#![deny(missing_docs)]
+// const_slice_from_raw_parts was stabilized in 1.64, however we support building on 1.63 as well.
+// Luckily, it seems to work fine in 1.63 with the feature flag (and RUSTC_BOOTSTRAP=1) enabled.
+#![cfg_attr(feature = "validation", allow(stable_features))]
+#![cfg_attr(feature = "validation", feature(const_slice_from_raw_parts))]
+
extern crate alloc;
pub mod rr;
-pub mod validation;
-mod ser;
+pub mod ser;
pub mod query;
-#[cfg(feature = "tokio")]
+#[cfg(feature = "validation")]
+mod base32;
+#[cfg(feature = "validation")]
+mod crypto;
+#[cfg(feature = "validation")]
+pub mod validation;
+
+#[cfg(any(feature = "build_server", all(feature = "tokio", feature = "validation")))]
use tokio_crate as tokio;
#[cfg(feature = "build_server")]
imp::run_server(listener, resolver_sockaddr).await;
}
-#[cfg(feature = "tokio")]
+#[cfg(any(feature = "build_server", all(feature = "tokio", feature = "validation")))]
mod imp {
use super::*;
break 'ret_err;
};
let proof_res = match t.to_ascii_uppercase().as_str() {
- "TXT" => build_txt_proof_async(resolver_sockaddr, query_name).await,
- "TLSA" => build_tlsa_proof_async(resolver_sockaddr, query_name).await,
- "A" => build_a_proof_async(resolver_sockaddr, query_name).await,
- "AAAA" => build_aaaa_proof_async(resolver_sockaddr, query_name).await,
+ "TXT" => build_txt_proof_async(resolver_sockaddr, &query_name).await,
+ "TLSA" => build_tlsa_proof_async(resolver_sockaddr, &query_name).await,
+ "A" => build_a_proof_async(resolver_sockaddr, &query_name).await,
+ "AAAA" => build_aaaa_proof_async(resolver_sockaddr, &query_name).await,
_ => break 'ret_err,
};
- let proof = if let Ok(proof) = proof_res { proof } else {
+ let (proof, cache_ttl) = if let Ok(proof) = proof_res { proof } else {
response = ("404 Not Found", "Failed to generate proof for given domain");
break 'ret_err;
};
let _ = socket.write_all(
- format!("HTTP/1.1 200 OK\r\nContent-Length: {}\r\n\r\n", proof.len()).as_bytes()
+ format!(
+ "HTTP/1.1 200 OK\r\nContent-Length: {}\r\nContent-Type: application/octet-stream\r\nCache-Control: public, max-age={}, s-maxage={}\r\nAccess-Control-Allow-Origin: *\r\n\r\n",
+ proof.len(), cache_ttl, cache_ttl
+ ).as_bytes()
).await;
let _ = socket.write_all(&proof).await;
return;
}
let _ = socket.write_all(format!(
- "HTTP/1.1 {}\r\nContent-Length: {}\r\nContent-Type: text/plain\r\n\r\n{}",
+ "HTTP/1.1 {}\r\nContent-Length: {}\r\nContent-Type: text/plain\r\nAccess-Control-Allow-Origin: *\r\n\r\n{}",
response.0, response.1.len(), response.1,
).as_bytes()).await;
});
}
}
-#[cfg(all(feature = "tokio", test))]
+#[cfg(all(feature = "tokio", feature = "validation", test))]
mod test {
use super::*;
- use crate::validation::{parse_rr_stream, verify_rr_stream};
+ use crate::ser::parse_rr_stream;
+ use crate::validation::verify_rr_stream;
use minreq;
let verified_rrs = verify_rr_stream(&rrs).unwrap();
assert_eq!(verified_rrs.verified_rrs.len(), 1);
}
+
+ #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
+ async fn test_lookup_a() {
+ let ns = "9.9.9.9:53".parse().unwrap();
+ let listener = tokio::net::TcpListener::bind("127.0.0.1:17493").await
+ .expect("Failed to bind to socket");
+ tokio::spawn(imp::run_server(listener, ns));
+ let resp = minreq::get(
+ "http://127.0.0.1:17493/dnssecproof?d=cloudflare.com.&t=a"
+ ).send().unwrap();
+
+ assert_eq!(resp.status_code, 200);
+ let rrs = parse_rr_stream(resp.as_bytes()).unwrap();
+ let verified_rrs = verify_rr_stream(&rrs).unwrap();
+ assert!(verified_rrs.verified_rrs.len() >= 1);
+ }
+
+ #[tokio::test(flavor = "multi_thread", worker_threads = 1)]
+ async fn test_lookup_tlsa() {
+ let ns = "1.1.1.1:53".parse().unwrap();
+ let listener = tokio::net::TcpListener::bind("127.0.0.1:17494").await
+ .expect("Failed to bind to socket");
+ tokio::spawn(imp::run_server(listener, ns));
+ let resp = minreq::get(
+ "http://127.0.0.1:17494/dnssecproof?d=_25._tcp.mail.as397444.net.&t=TLSA"
+ ).send().unwrap();
+
+ assert_eq!(resp.status_code, 200);
+ let rrs = parse_rr_stream(resp.as_bytes()).unwrap();
+ let verified_rrs = verify_rr_stream(&rrs).unwrap();
+ assert_eq!(verified_rrs.verified_rrs.len(), 1);
+ }
}