From: David Blacka Date: Wed, 9 Jun 2010 02:26:34 +0000 (-0400) Subject: address merge conflicts X-Git-Url: https://blacka.com/cgi-bin/gitweb.cgi?p=captive-validator.git;a=commitdiff_plain;h=5c433a06893ffcaf1379070b944d22c81bceed80 address merge conflicts --- 5c433a06893ffcaf1379070b944d22c81bceed80 diff --cc src/com/verisign/tat/dnssec/CaptiveValidator.java index 4ada2aa,be3c15b..07311ce --- a/src/com/verisign/tat/dnssec/CaptiveValidator.java +++ b/src/com/verisign/tat/dnssec/CaptiveValidator.java @@@ -47,12 -48,15 +47,15 @@@ public class CaptiveValidator // The local verification utility. private DnsSecVerifier mVerifier; - private Logger log = Logger.getLogger(this.getClass()); + private Logger log = Logger.getLogger(this.getClass()); + private List mErrorList; + public CaptiveValidator() { - mVerifier = new DnsSecVerifier(); - mValUtils = new ValUtils(mVerifier); - mTrustedKeys = new TrustAnchorStore(); + mVerifier = new DnsSecVerifier(); + mValUtils = new ValUtils(mVerifier); + mTrustedKeys = new TrustAnchorStore(); + mErrorList = new ArrayList(); } // ---------------- Module Initialization ------------------- @@@ -689,11 -697,11 +693,11 @@@ * @param key_rrset * The trusted DNSKEY rrset that signs this response. */ - private void validateNodataResponse(SMessage message, SRRset key_rrset) { - Name qname = message.getQName(); - int qtype = message.getQType(); + private void validateNodataResponse(SMessage message, SRRset key_rrset, List errorList) { + Name qname = message.getQName(); + int qtype = message.getQType(); - SMessage m = message; + SMessage m = message; // Since we are here, there must be nothing in the ANSWER section to // validate. (Note: CNAME/DNAME responses will not directly get here -- @@@ -783,9 -791,10 +787,10 @@@ } if (!hasValidNSEC) { - log.debug("NODATA response failed to prove NODATA " + - "status with NSEC/NSEC3"); + log.debug("NODATA response failed to prove NODATA " + + "status with NSEC/NSEC3"); log.trace("Failed NODATA:\n" + m); + mErrorList.add("NODATA response failed to prove NODATA status with NSEC/NSEC3"); m.setStatus(SecurityStatus.BOGUS); return; @@@ -813,13 -822,14 +818,14 @@@ * The trusted DNSKEY rrset that signs this response. */ private void validateNameErrorResponse(SMessage message, SRRset key_rrset) { - Name qname = message.getQName(); + Name qname = message.getQName(); - SMessage m = message; + SMessage m = message; if (message.getCount(Section.ANSWER) > 0) { - log - .warn("NAME ERROR response contained records in the ANSWER SECTION"); + log.warn( + "NameError response contained records in the ANSWER SECTION"); + mErrorList.add("NameError response contained records in the ANSWER SECTION"); message.setStatus(SecurityStatus.INVALID); return; @@@ -937,47 -947,46 +943,47 @@@ return SecurityStatus.BOGUS; } - ValUtils.ResponseType subtype = ValUtils.classifyResponse(message, zone); + ValUtils.ResponseType subtype = ValUtils + .classifyResponse(message, zone); switch (subtype) { - case POSITIVE: - log.trace("Validating a positive response"); - validatePositiveResponse(message, key_rrset); + case POSITIVE: + log.trace("Validating a positive response"); + validatePositiveResponse(message, key_rrset); - break; + break; - case REFERRAL: - validateReferral(message, key_rrset); + case REFERRAL: + validateReferral(message, key_rrset); - break; + break; - case NODATA: - log.trace("Validating a NODATA response"); - validateNodataResponse(message, key_rrset); + case NODATA: + log.trace("Validating a NODATA response"); + validateNodataResponse(message, key_rrset, mErrorList); - break; + break; - case NAMEERROR: - log.trace("Validating a NXDOMAIN response"); - validateNameErrorResponse(message, key_rrset); + case NAMEERROR: + log.trace("Validating a NXDOMAIN response"); + validateNameErrorResponse(message, key_rrset); - break; + break; - case CNAME: - log.trace("Validating a CNAME response"); - validateCNAMEResponse(message, key_rrset); + case CNAME: + log.trace("Validating a CNAME response"); + validateCNAMEResponse(message, key_rrset); - break; + break; - case ANY: - log.trace("Validating a positive ANY response"); - validateAnyResponse(message, key_rrset); + case ANY: + log.trace("Validating a positive ANY response"); + validateAnyResponse(message, key_rrset); - break; + break; - default: - log.error("unhandled response subtype: " + subtype); + default: + log.error("unhandled response subtype: " + subtype); } return message.getSecurityStatus().getStatus(); diff --cc src/com/verisign/tat/dnssec/NSEC3ValUtils.java index f0485b5,5d25c0a..b7f5386 --- a/src/com/verisign/tat/dnssec/NSEC3ValUtils.java +++ b/src/com/verisign/tat/dnssec/NSEC3ValUtils.java @@@ -240,11 -241,11 +241,10 @@@ public class NSEC3ValUtils if ((bac.compare(owner, hash) < 0) && (bac.compare(hash, next) < 0)) { return true; } - // this is the end of zone case: next < owner && hash > owner || hash < // next - if ((bac.compare(next, owner) <= 0) && - ((bac.compare(hash, next) < 0) || - (bac.compare(owner, hash) < 0))) { + if ((bac.compare(next, owner) <= 0) + && ((bac.compare(hash, next) < 0) || (bac.compare(owner, hash) < 0))) { return true; }