/// <summary>
/// Constructs an instance from the certificate type, key tag, algorithm and certificate fields.
/// </summary>
/// <param name="certificateType">The certificate type.</param>
/// <param name="keyTag">
/// Value computed for the key embedded in the certificate, using the RRSIG Key Tag algorithm.
/// This field is used as an efficiency measure to pick which CERT RRs may be applicable to a particular key.
/// The key tag can be calculated for the key in question, and then only CERT RRs with the same key tag need to be examined.
/// Note that two different keys can have the same key tag.
/// However, the key must be transformed to the format it would have as the public key portion of a DNSKEY RR before the key tag is computed.
/// This is only possible if the key is applicable to an algorithm and complies to limits (such as key size) defined for DNS security.
/// If it is not, the algorithm field must be zero and the tag field is meaningless and should be zero.
/// </param>
/// <param name="algorithm">
/// Has the same meaning as the algorithm field in DNSKEY and RRSIG RRs,
/// except that a zero algorithm field indicates that the algorithm is unknown to a secure DNS,
/// which may simply be the result of the algorithm not having been standardized for DNSSEC.
/// </param>
/// <param name="certificate">The certificate data according to the type.</param>
public DnsResourceDataCertificate(DnsCertificateType certificateType, ushort keyTag, DnsAlgorithm algorithm, DataSegment certificate)
{
CertificateType = certificateType;
KeyTag = keyTag;
Algorithm = algorithm;
Certificate = certificate;
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < ConstantPartLength)
{
return(null);
}
DnsCertificateType type = (DnsCertificateType)data.ReadUShort(Offset.Type, Endianity.Big);
ushort keyTag = data.ReadUShort(Offset.KeyTag, Endianity.Big);
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
DataSegment certificate = data.Subsegment(Offset.Certificate, data.Length - ConstantPartLength);
return(new DnsResourceDataCertificate(type, keyTag, algorithm, certificate));
}
