/******************************************************************************
* ldns_dnssec.i: DNSSEC zone, name, rrs
*
* Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz)
* Karel Slany (slany AT fit.vutbr.cz)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* * Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of the organization nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
******************************************************************************/
%nodefaultctor ldns_dnssec_rrs; //no default constructor & destructor
%nodefaultdtor ldns_dnssec_rrs;
%newobject ldns_dnssec_rrs_new;
%delobject ldns_dnssec_rrs_free;
%extend ldns_dnssec_rrs {
%pythoncode %{
def __init__(self):
"""Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.
:returns: (ldns_dnssec_rrs) the allocated data
"""
self.this = _ldns.ldns_dnssec_rrs_new()
if not self.this:
raise Exception("Can't create rrs instance")
__swig_destroy__ = _ldns.ldns_dnssec_rrs_free
#LDNS_DNSSEC_RRS_METHODS_#
def add_rr(self,rr):
"""Adds an RR to the list of RRs.
The list will remain ordered
:param rr:
the RR to add
:returns: (ldns_status) LDNS_STATUS_OK on success
"""
return _ldns.ldns_dnssec_rrs_add_rr(self,rr)
#parameters: ldns_dnssec_rrs *,ldns_rr *,
#retvals: ldns_status
#_LDNS_DNSSEC_RRS_METHODS#
%}
}
// ================================================================================
// DNNSEC RRS
// ================================================================================
%nodefaultctor ldns_dnssec_rrsets; //no default constructor & destructor
%nodefaultdtor ldns_dnssec_rrsets;
%newobject ldns_dnssec_rrsets_new;
%delobject ldns_dnssec_rrsets_free;
%extend ldns_dnssec_rrsets {
%pythoncode %{
def __init__(self):
"""Creates a new list (entry) of RRsets.
:returns: (ldns_dnssec_rrsets \*) instance
"""
self.this = _ldns.ldns_dnssec_rrsets_new()
if not self.this:
raise Exception("Can't create rrsets instance")
__swig_destroy__ = _ldns.ldns_dnssec_rrsets_free
def print_to_file(self, file, follow):
"""Print the given list of rrsets to the given file descriptor.
:param file: file pointer
:param follow: if set to false, only print the first RRset
"""
_ldns.ldns_dnssec_rrsets_print(file,self,follow)
#parameters: FILE *,ldns_dnssec_rrsets *,bool,
#retvals:
#LDNS_DNSSEC_RRSETS_METHODS_#
def add_rr(self,rr):
"""Add an ldns_rr to the corresponding RRset in the given list of RRsets.
If it is not present, add it as a new RRset with 1 record.
:param rr:
the rr to add to the list of rrsets
:returns: (ldns_status) LDNS_STATUS_OK on success
"""
return _ldns.ldns_dnssec_rrsets_add_rr(self,rr)
#parameters: ldns_dnssec_rrsets *,ldns_rr *,
#retvals: ldns_status
def set_type(self,atype):
"""Sets the RR type of the rrset (that is head of the given list).
:param atype:
:returns: (ldns_status) LDNS_STATUS_OK on success
"""
return _ldns.ldns_dnssec_rrsets_set_type(self,atype)
#parameters: ldns_dnssec_rrsets *,ldns_rr_type,
#retvals: ldns_status
def type(self):
"""Returns the rr type of the rrset (that is head of the given list).
:returns: (ldns_rr_type) the rr type
"""
return _ldns.ldns_dnssec_rrsets_type(self)
#parameters: ldns_dnssec_rrsets *,
#retvals: ldns_rr_type
#_LDNS_DNSSEC_RRSETS_METHODS#
%}
}
// ================================================================================
// DNNSEC NAME
// ================================================================================
%nodefaultctor ldns_dnssec_name; //no default constructor & destructor
%nodefaultdtor ldns_dnssec_name;
%newobject ldns_dnssec_name_new;
%delobject ldns_dnssec_name_free;
%extend ldns_dnssec_name {
%pythoncode %{
def __init__(self):
"""Create a new instance of dnssec name."""
self.this = _ldns.ldns_dnssec_name_new()
if not self.this:
raise Exception("Can't create dnssec name instance")
__swig_destroy__ = _ldns.ldns_dnssec_name_free
def print_to_file(self,file):
"""Prints the RRs in the dnssec name structure to the given file descriptor.
:param file: file pointer
"""
_ldns.ldns_dnssec_name_print(file, self)
#parameters: FILE *,ldns_dnssec_name *,
@staticmethod
def new_frm_rr(raiseException=True):
"""Create a new instace of dnssec name for the given RR.
:returns: (ldns_dnssec_name) instance
"""
name = _ldns.ldns_dnssec_name_new_frm_rr(self)
if (not name) and (raiseException):
raise Exception("Can't create dnssec name")
return name
#LDNS_DNSSEC_NAME_METHODS_#
def add_rr(self,rr):
"""Inserts the given rr at the right place in the current dnssec_name No checking is done whether the name matches.
:param rr:
The RR to add
:returns: (ldns_status) LDNS_STATUS_OK on success, error code otherwise
"""
return _ldns.ldns_dnssec_name_add_rr(self,rr)
#parameters: ldns_dnssec_name *,ldns_rr *,
#retvals: ldns_status
def find_rrset(self,atype):
"""Find the RRset with the given type in within this name structure.
:param atype:
:returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present
"""
return _ldns.ldns_dnssec_name_find_rrset(self,atype)
#parameters: ldns_dnssec_name *,ldns_rr_type,
#retvals: ldns_dnssec_rrsets *
def name(self):
"""Returns the domain name of the given dnssec_name structure.
:returns: (ldns_rdf \*) the domain name
"""
return _ldns.ldns_dnssec_name_name(self)
#parameters: ldns_dnssec_name *,
#retvals: ldns_rdf *
def set_name(self,dname):
"""Sets the domain name of the given dnssec_name structure.
:param dname:
the domain name to set it to. This data is *not* copied.
"""
_ldns.ldns_dnssec_name_set_name(self,dname)
#parameters: ldns_dnssec_name *,ldns_rdf *,
#retvals:
def set_nsec(self,nsec):
"""Sets the NSEC(3) RR of the given dnssec_name structure.
:param nsec:
the nsec rr to set it to. This data is *not* copied.
"""
_ldns.ldns_dnssec_name_set_nsec(self,nsec)
#parameters: ldns_dnssec_name *,ldns_rr *,
#retvals:
#_LDNS_DNSSEC_NAME_METHODS#
%}
}
// ================================================================================
// DNNSEC ZONE
// ================================================================================
%nodefaultctor ldns_dnssec_zone; //no default constructor & destructor
%nodefaultdtor ldns_dnssec_zone;
%newobject ldns_dnssec_zone_new;
%delobject ldns_dnssec_zone_free;
%inline %{
ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int cbtype)
{
if (cbtype == 0)
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_add_to_signatures, NULL);
if (cbtype == 1)
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_leave_signatures, NULL);
if (cbtype == 2)
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_delete_signatures, NULL);
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL);
}
%}
%extend ldns_dnssec_zone {
%pythoncode %{
def __init__(self):
"""Creates a new dnssec_zone instance"""
self.this = _ldns.ldns_dnssec_zone_new()
if not self.this:
raise Exception("Can't create dnssec zone instance")
__swig_destroy__ = _ldns.ldns_dnssec_zone_free
def print_to_file(self,file):
"""Prints the complete zone to the given file descriptor.
:param file: file pointer
"""
_ldns.ldns_dnssec_zone_print(file, self)
#parameters: FILE *, ldns_dnssec_zone *,
#retvals:
def create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt):
"""Adds NSEC3 records to the zone.
:param new_rrs:
:param algorithm:
:param flags:
:param iterations:
:param salt_length:
:param salt:
:returns: (ldns_status)
"""
return _ldns.ldns_dnssec_zone_create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *,
#retvals: ldns_status
def create_nsecs(self,new_rrs):
"""Adds NSEC records to the given dnssec_zone.
