@ -264,6 +264,8 @@ module Dnsruby
|
|
264
264
|
def public_key
|
265
265
|
if (!@public_key)
|
266
266
|
if [Algorithms.RSASHA1,
|
267
|
+
Algorithms.RSASHA256,
|
268
|
+
Algorithms.RSASHA512,
|
267
269
|
Algorithms.RSASHA1_NSEC3_SHA1].include?(@algorithm)
|
268
270
|
@public_key = rsa_key
|
269
271
|
elsif [Algorithms.DSA,
|
@@ -146,11 +146,11 @@ module Dnsruby
|
|
146
146
|
raise VerifyError.new("RRSET should have same type as RRSIG for verification")
|
147
147
|
end
|
148
148
|
|
149
|
-
# #Each RR in the RRset MUST have the TTL listed in the
|
150
|
-
# #RRSIG Original TTL Field;
|
151
|
-
# if (rrset.ttl != sigrec.original_ttl)
|
152
|
-
# raise VerifyError.new("RRSET should have same ttl as RRSIG original_ttl for verification (should be #{sigrec.original_ttl} but was #{rrset.ttl}")
|
153
|
-
# end
|
149
|
+
# #Each RR in the RRset MUST have the TTL listed in the
|
150
|
+
# #RRSIG Original TTL Field;
|
151
|
+
# if (rrset.ttl != sigrec.original_ttl)
|
152
|
+
# raise VerifyError.new("RRSET should have same ttl as RRSIG original_ttl for verification (should be #{sigrec.original_ttl} but was #{rrset.ttl}")
|
153
|
+
# end
|
154
154
|
|
155
155
|
# Now check that we are in the validity period for the RRSIG
|
156
156
|
now = Time.now.to_i
|
@@ -240,7 +240,7 @@ module Dnsruby
|
|
240
240
|
# Return true if we can verify the whole message.
|
241
241
|
|
242
242
|
msg.each_section do |section|
|
243
|
-
# print "Checking section : #{section}\n"
|
243
|
+
# print "Checking section : #{section}\n"
|
244
244
|
ds_rrsets = section.rrsets(Types.DS)
|
245
245
|
if ((!ds_rrsets || ds_rrsets.length == 0) && (@verifier_type == VerifierType::DLV))
|
246
246
|
ds_rrsets = section.rrsets(Types.DLV)
|
@@ -374,14 +374,14 @@ module Dnsruby
|
|
374
374
|
return if (msg.rcode == RCode.NOERROR && ((qtype == Types.ANY) || (qtype == Types.NSEC) || (qtype == Types.NSEC3)))
|
375
375
|
if ((msg.rrsets('NSEC').length > 0) || (msg.rrsets('NSEC3').length > 0))
|
376
376
|
if (msg.rcode == RCode.NXDOMAIN)
|
377
|
-
# print "Checking NSECs for Name Error\n"
|
377
|
+
# print "Checking NSECs for Name Error\n"
|
378
378
|
#Name error - NSEC wil prove i) no exact match for <SNAME, SCLASS>, and ii) no RRSets that could match through wildcard expansion
|
379
379
|
# - this may be proved in one or more NSECs (and associated RRSIGs)
|
380
380
|
check_name_in_nsecs(msg)
|
381
381
|
return check_no_wildcard_expansion(msg)
|
382
382
|
elsif (msg.rcode == RCode.NOERROR)
|
383
383
|
if (msg.answer.length > 0)
