dnsruby 1.55 → 1.56.0

data/lib/{Dnsruby → dnsruby}/resource/DHCID.rb

@@ -1,55 +1,55 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License. 
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0 
-#
-#Unless required by applicable law or agreed to in writing, software 
-#distributed under the License is distributed on an "AS IS" BASIS, 
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-#See the License for the specific language governing permissions and 
-#limitations under the License.
-#++
-module Dnsruby
-  class RR
-    #Class for DNS DHCP ID (DHCID) resource records.
-    #RFC 4701
-    class DHCID < RR
-      ClassValue = nil #:nodoc: all
-      TypeValue= Types::DHCID #:nodoc: all
-      
-      #The opaque rdata for DHCID
-      attr_accessor :dhcid_data
-      
-      def from_hash(hash) #:nodoc: all
-        @dhcid_data = hash[:dhcid_data]
-      end
-      
-      def from_data(data) #:nodoc: all
-        @dhcid_data,  = data
-      end
-      
-      def from_string(input) #:nodoc: all
-        buf = input.gsub(/\n/, "")
-        buf.gsub!(/ /, "")
-        @dhcid_data = buf.unpack("m*").first
-      end
-      
-      def rdata_to_string #:nodoc: all
-        return "#{[@dhcid_data.to_s].pack("m*").gsub("\n", "")}"
-      end
-      
-      def encode_rdata(msg, canonical=false) #:nodoc: all
-        msg.put_bytes(@dhcid_data)
-      end
-      
-      def self.decode_rdata(msg) #:nodoc: all
-        dhcid_data, = msg.get_bytes()
-        return self.new([dhcid_data])
-      end
-    end 
-  end
+# --
+# Copyright 2007 Nominet UK
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ++
+module Dnsruby
+  class RR
+    # Class for DNS DHCP ID (DHCID) resource records.
+    # RFC 4701
+    class DHCID < RR
+      ClassValue = nil #:nodoc: all
+      TypeValue= Types::DHCID #:nodoc: all
+
+      # The opaque rdata for DHCID
+      attr_accessor :dhcid_data
+
+      def from_hash(hash) #:nodoc: all
+        @dhcid_data = hash[:dhcid_data]
+      end
+
+      def from_data(data) #:nodoc: all
+        @dhcid_data,  = data
+      end
+
+      def from_string(input) #:nodoc: all
+        buf = input.gsub(/\n/, "")
+        buf.gsub!(/ /, "")
+        @dhcid_data = buf.unpack("m*").first
+      end
+
+      def rdata_to_string #:nodoc: all
+        return "#{[@dhcid_data.to_s].pack("m*").gsub("\n", "")}"
+      end
+
+      def encode_rdata(msg, canonical=false) #:nodoc: all
+        msg.put_bytes(@dhcid_data)
+      end
+
+      def self.decode_rdata(msg) #:nodoc: all
+        dhcid_data, = msg.get_bytes()
+        return self.new([dhcid_data])
+      end
+    end
+  end
 end

data/lib/dnsruby/resource/DLV.rb

@@ -0,0 +1,27 @@
+# --
+# Copyright 2008 Nominet UK
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ++
+
+module Dnsruby
+   class RR
+     # RFC4431 specifies that the DLV is assigned type 32769, and the
+     #  rdata is identical to that of the DS record.
+
+     class DLV < RR::DS
+       ClassValue = nil #:nodoc: all
+       TypeValue = Types::DLV #:nodoc: all
+     end
+   end
+end

data/lib/{Dnsruby → dnsruby}/resource/DNSKEY.rb

@@ -1,373 +1,373 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License. 
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0 
-#
-#Unless required by applicable law or agreed to in writing, software 
-#distributed under the License is distributed on an "AS IS" BASIS, 
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-#See the License f181or the specific language governing permissions and 
-#limitations under the License.
-#++
-module Dnsruby
-  class RR
-    #RFC4034, section 2
-    #DNSSEC uses public key cryptography to sign and authenticate DNS
-    #resource record sets (RRsets).  The public keys are stored in DNSKEY
-    #resource records and are used in the DNSSEC authentication process
-    #described in [RFC4035]: A zone signs its authoritative RRsets by
-    #using a private key and stores the corresponding public key in a
-    #DNSKEY RR.  A resolver can then use the public key to validate
-    #signatures covering the RRsets in the zone, and thus to authenticate
-    #them.
