[PR #2534] [MERGED] Start cleaning up DNSSEC API #3116

New issue

Closed

opened 2026-03-16 11:26:07 +03:00 by kerem · 0 comments

kerem commented

2026-03-16 11:26:07 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/hickory-dns/hickory-dns/pull/2534
Author: @djc
Created: 10/29/2024
Status: ✅ Merged
Merged: 10/30/2024
Merged by: @djc

Base: main ← Head: signer

📝 Commits (7)

7c7301f proto: remove old type alias
fa2d081 proto: move key_tag() method into PublicKey trait
5dfc495 proto: simplify to_ds() implementation
0e76322 proto: move to_dnskey() into PublicKey trait
833c504 proto: remove unnecessary dnssec guards
b3963e9 proto: move to_ds() into PublicKey trait
38eccdf proto: move to_sigkey*() methods into PublicKey trait

📊 Changes

13 files changed (+197 additions, -230 deletions)

View changed files

📝 bin/src/dnssec.rs (+4 -3)
📝 bin/src/hickory-dns.rs (+5 -2)
📝 bin/tests/integration/authority_battery/dynamic_update.rs (+7 -5)
📝 crates/proto/src/rr/dnssec/digest_type.rs (+0 -1)
📝 crates/proto/src/rr/dnssec/keypair.rs (+6 -167)
📝 crates/proto/src/rr/dnssec/mod.rs (+1 -2)
📝 crates/proto/src/rr/dnssec/nsec3.rs (+0 -3)
📝 crates/proto/src/rr/dnssec/public_key.rs (+149 -7)
📝 crates/proto/src/rr/dnssec/signer.rs (+18 -34)
📝 crates/server/src/store/in_memory/authority.rs (+2 -2)
📝 tests/integration-tests/src/example_authority.rs (+1 -1)
📝 tests/integration-tests/tests/integration/client_future_tests.rs (+3 -2)
📝 tests/integration-tests/tests/integration/client_tests.rs (+1 -1)

📄 Description

As part of integrating support for aws-lc-rs (as a ring alternative) and untangling the dependency on OpenSSL in ring signing tests, I've started cleaning up the KeyPair API. As a starting point, I've moved all the API that was actually only dependent on the public key to the PublicKey trait, which seems like a more obvious way to expose the API.

It seems like the abstraction originally tried to leverage openssl traits like HasPublic and Private, but (a) it makes very little sense to have a KeyPair type that does not have access to the private key and (b) we would definitely prefer for the high-level API not to depend on OpenSSL.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/hickory-dns/hickory-dns/pull/2534 **Author:** [@djc](https://github.com/djc) **Created:** 10/29/2024 **Status:** ✅ Merged **Merged:** 10/30/2024 **Merged by:** [@djc](https://github.com/djc) **Base:** `main` ← **Head:** `signer` --- ### 📝 Commits (7) - [`7c7301f`](https://github.com/hickory-dns/hickory-dns/commit/7c7301fd2f54daf8d504bc8aa45ad63992de02a8) proto: remove old type alias - [`fa2d081`](https://github.com/hickory-dns/hickory-dns/commit/fa2d0810824edc22745aef0585cbfd36ae15c1f1) proto: move key_tag() method into PublicKey trait - [`5dfc495`](https://github.com/hickory-dns/hickory-dns/commit/5dfc4952242a37f6209db1be194c14654f27a6bb) proto: simplify to_ds() implementation - [`0e76322`](https://github.com/hickory-dns/hickory-dns/commit/0e76322af36f70172a408758882b632599836551) proto: move to_dnskey() into PublicKey trait - [`833c504`](https://github.com/hickory-dns/hickory-dns/commit/833c50455b3f34bd2cdef613205525c9de557371) proto: remove unnecessary dnssec guards - [`b3963e9`](https://github.com/hickory-dns/hickory-dns/commit/b3963e98a9c6c50a9082545ea45b82764e1fd47d) proto: move to_ds() into PublicKey trait - [`38eccdf`](https://github.com/hickory-dns/hickory-dns/commit/38eccdff7175216f62312cd19545f2fd9744494a) proto: move to_sigkey*() methods into PublicKey trait ### 📊 Changes **13 files changed** (+197 additions, -230 deletions) <details> <summary>View changed files</summary> 📝 `bin/src/dnssec.rs` (+4 -3) 📝 `bin/src/hickory-dns.rs` (+5 -2) 📝 `bin/tests/integration/authority_battery/dynamic_update.rs` (+7 -5) 📝 `crates/proto/src/rr/dnssec/digest_type.rs` (+0 -1) 📝 `crates/proto/src/rr/dnssec/keypair.rs` (+6 -167) 📝 `crates/proto/src/rr/dnssec/mod.rs` (+1 -2) 📝 `crates/proto/src/rr/dnssec/nsec3.rs` (+0 -3) 📝 `crates/proto/src/rr/dnssec/public_key.rs` (+149 -7) 📝 `crates/proto/src/rr/dnssec/signer.rs` (+18 -34) 📝 `crates/server/src/store/in_memory/authority.rs` (+2 -2) 📝 `tests/integration-tests/src/example_authority.rs` (+1 -1) 📝 `tests/integration-tests/tests/integration/client_future_tests.rs` (+3 -2) 📝 `tests/integration-tests/tests/integration/client_tests.rs` (+1 -1) </details> ### 📄 Description As part of integrating support for aws-lc-rs (as a ring alternative) and untangling the dependency on OpenSSL in ring signing tests, I've started cleaning up the `KeyPair` API. As a starting point, I've moved all the API that was actually only dependent on the public key to the `PublicKey` trait, which seems like a more obvious way to expose the API. It seems like the abstraction originally tried to leverage openssl traits like `HasPublic` and `Private`, but (a) it makes very little sense to have a `KeyPair` type that does not have access to the private key and (b) we would definitely prefer for the high-level API not to depend on OpenSSL. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>