dnsruby 1.55 → 1.56.0

data/lib/dnsruby/resource/RR.rb

@@ -0,0 +1,421 @@
+# Superclass for all Dnsruby resource records.
+#
+# Represents a DNS RR (resource record) [RFC1035, section 3.2]
+#
+# Use Dnsruby::RR::create(...) to create a new RR record.
+#
+#   mx = Dnsruby::RR.create("example.com. 7200 MX 10 mailhost.example.com.")
+#
+#   rr = Dnsruby::RR.create({:name => "example.com", :type => "MX", :ttl => 7200,
+#                                  :preference => 10, :exchange => "mailhost.example.com"})
+#
+#   s = rr.to_s # Get a String representation of the RR (in zone file format)
+#   rr_again = Dnsruby::RR.create(s)
+#
+
+require 'dnsruby/code_mappers'
+
+module Dnsruby
+class RR
+
+  include Comparable
+
+  def <=>(other)
+    #       return 1 if ((!other) || !(other.name) || !(other.type))
+    #       return -1 if (!@name)
+    if @name.canonical == other.name.canonical
+      @type.code != other.type.code ? (@type.code <=> other.type.code) : (@rdata <=> other.rdata)
+    else
+      @name <=> other.name
+    end
+  end
+
+  #  A regular expression which catches any valid resource record.
+  @@RR_REGEX = Regexp.new("^\\s*(\\S+)\\s*(\\d+)?\\s*(#{Classes.regexp +
+      "|CLASS\\d+"})?\\s*(#{Types.regexp + '|TYPE\\d+'})?\\s*([\\s\\S]*)\$") #:nodoc: all
+
+  @@implemented_rr_map = nil
+
+  # The Resource's domain name
+  attr_reader :name
+
+  # The Resource type
+  attr_reader :type
+
+  # The Resource class
+  attr_reader :klass
+
+  # The Resource Time-To-Live
+  attr_accessor :ttl
+
+  # The Resource data section
+  attr_accessor :rdata
+
+  def rdlength
+    rdata.length
+  end
+
+  def name=(new_name)
+    @name = new_name.kind_of?(Name) ? new_name : Name.create(new_name)
+  end
+
+  def type=(type)
+    @type = Types.new(type)
+  end
+  alias :rr_type :type
+
+  def klass=(klass)
+    if @type != Types::OPT
+      @klass = Classes.new(klass)
+    else
+      @klass = klass.is_a?(Classes) ? klass : Classes.new("CLASS#{klass}")
+    end
+  end
+
+  def clone
+    encoded = MessageEncoder.new { |encoder| encoder.put_rr(self, true) }.to_s
+    MessageDecoder.new(encoded).get_rr
+  end
+
+
+  #  Determines if two Records could be part of the same RRset.
+  #  This compares the name, type, and class of the Records; the ttl and
+  #  rdata are not compared.
+  def sameRRset(rec)
+    if @klass != rec.klass || @name.downcase != rec.name.downcase
+      return false
+    elsif (rec.type == Types.RRSIG) && (@type == Types.RRSIG)
+      return rec.type_covered == self.type_covered
+    end
+    [rec, self].each do |rr|
+      if rr.type == Types::RRSIG
+        return (@type == rr.type_covered) || (rec.type == rr.type_covered)
+      end
+    end
+    @type == rec.type
+  end
+
+  def init_defaults
+    #  Default to do nothing
+  end
+
+  private
+  def initialize(*args) #:nodoc: all
+    init_defaults
+    if args.length > 0
+      if args[0].class == Hash
+        from_hash(args[0])
+        return
+      else
+        @rdata = args[0]
+        #           print "Loading RR from #{args[0]}, class : #{args[0].class}\n"
+        if args[0].class == String
+          from_string(args[0])
+          return
+        else
+          from_data(args[0])
+          return
+        end
+      end
+    end
+    #       raise ArgumentError.new("Don't call new! Use Dnsruby::RR::create() instead")
+  end
+  public
+
+  def from_hash(hash) #:nodoc: all
+    hash.keys.each do |param|
+      send("#{param}=", hash[param])
+    end
+  end
+
+  # Create a new RR from the hash. The name is required; all other fields are optional.
