internal override DnsResourceData CreateInstance(DnsDatagram dns, int offsetInDns, int length)
{
if (length < ConstantPartLength)
{
return(null);
}
DnsType typeCovered = (DnsType)dns.ReadUShort(offsetInDns + Offset.TypeCovered, Endianity.Big);
DnsAlgorithm algorithm = (DnsAlgorithm)dns[offsetInDns + Offset.Algorithm];
byte labels = dns[offsetInDns + Offset.Labels];
uint originalTtl = dns.ReadUInt(offsetInDns + Offset.OriginalTtl, Endianity.Big);
uint signatureExpiration = dns.ReadUInt(offsetInDns + Offset.SignatureExpiration, Endianity.Big);
uint signatureInception = dns.ReadUInt(offsetInDns + Offset.SignatureInception, Endianity.Big);
ushort keyTag = dns.ReadUShort(offsetInDns + Offset.KeyTag, Endianity.Big);
offsetInDns += ConstantPartLength;
length -= ConstantPartLength;
DnsDomainName signersName;
int signersNameLength;
if (!DnsDomainName.TryParse(dns, offsetInDns, length, out signersName, out signersNameLength))
{
return(null);
}
offsetInDns += signersNameLength;
length -= signersNameLength;
DataSegment signature = dns.Subsegment(offsetInDns, length);
return(new DnsResourceDataSignature(typeCovered, algorithm, labels, originalTtl, signatureExpiration, signatureInception, keyTag, signersName, signature));
}
public DnsResourceDataDelegationSigner(ushort keyTag, DnsAlgorithm algorithm, DnsDigestType digestType, DataSegment digest)
{
if (digest == null)
{
throw new ArgumentNullException("digest");
}
this.KeyTag = keyTag;
this.Algorithm = algorithm;
this.DigestType = digestType;
int val2;
switch (this.DigestType)
{
case DnsDigestType.Sha1:
val2 = 20;
break;
case DnsDigestType.Sha256:
val2 = 32;
break;
default:
val2 = int.MaxValue;
break;
}
this.Digest = digest.Subsegment(0, Math.Min(digest.Length, val2));
this.ExtraDigest = digest.Subsegment(this.Digest.Length, digest.Length - this.Digest.Length);
}
/// <summary>
/// Constructs an instance from the certificate type, key tag, algorithm and certificate fields.
/// </summary>
/// <param name="certificateType">The certificate type.</param>
/// <param name="keyTag">
/// Value computed for the key embedded in the certificate, using the RRSIG Key Tag algorithm.
/// This field is used as an efficiency measure to pick which CERT RRs may be applicable to a particular key.
/// The key tag can be calculated for the key in question, and then only CERT RRs with the same key tag need to be examined.
/// Note that two different keys can have the same key tag.
/// However, the key must be transformed to the format it would have as the public key portion of a DNSKEY RR before the key tag is computed.
/// This is only possible if the key is applicable to an algorithm and complies to limits (such as key size) defined for DNS security.
/// If it is not, the algorithm field must be zero and the tag field is meaningless and should be zero.
/// </param>
/// <param name="algorithm">
/// Has the same meaning as the algorithm field in DNSKEY and RRSIG RRs,
/// except that a zero algorithm field indicates that the algorithm is unknown to a secure DNS,
/// which may simply be the result of the algorithm not having been standardized for DNSSEC.
