Validation fixes, still not perfect, but much nicer

dnssec.go

@@ -285,7 +285,7 @@ func (s *RR_RRSIG) Sign(k PrivateKey, rrset []RR) error {
 
 // Verify validates an RRSet with the signature and key. This is only the
 // cryptographic test, the signature validity period must be checked separately.
-// This function (temporary) modifies the RR for the validation to work. 
+// This function modifies the rdata of some RRs (lowercases domain names) for the validation to work. 
 func (s *RR_RRSIG) Verify(k *RR_DNSKEY, rrset []RR) error {
 	// First the easy checks
 	if s.KeyTag != k.KeyTag() {
@@ -493,8 +493,7 @@ func (p wireSlice) Less(i, j int) bool {
 }
 func (p wireSlice) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
 
-// Return the raw signature data. 
+// Return the raw signature data.
-// TODO: the rr rdata is lowercased for some records
 func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) {
 	wires := make(wireSlice, len(rrset))
 	for i, r := range rrset {
@@ -514,32 +513,62 @@ func rawSignatureData(rrset []RR, s *RR_RRSIG) (buf []byte) {
 		//   SRV, DNAME, A6
 		switch x := r1.(type) {
 		case *RR_NS:
+			p := x.Ns
+			defer func() { x.Ns = p }()
 			x.Ns = strings.ToLower(x.Ns)
 		case *RR_CNAME:
-			x.Cname = strings.ToLower(x.Cname)
+			p := x.Target
+			defer func() { x.Target = p }()
+			x.Target = strings.ToLower(x.Target)
 		case *RR_SOA:
+			p := x.Ns
+			q := x.Mbox
+			defer func() { x.Ns = p }()
+			defer func() { x.Mbox = q }()
 			x.Ns = strings.ToLower(x.Ns)
 			x.Mbox = strings.ToLower(x.Mbox)
 		case *RR_MB:
+			p := x.Mb
+			defer func() { x.Mb = p }()
 			x.Mb = strings.ToLower(x.Mb)
 		case *RR_MG:
+			p := x.Mg
+			defer func() { x.Mg = p }()
 			x.Mg = strings.ToLower(x.Mg)
 		case *RR_MR:
+			p := x.Mr
+			defer func() { x.Mr = p }()
 			x.Mr = strings.ToLower(x.Mr)
 		case *RR_PTR:
+			p := x.Ptr
+			defer func() { x.Ptr = p }()
 			x.Ptr = strings.ToLower(x.Ptr)
 		case *RR_MINFO:
+			p := x.Rmail
+			q := x.Email
+			defer func() { x.Rmail = p }()
+			defer func() { x.Email = q }()
 			x.Rmail = strings.ToLower(x.Rmail)
 			x.Email = strings.ToLower(x.Email)
 		case *RR_MX:
+			p := x.Mx
+			defer func() { x.Mx = p }()
 			x.Mx = strings.ToLower(x.Mx)
 		case *RR_NAPTR:
+			p := x.Replacement
+			defer func() { x.Replacement = p }()
 			x.Replacement = strings.ToLower(x.Replacement)
 		case *RR_KX:
+			p := x.Exchanger
+			defer func() { x.Exchanger = p }()
 			x.Exchanger = strings.ToLower(x.Exchanger)
 		case *RR_SRV:
+			p := x.Target
+			defer func() { x.Target = p }()
 			x.Target = strings.ToLower(x.Target)
 		case *RR_DNAME:
+			p := x.Target
+			defer func() { x.Target = p }()
 			x.Target = strings.ToLower(x.Target)
 		}
 		// 6.2. Canonical RR Form. (5) - origTTL

types.go

@@ -187,11 +187,11 @@ func (rr *RR_CNAME) Header() *RR_Header {
 }
 
 func (rr *RR_CNAME) String() string {
-	return rr.Hdr.String() + rr.Cname
+	return rr.Hdr.String() + rr.Target
 }
 
 func (rr *RR_CNAME) Len() int {
-	l := len(rr.Cname) + 1
+	l := len(rr.Target) + 1
 	return rr.Hdr.Len() + l
 }
 

zscan_rr.go

@@ -56,7 +56,7 @@ func setRR(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
 		//r, e = setLOC(h, c, f)
 		// TODO
 		goto Slurp
-	// These types have a variable ending either chunks of txt or chunks/base64 or hex.
+	// These types have a variable ending: either chunks of txt or chunks/base64 or hex.
 	// They need to search for the end of the RR themselves, hence they look for the ending
 	// newline. Thus there is no need to slurp the remainder, because there is none.
 	case TypeDNSKEY:
@@ -185,13 +185,13 @@ func setCNAME(h RR_Header, c chan lex, o, f string) (RR, *ParseError) {
 	rr.Hdr = h
 
 	l := <-c
-	rr.Cname = l.token
+	rr.Target = l.token
 	_, ld, ok := IsDomainName(l.token)
 	if !ok {
-		return nil, &ParseError{f, "bad CNAME Cname", l}
+		return nil, &ParseError{f, "bad CNAME Target", l}
 	}
-	if rr.Cname[ld-1] != '.' {
+	if rr.Target[ld-1] != '.' {
-		rr.Cname = appendOrigin(rr.Cname, o)
+		rr.Target = appendOrigin(rr.Target, o)
 	}
 	return rr, nil
 }