Google Git
Sign in
fuchsia / fuchsia / b4fed69bf368b7d12b4c76f9068af440399f5622 / . / third_party / rust_crates / vendor / trust-dns-proto / src / rr / dnssec / rdata / mod.rs
blob: 21f732ca98495153435921810ba66c36085a6e64 [file] [log] [blame]
/*
* Copyright (C) 2015 Benjamin Fry <benjaminfry@me.com>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
//! All record data structures and related serialization methods
// TODO: these should each be it's own struct, it would make parsing and decoding a little cleaner
// and also a little more ergonomic when accessing.
// each of these module's has the parser for that rdata embedded, to keep the file sizes down...
pub mod dnskey;
pub mod ds;
pub mod key;
pub mod nsec;
pub mod nsec3;
pub mod nsec3param;
pub mod sig;
use std::str::FromStr;
use enum_as_inner::EnumAsInner;
use log::debug;
use crate::error::*;
use crate::rr::rdata::null;
use crate::rr::rdata::NULL;
use crate::serialize::binary::*;
pub use self::dnskey::DNSKEY;
pub use self::ds::DS;
pub use self::key::KEY;
pub use self::nsec::NSEC;
pub use self::nsec3::NSEC3;
pub use self::nsec3param::NSEC3PARAM;
pub use self::sig::SIG;
/// The type of the resource record, for DNSSEC-specific records.
#[derive(Debug, PartialEq, Eq, Hash, Copy, Clone)]
pub enum DNSSECRecordType {
// CDS, // 59 RFC 7344 Child DS
// CDNSKEY, // 60 RFC 7344 Child DNSKEY
// DLV, // 32769 RFC 4431 DNSSEC Lookaside Validation record
/// RFC 4034 DNS Key record: RSASHA256 and RSASHA512, RFC5702
DNSKEY,
/// RFC 4034 Delegation signer: RSASHA256 and RSASHA512, RFC5702
DS,
/// RFC 2535[3] and RFC 2930[4] Key record
KEY,
/// RFC 4034 Next-Secure record
NSEC,
/// RFC 5155 NSEC record version 3
NSEC3,
/// RFC 5155 NSEC3 parameters
NSEC3PARAM,
/// RFC 4034 DNSSEC signature: RSASHA256 and RSASHA512, RFC5702
RRSIG,
/// RFC 2535 (2931) Signature, to support 2137 Update.
///
/// This isn't really a DNSSEC record type, but it is here because, at least
/// for now, we enable/disable SIG(0) in exactly the same circumstances that
/// we enable/disable DNSSEC. This may change in the future.
SIG,
/// Unknown or not yet supported DNSSec record type
Unknown(u16),
}
impl FromStr for DNSSECRecordType {
type Err = ProtoError;
fn from_str(str: &str) -> ProtoResult<Self> {
match str {
"DNSKEY" => Ok(DNSSECRecordType::DNSKEY),
"DS" => Ok(DNSSECRecordType::DS),
"KEY" => Ok(DNSSECRecordType::KEY),
"NSEC" => Ok(DNSSECRecordType::NSEC),
"NSEC3" => Ok(DNSSECRecordType::NSEC3),
"NSEC3PARAM" => Ok(DNSSECRecordType::NSEC3PARAM),
"RRSIG" => Ok(DNSSECRecordType::RRSIG),
"SIG" => Ok(DNSSECRecordType::SIG),
_ => Err(ProtoErrorKind::UnknownRecordTypeStr(str.to_string()).into()),
}
}
}
impl From<u16> for DNSSECRecordType {
fn from(value: u16) -> Self {
match value {
48 => DNSSECRecordType::DNSKEY,
43 => DNSSECRecordType::DS,
25 => DNSSECRecordType::KEY,
47 => DNSSECRecordType::NSEC,
50 => DNSSECRecordType::NSEC3,
51 => DNSSECRecordType::NSEC3PARAM,
46 => DNSSECRecordType::RRSIG,
24 => DNSSECRecordType::SIG,
_ => DNSSECRecordType::Unknown(value),
}
}
}
impl From<DNSSECRecordType> for &'static str {
fn from(rt: DNSSECRecordType) -> &'static str {
match rt {
DNSSECRecordType::DNSKEY => "DNSKEY",
DNSSECRecordType::DS => "DS",
DNSSECRecordType::KEY => "KEY",
DNSSECRecordType::NSEC => "NSEC",
DNSSECRecordType::NSEC3 => "NSEC3",
DNSSECRecordType::NSEC3PARAM => "NSEC3PARAM",
DNSSECRecordType::RRSIG => "RRSIG",
DNSSECRecordType::SIG => "SIG",
DNSSECRecordType::Unknown(..) => "DnsSecUnknown",
}
}
}
impl From<DNSSECRecordType> for u16 {
fn from(rt: DNSSECRecordType) -> Self {
match rt {
DNSSECRecordType::KEY => 25,
DNSSECRecordType::DNSKEY => 48,
DNSSECRecordType::DS => 43,
DNSSECRecordType::NSEC => 47,
DNSSECRecordType::NSEC3 => 50,
DNSSECRecordType::NSEC3PARAM => 51,
DNSSECRecordType::RRSIG => 46,
DNSSECRecordType::SIG => 24,
DNSSECRecordType::Unknown(value) => value,
}
}
}
/// Record data enum variants for DNSSEC-specific records.
#[derive(Debug, EnumAsInner, PartialEq, Clone, Eq)]
pub enum DNSSECRData {
/// ```text
/// RFC 4034 DNSSEC Resource Records March 2005
///
/// 2.1. DNSKEY RDATA Wire Format
///
/// The RDATA for a DNSKEY RR consists of a 2 octet Flags Field, a 1
/// octet Protocol Field, a 1 octet Algorithm Field, and the Public Key
/// Field.
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Flags | Protocol | Algorithm |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / /
/// / Public Key /
/// / /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
///
/// 2.1.1. The Flags Field
///
/// Bit 7 of the Flags field is the Zone Key flag. If bit 7 has value 1,
/// then the DNSKEY record holds a DNS zone key, and the DNSKEY RR's
/// owner name MUST be the name of a zone. If bit 7 has value 0, then
/// the DNSKEY record holds some other type of DNS public key and MUST
/// NOT be used to verify RRSIGs that cover RRsets.
///
/// Bit 15 of the Flags field is the Secure Entry Point flag, described
/// in [RFC3757]. If bit 15 has value 1, then the DNSKEY record holds a
/// key intended for use as a secure entry point. This flag is only
/// intended to be a hint to zone signing or debugging software as to the
/// intended use of this DNSKEY record; validators MUST NOT alter their
/// behavior during the signature validation process in any way based on
/// the setting of this bit. This also means that a DNSKEY RR with the
/// SEP bit set would also need the Zone Key flag set in order to be able
/// to generate signatures legally. A DNSKEY RR with the SEP set and the
/// Zone Key flag not set MUST NOT be used to verify RRSIGs that cover
/// RRsets.
///
/// Bits 0-6 and 8-14 are reserved: these bits MUST have value 0 upon
/// creation of the DNSKEY RR and MUST be ignored upon receipt.
///
/// RFC 5011 Trust Anchor Update September 2007
///
/// 7. IANA Considerations
///
/// The IANA has assigned a bit in the DNSKEY flags field (see Section 7
/// of [RFC4034]) for the REVOKE bit (8).
/// ```
DNSKEY(DNSKEY),
/// ```text
/// 5.1. DS RDATA Wire Format
///
/// The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet
/// Algorithm field, a 1 octet Digest Type field, and a Digest field.
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Key Tag | Algorithm | Digest Type |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / /
/// / Digest /
/// / /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
///
/// 5.1.1. The Key Tag Field
///
/// The Key Tag field lists the key tag of the DNSKEY RR referred to by
/// the DS record, in network byte order.
///
/// The Key Tag used by the DS RR is identical to the Key Tag used by
/// RRSIG RRs. Appendix B describes how to compute a Key Tag.
///
/// 5.1.2. The Algorithm Field
///
/// The Algorithm field lists the algorithm number of the DNSKEY RR
/// referred to by the DS record.
///
/// The algorithm number used by the DS RR is identical to the algorithm
/// number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the
/// algorithm number types.
///
/// 5.1.3. The Digest Type Field
///
/// The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
/// RR. The Digest Type field identifies the algorithm used to construct
/// the digest. Appendix A.2 lists the possible digest algorithm types.
///
/// 5.1.4. The Digest Field
///
/// The DS record refers to a DNSKEY RR by including a digest of that
/// DNSKEY RR.
///
/// The digest is calculated by concatenating the canonical form of the
/// fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
/// and then applying the digest algorithm.
///
/// digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
///
/// "|" denotes concatenation
///
/// DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
///
/// The size of the digest may vary depending on the digest algorithm and
/// DNSKEY RR size. As of the time of this writing, the only defined
/// digest algorithm is SHA-1, which produces a 20 octet digest.
/// ```
DS(DS),
/// ```text
/// RFC 2535 DNS Security Extensions March 1999
///
/// 3.1 KEY RDATA format
///
/// The RDATA for a KEY RR consists of flags, a protocol octet, the
/// algorithm number octet, and the public key itself. The format is as
/// follows:
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | flags | protocol | algorithm |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | /
/// / public key /
/// / /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
///
/// The KEY RR is not intended for storage of certificates and a separate
/// certificate RR has been developed for that purpose, defined in [RFC
/// 2538].
///
/// The meaning of the KEY RR owner name, flags, and protocol octet are
/// described in Sections 3.1.1 through 3.1.5 below. The flags and
/// algorithm must be examined before any data following the algorithm
/// octet as they control the existence and format of any following data.
/// The algorithm and public key fields are described in Section 3.2.
/// The format of the public key is algorithm dependent.
///
/// KEY RRs do not specify their validity period but their authenticating
/// SIG RR(s) do as described in Section 4 below.
/// ```
KEY(KEY),
/// ```text
/// RFC 4034 DNSSEC Resource Records March 2005
///
/// 4.1. NSEC RDATA Wire Format
///
/// The RDATA of the NSEC RR is as shown below:
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / Next Domain Name /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / Type Bit Maps /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// ```
NSEC(NSEC),
/// ```text
/// RFC 5155 NSEC3 March 2008
///
/// 3.2. NSEC3 RDATA Wire Format
///
/// The RDATA of the NSEC3 RR is as shown below:
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Hash Alg. | Flags | Iterations |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Salt Length | Salt /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Hash Length | Next Hashed Owner Name /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / Type Bit Maps /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
///
/// Hash Algorithm is a single octet.
///
/// Flags field is a single octet, the Opt-Out flag is the least
/// significant bit, as shown below:
///
/// 0 1 2 3 4 5 6 7
/// +-+-+-+-+-+-+-+-+
/// | |O|
/// +-+-+-+-+-+-+-+-+
///
/// Iterations is represented as a 16-bit unsigned integer, with the most
/// significant bit first.
///
/// Salt Length is represented as an unsigned octet. Salt Length
/// represents the length of the Salt field in octets. If the value is
/// zero, the following Salt field is omitted.
///
/// Salt, if present, is encoded as a sequence of binary octets. The
/// length of this field is determined by the preceding Salt Length
/// field.
///
/// Hash Length is represented as an unsigned octet. Hash Length
/// represents the length of the Next Hashed Owner Name field in octets.
///
/// The next hashed owner name is not base32 encoded, unlike the owner
/// name of the NSEC3 RR. It is the unmodified binary hash value. It
/// does not include the name of the containing zone. The length of this
/// field is determined by the preceding Hash Length field.
