package dnssec

// CODE ADAPTED FROM THIS

// ISC License
//
// Copyright (c) 2012-2016 Peter Banik <peter@froggle.org>
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

import (
	"time"

	"github.com/afonsofrancof/sdns-proxy/common/logger"
	"github.com/miekg/dns"
)

type RRSet struct {
	RRs   []dns.RR
	RRSig *dns.RRSIG
}

func NewRRSet() *RRSet {
	return &RRSet{
		RRs: make([]dns.RR, 0),
	}
}

func (r *RRSet) IsSigned() bool {
	return r.RRSig != nil
}

func (r *RRSet) IsEmpty() bool {
	return len(r.RRs) < 1
}

func (r *RRSet) SignerName() string {
	if r.RRSig == nil {
		return ""
	}
	return r.RRSig.SignerName
}

func (r *RRSet) CheckHeaderIntegrity(qname string) error {
	if r.RRSig != nil && r.RRSig.Header().Name != qname {
		return ErrForgedRRsig
	}
	return nil
}

func (r *RRSet) ValidateSignature(key *dns.DNSKEY) error {
	if !r.IsSigned() {
		return ErrInvalidRRsig
	}

	err := r.RRSig.Verify(key, r.RRs)
	if err != nil {
		logger.Debug("RRSIG verification failed: %v", err)
		return ErrRrsigValidationError
	}

	if !r.RRSig.ValidityPeriod(time.Now()) {
		return ErrRrsigValidityPeriod
	}

	return nil
}