// The local verification utility.
private DnsSecVerifier mVerifier;
- private Logger log = Logger.getLogger(this.getClass());
+ private Logger log = Logger.getLogger(this.getClass());
+ private List<String> mErrorList;
+
public CaptiveValidator() {
- mVerifier = new DnsSecVerifier();
- mValUtils = new ValUtils(mVerifier);
- mTrustedKeys = new TrustAnchorStore();
+ mVerifier = new DnsSecVerifier();
+ mValUtils = new ValUtils(mVerifier);
+ mTrustedKeys = new TrustAnchorStore();
+ mErrorList = new ArrayList<String>();
}
// ---------------- Module Initialization -------------------
* @param key_rrset
* The trusted DNSKEY rrset that signs this response.
*/
- private void validateNodataResponse(SMessage message, SRRset key_rrset) {
- Name qname = message.getQName();
- int qtype = message.getQType();
+ private void validateNodataResponse(SMessage message, SRRset key_rrset, List<String> errorList) {
+ Name qname = message.getQName();
+ int qtype = message.getQType();
- SMessage m = message;
+ SMessage m = message;
// Since we are here, there must be nothing in the ANSWER section to
// validate. (Note: CNAME/DNAME responses will not directly get here --
}
if (!hasValidNSEC) {
- log.debug("NODATA response failed to prove NODATA " +
- "status with NSEC/NSEC3");
+ log.debug("NODATA response failed to prove NODATA "
+ + "status with NSEC/NSEC3");
log.trace("Failed NODATA:\n" + m);
+ mErrorList.add("NODATA response failed to prove NODATA status with NSEC/NSEC3");
m.setStatus(SecurityStatus.BOGUS);
return;
* The trusted DNSKEY rrset that signs this response.
*/
private void validateNameErrorResponse(SMessage message, SRRset key_rrset) {
- Name qname = message.getQName();
+ Name qname = message.getQName();
- SMessage m = message;
+ SMessage m = message;
if (message.getCount(Section.ANSWER) > 0) {
- log
- .warn("NAME ERROR response contained records in the ANSWER SECTION");
+ log.warn(
+ "NameError response contained records in the ANSWER SECTION");
+ mErrorList.add("NameError response contained records in the ANSWER SECTION");
message.setStatus(SecurityStatus.INVALID);
return;
return SecurityStatus.BOGUS;
}
- ValUtils.ResponseType subtype = ValUtils.classifyResponse(message, zone);
+ ValUtils.ResponseType subtype = ValUtils
+ .classifyResponse(message, zone);
switch (subtype) {
- case POSITIVE:
- log.trace("Validating a positive response");
- validatePositiveResponse(message, key_rrset);
+ case POSITIVE:
+ log.trace("Validating a positive response");
+ validatePositiveResponse(message, key_rrset);
- break;
+ break;
- case REFERRAL:
- validateReferral(message, key_rrset);
+ case REFERRAL:
+ validateReferral(message, key_rrset);
- break;
+ break;
- case NODATA:
- log.trace("Validating a NODATA response");
- validateNodataResponse(message, key_rrset);
+ case NODATA:
+ log.trace("Validating a NODATA response");
+ validateNodataResponse(message, key_rrset, mErrorList);
- break;
+ break;
- case NAMEERROR:
- log.trace("Validating a NXDOMAIN response");
- validateNameErrorResponse(message, key_rrset);
+ case NAMEERROR:
+ log.trace("Validating a NXDOMAIN response");
+ validateNameErrorResponse(message, key_rrset);
- break;
+ break;
- case CNAME:
- log.trace("Validating a CNAME response");
- validateCNAMEResponse(message, key_rrset);
+ case CNAME:
+ log.trace("Validating a CNAME response");
+ validateCNAMEResponse(message, key_rrset);
- break;
+ break;
- case ANY:
- log.trace("Validating a positive ANY response");
- validateAnyResponse(message, key_rrset);
+ case ANY:
+ log.trace("Validating a positive ANY response");
+ validateAnyResponse(message, key_rrset);
- break;
+ break;
- default:
- log.error("unhandled response subtype: " + subtype);
+ default:
+ log.error("unhandled response subtype: " + subtype);
}
return message.getSecurityStatus().getStatus();
git://blacka.com / captive-validator.git / commitdiff