add error_file, count options; configure log4j so it stops whining; eclipse formatting madness
This commit is contained in:
parent
fe4179ad39
commit
7a15f36b17
@ -1,11 +1,11 @@
|
|||||||
#Mon May 31 12:14:23 EDT 2010
|
#Thu Jun 10 13:45:36 EDT 2010
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
|
org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
|
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
|
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
|
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
|
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
|
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_assignment=0
|
org.eclipse.jdt.core.formatter.alignment_for_assignment=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
|
org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
|
org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
|
||||||
@ -15,7 +15,7 @@ org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
|
|||||||
org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
|
org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
|
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
|
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16
|
org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=0
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
|
org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
|
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
|
||||||
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
|
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16
|
||||||
|
@ -45,7 +45,7 @@
|
|||||||
|
|
||||||
<zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" />
|
<zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" />
|
||||||
<zipfileset src="${lib.dir}/log4j-1.2.15.jar" />
|
<zipfileset src="${lib.dir}/log4j-1.2.15.jar" />
|
||||||
|
<zipfileset dir="${lib.dir}" prefix="lib" includes="**/*.properties" />
|
||||||
<manifest>
|
<manifest>
|
||||||
<attribute name="Main-Class"
|
<attribute name="Main-Class"
|
||||||
value="com.verisign.cl.DNSSECReconciler" />
|
value="com.verisign.cl.DNSSECReconciler" />
|
||||||
|
24
lib/log4j.properties
Normal file
24
lib/log4j.properties
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
|
||||||
|
####################################################################
|
||||||
|
#
|
||||||
|
# L O G 4 j A P P E N D E R s
|
||||||
|
#
|
||||||
|
###################################################################
|
||||||
|
|
||||||
|
###################
|
||||||
|
# Write Output to Console (aka TTY)
|
||||||
|
#
|
||||||
|
log4j.appender.console=org.apache.log4j.ConsoleAppender
|
||||||
|
log4j.appender.console.layout=org.apache.log4j.PatternLayout
|
||||||
|
log4j.appender.console.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
|
||||||
|
|
||||||
|
####################################################################
|
||||||
|
#
|
||||||
|
# R O O T D E B U G G I N G L E V E L
|
||||||
|
#
|
||||||
|
###################################################################
|
||||||
|
|
||||||
|
######################
|
||||||
|
# Set root logger level to an (Appender)
|
||||||
|
#
|
||||||
|
log4j.rootLogger=FATAL, console
|
@ -1,15 +1,15 @@
|
|||||||
package com.verisign.cl;
|
package com.verisign.cl;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
import java.io.*;
|
||||||
import java.io.FileReader;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.SocketTimeoutException;
|
import java.net.SocketTimeoutException;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
|
import org.apache.log4j.PropertyConfigurator;
|
||||||
import org.xbill.DNS.*;
|
import org.xbill.DNS.*;
|
||||||
|
|
||||||
import com.verisign.tat.dnssec.CaptiveValidator;
|
import com.verisign.tat.dnssec.CaptiveValidator;
|
||||||
import com.verisign.tat.dnssec.SecurityStatus;
|
import com.verisign.tat.dnssec.SecurityStatus;
|
||||||
|
import com.verisign.tat.dnssec.Util;
|
||||||
|
|
||||||
public class DNSSECReconciler {
|
public class DNSSECReconciler {
|
||||||
|
|
||||||
@ -21,6 +21,7 @@ public class DNSSECReconciler {
|
|||||||
private SimpleResolver resolver;
|
private SimpleResolver resolver;
|
||||||
|
|
||||||
private BufferedReader queryStream;
|
private BufferedReader queryStream;
|
||||||
|
private PrintStream errorStream;
|
||||||
private Set<Name> zoneNames;
|
