BIND 10 trac781, updated. 400d3b61a32c0fc47c5f41a93ea649fbde6a5445 [trac781] move tsigkey to/from string to tsigkey.h/cc
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon Apr 11 14:49:13 UTC 2011
The branch, trac781 has been updated
via 400d3b61a32c0fc47c5f41a93ea649fbde6a5445 (commit)
via fac1bf01a628b3b922af67cdd94f05257b6eef9a (commit)
from 34ba5055b70c9de09d406b3e51ad2e02b98f6439 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 400d3b61a32c0fc47c5f41a93ea649fbde6a5445
Author: Jelte Jansen <jelte at isc.org>
Date: Mon Apr 11 16:48:21 2011 +0200
[trac781] move tsigkey to/from string to tsigkey.h/cc
TSIGKeyFromString is now a direct TSIGKey constructor
TSIGKeyToString is now TSIGKey::toText()
commit fac1bf01a628b3b922af67cdd94f05257b6eef9a
Author: Jelte Jansen <jelte at isc.org>
Date: Mon Apr 11 15:39:40 2011 +0200
[trac781] remove redundant files
-----------------------------------------------------------------------
Summary of changes:
src/lib/crypto/Makefile.am | 1 -
src/lib/crypto/crypto.cc | 53 ---------------
src/lib/crypto/crypto.h | 28 --------
src/lib/crypto/crypto_botan.cc | 16 -----
src/lib/crypto/crypto_botan.h | 28 --------
src/lib/crypto/tests/crypto_unittests.cc | 105 +++++++-----------------------
src/lib/dns/tests/tsigkey_unittest.cc | 24 +++++++
src/lib/dns/tsigkey.cc | 61 +++++++++++++++++
src/lib/dns/tsigkey.h | 27 ++++++++
9 files changed, 137 insertions(+), 206 deletions(-)
delete mode 100644 src/lib/crypto/crypto_botan.cc
delete mode 100644 src/lib/crypto/crypto_botan.h
-----------------------------------------------------------------------
diff --git a/src/lib/crypto/Makefile.am b/src/lib/crypto/Makefile.am
index 41c9214..63bd750 100644
--- a/src/lib/crypto/Makefile.am
+++ b/src/lib/crypto/Makefile.am
@@ -9,4 +9,3 @@ CLEANFILES = *.gcno *.gcda
lib_LTLIBRARIES = libbcrypto.la
libbcrypto_la_SOURCES = crypto.h crypto.cc
-libbcrypto_la_SOURCES += crypto_botan.h crypto_botan.cc
diff --git a/src/lib/crypto/crypto.cc b/src/lib/crypto/crypto.cc
index ba4fa40..8d714ea 100644
--- a/src/lib/crypto/crypto.cc
+++ b/src/lib/crypto/crypto.cc
@@ -17,7 +17,6 @@
#include <iostream>
#include <iomanip>
-#include "crypto_botan.h"
#include <botan/botan.h>
#include <botan/hmac.h>
#include <botan/hash.h>
@@ -123,58 +122,6 @@ verifyHMAC(const OutputBuffer& data, TSIGKey key,
result.getLength());
}
-isc::dns::TSIGKey
-TSIGKeyFromString(const std::string& str) {
- size_t pos = str.find(':');
- if (pos == 0 || pos == str.npos) {
- // error
- isc_throw(InvalidParameter, "Invalid TSIG key string");
- }
- try {
- Name key_name(str.substr(0, pos));
- Name algo_name("hmac-md5.sig-alg.reg.int");
-
- // optional algorithm part
- size_t pos2 = str.find(':', pos+1);
- if (pos2 != str.npos) {
- if (pos2 == pos + 1) {
- isc_throw(InvalidParameter, "Invalid TSIG key string");
- }
- algo_name = Name(str.substr(pos2+1));
- } else {
- pos2 = str.size() - pos;
- }
-
- std::string secret_str = str.substr(pos + 1, pos2 - pos - 1);
-
- vector<uint8_t> secret;
- decodeBase64(secret_str, secret);
- unsigned char secret_b[secret.size()];
- for (size_t i=0; i < secret.size(); ++i) {
- secret_b[i] = secret[i];
- }
-
- return isc::dns::TSIGKey(key_name, algo_name, secret_b, secret.size());
- } catch (Exception e) {
- // 'reduce' the several types of exceptions name parsing and
- // Base64 decoding can throw to just the InvalidParameter
- isc_throw(InvalidParameter, e.what());
- }
-}
-
-std::string
-TSIGKeyToString(const isc::dns::TSIGKey& key) {
- const uint8_t* secret_b = static_cast<const uint8_t*>(key.getSecret());
- vector<uint8_t> secret_v;
- for (size_t i=0; i < key.getSecretLength(); ++i) {
- secret_v.push_back(secret_b[i]);
- }
- std::string secret_str = encodeBase64(secret_v);
-
- return key.getKeyName().toText() + ":" + secret_str + ":" + key.getAlgorithmName().toText();
-}
-
-
} // namespace crypto
} // namespace isc
diff --git a/src/lib/crypto/crypto.h b/src/lib/crypto/crypto.h
index 7b60624..3533c4c 100644
--- a/src/lib/crypto/crypto.h
+++ b/src/lib/crypto/crypto.h
@@ -84,34 +84,6 @@ bool verifyHMAC(const isc::dns::OutputBuffer& data,
isc::dns::TSIGKey key,
const isc::dns::OutputBuffer& mac);
-/// \brief Create a TSIGKey from an input string
-///
-/// This function takes an input string and creates a TSIG key
-/// from it. The string must be of the form:
-/// <name>:<secret>[:<algorithm>]
-/// Where <name> is a domain name for the key, <secret> is a
-/// base64 representation of the key secret, and the optional
-/// algorithm is an algorithm identifier as specified in RFC4635
-///
-/// Raises an InvalidParameter exception if the input string is
-/// invalid.
-///
-/// \param str The string to make a TSIGKey from
-/// \return The TSIGKey build from the string
-isc::dns::TSIGKey TSIGKeyFromString(const std::string& str);
-
-/// \brief Converts the given TSIGKey to a string value
-///
-/// The resulting string will be of the form
-/// name:secret:algorithm
-/// Where <name> is a domain name for the key, <secret> is a
-/// base64 representation of the key secret, and algorithm is
-/// an algorithm identifier as specified in RFC4635
-///
-/// \param key the TSIG key to convert
-/// \return The string representation of the given TSIGKey.
-std::string TSIGKeyToString(const isc::dns::TSIGKey& key);
-
} // namespace crypto
} // namespace isc
diff --git a/src/lib/crypto/crypto_botan.cc b/src/lib/crypto/crypto_botan.cc
deleted file mode 100644
index 6ee9cb9..0000000
--- a/src/lib/crypto/crypto_botan.cc
+++ /dev/null
@@ -1,16 +0,0 @@
-// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
-//
-// Permission to use, copy, modify, and/or distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-// PERFORMANCE OF THIS SOFTWARE.
-
-// TMP!!!
-// Just do a full HMAC digestion to get an overview of what we need
diff --git a/src/lib/crypto/crypto_botan.h b/src/lib/crypto/crypto_botan.h
deleted file mode 100644
index 0f4ae17..0000000
--- a/src/lib/crypto/crypto_botan.h
+++ /dev/null
@@ -1,28 +0,0 @@
-// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
-//
-// Permission to use, copy, modify, and/or distribute this software for any
-// purpose with or without fee is hereby granted, provided that the above
-// copyright notice and this permission notice appear in all copies.
-//
-// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-// PERFORMANCE OF THIS SOFTWARE.
