def self.validate_with_query(query, msg)
if (!msg)
return false
end
found_sigs = false
msg.each_resource {|rr|
if (rr.type == Types::RRSIG)
found_sigs = true
end
}
if (found_sigs)
begin
if (verify(msg))
msg.security_level = Message::SecurityLevel.SECURE
return true
end
rescue VerifyError
end
end
TheLog.debug("Checking whether to validate, query.cd = #{query.header.cd}")
if (((@@validation_policy > ValidationPolicy::ALWAYS_ROOT_ONLY) && (self.trust_anchors().length > 0)) ||
(query.header.cd == true))
TheLog.debug("Starting validation")
last_error = ""
last_level = Message::SecurityLevel.BOGUS
last_error_level = Message::SecurityLevel.BOGUS
if (@@validation_policy == ValidationPolicy::ALWAYS_LOCAL_ANCHORS_ONLY)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_anchors(m, q)}, msg, query)
elsif (@@validation_policy == ValidationPolicy::ALWAYS_ROOT_ONLY)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_root(m, q)}, msg, query)
elsif (@@validation_policy == ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_anchors(m, q)}, msg, query)
if (last_level != Message::SecurityLevel.SECURE)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_root(m, q)}, msg, query)
end
elsif (@@validation_policy == ValidationPolicy::ROOT_THEN_LOCAL_ANCHORS)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_root(m, q)}, msg, query)
if (last_level != Message::SecurityLevel.SECURE)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_anchors(m, q)}, msg, query)
end
end
if (last_level != Message::SecurityLevel.SECURE)
last_level, last_error, last_error_level = try_validation(last_level, last_error, last_error_level,
Proc.new{|m, q| validate_with_dlv(m, q)}, msg, query)
end
msg.security_level = last_level
raise VerifyError.new(last_error) if (last_level < 0)
return (msg.security_level.code > Message::SecurityLevel::UNCHECKED)
end
msg.security_level = Message::SecurityLevel.UNCHECKED
return true
end