+  # Type defaults to ANY and the Class defaults to IN. The TTL defaults to 0.
+  #
+  # If the type is specified, then it is necessary to provide ALL of the resource record fields which
+  # are specific to that record; i.e. for
+  # an MX record, you would need to specify the exchange and the preference
+  #
+  #    require 'Dnsruby'
+  #    rr = Dnsruby::RR.new_from_hash({:name => "example.com"})
+  #    rr = Dnsruby::RR.new_from_hash({:name => "example.com", :type => Types.MX, :ttl => 10, :preference => 5, :exchange => "mx1.example.com"})
+  def RR.new_from_hash(inhash)
+    hash = inhash.clone
+    type = hash[:type] || Types::ANY
+    klass = hash[:klass] || Classes::IN
+    ttl = hash[:ttl] || 0
+    record_class = get_class(type, klass)
+    record = record_class.new
+    record.name = hash[:name]
+    unless record.name.kind_of?(Name)
+      record.name = Name.create(record.name)
+    end
+    record.ttl = ttl
+    record.type = type
+    record.klass = klass
+    hash.delete(:name)
+    hash.delete(:type)
+    hash.delete(:ttl)
+    hash.delete(:klass)
+    record.from_hash(hash)
+    record
+  end
+
+  # Returns a Dnsruby::RR object of the appropriate type and
+  # initialized from the string passed by the user.  The format of the
+  # string is that used in zone files, and is compatible with the string
+  # returned by Net::DNS::RR.inspect
+  #
+  # The name and RR type are required; all other information is optional.
+  # If omitted, the TTL defaults to 0 and the RR class defaults to IN.
+  #
+  # All names must be fully qualified.  The trailing dot (.) is optional.
+  #
+  #
+  #    a     = Dnsruby::RR.new_from_string("foo.example.com. 86400 A 10.1.2.3")
+  #    mx    = Dnsruby::RR.new_from_string("example.com. 7200 MX 10 mailhost.example.com.")
+  #    cname = Dnsruby::RR.new_from_string("www.example.com 300 IN CNAME www1.example.com")
+  #    txt   = Dnsruby::RR.new_from_string('baz.example.com 3600 HS TXT "text record"')
+  #
+  #
+  def RR.new_from_string(rrstring)
+    #  strip out comments
+    #  Test for non escaped ";" by means of the look-behind assertion
+    #  (the backslash is escaped)
+    rrstring = rrstring.gsub(/(\?<!\\);.*/o, '')
+
+    matches = (/#{@@RR_REGEX}/xo).match(rrstring)
+    unless matches
+      raise "#{rrstring} did not match RR pattern. Please report this to the author!"
+    end
+
+    name    = matches[1]
+    ttl     = matches[2].to_i || 0
+    rrclass = matches[3] || ''
+    rrtype  = matches[4] || ''
+    rdata   = matches[5] || ''
+
+    rdata.gsub!(/\s+$/o, '') if rdata
+
+    #  RFC3597 tweaks
+    #  This converts to known class and type if specified as TYPE###
+    if rrtype  =~/^TYPE\d+/o
+      rrtype  = Dnsruby::Types.typesbyval(Dnsruby::Types::typesbyname(rrtype))
+    end
+    if rrclass =~/^CLASS\d+/o
+      rrclass = Dnsruby::Classes.classesbyval(Dnsruby::Classes::classesbyname(rrclass))
+    end
+
+    if rrtype == '' && rrclass == 'ANY'
+      rrtype  = 'ANY'
+      rrclass = 'IN'
+    elsif rrclass == ''
+      rrclass = 'IN'
+    end
+
+    if rrtype == ''
+      rrtype = 'ANY'
+    end
+
+    unless %w(NAPTR TXT).include?(rrtype)
+      if rdata
+        rdata.gsub!('(', '')
+        rdata.gsub!(')', '')
+      end
+    end
+
+    test_length = ->(hexdump, rdlength) do
+      if hexdump.length != rdlength * 2
+        raise "#{rdata} is inconsistent; length should be #{rdlength * 2} but is #{hexdump.length}."
