/**
* returns the rdata portion of the DNS packet
*
* @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for
* compressed names
*
* @return mixed either returns a binary packed
* string or null on failure
* @access protected
*
*/
protected function rrGet(Net_DNS2_Packet &$packet)
{
if (strlen($this->key) > 0) {
//
// create a new packet for the signature-
//
$new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN');
//
// copy the packet data over
//
$new_packet->copy($packet);
//
// remove the TSIG object from the additional list
//
array_pop($new_packet->additional);
$new_packet->header->arcount = count($new_packet->additional);
//
// copy out the data
//
$sig_data = $new_packet->get();
//
// add the name without compressing
//
$sig_data .= Net_DNS2_Packet::pack($this->name);
//
// add the class and TTL
//
$sig_data .= pack('nN', Net_DNS2_Lookups::$classes_by_name[$this->class], $this->ttl);
//
// add the algorithm name without compression
//
$sig_data .= Net_DNS2_Packet::pack(strtolower($this->algorithm));
//
// add the rest of the values
//
$sig_data .= pack('nNnnn', 0, $this->time_signed, $this->fudge, $this->error, $this->other_length);
if ($this->other_length > 0) {
$sig_data .= pack('nN', 0, $this->other_data);
}
//
// sign the data
//
$this->mac = $this->_signHMAC($sig_data, base64_decode($this->key), $this->algorithm);
$this->mac_size = strlen($this->mac);
//
// compress the algorithm
//
$data = Net_DNS2_Packet::pack(strtolower($this->algorithm));
//
// pack the time, fudge and mac size
//
$data .= pack('nNnn', 0, $this->time_signed, $this->fudge, $this->mac_size);
$data .= $this->mac;
//
// check the error and other_length
//
if ($this->error == Net_DNS2_Lookups::RCODE_BADTIME) {
$this->other_length = strlen($this->other_data);
if ($this->other_length != 6) {
return null;
}
} else {
$this->other_length = 0;
$this->other_data = '';
}
//
// pack the id, error and other_length
//
$data .= pack('nnn', $packet->header->id, $this->error, $this->other_length);
if ($this->other_length > 0) {
$data .= pack('nN', 0, $this->other_data);
}
$packet->offset += strlen($data);
return $data;
}
return null;
}
/**
* returns the rdata portion of the DNS packet
*
* @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for
* compressed names
*
* @return mixed either returns a binary packed
* string or null on failure
* @access protected
*
*/
protected function rrGet(Net_DNS2_Packet &$packet)
{
//
// parse the values out of the dates
//
preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigexp, $e);
preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigincep, $i);
//
// pack the value
//
$data = pack('nCCNNNn', Net_DNS2_Lookups::$rr_types_by_name[$this->typecovered], $this->algorithm, $this->labels, $this->origttl, gmmktime($e[4], $e[5], $e[6], $e[2], $e[3], $e[1]), gmmktime($i[4], $i[5], $i[6], $i[2], $i[3], $i[1]), $this->keytag);
//
// the signer name is special; it's not allowed to be compressed
// (see section 3.1.7)
//
$names = explode('.', strtolower($this->signname));
foreach ($names as $name) {
$data .= chr(strlen($name));
$data .= $name;
}
$data .= chr('0');
//
