Home       Trees       Indices       Help   
dnspython
Package dns :: Module dnssec
[hide private]
[frames] | no frames]

Module dnssec

source code

Common DNSSEC-related functions and constants.

Classes [hide private]
  UnsupportedAlgorithm
The DNSSEC algorithm is not supported.
  ValidationFailure
The DNSSEC signature is invalid.
  ECKeyWrapper
Functions [hide private]
 
algorithm_from_text(text)
Convert text into a DNSSEC algorithm value.		 source code
 
algorithm_to_text(value)
Convert a DNSSEC algorithm value to text		 source code
 
_to_rdata(record, origin) source code
 
key_id(key, origin=None)
Return the key id (a 16-bit number) for the specified key.		 source code
 
make_ds(name, key, algorithm, origin=None)
Create a DS record for a DNSSEC key.		 source code
 
_find_candidate_keys(keys, rrsig) source code
 
_is_rsa(algorithm) source code
 
_is_dsa(algorithm) source code
 
_is_ecdsa(algorithm) source code
 
_is_md5(algorithm) source code
 
_is_sha1(algorithm) source code
 
_is_sha256(algorithm) source code
 
_is_sha384(algorithm) source code
 
_is_sha512(algorithm) source code
 
_make_hash(algorithm) source code
 
_make_algorithm_id(algorithm) source code
 
_validate_rrsig(rrset, rrsig, keys, origin=None, now=None)
Validate an RRset against a single signature rdata		 source code
 
_validate(rrset, rrsigset, keys, origin=None, now=None)
Validate an RRset.		 source code
 
_need_pycrypto(*args, **kwargs) source code
 
validate(rrset, rrsigset, keys, origin=None, now=None)
Validate an RRset.		 source code
 
validate_rrsig(rrset, rrsig, keys, origin=None, now=None)
Validate an RRset against a single signature rdata		 source code
Variables [hide private]
  RSAMD5 = 1
  DH = 2
  DSA = 3
  ECC = 4
  RSASHA1 = 5
  DSANSEC3SHA1 = 6
  RSASHA1NSEC3SHA1 = 7
  RSASHA256 = 8
  RSASHA512 = 10
  ECDSAP256SHA256 = 13
  ECDSAP384SHA384 = 14
  INDIRECT = 252
  PRIVATEDNS = 253
  PRIVATEOID = 254
  _algorithm_by_text = {'DH': 2, 'DSA': 3, 'DSANSEC3SHA1': 6, 'E...
  _algorithm_by_value = {1: 'RSAMD5', 2: 'DH', 3: 'DSA', 4: 'ECC...
  _have_pycrypto = True
  _have_ecdsa = True
  __package__ = 'dns'
Function Details [hide private]

algorithm_from_text(text)

source code 

Convert text into a DNSSEC algorithm value.

Returns an ``int``.

algorithm_to_text(value)

source code 

Convert a DNSSEC algorithm value to text

Returns a ``str``.

key_id(key, origin=None)

source code 

Return the key id (a 16-bit number) for the specified key.

Note the *origin* parameter of this function is historical and is not needed.

Returns an ``int`` between 0 and 65535.

make_ds(name, key, algorithm, origin=None)

source code 

Create a DS record for a DNSSEC key.

*name* is the owner name of the DS record.

*key* is a ``dns.rdtypes.ANY.DNSKEY``.

*algorithm* is a string describing which hash algorithm to use. The currently supported hashes are "SHA1" and "SHA256". Case does not matter for these strings.

*origin* is a ``dns.name.Name`` and will be used as the origin if *key* is a relative name.

Returns a ``dns.rdtypes.ANY.DS``.

_validate_rrsig(rrset, rrsig, keys, origin=None, now=None)

source code 

Validate an RRset against a single signature rdata

The owner name of *rrsig* is assumed to be the same as the owner name of *rrset*.

*rrset* is the RRset to validate. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsig* is a ``dns.rdata.Rdata``, the signature to validate.

*keys* is the key dictionary, used to find the DNSKEY associated with a given name. The dictionary is keyed by a ``dns.name.Name``, and has ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures, in seconds since the UNIX epoch. The default is the current time.

_validate(rrset, rrsigset, keys, origin=None, now=None)

source code 

Validate an RRset.

*rrset* is the RRset to validate. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsigset* is the signature RRset to be validated. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*keys* is the key dictionary, used to find the DNSKEY associated with a given name. The dictionary is keyed by a ``dns.name.Name``, and has ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures, in seconds since the UNIX epoch. The default is the current time.

validate(rrset, rrsigset, keys, origin=None, now=None)

source code 

Validate an RRset.

*rrset* is the RRset to validate. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsigset* is the signature RRset to be validated. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*keys* is the key dictionary, used to find the DNSKEY associated with a given name. The dictionary is keyed by a ``dns.name.Name``, and has ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures, in seconds since the UNIX epoch. The default is the current time.

validate_rrsig(rrset, rrsig, keys, origin=None, now=None)

source code 

Validate an RRset against a single signature rdata

The owner name of *rrsig* is assumed to be the same as the owner name of *rrset*.

*rrset* is the RRset to validate. It can be a ``dns.rrset.RRset`` or a ``(dns.name.Name, dns.rdataset.Rdataset)`` tuple.

*rrsig* is a ``dns.rdata.Rdata``, the signature to validate.

*keys* is the key dictionary, used to find the DNSKEY associated with a given name. The dictionary is keyed by a ``dns.name.Name``, and has ``dns.node.Node`` or ``dns.rdataset.Rdataset`` values.

*origin* is a ``dns.name.Name``, the origin to use for relative names.

*now* is an ``int``, the time to use when validating the signatures, in seconds since the UNIX epoch. The default is the current time.


Variables Details [hide private]

_algorithm_by_text

Value:
{'DH': 2,
 'DSA': 3,
 'DSANSEC3SHA1': 6,
 'ECC': 4,
 'ECDSAP256SHA256': 13,
 'ECDSAP384SHA384': 14,
 'INDIRECT': 252,
 'PRIVATEDNS': 253,
...

_algorithm_by_value

Value:
{1: 'RSAMD5',
 2: 'DH',
 3: 'DSA',
 4: 'ECC',
 5: 'RSASHA1',
 6: 'DSANSEC3SHA1',
 7: 'RSASHA1NSEC3SHA1',
 8: 'RSASHA256',
...

   Home       Trees       Indices       Help   
dnspython
Generated by Epydoc 3.0.1 on Sat Dec 8 10:59:54 2018 http://epydoc.sourceforge.net