dnsruby 1.55 → 1.56.0

data/lib/Dnsruby/resource/NSEC3PARAM.rb

@@ -1,135 +0,0 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License. 
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0 
-#
-#Unless required by applicable law or agreed to in writing, software 
-#distributed under the License is distributed on an "AS IS" BASIS, 
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-#See the License for the specific language governing permissions and 
-#limitations under the License.
-#++
-module Dnsruby
-  class RR
-    #The NSEC3PARAM RR contains the NSEC3 parameters (hash algorithm,
-    #flags, iterations and salt) needed by authoritative servers to
-    #calculate hashed owner names.  The presence of an NSEC3PARAM RR at a
-    #zone apex indicates that the specified parameters may be used by
-    #authoritative servers to choose an appropriate set of NSEC3 RRs for
-    #negative responses.  The NSEC3PARAM RR is not used by validators or
-    #resolvers.
-    class NSEC3PARAM < RR
-      ClassValue = nil #:nodoc: all
-      TypeValue = Types::NSEC3PARAM #:nodoc: all
-      
-      #The Hash Algorithm field identifies the cryptographic hash algorithm
-      #used to construct the hash-value.
-      attr_reader :hash_alg
-      #The Flags field contains 8 one-bit flags that can be used to indicate
-      #different processing.  All undefined flags must be zero.  The only
-      #flag defined by the NSEC3 specification is the Opt-Out flag.
-      attr_reader :flags
-      #The Iterations field defines the number of additional times the hash
-      #function has been performed.
-      attr_accessor :iterations
-      #The Salt Length field defines the length of the Salt field in octets,
-      #ranging in value from 0 to 255.
-      attr_reader :salt_length
-
-      #The Salt field is appended to the original owner name before hashing
-      #in order to defend against pre-calculated dictionary attacks.
-      def salt
-        return NSEC3.encode_salt(@salt)
-      end
-
-      def salt=(s)
-        @salt = NSEC3.decode_salt(s)
-        @salt_length = @salt.length
-      end
-
-      def hash_alg=(a)
-        if (a.instance_of?String)
-          if (a.length == 1)
-            a = a.to_i
-          end
-        end
-        begin
-          alg = Nsec3HashAlgorithms.new(a)
-          @hash_alg = alg
-        rescue ArgumentError => e
-          raise DecodeError.new(e)
-        end
-      end
-      
-      def types=(t)
-        @types = NSEC.get_types(t)
-      end
-      
-      def flags=(f)
-        if (f==0 || f==1)
-          @flags=f
-        else
-          raise DecodeError.new("Unknown NSEC3 flags field - #{f}")
-        end
-      end
-      
-      #      def salt_length=(l) # :nodoc: all
-      #        if ((l < 0) || (l > 255))
-      #          raise DecodeError.new("NSEC3 salt length must be between 0 and 255")
-      #        end
-      #        @salt_length = l
-      #      end
-      #
-      def from_data(data) #:nodoc: all
-        hash_alg, flags, iterations, salt_length, salt = data
-        self.hash_alg=(hash_alg)
-        self.flags=(flags)
-        self.iterations=(iterations)
-        #        self.salt_length=(salt_length)
-#        self.salt=(salt)
-        @salt=salt
-      end
-      
-      def from_string(input)
-        if (input.length > 0)
-          data = input.split(" ")
-          self.hash_alg=(data[0]).to_i
-          self.flags=(data[1]).to_i
-          self.iterations=(data[2]).to_i
-          self.salt=(data[3])
-          #          self.salt_length=(data[3].length)
-        end
-      end
-      
-      def rdata_to_string #:nodoc: all
-          s = salt()
-          return "#{@hash_alg.code} #{@flags} #{@iterations} #{s}"
-      end
-      
-      def encode_rdata(msg, canonical=false) #:nodoc: all
-#        s = salt()
-        s = @salt
-        sl = s.length()
-        if (s == "-")
-          sl == 0
-        end
-        msg.put_pack("ccnc", @hash_alg.code, @flags, @iterations, sl)
-
-        if (sl > 0)
-          msg.put_bytes(s)
-        end
-      end
-      
-      def self.decode_rdata(msg) #:nodoc: all
-        hash_alg, flags, iterations, salt_length = msg.get_unpack("ccnc")
-        salt = msg.get_bytes(salt_length)
-        return self.new(
-          [hash_alg, flags, iterations, salt_length, salt])
-      end
-    end 
-  end
-end

data/lib/Dnsruby/resource/OPT.rb

@@ -1,213 +0,0 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License. 
