From 3b65560818534de852fd0e09d34661915f78b85b Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 24 Oct 2017 10:46:47 -0600 Subject: [PATCH 1/3] add CAA packer, expand CCA parser --- packer/type.caa.js | 69 ++++++++++++++++++++++++++++++++++++++++++++++ parser/type.caa.js | 23 ++++++++++++---- 2 files changed, 87 insertions(+), 5 deletions(-) create mode 100644 packer/type.caa.js diff --git a/packer/type.caa.js b/packer/type.caa.js new file mode 100644 index 0000000..324fc67 --- /dev/null +++ b/packer/type.caa.js @@ -0,0 +1,69 @@ +(function (exports) { +'use strict'; + +// RFC 6844 +// Explanation: https://tools.ietf.org/html/rfc6844#section-3 +// Binary Format: https://tools.ietf.org/html/rfc6844#section-5 +// Real-world Usage: https://support.dnsimple.com/articles/caa-record/ + +// A Certification Authority Authorization (CAA) record is used to specify which +// certificate authorities (CAs) are allowed to issue certificates for a domain. + +// Value Meaning/Use +// +// Flag An unsigned integer between 0-255. +// It is currently used to represent the critical flag, that has a +// specific meaning per RFC 6844 +// Tag An ASCII string that represents the identifier of the property +// represented by the record. +// Value The value associated with the tag. + +// The RFC currently defines 3 available tags: +// +// - issue: explicity authorizes a single certificate authority to issue a +// certificate (any type) for the hostname. +// - issuewild: explicity authorizes a single certificate authority to issue a +// wildcard certificate (and only wildcard) for the hostname. +// - iodef: specifies an URL to which a certificate authority may report +// policy violations. + +exports.DNS_PACKER_TYPE_CAA = function (ab, dv, total, record) { + if ('number' !== typeof record.flag || isNaN(record.flag) || record.flag < 0 || record.flag > 255) { + console.log(record); + throw new Error("bad CAA flag:", record.flag); + } + if ('string' !== typeof record.tag || !record.tag || record.tag.length > 255) { + throw new Error("bad CAA tag:", record.tag); + } + if ('string' !== typeof record.value || !record.value) { + throw new Error("bad CAA value:", record.value); + } + + // RDLEN = flag (1 byte) + taglen (1 byte) + tagstr (taglen bytes) + valuestr (valuelen bytes) + dv.setUint16(total, 1 + 1 + record.tag.length + record.value.length, false); + total += 2; + + // FLAG + dv.setUint8(total, record.flag, false); + total += 1; + + // TAG LENGTH + dv.setUint8(total, record.tag.length, false); + total += 1; + + // TAG + record.tag.split('').forEach(function (ch) { + dv.setUint8(total, ch.charCodeAt(0), false); + total += 1; + }); + + // VALUE + record.value.split('').forEach(function (ch) { + dv.setUint8(total, ch.charCodeAt(0), false); + total += 1; + }); + + return total; +}; + +}('undefined' !== typeof window ? window : exports)); diff --git a/parser/type.caa.js b/parser/type.caa.js index fdc443f..affc960 100644 --- a/parser/type.caa.js +++ b/parser/type.caa.js @@ -1,6 +1,9 @@ (function (exports) { 'use strict'; +// RFC 6844 https://tools.ietf.org/html/rfc6844#section-3 +// https://support.dnsimple.com/articles/caa-record/ + // A Certification Authority Authorization (CAA) record is used to specify which // certificate authorities (CAs) are allowed to issue certificates for a domain. @@ -26,13 +29,23 @@ exports.DNS_PARSER_TYPE_CAA = function (ab, packet, record) { var data = new Uint8Array(ab); var i = record.rdstart; - var flag = data[i++]; - var mid = data[i++]; + var flag = data[i]; + var mid = data[i + 1]; + i += 2; mid += i; var end = record.rdstart + record.rdlength; - var tag = '', value = ''; - while (i < mid) { tag += String.fromCharCode(data[i++]); } - while (i < end) { value += String.fromCharCode(data[i++]); } + var tag = ''; + var value = ''; + + while (i < mid) { + tag += String.fromCharCode(data[i]); + i += 1; + } + + while (i < end) { + value += String.fromCharCode(data[i]); + i += 1; + } record.flag = flag; record.tag = tag; From afd8b6fb9067907e2d9682a2730774a42899ebb6 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 24 Oct 2017 10:47:08 -0600 Subject: [PATCH 2/3] prefer forEach to for --- dns.types.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dns.types.js b/dns.types.js index b3aaa31..e10788d 100644 --- a/dns.types.js +++ b/dns.types.js @@ -49,8 +49,8 @@ var types = exports.DNS_TYPES = { }; // and in reverse -for (var key in types) { +Object.keys(types).forEach(function (key) { types[types[key]] = key; -} +}); }('undefined' !== typeof window ? window : exports)); From 6352cf4b516d94f0283c9c7cd024431bf974f049 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 24 Oct 2017 10:48:02 -0600 Subject: [PATCH 3/3] v1.2.4 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 6ce6dda..7504d80 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "dns-suite", - "version": "1.2.3", + "version": "1.2.4", "description": "testing dns", "main": "dns.js", "bin": {