+      end
+    end
+
+    pack_rdata = ->(regex) do
+      rdata =~ regex
+      matches = regex.match(rdata)
+      rdlength = matches[1].to_i
+      hexdump  = matches[2].gsub(/\s*/, '')
+
+      test_length.(hexdump, rdlength)
+      packed_rdata = [hexdump].pack('H*')
+
+      [packed_rdata, rdlength]
+    end
+
+    if implemented_rrs.include?(rrtype) && rdata !~/^\s*\\#/o
+      return _get_subclass(name, rrtype, rrclass, ttl, rdata)
+    elsif implemented_rrs.include?(rrtype)   # A known RR type starting with \#
+      packed_rdata, rdlength = pack_rdata.(/\\#\s+(\d+)\s+(.*)$/o)
+      return new_from_data(name, rrtype, rrclass, ttl, rdlength, packed_rdata, 0) # rdata.length() - rdlength);
+    elsif rdata =~ /\s*\\#\s+\d+\s+/o
+      regex = /\\#\s+(\d+)\s+(.*)$/o
+      # We are now dealing with the truly unknown.
+      raise 'Expected RFC3597 representation of RDATA' unless rdata =~ regex
+      packed_rdata, rdlength = pack_rdata.(regex)
+      return new_from_data(name, rrtype, rrclass, ttl, rdlength, packed_rdata, 0) # rdata.length() - rdlength);
+    else
+      # God knows how to handle these...
+      return _get_subclass(name, rrtype, rrclass, ttl, '')
+    end
+  end
+
+  def RR.new_from_data(*args) #:nodoc: all
+    name, rrtype, rrclass, ttl, rdlength, data, offset = args
+    rdata = data ? data[offset, rdlength] : []
+    decoder = MessageDecoder.new(rdata)
+    record = get_class(rrtype, rrclass).decode_rdata(decoder)
+    record.name = Name.create(name)
+    record.ttl = ttl
+    record.type = rrtype
+    record.klass = rrclass
+    record
+  end
+
+  # Return an array of all the currently implemented RR types
+  def RR.implemented_rrs
+    @@implemented_rr_map ||= ClassHash.keys.map { |key| Dnsruby::Types.to_string(key[0]) }
+  end
+
+  class << self
+    private
+    def _get_subclass(name, rrtype, rrclass, ttl, rdata) #:nodoc: all
+      return unless (rrtype!=nil)
+      record = get_class(rrtype, rrclass).new(rdata)
+      record.name = Name.create(name)
+      record.ttl = ttl
+      record.type = rrtype
+      record.klass = rrclass
+      return record
+    end
+  end
+
+  # Returns a string representation of the RR in zone file format
+  def to_s
+    s = name ? (name.to_s(true) + "\t") : ''
+    s << [ttl, klass, type, rdata_to_string].map(&:to_s).join("\t")
+  end
+
+  # Get a string representation of the data section of the RR (in zone file format)
+  def rdata_to_string
+    (@rdata && @rdata.length > 0) ? @rdata : 'no rdata'
+  end
+
+  def from_data(data) #:nodoc: all
+    #  to be implemented by subclasses
+    raise NotImplementedError.new
+  end
+
+  def from_string(input) #:nodoc: all
+    #  to be implemented by subclasses
+    #       raise NotImplementedError.new
+  end
+
+  def encode_rdata(msg, canonical=false) #:nodoc: all
+    #  to be implemented by subclasses
+    raise EncodeError.new("#{self.class} is RR.")
+  end
+
+  def self.decode_rdata(msg) #:nodoc: all
+    #  to be implemented by subclasses
+    raise DecodeError.new("#{self.class} is RR.")
