dnspython  1.16.0
About: dnspython is a DNS toolkit (for Python 2.x) that supports almost all record types.
  Fossies Dox: dnspython-1.16.0.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

dns.dnssec Namespace Reference

Classes

class  ECKeyWrapper
 
class  UnsupportedAlgorithm
 
class  ValidationFailure
 

Functions

def algorithm_from_text (text)
 
def algorithm_to_text (value)
 
def _to_rdata (record, origin)
 
def key_id (key, origin=None)
 
def make_ds (name, key, algorithm, origin=None)
 
def _find_candidate_keys (keys, rrsig)
 
def _is_rsa (algorithm)
 
def _is_dsa (algorithm)
 
def _is_ecdsa (algorithm)
 
def _is_md5 (algorithm)
 
def _is_sha1 (algorithm)
 
def _is_sha256 (algorithm)
 
def _is_sha384 (algorithm)
 
def _is_sha512 (algorithm)
 
def _make_hash (algorithm)
 
def _make_algorithm_id (algorithm)
 
def _validate_rrsig (rrset, rrsig, keys, origin=None, now=None)
 
def _validate (rrset, rrsigset, keys, origin=None, now=None)
 
def _need_pycrypto (*args, **kwargs)
 

Variables

int RSAMD5 = 1
 
int DH = 2
 
int DSA = 3
 
int ECC = 4
 
int RSASHA1 = 5
 
int DSANSEC3SHA1 = 6
 
int RSASHA1NSEC3SHA1 = 7
 
int RSASHA256 = 8
 
int RSASHA512 = 10
 
int ECDSAP256SHA256 = 13
 
int ECDSAP384SHA384 = 14
 
int INDIRECT = 252
 
int PRIVATEDNS = 253
 
int PRIVATEOID = 254
 
dictionary _algorithm_by_text
 
dictionary _algorithm_by_value = {y: x for x, y in _algorithm_by_text.items()}
 
def validate = _need_pycrypto
 
def validate_rrsig = _need_pycrypto
 
bool _have_pycrypto = False
 
bool _have_ecdsa = False
 

Function Documentation

◆ _find_candidate_keys()

def dns.dnssec._find_candidate_keys (   keys,
  rrsig 
)
private

Definition at line 186 of file dnssec.py.

References dns.dnssec.key_id().

Referenced by dns.dnssec._validate_rrsig().

◆ _is_dsa()

def dns.dnssec._is_dsa (   algorithm)
private

Definition at line 212 of file dnssec.py.

Referenced by dns.dnssec._validate_rrsig().

◆ _is_ecdsa()

def dns.dnssec._is_ecdsa (   algorithm)
private

Definition at line 216 of file dnssec.py.

Referenced by dns.dnssec._validate_rrsig().

◆ _is_md5()

def dns.dnssec._is_md5 (   algorithm)
private

Definition at line 220 of file dnssec.py.

Referenced by dns.dnssec._make_algorithm_id(), and dns.dnssec._make_hash().

◆ _is_rsa()

def dns.dnssec._is_rsa (   algorithm)
private

Definition at line 206 of file dnssec.py.

Referenced by dns.dnssec._validate_rrsig().

◆ _is_sha1()

def dns.dnssec._is_sha1 (   algorithm)
private

Definition at line 224 of file dnssec.py.

Referenced by dns.dnssec._make_algorithm_id(), and dns.dnssec._make_hash().

◆ _is_sha256()

def dns.dnssec._is_sha256 (   algorithm)
private

Definition at line 229 of file dnssec.py.

Referenced by dns.dnssec._make_algorithm_id(), and dns.dnssec._make_hash().

◆ _is_sha384()

def dns.dnssec._is_sha384 (   algorithm)
private

Definition at line 233 of file dnssec.py.

Referenced by dns.dnssec._make_hash().

◆ _is_sha512()

def dns.dnssec._is_sha512 (   algorithm)
private

Definition at line 237 of file dnssec.py.

