Package dns :: Module dnssec
[hide private]
[frames] | no frames]

Module dnssec

source code

Common DNSSEC-related functions and constants.

Classes [hide private]
  UnsupportedAlgorithm
Raised if an algorithm is not supported.
  ValidationFailure
The DNSSEC signature is invalid.
Functions [hide private]
int
algorithm_from_text(text)
Convert text into a DNSSEC algorithm value
source code
string
algorithm_to_text(value)
Convert a DNSSEC algorithm value to text
source code
 
_to_rdata(record, origin) source code
 
key_id(key, origin=None) source code
 
make_ds(name, key, algorithm, origin=None) source code
 
_find_key(keys, rrsig) source code
 
_is_rsa(algorithm) source code
 
_is_dsa(algorithm) source code
 
_is_md5(algorithm) source code
 
_is_sha1(algorithm) source code
 
_is_sha256(algorithm) source code
 
_is_sha512(algorithm) source code
 
_make_hash(algorithm) source code
 
_make_algorithm_id(algorithm) source code
 
_validate_rrsig(rrset, rrsig, keys, origin=None, now=None)
Validate an RRset against a single signature rdata
source code
 
_validate(rrset, rrsigset, keys, origin=None, now=None)
Validate an RRset
source code
 
_need_pycrypto(*args, **kwargs) source code
 
validate(*args, **kwargs) source code
 
validate_rrsig(*args, **kwargs) source code
Variables [hide private]
  RSAMD5 = 1
  DH = 2
  DSA = 3
  ECC = 4
  RSASHA1 = 5
  DSANSEC3SHA1 = 6
  RSASHA1NSEC3SHA1 = 7
  RSASHA256 = 8
  RSASHA512 = 10
  INDIRECT = 252
  PRIVATEDNS = 253
  PRIVATEOID = 254
  _algorithm_by_text = {'RSAMD5': RSAMD5, 'DH': DH, 'DSA': DSA, ...
  _algorithm_by_value = dict([(y, x) for x, y in _algorithm_by_t...
Function Details [hide private]

_validate_rrsig(rrset, rrsig, keys, origin=None, now=None)

source code 

Validate an RRset against a single signature rdata

The owner name of the rrsig is assumed to be the same as the owner name of the rrset.

Parameters:
  • rrset (dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset) tuple) - The RRset to validate
  • rrsig (dns.rrset.Rdata) - The signature rdata
  • keys (a dictionary keyed by dns.name.Name with node or rdataset values) - The key dictionary.
  • origin (dns.name.Name or None) - The origin to use for relative names
  • now (int) - The time to use when validating the signatures. The default is the current time.

_validate(rrset, rrsigset, keys, origin=None, now=None)

source code 

Validate an RRset

Parameters:
  • rrset (dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset) tuple) - The RRset to validate
  • rrsigset (dns.rrset.RRset or (dns.name.Name, dns.rdataset.Rdataset) tuple) - The signature RRset
  • keys (a dictionary keyed by dns.name.Name with node or rdataset values) - The key dictionary.
  • origin (dns.name.Name or None) - The origin to use for relative names
  • now (int) - The time to use when validating the signatures. The default is the current time.

Variables Details [hide private]

_algorithm_by_text

Value:
{'RSAMD5': RSAMD5, 'DH': DH, 'DSA': DSA, 'ECC': ECC, 'RSASHA1': RSASHA\
1, 'DSANSEC3SHA1': DSANSEC3SHA1, 'RSASHA1NSEC3SHA1': RSASHA1NSEC3SHA1,\
 'RSASHA256': RSASHA256, 'RSASHA512': RSASHA512, 'INDIRECT': INDIRECT,\
 'PRIVATEDNS': PRIVATEDNS, 'PRIVATEOID': PRIVATEOID,}

_algorithm_by_value

Value:
dict([(y, x) for x, y in _algorithm_by_text.items()])