-    class DNSKEY < RR
-      ClassValue = nil #:nodoc: all
-      TypeValue = Types::DNSKEY #:nodoc: all
-      
-      #Key is revoked
-      REVOKED_KEY = 0x80
-      
-      #Key is a zone key
-      ZONE_KEY = 0x100
-
-      #Key is a secure entry point key
-      SEP_KEY = 0x1
-
-      #The flags for the DNSKEY RR
-      attr_reader :flags
-      #The protocol for this DNSKEY RR.
-      #MUST be 3.
-      attr_reader :protocol
-      #The algorithm used for this key
-      #See Dnsruby::Algorithms for permitted values
-      attr_reader :algorithm
-      #The public key
-      attr_reader :key
-      #The length (in bits) of the key - NOT key.length
-      attr_reader :key_length
-      
-      def init_defaults
-        @make_new_key_tag = false
-        self.protocol=3
-        self.flags=ZONE_KEY
-        @algorithm=Algorithms.RSASHA1
-        @public_key = nil
-        @key_tag = nil
-        @make_new_key_tag = true
-      end
-      
-      def protocol=(p)
-        if (p!=3)
-          raise DecodeError.new("DNSKEY protocol field set to #{p}, contrary to RFC4034 section 2.1.2")
-        else @protocol = p
-        end
-        get_new_key_tag
-      end
-      
-      def algorithm=(a)
-        if (a.instance_of?String)
-          if (a.to_i > 0)
-            a = a.to_i
-          end
-        end
-        begin
-          alg = Algorithms.new(a)
-          @algorithm = alg
-        rescue ArgumentError => e
-          raise DecodeError.new(e)
-        end        
-        get_new_key_tag
-      end
-      
-      def revoked=(on)
-        if (on)
-          @flags |= REVOKED_KEY
-        else
-          @flags &= (~REVOKED_KEY)
-        end
-        get_new_key_tag
-      end
-      
-      def revoked?
-        return ((@flags & REVOKED_KEY) > 0)
-      end
-
-      def zone_key=(on)
-        if (on)
-          @flags |= ZONE_KEY
-        else
-          @flags &= (~ZONE_KEY)
-        end
-        get_new_key_tag
-      end
-      
-      def zone_key?
-        return ((@flags & ZONE_KEY) > 0)
-      end
-      
-      def sep_key=(on)
-        if (on)
-          @flags |= SEP_KEY
-        else
-          @flags &= (~SEP_KEY)
-        end
-        get_new_key_tag
-      end
-      
-      def sep_key?
-        return ((@flags & SEP_KEY) > 0)
-      end
-      
-      def flags=(f)
-        # Only three values allowed - 
-        # Zone Key flag (bit 7)
-        # Secure Entry Point flag (bit 15)
-        # Revoked bit (bit 8) - RFC 5011
-        if ((f & ~ZONE_KEY & ~SEP_KEY & ~REVOKED_KEY) > 0)
-          TheLog.info("DNSKEY: Only zone key, secure entry point and revoked flags allowed for DNSKEY" +
-              " (RFC4034 section 2.1.1) : #{f} entered as input")
-        end
-
-        @flags = f
-        get_new_key_tag
-      end
-      
-      #      def bad_flags?