// if the signature is empty, and $this->private_key is an instance of a
// private key object, and we have access to openssl, then assume this
// is a SIG(0), and generate a new signature
//
if (strlen($this->signature) == 0 && $this->private_key instanceof Net_DNS2_PrivateKey && extension_loaded('openssl') === true) {
//
// create a new packet for the signature-
//
$new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN');
//
// copy the packet data over
//
$new_packet->copy($packet);
//
// remove the SIG object from the additional list
//
array_pop($new_packet->additional);
$new_packet->header->arcount = count($new_packet->additional);
//
// copy out the data
//
$sigdata = $data . $new_packet->get();
//
// based on the algorithm
//
$algorithm = 0;
switch ($this->algorithm) {
//
// MD5
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5:
$algorithm = OPENSSL_ALGO_MD5;
break;
//
// SHA1
//
//
// SHA1
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1:
$algorithm = OPENSSL_ALGO_SHA1;
break;
//
// un-supported
//
//
// un-supported
//
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSA:
//
// DSA won't work in PHP until the OpenSSL extension has
// better DSA support
//
//
// DSA won't work in PHP until the OpenSSL extension has
// better DSA support
//
case Net_DNS2_Lookups::DSNSEC_ALGORITHM_RSASHA1NSEC3SHA1:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512:
case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSANSEC3SHA1:
default:
throw new Net_DNS2_Exception('invalid or unsupported algorithm', Net_DNS2_Lookups::E_OPENSSL_INV_ALGO);
break;
}
//
// sign the data
//
if (openssl_sign($sigdata, $this->signature, $this->private_key->instance, $algorithm) == false) {
throw new Net_DNS2_Exception(openssl_error_string(), Net_DNS2_Lookups::E_OPENSSL_ERROR);
}
//
// add it locally encoded
//
$this->signature = base64_encode($this->signature);
}
//
// add the signature
//
$data .= base64_decode($this->signature);
return $data;
}
/**
* function to test parsing the individual RR's
*
* @return void
* @access public
*
*/
public function testParser()
{
$rrs = array('A' => 'example.com. 300 IN A 172.168.0.50', 'NS' => 'example.com. 300 IN NS ns1.mrdns.com.', 'CNAME' => 'example.com. 300 IN CNAME www.example.com.', 'SOA' => 'example.com. 300 IN SOA ns1.mrdns.com. help.mrhost.ca. 1278700841 900 1800 86400 21400', 'WKS' => 'example.com. 300 IN WKS 128.8.1.14 6 21 25', 'PTR' => '1.0.0.127.in-addr.arpa. 300 IN PTR localhost.', 'HINFO' => 'example.com. 300 IN HINFO "PC-Intel-700mhz" "Redhat \\"Linux\\" 7.1"', 'MX' => 'example.com. 300 IN MX 10 mx1.mrhost.ca.', 'TXT' => 'example.com. 300 IN TXT "first record" "another records" "a third"', 'RP' => 'example.com. 300 IN RP louie.trantor.umd.edu. lam1.people.test.com.', 'AFSDB' => 'example.com. 300 IN AFSDB 3 afsdb.example.com.', 'X25' => 'example.com. 300 IN X25 "311 06 17 0 09 56"', 'ISDN' => 'example.com. 300 IN ISDN "150 862 028 003 217" "42"', 'RT' => 'example.com. 300 IN RT 2 relay.prime.com.', 'NSAP' => 'example.com. 300 IN NSAP 0x47.0005.80.005a00.0000.0001.e133.aaaaaa000151.00', 'SIG' => 'example.com. 300 IN SIG