diff options
Diffstat (limited to 'dnsviz/analysis/errors.py')
-rw-r--r-- | dnsviz/analysis/errors.py | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py index b01b342..54356cc 100644 --- a/dnsviz/analysis/errors.py +++ b/dnsviz/analysis/errors.py @@ -271,6 +271,44 @@ class AlgorithmValidationProhibited(RRSIGError): super(AlgorithmValidationProhibited, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) +class AlgorithmProhibited(RRSIGError): + ''' + >>> e = AlgorithmProhibited(algorithm=5) + >>> e.args + [5] + >>> e.description + 'DNSSEC specification prohibits signing with DNSSEC algorithm 5 (RSASHA1).' + ''' + + _abstract = False + code = 'ALGORITHM_PROHIBITED' + description_template = "DNSSEC specification prohibits signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.1'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(AlgorithmProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) + +class AlgorithmNotRecommended(RRSIGError): + ''' + >>> e = AlgorithmNotRecommended(algorithm=5) + >>> e.args + [5] + >>> e.description + 'DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).' + ''' + + _abstract = False + code = 'ALGORITHM_NOT_RECOMMENDED' + description_template = "DNSSEC specification recommends not signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.1'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(AlgorithmNotRecommended, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) + class DNSKEYRevokedRRSIG(RRSIGError): ''' >>> e = DNSKEYRevokedRRSIG() @@ -550,6 +588,40 @@ class DigestAlgorithmValidationProhibited(DSDigestError): super(DigestAlgorithmValidationProhibited, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) +class DigestAlgorithmProhibited(DSDigestError): + ''' + >>> e = DigestAlgorithmProhibited(algorithm=5) + >>> e.description + 'DNSSEC specification prohibits publishing DS records that use digest algorithm 5 (5).' + ''' + + _abstract = False + code = 'DIGEST_ALGORITHM_PROHIBITED' + description_template = "DNSSEC specification prohibits publishing DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.2'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(DigestAlgorithmProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) + +class DigestAlgorithmNotRecommended(DSDigestError): + ''' + >>> e = DigestAlgorithmNotRecommended(algorithm=5) + >>> e.description + 'DNSSEC specification recommends not publishing DS records that use digest algorithm 5 (5).' + ''' + + _abstract = False + code = 'DIGEST_ALGORITHM_NOT_RECOMMENDED' + description_template = "DNSSEC specification recommends not publishing DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.2'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(DigestAlgorithmNotRecommended, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) + class DNSKEYRevokedDS(DSDigestError): ''' >>> e = DNSKEYRevokedDS() |