git://blacka.com
/
captive-validator.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
6ae8eb2
)
fix warnings and findbugs hints
author
davidb
<davidb@verisign.com>
Fri, 25 Jun 2010 23:03:08 +0000
(19:03 -0400)
committer
davidb
<davidb@verisign.com>
Fri, 25 Jun 2010 23:03:08 +0000
(19:03 -0400)
src/com/verisign/tat/dnssec/CaptiveValidator.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/DnsSecVerifier.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/NSEC3ValUtils.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/SRRset.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/SecurityStatus.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/SignUtils.java
patch
|
blob
|
history
src/com/verisign/tat/dnssec/ValUtils.java
patch
|
blob
|
history
diff --git
a/src/com/verisign/tat/dnssec/CaptiveValidator.java
b/src/com/verisign/tat/dnssec/CaptiveValidator.java
index
74853de
..
9ee511a
100644
(file)
--- a/
src/com/verisign/tat/dnssec/CaptiveValidator.java
+++ b/
src/com/verisign/tat/dnssec/CaptiveValidator.java
@@
-957,9
+957,9
@@
public class CaptiveValidator {
break;
break;
-
case NODATA:
-
log.trace("Validating a NODATA response");
-
validateNodataResponse(message, key_rrset, mErrorList);
+ case NODATA:
+ log.trace("Validating a NODATA response");
+ validateNodataResponse(message, key_rrset, mErrorList);
break;
break;
diff --git
a/src/com/verisign/tat/dnssec/DnsSecVerifier.java
b/src/com/verisign/tat/dnssec/DnsSecVerifier.java
index
904558e
..
cff769f
100644
(file)
--- a/
src/com/verisign/tat/dnssec/DnsSecVerifier.java
+++ b/
src/com/verisign/tat/dnssec/DnsSecVerifier.java
@@
-46,28
+46,35
@@
public class DnsSecVerifier {
private Logger log = Logger.getLogger(this.getClass());
/**
private Logger log = Logger.getLogger(this.getClass());
/**
- * This is a mapping of DNSSEC algorithm numbers
/private identifiers to JCA
- *
algorithm
identifiers.
+ * This is a mapping of DNSSEC algorithm numbers
to JCA algorithm
+ * identifiers.
*/
private HashMap<Integer, AlgEntry> mAlgorithmMap;
*/
private HashMap<Integer, AlgEntry> mAlgorithmMap;
+ /**
+ * This is a mapping of DNSSEC private (DNS name) identifiers to JCA
+ * algorithm identifiers.
+ */
+ private HashMap<Name, AlgEntry> mPrivateAlgorithmMap;
+
public DnsSecVerifier() {
mAlgorithmMap = new HashMap<Integer, AlgEntry>();
public DnsSecVerifier() {
mAlgorithmMap = new HashMap<Integer, AlgEntry>();
+ mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
// set the default algorithm map.
// set the default algorithm map.
- mAlgorithmMap.put(
new Integer
(DNSSEC.RSAMD5), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.RSAMD5), new AlgEntry(
"MD5withRSA", DNSSEC.RSAMD5, false));
"MD5withRSA", DNSSEC.RSAMD5, false));
- mAlgorithmMap.put(
new Integer
(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
DNSSEC.DSA, true));
DNSSEC.DSA, true));
- mAlgorithmMap.put(
new Integer
(DNSSEC.RSASHA1), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.RSASHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false));
"SHA1withRSA", DNSSEC.RSASHA1, false));
- mAlgorithmMap.put(
new Integer
(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
"SHA1withDSA", DNSSEC.DSA, true));
"SHA1withDSA", DNSSEC.DSA, true));
- mAlgorithmMap.put(
new Integer
(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false));
"SHA1withRSA", DNSSEC.RSASHA1, false));
- mAlgorithmMap.put(
new Integer
(DNSSEC.RSASHA256), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.RSASHA256), new AlgEntry(
"SHA256withRSA", DNSSEC.RSASHA256, false));
"SHA256withRSA", DNSSEC.RSASHA256, false));
- mAlgorithmMap.put(
new Integer
(DNSSEC.RSASHA512), new AlgEntry(
+ mAlgorithmMap.put(
Integer.valueOf
(DNSSEC.RSASHA512), new AlgEntry(
"SHA512withRSA", DNSSEC.RSASHA512, false));
}
"SHA512withRSA", DNSSEC.RSASHA512, false));
}
@@
-85,7
+92,7
@@
public class DnsSecVerifier {
return false;
}
return false;
}
- AlgEntry entry = (AlgEntry) mAlgorithmMap.get(
new Integer
(algorithm));
+ AlgEntry entry = (AlgEntry) mAlgorithmMap.get(
Integer.valueOf
(algorithm));
if (entry != null) {
return entry.isDSA;
if (entry != null) {
return entry.isDSA;
@@
-107,8
+114,8
@@
public class DnsSecVerifier {
"dns.algorithm.");
for (Util.ConfigEntry entry : aliases) {
"dns.algorithm.");
for (Util.ConfigEntry entry : aliases) {
- Integer alg_alias =
new Integer
(Util.parseInt(entry.key, -1));
- Integer alg_orig =
new Integer
(Util.parseInt(entry.value, -1));
+ Integer alg_alias =
Integer.valueOf
(Util.parseInt(entry.key, -1));
+ Integer alg_orig =
Integer.valueOf
(Util.parseInt(entry.value, -1));
if (!mAlgorithmMap.containsKey(alg_orig)) {
log.warn("Unable to alias " + alg_alias
if (!mAlgorithmMap.containsKey(alg_orig)) {
log.warn("Unable to alias " + alg_alias
@@
-152,7
+159,7
@@
public class DnsSecVerifier {
* @return A List contains a one or more DNSKEYRecord objects, or null if a
* matching DNSKEY could not be found.
