dnsruby 1.61.3 → 1.61.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: efa9e31f0e7a6a2b4d9e9e58fc6c3bdefe20791a095e9237b52b4df3f5ea3960
4
- data.tar.gz: 4622702939e985576f613073e3a8bcf8b245aaaf6afd3139427e756311755ff8
3
+ metadata.gz: 0af7c6de9311c48936130f68339d222dc18675d7ad52db92eec7474bae5ee05c
4
+ data.tar.gz: cc926e5123a7e691b88261d93891b7f28efbc54d01ca549e1fdabc6d9ee62f1a
5
5
  SHA512:
6
- metadata.gz: 56b5ff00ed1275be32309e5d2389f6f88954a36d94b70f205c9e637658ffb9a341466300306021d27e37daf839bf2e6f2e202ce5371be7cdbed00ed0697c3f87
7
- data.tar.gz: 6586cc36e174de3f90ffbb03bdce009c594f532ac26ea05e587ff966fac8eef998f5e42573c191142e4289d8fddcd77a44938b617e682050057a576bdadaba55
6
+ metadata.gz: c09d09948564591075f2caccc23d0592ec04644d592815400cc78e1664354af47e9185276fce7c64fb81a18ef4fbbfd53520314419e5085a879dd8df0565527f
7
+ data.tar.gz: 535c00b339938ffe3e1479286477889398dc1154f43a2eae4defcb7e08a0a04d23033b501163f3815e2793af67d9445448170bfbd516d34702a5df93f4a22b4d
@@ -7,8 +7,7 @@ before_install: gem install bundler
7
7
  script: "bundle exec rake test"
8
8
 
9
9
  rvm:
10
- - 2.6.3
11
- - 2.4.1
12
- - 2.3.0
13
- - 2.5.1
10
+ - 2.6.6
11
+ - 2.5.8
12
+ - 2.7.1
14
13
 
@@ -0,0 +1,7 @@
1
+ -
2
+ --main README.md
3
+ LICENSE
4
+ DNSSEC
5
+ EXAMPLES
6
+ EVENTMACHINE
7
+ RELEASE_NOTES.md
data/Gemfile CHANGED
@@ -1,5 +1,3 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
3
  gemspec
4
-
5
- gem "addressable", "~> 2.5"
data/README.md CHANGED
@@ -93,3 +93,4 @@ Contact/Links
93
93
  | Github | https://github.com/alexdalitz/dnsruby |
94
94
  | Google Group | https://groups.google.com/forum/#!forum/dnsruby |
95
95
  | Rubygems | http://rubygems.org/gems/dnsruby/ |
96
+ | Documentation | https://www.rubydoc.info/gems/dnsruby/ |
@@ -1,6 +1,20 @@
1
1
  # Release Notes
2
2
 
3
- ##v1.61.2
3
+ ## v1.61.4
4
+
5
+ * Dnsruby::Name : document .punycode
6
+ * gemspec enhancement
7
+ * add yard build file
8
+ * fix create name include url special characters
9
+ * Fix uninitialized constant error when using via Rails
10
+ * Implement ECDSAP256SHA256 (13) / ECDSAP384SHA384 (14) algorithms for DNSKEY
11
+ * Reinitialize all IANA TAR keys with Dnssec.reset
12
+
13
+ ## v1.61.3
14
+
15
+ * TCP timeout and port changes
16
+
17
+ ## v1.61.2
4
18
 
5
19
  * Add new root key
6
20
 
@@ -15,6 +15,7 @@ SPEC = Gem::Specification.new do |s|
15
15
  stub resolver. It aims to comply with all DNS RFCs, including
16
16
  DNSSEC NSEC3 support.'
17
17
  s.license = "Apache License, Version 2.0"
18
+
18
19
  s.files = `git ls-files -z`.split("\x0")
19
20
 
20
21
  s.post_install_message = \
@@ -25,21 +26,26 @@ DNSSEC NSEC3 support.'
25
26
  s.test_file = "test/ts_offline.rb"
26
27
  s.extra_rdoc_files = ["DNSSEC", "EXAMPLES", "README.md", "EVENTMACHINE"]
27
28
 