-
-#ifndef _CRYPTO_CRYPTO_BOTAN_H
-#define _CRYPTO_CRYPTO_BOTAN_H
-
-#include <crypto/crypto.h>
-#include <dns/buffer.h>
-
-
-namespace isc {
-namespace crypto {
-
-} // namespace crypto
-} // namespace isc
-
-#endif // _CRYPTO_CRYPTO_BOTAN_H
diff --git a/src/lib/crypto/tests/crypto_unittests.cc b/src/lib/crypto/tests/crypto_unittests.cc
index 0167b8a..abe2f72 100644
--- a/src/lib/crypto/tests/crypto_unittests.cc
+++ b/src/lib/crypto/tests/crypto_unittests.cc
@@ -16,7 +16,6 @@
#include <gtest/gtest.h>
#include <crypto/crypto.h>
-#include <crypto/crypto_botan.h>
#include <dns/buffer.h>
#include <dns/name.h>
#include <exceptions/exceptions.h>
@@ -29,7 +28,6 @@ namespace {
ASSERT_EQ(buf.getLength(), len);
const uint8_t* buf_d = static_cast<const uint8_t*>(buf.getData());
for (size_t i = 0; i < len; ++i) {
- //std::cout << "[XX] I: " << i << ", buf: " << buf_d[i] << ", dat: " << data[i] << std::endl;
ASSERT_EQ(buf_d[i], data[i]);
}
}
@@ -40,7 +38,7 @@ namespace {
data_buf.writeData(data.c_str(), data.size());
OutputBuffer hmac_sig(1);
- TSIGKey key = TSIGKeyFromString(key_str);
+ TSIGKey key(key_str);
signHMAC(data_buf, key, hmac_sig);
checkBuffer(hmac_sig, expected_hmac, hmac_len);
@@ -52,7 +50,6 @@ namespace {
// Test values taken from RFC 2202
//
TEST(CryptoTest, HMAC_MD5_RFC2202_SIGN) {
- // 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b = CwsLCwsLCwsLCwsLCwsLCw==
uint8_t hmac_expected[] = { 0x92, 0x94, 0x72, 0x7a, 0x36, 0x38,
0xbb, 0x1c, 0x13, 0xf4, 0x8e, 0xf8,
0x15, 0x8b, 0xfc, 0x9d };
@@ -99,14 +96,19 @@ TEST(CryptoTest, HMAC_MD5_RFC2202_SIGN) {
0xbf, 0x8f, 0x0b, 0x62, 0xe6, 0xce,
0x61, 0xb9, 0xd0, 0xcd };
doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
hmac_expected6, 16);
uint8_t hmac_expected7[] = { 0x6f, 0x63, 0x0f, 0xad, 0x67, 0xcd,
0xa0, 0xee, 0x1f, 0xb1, 0xf5, 0x62,
0xdb, 0x3a, 0xa5, 0x3e };
- doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
+ doHMACTest("Test Using Larger Than Block-Size Key and Larger Than "
+ "One Block-Size Data",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqo=:hmac-md5.sig-alg.reg.int",
hmac_expected7, 16);
}
@@ -168,15 +170,20 @@ TEST(CryptoTest, HMAC_SHA1_RFC2202_SIGN) {
0xce, 0x8a, 0x3b, 0x55, 0xed, 0x40,
0x21, 0x12 };
doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqo=:hmac-sha1",
hmac_expected6, 20);
uint8_t hmac_expected7[] = { 0xe8, 0xe9, 0x9d, 0x0f, 0x45, 0x23,
0x7d, 0x78, 0x6d, 0x6b, 0xba, 0xa7,
0x96, 0x5c, 0x78, 0x08, 0xbb, 0xff,
0x1a, 0x91 };
- doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
+ doHMACTest("Test Using Larger Than Block-Size Key and Larger Than "
+ "One Block-Size Data",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqo=:hmac-sha1",
hmac_expected7, 20);
}
@@ -245,7 +252,10 @@ TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
0x05, 0x46, 0x04, 0x0f, 0x0e, 0xe3,
0x7f, 0x54 };
doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
hmac_expected6, 32);
uint8_t hmac_expected7[] = { 0x9b, 0x09, 0xff, 0xa7, 0x1b, 0x94,
@@ -255,55 +265,13 @@ TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
0x8a, 0x7f, 0x51, 0x53, 0x5c, 0x3a,
0x35, 0xe2 };
doHMACTest("This is a test using a larger than block-size key and a larger than block-size data. The key needs to be hashed before being used by the HMAC algorithm.",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
+ "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"
+ "qqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha256",
hmac_expected7, 32);
}
-/*
-TEST(CryptoTest, HMAC_SHA256_RFC2202_SIGN) {
- uint8_t hmac_expected[] = { };
- doHMACTest("Hi There",
- "test.example:CwsLCwsLCwsLCwsLCwsLCwsLCws=:hmac-sha1",
- hmac_expected, 20);
- uint8_t hmac_expected2[] = { };
- doHMACTest("what do ya want for nothing?",
- "test.example:SmVmZQ==:hmac-sha1",
- hmac_expected2, 20);
-
- std::string data3;
