summaryrefslogtreecommitdiff
path: root/tools/dnssec/dns-net2wire.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2016-03-30 21:35:31 +0200
committerLinus Nordberg <linus@nordu.net>2016-03-30 21:35:31 +0200
commitb69ff1c846250939de3e4f32ff4d07d6ee415009 (patch)
tree4b5755c39fdac519cb9b878d011ee33a729b8a62 /tools/dnssec/dns-net2wire.c
parent8106050f24d1552f9fe9f0f1521eb3068de08ea4 (diff)
Add validatechain.c and move some code to common.c.
dns-net2wire.c is nothing but an ugly hack on top of getdns_query.c making it save answer, validation_chain and trust anchors to three separate files. Used for testing purposes. validatechain takes the above mentioned three files as input and performs DNSSEC validation.
Diffstat (limited to 'tools/dnssec/dns-net2wire.c')
-rw-r--r--tools/dnssec/dns-net2wire.c80
1 files changed, 71 insertions, 9 deletions
diff --git a/tools/dnssec/dns-net2wire.c b/tools/dnssec/dns-net2wire.c
index c193139..0e5003d 100644
--- a/tools/dnssec/dns-net2wire.c
+++ b/tools/dnssec/dns-net2wire.c
@@ -20,6 +20,7 @@
#include <arpa/inet.h>
#include <getdns/getdns.h>
#include <getdns/getdns_extra.h>
+#include "common.h"
#define DEBUG_SCHED(...)
@@ -1140,6 +1141,53 @@ next: ;
return r;
}
+static void
+dump_ta(FILE *fp)
+{
+ getdns_list *trust_anchors = NULL;
+ getdns_return_t r = 0;
+ if ((r = getdns_context_get_dnssec_trust_anchors(
+ context, &trust_anchors))
+ || trust_anchors == NULL) {
+ fprintf(stderr, "Unable to get trust anchors: %s\n",
+ getdns_get_errorstr_by_id(r));
+ return;
+ }
+
+ size_t list_len = 0;
+ r = getdns_list_get_length(trust_anchors, &list_len);
+ if (r) {
+ fprintf(stderr, "unable to get length of trust_anchors\n");
+ return;
+ }
+
+ for (size_t i = 0; i < list_len; i++) {
+ getdns_dict *rr = NULL;
+ uint8_t *res = NULL;
+ size_t res_len;
+ r = getdns_list_get_dict(trust_anchors, i , &rr);
+ if (r) {
+ fprintf(stderr, "unable to get rr from entry "
+ "%d: %d\n", i, r);
+ return;
+ }
+
+ r = getdns_rr_dict2wire(rr, &res, &res_len);
+ if (r) {
+ fprintf(stderr,
+ "unable to convert entry %d "
+ "to wire format: %d\n", i, r);
+ return;
+ }
+
+ if (fwrite(res, 1, res_len, fp) != res_len)
+ fprintf(stderr, "Could not write trust anchor to file\n");
+ }
+}
+
+
+FILE *support_out_fp = NULL;
+
getdns_return_t do_the_call(void)
{
getdns_return_t r;
@@ -1223,18 +1271,28 @@ getdns_return_t do_the_call(void)
, "Could not print response\n");
}
}
-#if 1
- FILE *support_out_fp = fopen("treeout_support", "w");
- assert(support_out_fp);
getdns_list *validation_chain = NULL;
if ((r = getdns_dict_get_list(
- response, "validation_chain", &validation_chain)))
- assert(!r && "get_list validation_chain");
- if (response && support_out_fp) {
- ; //fwrite(support_out_fp, fixme, fixme_len);
+ response, "validation_chain", &validation_chain))) {
+ fprintf(stderr, "get_list validation_chain: %d (%s)\n",
+ r, getdns_get_errorstr_by_id(r));
+ exit(1);
}
- fclose(support_out_fp);
-#endif
+
+ if (dump_tree(support_out_fp, response, "validation_chain", NULL))
+ fprintf(stderr, "Could not dump %s to file\n", "validation_chain");
+
+ FILE *tree_out_fp = fopen("treeout", "w");
+ assert(tree_out_fp);
+ if (dump_tree(tree_out_fp, response, "replies_tree", "answer"))
+ fprintf(stderr, "Could not dump %s to file\n", "replies_tree");
+ if (fclose(tree_out_fp)) assert(0);
+
+ FILE *tree_out_ta = fopen("treeout_ta", "w");
+ assert(tree_out_ta);
+ dump_ta(tree_out_ta);
+ if (fclose(tree_out_ta)) assert(0);
+
getdns_dict_get_int(response, "status", &status);
fprintf(stdout, "Response code was: GOOD. Status was: %s\n",
getdns_get_errorstr_by_id(status));
@@ -1327,6 +1385,9 @@ main(int argc, char **argv)
} else
fp = stdin;
+ support_out_fp = fopen("treeout_support", "w");
+ assert(support_out_fp);
+
/* Make the call */
if (interactive) {
getdns_eventloop_event read_line_ev = {
@@ -1346,6 +1407,7 @@ main(int argc, char **argv)
getdns_context_run(context);
/* Clean up */
+ fclose(support_out_fp);
getdns_dict_destroy(extensions);
done_destroy_context:
getdns_context_destroy(context);