/**
* returns the rdata portion of the DNS packet
*
* @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for
* compressed names
*
* @return mixed either returns a binary packed
* string or null on failure
* @access protected
*
*/
protected function rrGet(Net_DNS2_Packet &$packet)
{
//
// parse the values out of the dates
//
preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigexp, $e);
preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigincep, $i);
//
// pack the value
//
$data = pack('nCCNNNn', Net_DNS2_Lookups::$rr_types_by_name[$this->typecovered], $this->algorithm, $this->labels, $this->origttl, gmmktime($e[4], $e[5], $e[6], $e[2], $e[3], $e[1]), gmmktime($i[4], $i[5], $i[6], $i[2], $i[3], $i[1]), $this->keytag);
//
// the signer name is special; it's not allowed to be compressed
// (see section 3.1.7)
//
$names = explode('.', strtolower($this->signname));
foreach ($names as $name) {
$data .= chr(strlen($name));
$data .= $name;
}
$data .= chr('0');
//
// if the signature is empty, and $this->private_key is an instance of a
// private key object, and we have access to openssl, then assume this
// is a SIG(0), and generate a new signature
//
if (strlen($this->signature) == 0 && $this->private_key instanceof Net_DNS2_PrivateKey && extension_loaded('openssl') === true) {
//
// create a new packet for the signature-
//
$new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN');
//
// copy the packet data over
//
$new_packet->copy($packet);
//
// remove the SIG object from the additional list
//
array_pop($new_packet->additional);
$new_packet->header->arcount = count($new_packet->additional);
//
// copy out the data
//
$sigdata = $data . $new_packet->get();
//
// based on the algorithm
//
$algorithm = 0;
switch ($this->algorithm) {
//
// MD5
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5:
$algorithm = OPENSSL_ALGO_MD5;
break;
//
// SHA1
//
//
// SHA1
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1:
$algorithm = OPENSSL_ALGO_SHA1;
break;
//
// un-supported
//
//
// un-supported
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSA:
//
// DSA won't work in PHP until the OpenSSL extension has
// better DSA support
//
//
// DSA won't work in PHP until the OpenSSL extension has
// better DSA support
//
case Net_DNS2_Lookups::DSNSEC_ALGORITHM_RSASHA1NSEC3SHA1:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSANSEC3SHA1:
default:
throw new Net_DNS2_Exception('invalid or unsupported algorithm', Net_DNS2_Lookups::E_OPENSSL_INV_ALGO);
break;
}
//
// sign the data
//
if (openssl_sign($sigdata, $this->signature, $this->private_key->instance, $algorithm) == false) {
throw new Net_DNS2_Exception(openssl_error_string(), Net_DNS2_Lookups::E_OPENSSL_ERROR);
}
//
// add it locally encoded
//
$this->signature = base64_encode($this->signature);
}
//
// add the signature
//
$data .= base64_decode($this->signature);
return $data;
}
/**
* returns the rdata portion of the DNS packet
*
* @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for
* compressed names
*
* @return mixed either returns a binary packed
* string or null on failure
* @access protected
*
*/
protected function rrGet(Net_DNS2_Packet &$packet)
{
if (strlen($this->key) > 0) {
//
// create a new packet for the signature-
//
$new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN');
//
// copy the packet data over
//
$new_packet->copy($packet);
//
// remove the TSIG object from the additional list
//
array_pop($new_packet->additional);
$new_packet->header->arcount = count($new_packet->additional);
//
// copy out the data
//
$sig_data = $new_packet->get();
//
// add the name without compressing
//
$sig_data .= Net_DNS2_Packet::pack($this->name);
//
// add the class and TTL
//
$sig_data .= pack('nN', Net_DNS2_Lookups::$classes_by_name[$this->class], $this->ttl);
//
// add the algorithm name without compression
//
$sig_data .= Net_DNS2_Packet::pack(strtolower($this->algorithm));
//
// add the rest of the values
//
$sig_data .= pack('nNnnn', 0, $this->time_signed, $this->fudge, $this->error, $this->other_length);
if ($this->other_length > 0) {
$sig_data .= pack('nN', 0, $this->other_data);
}
//
// sign the data
//
$this->mac = $this->_signHMAC($sig_data, base64_decode($this->key), $this->algorithm);
$this->mac_size = strlen($this->mac);
//
// compress the algorithm
//
$data = Net_DNS2_Packet::pack(strtolower($this->algorithm));
//
// pack the time, fudge and mac size
//
$data .= pack('nNnn', 0, $this->time_signed, $this->fudge, $this->mac_size);
$data .= $this->mac;
//
// check the error and other_length
//
if ($this->error == Net_DNS2_Lookups::RCODE_BADTIME) {
$this->other_length = strlen($this->other_data);
if ($this->other_length != 6) {
return null;
}
} else {
$this->other_length = 0;
$this->other_data = '';
}
//
// pack the id, error and other_length
//
$data .= pack('nnn', $packet->header->id, $this->error, $this->other_length);
if ($this->other_length > 0) {
$data .= pack('nN', 0, $this->other_data);
}
$packet->offset += strlen($data);
return $data;
}
return null;
}