- for (int i = 0; i < 50; ++i) {
- data3.push_back(0xdd);
- }
- uint8_t hmac_expected3[] = { };
- doHMACTest(data3,
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
- hmac_expected3, 20);
-
- std::string data4;
- for (int i = 0; i < 50; ++i) {
- data4.push_back(0xcd);
- }
- uint8_t hmac_expected4[] = { };
- doHMACTest(data4,
- "test.example:AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGQ==:hmac-sha1",
- hmac_expected4, 20);
-
- uint8_t hmac_expected5[] = { };
- doHMACTest("Test With Truncation",
- "test.example:DAwMDAwMDAwMDAwMDAwMDAwMDAw=:hmac-sha1",
- hmac_expected5, 20);
-
- uint8_t hmac_expected6[] = { };
- doHMACTest("Test Using Larger Than Block-Size Key - Hash Key First",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
- hmac_expected6, 20);
-
- uint8_t hmac_expected7[] = { };
- doHMACTest("Test Using Larger Than Block-Size Key and Larger Than One Block-Size Data",
- "test.example:qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo=:hmac-sha1",
- hmac_expected7, 20);
-}
-*/
TEST(CryptoTest, BadKey) {
TSIGKey bad_key = TSIGKey(Name("test.example."), Name("hmac-sha1."),
NULL, 0);
@@ -314,26 +282,3 @@ TEST(CryptoTest, BadKey) {
EXPECT_THROW(signHMAC(data_buf, bad_key, hmac_sig), BadKey);
EXPECT_THROW(verifyHMAC(data_buf, bad_key, hmac_sig), BadKey);
}
-
-TEST(CryptoTest, TSIGKeyFromToString) {
- TSIGKey k1 = TSIGKeyFromString("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
- TSIGKey k2 = TSIGKeyFromString("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
- TSIGKey k3 = TSIGKeyFromString("test.example:MSG6Ng==");
- TSIGKey k4 = TSIGKey(Name("test.example."), Name("hmac-sha1."), NULL, 0);
-
- EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
- TSIGKeyToString(k1));
- EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
- TSIGKeyToString(k2));
- EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
- TSIGKeyToString(k3));
- EXPECT_EQ("test.example.::hmac-sha1.", TSIGKeyToString(k4));
-
- EXPECT_THROW(TSIGKeyFromString(""), isc::InvalidParameter);
- EXPECT_THROW(TSIGKeyFromString("::"), isc::InvalidParameter);
- EXPECT_THROW(TSIGKeyFromString("..:aa:"), isc::InvalidParameter);
- EXPECT_THROW(TSIGKeyFromString("test.example:xxxx:"), isc::InvalidParameter);
- EXPECT_THROW(TSIGKeyFromString("test.example.::"), isc::InvalidParameter);
- EXPECT_THROW(TSIGKeyFromString("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
-
-}
diff --git a/src/lib/dns/tests/tsigkey_unittest.cc b/src/lib/dns/tests/tsigkey_unittest.cc
index 6b2b8c5..d4ce3ce 100644
--- a/src/lib/dns/tests/tsigkey_unittest.cc
+++ b/src/lib/dns/tests/tsigkey_unittest.cc
@@ -227,4 +227,28 @@ TEST_F(TSIGKeyRingTest, findFromSome) {
keyring.find(Name("noexist.example")).key);
}
+TEST(TSIGTest, TSIGKeyFromToString) {
+ TSIGKey k1 = TSIGKey("test.example:MSG6Ng==:hmac-md5.sig-alg.reg.int");
+ TSIGKey k2 = TSIGKey("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.");
+ TSIGKey k3 = TSIGKey("test.example:MSG6Ng==");
+ TSIGKey k4 = TSIGKey(Name("test.example."), Name("hmac-sha1."), NULL, 0);
+
+ EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+ k1.toText());
+ EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+ k2.toText());
+ EXPECT_EQ("test.example.:MSG6Ng==:hmac-md5.sig-alg.reg.int.",
+ k3.toText());
+ EXPECT_EQ("test.example.::hmac-sha1.", k4.toText());
+
+ EXPECT_THROW(TSIGKey(""), isc::InvalidParameter);
+ EXPECT_THROW(TSIGKey("::"), isc::InvalidParameter);
+ EXPECT_THROW(TSIGKey("..:aa:"), isc::InvalidParameter);
+ EXPECT_THROW(TSIGKey("test.example:xxxx:"), isc::InvalidParameter);
+ EXPECT_THROW(TSIGKey("test.example.::"), isc::InvalidParameter);
+ EXPECT_THROW(TSIGKey("test.example.:MSG6Ng==:unknown"), isc::InvalidParameter);
+
+}
+
+
} // end namespace
diff --git a/src/lib/dns/tsigkey.cc b/src/lib/dns/tsigkey.cc
index 057191d..e27d849 100644
--- a/src/lib/dns/tsigkey.cc
