Warn if using prohibited or not recommended algorithm
Casey Deccio
3 years ago
415 | 415 | |
416 | 416 | # Independent of whether or not we considered the digest for |
417 | 417 | # validation, issue a warning if we are using a digest type for which |
418 | # validation has been prohibited. | |
418 | # validation or publishing has been prohibited. | |
419 | 419 | if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED: |
420 | 420 | self.warnings.append(Errors.DigestAlgorithmValidationProhibited(algorithm=self.ds.digest_type)) |
421 | elif self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED: | |
422 | self.warnings.append(Errors.DigestAlgorithmProhibited(algorithm=self.ds.digest_type)) | |
423 | elif self.ds.digest_type in DS_DIGEST_ALGS_NOT_RECOMMENDED: | |
424 | self.warnings.append(Errors.DigestAlgorithmNotRecommended(algorithm=self.ds.digest_type)) | |
421 | 425 | |
422 | 426 | if self.dnskey is not None and \ |
423 | 427 | self.dnskey.rdata.flags & fmt.DNSKEY_FLAGS['revoke']: |
493 | 497 | self.warnings.append(Errors.DSDigestAlgorithmIgnored(algorithm=1, new_algorithm=digest_alg)) |
494 | 498 | else: |
495 | 499 | self.warnings.append(Errors.DSDigestAlgorithmMaybeIgnored(algorithm=1, new_algorithm=digest_alg)) |
496 | ||
497 | # For all other digest types, just add a warning here | |
498 | elif self.ds.digest_type in DS_DIGEST_ALGS_PROHIBITED: | |
499 | self.warnings.append(Errors.DigestAlgorithmProhibited(algorithm=self.ds.digest_type)) | |
500 | elif self.ds.digest_type in DS_DIGEST_ALGS_NOT_RECOMMENDED: | |
501 | self.warnings.append(Errors.DigestAlgorithmNotRecommended(algorithm=self.ds.digest_type)) | |
502 | 500 | |
503 | 501 | |
504 | 502 | def __str__(self): |