Fix SSHFP validation for ECDSA, ED25519, and SHA256

ECDSA algorithm: RFC6594 - https://tools.ietf.org/html/rfc6594 ED25519 algorithm: RFC7479 - https://tools.ietf.org/html/rfc7479 Fingerprint type SHA-256: RFC6594 - https://tools.ietf.org/html/rfc6594 https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.txt Based on regex from designate-dashboard Change-Id: I670c90032beb7403c01751fa1be81c0e906d37f4 (cherry picked from commit 028c9bf1e9)
2016-08-04 02:15:18 +01:00 · 2016-08-04 02:15:18 +01:00 · 7a3de8cd13
commit 7a3de8cd13
parent 19fec582ca
3 changed files with 4 additions and 3 deletions
--- a/designate/objects/rrdata_sshfp.py
+++ b/designate/objects/rrdata_sshfp.py
@ -26,7 +26,7 @@ class SSHFP(Record):
            'schema': {
                'type': 'integer',
                'minimum': 0,
-                'maximum': 2
+                'maximum': 4
            },
            'required': True
        },
@ -34,7 +34,7 @@ class SSHFP(Record):
            'schema': {
                'type': 'integer',
                'minimum': 0,
-                'maximum': 1
+                'maximum': 2
            },
            'required': True
        },
--- a/designate/schema/format.py
+++ b/designate/schema/format.py
@ -49,7 +49,7 @@ RE_FIP_ID = r'^(?P<region>[A-Za-z0-9\.\-_]{1,100}):' \
            r'(?P<id>[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' \
            r'[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\Z'

-RE_SSHFP_FINGERPRINT = r'^[0-9A-Fa-f]{40}\Z'
+RE_SSHFP_FINGERPRINT = r'^([0-9A-Fa-f]{10,40}|[0-9A-Fa-f]{64})\Z'


 draft3_format_checker = jsonschema.draft3_format_checker
--- a/designate/tests/test_schema/test_format.py
+++ b/designate/tests/test_schema/test_format.py
@ -391,6 +391,7 @@ class SchemaFormatTest(TestCase):
    def test_is_sshfp(self):
        valid_sshfps = [
            '72d30d211ce8c464de2811e534de23b9be9b4dc4',
+            '7f3f61e323a7d75de08a2a6069b333e925cae260f4902017194002f226db8658',
        ]

        invalid_sshfps = [