commit 38d5ea59581275eafcf55f2d677056875483fa2f Author: Pieter Lexis Date: Mon Sep 17 23:58:20 2012 +0200 Add TLSA (RFC 6698) record type diff --git a/dns/rdatatype.py b/dns/rdatatype.py index 380cfcd..f64307a 100644 --- a/dns/rdatatype.py +++ b/dns/rdatatype.py @@ -78,6 +78,7 @@ DNSKEY = 48 DHCID = 49 NSEC3 = 50 NSEC3PARAM = 51 +TLSA = 52 HIP = 55 SPF = 99 UNSPEC = 103 @@ -140,6 +141,7 @@ _by_text = { 'DHCID' : DHCID, 'NSEC3' : NSEC3, 'NSEC3PARAM' : NSEC3PARAM, + 'TLSA' : TLSA, 'HIP' : HIP, 'SPF' : SPF, 'UNSPEC' : UNSPEC, diff --git a/dns/rdtypes/ANY/TLSA.py b/dns/rdtypes/ANY/TLSA.py new file mode 100644 index 0000000..6ca8c0a --- /dev/null +++ b/dns/rdtypes/ANY/TLSA.py @@ -0,0 +1,89 @@ +# Copyright (C) 2005-2007, 2009-2011 Nominum, Inc. +# +# Permission to use, copy, modify, and distribute this software and its +# documentation for any purpose with or without fee is hereby granted, +# provided that the above copyright notice and this permission notice +# appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT +# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +import struct + +import dns.rdata +import dns.rdatatype + +class TLSA(dns.rdata.Rdata): + """TLSA record + + @ivar usage: The certificate usage + @type usage: int + @ivar selector: The selector field + @type selector: int + @ivar mtype: The 'matching type' field + @type mtype: int + @ivar cert: The 'Certificate Association Data' field + @type cert: string + @see: RFC 6698""" + + __slots__ = ['usage', 'selector', 'mtype', 'cert'] + + def __init__(self, rdclass, rdtype, usage, selector, + mtype, cert): + super(TLSA, self).__init__(rdclass, rdtype) + self.usage = usage + self.selector = selector + self.mtype = mtype + self.cert = cert + + def to_text(self, origin=None, relativize=True, **kw): + return '%d %d %d %s' % (self.usage, + self.selector, + self.mtype, + dns.rdata._hexify(self.cert, + chunksize=128)) + + def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): + usage = tok.get_uint8() + selector = tok.get_uint8() + mtype = tok.get_uint8() + cert_chunks = [] + while 1: + t = tok.get().unescape() + if t.is_eol_or_eof(): + break + if not t.is_identifier(): + raise dns.exception.SyntaxError + cert_chunks.append(t.value) + cert = ''.join(cert_chunks) + cert = cert.decode('hex_codec') + return cls(rdclass, rdtype, usage, selector, mtype, cert) + + from_text = classmethod(from_text) + + def to_wire(self, file, compress = None, origin = None): + header = struct.pack("!BBB", self.usage, self.selector, self.mtype) + file.write(header) + file.write(self.cert) + + def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): + header = struct.unpack("!BBB", wire[current : current + 3]) + current += 3 + rdlen -= 3 + cert = wire[current : current + rdlen].unwrap() + return cls(rdclass, rdtype, header[0], header[1], header[2], cert) + + from_wire = classmethod(from_wire) + + def _cmp(self, other): + hs = struct.pack("!BBB", self.usage, self.selector, self.mtype) + ho = struct.pack("!BBB", other.usage, other.selector, other.mtype) + v = cmp(hs, ho) + if v == 0: + v = cmp(self.cert, other.cert) + return v diff --git a/dns/rdtypes/ANY/__init__.py b/dns/rdtypes/ANY/__init__.py index 721e9dd..cfb0be6 100644 --- a/dns/rdtypes/ANY/__init__.py +++ b/dns/rdtypes/ANY/__init__.py @@ -33,6 +33,7 @@ __all__ = [ 'NSEC', 'NSEC3', 'NSEC3PARAM', + 'TLSA', 'PTR', 'RP', 'RRSIG', diff --git a/tests/example b/tests/example index 2f753a2..71fb8e6 100644 --- a/tests/example +++ b/tests/example @@ -165,6 +165,9 @@ srv02 SRV 65535 65535 65535 old-slow-box.example.com. $TTL 301 ; 5 minutes 1 second t A 73.80.65.49 $TTL 3600 ; 1 hour +tlsa1 TLSA 3 1 1 01a9cdf989b504fe5dca90c0d2167b6550570734f7c763e09fdf88904e06157065 +tlsa2 TLSA 1 0 1 efddf0d915c7bdc5782c0881e1b2a95ad099fbdd06d7b1f77982d9364338d955 +tlsa3 TLSA 1 0 2 81ee7f6c0ecc6b09b7785a9418f54432de630dd54dc6ee9e3c49de547708d236d4c413c3e97e44f969e635958aa410495844127c04883503e5b024cf7a8f6a94 txt01 TXT "foo" txt02 TXT "foo" "bar" txt03 TXT "foo" diff --git a/tests/example1.good b/tests/example1.good index 0834d17..4c2d01a 100644 --- a/tests/example1.good +++ b/tests/example1.good @@ -90,6 +90,9 @@ srv01 3600 IN SRV 0 0 0 . srv02 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. sshfp1 3600 IN SSHFP 1 1 aa549bfe898489c02d1715d97d79c57ba2fa76ab t 301 IN A 73.80.65.49 +tlsa1 3600 IN TLSA 3 1 1 01a9cdf989b504fe5dca90c0d2167b6550570734f7c763e09fdf88904e06157065 +tlsa2 3600 IN TLSA 1 0 1 efddf0d915c7bdc5782c0881e1b2a95ad099fbdd06d7b1f77982d9364338d955 +tlsa3 3600 IN TLSA 1 0 2 81ee7f6c0ecc6b09b7785a9418f54432de630dd54dc6ee9e3c49de547708d236d4c413c3e97e44f969e635958aa410495844127c04883503e5b024cf7a8f6a94 txt01 3600 IN TXT "foo" txt02 3600 IN TXT "foo" "bar" txt03 3600 IN TXT "foo" diff --git a/tests/example2.good b/tests/example2.good index de4bcd5..1bf6b59 100644 --- a/tests/example2.good +++ b/tests/example2.good @@ -90,6 +90,9 @@ srv01.example. 3600 IN SRV 0 0 0 . srv02.example. 3600 IN SRV 65535 65535 65535 old-slow-box.example.com. sshfp1.example. 3600 IN SSHFP 1 1 aa549bfe898489c02d1715d97d79c57ba2fa76ab t.example. 301 IN A 73.80.65.49 +tlsa1.example. 3600 IN TLSA 3 1 1 01a9cdf989b504fe5dca90c0d2167b6550570734f7c763e09fdf88904e06157065 +tlsa2.example. 3600 IN TLSA 1 0 1 efddf0d915c7bdc5782c0881e1b2a95ad099fbdd06d7b1f77982d9364338d955 +tlsa3.example. 3600 IN TLSA 1 0 2 81ee7f6c0ecc6b09b7785a9418f54432de630dd54dc6ee9e3c49de547708d236d4c413c3e97e44f969e635958aa410495844127c04883503e5b024cf7a8f6a94 txt01.example. 3600 IN TXT "foo" txt02.example. 3600 IN TXT "foo" "bar" txt03.example. 3600 IN TXT "foo"