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0 
-#
-#Unless required by applicable law or agreed to in writing, software 
-#distributed under the License is distributed on an "AS IS" BASIS, 
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-#See the License for the specific language governing permissions and 
-#limitations under the License.
-#++
-module Dnsruby
-  class RR   
-    #Class for EDNS pseudo resource record OPT.
-    #This class is effectively internal to Dnsruby
-    #See RFC 2671, RFC 2435 Section 3
-    # @TODO@ Extended labels RFC2671 section 3
-    class OPT < RR #:nodoc: all
-      ClassValue = nil #:nodoc: all
-      TypeValue = Types::OPT #:nodoc: all
-      DO_BIT = 0x8000
-
-      # @TODO@ Add BADVERS to an XRCode CodeMapper object
-
-      #Can be called with up to 3 arguments, none of which must be present
-      #* OPT.new()
-      #* OPT.new(size)
-      #* OPT.new(size,flags)
-      #* OPT.new(size,flags,options)
-      def initialize(*args)
-        @type = Types.new('OPT')
-        @ttl = nil
-        
-        @options=nil
-        if (args.length > 0)
-          self.payloadsize=(args[0])
-          if (args.length > 1)
-            self.flags=(args[1])
-            if (args.length > 2) 
-              self.options=(args[2])
-            else
-              self.options=nil
-            end
-          else
-            self.flags=0
-          end
-        else
-          self.payloadsize=0
-        end
-      end
-      
-      # From RFC 2671 :
-      # 4.3. The fixed part of an OPT RR is structured as follows:
-      #
-      #     Field Name   Field Type     Description
-      #     ------------------------------------------------------
-      #     NAME         domain name    empty (root domain)
-      #     TYPE         u_int16_t      OPT
-      #     CLASS        u_int16_t      sender's UDP payload size
-      #     TTL          u_int32_t      extended RCODE and flags
-      #     RDLEN        u_int16_t      describes RDATA
-      #     RDATA        octet stream   {attribute,value} pairs
-      
-      #4.6. The extended RCODE and flags (which OPT stores in the RR TTL field)
-      #are structured as follows:
-      #
-      #                 +0 (MSB)                            +1 (LSB)
-      #      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
-      #   0: |         EXTENDED-RCODE        |            VERSION            |
-      #      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
-      #   2: |                               Z                               |
-      #      +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
-      #
-      #   EXTENDED-RCODE  Forms upper 8 bits of extended 12-bit RCODE.  Note
-      #                   that EXTENDED-RCODE value "0" indicates that an
-      #                   unextended RCODE is in use (values "0" through "15").
-      #
-      #   VERSION         Indicates the implementation level of whoever sets
-      #                   it.  Full conformance with this specification is
-      #                   indicated by version "0." 
