class Dnsruby::RR::DS

RFC4034, section 4 The DS Resource Record refers to a DNSKEY RR and is used in the DNS DNSKEY authentication process. A DS RR refers to a DNSKEY RR by storing the key tag, algorithm number, and a digest of the DNSKEY RR. Note that while the digest should be sufficient to identify the public key, storing the key tag and key algorithm helps make the identification process more efficient. By authenticating the DS record, a resolver can authenticate the DNSKEY RR to which the DS record points. The key authentication process is described in [RFC4035].

Attributes

algorithm[R]

The algorithm used for this key See Dnsruby::Algorithms for permitted values

digest[RW]

The DS record refers to a DNSKEY RR by including a digest of that DNSKEY RR.

digest_type[R]

The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY RR. The Digest Type field identifies the algorithm used to construct the digest.

digestbin[RW]
key_tag[RW]

The Key Tag field lists the key tag of the DNSKEY RR referred to by the DS record, in network byte order.

Public Class Methods

from_key(key, digest_type) click to toggle source
# File lib/dnsruby/resource/DS.rb, line 150
      def DS.from_key(key, digest_type)
# # The key must not be a NULL key.
#    if ((key.flags & 0xc000 ) == 0xc000 )
#       puts "\nCreating a DS record for a NULL key is illegal"
#        return
#    end
#
#    # Bit 0 must not be set.
#    if (key.flags & 0x8000)
#       puts "\nCreating a DS record for a key with flag bit 0 set " +
#           "to 0 is illegal"
#          return
#    end
#
    #  Bit 6 must be set to 0 bit 7 must be set to 1
    if (( key.flags & 0x300) != 0x100)
        puts "\nCreating a DS record for a key with flags 6 and 7 not set "+
            "0  and 1 respectively is illegal"
         return
    end
#
#
#    if (key.protocol  != 3 )
#       puts "\nCreating a DS record for a non DNSSEC (protocol=3) " +
#           "key is illegal"
#          return
#    end
#
        digest_type = get_digest_type(digest_type)
        #  Create a new DS record from the specified key
        ds = RR.create(:name => key.name, :type => "DS", :ttl => key.ttl,
                      :key_tag => key.key_tag,
                     :digest_type => digest_type, :algorithm => key.algorithm)

        ds.digestbin = ds.digest_key(key, digest_type)
        ds.digest = ds.digestbin.unpack("H*")[0]
        return ds
      end
get_digest_type(d) click to toggle source
# File lib/dnsruby/resource/DS.rb, line 77
def DS.get_digest_type(d)
  if (d.instance_of?String)
    if (d.length == 1)
      d = d.to_i
    end
  end
  begin
    digest = DigestTypes.new(d)
    return digest
  rescue ArgumentError => e
    raise DecodeError.new(e)
  end
end

Public Instance Methods

algorithm=(a) click to toggle source
# File lib/dnsruby/resource/DS.rb, line 91
def algorithm=(a)
  if (a.instance_of?String)
    if (a.length < 3)
      a = a.to_i
    end
  end
  begin
    alg = Algorithms.new(a)
    @algorithm = alg
  rescue ArgumentError => e
    raise DecodeError.new(e)
  end
end
check_key(key) click to toggle source

Check if the key's digest is the same as that stored in the DS record

# File lib/dnsruby/resource/DS.rb, line 134
def check_key(key)
  if ((key.key_tag == @key_tag) && (key.algorithm == @algorithm))

    digestbin = digest_key(key)
    if (@digestbin == digestbin)
      if (!key.zone_key?)
      else
        return true
      end
    else
    end
  end
  return false
end
digest_key(*args) click to toggle source

Return the digest of the specified DNSKEY RR

# File lib/dnsruby/resource/DS.rb, line 106
def digest_key(*args) # key, digest_type)
  digest_type = @digest_type
  key = args[0]
  if (args.length == 2)
      digest_type = args[1]
  end


  data = MessageEncoder.new {|msg|
     msg.put_name(key.name, true)
     key.encode_rdata(msg, true)
  }.to_s


  if (digest_type.code == 1)
      digestbin = OpenSSL::Digest::SHA1.digest(data)
      return digestbin
  elsif (digest_type.code == 2)
      digestbin = OpenSSL::Digest::SHA256.digest(data)
      return digestbin
  elsif (digest_type.code == 4)
      digestbin = OpenSSL::Digest::SHA384.digest(data)
      return digestbin
  end

end
digest_type=(d) click to toggle source
# File lib/dnsruby/resource/DS.rb, line 72
def digest_type=(d)
  dig = DS.get_digest_type(d)
  @digest_type = dig
end
from_string(input) click to toggle source
# File lib/dnsruby/resource/DS.rb, line 198
      def from_string(input)
        if (input.length > 0)
          data = input.split(" ")
          self.key_tag=(data[0].to_i)
          self.algorithm=(data[1])
          self.digest_type=(data[2])

          buf = ""
          index = 3
          end_index = data.length - 1
          if (data[index]=="(")
            end_index = data.length - 2
            index = 4
          end
          (index..end_index).each {|i|
            if (comment_index = data[i].index(";"))
              buf += data[i].slice(0, comment_index)
              #  @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
              break
            else
              buf += data[i]
            end
          }
#          self.digest=Base64.decode64(buf)
          buf.gsub!(/\n/, "")
          buf.gsub!(/ /, "")
#          self.digest=buf.unpack("m*")[0]
          self.digest=buf
          self.digestbin = [buf].pack("H*")
        end
      end