octodns.record.sshfp

Classes

SshfpRecord(zone, name, data[, source, context])

SshfpValue(value)

SshfpValueBestPracticeValidator(id[, sets])

Checks that SSHFP records use SHA-256 (fingerprint_type 2) rather than the deprecated SHA-1 (fingerprint_type 1).

SshfpValueRfcValidator(id[, sets])

Strict SSHFP rdata validator per RFC 4255/6594/7479/8709.

SshfpValueValidator(id[, sets])

Validates SSHFP rdata: algorithm and fingerprint_type are from the recognized sets in RFC 4255/6594, and the fingerprint hex string's length matches the fingerprint type (SHA-1 = 40, SHA-256 = 64).
class octodns.record.sshfp.SshfpValueValidator(id, sets=None)[source]

Bases: ValueValidator

Validates SSHFP rdata: algorithm and fingerprint_type are from the recognized sets in RFC 4255/6594, and the fingerprint hex string’s length matches the fingerprint type (SHA-1 = 40, SHA-256 = 64).

FINGERPRINT_LENGTHS = {1: 40, 2: 64}
validate(value_cls, data, _type)[source]

Validate a record’s rdata values.

Parameters:

  • value_cls (type) – The concrete value class being validated (e.g. MxValue, _Ipv4Value). Validators that need access to value class-level attributes (e.g. VALID_ALGORITHMS, _address_type) should read them from value_cls. Per-instance configuration should live on self, not on value_cls.

  • data (list | tuple | str | dict) – The rdata to validate. For multi-value record types this is a list/tuple of value dicts or strings; for single-value types it may be a bare value. Most validators iterate data directly — when a validator needs to accept either form it should normalize with if not isinstance(data, (list, tuple)): data = (data,).

  • _type (str) – The record type string (e.g. 'MX', 'A'). Passed through to helpers like _check_target_format which format it into their reason strings.

Returns:

A list of human-readable reason strings describing validation failures. Must return an empty list when the values are valid. Reasons from multiple validators are concatenated by the caller, so each reason must stand alone without context from the others.

Return type:

list[str]

Notes

Implementations must not raise on invalid input — all failures are reported via the returned list. Reason strings are surfaced verbatim in ValidationError messages, so phrasing and punctuation should be stable across releases.

class octodns.record.sshfp.SshfpValueRfcValidator(id, sets=None)[source]

Bases: ValueValidator

Strict SSHFP rdata validator per RFC 4255/6594/7479/8709.

  • algorithm must be an integer in [0, 255].

  • fingerprint_type must be an integer in [0, 255].

  • fingerprint must be a valid lowercase hex string.

  • For fingerprint_type 1 (SHA-1): fingerprint must be 40 hex chars.

  • For fingerprint_type 2 (SHA-256): fingerprint must be 64 hex chars.

Enabled as part of the strict validator set:

manager:
  enabled:
    - strict
_hex_re = re.compile('^[0-9a-fA-F]+$')
_fingerprint_type_lengths = {1: 40, 2: 64}
validate(value_cls, data, _type)[source]

Validate a record’s rdata values.

Parameters:

  • value_cls (type) – The concrete value class being validated (e.g. MxValue, _Ipv4Value). Validators that need access to value class-level attributes (e.g. VALID_ALGORITHMS, _address_type) should read them from value_cls. Per-instance configuration should live on self, not on value_cls.

  • data (list | tuple | str | dict) – The rdata to validate. For multi-value record types this is a list/tuple of value dicts or strings; for single-value types it may be a bare value. Most validators iterate data directly — when a validator needs to accept either form it should normalize with if not isinstance(data, (list, tuple)): data = (data,).

  • _type (str) – The record type string (e.g. 'MX', 'A'). Passed through to helpers like _check_target_format which format it into their reason strings.

Returns:

A list of human-readable reason strings describing validation failures. Must return an empty list when the values are valid. Reasons from multiple validators are concatenated by the caller, so each reason must stand alone without context from the others.

Return type:

list[str]

Notes

Implementations must not raise on invalid input — all failures are reported via the returned list. Reason strings are surfaced verbatim in ValidationError messages, so phrasing and punctuation should be stable across releases.

class octodns.record.sshfp.SshfpValueBestPracticeValidator(id, sets=None)[source]

Bases: ValueValidator

Checks that SSHFP records use SHA-256 (fingerprint_type 2) rather than the deprecated SHA-1 (fingerprint_type 1).

SHA-1 is cryptographically weak; RFC 8709 formalises Ed25519 support and operational guidance consistently recommends SHA-256 fingerprints.

Enabled as part of the best-practice validator set:

manager:
  enabled:
    - best-practice
validate(value_cls, data, _type)[source]

Validate a record’s rdata values.

Parameters:

  • value_cls (type) – The concrete value class being validated (e.g. MxValue, _Ipv4Value). Validators that need access to value class-level attributes (e.g. VALID_ALGORITHMS, _address_type) should read them from value_cls. Per-instance configuration should live on self, not on value_cls.

  • data (list | tuple | str | dict) – The rdata to validate. For multi-value record types this is a list/tuple of value dicts or strings; for single-value types it may be a bare value. Most validators iterate data directly — when a validator needs to accept either form it should normalize with if not isinstance(data, (list, tuple)): data = (data,).

  • _type (str) – The record type string (e.g. 'MX', 'A'). Passed through to helpers like _check_target_format which format it into their reason strings.

Returns:

A list of human-readable reason strings describing validation failures. Must return an empty list when the values are valid. Reasons from multiple validators are concatenated by the caller, so each reason must stand alone without context from the others.

Return type:

list[str]

Notes

Implementations must not raise on invalid input — all failures are reported via the returned list. Reason strings are surfaced verbatim in ValidationError messages, so phrasing and punctuation should be stable across releases.

class octodns.record.sshfp.SshfpValue(value)[source]

Bases: EqualityTupleMixin, dict

VALID_ALGORITHMS = (1, 2, 3, 4)
VALID_FINGERPRINT_TYPES = (1, 2)
VALIDATORS = [<octodns.record.sshfp.SshfpValueValidator object>, <octodns.record.sshfp.SshfpValueRfcValidator object>, <octodns.record.sshfp.SshfpValueBestPracticeValidator object>]
classmethod _schema()[source]
classmethod parse_rdata_text(value)[source]
classmethod process(values)[source]
__init__(value)[source]
property algorithm
property fingerprint_type
property fingerprint
property data
property rdata_text
template(params)[source]
_equality_tuple()[source]
__repr__()[source]

Return repr(self).

class octodns.record.sshfp.SshfpRecord(zone, name, data, source=None, context=None)[source]

Bases: ValuesMixin, Record

REFERENCES = ('https://datatracker.ietf.org/doc/html/rfc4255', 'https://datatracker.ietf.org/doc/html/rfc6594', 'https://datatracker.ietf.org/doc/html/rfc7479', 'https://datatracker.ietf.org/doc/html/rfc8709')
_type = 'SSHFP'
_value_type

alias of SshfpValue