+  end
+
+  def ==(other)
+
+    return false unless self.class == other.class
+
+    ivars_to_compare = ->(object) do
+      ivars = object.instance_variables.map { |var| var.to_s }
+      ivars.delete '@ttl' # RFC 2136 section 1.1
+      ivars.delete '@rdata'
+      if self.type == Types.DS
+        ivars.delete '@digest'
+      end
+      ivars.sort
+    end
+
+    get_instance_var_values = ->(object, ivar_names) do
+      ivar_names.map { |ivar_name| object.instance_variable_get(ivar_name) }
+    end
+
+    self_ivars  = ivars_to_compare.(self)
+    other_ivars = ivars_to_compare.(other)
+    return false unless self_ivars == other_ivars
+
+    self_values  = get_instance_var_values.(self, self_ivars)
+    other_values = get_instance_var_values.(other, other_ivars)
+    self_values == other_values
+  end
+
+  def eql?(other) #:nodoc:
+    self == other
+  end
+
+  def hash # :nodoc:
+    vars = self.instance_variables - ['@ttl']
+    vars.inject(0) do |hash_value, var_name|
+      hash_value ^ self.instance_variable_get(var_name).hash
+    end
+  end
+
+  def self.find_class(type_value, class_value) # :nodoc: all
+    if !! (ret = ClassHash[[type_value, class_value]])
+      return ret
+    elsif !! (val = ClassInsensitiveTypes[type_value])
+      klass = Class.new(val)
+      klass.const_set(:TypeValue, type_value)
+      klass.const_set(:ClassValue, class_value)
+      return klass
+    else
+      return Generic.create(type_value, class_value)
+    end
+  end
+
+  # Get an RR of the specified type and class
+  def self.get_class(type_value, class_value) #:nodoc: all
+    if type_value == Types::OPT
+      return Class.new(OPT)
+    elsif type_value.class == Class
+      type_value = type_value.const_get(:TypeValue)
+      return find_class(type_value, Classes.to_code(class_value))
+    else
+      type_value = (type_value.class == Types) ? type_value.code : Types.new(type_value).code
+      class_value = (class_value.class == Classes) ? class_value.code : Classes.new(class_value).code
+      return find_class(type_value, class_value)
+    end
+  end
+
+
+  # Create a new RR from the arguments, which can be either a String or a Hash.
+  # See new_from_string and new_from_hash for details
+  #
+  #    a     = Dnsruby::RR.create('foo.example.com. 86400 A 10.1.2.3')
+  #    mx    = Dnsruby::RR.create('example.com. 7200 MX 10 mailhost.example.com.')
+  #    cname = Dnsruby::RR.create('www.example.com 300 IN CNAME www1.example.com')
+  #    txt   = Dnsruby::RR.create('baz.example.com 3600 HS TXT 'text record'')
+  #
+  #    rr = Dnsruby::RR.create({:name => 'example.com'})
+  #    rr = Dnsruby::RR.create({:name => 'example.com', :type => 'MX', :ttl => 10,
+  #                                   :preference => 5, :exchange => 'mx1.example.com'})
+  #
+  def RR.create(*args)
+    case args[0]
+      when String
+        new_from_string(args[0])
+      when Hash
+        new_from_hash(args[0])
+      else
+        new_from_data(args)
+    end
+  end
+
+  def self.get_num(bytes)
+    ret = 0
+    shift = (bytes.length - 1) * 8
+    bytes.each_byte do |byte|
+      ret += byte.to_i << shift
+      shift -= 8
+    end
+    ret
+  end
+end
+end

data/lib/dnsruby/resource/RRSIG.rb

@@ -0,0 +1,275 @@
+# --
+# Copyright 2007 Nominet UK
+# 
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ++
+module Dnsruby
+  class RR
+    #  (RFC4034, section 3)
+    # DNSSEC uses public key cryptography to sign and authenticate DNS
+    # resource record sets (RRsets).  Digital signatures are stored in
+    # RRSIG resource records and are used in the DNSSEC authentication
+    # process described in [RFC4035].  A validator can use these RRSIG RRs
+    # to authenticate RRsets from the zone.  The RRSIG RR MUST only be used
+    # to carry verification material (digital signatures) used to secure
+    # DNS operations.
+    # 
+    # An RRSIG record contains the signature for an RRset with a particular
+    # name, class, and type.  The RRSIG RR specifies a validity interval
+    # for the signature and uses the Algorithm, the Signer's Name, and the
+    # Key Tag to identify the DNSKEY RR containing the public key that a
+    # validator can use to verify the signature.