-      #        if ((@flags & ~ZONE_KEY & ~SEP_KEY) > 0)
-      #          return true
-      #        end
-      #        return false
-      #      end
-      #
-      def from_data(data) #:nodoc: all
-        flags, protocol, algorithm, @key = data
-        @make_new_key_tag = false
-        self.flags=(flags)
-        self.protocol=(protocol)
-        self.algorithm=(algorithm)
-        @make_new_key_tag = true
-        get_new_key_tag
-      end
-      
-      def from_hash(hash) #:nodoc: all
-        @make_new_key_tag = false
-        hash.keys.each do |param|
-          send(param.to_s+"=", hash[param])
-        end
-        @make_new_key_tag = true
-        get_new_key_tag
-      end
-
-      def from_string(input)
-        if (input.length > 0)
-          @make_new_key_tag = false
-          data = input.split(" ")
-          self.flags=(data[0].to_i)
-          self.protocol=(data[1].to_i)
-          self.algorithm=(data[2])
-          # key can include whitespace - include all text
-          # until we come to " )" at the end, and then gsub
-          # the white space out
-          # Also, brackets may or may not be present
-          # Not to mention comments! ";"
-          buf = ""
-          index = 3
-          end_index = data.length - 1
-          if (data[index]=="(")
-            end_index = data.length - 2
-            index = 4
-          end
-          (index..end_index).each {|i|
-            if (comment_index = data[i].index(";"))
-              buf += data[i].slice(0, comment_index)
-              # @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
-              break
-            else
-              buf += data[i]
-            end
-          }
-          self.key=(buf)
-          @make_new_key_tag = true
-          get_new_key_tag
-        end
-      end
-      
-      def rdata_to_string #:nodoc: all
-        if (@flags!=nil)
-          #          return "#{@flags} #{@protocol} #{@algorithm.string} ( #{Base64.encode64(@key.to_s)} )"
-          return "#{@flags} #{@protocol} #{@algorithm.string} ( #{[@key.to_s].pack("m*").gsub("\n", "")} ) ; key_tag=#{key_tag}"
-        else
-          return ""
-        end
-      end
-      
-      def encode_rdata(msg, canonical=false) #:nodoc: all
-        # 2 octets, then 2 sets of 1 octet
-        msg.put_pack('ncc', @flags, @protocol, @algorithm.code)
-        msg.put_bytes(@key)
-      end
-      
-      def self.decode_rdata(msg) #:nodoc: all
-        # 2 octets, then 2 sets of 1 octet
-        flags, protocol, algorithm = msg.get_unpack('ncc')
-        key = msg.get_bytes
-        return self.new(
-          [flags, protocol, algorithm, key])
-      end
-
-      # Return the the key tag this key would have had before it was revoked
-      # If the key is not revoked, then the current key_tag will be returned
-      def key_tag_pre_revoked
-        if (!revoked?)
-          return key_tag
-        end
-        new_key = clone
-        new_key.revoked = false
-        return new_key.key_tag
-      end
-
-      def get_new_key_tag
-        if (@make_new_key_tag)
-          rdata = MessageEncoder.new {|msg|
-            encode_rdata(msg)
-          }.to_s
-          tag = generate_key_tag(rdata, @algorithm)
-          @key_tag = tag
-        end
-      end
-
-      # Return the tag for this key
-      def key_tag
-        if (!@key_tag)
-          @make_new_key_tag = true
-          get_new_key_tag
-        end
-        return @key_tag
-      end
-
-      def generate_key_tag(rdata, algorithm)
-        tag=0
-        if (algorithm == Algorithms.RSAMD5)
-          #The key tag for algorithm 1 (RSA/MD5) is defined differently from the
-          #key tag for all other algorithms, for historical reasons.
-          d1 = rdata[rdata.length - 3] & 0xFF
-          d2 = rdata[rdata.length - 2] & 0xFF
-          tag = (d1 << 8) + d2
-        else
-          tag = 0
-          last = 0
-          0.step(rdata.length - 1, 2) {|i|
-            last = i
-            d1 = rdata[i]
-            d2 = rdata[i + 1] || 0 # odd number of bytes possible
-
-            d1 = d1.getbyte(0) if d1.class == String # Ruby 1.9
-            d2 = d2.getbyte(0) if d2.class == String # Ruby 1.9
-
-            d1 = d1  & 0xFF
-            d2 = d2  & 0xFF
-
-            tag += ((d1 << 8) + d2)
-          }
-          last+=2
-          if (last < rdata.length)
-            d1 = rdata[last]
-
-            if (d1.class == String) # Ruby 1.9
-              d1 = d1.getbyte(0)
-            end
-
-            d1 = d1 & 0xFF
-            tag += (d1 << 8)
-          end
-          tag += ((tag >> 16) & 0xFFFF)
-        end
-        tag=tag&0xFFFF
-        return tag
-      end
-      
-      def key=(key_text)
-        begin
-          key_text.gsub!(/\n/, "")
-          key_text.gsub!(/ /, "")
-          #        @key=Base64.decode64(key_text)
-          @key=key_text.unpack("m*")[0]
-          public_key
-          get_new_key_tag
-        rescue Exception
-          raise ArgumentError.new("Key #{key_text} invalid")
-        end
-      end
-      
-      def public_key
-        if (!@public_key)
-          if [Algorithms.RSASHA1,
-              Algorithms.RSASHA256,
-              Algorithms.RSASHA512,
-              Algorithms.RSASHA1_NSEC3_SHA1].include?(@algorithm)
-            @public_key = rsa_key
-          elsif [Algorithms.DSA,
-              Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
-            @public_key = dsa_key
-          end
-        end
-        # @TODO@ Support other key encodings!