-      
-      def flags_from_ttl
-        if (@ttl)
-          return [@ttl].pack("N")
-        else
-          return [0].pack("N")
-        end
-      end
-      
-      def xrcode
-        return ExtendedRCode.new(flags_from_ttl[0, 1].unpack("C")[0])
-      end
-      
-      def xrcode=(c)
-        code = ExtendedRCode.new(c)
-        @ttl = (code.code << 24) + (version() << 16) + flags()
-      end
-      
-      def version
-        return flags_from_ttl[1, 1].unpack("C")[0]
-      end
-      
-      def version=(code)
-        @ttl = (xrcode().code << 24) + (code << 16) + flags()
-      end
-      
-      def flags
-        return flags_from_ttl[2, 2].unpack("n")[0]
-      end
-      
-      def flags=(code)
-        set_flags(code)
-      end
-      
-      def set_flags(code) # Should always be zero
-        @ttl = (xrcode().code << 24) + (version() << 16) + code
-      end
-      
-      def dnssec_ok
-        return ((flags() & DO_BIT) == DO_BIT)
-      end
-      
-      def dnssec_ok=(on)
-        if (on)
-          set_flags(flags() | DO_BIT)
-        else
-          set_flags(flags() & (~DO_BIT))
-        end
-      end
-      
-      def payloadsize
-        return @klass.code
-      end
-      
-      def payloadsize=(size)
-        self.klass=size
-      end
-      
-      def options(args)
-        if (args==nil)
-          return @options
-        elsif args.kind_of?Fixnum
-          # return list of options with that code
-          ret = []
-          @options.each do |option|
-            if (option.code == args)
-              ret.push(option)
-            end
-          end
-          return ret
-        end
-      end
-      
-      def options=(options)
-        @options = options
-      end
-      
-      def from_data(data)
-        @options = data
-      end
-      
-      def from_string(input)
-        raise NotImplementedError
-      end
-      
-      def to_s
-        ret = "OPT pseudo-record : payloadsize #{payloadsize}, xrcode #{xrcode.code}, version #{version}, flags #{flags}"
-        if @options
-          @options.each do |opt|
-            ret = ret + " " + opt.to_s
-          end
-        end
-        ret = ret + "\n"
-        return ret
-      end
-      
-      def encode_rdata(msg, canonical=false)
-        if (@options)
-          @options.each do |opt|
-            msg.put_pack('n', opt.code)
-            msg.put_pack('n', opt.data.length)
-            msg.put_bytes(opt.data)
-          end
-        end
-      end
-      
-      def self.decode_rdata(msg)#:nodoc: all
-        if (msg.has_remaining)
-          options = []
-          while (msg.has_remaining) do
-            code  = msg.get_unpack('n')[0]
-            len = msg.get_unpack('n')[0]
-            data = msg.get_bytes(len)
-            options.push(Option.new(code, data))
-          end
-        end
-        return self.new([options])
-      end
-      
-      class Option
-        attr_accessor :code, :data
-        def initialize(code, data)
-          @code = code
-          @data = data
-        end
-      end
-    end
-  end
-end

data/lib/Dnsruby/resource/RRSIG.rb

@@ -1,275 +0,0 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License. 
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0 
-#
-#Unless required by applicable law or agreed to in writing, software 
-#distributed under the License is distributed on an "AS IS" BASIS, 
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-#See the License for the specific language governing permissions and 
-#limitations under the License.
-#++
-module Dnsruby
-  class RR
-    # (RFC4034, section 3)
-    #DNSSEC uses public key cryptography to sign and authenticate DNS
-    #resource record sets (RRsets).  Digital signatures are stored in
-    #RRSIG resource records and are used in the DNSSEC authentication
-    #process described in [RFC4035].  A validator can use these RRSIG RRs
-    #to authenticate RRsets from the zone.  The RRSIG RR MUST only be used
-    #to carry verification material (digital signatures) used to secure
-    #DNS operations.
-    #
-    #An RRSIG record contains the signature for an RRset with a particular
-    #name, class, and type.  The RRSIG RR specifies a validity interval
-    #for the signature and uses the Algorithm, the Signer's Name, and the
-    #Key Tag to identify the DNSKEY RR containing the public key that a
-    #validator can use to verify the signature.
-    class RRSIG < RR
-      ClassValue = nil #:nodoc: all
-      TypeValue = Types::RRSIG #:nodoc: all
-      
-      # 3.1.  RRSIG RDATA Wire Format
-      #
-      #   The RDATA for an RRSIG RR consists of a 2 octet Type Covered field, a
-      #   1 octet Algorithm field, a 1 octet Labels field, a 4 octet Original
-      #   TTL field, a 4 octet Signature Expiration field, a 4 octet Signature
-      #   Inception field, a 2 octet Key tag, the Signer's Name field, and the
-      #   Signature field.