|
384
|
-
# print "Checking NSECs for wildcard expansion\n"
|
384
|
+
# print "Checking NSECs for wildcard expansion\n"
|
385
385
|
# wildcard expansion answer - check NSECs!
|
386
386
|
# We want to make sure that the NSEC tells us that there is no closer match for this name
|
387
387
|
# @TODO@ We need to make replace the RRSIG name with the wildcard name before we can verify it correctly.
|
@@ -395,7 +395,7 @@ module Dnsruby
|
|
395
395
|
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
396
396
|
nsec_rrsets.each {|nsec_rrset|
|
397
397
|
nsec_rrset.rrs.each {|nsec|
|
398
|
-
# print "Checking nsec to see if wildcard : #{nsec}\n"
|
398
|
+
# print "Checking nsec to see if wildcard : #{nsec}\n"
|
399
399
|
if (nsec.name.wild? ||(nsec.name.labels.length < msg.question()[0].qname.labels.length))
|
400
400
|
isWildcardNoData = true
|
401
401
|
end
|
@@ -404,14 +404,14 @@ module Dnsruby
|
|
404
404
|
}
|
405
405
|
|
406
406
|
if (isWildcardNoData)
|
407
|
-
# print "Checking NSECs for wildcard no data\n"
|
407
|
+
# print "Checking NSECs for wildcard no data\n"
|
408
408
|
# Check NSECs -
|
409
409
|
# i) NSEC proving no RRSets matching STYPE at wildcard owner name that matched <SNAME, SCLASS> via wildcard expansion
|
410
410
|
check_name_not_in_wildcard_nsecs(msg)
|
411
411
|
# ii) NSEC proving no RRSets in zone that would have been closer match for <SNAME, SCLASS>
|
412
412
|
return check_name_in_and_type_not_in_nsecs(msg)
|
413
413
|
else # (isNoData)
|
414
|
-
# print "Checking NSECs for No data\n"
|
414
|
+
# print "Checking NSECs for No data\n"
|
415
415
|
# Check NSEC types covered to make sure this type not present.
|
416
416
|
return check_name_in_and_type_not_in_nsecs(msg)
|
417
417
|
end
|
@@ -442,7 +442,7 @@ module Dnsruby
|
|
442
442
|
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
443
443
|
nsec_rrsets.each {|nsecs|
|
444
444
|
nsecs.rrs.each {|nsec|
|
445
|
-
# print "Checking NSEC : #{nsec}\n"
|
445
|
+
# print "Checking NSEC : #{nsec}\n"
|
446
446
|
next if (nsec.name.wild?)
|
447
447
|
if (check_record_proves_no_wildcard(msg, nsec))
|
448
448
|
proven_no_wildcards = true
|
@@ -451,7 +451,7 @@ module Dnsruby
|
|
451
451
|
}
|
452
452
|
}
|
453
453
|
if (!proven_no_wildcards)
|
454
|
-
# print "No proof that no RRSets could match through wildcard expansion\n"
|
454
|
+
# print "No proof that no RRSets could match through wildcard expansion\n"
|
455
455
|
raise VerifyError.new("No proof that no RRSets could match through wildcard expansion")
|
456
456
|
end
|
457
457
|
|
@@ -459,12 +459,12 @@ module Dnsruby
|
|
459
459
|
|
460
460
|
def check_record_proves_no_wildcard(msg, nsec) # :nodoc:
|
461
461
|
# Check that the NSEC goes from the SOA to a zone canonically after a wildcard
|
462
|
-
# print "Checking wildcard proof for #{nsec.name}\n"
|
462
|
+
# print "Checking wildcard proof for #{nsec.name}\n"
|
463
463
|
soa_rrset = msg.authority.rrset(nsec.name, 'SOA')
|
464
464
|
if (soa_rrset.length > 0)
|
465
|
-
# print "Found SOA for #{nsec.name}\n"
|
465
|
+
# print "Found SOA for #{nsec.name}\n"
|
466
466
|
wildcard_name = Name.create("*." + nsec.name.to_s)
|
467
|
-
# print "Checking #{wildcard_name}\n"
|
467
|
+
# print "Checking #{wildcard_name}\n"
|
468
468
|
if (wildcard_name.canonically_before(nsec.next_domain))
|
469
469
|
return true
|
470
470
|
end
|
@@ -481,7 +481,7 @@ module Dnsruby
|
|
481
481
|
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
482
482
|
nsec_rrsets.each {|nsecs|
|
483
483
|
nsecs.rrs.each {|nsec|
|
484
|
-
# print "Checking NSEC : #{nsec}\n"
|
484
|
+
# print "Checking NSEC : #{nsec}\n"
|
485
485
|
next if (nsec.name.wild?)