28
- unless /java/ === RUBY_PLATFORM
29
- s.add_development_dependency 'pry', '~> 0.10'
30
- s.add_development_dependency 'pry-byebug', '~> 2.0' if RUBY_VERSION >= '2'
31
- end
29
+ s.metadata = {
30
+ 'yard.run' => 'yard',
31
+ 'bug_tracker_uri' => 'https://github.com/alexdalitz/dnsruby/issues',
32
+ 'changelog_uri' => 'https://github.com/alexdalitz/dnsruby/blob/master/RELEASE_NOTES.md',
33
+ 'documentation_uri' => 'https://www.rubydoc.info/gems/dnsruby/',
34
+ 'homepage_uri' => 'https://github.com/alexdalitz/dnsruby',
35
+ 'source_code_uri' => 'https://github.com/alexdalitz/dnsruby',
36
+ }
32
37
 
33
- s.add_development_dependency 'rake', '~> 10', '>= 10.3.2'
38
+ s.add_development_dependency 'rake', '>= 12.3.3'
34
39
  s.add_development_dependency 'minitest', '~> 5.4'
35
40
  s.add_development_dependency 'rubydns', '~> 2.0.1'
36
41
  s.add_development_dependency 'nio4r', '~> 2.0'
37
42
  s.add_development_dependency 'minitest-display', '>= 0.3.0'
43
+ s.add_development_dependency('yard', '~> 0.9')
38
44
 
39
45
  if RUBY_VERSION >= "1.9.3"
40
46
  s.add_development_dependency 'coveralls', '~> 0.7'
41
47
  end
42
48
 
43
- s.add_runtime_dependency 'addressable', '~> 2.5'
49
+ s.add_runtime_dependency 'simpleidn', '~> 0.1'
44
50
  end
45
51
 
@@ -128,6 +128,7 @@ module Dnsruby
128
128
  @@validation_policy = ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT
129
129
  @@root_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ROOT)
130
130
  @@root_verifier.add_root_ds(@@root_key)
131
+ @@root_verifier.add_root_ds(@@root_key_new)
131
132
 
132
133
  @@dlv_verifier = SingleVerifier.new(SingleVerifier::VerifierType::DLV)
133
134
 
@@ -27,7 +27,7 @@ module Dnsruby
27
27
  # * Name#subdomain_of?(other)
28
28
  # * Name#labels
29
29
  #
30
- require 'addressable'
30
+ require 'simpleidn'
31
31
  class Name
32
32
  include Comparable
33
33
  MaxNameLength=255
@@ -63,20 +63,18 @@ module Dnsruby
63
63
  end
64
64
  end
65
65
 
66
+ # Convert IDN domain from Unicode UTF-8 to ASCII punycode
67
+ # @param [Object|String] d Unicode domain with emoji inside
68
+ # @return [String] ASCII punycode domain
69
+ # @example
70
+ # Dnsruby::Name.punycode('🏳.cf')
71
+ # => "xn--en8h.cf"
66
72
  def self.punycode(d)
67
- begin
68
- c = Addressable::URI.parse("http://" + d.to_s)
69
- ret = c.normalized_host.sub("http://", "")
70
- if (!d.end_with?".")
71
- return ret.chomp(".")
72
- end
73
- if (!ret.end_with?".")
74
- return ret + "."
75
- end
76
- return ret
77
- rescue Exception => e
78
- return d
79
- end
73
+ begin
74
+ return SimpleIDN.to_ascii(d)
75
+ rescue
76
+ return d
77
+ end
80
78
  end
81
79
 
82
80
  def self.split_escaped(arg) #:nodoc: all
@@ -313,6 +313,8 @@ module Dnsruby
313
313
  elsif [Algorithms.DSA,
314
314
  Algorithms.DSA_NSEC3_SHA1].include?(@algorithm)
315
315
  @public_key = dsa_key
316
+ elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(@algorithm)
317
+ @public_key = ec_key(Algorithms.ECDSAP256SHA256 == @algorithm ? 'prime256v1' : 'secp384r1')
316
318
  end
317
319
  end
318
320
  # @TODO@ Support other key encodings!
@@ -377,6 +379,22 @@ module Dnsruby
377
379
 