/// </param>
/// <param name="certificate">The certificate data according to the type.</param>
public DnsResourceDataCertificate(DnsCertificateType certificateType, ushort keyTag, DnsAlgorithm algorithm, DataSegment certificate)
{
CertificateType = certificateType;
KeyTag = keyTag;
Algorithm = algorithm;
Certificate = certificate;
}
public DnsResourceDataRKey(ushort flags, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey)
{
this.Flags = flags;
this.Protocol = protocol;
this.Algorithm = algorithm;
this.PublicKey = publicKey;
}
internal override DnsResourceData CreateInstance(DnsDatagram dns, int offsetInDns, int length)
{
if (length < 18)
{
return((DnsResourceData)null);
}
DnsType typeCovered = (DnsType)dns.ReadUShort(offsetInDns, Endianity.Big);
DnsAlgorithm algorithm = (DnsAlgorithm)dns[offsetInDns + 2];
byte labels = dns[offsetInDns + 3];
uint originalTtl = dns.ReadUInt(offsetInDns + 4, Endianity.Big);
uint num1 = dns.ReadUInt(offsetInDns + 8, Endianity.Big);
uint num2 = dns.ReadUInt(offsetInDns + 12, Endianity.Big);
ushort keyTag = dns.ReadUShort(offsetInDns + 16, Endianity.Big);
offsetInDns += 18;
length -= 18;
DnsDomainName domainName;
int numBytesRead;
if (!DnsDomainName.TryParse(dns, offsetInDns, length, out domainName, out numBytesRead))
{
return((DnsResourceData)null);
}
offsetInDns += numBytesRead;
length -= numBytesRead;
DataSegment signature = dns.Subsegment(offsetInDns, length);
return((DnsResourceData) new DnsResourceDataSignature(typeCovered, algorithm, labels, originalTtl, (SerialNumber32)num1, (SerialNumber32)num2, keyTag, domainName, signature));
}
/// <summary>
/// Constructs an instance out of the key tag, algorithm, digest type and digest fields.
/// </summary>
/// <param name="keyTag">
/// Lists the key tag of the DNSKEY RR referred to by the DS record.
/// The Key Tag used by the DS RR is identical to the Key Tag used by RRSIG RRs.
/// Calculated as specified in RFC 2535.
/// </param>
/// <param name="algorithm">Algorithm must be allowed to sign DNS data.</param>
/// <param name="digestType">An identifier for the digest algorithm used.</param>
/// <param name="digest">
/// Calculated over the canonical name of the delegated domain name followed by the whole RDATA of the KEY record (all four fields).
/// digest = hash(canonical FQDN on KEY RR | KEY_RR_rdata)
/// KEY_RR_rdata = Flags | Protocol | Algorithm | Public Key
/// The size of the digest may vary depending on the digest type.
/// </param>
public DnsResourceDataDelegationSigner(ushort keyTag, DnsAlgorithm algorithm, DnsDigestType digestType, DataSegment digest)
{
if (digest == null)
{
throw new ArgumentNullException("digest");
}
KeyTag = keyTag;
Algorithm = algorithm;
DigestType = digestType;
int maxDigestLength;
switch (DigestType)
{
case DnsDigestType.Sha1:
maxDigestLength = 20;
break;
case DnsDigestType.Sha256:
maxDigestLength = 32;
break;
default:
maxDigestLength = int.MaxValue;
break;
}
Digest = digest.Subsegment(0, Math.Min(digest.Length, maxDigestLength));
ExtraDigest = digest.Subsegment(Digest.Length, digest.Length - Digest.Length);
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < ConstantPartLength)
{
return(null);
}
bool authenticationProhibited = data.ReadBool(Offset.AuthenticationProhibited, Mask.AuthenticationProhibited);
bool confidentialityProhibited = data.ReadBool(Offset.ConfidentialityProhibited, Mask.ConfidentialityProhibited);
bool experimental = data.ReadBool(Offset.Experimental, Mask.Experimental);
bool isFlagsExtension = data.ReadBool(Offset.IsFlagsExtension, Mask.IsFlagsExtension);
bool userAssociated = data.ReadBool(Offset.UserAssociated, Mask.UserAssociated);
bool ipSec = data.ReadBool(Offset.IpSec, Mask.IpSec);
bool email = data.ReadBool(Offset.Email, Mask.Email);
DnsKeyNameType nameType = (DnsKeyNameType)(data[Offset.NameType] & Mask.NameType);
DnsKeySignatoryAttributes signatory = (DnsKeySignatoryAttributes)(data[Offset.Signatory] & Mask.Signatory);
DnsKeyProtocol protocol = (DnsKeyProtocol)data[Offset.Protocol];
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
ushort? flagsExtension = (isFlagsExtension ? ((ushort?)data.ReadUShort(Offset.FlagsExtension, Endianity.Big)) : null);
int publicKeyOffset = Offset.FlagsExtension + (isFlagsExtension ? sizeof(ushort) : 0);
DataSegment publicKey = data.Subsegment(publicKeyOffset, data.Length - publicKeyOffset);
return(new DnsResourceDataKey(authenticationProhibited, confidentialityProhibited, experimental, userAssociated, ipSec, email, nameType, signatory,
protocol, algorithm, flagsExtension, publicKey));
}
/// <summary>
/// Constructs an instance from the zone key, revoke, secure entry point, protocol, algorithm and public key fields.
