zebra.lucky
/
electrum
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

dnssec: trivial clean-up 

- rm unused imports
- mark private API as private
- don't catch BaseException
master
SomberNight 5 years ago
parent
bc72e0fc15
commit
1d8b1ef698
No known key found for this signature in database
GPG Key ID: B33B5F232C6271E9
1 changed files with 9 additions and 15 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 24
      electrum/dnssec.py

24
electrum/dnssec.py
Unescape View File

@ -31,13 +31,7 @@
# https://github.com/rthalley/dnspython/blob/master/tests/test_dnssec.py # https://github.com/rthalley/dnspython/blob/master/tests/test_dnssec.py
# import traceback import dns
# import sys
import time
import struct
import hashlib
import dns.name import dns.name
import dns.query import dns.query
import dns.dnssec import dns.dnssec
@ -73,7 +67,7 @@ trust_anchors = [
] ]
def check_query(ns, sub, _type, keys): def _check_query(ns, sub, _type, keys):
q = dns.message.make_query(sub, _type, want_dnssec=True) q = dns.message.make_query(sub, _type, want_dnssec=True)
response = dns.query.tcp(q, ns, timeout=5) response = dns.query.tcp(q, ns, timeout=5)
assert response.rcode() == 0, 'No answer' assert response.rcode() == 0, 'No answer'
@ -92,13 +86,13 @@ def check_query(ns, sub, _type, keys):
return rrset return rrset
def get_and_validate(ns, url, _type): def _get_and_validate(ns, url, _type):
# get trusted root key # get trusted root key
root_rrset = None root_rrset = None
for dnskey_rr in trust_anchors: for dnskey_rr in trust_anchors:
try: try:
# Check if there is a valid signature for the root dnskey # Check if there is a valid signature for the root dnskey
root_rrset = check_query(ns, '', dns.rdatatype.DNSKEY, {dns.name.root: dnskey_rr}) root_rrset = _check_query(ns, '', dns.rdatatype.DNSKEY, {dns.name.root: dnskey_rr})
break break
except dns.dnssec.ValidationFailure: except dns.dnssec.ValidationFailure:
# It's OK as long as one key validates # It's OK as long as one key validates
@ -120,9 +114,9 @@ def get_and_validate(ns, url, _type):
if rr.rdtype == dns.rdatatype.SOA: if rr.rdtype == dns.rdatatype.SOA:
continue continue
# get DNSKEY (self-signed) # get DNSKEY (self-signed)
rrset = check_query(ns, sub, dns.rdatatype.DNSKEY, None) rrset = _check_query(ns, sub, dns.rdatatype.DNSKEY, None)
# get DS (signed by parent) # get DS (signed by parent)
ds_rrset = check_query(ns, sub, dns.rdatatype.DS, keys) ds_rrset = _check_query(ns, sub, dns.rdatatype.DS, keys)
# verify that a signed DS validates DNSKEY # verify that a signed DS validates DNSKEY
for ds in ds_rrset: for ds in ds_rrset:
for dnskey in rrset: for dnskey in rrset:
@ -138,7 +132,7 @@ def get_and_validate(ns, url, _type):
# set key for next iteration # set key for next iteration
keys = {name: rrset} keys = {name: rrset}
# get TXT record (signed by zone) # get TXT record (signed by zone)
rrset = check_query(ns, url, _type, keys) rrset = _check_query(ns, url, _type, keys)
return rrset return rrset
@ -147,9 +141,9 @@ def query(url, rtype):
nameservers = ['8.8.8.8'] nameservers = ['8.8.8.8']
ns = nameservers[0] ns = nameservers[0]
try: try:
out = get_and_validate(ns, url, rtype) out = _get_and_validate(ns, url, rtype)
validated = True validated = True
except BaseException as e: except Exception as e:
_logger.info(f"DNSSEC error: {repr(e)}") _logger.info(f"DNSSEC error: {repr(e)}")
out = dns.resolver.resolve(url, rtype) out = dns.resolver.resolve(url, rtype)
validated = False validated = False

Write Preview
Loading…
Cancel
Save