Referenced by dns.dnssec._make_algorithm_id(), and dns.dnssec._make_hash().

◆ _make_algorithm_id()

def dns.dnssec._make_algorithm_id (   algorithm)
private

◆ _make_hash()

def dns.dnssec._make_hash (   algorithm)
private

◆ _need_pycrypto()

def dns.dnssec._need_pycrypto ( args,
**  kwargs 
)
private

Definition at line 475 of file dnssec.py.

◆ _to_rdata()

def dns.dnssec._to_rdata (   record,
  origin 
)
private

Definition at line 119 of file dnssec.py.

Referenced by dns.dnssec._validate_rrsig(), dns.dnssec.key_id(), and dns.dnssec.make_ds().

◆ _validate()

def dns.dnssec._validate (   rrset,
  rrsigset,
  keys,
  origin = None,
  now = None 
)
private
Validate an RRset.

*rrset* is the RRset to validate.  It can be a ``dns.rrset.RRset`` or
a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsigset* is the signature RRset to be validated.  It can be a
``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*keys* is the key dictionary, used to find the DNSKEY associated with
a given name.  The dictionary is keyed by a ``dns.name.Name``, and has
``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures,
in seconds since the UNIX epoch.  The default is the current time.

Definition at line 427 of file dnssec.py.

References dns.dnssec._validate_rrsig(), and dns.name.from_text().

◆ _validate_rrsig()

def dns.dnssec._validate_rrsig (   rrset,
  rrsig,
  keys,
  origin = None,
  now = None 
)
private
Validate an RRset against a single signature rdata

The owner name of *rrsig* is assumed to be the same as the owner name
of *rrset*.

*rrset* is the RRset to validate.  It can be a ``dns.rrset.RRset`` or
a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsig* is a ``dns.rdata.Rdata``, the signature to validate.

*keys* is the key dictionary, used to find the DNSKEY associated with
a given name.  The dictionary is keyed by a ``dns.name.Name``, and has
``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures,
in seconds since the UNIX epoch.  The default is the current time.

Definition at line 274 of file dnssec.py.

References dns.dnssec._find_candidate_keys(), dns.dnssec._is_dsa(), dns.dnssec._is_ecdsa(), dns.dnssec._is_rsa(), dns.dnssec._make_hash(), dns.dnssec._to_rdata(), and dns.name.from_text().

Referenced by dns.dnssec._validate().

◆ algorithm_from_text()

def dns.dnssec.algorithm_from_text (   text)
Convert text into a DNSSEC algorithm value.

Returns an ``int``.

Definition at line 95 of file dnssec.py.

Referenced by dns.rdtypes.ANY.CERT.CERT.from_text(), dns.rdtypes.dnskeybase.DNSKEYBase.from_text(), and dns.rdtypes.ANY.RRSIG.RRSIG.from_text().

◆ algorithm_to_text()

def dns.dnssec.algorithm_to_text (   value)
Convert a DNSSEC algorithm value to text

Returns a ``str``.

Definition at line 107 of file dnssec.py.

Referenced by dns.rdtypes.ANY.CERT.CERT.to_text().

◆ key_id()

def dns.dnssec.key_id (   key,
  origin = None 
)
Return the key id (a 16-bit number) for the specified key.

Note the *origin* parameter of this function is historical and
is not needed.

Returns an ``int`` between 0 and 65535.

Definition at line 125 of file dnssec.py.

References dns.dnssec._to_rdata().

Referenced by dns.dnssec._find_candidate_keys(), and dns.dnssec.make_ds().

◆ make_ds()

def dns.dnssec.make_ds (   name,
  key,
  algorithm,
  origin = None 
)
Create a DS record for a DNSSEC key.

*name* is the owner name of the DS record.

*key* is a ``dns.rdtypes.ANY.DNSKEY``.