/// </summary>
/// <param name="zoneKey">
/// If true, the DNSKEY record holds a DNS zone key, and the DNSKEY RR's owner name must be the name of a zone.
/// If false, then the DNSKEY record holds some other type of DNS public key and must not be used to verify RRSIGs that cover RRsets.
/// </param>
/// <param name="revoke">
/// If true, and the resolver sees an RRSIG(DNSKEY) signed by the associated key,
/// then the resolver must consider this key permanently invalid for all purposes except for validating the revocation.
/// </param>
/// <param name="secureEntryPoint">
/// RFC 3757.
/// If true, then the DNSKEY record holds a key intended for use as a secure entry point.
/// This flag is only intended to be a hint to zone signing or debugging software as to the intended use of this DNSKEY record;
/// validators must not alter their behavior during the signature validation process in any way based on the setting of this bit.
/// This also means that a DNSKEY RR with the SEP bit set would also need the Zone Key flag set in order to be able to generate signatures legally.
/// A DNSKEY RR with the SEP set and the Zone Key flag not set MUST NOT be used to verify RRSIGs that cover RRsets.
/// </param>
/// <param name="protocol">
/// Must have value 3, and the DNSKEY RR MUST be treated as invalid during signature verification if it is found to be some value other than 3.
/// </param>
/// <param name="algorithm">Identifies the public key's cryptographic algorithm and determines the format of the Public Key field.</param>
/// <param name="publicKey">The public key material. The format depends on the algorithm of the key being stored.</param>
public DnsResourceDataDnsKey(bool zoneKey, bool revoke, bool secureEntryPoint, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey)
{
ZoneKey = zoneKey;
Revoke = revoke;
SecureEntryPoint = secureEntryPoint;
Protocol = protocol;
Algorithm = algorithm;
PublicKey = publicKey;
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
ushort keyTag = data.ReadUShort(Offset.KeyTag, Endianity.Big);
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
DnsDigestType digestType = (DnsDigestType)data[Offset.DigestType];
DataSegment digest = data.Subsegment(Offset.Digest, data.Length - ConstPartLength);
return(new DnsResourceDataDelegationSigner(keyTag, algorithm, digestType, digest));
}
public DnsResourceDataSignature(DnsType typeCovered, DnsAlgorithm algorithm, byte labels, uint originalTtl, SerialNumber32 signatureExpiration, SerialNumber32 signatureInception, ushort keyTag, DnsDomainName signersName, DataSegment signature)
{
this.TypeCovered = typeCovered;
this.Algorithm = algorithm;
this.Labels = labels;
this.OriginalTtl = originalTtl;
this.SignatureExpiration = signatureExpiration;
this.SignatureInception = signatureInception;
this.KeyTag = keyTag;
this.SignersName = signersName;
this.Signature = signature;
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < ConstantPartLength)
{
return(null);
}
DnsCertificateType type = (DnsCertificateType)data.ReadUShort(Offset.Type, Endianity.Big);
ushort keyTag = data.ReadUShort(Offset.KeyTag, Endianity.Big);
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
DataSegment certificate = data.Subsegment(Offset.Certificate, data.Length - ConstantPartLength);
