@relaycorp/dnssec - npm Package Compare versions

Comparing version 1.6.2 to 1.6.3

build/lib/lib/dns/name.d.ts

		@@ -5,1 +5,2 @@ /// <reference types="node" />
		export declare function countLabels(name: string): number;
		export declare function isChildZone(parentName: string, presumedChildName: string): boolean;

build/lib/lib/dns/name.js

		@@ -26,2 +26,8 @@ export function serialiseName(name) {
		}
		export function isChildZone(parentName, presumedChildName) {
		if (parentName === '.') {
		return true;
		}
		return presumedChildName.endsWith(`.${parentName}`);
		}
		//# sourceMappingURL=name.js.map

build/lib/lib/SignedRRSet.d.ts

		@@ -14,3 +14,4 @@ import { RRSet } from './dns/RRSet';
		protected constructor(rrset: RRSet, rrsigs: readonly RrsigRecord[]);
		get signerNames(): readonly string[];
		verify(dnsKeys: readonly DnskeyRecord[], datePeriod: DatePeriod, expectedSigner?: string): boolean;
		}

build/lib/lib/SignedRRSet.js

		import { RRSet } from './dns/RRSet';
		import { DnssecRecordType } from './DnssecRecordType';
		import { RrsigData } from './rdata/RrsigData';
		import { isChildZone } from './dns/name';
		/**
		@@ -17,2 +18,6 @@ * RRSet with one or more corresponding RRSigs.
		const data = RrsigData.initFromPacket(record.dataFields);
		if (data.signerName !== rrset.name && !isChildZone(data.signerName, rrset.name)) {
		// Signer is off tree
		return acc;
		}
		return [...acc, { record, data }];
		@@ -26,2 +31,7 @@ }, []);
		}
		get signerNames() {
		const names = this.rrsigs.map((s) => s.data.signerName);
		const uniqueNames = new Set(names);
		return [...uniqueNames].sort((a, b) => b.length - a.length);
		}
		verify(dnsKeys, datePeriod, expectedSigner) {
		@@ -28,0 +38,0 @@ const validRrsigs = this.rrsigs.reduce((acc, rrsig) => {

build/lib/lib/UnverifiedChain.d.ts

		import { Question } from './dns/Question';
		import { Message } from './dns/Message';
		import { ChainVerificationResult } from './results';
		import { ChainVerificationResult, VerificationResult } from './results';
		import { Zone } from './Zone';
		import { DatePeriod } from './DatePeriod';
		import { SignedRRSet } from './SignedRRSet';
		import { Resolver } from './Resolver';
		import { DsData } from './rdata/DsData';
		import { RRSet } from './dns/RRSet';
		interface MessageByKey {
		@@ -18,3 +21,6 @@ readonly [key: string]: Message;
		verify(datePeriod: DatePeriod, trustAnchors: readonly DsData[]): ChainVerificationResult;
		protected getRootZone(trustAnchors: readonly DsData[], datePeriod: DatePeriod): VerificationResult<Zone>;
		protected getZones(rootZone: Zone, apexZoneName: string, datePeriod: DatePeriod): VerificationResult<readonly Zone[]>;
		protected verifyAnswers(answers: SignedRRSet, zones: readonly Zone[], datePeriod: DatePeriod): VerificationResult<RRSet>;
		}
		export {};

build/lib/lib/UnverifiedChain.js

		@@ -58,4 +58,17 @@ import { Question } from './dns/Question';
		verify(datePeriod, trustAnchors) {
		const rootDnskeyMessage = this.zoneMessageByKey[`./${DnssecRecordType.DNSKEY}`];
		if (!rootDnskeyMessage) {
		const rootZoneResult = this.getRootZone(trustAnchors, datePeriod);
		if (rootZoneResult.status !== SecurityStatus.SECURE) {
		return rootZoneResult;
		}
		const answers = SignedRRSet.initFromRecords(this.query, this.response.answers);
		const apexZoneName = answers.signerNames[0] ?? answers.rrset.name;
		const zonesResult = this.getZones(rootZoneResult.result, apexZoneName, datePeriod);
		if (zonesResult.status !== SecurityStatus.SECURE) {
		return zonesResult;
		}
		return this.verifyAnswers(answers, zonesResult.result, datePeriod);
		}
		getRootZone(trustAnchors, datePeriod) {
		const dnskeyMessage = this.zoneMessageByKey[`./${DnssecRecordType.DNSKEY}`];
		if (!dnskeyMessage) {
		return {
		@@ -66,9 +79,11 @@ status: SecurityStatus.INDETERMINATE,
		}
		const rootZoneResult = Zone.initRoot(rootDnskeyMessage, trustAnchors, datePeriod);
		if (rootZoneResult.status !== SecurityStatus.SECURE) {
		return augmentFailureResult(rootZoneResult, 'Got invalid DNSKEY for root zone');
		const result = Zone.initRoot(dnskeyMessage, trustAnchors, datePeriod);
		if (result.status !== SecurityStatus.SECURE) {
		return augmentFailureResult(result, 'Got invalid DNSKEY for root zone');
		}
		const rootZone = rootZoneResult.result;
		return result;
		}
		getZones(rootZone, apexZoneName, datePeriod) {
		let zones = [rootZone];
		for (const zoneName of getZonesInChain(this.query.name, false)) {
		for (const zoneName of getZonesInChain(apexZoneName, false)) {
		const zoneDnskeyMessage = this.zoneMessageByKey[`${zoneName}/${DnssecRecordType.DNSKEY}`];
		@@ -96,4 +111,6 @@ if (!zoneDnskeyMessage) {
		}
		return { status: SecurityStatus.SECURE, result: zones };
		}
		verifyAnswers(answers, zones, datePeriod) {
		const apexZone = zones[zones.length - 1];
		const answers = SignedRRSet.initFromRecords(this.query, this.response.answers);
		if (!apexZone.verifyRrset(answers, datePeriod)) {
		@@ -100,0 +117,0 @@ return {

package.json

		{
		"name": "@relaycorp/dnssec",
		"version": "1.6.2",
		"version": "1.6.3",
		"author": {
		@@ -46,3 +46,3 @@ "email": "no-reply@relaycorp.tech",
		"del-cli": "^5.0.0",
		"dohdec": "^5.0.3",
		"dohdec": "https://gitpkg.now.sh/hildjj/dohdec/pkg/dohdec?acd49694a83825a461bdff55e4a4a63ca7a4bbef",
		"eslint": "^8.28.0",
		@@ -49,0 +49,0 @@ "jest": "^28.1.3",

build/lib/lib/dns/name.js.map

Sorry, the diff of this file is not supported yet

build/lib/lib/SignedRRSet.js.map

Sorry, the diff of this file is not supported yet

build/lib/lib/UnverifiedChain.js.map

Sorry, the diff of this file is not supported yet

@relaycorp/dnssec - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics