5 * @author Jan Altensen (Stricted)
6 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
7 * @copyright 2015-2016 Jan Altensen (Stricted)
10 // see: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml
11 public static $availableAlgorithm = array(3, 5, 6, 7, 8, 10, 12, 13, 14);
14 * calculate the DS record for parent zone
16 * @param string $owner
17 * @param string $algorithm
18 * @param string $publicKey
21 public static function calculateDS ($owner, $algorithm, $publicKey) {
22 $owner = self
::convertOwner($owner);
25 $algorithm = '0'.dechex($algorithm);
26 $publicKey = bin2hex(base64_decode($publicKey));
28 $string = hex2bin($owner.$flags.$protocol.$algorithm.$publicKey);
30 $sha1 = strtoupper(sha1($string));
31 $sha256 = strtoupper(hash('sha256', $string));
33 return array('sha1' => $sha1, 'sha256' => $sha256);
37 * convert the domain name to HEX
39 * @param string $owner
42 public static function convertOwner ($owner) {
43 if (substr($owner, -1) == '.') {
44 $owner = substr($owner, 0, -1);
49 $parts = explode(".", $owner);
50 foreach ($parts as $part) {
51 $len = dechex(strlen($part));
52 $return .= str_repeat('0', 2 - strlen($len)).$len;
53 $part = str_split($part);
54 $count = count($part);
55 for ($i = 0; $i < $count; $i++
) {
56 $byte = strtoupper(dechex(ord($part[$i])));
57 $byte = str_repeat('0', 2 - strlen($byte)).$byte;
68 * validate DNSSEC public key
70 * @param string $content
73 public static function validatePublicKey ($content) {
75 $content = preg_replace("/(\r\n)|(\r)/", "\n", $content);
77 $pattern = "; This is a (key|zone)-signing key, keyid (?P<keyid>[0-9]+), for (?P<domain>[\s\S]+)\.\n";
78 $pattern .= "; Created: (?P<created>[0-9]+) \(([a-z0-9: ]+)\)\n";
79 $pattern .= "; Publish: (?P<publish>[0-9]+) \(([a-z0-9: ]+)\)\n";
80 $pattern .= "; Activate: (?P<activate>[0-9]+) \(([a-z0-9: ]+)\)\n";
81 $pattern .= "([\s\S]+). IN DNSKEY 25(6|7) 3 (?P<algorithm>[0-9]+) (?P<key>[\s\S]+)(\n)?";
82 preg_match('/'.$pattern.'/i', $content, $matches);
83 if (!empty($matches)) {
84 if (!in_array($matches['algorithm'], self
::$availableAlgorithm)) {
88 $data = explode(' ', $matches['key']);
89 foreach ($data as $d) {
90 if (base64_encode(base64_decode($d, true)) !== $d) {
103 * validate DNSSEC private key
105 * @param string $content
108 public static function validatePrivateKey ($content) {
110 $content = preg_replace("/(\r\n)|(\r)/", "\n", $content);
112 $pattern = "Private-key-format: v([0-9a-z.]+)\n";
113 $pattern .= "Algorithm: (?P<algorithm>[0-9]+) \(([0-9a-z\-]+)\)\n";
114 $pattern .= "Modulus: (?P<modulus>[\s\S]+)\n";
115 $pattern .= "PublicExponent: (?P<publicexponent>[\s\S]+)\n";
116 $pattern .= "PrivateExponent: (?P<privatexponent>[\s\S]+)\n";
117 $pattern .= "Prime1: (?P<prime1>[\s\S]+)\n";
118 $pattern .= "Prime2: (?P<prime2>[\s\S]+)\n";
119 $pattern .= "Exponent1: (?P<exponent1>[\s\S]+)\n";
120 $pattern .= "Exponent2: (?P<exponent2>[\s\S]+)\n";
121 $pattern .= "Coefficient: (?P<coefficient>[\s\S]+)\n";
122 $pattern .= "Created: (?P<created>[0-9]+)\n";
123 $pattern .= "Publish: (?P<publish>[0-9]+)\n";
124 $pattern .= "Activate: (?P<activate>[0-9]+)(\n)?";
126 preg_match('/'.$pattern.'/i', $content, $matches);
127 if (!empty($matches)) {
128 if (!in_array($matches['algorithm'], self
::$availableAlgorithm)) {
131 else if (base64_encode(base64_decode($matches['modulus'], true)) !== $matches['modulus']) {
134 else if (base64_encode(base64_decode($matches['publicexponent'], true)) !== $matches['publicexponent']) {
137 else if (base64_encode(base64_decode($matches['privatexponent'], true)) !== $matches['privatexponent']) {
140 else if (base64_encode(base64_decode($matches['prime1'], true)) !== $matches['prime1']) {
143 else if (base64_encode(base64_decode($matches['prime2'], true)) !== $matches['prime2']) {
146 else if (base64_encode(base64_decode($matches['exponent1'], true)) !== $matches['exponent1']) {
149 else if (base64_encode(base64_decode($matches['exponent2'], true)) !== $matches['exponent2']) {
152 else if (base64_encode(base64_decode($matches['coefficient'], true)) !== $matches['coefficient']) {