Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/dnsviz/dnsviz.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/dnsviz/analysis/errors.py
diff options
context:
space:
mode:
Diffstat (limited to 'dnsviz/analysis/errors.py')
-rw-r--r--dnsviz/analysis/errors.py108
1 files changed, 108 insertions, 0 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py
index c9da104..4ad5769 100644
--- a/dnsviz/analysis/errors.py
+++ b/dnsviz/analysis/errors.py
@@ -252,6 +252,63 @@ class AlgorithmNotSupported(RRSIGError):
super(AlgorithmNotSupported, self).__init__(**kwargs)
self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
+class AlgorithmValidationProhibited(RRSIGError):
+ '''
+ >>> e = AlgorithmValidationProhibited(algorithm=5)
+ >>> e.args
+ [5]
+ >>> e.description
+ 'DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm 5 (RSASHA1).'
+ '''
+
+ _abstract = False
+ code = 'ALGORITHM_VALIDATION_PROHIBITED'
+ description_template = "DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.1']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(AlgorithmValidationProhibited, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
+
+class AlgorithmProhibited(RRSIGError):
+ '''
+ >>> e = AlgorithmProhibited(algorithm=5)
+ >>> e.args
+ [5]
+ >>> e.description
+ 'DNSSEC specification prohibits signing with DNSSEC algorithm 5 (RSASHA1).'
+ '''
+
+ _abstract = False
+ code = 'ALGORITHM_PROHIBITED'
+ description_template = "DNSSEC specification prohibits signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.1']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(AlgorithmProhibited, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
+
+class AlgorithmNotRecommended(RRSIGError):
+ '''
+ >>> e = AlgorithmNotRecommended(algorithm=5)
+ >>> e.args
+ [5]
+ >>> e.description
+ 'DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).'
+ '''
+
+ _abstract = False
+ code = 'ALGORITHM_NOT_RECOMMENDED'
+ description_template = "DNSSEC specification recommends not signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.1']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(AlgorithmNotRecommended, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm'])
+
class DNSKEYRevokedRRSIG(RRSIGError):
'''
>>> e = DNSKEYRevokedRRSIG()
@@ -514,6 +571,57 @@ class DigestAlgorithmNotSupported(DSDigestError):
super(DigestAlgorithmNotSupported, self).__init__(**kwargs)
self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
+class DigestAlgorithmValidationProhibited(DSDigestError):
+ '''
+ >>> e = DigestAlgorithmValidationProhibited(algorithm=5)
+ >>> e.description
+ 'DNSSEC specification prohibits validation of DS records that use digest algorithm 5 (5).'
+ '''
+
+ _abstract = False
+ code = 'DIGEST_ALGORITHM_VALIDATION_PROHIBITED'
+ description_template = "DNSSEC specification prohibits validation of DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.2']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(DigestAlgorithmValidationProhibited, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
+
+class DigestAlgorithmProhibited(DSDigestError):
+ '''
+ >>> e = DigestAlgorithmProhibited(algorithm=5)
+ >>> e.description
+ 'DNSSEC specification prohibits signing with DS records that use digest algorithm 5 (5).'
+ '''
+
+ _abstract = False
+ code = 'DIGEST_ALGORITHM_PROHIBITED'
+ description_template = "DNSSEC specification prohibits signing with DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.2']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(DigestAlgorithmProhibited, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
+
+class DigestAlgorithmNotRecommended(DSDigestError):
+ '''
+ >>> e = DigestAlgorithmNotRecommended(algorithm=5)
+ >>> e.description
+ 'DNSSEC specification recommends not signing with DS records that use digest algorithm 5 (5).'
+ '''
+
+ _abstract = False
+ code = 'DIGEST_ALGORITHM_NOT_RECOMMENDED'
+ description_template = "DNSSEC specification recommends not signing with DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)."
+ references = ['RFC 8624, Sec. 3.2']
+ required_params = ['algorithm']
+
+ def __init__(self, **kwargs):
+ super(DigestAlgorithmNotRecommended, self).__init__(**kwargs)
+ self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm'])
+
class DNSKEYRevokedDS(DSDigestError):
'''
>>> e = DNSKEYRevokedDS()
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 01:23:14 +0300