|
|
@@ -26,22 +26,34 @@
|
|
|
#include <dns/tsigkey.h>
|
|
|
|
|
|
using namespace std;
|
|
|
+using namespace isc::cryptolink;
|
|
|
|
|
|
+namespace isc {
|
|
|
+namespace dns {
|
|
|
namespace {
|
|
|
- bool isValidAlgorithmName(const isc::dns::Name& name) {
|
|
|
- return (name == isc::dns::TSIGKey::HMACMD5_NAME() ||
|
|
|
- name == isc::dns::TSIGKey::HMACSHA1_NAME() ||
|
|
|
- name == isc::dns::TSIGKey::HMACSHA256_NAME());
|
|
|
+ HashAlgorithm
|
|
|
+ convertAlgorithmName(const isc::dns::Name& name) {
|
|
|
+ if (name == TSIGKey::HMACMD5_NAME()) {
|
|
|
+ return (isc::cryptolink::MD5);
|
|
|
+ }
|
|
|
+ if (name == TSIGKey::HMACSHA1_NAME()) {
|
|
|
+ return (isc::cryptolink::SHA1);
|
|
|
+ }
|
|
|
+ if (name == TSIGKey::HMACSHA256_NAME()) {
|
|
|
+ return (isc::cryptolink::SHA256);
|
|
|
+ }
|
|
|
+ isc_throw(InvalidParameter,
|
|
|
+ "Unknown TSIG algorithm is specified: " << name);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-namespace isc {
|
|
|
-namespace dns {
|
|
|
struct
|
|
|
TSIGKey::TSIGKeyImpl {
|
|
|
TSIGKeyImpl(const Name& key_name, const Name& algorithm_name,
|
|
|
+ isc::cryptolink::HashAlgorithm algorithm,
|
|
|
const void* secret, size_t secret_len) :
|
|
|
key_name_(key_name), algorithm_name_(algorithm_name),
|
|
|
+ algorithm_(algorithm),
|
|
|
secret_(static_cast<const uint8_t*>(secret),
|
|
|
static_cast<const uint8_t*>(secret) + secret_len)
|
|
|
{
|
|
|
@@ -51,23 +63,21 @@ TSIGKey::TSIGKeyImpl {
|
|
|
}
|
|
|
Name key_name_;
|
|
|
Name algorithm_name_;
|
|
|
+ const isc::cryptolink::HashAlgorithm algorithm_;
|
|
|
const vector<uint8_t> secret_;
|
|
|
};
|
|
|
|
|
|
TSIGKey::TSIGKey(const Name& key_name, const Name& algorithm_name,
|
|
|
const void* secret, size_t secret_len) : impl_(NULL)
|
|
|
{
|
|
|
- if (!isValidAlgorithmName(algorithm_name)) {
|
|
|
- isc_throw(InvalidParameter, "Unknown TSIG algorithm is specified: " <<
|
|
|
- algorithm_name);
|
|
|
- }
|
|
|
+ const HashAlgorithm algorithm = convertAlgorithmName(algorithm_name);
|
|
|
if ((secret != NULL && secret_len == 0) ||
|
|
|
(secret == NULL && secret_len != 0)) {
|
|
|
isc_throw(InvalidParameter,
|
|
|
"TSIGKey secret and its length are inconsistent");
|
|
|
}
|
|
|
-
|
|
|
- impl_ = new TSIGKeyImpl(key_name, algorithm_name, secret, secret_len);
|
|
|
+ impl_ = new TSIGKeyImpl(key_name, algorithm_name, algorithm, secret,
|
|
|
+ secret_len);
|
|
|
}
|
|
|
|
|
|
TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
|
|
|
@@ -96,16 +106,13 @@ TSIGKey::TSIGKey(const std::string& str) : impl_(NULL) {
|
|
|
|
|
|
const Name algo_name(algo_str.empty() ? "hmac-md5.sig-alg.reg.int" :
|
|
|
algo_str);
|
|
|
- if (!isValidAlgorithmName(algo_name)) {
|
|
|
- isc_throw(InvalidParameter, "Unknown TSIG algorithm is specified: " <<
|
|
|
- algo_name);
|
|
|
- }
|
|
|
+ const HashAlgorithm algorithm = convertAlgorithmName(algo_name);
|
|
|
|
|
|
vector<uint8_t> secret;
|
|
|
util::encode::decodeBase64(secret_str, secret);
|
|
|
|
|
|
- impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, &secret[0],
|
|
|
- secret.size());
|
|
|
+ impl_ = new TSIGKeyImpl(Name(keyname_str), algo_name, algorithm,
|
|
|
+ &secret[0], secret.size());
|
|
|
} catch (const Exception& e) {
|
|
|
// 'reduce' the several types of exceptions name parsing and
|
|
|
// Base64 decoding can throw to just the InvalidParameter
|
|
|
@@ -144,6 +151,11 @@ TSIGKey::getAlgorithmName() const {
|
|
|
return (impl_->algorithm_name_);
|
|
|
}
|
|
|
|
|
|
+isc::cryptolink::HashAlgorithm
|
|
|
+TSIGKey::getCryptoAlgorithm() const {
|
|
|
+ return (impl_->algorithm_);
|
|
|
+}
|
|
|
+
|
|
|
const void*
|
|
|
TSIGKey::getSecret() const {
|
|
|
return ((impl_->secret_.size() > 0) ? &impl_->secret_[0] : NULL);
|
JINMEI Tatuya