378
380
  pkey
379
381
  end
382
+
383
+ # RFC6605, section 4
384
+ # ECDSA public keys consist of a single value, called "Q" in FIPS
385
+ # 186-3. In DNSSEC keys, Q is a simple bit string that represents the
386
+ # uncompressed form of a curve point, "x | y".
387
+ def ec_key(curve = 'prime256v1')
388
+ group = OpenSSL::PKey::EC::Group.new(curve)
389
+ pkey = OpenSSL::PKey::EC.new(group)
390
+
391
+ # DNSSEC pub does not have first octet that determines whether it's uncompressed
392
+ # or compressed form, but it's required by OpenSSL to parse EC point correctly
393
+ point_from_pub = "\x04" + @key.to_s # octet string, \x04 prefix determines uncompressed
394
+ pkey.public_key = OpenSSL::PKey::EC::Point.new(group, point_from_pub)
395
+
396
+ pkey
397
+ end
380
398
  end
381
399
  end
382
400
  end
@@ -800,6 +800,19 @@ module Dnsruby
800
800
 
801
801
  asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
802
802
  verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
803
+ elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(sigrec.algorithm)
804
+ byte_size = (keyrec.public_key.group.degree + 7) / 8
805
+ sig_bytes = sigrec.signature[0..(byte_size - 1)]
806
+ sig_char = sigrec.signature[byte_size..-1] || ''
807
+ asn1 = OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
808
+
809
+ digest_obj = if sigrec.algorithm == Algorithms.ECDSAP384SHA384
810
+ OpenSSL::Digest::SHA384.new
811
+ else
812
+ OpenSSL::Digest::SHA256.new
813
+ end
814
+
815
+ verified = keyrec.public_key.dsa_verify_asn1(digest_obj.digest(sig_data), asn1)
803
816
  else
804
817
  raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
805
818
  end
@@ -1,12 +1,12 @@
1
1
  # --
2
2
  # Copyright 2007 Nominet UK
3
- #
3
+ #
4
4
  # Licensed under the Apache License, Version 2.0 (the "License");
5
5
  # you may not use this file except in compliance with the License.
6
6
  # You may obtain a copy of the License at
7
- #
7
+ #
8
8
  # http://www.apache.org/licenses/LICENSE-2.0
9
- #
9
+ #
10
10
  # Unless required by applicable law or agreed to in writing, software
11
11
  # distributed under the License is distributed on an "AS IS" BASIS,
12
12
  # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -109,7 +109,7 @@ module Dnsruby
109
109
  return true
110
110
  rescue VerifyError => e
111
111
  response.security_error = e
112
- response.security_level = BOGUS
112
+ response.security_level = Message::SecurityLevel.BOGUS
113
113
  # Response security_level should already be set
114
114
  return false
115
115
  end
@@ -1,3 +1,3 @@
1
1
  module Dnsruby
2
- VERSION = '1.61.3'
2
+ VERSION = '1.61.4'
3
3
  end
@@ -16,7 +16,6 @@
16
16
  # ++
17
17
 
18
18
  require_relative 'spec_helper'
19
- require 'pry'
20
19
 
21
20
  class TestCAA < Minitest::Test
22
21
 
@@ -85,4 +85,33 @@ class DnskeyTest < Minitest::Test
85
85
  dnskey.protocol=3
86
86
 
