From b69ff1c846250939de3e4f32ff4d07d6ee415009 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Wed, 30 Mar 2016 21:35:31 +0200 Subject: Add validatechain.c and move some code to common.c. dns-net2wire.c is nothing but an ugly hack on top of getdns_query.c making it save answer, validation_chain and trust anchors to three separate files. Used for testing purposes. validatechain takes the above mentioned three files as input and performs DNSSEC validation. --- tools/dnssec/dns-net2wire.c | 80 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 71 insertions(+), 9 deletions(-) (limited to 'tools/dnssec/dns-net2wire.c') diff --git a/tools/dnssec/dns-net2wire.c b/tools/dnssec/dns-net2wire.c index c193139..0e5003d 100644 --- a/tools/dnssec/dns-net2wire.c +++ b/tools/dnssec/dns-net2wire.c @@ -20,6 +20,7 @@ #include #include #include +#include "common.h" #define DEBUG_SCHED(...) @@ -1140,6 +1141,53 @@ next: ; return r; } +static void +dump_ta(FILE *fp) +{ + getdns_list *trust_anchors = NULL; + getdns_return_t r = 0; + if ((r = getdns_context_get_dnssec_trust_anchors( + context, &trust_anchors)) + || trust_anchors == NULL) { + fprintf(stderr, "Unable to get trust anchors: %s\n", + getdns_get_errorstr_by_id(r)); + return; + } + + size_t list_len = 0; + r = getdns_list_get_length(trust_anchors, &list_len); + if (r) { + fprintf(stderr, "unable to get length of trust_anchors\n"); + return; + } + + for (size_t i = 0; i < list_len; i++) { + getdns_dict *rr = NULL; + uint8_t *res = NULL; + size_t res_len; + r = getdns_list_get_dict(trust_anchors, i , &rr); + if (r) { + fprintf(stderr, "unable to get rr from entry " + "%d: %d\n", i, r); + return; + } + + r = getdns_rr_dict2wire(rr, &res, &res_len); + if (r) { + fprintf(stderr, + "unable to convert entry %d " + "to wire format: %d\n", i, r); + return; + } + + if (fwrite(res, 1, res_len, fp) != res_len) + fprintf(stderr, "Could not write trust anchor to file\n"); + } +} + + +FILE *support_out_fp = NULL; + getdns_return_t do_the_call(void) { getdns_return_t r; @@ -1223,18 +1271,28 @@ getdns_return_t do_the_call(void) , "Could not print response\n"); } } -#if 1 - FILE *support_out_fp = fopen("treeout_support", "w"); - assert(support_out_fp); getdns_list *validation_chain = NULL; if ((r = getdns_dict_get_list( - response, "validation_chain", &validation_chain))) - assert(!r && "get_list validation_chain"); - if (response && support_out_fp) { - ; //fwrite(support_out_fp, fixme, fixme_len); + response, "validation_chain", &validation_chain))) { + fprintf(stderr, "get_list validation_chain: %d (%s)\n", + r, getdns_get_errorstr_by_id(r)); + exit(1); } - fclose(support_out_fp); -#endif + + if (dump_tree(support_out_fp, response, "validation_chain", NULL)) + fprintf(stderr, "Could not dump %s to file\n", "validation_chain"); + + FILE *tree_out_fp = fopen("treeout", "w"); + assert(tree_out_fp); + if (dump_tree(tree_out_fp, response, "replies_tree", "answer")) + fprintf(stderr, "Could not dump %s to file\n", "replies_tree"); + if (fclose(tree_out_fp)) assert(0); + + FILE *tree_out_ta = fopen("treeout_ta", "w"); + assert(tree_out_ta); + dump_ta(tree_out_ta); + if (fclose(tree_out_ta)) assert(0); + getdns_dict_get_int(response, "status", &status); fprintf(stdout, "Response code was: GOOD. Status was: %s\n", getdns_get_errorstr_by_id(status)); @@ -1327,6 +1385,9 @@ main(int argc, char **argv) } else fp = stdin; + support_out_fp = fopen("treeout_support", "w"); + assert(support_out_fp); + /* Make the call */ if (interactive) { getdns_eventloop_event read_line_ev = { @@ -1346,6 +1407,7 @@ main(int argc, char **argv) getdns_context_run(context); /* Clean up */ + fclose(support_out_fp); getdns_dict_destroy(extensions); done_destroy_context: getdns_context_destroy(context); -- cgit v1.1