TSIG code now uses dns.rcode.Rcode enum values for the TSIG error field.

4 files changed, 34 insertions, 19 deletions

diff --git a/dns/rcode.py b/dns/rcode.py
index d3cfdba..0bce2d4 100644
--- a/dns/rcode.py
+++ b/dns/rcode.py
@@ -46,13 +46,13 @@ class Rcode(dns.enum.IntEnum):
     #: Bad EDNS version.
     BADVERS = 16
     #: TSIG Signature Failure
-    # BADSIG = 16
+    BADSIG = 16
     #: Key not recognized.
-    BADKEY	= 17
+    BADKEY = 17
     #: Signature out of time window.
-    BADTIME	= 18
+    BADTIME = 18
     #: Bad TKEY Mode.
-    BADMODE	= 19
+    BADMODE = 19
     #: Duplicate key name.
     BADNAME = 20
     #: Algorithm not supported.
@@ -124,14 +124,16 @@ def to_flags(value):
     return (v, ev)
 
 
-def to_text(value):
+def to_text(value, tsig=False):
     """Convert rcode into text.
 
-    *value*, and ``int``, the rcode.
+    *value*, an ``int``, the rcode.
 
     Raises ``ValueError`` if rcode is < 0 or > 4095.
 
     Returns a ``str``.
     """
 
+    if tsig and value == Rcode.BADVERS:
+        return 'BADSIG'
     return Rcode.to_text(value)
diff --git a/dns/tsig.py b/dns/tsig.py
index 08ab41e..b554e2e 100644
--- a/dns/tsig.py
+++ b/dns/tsig.py
@@ -25,6 +25,7 @@ import struct
 import dns.exception
 import dns.rdataclass
 import dns.name
+import dns.rcode
 
 class BadTime(dns.exception.DNSException):
 
@@ -90,11 +91,6 @@ _hashes = {
 
 default_algorithm = HMAC_SHA256
 
-BADSIG = 16
-BADKEY = 17
-BADTIME = 18
-BADTRUNC = 22
-
 
 def sign(wire, key, rdata, time=None, request_mac=None, ctx=None, multi=False):
     """Return a (tsig_rdata, mac, ctx) tuple containing the HMAC TSIG rdata
@@ -162,13 +158,13 @@ def validate(wire, key, owner, rdata, now, request_mac, tsig_start, ctx=None,
     adcount -= 1
     new_wire = wire[0:10] + struct.pack("!H", adcount) + wire[12:tsig_start]
     if rdata.error != 0:
-        if rdata.error == BADSIG:
+        if rdata.error == dns.rcode.BADSIG:
             raise PeerBadSignature
-        elif rdata.error == BADKEY:
+        elif rdata.error == dns.rcode.BADKEY:
             raise PeerBadKey
-        elif rdata.error == BADTIME:
+        elif rdata.error == dns.rcode.BADTIME:
             raise PeerBadTime
-        elif rdata.error == BADTRUNC:
+        elif rdata.error == dns.rcode.BADTRUNC:
             raise PeerBadTruncation
         else:
             raise PeerError('unknown TSIG error code %d' % rdata.error)
diff --git a/tests/test_flags.py b/tests/test_flags.py
index f3e7f84..479e384 100644
--- a/tests/test_flags.py
+++ b/tests/test_flags.py
@@ -56,6 +56,22 @@ class FlagsTestCase(unittest.TestCase):
         flags = dns.flags.QR|dns.flags.AA|dns.flags.RD|dns.flags.RA
         self.assertEqual(dns.flags.to_text(flags), "QR AA RD RA")
 
+    def test_rcode_badvers(self):
+        rcode = dns.rcode.BADVERS
+        self.assertEqual(rcode.value, 16)
+        self.assertEqual(rcode.name, 'BADVERS')
+        self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS')
+
+    def test_rcode_badsig(self):
+        rcode = dns.rcode.BADSIG
+        self.assertEqual(rcode.value, 16)
+        # Yes, we mean BADVERS on the next line.  BADSIG and BADVERS have
+        # the same code.
+        self.assertEqual(rcode.name, 'BADVERS')
+        self.assertEqual(dns.rcode.to_text(rcode), 'BADVERS')
+        # In TSIG text mode, it should be BADSIG
+        self.assertEqual(dns.rcode.to_text(rcode, True), 'BADSIG')
+
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/tests/test_tsig.py b/tests/test_tsig.py
index 2722e15..f5c62cc 100644
--- a/tests/test_tsig.py
+++ b/tests/test_tsig.py
@@ -4,6 +4,7 @@ import hashlib
 import unittest
 import time
 
+import dns.rcode
 import dns.tsig
 import dns.tsigkeyring
 import dns.message
@@ -50,10 +51,10 @@ class TSIGTestCase(unittest.TestCase):
         return(q, r)
 
     def test_peer_errors(self):
-        items = [(dns.tsig.BADSIG, dns.tsig.PeerBadSignature),
-                 (dns.tsig.BADKEY, dns.tsig.PeerBadKey),
-                 (dns.tsig.BADTIME, dns.tsig.PeerBadTime),
-                 (dns.tsig.BADTRUNC, dns.tsig.PeerBadTruncation),
+        items = [(dns.rcode.BADSIG, dns.tsig.PeerBadSignature),
+                 (dns.rcode.BADKEY, dns.tsig.PeerBadKey),
+                 (dns.rcode.BADTIME, dns.tsig.PeerBadTime),
+                 (dns.rcode.BADTRUNC, dns.tsig.PeerBadTruncation),
                  (99, dns.tsig.PeerError),
                  ]
         for err, ex in items: