Commit 9b699300 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1579] (suggested) cleanup, mainly moving isNSEC[3] to FindDNSSECContext

these are short, and only used in FindDNSSECContext, so it'd make more sense
to enclose them there.
Other cleanups:
- also made FindDNSSECContext::isNSEC/isNSEC3 private as they now don't need
  to be called outside the class
- removed isInited(); simpy doesn't see the need for it as a separate method
- simplified the code logic of getResultFlag()
parent fb231755
......@@ -669,24 +669,35 @@ DatabaseClient::Finder::FindDNSSECContext::init() {
if (!initialized_) {
initialized_ = true;
if (need_dnssec_) {
// If NSEC3PARAM rrset exists, the zone looks like signed with
// NSEC3
is_nsec3_ = finder_.isNSEC3();
// If no NSEC3PARAM and it is DNSSEC query, check whether NSEC
// exist in apex of zone
is_nsec_ = is_nsec3_ ? false : finder_.isNSEC();
// If an NSEC3PARAM RR exists at the zone apex, it's quite likely
// that the zone is signed with NSEC3. (If not the zone is more
// or less broken, but it's caller's responsibility how to handle
// such cases).
const string origin = finder_.getOrigin().toText();
const FoundRRsets nsec3_found =
finder_.getRRsets(origin, NSEC3PARAM_TYPES(), false);
const FoundIterator nfi=
nsec3_found.second.find(RRType::NSEC3PARAM());
is_nsec3_ = (nfi != nsec3_found.second.end());
// Likewise for NSEC, depending on the apex has an NSEC RR.
// If we know the zone is NSEC3-signed, however, we don't bother
// to check that. This is aligned with the transition guideline
// described in Section 10.4 of RFC 5155.
if (!is_nsec3_) {
const FoundRRsets nsec_found =
finder_.getRRsets(origin, NSEC_TYPES(), false);
const FoundIterator nfi =
nsec_found.second.find(RRType::NSEC());
is_nsec_ = (nfi != nsec_found.second.end());
}
}
}
}
bool
DatabaseClient::Finder::FindDNSSECContext::isInited() {
return (initialized_);
}
bool
DatabaseClient::Finder::FindDNSSECContext::isNSEC3() {
if (isInited()) {
if (initialized_) {
return (is_nsec3_);
} else {
init();
......@@ -696,7 +707,7 @@ DatabaseClient::Finder::FindDNSSECContext::isNSEC3() {
bool
DatabaseClient::Finder::FindDNSSECContext::isNSEC() {
if (isInited()) {
if (initialized_) {
return (is_nsec_);
} else {
init();
......@@ -754,19 +765,12 @@ DatabaseClient::Finder::FindDNSSECContext::getDNSSECRRset(const Name &name,
ZoneFinder::FindResultFlags
DatabaseClient::Finder::FindDNSSECContext::getResultFlags() {
// If it is not DNSSEC query, it should return RESULT_DEFAULT
if (!need_dnssec_) {
return (RESULT_DEFAULT);
}
// If it is a DNSSEC query and the zone is signed with NSEC3, it should
// return RESULT_NSEC3_SIGNED
if (isNSEC3()) {
return (RESULT_NSEC3_SIGNED);
} else {
// If it is a DNSSEC query and the zone is signed with NSEC, it should
// return RESULT_NSEC_SIGNED, otherwise, return RESULT_DEFAULT
return (isNSEC() ? RESULT_NSEC_SIGNED : RESULT_DEFAULT);
} else if (isNSEC()) {
return (RESULT_NSEC_SIGNED);
}
return (RESULT_DEFAULT);
}
ZoneFinder::ResultContext
......@@ -907,28 +911,6 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
dnssec_ctx.getResultFlags()));
}
bool
DatabaseClient::Finder::isNSEC3() {
// If an NSEC3PARAM RR exists at the zone apex, it's quite likely that
// the zone is signed with NSEC3. (If not the zone is more or less broken,
// but it's caller's responsibility how to handle such cases).
const FoundRRsets nsec3_found = getRRsets(origin_.toText(),
NSEC3PARAM_TYPES(), false);
const FoundIterator nfi(nsec3_found.second.find(RRType::NSEC3PARAM()));
return (nfi != nsec3_found.second.end());
}
bool
DatabaseClient::Finder::isNSEC() {
// If an NSEC RR exists at the zone apex, it's quite likely that
// the zone is signed with NSEC. (If not the zone is more or less broken,
// but it's caller's responsibility how to handle such cases).
const FoundRRsets nsec_found = getRRsets(origin_.toText(),
NSEC_TYPES(), false);
const FoundIterator nfi(nsec_found.second.find(RRType::NSEC()));
return (nfi != nsec_found.second.end());
}
ZoneFinder::ResultContext
DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
std::vector<ConstRRsetPtr>* target,
......
......@@ -780,18 +780,6 @@ public:
}
private:
/// \brief check whether zone is signed with nsec
///
/// searches the NSEC3PARAM RRset in the zone apex, if it exists, the
/// zone looks signed with nsec
bool isNSEC();
/// \brief check whether zone is signed with nsec3
///
/// searches the NSEC3PARAM RRset in the zone apex, if it exists, the
/// zone looks signed with nsec3
bool isNSEC3();
boost::shared_ptr<DatabaseAccessor> accessor_;
const int zone_id_;
const isc::dns::Name origin_;
......@@ -907,6 +895,7 @@ public:
isc::dns::ConstRRsetPtr getDNSSECRRset(const FoundRRsets&
found_set);
private:
/// \brief Check whether the zone file is signed with NSECi3.
///
/// It checks whether the zone file is signed with NSEC3. If
......@@ -923,7 +912,6 @@ public:
/// \return True for NSEC, false otherwise.
bool isNSEC();
private:
/// \brief Init the attributes in this entity.
///
/// It should init the attributes of this entity. Check whether
......@@ -933,14 +921,6 @@ public:
/// again.
void init();
/// \brief Check whether the entity is initialized.
///
/// It should return true if the entity is inited, else return
/// false.
///
/// \return True for inited, else return false.
bool isInited();
DatabaseClient::Finder& finder_;
const bool need_dnssec_;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment