diff options
Diffstat (limited to 'dnsviz/analysis/errors.py')
-rw-r--r-- | dnsviz/analysis/errors.py | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py index c9da104..4ad5769 100644 --- a/dnsviz/analysis/errors.py +++ b/dnsviz/analysis/errors.py @@ -252,6 +252,63 @@ class AlgorithmNotSupported(RRSIGError): super(AlgorithmNotSupported, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) +class AlgorithmValidationProhibited(RRSIGError): + ''' + >>> e = AlgorithmValidationProhibited(algorithm=5) + >>> e.args + [5] + >>> e.description + 'DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm 5 (RSASHA1).' + ''' + + _abstract = False + code = 'ALGORITHM_VALIDATION_PROHIBITED' + description_template = "DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.1'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(AlgorithmValidationProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) + +class AlgorithmProhibited(RRSIGError): + ''' + >>> e = AlgorithmProhibited(algorithm=5) + >>> e.args + [5] + >>> e.description + 'DNSSEC specification prohibits signing with DNSSEC algorithm 5 (RSASHA1).' + ''' + + _abstract = False + code = 'ALGORITHM_PROHIBITED' + description_template = "DNSSEC specification prohibits signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.1'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(AlgorithmProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) + +class AlgorithmNotRecommended(RRSIGError): + ''' + >>> e = AlgorithmNotRecommended(algorithm=5) + >>> e.args + [5] + >>> e.description + 'DNSSEC specification recommends not signing with DNSSEC algorithm 5 (RSASHA1).' + ''' + + _abstract = False + code = 'ALGORITHM_NOT_RECOMMENDED' + description_template = "DNSSEC specification recommends not signing with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.1'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(AlgorithmNotRecommended, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) + class DNSKEYRevokedRRSIG(RRSIGError): ''' >>> e = DNSKEYRevokedRRSIG() @@ -514,6 +571,57 @@ class DigestAlgorithmNotSupported(DSDigestError): super(DigestAlgorithmNotSupported, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) +class DigestAlgorithmValidationProhibited(DSDigestError): + ''' + >>> e = DigestAlgorithmValidationProhibited(algorithm=5) + >>> e.description + 'DNSSEC specification prohibits validation of DS records that use digest algorithm 5 (5).' + ''' + + _abstract = False + code = 'DIGEST_ALGORITHM_VALIDATION_PROHIBITED' + description_template = "DNSSEC specification prohibits validation of DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.2'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(DigestAlgorithmValidationProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) + +class DigestAlgorithmProhibited(DSDigestError): + ''' + >>> e = DigestAlgorithmProhibited(algorithm=5) + >>> e.description + 'DNSSEC specification prohibits signing with DS records that use digest algorithm 5 (5).' + ''' + + _abstract = False + code = 'DIGEST_ALGORITHM_PROHIBITED' + description_template = "DNSSEC specification prohibits signing with DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.2'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(DigestAlgorithmProhibited, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) + +class DigestAlgorithmNotRecommended(DSDigestError): + ''' + >>> e = DigestAlgorithmNotRecommended(algorithm=5) + >>> e.description + 'DNSSEC specification recommends not signing with DS records that use digest algorithm 5 (5).' + ''' + + _abstract = False + code = 'DIGEST_ALGORITHM_NOT_RECOMMENDED' + description_template = "DNSSEC specification recommends not signing with DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." + references = ['RFC 8624, Sec. 3.2'] + required_params = ['algorithm'] + + def __init__(self, **kwargs): + super(DigestAlgorithmNotRecommended, self).__init__(**kwargs) + self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) + class DNSKEYRevokedDS(DSDigestError): ''' >>> e = DNSKEYRevokedDS() |