remove incorrect dnssec validation

2015-07-08 15:14:00 +02:00 · 2015-07-08 15:14:00 +02:00 · 538846ee0b
parent 126454c0e6
commit 538846ee0b
1 changed files with 1 additions and 81 deletions
--- a/lib/contacts.py
+++ b/lib/contacts.py
@ -7,34 +7,6 @@ import bitcoin
 from util import StoreDict, print_error
 from i18n import _

-# Import all of the rdtypes, as py2app and similar get confused with the dnspython
-# autoloader and won't include all the rdatatypes
-try:
-    import dns.name
-    import dns.query
-    import dns.dnssec
-    import dns.message
-    import dns.resolver
-    import dns.rdatatype
-    import dns.rdtypes.ANY.NS
-    import dns.rdtypes.ANY.CNAME
-    import dns.rdtypes.ANY.DLV
-    import dns.rdtypes.ANY.DNSKEY
-    import dns.rdtypes.ANY.DS
-    import dns.rdtypes.ANY.NSEC
-    import dns.rdtypes.ANY.NSEC3
-    import dns.rdtypes.ANY.NSEC3PARAM
-    import dns.rdtypes.ANY.RRSIG
-    import dns.rdtypes.ANY.SOA
-    import dns.rdtypes.ANY.TXT
-    import dns.rdtypes.IN.A
-    import dns.rdtypes.IN.AAAA
-    from dns.exception import DNSException
-    OA_READY = True
-except ImportError:
-    OA_READY = False
-
-
 class Contacts(StoreDict):

    def __init__(self, config):
@ -58,11 +30,7 @@ class Contacts(StoreDict):
        out = self.resolve_openalias(k)
        if out:
            address, name = out
-            try:
-                validated = self.validate_dnssec(k)
-            except:
-                validated = False
-                traceback.print_exc(file=sys.stderr)
+            validated = False
            return {
                'address': address,
                'name': name,
@ -122,51 +90,3 @@ class Contacts(StoreDict):
        except AttributeError:
            return None

-    def validate_dnssec(self, url):
-        print_error('Checking DNSSEC trust chain for ' + url)
-        default = dns.resolver.get_default_resolver()
-        ns = default.nameservers[0]
-        parts = url.split('.')
-
-        for i in xrange(len(parts), 0, -1):
-            sub = '.'.join(parts[i - 1:])
-            query = dns.message.make_query(sub, dns.rdatatype.NS)
-            response = dns.query.udp(query, ns, 3)
-            if response.rcode() != dns.rcode.NOERROR:
-                print_error("query error")
-                return False
-
-            if len(response.authority) > 0:
-                rrset = response.authority[0]
-            else:
-                rrset = response.answer[0]
-
-            rr = rrset[0]
-            if rr.rdtype == dns.rdatatype.SOA:
-                #Same server is authoritative, don't check again
-                continue
-
-            query = dns.message.make_query(sub,
-                                           dns.rdatatype.DNSKEY,
-                                           want_dnssec=True)
-            response = dns.query.udp(query, ns, 3)
-            if response.rcode() != 0:
-                self.print_error("query error")
-                return False
-                # HANDLE QUERY FAILED (SERVER ERROR OR NO DNSKEY RECORD)
-
-            # answer should contain two RRSET: DNSKEY and RRSIG(DNSKEY)
-            answer = response.answer
-            if len(answer) != 2:
-                print_error("answer error", answer)
-                return False
-
-            # the DNSKEY should be self signed, validate it
-            name = dns.name.from_text(sub)
-            try:
-                dns.dnssec.validate(answer[0], answer[1], {name: answer[0]})
-            except dns.dnssec.ValidationFailure:
-                print_error("validation error")
-                return False
-
-        return True