|
486
486
|
if nsec.check_name_in_range(name)
|
487
487
|
proven_name_in_nsecs = true
|
@@ -491,7 +491,7 @@ module Dnsruby
|
|
491
491
|
qtype_present = true
|
492
492
|
end
|
493
493
|
if (qtype_present != expected_qtype)
|
494
|
-
# print "#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''} include #{qtype} type\n"
|
494
|
+
# print "#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''} include #{qtype} type\n"
|
495
495
|
raise VerifyError.new("#{nsec.type} record #{nsec} does #{expected_qtype ? 'not ' : ''}include #{qtype} type")
|
496
496
|
# return false
|
497
497
|
end
|
@@ -502,11 +502,11 @@ module Dnsruby
|
|
502
502
|
}
|
503
503
|
}
|
504
504
|
if (!proven_name_in_nsecs)
|
505
|
-
# print "No proof for non-existence for #{name}\n"
|
505
|
+
# print "No proof for non-existence for #{name}\n"
|
506
506
|
raise VerifyError.new("No proof for non-existence for #{name}")
|
507
507
|
end
|
508
508
|
if (qtype && !type_covered_checked)
|
509
|
-
# print "Tyes covered wrong for #{name}\n"
|
509
|
+
# print "Tyes covered wrong for #{name}\n"
|
510
510
|
raise VerifyError.new("Types covered wrong for #{name}")
|
511
511
|
end
|
512
512
|
end
|
@@ -522,18 +522,18 @@ module Dnsruby
|
|
522
522
|
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
523
523
|
nsec_rrsets.each {|nsecs|
|
524
524
|
nsecs.rrs.each {|nsec|
|
525
|
-
# print "Checking NSEC : #{nsec}\n"
|
525
|
+
# print "Checking NSEC : #{nsec}\n"
|
526
526
|
next if !nsec.name.wild?
|
527
527
|
# Check the wildcard expansion
|
528
528
|
# We want to see that the name is in the wildcard range, and that the type
|
529
529
|
# is not in the types for the NSEC
|
530
530
|
if nsec.check_name_in_wildcard_range(name)
|
531
|
-
# print "Wildcard expansion in #{nsec} includes #{name}\n"
|
531
|
+
# print "Wildcard expansion in #{nsec} includes #{name}\n"
|
532
532
|
raise VerifyError.new("Wildcard expansion in #{nsec} includes #{name}")
|
533
533
|
# return false
|
534
534
|
end
|
535
535
|
if (nsec.types.include?qtype)
|
536
|
-
# print "#{qtype} present in wildcard #{nsec}\n"
|
536
|
+
# print "#{qtype} present in wildcard #{nsec}\n"
|
537
537
|
raise VerifyError.new("#{qtype} present in wildcard #{nsec}")
|
538
538
|
# return false
|
539
539
|
end
|
@@ -542,7 +542,7 @@ module Dnsruby
|
|
542
542
|
}
|
543
543
|
}
|
544
544
|
return if done
|
545
|
-
# print("Expected wildcard expansion in #{msg}\n")
|
545
|
+
# print("Expected wildcard expansion in #{msg}\n")
|
546
546
|
raise VerifyError.new("Expected wildcard expansion in #{msg}")
|
547
547
|
# return false
|
548
548
|
end
|
@@ -658,7 +658,7 @@ module Dnsruby
|
|
658
658
|
|
659
659
|
sigrecs.each {|sig|
|
660
660
|
if ((key.key_tag == sig.key_tag) && (key.algorithm == sig.algorithm))
|
661
|
-
# print "Found key #{key.key_tag}\n"
|
661
|
+
# print "Found key #{key.key_tag}\n"
|
662
662
|
return key, sig
|
663
663
|
end
|
664