+++ b/src/lib/dns/tsigkey.cc
@@ -19,6 +19,7 @@
#include <exceptions/exceptions.h>
#include <dns/name.h>
+#include <dns/util/base64.h>
#include <dns/tsigkey.h>
using namespace std;
@@ -59,6 +60,53 @@ TSIGKey::TSIGKey(const Name& key_name, const Name& algorithm_name,
impl_ = new TSIGKeyImpl(key_name, algorithm_name, secret, secret_len);
}
+TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
+ size_t pos = str.find(':');
+ if (pos == 0 || pos == str.npos) {
+ // error
+ isc_throw(InvalidParameter, "Invalid TSIG key string");
+ }
+ try {
+ Name key_name(str.substr(0, pos));
+ Name algo_name("hmac-md5.sig-alg.reg.int");
+
+ // optional algorithm part
+ size_t pos2 = str.find(':', pos+1);
+ if (pos2 != str.npos) {
+ if (pos2 == pos + 1) {
+ isc_throw(InvalidParameter, "Invalid TSIG key string");
+ }
+ algo_name = Name(str.substr(pos2+1));
+ } else {
+ pos2 = str.size() - pos;
+ }
+
+ std::string secret_str = str.substr(pos + 1, pos2 - pos - 1);
+
+ vector<uint8_t> secret;
+ decodeBase64(secret_str, secret);
+ unsigned char secret_b[secret.size()];
+ for (size_t i=0; i < secret.size(); ++i) {
+ secret_b[i] = secret[i];
+ }
+
+ if (algo_name != HMACMD5_NAME() &&
+ algo_name != HMACSHA1_NAME() &&
+ algo_name != HMACSHA256_NAME()) {
+ isc_throw(InvalidParameter, "Unknown TSIG algorithm is specified: " <<
+ algo_name);
+ }
+
+ impl_ = new TSIGKeyImpl(key_name, algo_name, secret_b,
+ secret.size());
+ } catch (Exception e) {
+ // 'reduce' the several types of exceptions name parsing and
+ // Base64 decoding can throw to just the InvalidParameter
+ isc_throw(InvalidParameter, e.what());
+ }
+}
+
+
TSIGKey::TSIGKey(const TSIGKey& source) : impl_(new TSIGKeyImpl(*source.impl_))
{}
@@ -99,6 +147,19 @@ TSIGKey::getSecretLength() const {
return (impl_->secret_.size());
}
+std::string
+TSIGKey::toText() const {
+ const uint8_t* secret_b = static_cast<const uint8_t*>(getSecret());
+ vector<uint8_t> secret_v;
+ for (size_t i=0; i < getSecretLength(); ++i) {
+ secret_v.push_back(secret_b[i]);
+ }
+ std::string secret_str = encodeBase64(secret_v);
+
+ return getKeyName().toText() + ":" + secret_str + ":" +
+ getAlgorithmName().toText();
+}
+
const
Name& TSIGKey::HMACMD5_NAME() {
static Name alg_name("hmac-md5.sig-alg.reg.int");
diff --git a/src/lib/dns/tsigkey.h b/src/lib/dns/tsigkey.h
index e56fa88..8e322a1 100644
--- a/src/lib/dns/tsigkey.h
+++ b/src/lib/dns/tsigkey.h
@@ -90,6 +90,21 @@ public:
TSIGKey(const Name& key_name, const Name& algorithm_name,
const void* secret, size_t secret_len);
+ /// \brief Constructor from an input string
+ ///
+ /// The string must be of the form:
+ /// <name>:<secret>[:<algorithm>]
+ /// Where <name> is a domain name for the key, <secret> is a
+ /// base64 representation of the key secret, and the optional
+ /// algorithm is an algorithm identifier as specified in RFC4635
+ ///
+ /// Raises an InvalidParameter exception if the input string is
+ /// invalid.
+ ///
+ /// \param str The string to make a TSIGKey from
+ /// \return The TSIGKey build from the string
+ TSIGKey(const std::string& str);
+
/// \brief The copy constructor.
///
/// It internally allocates a resource, and if it fails a corresponding
@@ -139,6 +154,18 @@ public:
const void* getSecret() const;
//@}
+ /// \brief Converts the TSIGKey to a string value
+ ///
+ /// The resulting string will be of the form
+ /// name:secret:algorithm
+ /// Where <name> is a domain name for the key, <secret> is a
+ /// base64 representation of the key secret, and algorithm is
+ /// an algorithm identifier as specified in RFC4635
+ ///
+ /// \param key the TSIG key to convert
+ /// \return The string representation of the given TSIGKey.
+ std::string toText() const;
+
///
/// \name Well known algorithm names as defined in RFC2845 and RFC4635.
///
More information about the bind10-changes
mailing list