*algorithm* is a string describing which hash algorithm to use.  The
currently supported hashes are "SHA1" and "SHA256".  Case does not
matter for these strings.

*origin* is a ``dns.name.Name`` and will be used as the origin
if *key* is a relative name.

Returns a ``dns.rdtypes.ANY.DS``.

Definition at line 149 of file dnssec.py.

References dns.dnssec._to_rdata(), dns.name.from_text(), dns.rdata.from_wire(), and dns.dnssec.key_id().

Variable Documentation

◆ _algorithm_by_text

dictionary dns.dnssec._algorithm_by_text
private
Initial value:
1 = {
2  'RSAMD5': RSAMD5,
3  'DH': DH,
4  'DSA': DSA,
5  'ECC': ECC,
6  'RSASHA1': RSASHA1,
7  'DSANSEC3SHA1': DSANSEC3SHA1,
8  'RSASHA1NSEC3SHA1': RSASHA1NSEC3SHA1,
9  'RSASHA256': RSASHA256,
10  'RSASHA512': RSASHA512,
11  'INDIRECT': INDIRECT,
12  'ECDSAP256SHA256': ECDSAP256SHA256,
13  'ECDSAP384SHA384': ECDSAP384SHA384,
14  'PRIVATEDNS': PRIVATEDNS,
15  'PRIVATEOID': PRIVATEOID,
16 }

Definition at line 71 of file dnssec.py.

◆ _algorithm_by_value

dictionary dns.dnssec._algorithm_by_value = {y: x for x, y in _algorithm_by_text.items()}
private

Definition at line 92 of file dnssec.py.

◆ _have_ecdsa

bool dns.dnssec._have_ecdsa = False
private

Definition at line 495 of file dnssec.py.

◆ _have_pycrypto

bool dns.dnssec._have_pycrypto = False
private

Definition at line 494 of file dnssec.py.

◆ DH

int dns.dnssec.DH = 2

Definition at line 45 of file dnssec.py.

◆ DSA

int dns.dnssec.DSA = 3

Definition at line 47 of file dnssec.py.

◆ DSANSEC3SHA1

int dns.dnssec.DSANSEC3SHA1 = 6

Definition at line 53 of file dnssec.py.

◆ ECC

int dns.dnssec.ECC = 4

Definition at line 49 of file dnssec.py.

◆ ECDSAP256SHA256

int dns.dnssec.ECDSAP256SHA256 = 13

Definition at line 61 of file dnssec.py.

◆ ECDSAP384SHA384

int dns.dnssec.ECDSAP384SHA384 = 14

Definition at line 63 of file dnssec.py.

◆ INDIRECT

int dns.dnssec.INDIRECT = 252

Definition at line 65 of file dnssec.py.

◆ PRIVATEDNS

int dns.dnssec.PRIVATEDNS = 253

Definition at line 67 of file dnssec.py.

◆ PRIVATEOID

int dns.dnssec.PRIVATEOID = 254

Definition at line 69 of file dnssec.py.

◆ RSAMD5

int dns.dnssec.RSAMD5 = 1

Definition at line 43 of file dnssec.py.

◆ RSASHA1

int dns.dnssec.RSASHA1 = 5

Definition at line 51 of file dnssec.py.

◆ RSASHA1NSEC3SHA1

int dns.dnssec.RSASHA1NSEC3SHA1 = 7

Definition at line 55 of file dnssec.py.

◆ RSASHA256

int dns.dnssec.RSASHA256 = 8

Definition at line 57 of file dnssec.py.

◆ RSASHA512

int dns.dnssec.RSASHA512 = 10

Definition at line 59 of file dnssec.py.

◆ validate

def dns.dnssec.validate = _need_pycrypto

Definition at line 492 of file dnssec.py.

◆ validate_rrsig

def dns.dnssec.validate_rrsig = _need_pycrypto

Definition at line 493 of file dnssec.py.