| from typing import Dict, Optional, Tuple, Type, Union |
|
|
| import dns.name |
| from dns.dnssecalgs.base import GenericPrivateKey |
| from dns.dnssectypes import Algorithm |
| from dns.exception import UnsupportedAlgorithm |
| from dns.rdtypes.ANY.DNSKEY import DNSKEY |
|
|
| if dns._features.have("dnssec"): |
| from dns.dnssecalgs.dsa import PrivateDSA, PrivateDSANSEC3SHA1 |
| from dns.dnssecalgs.ecdsa import PrivateECDSAP256SHA256, PrivateECDSAP384SHA384 |
| from dns.dnssecalgs.eddsa import PrivateED448, PrivateED25519 |
| from dns.dnssecalgs.rsa import ( |
| PrivateRSAMD5, |
| PrivateRSASHA1, |
| PrivateRSASHA1NSEC3SHA1, |
| PrivateRSASHA256, |
| PrivateRSASHA512, |
| ) |
|
|
| _have_cryptography = True |
| else: |
| _have_cryptography = False |
|
|
| AlgorithmPrefix = Optional[Union[bytes, dns.name.Name]] |
|
|
| algorithms: Dict[Tuple[Algorithm, AlgorithmPrefix], Type[GenericPrivateKey]] = {} |
| if _have_cryptography: |
| algorithms.update( |
| { |
| (Algorithm.RSAMD5, None): PrivateRSAMD5, |
| (Algorithm.DSA, None): PrivateDSA, |
| (Algorithm.RSASHA1, None): PrivateRSASHA1, |
| (Algorithm.DSANSEC3SHA1, None): PrivateDSANSEC3SHA1, |
| (Algorithm.RSASHA1NSEC3SHA1, None): PrivateRSASHA1NSEC3SHA1, |
| (Algorithm.RSASHA256, None): PrivateRSASHA256, |
| (Algorithm.RSASHA512, None): PrivateRSASHA512, |
| (Algorithm.ECDSAP256SHA256, None): PrivateECDSAP256SHA256, |
| (Algorithm.ECDSAP384SHA384, None): PrivateECDSAP384SHA384, |
| (Algorithm.ED25519, None): PrivateED25519, |
| (Algorithm.ED448, None): PrivateED448, |
| } |
| ) |
|
|
|
|
| def get_algorithm_cls( |
| algorithm: Union[int, str], prefix: AlgorithmPrefix = None |
| ) -> Type[GenericPrivateKey]: |
| """Get Private Key class from Algorithm. |
| |
| *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. |
| |
| Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. |
| |
| Returns a ``dns.dnssecalgs.GenericPrivateKey`` |
| """ |
| algorithm = Algorithm.make(algorithm) |
| cls = algorithms.get((algorithm, prefix)) |
| if cls: |
| return cls |
| raise UnsupportedAlgorithm( |
| 'algorithm "%s" not supported by dnspython' % Algorithm.to_text(algorithm) |
| ) |
|
|
|
|
| def get_algorithm_cls_from_dnskey(dnskey: DNSKEY) -> Type[GenericPrivateKey]: |
| """Get Private Key class from DNSKEY. |
| |
| *dnskey*, a ``DNSKEY`` to get Algorithm class for. |
| |
| Raises ``UnsupportedAlgorithm`` if the algorithm is unknown. |
| |
| Returns a ``dns.dnssecalgs.GenericPrivateKey`` |
| """ |
| prefix: AlgorithmPrefix = None |
| if dnskey.algorithm == Algorithm.PRIVATEDNS: |
| prefix, _ = dns.name.from_wire(dnskey.key, 0) |
| elif dnskey.algorithm == Algorithm.PRIVATEOID: |
| length = int(dnskey.key[0]) |
| prefix = dnskey.key[0 : length + 1] |
| return get_algorithm_cls(dnskey.algorithm, prefix) |
|
|
|
|
| def register_algorithm_cls( |
| algorithm: Union[int, str], |
| algorithm_cls: Type[GenericPrivateKey], |
| name: Optional[Union[dns.name.Name, str]] = None, |
| oid: Optional[bytes] = None, |
| ) -> None: |
| """Register Algorithm Private Key class. |
| |
| *algorithm*, a ``str`` or ``int`` specifying the DNSKEY algorithm. |
| |
| *algorithm_cls*: A `GenericPrivateKey` class. |
| |
| *name*, an optional ``dns.name.Name`` or ``str``, for for PRIVATEDNS algorithms. |
| |
| *oid*: an optional BER-encoded `bytes` for PRIVATEOID algorithms. |
| |
| Raises ``ValueError`` if a name or oid is specified incorrectly. |
| """ |
| if not issubclass(algorithm_cls, GenericPrivateKey): |
| raise TypeError("Invalid algorithm class") |
| algorithm = Algorithm.make(algorithm) |
| prefix: AlgorithmPrefix = None |
| if algorithm == Algorithm.PRIVATEDNS: |
| if name is None: |
| raise ValueError("Name required for PRIVATEDNS algorithms") |
| if isinstance(name, str): |
| name = dns.name.from_text(name) |
| prefix = name |
| elif algorithm == Algorithm.PRIVATEOID: |
| if oid is None: |
| raise ValueError("OID required for PRIVATEOID algorithms") |
| prefix = bytes([len(oid)]) + oid |
| elif name: |
| raise ValueError("Name only supported for PRIVATEDNS algorithm") |
| elif oid: |
| raise ValueError("OID only supported for PRIVATEOID algorithm") |
| algorithms[(algorithm, prefix)] = algorithm_cls |
|
|
