/** * returns the rdata portion of the DNS packet * * @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for * compressed names * * @return mixed either returns a binary packed * string or null on failure * @access protected * */ protected function rrGet(Net_DNS2_Packet &$packet) { // // parse the values out of the dates // preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigexp, $e); preg_match('/(\\d{4})(\\d{2})(\\d{2})(\\d{2})(\\d{2})(\\d{2})/', $this->sigincep, $i); // // pack the value // $data = pack('nCCNNNn', Net_DNS2_Lookups::$rr_types_by_name[$this->typecovered], $this->algorithm, $this->labels, $this->origttl, gmmktime($e[4], $e[5], $e[6], $e[2], $e[3], $e[1]), gmmktime($i[4], $i[5], $i[6], $i[2], $i[3], $i[1]), $this->keytag); // // the signer name is special; it's not allowed to be compressed // (see section 3.1.7) // $names = explode('.', strtolower($this->signname)); foreach ($names as $name) { $data .= chr(strlen($name)); $data .= $name; } $data .= chr('0'); // // if the signature is empty, and $this->private_key is an instance of a // private key object, and we have access to openssl, then assume this // is a SIG(0), and generate a new signature // if (strlen($this->signature) == 0 && $this->private_key instanceof Net_DNS2_PrivateKey && extension_loaded('openssl') === true) { // // create a new packet for the signature- // $new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN'); // // copy the packet data over // $new_packet->copy($packet); // // remove the SIG object from the additional list // array_pop($new_packet->additional); $new_packet->header->arcount = count($new_packet->additional); // // copy out the data // $sigdata = $data . $new_packet->get(); // // based on the algorithm // $algorithm = 0; switch ($this->algorithm) { // // MD5 // case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5: $algorithm = OPENSSL_ALGO_MD5; break; // // SHA1 // // // SHA1 // case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1: $algorithm = OPENSSL_ALGO_SHA1; break; // // un-supported // // // un-supported // case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSA: // // DSA won't work in PHP until the OpenSSL extension has // better DSA support // // // DSA won't work in PHP until the OpenSSL extension has // better DSA support // case Net_DNS2_Lookups::DSNSEC_ALGORITHM_RSASHA1NSEC3SHA1: case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256: case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512: case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSANSEC3SHA1: default: throw new Net_DNS2_Exception('invalid or unsupported algorithm', Net_DNS2_Lookups::E_OPENSSL_INV_ALGO); break; } // // sign the data // if (openssl_sign($sigdata, $this->signature, $this->private_key->instance, $algorithm) == false) { throw new Net_DNS2_Exception(openssl_error_string(), Net_DNS2_Lookups::E_OPENSSL_ERROR); } // // add it locally encoded // $this->signature = base64_encode($this->signature); } // // add the signature // $data .= base64_decode($this->signature); return $data; }
/** * returns the rdata portion of the DNS packet * * @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for * compressed names * * @return mixed either returns a binary packed * string or null on failure * @access protected * */ protected function rrGet(Net_DNS2_Packet &$packet) { if (strlen($this->key) > 0) { // // create a new packet for the signature- // $new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN'); // // copy the packet data over // $new_packet->copy($packet); // // remove the TSIG object from the additional list // array_pop($new_packet->additional); $new_packet->header->arcount = count($new_packet->additional); // // copy out the data // $sig_data = $new_packet->get(); // // add the name without compressing // $sig_data .= Net_DNS2_Packet::pack($this->name); // // add the class and TTL // $sig_data .= pack('nN', Net_DNS2_Lookups::$classes_by_name[$this->class], $this->ttl); // // add the algorithm name without compression // $sig_data .= Net_DNS2_Packet::pack(strtolower($this->algorithm)); // // add the rest of the values // $sig_data .= pack('nNnnn', 0, $this->time_signed, $this->fudge, $this->error, $this->other_length); if ($this->other_length > 0) { $sig_data .= pack('nN', 0, $this->other_data); } // // sign the data // $this->mac = $this->_signHMAC($sig_data, base64_decode($this->key), $this->algorithm); $this->mac_size = strlen($this->mac); // // compress the algorithm // $data = Net_DNS2_Packet::pack(strtolower($this->algorithm)); // // pack the time, fudge and mac size // $data .= pack('nNnn', 0, $this->time_signed, $this->fudge, $this->mac_size); $data .= $this->mac; // // check the error and other_length // if ($this->error == Net_DNS2_Lookups::RCODE_BADTIME) { $this->other_length = strlen($this->other_data); if ($this->other_length != 6) { return null; } } else { $this->other_length = 0; $this->other_data = ''; } // // pack the id, error and other_length // $data .= pack('nnn', $packet->header->id, $this->error, $this->other_length); if ($this->other_length > 0) { $data .= pack('nN', 0, $this->other_data); } $packet->offset += strlen($data); return $data; } return null; }