diff options
| author | JINMEI Tatuya <jinmei@isc.org> | 2011-05-06 18:02:17 +0200 |
|---|---|---|
| committer | JINMEI Tatuya <jinmei@isc.org> | 2011-05-06 18:02:17 +0200 |
| commit | cabd3b127cf5ab2b916c5717992338316496de8b (patch) | |
| tree | d059450b4519df4e8a858ec1b95f118a32bb857a | |
| parent | [trac893] temporary change for short signatures: modify cryptolink to reject (diff) | |
| download | kea-cabd3b127cf5ab2b916c5717992338316496de8b.tar.xz kea-cabd3b127cf5ab2b916c5717992338316496de8b.zip | |
[trac893] added a new utility method, TSIGError::toRcode().
| -rw-r--r-- | src/lib/dns/tests/tsigerror_unittest.cc | 14 | ||||
| -rw-r--r-- | src/lib/dns/tsigerror.cc | 11 | ||||
| -rw-r--r-- | src/lib/dns/tsigerror.h | 16 |
3 files changed, 41 insertions, 0 deletions
diff --git a/src/lib/dns/tests/tsigerror_unittest.cc b/src/lib/dns/tests/tsigerror_unittest.cc index 58665878f4..bb08aef9b1 100644 --- a/src/lib/dns/tests/tsigerror_unittest.cc +++ b/src/lib/dns/tests/tsigerror_unittest.cc @@ -93,6 +93,20 @@ TEST(TSIGErrorTest, toText) { EXPECT_EQ("65535", TSIGError(65535).toText()); } +TEST(TSIGErrorTest, toRcode) { + // TSIGError derived from the standard Rcode + EXPECT_EQ(Rcode::NOERROR(), TSIGError(Rcode::NOERROR()).toRcode()); + + // Well known TSIG errors + EXPECT_EQ(Rcode::NOTAUTH(), TSIGError::BAD_SIG().toRcode()); + EXPECT_EQ(Rcode::NOTAUTH(), TSIGError::BAD_KEY().toRcode()); + EXPECT_EQ(Rcode::NOTAUTH(), TSIGError::BAD_TIME().toRcode()); + + // Unknown (or not yet supported) codes are treated as SERVFAIL. + EXPECT_EQ(Rcode::SERVFAIL(), TSIGError(19).toRcode()); + EXPECT_EQ(Rcode::SERVFAIL(), TSIGError(65535).toRcode()); +} + // test operator<<. We simply confirm it appends the result of toText(). TEST(TSIGErrorTest, LeftShiftOperator) { ostringstream oss; diff --git a/src/lib/dns/tsigerror.cc b/src/lib/dns/tsigerror.cc index e63c9ab2dd..36ef47da10 100644 --- a/src/lib/dns/tsigerror.cc +++ b/src/lib/dns/tsigerror.cc @@ -49,6 +49,17 @@ TSIGError::toText() const { } } +Rcode +TSIGError::toRcode() const { + if (code_ <= MAX_RCODE_FOR_TSIGERROR) { + return (Rcode(code_)); + } + if (code_ > BAD_TIME_CODE) { + return (Rcode::SERVFAIL()); + } + return (Rcode::NOTAUTH()); +} + std::ostream& operator<<(std::ostream& os, const TSIGError& error) { return (os << error.toText()); diff --git a/src/lib/dns/tsigerror.h b/src/lib/dns/tsigerror.h index 4463daf5b9..9794c41680 100644 --- a/src/lib/dns/tsigerror.h +++ b/src/lib/dns/tsigerror.h @@ -125,6 +125,22 @@ public: /// \return A string representation of the \c TSIGError. std::string toText() const; + /// \brief Convert the \c TSIGError to a \c Rcode + /// + /// This method returns an \c Rcode object that is corresponding to + /// the TSIG error. The returned \c Rcode is expected to be used + /// by a verifying server to specify the RCODE of a response when + /// TSIG verification fails. + /// + /// Specifically, this method returns \c Rcode::NOTAUTH() for the + /// TSIG specific errors, BADSIG, BADKEY, BADTIME, as described in + /// RFC2845. For errors derived from the standard Rcode (code 0-15), + /// it returns the corresponding \c Rcode. For others, this method + /// returns \c Rcode::SERVFAIL() as a last resort. + /// + /// \exception None + Rcode toRcode() const; + /// A constant TSIG error object derived from \c Rcode::NOERROR() static const TSIGError& NOERROR(); |