DNSSEC Algorithm Refactor #944
Conversation
add function to get algorithm class by algorithm/prefix rename get_algorithm_cls to get_algorithm_cls_from_dnskey
rename AlgorithmPublicKeybase to AlgorithmPublicKey
|
This is looking good, and everything is building and testing happily. Here are a few more nits :) AlgorithmKeyMismatch moved to exception.py but unlike the other things that moved, it is not imported into dnssec.py. We should do that for backwards compatibility, even though we are no longer raising it in dnssec.py. Ruff, Flake8, and pylint all complain about two long lines: poetry run ruff dns These long lines don't get formatted by black as they are in docstrings, but just line wrapping them yourself should do. pylint complains about a bunch of stuff, including unused-import, ungrouped-imports in dnssec.py. This can be fixed with comments to suppress them on those lines. Other pylint complaints follow... These seem valid: dns/dnssecalgs/cryptography.py:13: [W0231(super-init-not-called), CryptographyPublicKey.init] init method from base class 'GenericPublicKey' is not called) These are confusing, as there's nothing wrong with abc.ABC. I'm thinking it has some sort of magic around "import abc" as if I do that instead of the from style import, it is happy. dns/dnssecalgs/base.py:1: [E0611(no-name-in-module), ] No name 'ABC' in module 'abc') These are just nuisances, as you don't need a pass if you have a docstring. Maybe just make sure everything has a docstring and remove the passes? dns/dnssecalgs/base.py:22: [W0107(unnecessary-pass), GenericPublicKey.verify] Unnecessary pass statement) The ways I invoke ruff, flake8, and pylint are in the Makefile if you want to run them locally. |
|
I'm also happy to handle the linting if you prefer; it just has to get done before we do a release :) |
|
@rthalley I've fixed most of the lint errors now, if you can take a look at the rest that would be swell. Btw, any reason you are not using |
|
Re isort, the answer is "ignorance" :). I just tried it and it looks pretty good, though it did cause some warnings to resurrect by deleting a comment. I will turn it on and run it, but only AFTER merging your changes :) |
|
Ok, I looked at your current branch and I'm ready to squash and merge it if you are, so let me know. The remaining issues pylint is having are really pylint issues, and I'll silence them after the merge. |
|
I'm good, let's merge! |
|
Thanks for taking on another big job! |
Refactor DNSSEC Algorithms by moving all algorithm specific code to dedicated classes in
dns.dnssecalgs:AlgorithmPublicKeyimplements public key operations; signature validation, encoding, to/from DNSKEYAlgorithmPrivateKeyimplements private key operations; signing and public key conversion.New algorithms can be registered using
register_algorithm_cls. Private algorithms may be registered with a DNS name prefix or a BER-encoded OID (represented as bytes to avoid dependencies on ASN.1 libraries) prefix. Non-private algorithms are registered without prefixes.No API changes to
dns.dnssec.Based on discussion in #935