class Dnsruby::RR::DS
RFC4034, section 4 The DS
Resource Record refers to a DNSKEY
RR
and is used in the DNS
DNSKEY
authentication process. A DS
RR
refers to a DNSKEY
RR
by storing the key tag, algorithm number, and a digest of the DNSKEY
RR
. Note that while the digest should be sufficient to identify the public key, storing the key tag and key algorithm helps make the identification process more efficient. By authenticating the DS
record, a resolver can authenticate the DNSKEY
RR
to which the DS
record points. The key authentication process is described in [RFC4035].
Attributes
algorithm[R]
The algorithm used for this key See Dnsruby::Algorithms
for permitted values
digest_type[R]
digestbin[RW]
Public Class Methods
from_key(key, digest_type)
click to toggle source
# File lib/dnsruby/resource/DS.rb, line 150 def DS.from_key(key, digest_type) # # The key must not be a NULL key. # if ((key.flags & 0xc000 ) == 0xc000 ) # puts "\nCreating a DS record for a NULL key is illegal" # return # end # # # Bit 0 must not be set. # if (key.flags & 0x8000) # puts "\nCreating a DS record for a key with flag bit 0 set " + # "to 0 is illegal" # return # end # # Bit 6 must be set to 0 bit 7 must be set to 1 if (( key.flags & 0x300) != 0x100) puts "\nCreating a DS record for a key with flags 6 and 7 not set "+ "0 and 1 respectively is illegal" return end # # # if (key.protocol != 3 ) # puts "\nCreating a DS record for a non DNSSEC (protocol=3) " + # "key is illegal" # return # end # digest_type = get_digest_type(digest_type) # Create a new DS record from the specified key ds = RR.create(:name => key.name, :type => "DS", :ttl => key.ttl, :key_tag => key.key_tag, :digest_type => digest_type, :algorithm => key.algorithm) ds.digestbin = ds.digest_key(key, digest_type) ds.digest = ds.digestbin.unpack("H*")[0] return ds end
get_digest_type(d)
click to toggle source
# File lib/dnsruby/resource/DS.rb, line 77 def DS.get_digest_type(d) if (d.instance_of?String) if (d.length == 1) d = d.to_i end end begin digest = DigestTypes.new(d) return digest rescue ArgumentError => e raise DecodeError.new(e) end end
Public Instance Methods
algorithm=(a)
click to toggle source
# File lib/dnsruby/resource/DS.rb, line 91 def algorithm=(a) if (a.instance_of?String) if (a.length < 3) a = a.to_i end end begin alg = Algorithms.new(a) @algorithm = alg rescue ArgumentError => e raise DecodeError.new(e) end end
check_key(key)
click to toggle source
Check if the key's digest is the same as that stored in the DS
record
# File lib/dnsruby/resource/DS.rb, line 134 def check_key(key) if ((key.key_tag == @key_tag) && (key.algorithm == @algorithm)) digestbin = digest_key(key) if (@digestbin == digestbin) if (!key.zone_key?) else return true end else end end return false end
digest_key(*args)
click to toggle source
Return the digest of the specified DNSKEY
RR
# File lib/dnsruby/resource/DS.rb, line 106 def digest_key(*args) # key, digest_type) digest_type = @digest_type key = args[0] if (args.length == 2) digest_type = args[1] end data = MessageEncoder.new {|msg| msg.put_name(key.name, true) key.encode_rdata(msg, true) }.to_s if (digest_type.code == 1) digestbin = OpenSSL::Digest::SHA1.digest(data) return digestbin elsif (digest_type.code == 2) digestbin = OpenSSL::Digest::SHA256.digest(data) return digestbin elsif (digest_type.code == 4) digestbin = OpenSSL::Digest::SHA384.digest(data) return digestbin end end
digest_type=(d)
click to toggle source
# File lib/dnsruby/resource/DS.rb, line 72 def digest_type=(d) dig = DS.get_digest_type(d) @digest_type = dig end
from_string(input)
click to toggle source
# File lib/dnsruby/resource/DS.rb, line 198 def from_string(input) if (input.length > 0) data = input.split(" ") self.key_tag=(data[0].to_i) self.algorithm=(data[1]) self.digest_type=(data[2]) buf = "" index = 3 end_index = data.length - 1 if (data[index]=="(") end_index = data.length - 2 index = 4 end (index..end_index).each {|i| if (comment_index = data[i].index(";")) buf += data[i].slice(0, comment_index) # @TODO@ We lose the comments here - we should really keep them for when we write back to string format? break else buf += data[i] end } # self.digest=Base64.decode64(buf) buf.gsub!(/\n/, "") buf.gsub!(/ /, "") # self.digest=buf.unpack("m*")[0] self.digest=buf self.digestbin = [buf].pack("H*") end end