return(new DnsResourceDataCertificate(type, keyTag, algorithm, certificate));
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < ConstantPartLength)
{
return(null);
}
ushort flags = data.ReadUShort(Offset.Flags, Endianity.Big);
byte protocol = data[Offset.Protocol];
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
DataSegment publicKey = data.Subsegment(Offset.PublicKey, data.Length - ConstantPartLength);
return(new DnsResourceDataRKey(flags, protocol, algorithm, publicKey));
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < ConstantPartLength)
{
return(null);
}
bool zoneKey = data.ReadBool(Offset.ZoneKey, Mask.ZoneKey);
bool revoke = data.ReadBool(Offset.Revoke, Mask.Revoke);
bool secureEntryPoint = data.ReadBool(Offset.SecureEntryPoint, Mask.SecureEntryPoint);
byte protocol = data[Offset.Protocol];
DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm];
DataSegment publicKey = data.Subsegment(Offset.PublicKey, data.Length - ConstantPartLength);
return(new DnsResourceDataDnsKey(zoneKey, revoke, secureEntryPoint, protocol, algorithm, publicKey));
}
public DnsResourceDataKey(bool authenticationProhibited, bool confidentialityProhibited, bool experimental, bool userAssociated, bool ipSec,
bool email, DnsKeyNameType nameType, DnsKeySignatoryAttributes signatory, DnsKeyProtocol protocol, DnsAlgorithm algorithm,
ushort?flagsExtension, DataSegment publicKey)
{
AuthenticationProhibited = authenticationProhibited;
ConfidentialityProhibited = confidentialityProhibited;
Experimental = experimental;
UserAssociated = userAssociated;
IpSec = ipSec;
Email = email;
FlagsExtension = flagsExtension;
NameType = nameType;
Signatory = signatory;
Protocol = protocol;
Algorithm = algorithm;
PublicKey = publicKey;
}
internal override DnsResourceData CreateInstance(DataSegment data)
{
if (data.Length < 4)
{
return((DnsResourceData)null);
}
bool authenticationProhibited = data.ReadBool(0, (byte)sbyte.MinValue);
bool confidentialityProhibited = data.ReadBool(0, (byte)64);
bool experimental = data.ReadBool(0, (byte)32);
bool flag = data.ReadBool(0, (byte)16);
bool userAssociated = data.ReadBool(0, (byte)4);
bool ipSec = data.ReadBool(1, (byte)sbyte.MinValue);
bool email = data.ReadBool(1, (byte)64);
DnsKeyNameType nameType = (DnsKeyNameType)((uint)data[0] & 3U);
DnsKeySignatoryAttributes signatory = (DnsKeySignatoryAttributes)((uint)data[1] & 15U);
DnsKeyProtocol protocol = (DnsKeyProtocol)data[2];
DnsAlgorithm algorithm = (DnsAlgorithm)data[3];
ushort? flagsExtension = flag ? new ushort?(data.ReadUShort(4, Endianity.Big)) : new ushort?();
int offset = 4 + (flag ? 2 : 0);
DataSegment publicKey = data.Subsegment(offset, data.Length - offset);
return((DnsResourceData) new DnsResourceDataKey(authenticationProhibited, confidentialityProhibited, experimental, userAssociated, ipSec, email, nameType, signatory, protocol, algorithm, flagsExtension, publicKey));
}
public DnsResourceDataDnsKey(bool zoneKey, bool revoke, bool secureEntryPoint, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey)
{
this.ZoneKey = zoneKey;
this.Revoke = revoke;
this.SecureEntryPoint = secureEntryPoint;
this.Protocol = protocol;
this.Algorithm = algorithm;
this.PublicKey = publicKey;
}
