From 028c9bf1e935549d1fd8d61096bce2612177becc Mon Sep 17 00:00:00 2001
From: Alex Monk <krenair@gmail.com>
Date: Thu, 4 Aug 2016 02:15:18 +0100
Subject: [PATCH] Fix SSHFP validation for ECDSA, ED25519, and SHA256

ECDSA algorithm:          RFC6594 - https://tools.ietf.org/html/rfc6594
ED25519 algorithm:        RFC7479 - https://tools.ietf.org/html/rfc7479
Fingerprint type SHA-256: RFC6594 - https://tools.ietf.org/html/rfc6594

https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.txt

Based on regex from designate-dashboard

Change-Id: I670c90032beb7403c01751fa1be81c0e906d37f4
---
 designate/objects/rrdata_sshfp.py          | 4 ++--
 designate/schema/format.py                 | 2 +-
 designate/tests/test_schema/test_format.py | 1 +
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/designate/objects/rrdata_sshfp.py b/designate/objects/rrdata_sshfp.py
index 177339a0a..0d1961f44 100644
--- a/designate/objects/rrdata_sshfp.py
+++ b/designate/objects/rrdata_sshfp.py
@@ -26,7 +26,7 @@ class SSHFP(Record):
             'schema': {
                 'type': 'integer',
                 'minimum': 0,
-                'maximum': 2
+                'maximum': 4
             },
             'required': True
         },
@@ -34,7 +34,7 @@ class SSHFP(Record):
             'schema': {
                 'type': 'integer',
                 'minimum': 0,
-                'maximum': 1
+                'maximum': 2
             },
             'required': True
         },
diff --git a/designate/schema/format.py b/designate/schema/format.py
index 128394647..fd5243314 100644
--- a/designate/schema/format.py
+++ b/designate/schema/format.py
@@ -49,7 +49,7 @@ RE_FIP_ID = r'^(?P<region>[A-Za-z0-9\.\-_]{1,100}):' \
             r'(?P<id>[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-' \
             r'[0-9a-fA-F]{4}-[0-9a-fA-F]{12})\Z'
 
-RE_SSHFP_FINGERPRINT = r'^[0-9A-Fa-f]{40}\Z'
+RE_SSHFP_FINGERPRINT = r'^([0-9A-Fa-f]{10,40}|[0-9A-Fa-f]{64})\Z'
 
 
 draft3_format_checker = jsonschema.draft3_format_checker
diff --git a/designate/tests/test_schema/test_format.py b/designate/tests/test_schema/test_format.py
index 4a8e3b6dd..7b37c65c2 100644
--- a/designate/tests/test_schema/test_format.py
+++ b/designate/tests/test_schema/test_format.py
@@ -391,6 +391,7 @@ class SchemaFormatTest(TestCase):
     def test_is_sshfp(self):
         valid_sshfps = [
             '72d30d211ce8c464de2811e534de23b9be9b4dc4',
+            '7f3f61e323a7d75de08a2a6069b333e925cae260f4902017194002f226db8658',
         ]
 
         invalid_sshfps = [