2023.10.02

- adds TLSA support - organization and comments
NetOpWibby · Oct 2, 2023 · 97851f4 · 97851f4
1 parent 0ebe276
commit 97851f4
Show file tree

Hide file tree

Showing 7 changed files with 109 additions and 9 deletions.
diff --git a/TODO.md b/TODO.md
@@ -4,3 +4,6 @@
 - [ ] get all tests running
 - [ ] figure out `rrtpyes` issue in the NSEC test
 - [ ] add examples
+- [ ] fix "Warning: query response not set"
+- [ ] fix "WARNING: recursion requested but not available"
+- [ ] when adding new record types, make sure to create `src/records/<record>.ts` and update `src/record.ts`
diff --git a/mod.ts b/mod.ts
@@ -33,6 +33,7 @@ export { RRSIG } from "./src/records/rrsig.ts";
 export { SSHFP } from "./src/records/sshfp.ts";
 export { SOA } from "./src/records/soa.ts";
 export { SRV } from "./src/records/srv.ts";
+export { TLSA } from "./src/records/tlsa.ts";
 export { TXT } from "./src/records/txt.ts";
 export { UNKNOWN } from "./src/records/unknown.ts";
 

diff --git a/src/default.ts b/src/default.ts
@@ -156,13 +156,20 @@ function processBuffer(rr) {
       return rr;
     }
 
-    case "TXT": {
-      if (typeof rr.data === "string")
-        rr.data = new Buffer(rr.data);
+    case "TLSA": {
+      if (typeof rr.data.certificate === "string")
+        rr.data.certificate = new Buffer(rr.data.certificate);
 
       return rr;
     }
 
+    // case "TXT": {
+    //   if (typeof rr.data === "string")
+    //     rr.data = new Buffer(rr.data);
+
+    //   return rr;
+    // }
+
     default:
       return rr;
   }

diff --git a/src/record.ts b/src/record.ts
@@ -22,6 +22,7 @@ import { RRSIG } from "./records/rrsig.ts";
 import { SOA } from "./records/soa.ts";
 import { SRV } from "./records/srv.ts";
 import { SSHFP } from "./records/sshfp.ts";
+import { TLSA } from "./records/tlsa.ts";
 import { TXT } from "./records/txt.ts";
 import { UNKNOWN } from "./records/unknown.ts";
 
@@ -90,6 +91,9 @@ export function Record(type) {
     case "SRV":
       return new SRV();
 
+    case "TLSA":
+      return new TLSA();
+
     case "TXT":
       return new TXT();
   }

diff --git a/src/records/nsec3.ts b/src/records/nsec3.ts
@@ -89,7 +89,13 @@ export class NSEC3 {
 
     this.decodeBytes = offset - oldOffset;
 
-    // if (this.encodeBytes - 2 < 0 || > 65535)
+    /// NOTE
+    /// : commented-out because we don't want blocking errors
+    ///   : error bubbles up to nameserver anyway
+
+    // const encodedValue = this.encodeBytes - 2;
+
+    // if (encodedValue < 0 || encodedValue > 65535)
     //   throw new Error("value is out of range");
 
     buf.writeUInt16BE(this.encodeBytes - 2, oldOffset);

diff --git a/src/records/tlsa.ts b/src/records/tlsa.ts
@@ -0,0 +1,70 @@
+
+
+
+/// import
+
+import { Buffer } from "node:buffer";
+
+
+
+/// export
+
+export class TLSA {
+  decodeBytes = 0;
+  encodeBytes = 0;
+
+  decode(buf, offset?) {
+    if (!offset)
+      offset = 0;
+
+    const cert: { [key: string]: unknown; } = {};
+    const length = buf.readUInt16BE(offset);
+    const oldOffset = offset;
+
+    offset += 2;
+    cert.usage = buf.readUInt8(offset);
+    offset += 1;
+    cert.selector = buf.readUInt8(offset);
+    offset += 1;
+    cert.matchingType = buf.readUInt8(offset);
+    offset += 1;
+    cert.certificate = buf.slice(offset, oldOffset + length + 2);
+    offset += (cert.certificate as Buffer).length;
+
+    this.decodeBytes = offset - oldOffset;
+    return cert;
+  }
+
+  encode(cert, buf?, offset?) {
+    if (!buf)
+      buf = Buffer.alloc(this.encodingLength(cert));
+
+    if (!offset)
+      offset = 0;
+
+    const oldOffset = offset;
+    const certdata = cert.certificate;
+
+    if (!Buffer.isBuffer(certdata))
+      throw new Error("Certificate must be a Buffer");
+
+    offset += 2; // Leave space for length
+    buf.writeUInt8(cert.usage, offset);
+    offset += 1;
+    buf.writeUInt8(cert.selector, offset);
+    offset += 1;
+    buf.writeUInt8(cert.matchingType, offset);
+    offset += 1;
+    certdata.copy(buf, offset, 0, certdata.length);
+    offset += certdata.length;
+
+    this.encodeBytes = offset - oldOffset;
+    buf.writeUInt16BE(this.encodeBytes - 2, oldOffset);
+
+    return buf;
+  }
+
+  encodingLength(cert) {
+    return 5 + Buffer.byteLength(cert.certificate);
+  }
+}
diff --git a/test.ts b/test.ts
@@ -475,6 +475,11 @@ Deno.test("soa", () => {
   });
 });
 
+Deno.test("srv", () => {
+  testEncoder(new Packet.SRV(), { port: 9999, target: "hello.world.examplename" });
+  testEncoder(new Packet.SRV(), { port: 9999, priority: 42, target: "hello.world.examplename",  weight: 10 });
+});
+
 Deno.test("sshfp", () => {
   testEncoder(new Packet.SSHFP(), {
     algorithm: 1,
@@ -483,11 +488,6 @@ Deno.test("sshfp", () => {
   });
 });
 
-Deno.test("srv", () => {
-  testEncoder(new Packet.SRV(), { port: 9999, target: "hello.world.examplename" });
-  testEncoder(new Packet.SRV(), { port: 9999, priority: 42, target: "hello.world.examplename",  weight: 10 });
-});
-
 Deno.test("stream", () => {
   const packet = new Packet.Stream();
 
@@ -518,6 +518,15 @@ Deno.test("stream", () => {
   assertStrictEquals(compare(answer1.data, answer2.data), true, "streamDecoded RR rdata match");
 });
 
+Deno.test("tlsa", () => {
+  testEncoder(new Packet.TLSA(), {
+    certificate: Buffer.from([0, 1, 2, 3, 4, 5]),
+    matchingType: 1,
+    selector: 1,
+    usage: 3
+  });
+});
+
 Deno.test("txt", () => {
   testEncoder(new Packet.TXT(), []);
   testEncoder(new Packet.TXT(), ["hello world"]);