trust-dns-proto 0.22.0

Trust-DNS is a safe and secure DNS library. This is the foundational DNS protocol library for all Trust-DNS projects.
Documentation 
/*
 * Copyright (C) 2015 Benjamin Fry <benjaminfry@me.com>
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

//! Allows for the root trust_anchor to either be added to or replaced for dns_sec validation.

use std::default::Default;

use crate::rr::dnssec::PublicKey;

const ROOT_ANCHOR_ORIG: &[u8] = include_bytes!("roots/19036.rsa");
const ROOT_ANCHOR_2018: &[u8] = include_bytes!("roots/20326.rsa");

/// The root set of trust anchors for validating DNSSec, anything in this set will be trusted
#[derive(Clone)]
pub struct TrustAnchor {
    // TODO: these should also store some information, or more specifically, metadata from the signed
    //  public certificate.
    pkeys: Vec<Vec<u8>>,
}

impl Default for TrustAnchor {
    fn default() -> Self {
        Self {
            pkeys: vec![ROOT_ANCHOR_ORIG.to_owned(), ROOT_ANCHOR_2018.to_owned()],
        }
    }
}

impl TrustAnchor {
    /// Creates a new empty trust anchor set
    pub fn new() -> Self {
        Self { pkeys: vec![] }
    }

    /// determines if the key is in the trust anchor set with the raw dnskey bytes
    ///
    /// # Arguments
    ///
    /// * `other_key` - The raw dnskey in bytes
    pub fn contains_dnskey_bytes(&self, other_key: &[u8]) -> bool {
        self.pkeys.iter().any(|k| other_key == k.as_slice())
    }

    /// determines if the key is in the trust anchor set
    pub fn contains<P: PublicKey>(&self, other_key: &P) -> bool {
        self.contains_dnskey_bytes(other_key.public_bytes())
    }

    /// inserts the trust_anchor to the trusted chain
    pub fn insert_trust_anchor<P: PublicKey>(&mut self, public_key: &P) {
        if !self.contains(public_key) {
            self.pkeys.push(public_key.public_bytes().to_vec())
        }
    }

    /// get the trust anchor at the specified index
    pub fn get(&self, idx: usize) -> &[u8] {
        &self.pkeys[idx]
    }

    /// number of keys in trust_anchor
    pub fn len(&self) -> usize {
        self.pkeys.len()
    }

    /// returns true if there are no keys in the trust_anchor
    pub fn is_empty(&self) -> bool {
        self.pkeys.is_empty()
    }
}

#[test]
fn test_kjqmt7v() {
    let trust = TrustAnchor::default();
    assert_eq!(trust.get(0), ROOT_ANCHOR_ORIG);
    assert!(trust.contains_dnskey_bytes(ROOT_ANCHOR_ORIG));
}