/*
- * $Id$
- *
- * Copyright (c) 2005 VeriSign, Inc. All rights reserved.
+ * Copyright (c) 2009 VeriSign, Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
* algorithm identifiers.
*/
- private HashMap mAlgorithmMap;
+ private HashMap<Integer, AlgEntry> mAlgorithmMap;
private static class AlgEntry
{
public DnsSecVerifier()
{
- mAlgorithmMap = new HashMap();
+ mAlgorithmMap = new HashMap<Integer, AlgEntry>();
// set the default algorithm map.
mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry("MD5withRSA",
// For now, we just accept new identifiers for existing algoirthms.
// FIXME: handle private identifiers.
- List aliases = Util.parseConfigPrefix(config, "dns.algorithm.");
-
- for (Iterator i = aliases.iterator(); i.hasNext();)
- {
- Util.ConfigEntry entry = (Util.ConfigEntry) i.next();
+ List<Util.ConfigEntry> aliases = Util.parseConfigPrefix(config, "dns.algorithm.");
+ for (Util.ConfigEntry entry : aliases) {
Integer alg_alias = new Integer(Util.parseInt(entry.key, -1));
Integer alg_orig = new Integer(Util.parseInt(entry.value, -1));
}
// for debugging purposes, log the entire algorithm map table.
- for (Iterator i = mAlgorithmMap.keySet().iterator(); i.hasNext(); )
- {
- Integer alg = (Integer) i.next();
- AlgEntry entry = (AlgEntry) mAlgorithmMap.get(alg);
+// for (Integer alg : mAlgorithmMap.keySet()) {
+// AlgEntry entry = mAlgorithmMap.get(alg);
// if (entry == null)
// log.warn("DNSSEC alg " + alg + " has a null entry!");
// else
// log.debug("DNSSEC alg " + alg + " maps to " + entry.jcaName
// + " (" + entry.dnssecAlg + ")");
- }
+// }
}
/**
* @return A List contains a one or more DNSKEYRecord objects, or null if a
* matching DNSKEY could not be found.
*/
- private List findKey(RRset dnskey_rrset, RRSIGRecord signature)
+ @SuppressWarnings("unchecked")
+private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature)
{
if (!signature.getSigner().equals(dnskey_rrset.getName()))
{
int keyid = signature.getFootprint();
int alg = signature.getAlgorithm();
- List res = new ArrayList(dnskey_rrset.size());
+ List<DNSKEYRecord> res = new ArrayList<DNSKEYRecord>(dnskey_rrset.size());
for (Iterator i = dnskey_rrset.rrs(); i.hasNext();)
{
byte result = checkSignature(rrset, sigrec);
if (result != SecurityStatus.SECURE) return result;
- List keys = findKey(key_rrset, sigrec);
+ List<DNSKEYRecord> keys = findKey(key_rrset, sigrec);
if (keys == null)
{
byte status = SecurityStatus.UNCHECKED;
- for (Iterator i = keys.iterator(); i.hasNext();)
- {
- DNSKEYRecord key = (DNSKEYRecord) i.next();
+ for (DNSKEYRecord key : keys) {
status = verifySignature(rrset, sigrec, key);
if (status == SecurityStatus.SECURE) break;
* @return SecurityStatus.SECURE if the rrest verified positively,
* SecurityStatus.BOGUS otherwise.
*/
- public byte verify(RRset rrset, RRset key_rrset)
+ @SuppressWarnings("unchecked")
+public byte verify(RRset rrset, RRset key_rrset)
{
Iterator i = rrset.sigs();
* @param dnskey The DNSKEY to verify with.
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
*/
- public byte verify(RRset rrset, DNSKEYRecord dnskey)
+ @SuppressWarnings("unchecked")
+public byte verify(RRset rrset, DNSKEYRecord dnskey)
{
// Iterate over RRSIGS
git://blacka.com / captive-validator.git / blobdiff