Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-10-28 00:34:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

plugin/dnssec; insert and sign DS records (#1153)

Browse Source 
* plugin/dnssec; insert and sign DS records

Sign a delegation as well and insert DS records.

Fixes #698

* better
This commit is contained in:
Miek Gieben
2017-10-20 09:22:02 +01:00
committed by GitHub
parent 73d702c052
commit 11203e440d
6 changed files with 57 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
plugin/dnssec/dnskey.go
View File

@@ -15,9 +15,10 @@ import (
// DNSKEY holds a DNSSEC public and private key used for on-the-fly signing.
type DNSKEY struct {
K *dns.DNSKEY
s crypto.Signer
keytag uint16
K *dns.DNSKEY
D *dns.DS
s crypto.Signer
tag uint16
}
// ParseKeyFile read a DNSSEC keyfile as generated by dnssec-keygen or other
@@ -36,18 +37,20 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) {
if e != nil {
return nil, e
}
p, e := k.(*dns.DNSKEY).ReadPrivateKey(f, privFile)
dk := k.(*dns.DNSKEY)
p, e := dk.ReadPrivateKey(f, privFile)
if e != nil {
return nil, e
}
if v, ok := p.(*rsa.PrivateKey); ok {
return &DNSKEY{k.(*dns.DNSKEY), v, k.(*dns.DNSKEY).KeyTag()}, nil
if s, ok := p.(*rsa.PrivateKey); ok {
return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
}
if v, ok := p.(*ecdsa.PrivateKey); ok {
return &DNSKEY{k.(*dns.DNSKEY), v, k.(*dns.DNSKEY).KeyTag()}, nil
if s, ok := p.(*ecdsa.PrivateKey); ok {
return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
}
return &DNSKEY{k.(*dns.DNSKEY), nil, 0}, errors.New("no known? private key found")
return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no known private key found")
}
// getDNSKEY returns the correct DNSKEY to the client. Signatures are added when do is true.