*/
* @return A List contains a one or more DNSKEYRecord objects, or null if a
* matching DNSKEY could not be found.
*/
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
if (!signature.getSigner().equals(dnskey_rrset.getName())) {
log.trace("findKey: could not find appropriate key because "
private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
if (!signature.getSigner().equals(dnskey_rrset.getName())) {
log.trace("findKey: could not find appropriate key because "
@@
-236,7
+243,7
@@
public class DnsSecVerifier {
}
public PublicKey parseDNSKEY(DNSKEYRecord key) {
}
public PublicKey parseDNSKEY(DNSKEYRecord key) {
- AlgEntry ae = (AlgEntry) mAlgorithmMap.get(
new Integer
(key
+ AlgEntry ae = (AlgEntry) mAlgorithmMap.get(
Integer.valueOf
(key
.getAlgorithm()));
if (key.getAlgorithm() != ae.dnssecAlg) {
.getAlgorithm()));
if (key.getAlgorithm() != ae.dnssecAlg) {
@@
-361,7
+368,7
@@
public class DnsSecVerifier {
* @return SecurityStatus.SECURE if the rrest verified positively,
* SecurityStatus.BOGUS otherwise.
*/
* @return SecurityStatus.SECURE if the rrest verified positively,
* SecurityStatus.BOGUS otherwise.
*/
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
public byte verify(RRset rrset, RRset key_rrset) {
Iterator i = rrset.sigs();
public byte verify(RRset rrset, RRset key_rrset) {
Iterator i = rrset.sigs();
@@
-397,7
+404,7
@@
public class DnsSecVerifier {
* The DNSKEY to verify with.
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
*/
* The DNSKEY to verify with.
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
*/
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
public byte verify(RRset rrset, DNSKEYRecord dnskey) {
// Iterate over RRSIGS
Iterator i = rrset.sigs();
public byte verify(RRset rrset, DNSKEYRecord dnskey) {
// Iterate over RRSIGS
Iterator i = rrset.sigs();
@@
-429,11
+436,11
@@
public class DnsSecVerifier {
}
public boolean supportsAlgorithm(int algorithm) {
}
public boolean supportsAlgorithm(int algorithm) {
- return mAlgorithmMap.containsKey(
new Integer
(algorithm));
+ return mAlgorithmMap.containsKey(
Integer.valueOf
(algorithm));
}
public boolean supportsAlgorithm(Name private_id) {
}
public boolean supportsAlgorithm(Name private_id) {
- return mAlgorithmMap.containsKey(private_id);
+ return m
Private
AlgorithmMap.containsKey(private_id);
}
public int baseAlgorithm(int algorithm) {
}
public int baseAlgorithm(int algorithm) {
@@
-446,7
+453,7
@@
public class DnsSecVerifier {
return DSA;
}
return DSA;
}
- AlgEntry entry = (AlgEntry) mAlgorithmMap.get(
new Integer
(algorithm));
+ AlgEntry entry = (AlgEntry) mAlgorithmMap.get(
Integer.valueOf
(algorithm));
if (entry == null) {
return UNKNOWN;
if (entry == null) {
return UNKNOWN;
@@
-465,7
+472,7
@@
public class DnsSecVerifier {
try {
AlgEntry entry = (AlgEntry) mAlgorithmMap
try {
AlgEntry entry = (AlgEntry) mAlgorithmMap
- .get(
new Integer
(algorithm));
+ .get(
Integer.valueOf
(algorithm));
if (entry == null) {
log.info("DNSSEC algorithm " + algorithm + " not recognized.");
if (entry == null) {
log.info("DNSSEC algorithm " + algorithm + " not recognized.");
diff --git
a/src/com/verisign/tat/dnssec/NSEC3ValUtils.java
b/src/com/verisign/tat/dnssec/NSEC3ValUtils.java
index
b7f5386
..
0678c5a
100644
(file)
--- a/
src/com/verisign/tat/dnssec/NSEC3ValUtils.java
+++ b/
src/com/verisign/tat/dnssec/NSEC3ValUtils.java
@@
-137,17
+137,6
@@
public class NSEC3ValUtils {
}
}
}
}
- private static byte[] hash(Name name, NSEC3Record nsec3) {
- try {
- return nsec3.hashName(name);
- } catch (NoSuchAlgorithmException e) {
- st_log.warn("Did not recognize hash algorithm: "
- + nsec3.getHashAlgorithm());
-
- return null;
- }
- }
-
/**
* Given the name of a closest encloser, return the name *.closest_encloser.