DNSKEY 7 1 86400 20100827211706 20100822211706 57970 gov. KoWPhMtLHp8sWYZSgsMiYJKB9P71CQmh9CnxJCs5GutKfo7Jpw+nNnDLiNnsd6U1JSkf99rYRWCyOTAPC47xkHr+2Uh7n6HDJznfdCzRa/v9uwEcbXIxCZ7KfzNJewW3EvYAxDIrW6sY/4MAsjS5XM/O9LaWzw6pf7TX5obBbLI+zRECbPNTdY+RF6Fl9K0GVaEZJNYi2PRXnATwvwca2CNRWxeMT/dF5STUram3cWjH0Pkm19Gc1jbdzlZVDbUudDauWoHcc0mfH7PV1sMpe80NqK7yQ24AzAkXSiknO13itHsCe4LECUu0/OtnhHg2swwXaVTf5hqHYpzi3bQenw==', 'KEY' => 'example.com. 300 IN KEY 256 3 7 AwEAAYCXh/ZABi8kiJIDXYmyUlHzC0CHeBzqcpyZAIjC7dK1wkRYVcUvIlpTOpnOVVfcC3Py9Ui/x45qKb0LytvK7WYAe3WyOOwk5klwIqRC/0p4luafbd2yhRMF7quOBVqYrLoHwv8i9LrV+r8dhB7rXv/lkTSI6mEZsg5rDfee8Yy1', 'PX' => 'example.com. 300 IN PX 10 ab.net2.it. o-ab.prmd-net2.admdb.c-it.', 'AAAA' => 'example.com. 300 IN AAAA 1080:0:0:0:8:800:200c:417a', 'LOC' => 'example.com. 300 IN LOC 42 21 54.675 N 71 06 18.343 W 24.12m 30.00m 40.00m 5.00m', 'SRV' => 'example.com. 300 IN SRV 20 0 5269 xmpp-server2.l.google.com.', 'ATMA' => 'example.com. 300 IN ATMA 39246f00e7c9c0312000100100001234567800', 'NAPTR' => 'example.com. 300 IN NAPTR 100 10 "S" "SIP+D2U" "!^.*$!sip:customer-service@example.com!" _sip._udp.example.com.', 'KX' => 'example.com. 300 IN KX 10 mx1.mrhost.ca.', 'CERT' => 'example.com. 300 IN CERT 3 0 0 TUlJQ1hnSUJBQUtCZ1FDcXlqbzNFMTU0dFU1Um43ajlKTFZsOGIwcUlCSVpGWENFelZvanVJT1BsMTM0by9zcHkxSE1hQytiUGh3Wk1UYVd4QlJpZHBFbUprNlEwNFJNTXdqdkFyLzFKWjhnWThtTzdCdTh1RUROVkNWeG5rQkUzMHhDSjhHRTNzL3EyN2VWSXBCUGFtU1lkNDVKZjNIeVBRRE4yaU45RjVHdGlIa2E2OXNhcmtKUnJ3SURBUUFCQW9HQkFJaUtDQ1NEM2FFUEFjQUx1MjdWN0JmR1BYN3lDTVg0OSsyVDVwNXNJdkduQjcrQ0NZZ09QaVQybmlpMGJPNVBBOTlnZnhPQXl1WCs5Z3llclVQbUFSc1ViUzcvUndkNGorRUlOVW1DanJSK2R6dGVXT0syeGxHamFOdGNPZU5jMkVtelQyMFRsekxVeUxTWGpzMzVlU2NQK0loeVptM2xJd21vbWtNb2d1QkFrRUE0a1FsOVBxaTJ2MVBDeGJCelU4Nnphblo2b0hsV0IzMUh4MllCNmFLYXhjNkVOZHhVejFzNjU2VncrRDhSVGpoSllyeDdMVkxzZDBRaVZJM0liSjVvUUpCQU1FN3k0aHg0SCtnQU40MEdrYjNjTFZGNHNpSEZrNnA2QVZRdlpzREwvVnh3bVlOdE4rM0txT3NVcG11WXZ3a3h0ajhIQnZtckxUYStXb3NmRDQwS1U4Q1FRQ1dvNmhob1R3cmI5bmdHQmFQQ2VDc2JCaVkrRUlvbUVsSm5mcEpuYWNxQlJ5emVid0pIeXdVOGsvalNUYXJIMk5HQzJ0bG5JMzRyS1VGeDZiTTJIWUJBa0VBbXBYSWZPNkZKL1NMM1RlWGNnQ1A5U1RraVlHd2NkdnhGeGVCcDlvRDZ2cElCN2FkWlgrMko5dzY5R0VUSlI0U3loSGVOdC95ZUhqWm9YdlhKVGc3ZHdKQVpEamxwL25wNEFZV3JYaGFrMVAvNGZlaDVNSU5WVHNXQkhTNlRZNW0xRmZMUEpybklHNW1FSHNidWkvdnhuQ1JmRUR4ZlU1V1E0cS9HUkZuaVl3SHB3PT0=', 'DNAME' => 'example.com. 300 IN DNAME frobozz-division.acme.example.', 'APL' => 'example.com. 300 IN APL 1:224.0.0.0/4 2:a0:0:0:0:0:0:0:0/8 !1:192.168.38.0/28', 'DS' => 'example.com. 300 IN DS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba', 'SSHFP' => 'example.com. 300 IN SSHFP 2 1 123456789abcdef67890123456789abcdef67890', 'IPSECKEY' => 'example.com. 300 IN IPSECKEY 10 2 2 2001:db8:0:8002:0:0:2000:1 AQNRU3mG7TVTO2BkR47usntb102uFJtugbo6BSGvgqt4AQ==', 'RRSIG' => 'example.com. 300 IN RRSIG DNSKEY 7 1 86400 20100827211706 20100822211706 57970 gov. KoWPhMtLHp8sWYZSgsMiYJKB9P71CQmh9CnxJCs5GutKfo7Jpw+nNnDLiNnsd6U1JSkf99rYRWCyOTAPC47xkHr+2Uh7n6HDJznfdCzRa/v9uwEcbXIxCZ7KfzNJewW3EvYAxDIrW6sY/4MAsjS5XM/O9LaWzw6pf7TX5obBbLI+zRECbPNTdY+RF6Fl9K0GVaEZJNYi2PRXnATwvwca2CNRWxeMT/dF5STUram3cWjH0Pkm19Gc1jbdzlZVDbUudDauWoHcc0mfH7PV1sMpe80NqK7yQ24AzAkXSiknO13itHsCe4LECUu0/OtnhHg2swwXaVTf5hqHYpzi3bQenw==', 