-      #
-      #                        1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
-      #    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   |        Type Covered           |  Algorithm    |     Labels    |
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   |                         Original TTL                          |
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   |                      Signature Expiration                     |
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   |                      Signature Inception                      |
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   |            Key Tag            |                               /
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+         Signer's Name         /
-      #   /                                                               /
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-      #   /                                                               /
-      #   /                            Signature                          /
-      #   /                                                               /
-      #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+    
-
-      #The type covered by this RRSIG
-      attr_reader :type_covered
-      #The algorithm used for this RRSIG
-      #See Dnsruby::Algorithms for permitted values
-      attr_reader :algorithm
-      #The number of labels in the original RRSIG RR owner name
-      #Can be used to determine if name was synthesised from a wildcard.
-      attr_accessor :labels
-      #The TTL of the covered RRSet as it appears in the authoritative zone
-      attr_accessor :original_ttl
-      #The signature expiration 
-      attr_accessor :expiration
-      #The signature inception 
-      attr_accessor :inception
-      #The key tag value of the DNSKEY RR that validates this signature
-      attr_accessor :key_tag
-      #identifies the owner name of the DNSKEY RR that a validator is 
-      #supposed to use to validate this signature
-      attr_reader :signers_name
-
-      #contains the cryptographic signature that covers
-      #the RRSIG RDATA (excluding the Signature field) and the RRset
-      #specified by the RRSIG owner name, RRSIG class, and RRSIG Type
-      #Covered field
-      attr_accessor :signature
-      
-      def init_defaults
-        @algorithm=Algorithms.RSASHA1
-        @type_covered = Types::A
-        @original_ttl = 3600
-        @inception = Time.now.to_i
-        @expiration = Time.now.to_i
-        @key_tag = 0
-        @labels = 0
-        self.signers_name="."
-        @signature = "\0"
-      end
-      
-      def algorithm=(a)
-        if (a.instance_of?String)
-          if (a.to_i > 0)
-            a = a.to_i
-          end
-        end
-        begin
-          alg = Algorithms.new(a)
-          @algorithm = alg
-        rescue ArgumentError => e
-          raise DecodeError.new(e)
-        end        
-      end
-      
-      def type_covered=(t)
-        begin
-          type = Types.new(t)
-          @type_covered = type
-        rescue ArgumentError => e
-          raise DecodeError.new(e)
-        end        
-      end
-      
-      def signers_name=(s)
-        begin
-          name = Name.create(s)
-          @signers_name = name
-        rescue ArgumentError => e
-          raise DecodeError.new(e)
-        end        
-      end
-      
-
-      def from_data(data) #:nodoc: all
-        type_covered, algorithm, @labels, @original_ttl, expiration, inception, 
-          @key_tag, signers_name, @signature = data
-        @expiration = expiration
-        @inception = inception
-        self.type_covered=(type_covered)
-        self.signers_name=(signers_name)
-        self.algorithm=(algorithm)
-      end
-      
-      def from_string(input)
-        if (input.length > 0)
-          data = input.split(" ")
-          self.type_covered=(data[0])
-          self.algorithm=(data[1])
-          self.labels=data[2].to_i
-          self.original_ttl=data[3].to_i
-          self.expiration=get_time(data[4])
-          # Brackets may also be present
-          index = 5
-          end_index = data.length - 1
-          if (data[index]=="(")
-            index = 6
-            end_index = data.length - 2
-          end
-          self.inception=get_time(data[index])
-          self.key_tag=data[index+1].to_i
-          self.signers_name=(data[index+2])
-          # signature can include whitespace - include all text
-          # until we come to " )" at the end, and then gsub
-          # the white space out 
-          buf=""
-          (index+3..end_index).each {|i|
-            if (comment_index = data[i].index(";"))
-              buf += data[i].slice(0, comment_index)
-              # @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
-              break
-            else
-            buf += data[i]
-            end
-          }
-          buf.gsub!(/\n/, "")
-          buf.gsub!(/ /, "")
-          #self.signature=Base64.decode64(buf)
-          self.signature=buf.unpack("m*")[0]
-        end
-      end
-
-      def RRSIG.get_time(input)
-        if (input.kind_of?Fixnum)
-          return input
-        end
-        # RFC 4034, section 3.2
-        #The Signature Expiration Time and Inception Time field values MUST be
-        #   represented either as an unsigned decimal integer indicating seconds
-        #   since 1 January 1970 00:00:00 UTC, or in the form YYYYMMDDHHmmSS in
-        #   UTC, where:
-        #
-        #      YYYY is the year (0001-9999, but see Section 3.1.5);
-        #      MM is the month number (01-12);
-        #      DD is the day of the month (01-31);
-        #      HH is the hour, in 24 hour notation (00-23);
-        #      mm is the minute (00-59); and
-        #      SS is the second (00-59).