-        return @public_key
-      end
-
-      def rsa_key
-        exponentLength = @key[0]
-        if (exponentLength.class == String)
-          exponentLength = exponentLength.getbyte(0) # Ruby 1.9
-        end
-        pos = 1
-        if (exponentLength == 0)
-          key1 = @key[1]
-          if (key1.class == String) # Ruby 1.9
-            key1 = key1.getbyte(0)
-          end
-          exponentLength = (key1<<8) + key1
-          pos += 2
-        end
-        exponent = RR::get_num(@key[pos, exponentLength])
-        pos += exponentLength
-
-        modulus = RR::get_num(@key[pos, @key.length])
-        @key_length = (@key.length - pos) * 8
-
-        pkey = OpenSSL::PKey::RSA.new
-        pkey.e = exponent
-        pkey.n = modulus
-        return pkey 
-      end
-      
-      def dsa_key
-        t = @key[0]
-        t = t.getbyte(0) if t.class == String
-        pgy_len = t * 8 + 64
-        pos = 1
-        q = RR::get_num(@key[pos, 20])
-        pos += 20
-        p = RR::get_num(@key[pos, pgy_len])
-        pos += pgy_len
-        g = RR::get_num(@key[pos, pgy_len])
-        pos += pgy_len
-        y = RR::get_num(@key[pos, pgy_len])
-        pos += pgy_len
-        @key_length = (pgy_len * 8)
-        
-        pkey = OpenSSL::PKey::DSA.new
-        pkey.p = p
-        pkey.q = q
-        pkey.g = g
-        pkey.pub_key = y
-        
-        pkey
-      end
-    end 
-  end
+# --
+# Copyright 2007 Nominet UK
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License f181or the specific language governing permissions and
+# limitations under the License.
+# ++
+module Dnsruby
+  class RR
+    # RFC4034, section 2
+    # DNSSEC uses public key cryptography to sign and authenticate DNS
+    # resource record sets (RRsets).  The public keys are stored in DNSKEY
+    # resource records and are used in the DNSSEC authentication process
+    # described in [RFC4035]: A zone signs its authoritative RRsets by
+    # using a private key and stores the corresponding public key in a
+    # DNSKEY RR.  A resolver can then use the public key to validate
+    # signatures covering the RRsets in the zone, and thus to authenticate
+    # them.
+    class DNSKEY < RR
+      ClassValue = nil #:nodoc: all
+      TypeValue = Types::DNSKEY #:nodoc: all
+
+      # Key is revoked
+      REVOKED_KEY = 0x80
+
+      # Key is a zone key
+      ZONE_KEY = 0x100
+
+      # Key is a secure entry point key
+      SEP_KEY = 0x1
+
+      # The flags for the DNSKEY RR
+      attr_reader :flags
+      # The protocol for this DNSKEY RR.
+      # MUST be 3.
+      attr_reader :protocol
+      # The algorithm used for this key
+      # See Dnsruby::Algorithms for permitted values
+      attr_reader :algorithm
+      # The public key
+      attr_reader :key
+      # The length (in bits) of the key - NOT key.length
+      attr_reader :key_length
+
+      def init_defaults
+        @make_new_key_tag = false
+        self.protocol=3
+        self.flags=ZONE_KEY
+        @algorithm=Algorithms.RSASHA1
+        @public_key = nil
+        @key_tag = nil
+        @make_new_key_tag = true
+      end
+
+      def protocol=(p)
+        if (p!=3)
+          raise DecodeError.new("DNSKEY protocol field set to #{p}, contrary to RFC4034 section 2.1.2")
+        else @protocol = p
+        end
+        get_new_key_tag
+      end
+
+      def algorithm=(a)
+        if (a.instance_of?String)
+          if (a.to_i > 0)
+            a = a.to_i
+          end
+        end
+        begin
+          alg = Algorithms.new(a)
+          @algorithm = alg
+        rescue ArgumentError => e
+          raise DecodeError.new(e)
+        end
+        get_new_key_tag
+      end
+
+      def revoked=(on)
+        if (on)
+          @flags |= REVOKED_KEY
+        else
+          @flags &= (~REVOKED_KEY)
+        end
+        get_new_key_tag
+      end
+
+      def revoked?