*
/**
* Given the name of a closest encloser, return the name *.closest_encloser.
*
@@
-458,7
+447,7
@@
public class NSEC3ValUtils {
return -1;
}
return -1;
}
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
private static boolean validIterations(NSEC3Parameters nsec3params,
RRset dnskey_rrset, DnsSecVerifier verifier) {
// for now, we return the maximum iterations based simply on the key
private static boolean validIterations(NSEC3Parameters nsec3params,
RRset dnskey_rrset, DnsSecVerifier verifier) {
// for now, we return the maximum iterations based simply on the key
diff --git
a/src/com/verisign/tat/dnssec/SRRset.java
b/src/com/verisign/tat/dnssec/SRRset.java
index
25fff0c
..
645c560
100644
(file)
--- a/
src/com/verisign/tat/dnssec/SRRset.java
+++ b/
src/com/verisign/tat/dnssec/SRRset.java
@@
-31,6
+31,7
@@
import java.util.*;
* A version of the RRset class overrides the standard security status.
*/
public class SRRset extends RRset {
* A version of the RRset class overrides the standard security status.
*/
public class SRRset extends RRset {
+ private static final long serialVersionUID = 1L;
private SecurityStatus mSecurityStatus;
/** Create a new, blank SRRset. */
private SecurityStatus mSecurityStatus;
/** Create a new, blank SRRset. */
@@
-43,7
+44,7
@@
public class SRRset extends RRset {
* Create a new SRRset from an existing RRset. This SRRset will contain that
* same internal Record objects as the original RRset.
*/
* Create a new SRRset from an existing RRset. This SRRset will contain that
* same internal Record objects as the original RRset.
*/
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
public SRRset(RRset r) {
this();
public SRRset(RRset r) {
this();
diff --git
a/src/com/verisign/tat/dnssec/SecurityStatus.java
b/src/com/verisign/tat/dnssec/SecurityStatus.java
index
a2f1e01
..
44b70b3
100644
(file)
--- a/
src/com/verisign/tat/dnssec/SecurityStatus.java
+++ b/
src/com/verisign/tat/dnssec/SecurityStatus.java
@@
-23,12
+23,16
@@
package com.verisign.tat.dnssec;
package com.verisign.tat.dnssec;
+import java.io.Serializable;
+
/**
* Codes for DNSSEC security statuses.
*
* @author davidb
*/
/**
* Codes for DNSSEC security statuses.
*
* @author davidb
*/
-public class SecurityStatus {
+public class SecurityStatus implements Serializable {
+ private static final long serialVersionUID = 1L;
+
public static final byte INVALID = -1;
/**
public static final byte INVALID = -1;
/**
diff --git
a/src/com/verisign/tat/dnssec/SignUtils.java
b/src/com/verisign/tat/dnssec/SignUtils.java
index
36a218d
..
e8cf963
100644
(file)
--- a/
src/com/verisign/tat/dnssec/SignUtils.java
+++ b/
src/com/verisign/tat/dnssec/SignUtils.java
@@
-35,6
+35,7
@@
import org.xbill.DNS.utils.base64;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.io.Serializable;
import java.security.SignatureException;
import java.security.interfaces.DSAParams;
import java.security.SignatureException;
import java.security.interfaces.DSAParams;
@@
-178,7
+179,7
@@
public class SignUtils {
* @return the canonical wire line format of the rrset. This is the second
* part of data to be signed.
*/
* @return the canonical wire line format of the rrset. This is the second
* part of data to be signed.
*/
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
int labels) {
DNSOutput image = new DNSOutput();
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
int labels) {
DNSOutput image = new DNSOutput();
@@
-456,7
+457,8
@@
public class SignUtils {
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
*/
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
*/
- public static class ByteArrayComparator implements Comparator<byte[]> {
+ public static class ByteArrayComparator implements Comparator<byte[]>, Serializable {
+ private static final long serialVersionUID = 1L;
private int mOffset = 0;
private boolean mDebug = false;
private int mOffset = 0;
private boolean mDebug = false;
diff --git
a/src/com/verisign/tat/dnssec/ValUtils.java
b/src/com/verisign/tat/dnssec/ValUtils.java
index
80dc0b7
..
9841149
100644
(file)
--- a/
src/com/verisign/tat/dnssec/ValUtils.java
+++ b/
src/com/verisign/tat/dnssec/ValUtils.java
@@
-339,7
+339,7
@@
public class ValUtils {
return false;
}
return false;
}
- @SuppressWarnings("
unchecked
")
+ @SuppressWarnings("
rawtypes
")
public static RRSIGRecord rrsetFirstSig(RRset rrset) {
for (Iterator i = rrset.sigs(); i.hasNext();) {
return (RRSIGRecord) i.next();
public static RRSIGRecord rrsetFirstSig(RRset rrset) {
for (Iterator i = rrset.sigs(); i.hasNext();) {
return (RRSIGRecord) i.next();