SSHFP RFC4255 - validate algorithm & fingerprint_type

- unrecognized wording for invalid values

octodns/record.py

@@ -482,7 +482,7 @@ class MxRecord(_ValuesMixin, Record):
 
 
 class NaptrValue(object):
-    LEGAL_FLAGS = ('S', 'A', 'U', 'P')
+    VALID_FLAGS = ('S', 'A', 'U', 'P')
 
     @classmethod
     def _validate_value(cls, data):
@@ -502,8 +502,8 @@ class NaptrValue(object):
                            .format(data['preference']))
         try:
             flags = data['flags']
-            if flags not in cls.LEGAL_FLAGS:
-                reasons.append('invalid flags "{}"'.format(flags))
+            if flags not in cls.VALID_FLAGS:
+                reasons.append('unrecognized flags "{}"'.format(flags))
         except KeyError:
             reasons.append('missing flags')
 
@@ -594,19 +594,25 @@ class PtrRecord(_ValueMixin, Record):
 
 
 class SshfpValue(object):
+    VALID_ALGORITHMS = (1, 2)
+    VALID_FINGERPRINT_TYPES = (1,)
 
     @classmethod
     def _validate_value(cls, value):
         reasons = []
-        # TODO: validate algorithm and fingerprint_type values
         try:
-            int(value['algorithm'])
+            algorithm = int(value['algorithm'])
+            if algorithm not in cls.VALID_ALGORITHMS:
+                reasons.append('unrecognized algorithm "{}"'.format(algorithm))
         except KeyError:
             reasons.append('missing algorithm')
         except ValueError:
             reasons.append('invalid algorithm "{}"'.format(value['algorithm']))
         try:
-            int(value['fingerprint_type'])
+            fingerprint_type = int(value['fingerprint_type'])
+            if fingerprint_type not in cls.VALID_FINGERPRINT_TYPES:
+                reasons.append('unrecognized fingerprint_type "{}"'
+                               .format(fingerprint_type))
         except KeyError:
             reasons.append('missing fingerprint_type')
         except ValueError:

tests/test_octodns_record.py

@@ -1011,7 +1011,7 @@ class TestRecordValidation(TestCase):
                 'ttl': 600,
                 'value': v
             })
-        self.assertEquals(['invalid flags "X"'], ctx.exception.reasons)
+        self.assertEquals(['unrecognized flags "X"'], ctx.exception.reasons)
 
     def test_NS(self):
         # doesn't blow up
@@ -1104,6 +1104,20 @@ class TestRecordValidation(TestCase):
             })
         self.assertEquals(['invalid algorithm "nope"'], ctx.exception.reasons)
 
+        # unrecognized algorithm
+        with self.assertRaises(ValidationError) as ctx:
+            Record.new(self.zone, '', {
+                'type': 'SSHFP',
+                'ttl': 600,
+                'value': {
+                    'algorithm': 42,
+                    'fingerprint_type': 1,
+                    'fingerprint': 'bf6b6825d2977c511a475bbefb88aad54a92ac73'
+                }
+            })
+        self.assertEquals(['unrecognized algorithm "42"'],
+                          ctx.exception.reasons)
+
         # missing fingerprint_type
         with self.assertRaises(ValidationError) as ctx:
             Record.new(self.zone, '', {
@@ -1130,6 +1144,20 @@ class TestRecordValidation(TestCase):
         self.assertEquals(['invalid fingerprint_type "yeeah"'],
                           ctx.exception.reasons)
 
+        # unrecognized fingerprint_type
+        with self.assertRaises(ValidationError) as ctx:
+            Record.new(self.zone, '', {
+                'type': 'SSHFP',
+                'ttl': 600,
+                'value': {
+                    'algorithm': 1,
+                    'fingerprint_type': 42,
+                    'fingerprint': 'bf6b6825d2977c511a475bbefb88aad54a92ac73'
+                }
+            })
+        self.assertEquals(['unrecognized fingerprint_type "42"'],
+                          ctx.exception.reasons)
+
         # missing fingerprint
         with self.assertRaises(ValidationError) as ctx:
             Record.new(self.zone, '', {