664
|
}
|
@@ -745,8 +745,10 @@ module Dnsruby
|
|
745
745
|
if [Algorithms.RSASHA1,
|
746
746
|
Algorithms.RSASHA1_NSEC3_SHA1].include?(sigrec.algorithm)
|
747
747
|
verified = keyrec.public_key.verify(OpenSSL::Digest::SHA1.new, sigrec.signature, sig_data)
|
748
|
-
|
749
|
-
|
748
|
+
elsif (sigrec.algorithm == Algorithms.RSASHA256)
|
749
|
+
verified = keyrec.public_key.verify(OpenSSL::Digest::SHA256.new, sigrec.signature, sig_data)
|
750
|
+
elsif (sigrec.algorithm == Algorithms.RSASHA512)
|
751
|
+
verified = keyrec.public_key.verify(OpenSSL::Digest::SHA512.new, sigrec.signature, sig_data)
|
750
752
|
elsif [Algorithms.DSA,
|
751
753
|
Algorithms.DSA_NSEC3_SHA1].include?(sigrec.algorithm)
|
752
754
|
# we are ignoring T for now
|
@@ -770,7 +772,7 @@ module Dnsruby
|
|
770
772
|
expiration_diff = (sigrec.expiration.to_i - Time.now.to_i).abs
|
771
773
|
rrset.ttl = ([rrset.ttl, sigrec.ttl, sigrec.original_ttl,
|
772
774
|
expiration_diff].sort)[0]
|
773
|
-
# print "VERIFIED OK\n"
|
775
|
+
# print "VERIFIED OK\n"
|
774
776
|
return true
|
775
777
|
end
|
776
778
|
|
@@ -1102,7 +1104,7 @@ module Dnsruby
|
|
1102
1104
|
if (Dnssec.default_resolver)
|
1103
1105
|
return Dnssec.default_resolver
|
1104
1106
|
else
|
1105
|
-
|
1107
|
+
return Resolver.new
|
1106
1108
|
end
|
1107
1109
|
end
|
1108
1110
|
end
|
@@ -1172,22 +1174,22 @@ module Dnsruby
|
|
1172
1174
|
end
|
1173
1175
|
|
1174
1176
|
def validate_no_rrsigs(msg) # :nodoc:
|
1175
|
-
# print "Validating unsigned response\n"
|
1177
|
+
# print "Validating unsigned response\n"
|
1176
1178
|
# WHAT IF THERE ARE NO RRSIGS IN MSG?
|
1177
1179
|
# Then we need to check that we do not expect any RRSIGs
|
1178
1180
|
if (!msg.question()[0] && msg.answer.length == 0)
|
1179
|
-
# print "Returning Message insecure OK\n"
|
1181
|
+
# print "Returning Message insecure OK\n"
|
1180
1182
|
msg.security_level = Message::SecurityLevel.INSECURE
|
1181
1183
|
return true
|
1182
1184
|
end
|
1183
1185
|
qname = msg.question()[0].qname
|
1184
1186
|
closest_anchor = find_closest_anchor_for(qname)
|
1185
|
-
# print "Found closest anchor :#{closest_anchor}\n"
|
1187
|
+
# print "Found closest anchor :#{closest_anchor}\n"
|
1186
1188
|
if (closest_anchor)
|
1187
1189
|
actual_anchor = follow_chain(closest_anchor, qname)
|
1188
|
-
# print "Actual anchor : #{actual_anchor}\n"
|
1190
|
+
# print "Actual anchor : #{actual_anchor}\n"
|
1189
1191
|
if (actual_anchor)
|
1190
|
-
# print("Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
1192
|
+
# print("Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
1191
1193
|
TheLog.error("Anchor exists for #{qname}, but no signatures in #{msg}")
|
1192
1194
|
msg.security_level = Message::SecurityLevel.BOGUS
|
1193
1195
|
return false
|
@@ -1196,14 +1198,14 @@ module Dnsruby
|
|
1196
1198
|
if ((@verifier_type == VerifierType::DLV) &&
|
1197
1199
|
@added_dlv_key)