+        return ((@flags & REVOKED_KEY) > 0)
+      end
+
+      def zone_key=(on)
+        if (on)
+          @flags |= ZONE_KEY
+        else
+          @flags &= (~ZONE_KEY)
+        end
+        get_new_key_tag
+      end
+
+      def zone_key?
+        return ((@flags & ZONE_KEY) > 0)
+      end
+
+      def sep_key=(on)
+        if (on)
+          @flags |= SEP_KEY
+        else
+          @flags &= (~SEP_KEY)
+        end
+        get_new_key_tag
+      end
+
+      def sep_key?
+        return ((@flags & SEP_KEY) > 0)
+      end
+
+      def flags=(f)
+        #  Only three values allowed -
+        #  Zone Key flag (bit 7)
+        #  Secure Entry Point flag (bit 15)
+        #  Revoked bit (bit 8) - RFC 5011
+        if ((f & ~ZONE_KEY & ~SEP_KEY & ~REVOKED_KEY) > 0)
+          TheLog.info("DNSKEY: Only zone key, secure entry point and revoked flags allowed for DNSKEY" +
+              " (RFC4034 section 2.1.1) : #{f} entered as input")
+        end
+
+        @flags = f
+        get_new_key_tag
+      end
+
+      #       def bad_flags?
+      #         if ((@flags & ~ZONE_KEY & ~SEP_KEY) > 0)
+      #           return true
+      #         end
+      #         return false
+      #       end
+      # 
+      def from_data(data) #:nodoc: all
+        flags, protocol, algorithm, @key = data
+        @make_new_key_tag = false
+        self.flags=(flags)
+        self.protocol=(protocol)
+        self.algorithm=(algorithm)
+        @make_new_key_tag = true
+        get_new_key_tag
+      end
+
+      def from_hash(hash) #:nodoc: all
+        @make_new_key_tag = false
+        hash.keys.each do |param|
+          send(param.to_s+"=", hash[param])
+        end
+        @make_new_key_tag = true
+        get_new_key_tag
+      end
+
+      def from_string(input)
+        if (input.length > 0)
+          @make_new_key_tag = false
+          data = input.split(" ")
+          self.flags=(data[0].to_i)
+          self.protocol=(data[1].to_i)
+          self.algorithm=(data[2])
+          #  key can include whitespace - include all text
+          #  until we come to " )" at the end, and then gsub
+          #  the white space out
+          #  Also, brackets may or may not be present
+          #  Not to mention comments! ";"
+          buf = ""
+          index = 3
+          end_index = data.length - 1
+          if (data[index]=="(")
+            end_index = data.length - 2
+            index = 4
+          end
+          (index..end_index).each {|i|
+            if (comment_index = data[i].index(";"))
+              buf += data[i].slice(0, comment_index)
+              #  @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
+              break
+            else
+              buf += data[i]
+            end
+          }
+          self.key=(buf)
+          @make_new_key_tag = true
+          get_new_key_tag
+        end
+      end
+
+      def rdata_to_string #:nodoc: all
+        if (@flags!=nil)
+          #           return "#{@flags} #{@protocol} #{@algorithm.string} ( #{Base64.encode64(@key.to_s)} )"
+          return "#{@flags} #{@protocol} #{@algorithm.string} ( #{[@key.to_s].pack("m*").gsub("\n", "")} ) ; key_tag=#{key_tag}"
+        else
+          return ""
+        end
+      end
+
+      def encode_rdata(msg, canonical=false) #:nodoc: all
+        #  2 octets, then 2 sets of 1 octet
+        msg.put_pack('ncc', @flags, @protocol, @algorithm.code)
+        msg.put_bytes(@key)
+      end
+
+      def self.decode_rdata(msg) #:nodoc: all
+        #  2 octets, then 2 sets of 1 octet
+        flags, protocol, algorithm = msg.get_unpack('ncc')
+        key = msg.get_bytes
+        return self.new(
+          [flags, protocol, algorithm, key])
+      end
+
+      #  Return the the key tag this key would have had before it was revoked
+      #  If the key is not revoked, then the current key_tag will be returned
+      def key_tag_pre_revoked
+        if (!revoked?)
+          return key_tag
+        end
+        new_key = clone
+        new_key.revoked = false
+        return new_key.key_tag
+      end
+
+      def get_new_key_tag
+        if (@make_new_key_tag)
+          rdata = MessageEncoder.new {|msg|
+            encode_rdata(msg)
+          }.to_s
+          tag = generate_key_tag(rdata, @algorithm)
+          @key_tag = tag
+        end
+      end
+
+      #  Return the tag for this key
+      def key_tag
+        if (!@key_tag)
+          @make_new_key_tag = true
+          get_new_key_tag
+        end
+        return @key_tag
+      end
+
+      def generate_key_tag(rdata, algorithm)
+        tag=0
+        if (algorithm == Algorithms.RSAMD5)
+          # The key tag for algorithm 1 (RSA/MD5) is defined differently from the
+          # key tag for all other algorithms, for historical reasons.
+          d1 = rdata[rdata.length - 3] & 0xFF
+          d2 = rdata[rdata.length - 2] & 0xFF
+          tag = (d1 << 8) + d2
+        else
+          tag = 0
+          last = 0
+          0.step(rdata.length - 1, 2) {|i|
+            last = i
+            d1 = rdata[i]
+            d2 = rdata[i + 1] || 0 # odd number of bytes possible
+
+            d1 = d1.getbyte(0) if d1.class == String # Ruby 1.9
+            d2 = d2.getbyte(0) if d2.class == String # Ruby 1.9
+
+            d1 = d1  & 0xFF
+            d2 = d2  & 0xFF
+
+            tag += ((d1 << 8) + d2)
+          }
+          last+=2
+          if (last < rdata.length)
+            d1 = rdata[last]
+
+            if (d1.class == String) # Ruby 1.9
+              d1 = d1.getbyte(0)
+            end
+
+            d1 = d1 & 0xFF
+            tag += (d1 << 8)
+          end
+          tag += ((tag >> 16) & 0xFFFF)
+        end
+        tag=tag&0xFFFF
+        return tag
+      end
+
+      def key=(key_text)
+        begin
+          key_text.gsub!(/\n/, "")
+          key_text.gsub!(/ /, "")
+          #         @key=Base64.decode64(key_text)
+          @key=key_text.unpack("m*")[0]
+          public_key
+          get_new_key_tag
+        rescue Exception
+          raise ArgumentError.new("Key #{key_text} invalid")
+        end
+      end
+
+      def public_key
+        if (!@public_key)
+          if [Algorithms.RSASHA1,
+              Algorithms.RSASHA256,
+              Algorithms.RSASHA512,
+              Algorithms.RSASHA1_NSEC3_SHA1].include?(@algorithm)
+            @public_key = rsa_key
+          elsif [Algorithms.DSA,
+              Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
+            @public_key = dsa_key
+          end
+        end
+        #  @TODO@ Support other key encodings!
+        return @public_key
+      end
+
+      def rsa_key
+        exponentLength = @key[0]
+        if (exponentLength.class == String)
+          exponentLength = exponentLength.getbyte(0) # Ruby 1.9
+        end
+        pos = 1
+        if (exponentLength == 0)
+          key1 = @key[1]
+          if (key1.class == String) # Ruby 1.9
+            key1 = key1.getbyte(0)
+          end
+          exponentLength = (key1<<8) + key1
+          pos += 2
+        end
+        exponent = RR::get_num(@key[pos, exponentLength])
+        pos += exponentLength
+
+        modulus = RR::get_num(@key[pos, @key.length])
+        @key_length = (@key.length - pos) * 8
+
+        pkey = OpenSSL::PKey::RSA.new
+        pkey.e = exponent
+        pkey.n = modulus
+        return pkey
+      end
+
+      def dsa_key
+        t = @key[0]
+        t = t.getbyte(0) if t.class == String
+        pgy_len = t * 8 + 64
+        pos = 1
+        q = RR::get_num(@key[pos, 20])
+        pos += 20
+        p = RR::get_num(@key[pos, pgy_len])
+        pos += pgy_len
+        g = RR::get_num(@key[pos, pgy_len])
+        pos += pgy_len
+        y = RR::get_num(@key[pos, pgy_len])
+        pos += pgy_len
+        @key_length = (pgy_len * 8)
+
+        pkey = OpenSSL::PKey::DSA.new
+        pkey.p = p
+        pkey.q = q
+        pkey.g = g
+        pkey.pub_key = y
+
+        pkey
+      end
+    end
+  end
 end