-        #
-        #   Note that it is always possible to distinguish between these two
-        #   formats because the YYYYMMDDHHmmSS format will always be exactly 14
-        #   digits, while the decimal representation of a 32-bit unsigned integer
-        #   can never be longer than 10 digits.
-        if (input.length == 10)
-          return input.to_i
-        elsif (input.length == 14)
-          year = input[0,4]
-          mon=input[4,2]
-          day=input[6,2]
-          hour=input[8,2]
-          min=input[10,2]
-          sec=input[12,2]
-          # @TODO@ REPLACE THIS BY LOCAL CODE - Time.gm DOG SLOW!
-          return Time.gm(year, mon, day, hour, min, sec).to_i
-        else
-          raise DecodeError.new("RRSIG : Illegal time value #{input} - see RFC 4034 section 3.2")
-        end
-      end
-      
-      def get_time(input)
-        return RRSIG.get_time(input)
-      end
-      
-      def format_time(time)
-        return Time.at(time).gmtime.strftime("%Y%m%d%H%M%S")
-      end
-      
-      def rdata_to_string #:nodoc: all
-        if (@type_covered!=nil)
-#          signature = Base64.encode64(@signature) # .gsub(/\n/, "")
-          signature = [@signature].pack("m*").gsub(/\n/, "")
-          # @TODO@ Display the expiration and inception as 
-          return "#{@type_covered.string} #{@algorithm.string} #{@labels} #{@original_ttl} " + 
-            "#{format_time(@expiration)} ( #{format_time(@inception)} " + 
-            "#{@key_tag} #{@signers_name.to_s(true)} #{signature} )"
-        else
-          return ""
-        end
-      end
-      
-      def encode_rdata(msg, canonical=false) #:nodoc: all
-        # 2 octets, then 2 sets of 1 octet
-        msg.put_pack('ncc', @type_covered.to_i, @algorithm.to_i, @labels)
-        msg.put_pack("NNN", @original_ttl, @expiration, @inception)
-        msg.put_pack("n", @key_tag)
-        msg.put_name(@signers_name, canonical, false)
-        msg.put_bytes(@signature)
-      end
-      
-      def self.decode_rdata(msg) #:nodoc: all
-        type_covered, algorithm, labels = msg.get_unpack('ncc')
-        original_ttl, expiration, inception = msg.get_unpack('NNN')
-        key_tag, = msg.get_unpack('n')
-        signers_name = msg.get_name
-        signature  = msg.get_bytes
-        return self.new(
-          [type_covered, algorithm, labels, original_ttl, expiration,
-            inception, key_tag, signers_name, signature])
-      end
-      
-      def sig_data
-        #RRSIG_RDATA is the wire format of the RRSIG RDATA fields
-        #with the Signer's Name field in canonical form and
-        #the Signature field excluded;
-        data = MessageEncoder.new { |msg|
-          msg.put_pack('ncc', @type_covered.to_i, @algorithm.to_i, @labels)
-          msg.put_pack("NNN", @original_ttl, @expiration, @inception)
-          msg.put_pack("n", @key_tag)
-          msg.put_name(@signers_name, true)
-        }.to_s
-        return data
-      end
-    end 
-  end
-end