|
1198
1200
|
# Remember to check DLV registry as well (if appropriate!)
|
1199
|
-
# print "Checking DLV for closest anchor\n"
|
1201
|
+
# print "Checking DLV for closest anchor\n"
|
1200
1202
|
dlv_anchor = find_closest_dlv_anchor_for(qname)
|
1201
|
-
# print "Found DLV closest anchor :#{dlv_anchor}\n"
|
1203
|
+
# print "Found DLV closest anchor :#{dlv_anchor}\n"
|
1202
1204
|
if (dlv_anchor)
|
1203
1205
|
actual_anchor = follow_chain(dlv_anchor, qname)
|
1204
|
-
# print "Actual anchor : #{actual_anchor}\n"
|
1206
|
+
# print "Actual anchor : #{actual_anchor}\n"
|
1205
1207
|
if (actual_anchor)
|
1206
|
-
# print("DLV Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
1208
|
+
# print("DLV Anchor exists for #{qname}, but no signatures in #{msg}\n")
|
1207
1209
|
TheLog.error("DLV Anchor exists for #{qname}, but no signatures in #{msg}")
|
1208
1210
|
msg.security_level = Message::SecurityLevel.BOGUS
|
1209
1211
|
return false
|
@@ -1211,7 +1213,7 @@ module Dnsruby
|
|
1211
1213
|
|
1212
1214
|
end
|
1213
1215
|
end
|
1214
|
-
# print "Returning Message insecure OK\n"
|
1216
|
+
# print "Returning Message insecure OK\n"
|
1215
1217
|
msg.security_level = Message::SecurityLevel.INSECURE
|
1216
1218
|
return true
|
1217
1219
|
end
|
data/lib/dnsruby.rb
CHANGED
data/test/tc_verifier.rb
CHANGED
@@ -18,12 +18,92 @@ require 'test/unit'
|
|
18
18
|
require 'dnsruby'
|
19
19
|
|
20
20
|
class VerifierTest < Test::Unit::TestCase
|
21
|
+
|
22
|
+
def test_sha256
|
23
|
+
key256 = Dnsruby::RR.create("example.net. 3600 IN DNSKEY (256 3 8 AwEAAcFcGsaxxdgiuuGmCkVI
|
24
|
+
my4h99CqT7jwY3pexPGcnUFtR2Fh36BponcwtkZ4cAgtvd4Qs8P
|
25
|
+
kxUdp6p/DlUmObdk= );{id = 9033 (zsk), size = 512b}")
|
26
|
+
a = Dnsruby::RR.create("www.example.net. 3600 IN A 192.0.2.91")
|
27
|
+
sig = Dnsruby::RR.create("www.example.net. 3600 IN RRSIG (A 8 3 3600 20300101000000
|
28
|
+
20000101000000 9033 example.net. kRCOH6u7l0QGy9qpC9
|
29
|
+
l1sLncJcOKFLJ7GhiUOibu4teYp5VE9RncriShZNz85mwlMgNEa
|
30
|
+
cFYK/lPtPiVYP4bwg==) ;{id = 9033}")
|
31
|
+
rrset = Dnsruby::RRSet.new(a)
|
32
|
+
rrset.add(sig)
|
33
|
+
verifier = Dnsruby::SingleVerifier.new(nil)
|
34
|
+
verifier.verify_rrset(rrset, key256)
|
35
|
+
end
|
36
|
+
|
37
|
+
def test_sha512
|
38
|
+