///
/// 3.2.1. Type Bit Maps Encoding
///
/// The encoding of the Type Bit Maps field is the same as that used by
/// the NSEC RR, described in [RFC4034]. It is explained and clarified
/// here for clarity.
///
/// The RR type space is split into 256 window blocks, each representing
/// the low-order 8 bits of the 16-bit RR type space. Each block that
/// has at least one active RR type is encoded using a single octet
/// window number (from 0 to 255), a single octet bitmap length (from 1
/// to 32) indicating the number of octets used for the bitmap of the
/// window block, and up to 32 octets (256 bits) of bitmap.
///
/// Blocks are present in the NSEC3 RR RDATA in increasing numerical
/// order.
///
/// Type Bit Maps Field = ( Window Block # | Bitmap Length | Bitmap )+
///
/// where "|" denotes concatenation.
///
/// Each bitmap encodes the low-order 8 bits of RR types within the
/// window block, in network bit order. The first bit is bit 0. For
/// window block 0, bit 1 corresponds to RR type 1 (A), bit 2 corresponds
/// to RR type 2 (NS), and so forth. For window block 1, bit 1
/// corresponds to RR type 257, bit 2 to RR type 258. If a bit is set to
/// 1, it indicates that an RRSet of that type is present for the
/// original owner name of the NSEC3 RR. If a bit is set to 0, it
/// indicates that no RRSet of that type is present for the original
/// owner name of the NSEC3 RR.
///
/// Since bit 0 in window block 0 refers to the non-existing RR type 0,
/// it MUST be set to 0. After verification, the validator MUST ignore
/// the value of bit 0 in window block 0.
///
/// Bits representing Meta-TYPEs or QTYPEs as specified in Section 3.1 of
/// [RFC2929] or within the range reserved for assignment only to QTYPEs
/// and Meta-TYPEs MUST be set to 0, since they do not appear in zone
/// data. If encountered, they must be ignored upon reading.
///
/// Blocks with no types present MUST NOT be included. Trailing zero
/// octets in the bitmap MUST be omitted. The length of the bitmap of
/// each block is determined by the type code with the largest numerical
/// value, within that block, among the set of RR types present at the
/// original owner name of the NSEC3 RR. Trailing octets not specified
/// MUST be interpreted as zero octets.
/// ```
NSEC3(NSEC3),
/// ```text
/// RFC 5155 NSEC3 March 2008
///
/// 4.2. NSEC3PARAM RDATA Wire Format
///
/// The RDATA of the NSEC3PARAM RR is as shown below:
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Hash Alg. | Flags | Iterations |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Salt Length | Salt /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
///
/// Hash Algorithm is a single octet.
///
/// Flags field is a single octet.
///
/// Iterations is represented as a 16-bit unsigned integer, with the most
/// significant bit first.
///
/// Salt Length is represented as an unsigned octet. Salt Length
/// represents the length of the following Salt field in octets. If the
/// value is zero, the Salt field is omitted.
///
/// Salt, if present, is encoded as a sequence of binary octets. The
/// length of this field is determined by the preceding Salt Length
/// field.
/// ```
NSEC3PARAM(NSEC3PARAM),
/// ```text
/// RFC 2535 & 2931 DNS Security Extensions March 1999
/// RFC 4034 DNSSEC Resource Records March 2005
///
/// 3.1. RRSIG RDATA Wire Format
///
/// The RDATA for an RRSIG RR consists of a 2 octet Type Covered field, a
/// 1 octet Algorithm field, a 1 octet Labels field, a 4 octet Original
/// TTL field, a 4 octet Signature Expiration field, a 4 octet Signature
/// Inception field, a 2 octet Key tag, the Signer's Name field, and the
/// Signature field.
///
/// 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
/// 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Type Covered | Algorithm | Labels |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Original TTL |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Signature Expiration |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Signature Inception |
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// | Key Tag | /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Signer's Name /
/// / /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// / /
/// / Signature /
/// / /
/// +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
/// ```
SIG(SIG),
/// Unknown or unsupported DNSSec record data
Unknown {
/// RecordType code
code: u16,
/// RData associated to the record
rdata: NULL,
},
}
impl DNSSECRData {
pub(crate) fn read(
decoder: &mut BinDecoder,
record_type: DNSSECRecordType,
rdata_length: Restrict<u16>,
) -> ProtoResult<Self> {
match record_type {
DNSSECRecordType::DNSKEY => {
debug!("reading DNSKEY");
dnskey::read(decoder, rdata_length).map(DNSSECRData::DNSKEY)
}
DNSSECRecordType::DS => {
debug!("reading DS");
ds::read(decoder, rdata_length).map(DNSSECRData::DS)
}
DNSSECRecordType::KEY => {
debug!("reading KEY");
key::read(decoder, rdata_length).map(DNSSECRData::KEY)
}
DNSSECRecordType::NSEC => {
debug!("reading NSEC");
nsec::read(decoder, rdata_length).map(DNSSECRData::NSEC)
}
DNSSECRecordType::NSEC3 => {
debug!("reading NSEC3");
nsec3::read(decoder, rdata_length).map(DNSSECRData::NSEC3)
}
DNSSECRecordType::NSEC3PARAM => {
debug!("reading NSEC3PARAM");
nsec3param::read(decoder).map(DNSSECRData::NSEC3PARAM)
}
DNSSECRecordType::RRSIG => {
debug!("reading RRSIG");
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
}
DNSSECRecordType::SIG => {
debug!("reading SIG");
sig::read(decoder, rdata_length).map(DNSSECRData::SIG)
}
DNSSECRecordType::Unknown(code) => {
debug!("reading unknown dnssec: {}", code);
null::read(decoder, rdata_length).map(|rdata| DNSSECRData::Unknown { code, rdata })
}
}
}
pub(crate) fn emit(&self, encoder: &mut BinEncoder) -> ProtoResult<()> {
match *self {
DNSSECRData::DS(ref ds) => {
encoder.with_canonical_names(|encoder| ds::emit(encoder, ds))
}
DNSSECRData::KEY(ref key) => {
encoder.with_canonical_names(|encoder| key::emit(encoder, key))
}
DNSSECRData::DNSKEY(ref dnskey) => {
encoder.with_canonical_names(|encoder| dnskey::emit(encoder, dnskey))
}
DNSSECRData::NSEC(ref nsec) => {
encoder.with_canonical_names(|encoder| nsec::emit(encoder, nsec))
}
DNSSECRData::NSEC3(ref nsec3) => {
encoder.with_canonical_names(|encoder| nsec3::emit(encoder, nsec3))
}
DNSSECRData::NSEC3PARAM(ref nsec3param) => {
encoder.with_canonical_names(|encoder| nsec3param::emit(encoder, nsec3param))
}
DNSSECRData::SIG(ref sig) => {
encoder.with_canonical_names(|encoder| sig::emit(encoder, sig))
}
DNSSECRData::Unknown { ref rdata, .. } => {
encoder.with_canonical_names(|encoder| null::emit(encoder, rdata))
}
}
}
pub(crate) fn to_record_type(&self) -> DNSSECRecordType {
match *self {
DNSSECRData::DS(..) => DNSSECRecordType::DS,
DNSSECRData::KEY(..) => DNSSECRecordType::KEY,
DNSSECRData::DNSKEY(..) => DNSSECRecordType::DNSKEY,
DNSSECRData::NSEC(..) => DNSSECRecordType::NSEC,
DNSSECRData::NSEC3(..) => DNSSECRecordType::NSEC3,
DNSSECRData::NSEC3PARAM(..) => DNSSECRecordType::NSEC3PARAM,
DNSSECRData::SIG(..) => DNSSECRecordType::SIG,
DNSSECRData::Unknown { code, .. } => DNSSECRecordType::Unknown(code),
}
}
}