3 bW9@sHdZddlmZddlZddlZddlZddlZddlZddl Zddl Zddl Zddl Zddl ZddlmZGdddejjZGdd d ejjZdZd Zd Zd Zd ZdZdZdZdZdZdZdZdZ dZ!eeeeeeeeeeeee e!dZ"e#dde"j$DZ%ddZ&ddZ'ddZ(dDd d!Z)dEd"d#Z*d$d%Z+d&d'Z,d(d)Z-d*d+Z.d,d-Z/d.d/Z0d0d1Z1d2d3Z2d4d5Z3d6d7Z4d8d9Z5dFd:d;Z6dGdd?Z8y(ddl9Z:ddl;Z:ddld@Z?Wn"e@k re8Z=e8Z>dAZ?YnXy8ddlAZAddlBZAddlCZAddlDZAd@ZEGdBdCdCeFZGWne@k rBdAZEYnXdS)Hz.Common DNSSEC-related functions and constants.)BytesION) string_typesc@seZdZdZdS)UnsupportedAlgorithmz&The DNSSEC algorithm is not supported.N)__name__ __module__ __qualname____doc__r r /usr/lib/python3.6/dnssec.pyr!src@seZdZdZdS)ValidationFailurez The DNSSEC signature is invalid.N)rrrr r r r r r &sr  )RSAMD5DHDSAECCRSASHA1 DSANSEC3SHA1RSASHA1NSEC3SHA1 RSASHA256 RSASHA512INDIRECTECDSAP256SHA256ECDSAP384SHA384 PRIVATEDNS PRIVATEOIDccs|]\}}||fVqdS)Nr ).0xyr r r Nsr+cCs"tj|j}|dkrt|}|S)z:Convert text into a DNSSEC algorithm value @rtype: intN)_algorithm_by_textgetupperint)textvaluer r r algorithm_from_textQsr2cCstj|}|dkrt|}|S)z;Convert a DNSSEC algorithm value to text @rtype: stringN)_algorithm_by_valuer-str)r1r0r r r algorithm_to_text[s r5cCst}|j||d|jS)N)origin)rto_wiregetvalue)recordr6sr r r _to_rdataesr;cCst||}t|}|jtkr0|dd>|d Sd}x|d|d7}qFWt|ddkr||t|dd>7}||d?d@7}|d@SdS) Nrrr rri)r; bytearray algorithmrrangelen)keyr6rdataZtotalir r r key_idks  rFcCs|jdkr d}tjjd}n,|jdkr@d}tjjd}n td|t|trdtjj||}|j |j j |j t |||j }tjdt||j||}tjjtjjtjj|dt|S)NSHA1rSHA256r zunsupported algorithm "%s"z!HBBr)r.dnshashhashesr isinstancername from_textupdateZ canonicalizer7r;digeststructpackrFr@rDZ from_wire rdataclassIN rdatatypeZDSrB)rMrCr@r6ZdsalgrJrPZdsrdatar r r make_ds{s    rVc Csg}|j|j}|dkrdSt|tjjrZy|jtjjtj j }Wq^t k rVdSXn|}x0|D](}|j |j krdt ||jkrd|j|qdW|S)N)r-signerrLrIZnodeZNodeZ find_rdatasetrSrTrUZDNSKEYKeyErrorr@rFZkey_tagappend)keysrrsigZcandidate_keysr1rdatasetrDr r r _find_candidate_keyss     r]cCs|tttttfkS)N)rrr r!r")r@r r r _is_rsasr^cCs |ttfkS)N)rr)r@r r r _is_dsasr_cCsto|ttfkS)N) _have_ecdsar$r%)r@r r r _is_ecdsasracCs|tkS)N)r)r@r r r _is_md5srbcCs|ttttfkS)N)rrrr )r@r r r _is_sha1srccCs |ttfkS)N)r!r$)r@r r r _is_sha256srdcCs|tkS)N)r%)r@r r r _is_sha384srecCs|tkS)N)r")r@r r r _is_sha512srfcCs~t|rtjjdSt|r,tjjdSt|rBtjjdSt|rXtjjdSt|rntjjdStd|dS)NZMD5rGrHZSHA384ZSHA512zunknown hash for algorithm %u) rbrIrJrKrcrdrerfr )r@r r r _make_hashsrgc Cst|rddddddddg}ndt|r6dd d dd g}nLt|rVd ddd dd ddd g }n,t|rvd ddd dd ddd g }n td|t|}t|j}dgd||gd|dgd|g|ddgd|g}tj dt|f|S)N*Hrr r+rr`rerzunknown algorithm %u0rrrz!%dB) rbrcrdrfr rBrgZ digest_sizerQrR)r@ZoidZolenZdlenZidbytesr r r _make_algorithm_ids  <rqc)Cst|trtjj|tjj}xt||D]}|ss        0