private Set<Name> zoneNames;
|
||||||
|
|
||||||
// Options
|
// Options
|
||||||
@ -29,6 +30,8 @@ public class DNSSECReconciler {
|
|||||||
public String queryFile;
|
public String queryFile;
|
||||||
public String dnskeyFile;
|
public String dnskeyFile;
|
||||||
public List<String> dnskeyNames;
|
public List<String> dnskeyNames;
|
||||||
|
public String errorFile;
|
||||||
|
public long count = 0;
|
||||||
|
|
||||||
DNSSECReconciler() {
|
DNSSECReconciler() {
|
||||||
validator = new CaptiveValidator();
|
validator = new CaptiveValidator();
|
||||||
@ -62,6 +65,7 @@ public class DNSSECReconciler {
|
|||||||
for (int i = 1; i < tokens.length; i++) {
|
for (int i = 1; i < tokens.length; i++) {
|
||||||
if (tokens[i].startsWith("+")) {
|
if (tokens[i].startsWith("+")) {
|
||||||
// For now, we ignore flags as uninteresting
|
// For now, we ignore flags as uninteresting
|
||||||
|
// All queries will get the DO bit anyway
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -83,8 +87,7 @@ public class DNSSECReconciler {
|
|||||||
qclass = DClass.IN;
|
qclass = DClass.IN;
|
||||||
}
|
}
|
||||||
|
|
||||||
Message query = Message
|
Message query = Message.newQuery(Record.newRecord(qname, qtype, qclass));
|
||||||
.newQuery(Record.newRecord(qname, qtype, qclass));
|
|
||||||
|
|
||||||
return query;
|
return query;
|
||||||
}
|
}
|
||||||
@ -134,7 +137,7 @@ public class DNSSECReconciler {
|
|||||||
for (String key : validator.listTrustedKeys()) {
|
for (String key : validator.listTrustedKeys()) {
|
||||||
String[] components = key.split("/");
|
String[] components = key.split("/");
|
||||||
Name keyname = Name.fromString(components[0]);
|
Name keyname = Name.fromString(components[0]);
|
||||||
if (! keyname.isAbsolute()) {
|
if (!keyname.isAbsolute()) {
|
||||||
keyname = Name.concatenate(keyname, Name.root);
|
keyname = Name.concatenate(keyname, Name.root);
|
||||||
}
|
}
|
||||||
zoneNames.add(keyname);
|
zoneNames.add(keyname);
|
||||||
@ -156,17 +159,21 @@ public class DNSSECReconciler {
|
|||||||
try {
|
try {
|
||||||
return resolver.send(query);
|
return resolver.send(query);
|
||||||
} catch (SocketTimeoutException e) {
|
} catch (SocketTimeoutException e) {
|
||||||
System.err.println("Error: timed out querying " + server + " for " + queryToString(query));
|
System.err.println("Error: timed out querying " + server + " for "
|
||||||
|
+ queryToString(query));
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
System.err.println("Error: error querying " + server + " for " + queryToString(query) + ":" + e.getMessage());
|
System.err.println("Error: error querying " + server + " for "
|
||||||
|
+ queryToString(query) + ":" + e.getMessage());
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
private String queryToString(Message query) {
|
private String queryToString(Message query) {
|
||||||
if (query == null) return null;
|
if (query == null)
|
||||||
|
return null;
|
||||||
Record question = query.getQuestion();
|
Record question = query.getQuestion();
|
||||||
return question.getName() + "/" + Type.string(question.getType()) + "/" + DClass.string(question.getDClass());
|
return question.getName() + "/" + Type.string(question.getType()) + "/"
|
||||||
|
+ DClass.string(question.getDClass());
|
||||||
}
|
}
|
||||||
|
|
||||||
public void execute() throws IOException {
|
public void execute() throws IOException {
|
||||||
@ -174,6 +181,13 @@ public class DNSSECReconciler {
|
|||||||
resolver = new SimpleResolver(server);
|
resolver = new SimpleResolver(server);
|
||||||
resolver.setEDNS(0, 4096, Flags.DO, null);
|
resolver.setEDNS(0, 4096, Flags.DO, null);
|
||||||
|
|
||||||
|
// Create our DNSSEC error stream
|
||||||
|
if (errorFile != null) {
|
||||||
|
errorStream = new PrintStream(new FileOutputStream(errorFile, true));
|
||||||
|
} else {
|
||||||
|
errorStream = System.out;
|
||||||
|
}
|
||||||
|
|
||||||
// Prime the validator
|
// Prime the validator
|
||||||
if (dnskeyFile != null) {
|
if (dnskeyFile != null) {
|
||||||
validator.addTrustedKeysFromFile(dnskeyFile);
|
validator.addTrustedKeysFromFile(dnskeyFile);
|
||||||
@ -192,7 +206,9 @@ public class DNSSECReconciler {
|
|||||||
|
|
||||||
// Iterate over all queries
|
// Iterate over all queries
|
||||||
Message query = nextQuery();
|
Message query = nextQuery();
|
||||||
long count = 0;
|
long total = 0;
|
||||||
