private async Task <DnsSecValidationResult> VerifyAsync <TRecord>(RrSigRecord rrSigRecord, List <TRecord> coveredRecords, RecordClass recordClass, TState state, CancellationToken token)
where TRecord : DnsRecordBase
{
if (rrSigRecord.TypeCovered == RecordType.DnsKey)
{
List <DsRecord> dsRecords;
if (rrSigRecord.SignersName.Equals(DomainName.Root))
{
dsRecords = _resolverHintStore.RootKeys;
}
else
{
var dsRecordResults = await _resolver.ResolveSecureAsync <DsRecord>(rrSigRecord.SignersName, RecordType.Ds, recordClass, state, token);
if ((dsRecordResults.ValidationResult == DnsSecValidationResult.Bogus) || (dsRecordResults.ValidationResult == DnsSecValidationResult.Indeterminate))
{
throw new DnsSecValidationException("DS records could not be retrieved");
}
if (dsRecordResults.ValidationResult == DnsSecValidationResult.Unsigned)
{
return(DnsSecValidationResult.Unsigned);
}
dsRecords = dsRecordResults.Records;
}
return(dsRecords.Any(dsRecord => rrSigRecord.Verify(coveredRecords, coveredRecords.Cast <DnsKeyRecord>().Where(dsRecord.IsCovering).ToList())) ? DnsSecValidationResult.Signed : DnsSecValidationResult.Bogus);
}
else
{
var dnsKeyRecordResults = await _resolver.ResolveSecureAsync <DnsKeyRecord>(rrSigRecord.SignersName, RecordType.DnsKey, recordClass, state, token);
if ((dnsKeyRecordResults.ValidationResult == DnsSecValidationResult.Bogus) || (dnsKeyRecordResults.ValidationResult == DnsSecValidationResult.Indeterminate))
{
throw new DnsSecValidationException("DNSKEY records could not be retrieved");
}
if (dnsKeyRecordResults.ValidationResult == DnsSecValidationResult.Unsigned)
{
return(DnsSecValidationResult.Unsigned);
}
return(rrSigRecord.Verify(coveredRecords, dnsKeyRecordResults.Records) ? DnsSecValidationResult.Signed : DnsSecValidationResult.Bogus);
}
}
public static RrSigRecord SignRecord(List <DnsRecordBase> records, DnsKeyRecord key, DateTime inception, DateTime expiration)
{
RrSigRecord record = new RrSigRecord(records, key, inception, expiration);
record.TypeCovered = records[0].RecordType;
record.Algorithm = key.Algorithm;
record.Labels = (byte)(records[0].Name.Labels[0] == DomainName.Asterisk.Labels[0] ? records[0].Name.LabelCount - 1 : records[0].Name.LabelCount);
record.OriginalTimeToLive = records[0].TimeToLive;
record.SignatureExpiration = expiration;
record.SignatureInception = inception;
record.KeyTag = key.CalculateKeyTag();
record.SignersName = key.Name;
record.Signature = new byte[] { };
// byte[] signBuffer;
// int signBufferLength;
record.EncodeSigningBuffer(records, out byte[] signBuffer, out int signBufferLength);
record.Signature = key.Sign(signBuffer, signBufferLength);
return(record);
}
