From f709187ecf508c5eaa196602f3033bdd06e00ac0 Mon Sep 17 00:00:00 2001 From: Stricted Date: Mon, 23 Feb 2015 11:21:04 +0100 Subject: [PATCH] improve convertOwner method --- lib/util/DNSSECUtil.class.php | 40 +++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 18 deletions(-) diff --git a/lib/util/DNSSECUtil.class.php b/lib/util/DNSSECUtil.class.php index c0cb159..ef21f43 100644 --- a/lib/util/DNSSECUtil.class.php +++ b/lib/util/DNSSECUtil.class.php @@ -7,6 +7,8 @@ namespace dns\util; * @copyright 2015 Jan Altensen (Stricted) */ class DNSSECUtil { + // see: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml + public static $availableAlgorithm = array(3, 5, 6, 7, 8, 10, 12, 13, 14); /** * calculate the DS record for parent zone @@ -38,24 +40,22 @@ class DNSSECUtil { * @return string */ public static function convertOwner ($owner) { - $return = ''; - - $data = explode(".", $owner); - $return .= '0'.dechex(strlen($data[0])); - $data[0] = str_split($data[0]); - for ($i = 0; $i < count($data[0]); $i++) { - $byte = strtoupper(dechex(ord($data[0][$i]))); - $byte = str_repeat('0', 2 - strlen($byte)).$byte; - $return .= $byte; + if (substr($owner, -1) == '.') { + $owner = substr($owner, 0, -1); } - $return .= '0'.dechex(strlen($data[1])); - $data[1] = str_split($data[1]); + $return = ''; - for ($i = 0; $i < count($data[1]); $i++) { - $byte = strtoupper(dechex(ord($data[1][$i]))); - $byte = str_repeat('0', 2 - strlen($byte)).$byte; - $return .= $byte; + $parts = explode(".", $owner); + foreach ($parts as $part) { + $len = dechex(strlen($part)); + $return .= str_repeat('0', 2 - strlen($len)).$len; + $part = str_split($part); + for ($i = 0; $i < count($part); $i++) { + $byte = strtoupper(dechex(ord($part[$i]))); + $byte = str_repeat('0', 2 - strlen($byte)).$byte; + $return .= $byte; + } } $return .= '00'; @@ -69,7 +69,7 @@ class DNSSECUtil { * @param string $content * @return boolean */ - public static function validatePublicKey ($content) { + public static function validatePublicKey ($content) { $pattern = "; This is a (key|zone)-signing key, keyid (?P[0-9]+), for (?P[\s\S]+)\.\n"; $pattern .= "; Created: (?P[0-9]+) \(([a-z0-9: ]+)\)\n"; $pattern .= "; Publish: (?P[0-9]+) \(([a-z0-9: ]+)\)\n"; @@ -77,7 +77,7 @@ class DNSSECUtil { $pattern .= "([\s\S]+). IN DNSKEY 25(6|7) 3 (?P[0-9]+) (?P[\s\S]+)(\n)?"; preg_match('/'.$pattern.'/i', $content, $matches); if (!empty($matches)) { - if (!in_array($matches['algorithm'], array(1, 2, 3, 5, 6, 7, 8, 10, 12, 13, 14))) { + if (!in_array($matches['algorithm'], self::$availableAlgorithm)) { return false; } @@ -106,6 +106,7 @@ class DNSSECUtil { $pattern .= "Algorithm: (?P[0-9]+) \(([0-9a-z\-]+)\)\n"; $pattern .= "Modulus: (?P[\s\S]+)\n"; $pattern .= "PublicExponent: (?P[\s\S]+)\n"; + $pattern .= "PrivateExponent: (?P[\s\S]+)\n"; $pattern .= "Prime1: (?P[\s\S]+)\n"; $pattern .= "Prime2: (?P[\s\S]+)\n"; $pattern .= "Exponent1: (?P[\s\S]+)\n"; @@ -117,7 +118,7 @@ class DNSSECUtil { preg_match('/'.$pattern.'/i', $content, $matches); if (!empty($matches)) { - if (!in_array($matches['algorithm'], array(1, 2, 3, 5, 6, 7, 8, 10, 12, 13, 14))) { + if (!in_array($matches['algorithm'], self::$availableAlgorithm)) { return false; } else if (base64_encode(base64_decode($matches['modulus'], true)) !== $matches['modulus']) { @@ -126,6 +127,9 @@ class DNSSECUtil { else if (base64_encode(base64_decode($matches['publicexponent'], true)) !== $matches['publicexponent']) { return false; } + else if (base64_encode(base64_decode($matches['privatexponent'], true)) !== $matches['privatexponent']) { + return false; + } else if (base64_encode(base64_decode($matches['prime1'], true)) !== $matches['prime1']) { return false; } -- 2.20.1