:param new_rrs:
ldns_rr's created by this function are added to this rr list, so the caller can free them later
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_create_nsecs(self,new_rrs)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,
#retvals: ldns_status
def create_rrsigs(self,new_rrs,key_list,func,arg):
"""Adds signatures to the zone.
:param new_rrs:
the RRSIG RRs that are created are also added to this list, so the caller can free them later
:param key_list:
list of keys to sign with.
:param func:
Callback function to decide what keys to use and what to do with old signatures
:param arg:
Optional argument for the callback function
:returns: (ldns_status) LDNS_STATUS_OK on success, error otherwise
"""
return _ldns.ldns_dnssec_zone_create_rrsigs(self,new_rrs,key_list,func,arg)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,
#retvals: ldns_status
def sign_cb(self,new_rrs,key_list,func,arg):
"""signs the given zone with the given keys (with callback function)
:param new_rrs:
newly created resource records are added to this list, to free them later
:param key_list:
the list of keys to sign the zone with
:param func:
callback function that decides what to do with old signatures.
This function takes an ldns_rr and an optional arg argument, and returns one of four values:
* LDNS_SIGNATURE_LEAVE_ADD_NEW - leave the signature and add a new one for the corresponding key
* LDNS_SIGNATURE_REMOVE_ADD_NEW - remove the signature and replace is with a new one from the same key
* LDNS_SIGNATURE_LEAVE_NO_ADD - leave the signature and do not add a new one with the corresponding key
* LDNS_SIGNATURE_REMOVE_NO_ADD - remove the signature and do not replace
:param arg:
optional argument for the callback function
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_sign(self,new_rrs,key_list,func,arg)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,
#retvals: ldns_status
def sign(self,new_rrs,key_list, cbtype=3):
"""signs the given zone with the given keys
:param new_rrs:
newly created resource records are added to this list, to free them later
:param key_list:
the list of keys to sign the zone with
:param cb_type:
specifies how to deal with old signatures, possible values:
* 0 - ldns_dnssec_default_add_to_signatures,
* 1 - ldns_dnssec_default_leave_signatures,
* 2 - ldns_dnssec_default_delete_signatures,
* 3 - ldns_dnssec_default_replace_signatures
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_sign_defcb(self,new_rrs,key_list, cbtype)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,
#retvals: ldns_status
def sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt):
"""signs the given zone with the given new zone, with NSEC3
:param new_rrs:
newly created resource records are added to this list, to free them later
:param key_list:
the list of keys to sign the zone with
:param func:
callback function that decides what to do with old signatures
:param arg:
optional argument for the callback function
:param algorithm:
the NSEC3 hashing algorithm to use
:param flags:
NSEC3 flags
:param iterations:
the number of NSEC3 hash iterations to use
:param salt_length:
the length (in octets) of the NSEC3 salt
:param salt:
the NSEC3 salt data
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt)
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *,
#retvals: ldns_status
#LDNS_DNSSEC_ZONE_METHODS_#
def add_empty_nonterminals(self):
"""Adds explicit dnssec_name structures for the empty nonterminals in this zone.
(this is needed for NSEC3 generation)
:returns: (ldns_status)
"""
return _ldns.ldns_dnssec_zone_add_empty_nonterminals(self)
#parameters: ldns_dnssec_zone *,
#retvals: ldns_status
def add_rr(self,rr):
"""Adds the given RR to the zone.
It find whether there is a dnssec_name with that name present.
If so, add it to that, if not create a new one.
Special handling of NSEC and RRSIG provided.
:param rr:
The RR to add
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_add_rr(self,rr)
#parameters: ldns_dnssec_zone *,ldns_rr *,
#retvals: ldns_status
def find_rrset(self,dname,atype):
"""Find the RRset with the given name and type in the zone.
:param dname:
the domain name of the RRset to find
:param atype:
:returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present
"""
return _ldns.ldns_dnssec_zone_find_rrset(self,dname,atype)
#parameters: ldns_dnssec_zone *,ldns_rdf *,ldns_rr_type,
#retvals: ldns_dnssec_rrsets *
#_LDNS_DNSSEC_ZONE_METHODS#
%}
}