87
87
  end
88
+
89
+ def test_ecdsa_integrity
90
+ ecdsa_256_pub = 'example.com. 3600 IN DNSKEY 256 3 13 ( oJMRESz5E4gYzS/q6XD' +
91
+ 'rvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== )'
92
+
93
+ dnskey = Dnsruby::RR.create(ecdsa_256_pub)
94
+ assert_equal(3, dnskey.protocol)
95
+ assert_equal(256, dnskey.flags)
96
+ assert_equal(Dnsruby::Algorithms::ECDSAP256SHA256, dnskey.algorithm)
97
+ assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
98
+ assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
99
+
100
+ dnskey2 = Dnsruby::RR.create(dnskey.to_s)
101
+ assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
102
+
103
+ ecdsa_384_pub = 'example.com. 3600 IN DNSKEY 256 3 14 ( Bl2HDw98sGin4lNlx7n' +
104
+ 'QX3w98jx6UhAgC73Jq+6LFlD12gnVTMHecM8Z GoTFSh+mV+qEPFZ5s3NbC4qvwUW0kkPb+0ip' +
105
+ 'CuLRwZYhYKk7D+RDb+fX XozI9hhZrsXBcEhss )'
106
+
107
+ dnskey = Dnsruby::RR.create(ecdsa_384_pub)
108
+ assert_equal(3, dnskey.protocol)
109
+ assert_equal(256, dnskey.flags)
110
+ assert_equal(Dnsruby::Algorithms::ECDSAP384SHA384, dnskey.algorithm)
111
+ assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
112
+ assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
113
+
114
+ dnskey2 = Dnsruby::RR.create(dnskey.to_s)
115
+ assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
116
+ end
88
117
  end
@@ -80,4 +80,23 @@ class TestName < Minitest::Test
80
80
  n2 = Name.create("nall.all.")
81
81
  assert(n1 == n2, n1.to_s)
82
82
  end
83
+
84
+ def test_punycode
85
+ [
86
+ [
87
+ "møllerriis.com",
88
+ "xn--mllerriis-l8a.com"
89
+ ],
90
+ [
91
+ "フガフガ。hogehoge.エグザンプル.JP",
92
+ "xn--mcka5jb.hogehoge.xn--ickqs6k2dyb.jp"
93
+ ],
94
+ [
95
+ "フガ#フガ。hogehoge.エグザンプル.JP",
96
+ "xn--#-yeub5nc.hogehoge.xn--ickqs6k2dyb.jp"
97
+ ]
98
+ ].each do |tc|
99
+ assert_equal(Dnsruby::Name.create(tc[0]).to_s, tc[1])
100
+ end
101
+ end
83
102
  end
@@ -31,6 +31,7 @@ class VerifierTest < Minitest::Test
31
31
  do_test_sha256
32
32
  do_test_sha512
33
33
  do_test_nsec
34
+ do_test_ecdsa256
34
35
  else
35
36
  print "OpenSSL doesn't support SHA2 - disabling SHA256/SHA512 tests. DNSSEC validation will not work with these type of signatures.\n"
36
37
  end
@@ -70,6 +71,20 @@ class VerifierTest < Minitest::Test
70
71
  verifier.verify_rrset(rrset, key512)
71
72
  end
72
73
 
