File size: 2,446 Bytes
b72ab63
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
from abc import ABC, abstractmethod  # pylint: disable=no-name-in-module
from typing import Any, Optional, Type

import dns.rdataclass
import dns.rdatatype
from dns.dnssectypes import Algorithm
from dns.exception import AlgorithmKeyMismatch
from dns.rdtypes.ANY.DNSKEY import DNSKEY
from dns.rdtypes.dnskeybase import Flag


class GenericPublicKey(ABC):
    algorithm: Algorithm

    @abstractmethod
    def __init__(self, key: Any) -> None:
        pass

    @abstractmethod
    def verify(self, signature: bytes, data: bytes) -> None:
        """Verify signed DNSSEC data"""

    @abstractmethod
    def encode_key_bytes(self) -> bytes:
        """Encode key as bytes for DNSKEY"""

    @classmethod
    def _ensure_algorithm_key_combination(cls, key: DNSKEY) -> None:
        if key.algorithm != cls.algorithm:
            raise AlgorithmKeyMismatch

    def to_dnskey(self, flags: int = Flag.ZONE, protocol: int = 3) -> DNSKEY:
        """Return public key as DNSKEY"""
        return DNSKEY(
            rdclass=dns.rdataclass.IN,
            rdtype=dns.rdatatype.DNSKEY,
            flags=flags,
            protocol=protocol,
            algorithm=self.algorithm,
            key=self.encode_key_bytes(),
        )

    @classmethod
    @abstractmethod
    def from_dnskey(cls, key: DNSKEY) -> "GenericPublicKey":
        """Create public key from DNSKEY"""

    @classmethod
    @abstractmethod
    def from_pem(cls, public_pem: bytes) -> "GenericPublicKey":
        """Create public key from PEM-encoded SubjectPublicKeyInfo as specified
        in RFC 5280"""

    @abstractmethod
    def to_pem(self) -> bytes:
        """Return public-key as PEM-encoded SubjectPublicKeyInfo as specified
        in RFC 5280"""


class GenericPrivateKey(ABC):
    public_cls: Type[GenericPublicKey]

    @abstractmethod
    def __init__(self, key: Any) -> None:
        pass

    @abstractmethod
    def sign(self, data: bytes, verify: bool = False) -> bytes:
        """Sign DNSSEC data"""

    @abstractmethod
    def public_key(self) -> "GenericPublicKey":
        """Return public key instance"""

    @classmethod
    @abstractmethod
    def from_pem(
        cls, private_pem: bytes, password: Optional[bytes] = None
    ) -> "GenericPrivateKey":
        """Create private key from PEM-encoded PKCS#8"""

    @abstractmethod
    def to_pem(self, password: Optional[bytes] = None) -> bytes:
        """Return private key as PEM-encoded PKCS#8"""