feat(dnssec): query the authoritative servers directly
This commit is contained in:
77
common/dnssec/rrset.go
Normal file
77
common/dnssec/rrset.go
Normal file
@@ -0,0 +1,77 @@
|
||||
package dnssec
|
||||
|
||||
// CODE ADAPTED FROM THIS
|
||||
|
||||
// ISC License
|
||||
//
|
||||
// Copyright (c) 2012-2016 Peter Banik <peter@froggle.org>
|
||||
//
|
||||
// Permission to use, copy, modify, and/or distribute this software for any
|
||||
// purpose with or without fee is hereby granted, provided that the above
|
||||
// copyright notice and this permission notice appear in all copies.
|
||||
//
|
||||
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
import (
|
||||
"log"
|
||||
"time"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
)
|
||||
|
||||
type RRSet struct {
|
||||
RRs []dns.RR
|
||||
RRSig *dns.RRSIG
|
||||
}
|
||||
|
||||
func NewRRSet() *RRSet {
|
||||
return &RRSet{
|
||||
RRs: make([]dns.RR, 0),
|
||||
}
|
||||
}
|
||||
|
||||
func (r *RRSet) IsSigned() bool {
|
||||
return r.RRSig != nil
|
||||
}
|
||||
|
||||
func (r *RRSet) IsEmpty() bool {
|
||||
return len(r.RRs) < 1
|
||||
}
|
||||
|
||||
func (r *RRSet) SignerName() string {
|
||||
if r.RRSig == nil {
|
||||
return ""
|
||||
}
|
||||
return r.RRSig.SignerName
|
||||
}
|
||||
|
||||
func (r *RRSet) CheckHeaderIntegrity(qname string) error {
|
||||
if r.RRSig != nil && r.RRSig.Header().Name != qname {
|
||||
return ErrForgedRRsig
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (r *RRSet) ValidateSignature(key *dns.DNSKEY) error {
|
||||
if !r.IsSigned() {
|
||||
return ErrInvalidRRsig
|
||||
}
|
||||
|
||||
err := r.RRSig.Verify(key, r.RRs)
|
||||
if err != nil {
|
||||
log.Printf("RRSIG verification failed: %v", err)
|
||||
return ErrRrsigValidationError
|
||||
}
|
||||
|
||||
if !r.RRSig.ValidityPeriod(time.Now()) {
|
||||
return ErrRrsigValidityPeriod
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user