'NSEC' => 'example.com. 300 IN NSEC dog.poo.com. A MX RRSIG NSEC TYPE1234', 'DNSKEY' => 'example.com. 300 IN DNSKEY 256 3 7 AwEAAYCXh/ZABi8kiJIDXYmyUlHzC0CHeBzqcpyZAIjC7dK1wkRYVcUvIlpTOpnOVVfcC3Py9Ui/x45qKb0LytvK7WYAe3WyOOwk5klwIqRC/0p4luafbd2yhRMF7quOBVqYrLoHwv8i9LrV+r8dhB7rXv/lkTSI6mEZsg5rDfee8Yy1', 'DHCID' => 'example.com. 300 IN DHCID AAIBY2/AuCccgoJbsaxcQc9TUapptP69lOjxfNuVAA2kjEA=', 'NSEC3' => 'example.com. 300 IN NSEC3 1 1 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG', 'NSEC3PARAM' => 'example.com. 300 IN NSEC3PARAM 1 0 1 D399EAAB', 'TLSA' => '_443._tcp.www.example.com. 300 IN TLSA 1 1 2 92003ba34942dc74152e2f2c408d29eca5a520e7f2e06bb944f4dca346baf63c1b177615d466f6c4b71c216a50292bd58c9ebdd2f74e38fe51ffd48c43326cbc', 'HIP' => 'example.com. 300 IN HIP 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs.example.com. another.example.com. test.domain.org.', 'TALINK' => 'example.com. 300 IN TALINK c1.example.com. c3.example.com.', 'CDS' => 'example.com. 300 IN CDS 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba', 'OPENPGPKEY' => '8d5730bd8d76d417bf974c03f59eedb7af98cb5c3dc73ea8ebbd54b7._openpgpkey.example.com. 300 IN OPENPGPKEY AwEAAYCXh/ZABi8kiJIDXYmyUlHzC0CHeBzqcpyZAIjC7dK1wkRYVcUvIlpTOpnOVVfcC3Py9Ui/x45qKb0LytvK7WYAe3WyOOwk5klwIqRC/0p4luafbd2yhRMF7quOBVqYrLoHwv8i9LrV+r8dhB7rXv/lkTSI6mEZsg5rDfee8Yy1', 'CSYNC' => 'example.com. 300 IN CSYNC 1278700841 3 A NS AAAA', 'SPF' => 'example.com. 300 IN SPF "v=spf1 ip4:192.168.0.1/24 mx ?all"', 'NID' => 'example.com. 300 IN NID 10 14:4fff:ff20:ee64', 'L32' => 'example.com. 300 IN L32 10 10.1.2.0', 'L64' => 'example.com. 300 IN L64 10 2001:db8:1140:1000', 'LP' => 'example.com. 300 IN LP 10 l64-subnet1.example.com.', 'EUI48' => 'example.com. 300 IN EUI48 00-00-5e-00-53-2a', 'EUI64' => 'example.com. 300 IN EUI64 00-00-5e-ef-10-00-00-2a', 'TKEY' => 'example.com. 300 IN TKEY gss.microsoft.com. 3 123456.', 'URI' => 'example.com. 300 IN URI 10 1 "http://mrdns.com"', 'CAA' => 'example.com. 300 IN CAA 0 issue "ca.example.net; policy=ev"', 'TA' => 'example.com. 300 IN TA 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba', 'DLV' => 'example.com. 300 IN DLV 21366 7 2 96eeb2ffd9b00cd4694e78278b5efdab0a80446567b69f634da078f0d90f01ba');
foreach ($rrs as $rr => $line) {
$class_name = 'Net_DNS2_RR_' . $rr;
//
// create a new packet
//
if ($rr == 'PTR') {
$request = new Net_DNS2_Packet_Request('1.0.0.127.in-addr.arpa', $rr, 'IN');
} else {
$request = new Net_DNS2_Packet_Request('example.com', $rr, 'IN');
}
//
// parse the line
//
$a = Net_DNS2_RR::fromString($line);
//
// check that the object is right
//
$this->assertTrue($a instanceof $class_name);
//
// set it on the packet
//
$request->answer[] = $a;
$request->header->ancount = 1;
//
// get the binary packet data
//
$data = $request->get();
//
// parse the binary
//
$response = new Net_DNS2_Packet_Response($data, strlen($data));
//
// the answer data in the response, should match our initial line exactly
//
$this->assertSame($line, $response->answer[0]->__toString());
}
}