key512 = Dnsruby::RR.create("example.net. 3600 IN DNSKEY (256 3 10 AwEAAdHoNTOW+et86KuJOWRD
|
39
|
+
p1pndvwb6Y83nSVXXyLA3DLroROUkN6X0O6pnWnjJQujX/AyhqFD
|
40
|
+
xj13tOnD9u/1kTg7cV6rklMrZDtJCQ5PCl/D7QNPsgVsMu1J2Q8g
|
41
|
+
pMpztNFLpPBz1bWXjDtaR7ZQBlZ3PFY12ZTSncorffcGmhOL
|
42
|
+
);{id = 3740 (zsk), size = 1024b}")
|
43
|
+
a = Dnsruby::RR.create("www.example.net. 3600 IN A 192.0.2.91")
|
44
|
+
sig = Dnsruby::RR.create("www.example.net. 3600 IN RRSIG (A 10 3 3600 20300101000000
|
45
|
+
20000101000000 3740 example.net. tsb4wnjRUDnB1BUi+t
|
46
|
+
6TMTXThjVnG+eCkWqjvvjhzQL1d0YRoOe0CbxrVDYd0xDtsuJRa
|
47
|
+
eUw1ep94PzEWzr0iGYgZBWm/zpq+9fOuagYJRfDqfReKBzMweOL
|
48
|
+
DiNa8iP5g9vMhpuv6OPlvpXwm9Sa9ZXIbNl1MBGk0fthPgxdDLw
|
49
|
+
=);{id = 3740}")
|
50
|
+
rrset = Dnsruby::RRSet.new(a)
|
51
|
+
rrset.add(sig)
|
52
|
+
verifier = Dnsruby::SingleVerifier.new(nil)
|
53
|
+
verifier.verify_rrset(rrset, key512)
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_sha2_zone
|
57
|
+
key1 = Dnsruby::RR.create("example.com. 3600 IN DNSKEY 256 3 8 AwEAAeTXG9RkEnPqrs1gTA
|
58
|
+
+7R2YdovW5HrObuMcsgIjfgAupTXX7NHBVUVX0oF2x8fJIeYt9pTuogTuUhw9/
|
59
|
+
kJrCI43VWa7xbsMkTbyj1/
|
60
|
+
wrfZB25nZnt4DQiqpYm8AZ3XmRBilibsGubVvrzWiQLC1gGXKUJ7JyQyL98G9ODUH2bmnb
|
61
|
+
;{id = 43938 (zsk), size = 1024b}")
|
62
|
+
key2 = Dnsruby::RR.create("example.com. 3600 IN DNSKEY 257 3 8
|
63
|
+
AwEAAeLAE37+XYbieMtOqPRMbimhCjcyc/bSTbMQtKioxzjzgBPu/gVgHTeITJa
|
64
|
+
+IBFOD763HkzmG6ZIEcNAagCLg6+xeTnp017CBWWgnU+ksXdjgQ5KLfM/g4d2TL/Xf/BZJP
|
65
|
+
+JcIYqx3BNDT//bJpuwXqk6WkMtHGDSfSugel26TvgxG9X9xTaJh0u/
|
66
|
+
QMFpm9H4IyQ8557cYAG04z8Yx3PszE5niE6JGho7Qpv2YhpsuLh7dneUTtdqFajdyqU0lZ3iDHnrfm7ve75LorIMPB0FqIo8Q
|
67
|
+
+hqV/U44QB/gTuXiBPjxje6D6WLWJdisIKflYZjUBD0FxuOXZQ5+RFVMV5RSc= ;{id =
|
68
|
+
18976 (ksk), size = 2048b}")
|
69
|
+
rrset = Dnsruby::RRSet.new(key1)
|
70
|
+
rrset.add(key2)
|
71
|
+
sig2 = Dnsruby::RR.create("example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20091109083537
|
72
|
+
20091012083537 18976 example.com. 0S/8cNh9otTenbcqQ2C5fxglGLrkI/EHp/
|
73
|
+
8Y3NDbJ5M50xUzrXd91wjDCE2X/z7UNGeBtyFRqm2ZeId4MygBIBsFaqOr98X8qQo3qpZ/
|
74
|
+
ZtudmSSlk8X77bnKzsBxdLQgtE/REiT6j556zJJ9LtQ/
|
75
|
+
yHgdMmJa5BNPYbQDpJdzJGIYLe1Gx8edOqcPt0LAc3FmjB096Gmlt7JpIWJXrh2Q82eDTkLiEpv7ePAimduKh14
|
76
|
+