+    class RRSIG < RR
+      ClassValue = nil #:nodoc: all
+      TypeValue = Types::RRSIG #:nodoc: all
+
+      #  3.1.  RRSIG RDATA Wire Format
+      # 
+      #    The RDATA for an RRSIG RR consists of a 2 octet Type Covered field, a
+      #    1 octet Algorithm field, a 1 octet Labels field, a 4 octet Original
+      #    TTL field, a 4 octet Signature Expiration field, a 4 octet Signature
+      #    Inception field, a 2 octet Key tag, the Signer's Name field, and the
+      #    Signature field.
+      # 
+      #                         1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+      #     0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    |        Type Covered           |  Algorithm    |     Labels    |
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    |                         Original TTL                          |
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    |                      Signature Expiration                     |
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    |                      Signature Inception                      |
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    |            Key Tag            |                               /
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+         Signer's Name         /
+      #    /                                                               /
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+      #    /                                                               /
+      #    /                            Signature                          /
+      #    /                                                               /
+      #    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+      # The type covered by this RRSIG
+      attr_reader :type_covered
+      # The algorithm used for this RRSIG
+      # See Dnsruby::Algorithms for permitted values
+      attr_reader :algorithm
+      # The number of labels in the original RRSIG RR owner name
+      # Can be used to determine if name was synthesised from a wildcard.
+      attr_accessor :labels
+      # The TTL of the covered RRSet as it appears in the authoritative zone
+      attr_accessor :original_ttl
+      # The signature expiration
+      attr_accessor :expiration
+      # The signature inception
+      attr_accessor :inception
+      # The key tag value of the DNSKEY RR that validates this signature
+      attr_accessor :key_tag
+      # identifies the owner name of the DNSKEY RR that a validator is
+      # supposed to use to validate this signature
+      attr_reader :signers_name
+
+      # contains the cryptographic signature that covers
+      # the RRSIG RDATA (excluding the Signature field) and the RRset
+      # specified by the RRSIG owner name, RRSIG class, and RRSIG Type
+      # Covered field
+      attr_accessor :signature
+
+      def init_defaults
+        @algorithm=Algorithms.RSASHA1
+        @type_covered = Types::A
+        @original_ttl = 3600
+        @inception = Time.now.to_i
+        @expiration = Time.now.to_i
+        @key_tag = 0
+        @labels = 0
+        self.signers_name="."
+        @signature = "\0"
+      end
+
+      def algorithm=(a)
+        if (a.instance_of?String)
+          if (a.to_i > 0)
+            a = a.to_i
+          end
+        end
+        begin
+          alg = Algorithms.new(a)
+          @algorithm = alg
+        rescue ArgumentError => e
+          raise DecodeError.new(e)
+        end
+      end
+
+      def type_covered=(t)
+        begin
+          type = Types.new(t)
+          @type_covered = type
+        rescue ArgumentError => e
+          raise DecodeError.new(e)
+        end
+      end
+
+      def signers_name=(s)
+        begin
+          name = Name.create(s)
+          @signers_name = name
+        rescue ArgumentError => e
+          raise DecodeError.new(e)
+        end
+      end
+
+
+      def from_data(data) #:nodoc: all
+        type_covered, algorithm, @labels, @original_ttl, expiration, inception,
+          @key_tag, signers_name, @signature = data
+        @expiration = expiration
+        @inception = inception
+        self.type_covered=(type_covered)
+        self.signers_name=(signers_name)
+        self.algorithm=(algorithm)
+      end
+
+      def from_string(input)
+        if (input.length > 0)
+          data = input.split(" ")
+          self.type_covered=(data[0])
+          self.algorithm=(data[1])
+          self.labels=data[2].to_i
+          self.original_ttl=data[3].to_i
+          self.expiration=get_time(data[4])
+          #  Brackets may also be present
+          index = 5
+          end_index = data.length - 1
+          if (data[index]=="(")
+            index = 6
+            end_index = data.length - 2
+          end
+          self.inception=get_time(data[index])
+          self.key_tag=data[index+1].to_i
+          self.signers_name=(data[index+2])
+          #  signature can include whitespace - include all text
+          #  until we come to " )" at the end, and then gsub
+          #  the white space out
+          buf=""
+          (index+3..end_index).each {|i|
+            if (comment_index = data[i].index(";"))
+              buf += data[i].slice(0, comment_index)
+              #  @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
+              break
+            else
+            buf += data[i]
+            end
+          }
+          buf.gsub!(/\n/, "")
+          buf.gsub!(/ /, "")
+          # self.signature=Base64.decode64(buf)
+          self.signature=buf.unpack("m*")[0]
+        end
+      end
+
+      def RRSIG.get_time(input)
+        if (input.kind_of?Fixnum)
+          return input
+        end
+        #  RFC 4034, section 3.2
+        # The Signature Expiration Time and Inception Time field values MUST be
+        #    represented either as an unsigned decimal integer indicating seconds
+        #    since 1 January 1970 00:00:00 UTC, or in the form YYYYMMDDHHmmSS in
+        #    UTC, where:
+        # 
+        #       YYYY is the year (0001-9999, but see Section 3.1.5);
+        #       MM is the month number (01-12);
+        #       DD is the day of the month (01-31);
+        #       HH is the hour, in 24 hour notation (00-23);
+        #       mm is the minute (00-59); and
+        #       SS is the second (00-59).
