-public class DnsSecVerifier
-{
- public static final int UNKNOWN = 0;
- public static final int RSA = 1;
- public static final int DSA = 2;
-
- /**
- * This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
- * algorithm identifiers.
- */
- private HashMap<Integer, AlgEntry> mAlgorithmMap;
-
- private static class AlgEntry
- {
- public String jcaName;
- public boolean isDSA;
- public int dnssecAlg;
-
- public AlgEntry(String name, int dnssecAlg, boolean isDSA)
- {
- jcaName = name;
- this.dnssecAlg = dnssecAlg;
- this.isDSA = isDSA;
- }
- }
-
- public DnsSecVerifier()
- {
- mAlgorithmMap = new HashMap<Integer, AlgEntry>();
-
- // set the default algorithm map.
- mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry("MD5withRSA",
- DNSSEC.RSAMD5, false));
- mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA", DNSSEC.DSA,
- true));
- mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry(
- "SHA1withRSA", DNSSEC.RSASHA1, false));
- }
-
- private boolean isDSA(int algorithm)
- {
- // shortcut the standard algorithms
- if (algorithm == DNSSEC.DSA) return true;
- if (algorithm == DNSSEC.RSASHA1) return false;
- if (algorithm == DNSSEC.RSAMD5) return false;
-
- AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
- if (entry != null) return entry.isDSA;
- return false;
- }
-
- public void init(Properties config)
- {
- if (config == null) return;
-
- // Algorithm configuration
-
- // For now, we just accept new identifiers for existing algoirthms.
- // FIXME: handle private identifiers.
- List<Util.ConfigEntry> aliases = Util.parseConfigPrefix(config, "dns.algorithm.");
-
- for (Util.ConfigEntry entry : aliases) {
- Integer alg_alias = new Integer(Util.parseInt(entry.key, -1));
- Integer alg_orig = new Integer(Util.parseInt(entry.value, -1));
-
- if (!mAlgorithmMap.containsKey(alg_orig))
- {
-// log.warn("Unable to alias " + alg_alias + " to unknown algorithm "
-// + alg_orig);
- continue;
- }
-
- if (mAlgorithmMap.containsKey(alg_alias))
- {
-// log.warn("Algorithm alias " + alg_alias
-// + " is already defined and cannot be redefined");
- continue;
- }
-
- mAlgorithmMap.put(alg_alias, mAlgorithmMap.get(alg_orig));
+public class DnsSecVerifier {
+ public static final int UNKNOWN = 0;
+ public static final int RSA = 1;
+ public static final int DSA = 2;
+ private Logger log = Logger.getLogger(this.getClass());
+
+ /**
+ * This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
+ * algorithm identifiers.
+ */
+ private HashMap<Integer, AlgEntry> mAlgorithmMap;
+
+ public DnsSecVerifier() {
+ mAlgorithmMap = new HashMap<Integer, AlgEntry>();
+
+ // set the default algorithm map.
+ mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5),
+ new AlgEntry("MD5withRSA", DNSSEC.RSAMD5, false));
+ mAlgorithmMap.put(new Integer(DNSSEC.DSA),
+ new AlgEntry("SHA1withDSA", DNSSEC.DSA, true));
+ mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1),
+ new AlgEntry("SHA1withRSA", DNSSEC.RSASHA1, false));
+ mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1),
+ new AlgEntry("SHA1withDSA", DNSSEC.DSA, true));
+ mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1),
+ new AlgEntry("SHA1withRSA", DNSSEC.RSASHA1, false));
+ mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256),
+ new AlgEntry("SHA256withRSA", DNSSEC.RSASHA256, false));
+ mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512),
+ new AlgEntry("SHA512withRSA", DNSSEC.RSASHA512, false));