+ERi6mLKFDaQjnfkwZ7/zjw6Ekp3a7L9Pa4S/OKUis/TarEQJf
|
77
|
+
+w9yAVKKL8HCIFKOXfn1rOWZ8LIEzlmUmOVOV03F1Paww+9fJaG+WDhpQ== ;{id =
|
78
|
+
18976}")
|
79
|
+
rrset.add(sig2)
|
80
|
+
verifier = Dnsruby::SingleVerifier.new(nil)
|
81
|
+
verifier.verify_rrset(rrset, key2)
|
82
|
+
sig = Dnsruby::RR.create("example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20091109083537
|
83
|
+
20091012083537 43938 example.com. TXaNGZ4QklUIlPtXaGhNegER
|
84
|
+
+uwJAvM9fSmnSt55FiMrMgkJDb6b/
|
85
|
+
GTyOF6INgKopO1wZRZI0iWaPUI0SRow6
|
86
|
+
+X8Idpk05uG7Two5R9uMGX0hu8PWc8BzuAxgeyawCYkXwXQ6Ah0PF9xkc/
|
87
|
+
Xlieo6T34XsoeHmKjmjMWs1KdFkU= ;{id = 43938}")
|
88
|
+
rrset.add(sig)
|
89
|
+
verifier.verify_rrset(rrset, key1)
|
90
|
+
txt = Dnsruby::RR.create('example.com. 86400 IN TXT "v=spf1 -all"')
|
91
|
+
rrset = Dnsruby::RRSet.new(txt)
|
92
|
+
txt_sig = Dnsruby::RR.create("example.com. 86400 IN RRSIG TXT 8 2 86400 20091109083536
|
93
|
+
20091012083536 43938 example.com. rZcuxDZ7QO1oBSqwlV
|
94
|
+
+1ar7RTvwWOCYpgZy6oxXQMWkxONXnHVQO32yl
|
95
|
+
+3WzROW4tYHfFpsdyvo1BCT1PRRXLcLFGJd/
|
96
|
+
T3Y6ciiq5ZzsesfYV0aChOUhseX7MnMjsaLGbmDDVmGqW78nsoBjv9g
|
97
|
+
+0YshQa7E1ctz2aQ2sorWN+E= ;{id = 43938}")
|
98
|
+
rrset.add(txt_sig)
|
99
|
+
verifier.verify_rrset(rrset, key1)
|
100
|
+
end
|
21
101
|
|
22
102
|
def test_se_query
|
23
103
|
# Run some queries on the .se zone
|
24
104
|
Dnsruby::Dnssec.clear_trusted_keys
|
25
105
|
Dnsruby::Dnssec.clear_trust_anchors
|
26
|
-
res = Dnsruby::Resolver.new("a.ns.se")
|
106
|
+
res = Dnsruby::Resolver.new(Dnsruby::Resolv.getaddress("a.ns.se"))
|
27
107
|
res.dnssec = true
|
28
108
|
r = res.query("se", Dnsruby::Types.ANY)
|
29
109
|
# See comment below
|
@@ -36,7 +116,7 @@ class VerifierTest < Test::Unit::TestCase
|
|
36
116
|
def test_verify_message
|
37
117
|
Dnsruby::Dnssec.clear_trusted_keys
|
38
118
|
Dnsruby::Dnssec.clear_trust_anchors
|
39
|
-
res = Dnsruby::Resolver.new("a.ns.se")
|
119
|
+
res = Dnsruby::Resolver.new(Dnsruby::Resolv.getaddress("a.ns.se"))
|
40
120
|
res.udp_size = 5000
|
41
121
|
r = res.query("se", Dnsruby::Types.DNSKEY)
|
42
122
|
# This shouldn't be in the code - but the key is rotated by the .se registry
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dnsruby
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: "1.