+        # 
+        #    Note that it is always possible to distinguish between these two
+        #    formats because the YYYYMMDDHHmmSS format will always be exactly 14
+        #    digits, while the decimal representation of a 32-bit unsigned integer
+        #    can never be longer than 10 digits.
+        if (input.length == 10)
+          return input.to_i
+        elsif (input.length == 14)
+          year = input[0,4]
+          mon=input[4,2]
+          day=input[6,2]
+          hour=input[8,2]
+          min=input[10,2]
+          sec=input[12,2]
+          #  @TODO@ REPLACE THIS BY LOCAL CODE - Time.gm DOG SLOW!
+          return Time.gm(year, mon, day, hour, min, sec).to_i
+        else
+          raise DecodeError.new("RRSIG : Illegal time value #{input} - see RFC 4034 section 3.2")
+        end
+      end
+
+      def get_time(input)
+        return RRSIG.get_time(input)
+      end
+
+      def format_time(time)
+        return Time.at(time).gmtime.strftime("%Y%m%d%H%M%S")
+      end
+
+      def rdata_to_string #:nodoc: all
+        if (@type_covered!=nil)
+#          signature = Base64.encode64(@signature) # .gsub(/\n/, "")
+          signature = [@signature].pack("m*").gsub(/\n/, "")
+          #  @TODO@ Display the expiration and inception as
+          return "#{@type_covered.string} #{@algorithm.string} #{@labels} #{@original_ttl} " +
+            "#{format_time(@expiration)} ( #{format_time(@inception)} " +
+            "#{@key_tag} #{@signers_name.to_s(true)} #{signature} )"
+        else
+          return ""
+        end
+      end
+
+      def encode_rdata(msg, canonical=false) #:nodoc: all
+        #  2 octets, then 2 sets of 1 octet
+        msg.put_pack('ncc', @type_covered.to_i, @algorithm.to_i, @labels)
+        msg.put_pack("NNN", @original_ttl, @expiration, @inception)
+        msg.put_pack("n", @key_tag)
+        msg.put_name(@signers_name, canonical, false)
+        msg.put_bytes(@signature)
+      end
+
+      def self.decode_rdata(msg) #:nodoc: all
+        type_covered, algorithm, labels = msg.get_unpack('ncc')
+        original_ttl, expiration, inception = msg.get_unpack('NNN')
+        key_tag, = msg.get_unpack('n')
+        signers_name = msg.get_name
+        signature  = msg.get_bytes
+        return self.new(
+          [type_covered, algorithm, labels, original_ttl, expiration,
+            inception, key_tag, signers_name, signature])
+      end
+
+      def sig_data
+        # RRSIG_RDATA is the wire format of the RRSIG RDATA fields
+        # with the Signer's Name field in canonical form and
+        # the Signature field excluded;
+        data = MessageEncoder.new { |msg|
+          msg.put_pack('ncc', @type_covered.to_i, @algorithm.to_i, @labels)
+          msg.put_pack("NNN", @original_ttl, @expiration, @inception)
+          msg.put_pack("n", @key_tag)
+          msg.put_name(@signers_name, true)
+        }.to_s
+        return data
+      end
+    end
+  end
+end