# Copyright (C) 2003-2007, 2009-2011 Nominum, Inc. # # Permission to use, copy, modify, and distribute this software and its # documentation for any purpose with or without fee is hereby granted, # provided that the above copyright notice and this permission notice # appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT # OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. import cStringIO import struct import dns.exception import dns.dnssec import dns.rdata import dns.tokenizer _ctype_by_value = { 1 : 'PKIX', 2 : 'SPKI', 3 : 'PGP', 253 : 'URI', 254 : 'OID', } _ctype_by_name = { 'PKIX' : 1, 'SPKI' : 2, 'PGP' : 3, 'URI' : 253, 'OID' : 254, } def _ctype_from_text(what): v = _ctype_by_name.get(what) if not v is None: return v return int(what) def _ctype_to_text(what): v = _ctype_by_value.get(what) if not v is None: return v return str(what) class CERT(dns.rdata.Rdata): """CERT record @ivar certificate_type: certificate type @type certificate_type: int @ivar key_tag: key tag @type key_tag: int @ivar algorithm: algorithm @type algorithm: int @ivar certificate: the certificate or CRL @type certificate: string @see: RFC 2538""" __slots__ = ['certificate_type', 'key_tag', 'algorithm', 'certificate'] def __init__(self, rdclass, rdtype, certificate_type, key_tag, algorithm, certificate): super(CERT, self).__init__(rdclass, rdtype) self.certificate_type = certificate_type self.key_tag = key_tag self.algorithm = algorithm self.certificate = certificate def to_text(self, origin=None, relativize=True, **kw): certificate_type = _ctype_to_text(self.certificate_type) return "%s %d %s %s" % (certificate_type, self.key_tag, dns.dnssec.algorithm_to_text(self.algorithm), dns.rdata._base64ify(self.certificate)) def from_text(cls, rdclass, rdtype, tok, origin = None, relativize = True): certificate_type = _ctype_from_text(tok.get_string()) key_tag = tok.get_uint16() algorithm = dns.dnssec.algorithm_from_text(tok.get_string()) if algorithm < 0 or algorithm > 255: raise dns.exception.SyntaxError("bad algorithm type") chunks = [] while 1: t = tok.get().unescape() if t.is_eol_or_eof(): break if not t.is_identifier(): raise dns.exception.SyntaxError chunks.append(t.value) b64 = ''.join(chunks) certificate = b64.decode('base64_codec') return cls(rdclass, rdtype, certificate_type, key_tag, algorithm, certificate) from_text = classmethod(from_text) def to_wire(self, file, compress = None, origin = None): prefix = struct.pack("!HHB", self.certificate_type, self.key_tag, self.algorithm) file.write(prefix) file.write(self.certificate) def from_wire(cls, rdclass, rdtype, wire, current, rdlen, origin = None): prefix = wire[current : current + 5].unwrap() current += 5 rdlen -= 5 if rdlen < 0: raise dns.exception.FormError (certificate_type, key_tag, algorithm) = struct.unpack("!HHB", prefix) certificate = wire[current : current + rdlen].unwrap() return cls(rdclass, rdtype, certificate_type, key_tag, algorithm, certificate) from_wire = classmethod(from_wire) def _cmp(self, other): f = cStringIO.StringIO() self.to_wire(f) wire1 = f.getvalue() f.seek(0) f.truncate() other.to_wire(f) wire2 = f.getvalue() f.close() return cmp(wire1, wire2)