|
4
|
+
version: "1.38"
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- AlexD
|
@@ -9,7 +9,7 @@ autorequire: dnsruby
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-10-12 00:00:00 +01:00
|
13
13
|
default_executable:
|
14
14
|
dependencies: []
|
15
15
|
|
@@ -27,7 +27,6 @@ extra_rdoc_files:
|
|
27
27
|
files:
|
28
28
|
- test/custom.txt
|
29
29
|
- test/resolv.conf
|
30
|
-
- test/tc_auth.rb
|
31
30
|
- test/tc_axfr.rb
|
32
31
|
- test/tc_cache.rb
|
33
32
|
- test/tc_dlv.rb
|
@@ -71,7 +70,6 @@ files:
|
|
71
70
|
- test/ts_dnsruby.rb
|
72
71
|
- test/ts_offline.rb
|
73
72
|
- test/ts_online.rb
|
74
|
-
- test/ts_queue.rb
|
75
73
|
- lib/Dnsruby
|
76
74
|
- lib/Dnsruby/Cache.rb
|
77
75
|
- lib/Dnsruby/code_mapper.rb
|
@@ -93,7 +91,6 @@ files:
|
|
93
91
|
- lib/Dnsruby/resource/AAAA.rb
|
94
92
|
- lib/Dnsruby/resource/AFSDB.rb
|
95
93
|
- lib/Dnsruby/resource/CERT.rb
|
96
|
-
- lib/Dnsruby/resource/delete_me.rhtml
|
97
94
|
- lib/Dnsruby/resource/DLV.rb
|
98
95
|
- lib/Dnsruby/resource/DNSKEY.rb
|
99
96
|
- lib/Dnsruby/resource/domain_name.rb
|
@@ -124,7 +121,6 @@ files:
|
|
124
121
|
- lib/Dnsruby/resource/TXT.rb
|
125
122
|
- lib/Dnsruby/resource/X25.rb
|
126
123
|
- lib/Dnsruby/select_thread.rb
|
127
|
-
- lib/Dnsruby/select_thread.rb.michael.rb
|
128
124
|
- lib/Dnsruby/single_verifier.rb
|
129
125
|
- lib/Dnsruby/SingleResolver.rb
|
130
126
|
- lib/Dnsruby/TheLog.rb
|
@@ -132,19 +128,11 @@ files:
|
|
132
128
|
- lib/Dnsruby/validator_thread.rb
|
133
129
|
- lib/Dnsruby/zone_transfer.rb
|
134
130
|
- lib/dnsruby.rb
|
135
|
-
- html/classes
|
136
|
-
- html/created.rid
|
137
|
-
- html/files
|
138
|
-
- html/fr_class_index.html
|
139
|
-
- html/fr_file_index.html
|
140
|
-
- html/fr_method_index.html
|
141
|
-
- html/index.html
|
142
131
|
- demo/axfr.rb
|
143
132
|
- demo/check_soa.rb
|
144
133
|
- demo/check_zone.rb
|
145
134
|
- demo/digdlv.rb
|
146
135
|
- demo/digitar.rb
|
147
|
-
- demo/digroot.rb
|
148
136
|
- demo/example_recurse.rb
|
149
137
|
- demo/mresolv.rb
|
150
138
|
- demo/mx.rb
|
@@ -177,7 +165,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
177
165
|
requirements: []
|
178
166
|
|
179
167
|
rubyforge_project: dnsruby
|
180
|
-
rubygems_version: 1.
|
168
|
+
rubygems_version: 1.3.1
|
181
169
|
signing_key:
|
182
170
|
specification_version: 2
|
183
171
|
summary: Ruby DNS implementation
|