Implemented the resolver test script "dnssec"
authorReto Guadagnini <rguadagn@hsr.ch>
Tue, 10 Apr 2012 15:06:29 +0000 (17:06 +0200)
committerTobias Brunner <tobias@strongswan.org>
Tue, 19 Feb 2013 10:57:21 +0000 (11:57 +0100)
scripts/.gitignore
scripts/Makefile.am
scripts/dnssec.c [new file with mode: 0644]

index 2c8b800..b97347f 100644 (file)
@@ -11,3 +11,4 @@ crypt_burn
 hash_burn
 tls_test
 fetch
+dnssec
index ea399e8..f7ecd9e 100644 (file)
@@ -3,7 +3,8 @@ AM_CFLAGS = \
 -DPLUGINS="\"${scripts_plugins}\""
 
 noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql oid2der \
-       thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch
+       thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch \
+       dnssec
 
 if USE_TLS
   noinst_PROGRAMS += tls_test
@@ -24,6 +25,7 @@ pubkey_speed_SOURCES = pubkey_speed.c
 crypt_burn_SOURCES = crypt_burn.c
 hash_burn_SOURCES = hash_burn.c
 fetch_SOURCES = fetch.c
+dnssec_SOURCES = dnssec.c
 id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
@@ -33,6 +35,7 @@ pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt
 crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
+dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
 
 key2keyid.o :  $(top_builddir)/config.status
 
diff --git a/scripts/dnssec.c b/scripts/dnssec.c
new file mode 100644 (file)
index 0000000..89ea56e
--- /dev/null
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2011-2012 Reto Guadagnini
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+#include <library.h>
+
+int main(int argc, char *argv[])
+{
+       resolver_t *resolver;
+       resolver_response_t *response;
+       enumerator_t *enumerator;
+       rr_set_t *rrset;
+       rr_t *rr;
+       chunk_t chunk;
+
+       library_init(NULL);
+       atexit(library_deinit);
+       if (!lib->plugins->load(lib->plugins, NULL, PLUGINS))
+       {
+               return 1;
+       }
+       if (argc != 2)
+       {
+               fprintf(stderr, "usage: %s <name>\n", argv[0]);
+               return 1;
+       }
+
+       resolver = lib->resolver->create(lib->resolver);
+       if (!resolver)
+       {
+               printf("failed to create a resolver!\n");
+               return 1;
+       }
+
+       response = resolver->query(resolver, argv[1], RR_CLASS_IN, RR_TYPE_A);
+       if (!response)
+       {
+               printf("no response received!\n");
+               resolver->destroy(resolver);
+               return 1;
+       }
+
+       printf("DNS response:\n");
+       if (!response->has_data(response) || !response->query_name_exist(response))
+       {
+               if (!response->has_data(response))
+               {
+                       printf("  no data in the response\n");
+               }
+               if (!response->query_name_exist(response))
+               {
+                       printf("  query name does not exist\n");
+               }
+               response->destroy(response);
+               resolver->destroy(resolver);
+               return 1;
+       }
+
+       printf("  RRs in the response:\n");
+       rrset = response->get_rr_set(response);
+       if (!rrset)
+       {
+               printf("    response contains no RRset!\n");
+               response->destroy(response);
+               resolver->destroy(resolver);
+               return 1;
+       }
+
+       enumerator = rrset->create_rr_enumerator(rrset);
+       while (enumerator->enumerate(enumerator, &rr))
+       {
+               printf("    name: ");
+               printf(rr->get_name(rr));
+               printf("\n");
+       }
+
+       enumerator = rrset->create_rrsig_enumerator(rrset);
+       if (enumerator)
+       {
+               printf("  RRSIGs for the RRset:\n");
+               while (enumerator->enumerate(enumerator, &rr))
+               {
+                       printf("    name: ");
+                       printf(rr->get_name(rr));
+                       printf("\n    RDATA: ");
+                       chunk = rr->get_rdata(rr);
+                       chunk = chunk_to_hex(chunk, NULL, TRUE);
+                       printf(chunk.ptr);
+                       printf("\n");
+               }
+       }
+
+       printf("  security status of the response: ");
+       switch (response->get_security_state(response))
+       {
+               case SECURE:
+                       printf("SECURE\n\n");
+                       break;
+               case INSECURE:
+                       printf("INSECURE\n\n");
+                       break;
+               case BOGUS:
+                       printf("BOGUS\n\n");
+                       break;
+               case INDETERMINATE:
+                       printf("INDETERMINATE\n\n");
+                       break;
+       }
+       response->destroy(response);
+       resolver->destroy(resolver);
+       return 0;
+}