aboutsummaryrefslogtreecommitdiff
path: root/plugin/dnssec/dnskey.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/dnssec/dnskey.go')
-rw-r--r--plugin/dnssec/dnskey.go21
1 files changed, 12 insertions, 9 deletions
diff --git a/plugin/dnssec/dnskey.go b/plugin/dnssec/dnskey.go
index ce787ab54..885538fbf 100644
--- a/plugin/dnssec/dnskey.go
+++ b/plugin/dnssec/dnskey.go
@@ -15,9 +15,10 @@ import (
// DNSKEY holds a DNSSEC public and private key used for on-the-fly signing.
type DNSKEY struct {
- K *dns.DNSKEY
- s crypto.Signer
- keytag uint16
+ K *dns.DNSKEY
+ D *dns.DS
+ s crypto.Signer
+ tag uint16
}
// ParseKeyFile read a DNSSEC keyfile as generated by dnssec-keygen or other
@@ -36,18 +37,20 @@ func ParseKeyFile(pubFile, privFile string) (*DNSKEY, error) {
if e != nil {
return nil, e
}
- p, e := k.(*dns.DNSKEY).ReadPrivateKey(f, privFile)
+
+ dk := k.(*dns.DNSKEY)
+ p, e := dk.ReadPrivateKey(f, privFile)
if e != nil {
return nil, e
}
- if v, ok := p.(*rsa.PrivateKey); ok {
- return &DNSKEY{k.(*dns.DNSKEY), v, k.(*dns.DNSKEY).KeyTag()}, nil
+ if s, ok := p.(*rsa.PrivateKey); ok {
+ return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
}
- if v, ok := p.(*ecdsa.PrivateKey); ok {
- return &DNSKEY{k.(*dns.DNSKEY), v, k.(*dns.DNSKEY).KeyTag()}, nil
+ if s, ok := p.(*ecdsa.PrivateKey); ok {
+ return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: s, tag: dk.KeyTag()}, nil
}
- return &DNSKEY{k.(*dns.DNSKEY), nil, 0}, errors.New("no known? private key found")
+ return &DNSKEY{K: dk, D: dk.ToDS(dns.SHA256), s: nil, tag: 0}, errors.New("no known private key found")
}
// getDNSKEY returns the correct DNSKEY to the client. Signatures are added when do is true.
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-01 09:03:15 +0000