74
+ def do_test_ecdsa256
75
+ Time.stub :now, Time.parse("Wed, 01 Jul 2020 11:54:04 EEST +03:00") do
76
+ ecdsa256 = Dnsruby::RR.create("rainiselevi.ee. 3600 IN DNSKEY 256 3 ECDSAP256SHA256 ( oJMRESz5E
77
+ 4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== ) ; key_tag=34505")
78
+ a = Dnsruby::RR.create("rainiselevi.ee. 3600 IN A 35.228.30.236")
79
+ sig = Dnsruby::RR.create("rainiselevi.ee. 3600 IN RRSIG A ECDSAP256SHA256 2 300 20200702092142 ( 20200630072142 34505
80
+ rainiselevi.ee. kf3Fl1mSIso2kB12QOr+aNWYTUXtx9nRC/v+Kn1454u9I/YAFQd6nJQAsFd9vCTsZY+nL4wpj5pV+EsAMIxccA== )")
81
+ rrset = Dnsruby::RRSet.new(a)
82
+ rrset.add(sig)
83
+ verifier = Dnsruby::SingleVerifier.new(nil)
84
+ assert(verifier.verify_rrset(rrset, ecdsa256))
85
+ end
86
+ end
87
+
73
88
  def test_se_query
74
89
  # Run some queries on the .se zone
75
90
  Dnsruby::Dnssec.clear_trusted_keys
metadata CHANGED
@@ -1,63 +1,29 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dnsruby
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.61.3
4
+ version: 1.61.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Alex Dalitz
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-08-15 00:00:00.000000000 Z
11
+ date: 2020-08-05 00:00:00.000000000 Z
12
12
  dependencies:
13
- - !ruby/object:Gem::Dependency
14
- name: pry
15
- requirement: !ruby/object:Gem::Requirement
16
- requirements:
17
- - - "~>"
18
- - !ruby/object:Gem::Version
19
- version: '0.10'
20
- type: :development
21
- prerelease: false
22
- version_requirements: !ruby/object:Gem::Requirement
23
- requirements:
24
- - - "~>"
25
- - !ruby/object:Gem::Version
26
- version: '0.10'
27
- - !ruby/object:Gem::Dependency
28
- name: pry-byebug
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - "~>"
32
- - !ruby/object:Gem::Version
33
- version: '2.0'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - "~>"
39
- - !ruby/object:Gem::Version
40
- version: '2.0'
41
13
  - !ruby/object:Gem::Dependency
42
14
  name: rake
43
15
  requirement: !ruby/object:Gem::Requirement
44
16
  requirements:
45
- - - "~>"
46
- - !ruby/object:Gem::Version
47
- version: '10'
48
17
  - - ">="
49
18
  - !ruby/object:Gem::Version
50
- version: 10.3.2
19
+ version: 12.3.3
51
20
  type: :development
52
21
  prerelease: false
53
22
  version_requirements: !ruby/object:Gem::Requirement
54
23
  requirements:
55
- - - "~>"
56
- - !ruby/object:Gem::Version
57
- version: '10'
58
24
  - - ">="
59
25
  - !ruby/object:Gem::Version
60
- version: 10.3.2
26
+ version: 12.3.3
61
27
  - !ruby/object:Gem::Dependency
62
28
  name: minitest
63
29
  requirement: !ruby/object:Gem::Requirement
@@ -114,6 +80,20 @@ dependencies:
114
80
  - - ">="
115
81
  - !ruby/object:Gem::Version
116
82
  version: 0.3.0
83
+ - !ruby/object:Gem::Dependency
84
+ name: yard
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - "~>"
88
+ - !ruby/object:Gem::Version
89
+ version: '0.9'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - "~>"
95
+ - !ruby/object:Gem::Version
96
+ version: '0.9'
117
97
  - !ruby/object:Gem::Dependency
118
98
  name: coveralls
119
99
  requirement: !ruby/object:Gem::Requirement
@@ -129,19 +109,19 @@ dependencies:
129
109
  - !ruby/object:Gem::Version
130
110
  version: '0.7'
131
111
  - !ruby/object:Gem::Dependency
132
- name: addressable
112
+ name: simpleidn
133
113
  requirement: !ruby/object:Gem::Requirement
134
114
  requirements:
135
115
  - - "~>"
136
116
  - !ruby/object:Gem::Version
137
- version: '2.5'
117
+ version: '0.1'
138
118
  type: :runtime
139
119
  prerelease: false
140
120
  version_requirements: !ruby/object:Gem::Requirement
141
121
  requirements:
142
122
  - - "~>"
143
123
  - !ruby/object:Gem::Version
144
- version: '2.5'
124
+ version: '0.1'
145
125
  description: |-
146
126
  Dnsruby is a pure Ruby DNS client library which implements a
147
127
  stub resolver. It aims to comply with all DNS RFCs, including
@@ -158,6 +138,7 @@ files:
158
138
  - ".coveralls.yml"
159
139
  - ".gitignore"
160
140
  - ".travis.yml"
141
+ - ".yardopts"
161
142
  - DNSSEC
162
143
  - EVENTMACHINE
163
144
  - EXAMPLES
@@ -329,7 +310,13 @@ files:
329
310
  homepage: https://github.com/alexdalitz/dnsruby
330
311
  licenses:
331
312
  - Apache License, Version 2.0
332
- metadata: {}
313
+ metadata:
314
+ yard.run: yard
315
+ bug_tracker_uri: https://github.com/alexdalitz/dnsruby/issues
316
+ changelog_uri: https://github.com/alexdalitz/dnsruby/blob/master/RELEASE_NOTES.md
317
+ documentation_uri: https://www.rubydoc.info/gems/dnsruby/
318
+ homepage_uri: https://github.com/alexdalitz/dnsruby
319
+ source_code_uri: https://github.com/alexdalitz/dnsruby
333
320
  post_install_message: |-
334
321
  Installing dnsruby...
335
322
  For issues and source code: https://github.com/alexdalitz/dnsruby
@@ -348,8 +335,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
348
335
  - !ruby/object:Gem::Version
349
336
  version: '0'
350
337
  requirements: []
351
- rubygems_version: 3.0.3
352
- signing_key:
338
+ rubygems_version: 3.1.2
339
+ signing_key:
353
340
  specification_version: 4
354
341
  summary: Ruby DNS(SEC) implementation
355
342
  test_files: