net: add DNSSEC tool and CNAME support.

This change adds support for DNSSEC chains with CNAMEs. I.e. it's not
possible to prove records about $domain where $domain is a CNAME.

It also adds a tiny, standalone tool to run the verification code from
the command line.

BUG=none
TEST=net_unittests

http://codereview.chromium.org/3301015/show

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58986 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 3 deletions

diff --git a/net/base/dnssec_chain_verifier.h b/net/base/dnssec_chain_verifier.h
index 096dea1..d896c6c 100644
--- a/net/base/dnssec_chain_verifier.h
+++ b/net/base/dnssec_chain_verifier.h
@@ -96,14 +96,17 @@ class DNSSECChainVerifier {
   Error LeaveZone(base::StringPiece* next_name);
   Error ReadDSSet(std::vector<base::StringPiece>*,
                   const base::StringPiece& next_name);
-  Error ReadCERTs(std::vector<base::StringPiece>*);
-
+  Error ReadGenericRRs(std::vector<base::StringPiece>*);
+  Error ReadCNAME(std::vector<base::StringPiece>*);
 
   Zone* current_zone_;
-  const std::string target_;
+  std::string target_;
   base::StringPiece chain_;
   bool ignore_timestamps_;
   bool valid_;
+  // already_entered_zone_ is set to true when we unwind a Zone chain and start
+  // off from a point where we have already entered a zone.
+  bool already_entered_zone_;
   uint16 rrtype_;
   std::vector<base::StringPiece> rrdatas_;
   // A list of pointers which need to be free()ed on destruction.