|
long validCount = 0;
|
||||||
|
long errorCount = 0;
|
||||||
|
|
||||||
while (query != null) {
|
while (query != null) {
|
||||||
|
|
||||||
@ -211,53 +227,63 @@ public class DNSSECReconciler {
|
|||||||
switch (result) {
|
switch (result) {
|
||||||
case SecurityStatus.BOGUS:
|
case SecurityStatus.BOGUS:
|
||||||
case SecurityStatus.INVALID:
|
case SecurityStatus.INVALID:
|
||||||
System.out.println("BOGUS Answer:");
|
errorStream.println("BOGUS Answer:");
|
||||||
System.out.println("Query: " + queryToString(query));
|
errorStream.println("Query: " + queryToString(query));
|
||||||
System.out.println("Response:\n" + response);
|
errorStream.println("Response:\n" + response);
|
||||||
for (String err : validator.getErrorList()) {
|
for (String err : validator.getErrorList()) {
|
||||||
System.out.println("Error: " + err);
|
errorStream.println("Error: " + err);
|
||||||
}
|
}
|
||||||
System.out.println("");
|
errorStream.println("");
|
||||||
|
errorCount++;
|
||||||
break;
|
break;
|
||||||
case SecurityStatus.INSECURE:
|
case SecurityStatus.INSECURE:
|
||||||
case SecurityStatus.INDETERMINATE:
|
case SecurityStatus.INDETERMINATE:
|
||||||
case SecurityStatus.UNCHECKED:
|
case SecurityStatus.UNCHECKED:
|
||||||
System.out.println("Insecure Answer:");
|
errorStream.println("Insecure Answer:");
|
||||||
System.out.println("Query: " + queryToString(query));
|
errorStream.println("Query: " + queryToString(query));
|
||||||
System.out.println("Response:\n" + response);
|
errorStream.println("Response:\n" + response);
|
||||||
for (String err : validator.getErrorList()) {
|
for (String err : validator.getErrorList()) {
|
||||||
System.out.println("Error: " + err);
|
errorStream.println("Error: " + err);
|
||||||
}
|
}
|
||||||
|
errorCount++;
|
||||||
break;
|
break;
|
||||||
case SecurityStatus.SECURE:
|
case SecurityStatus.SECURE:
|
||||||
|
validCount++;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (++count % 1000 == 0) {
|
if (++total % 1000 == 0) {
|
||||||
System.out.println("Completed " + count + " queries.");
|
System.out.println("Completed " + total + " queries: "
|
||||||
|
+ validCount + " valid, " + errorCount + " errors.");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (count > 0 && total >= count) {
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
query = nextQuery();
|
query = nextQuery();
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.println("Completed " + count + (count > 1 ? " queries" : " query"));
|
System.out.println("Completed " + total
|
||||||
|
+ (total > 1 ? " queries" : " query") +
|
||||||
|
": " + validCount + " valid, " + errorCount + " errors.");
|
||||||
}
|
}
|
||||||
|
|
||||||
private static void usage() {
|
private static void usage() {
|
||||||
System.err
|
System.err.println("usage: java -jar dnssecreconiler.jar [..options..]");
|
||||||
.println("usage: java -jar dnssecreconiler.jar [..options..]");
|
|
||||||
System.err.println(" server: the DNS server to query.");
|
System.err.println(" server: the DNS server to query.");
|
||||||
System.err.println(" query: a name [type [flags]] string.");
|
System.err.println(" query: a name [type [flags]] string.");
|
||||||
System.err
|
System.err.println(" query_file: a list of queries, one query per line.");
|
||||||
.println(" query_file: a list of queries, one query per line.");
|
System.err.println(" count: send up to'count' queries, then stop.");
|
||||||
System.err
|
System.err.println(" dnskey_file: a file containing DNSKEY RRs to trust.");
|
||||||
.println(" dnskey_file: a file containing DNSKEY RRs to trust.");
|
System.err.println(" dnskey_query: query 'server' for DNSKEY at given name to trust, may repeat");
|
||||||
System.err
|
System.err.println(" error_file: write DNSSEC validation failure details to this file");
|
||||||
.println(" dnskey_query: query 'server' for DNSKEY at given name to trust, may repeat");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void main(String[] argv) {
|
public static void main(String[] argv) {
|
||||||
|
|
||||||
|
PropertyConfigurator.configure("lib/log4j.properties");
|
||||||
|
|
||||||
DNSSECReconciler dr = new DNSSECReconciler();
|
DNSSECReconciler dr = new DNSSECReconciler();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -280,6 +306,10 @@ public class DNSSECReconciler {
|
|||||||
dr.query = optarg;
|
dr.query = optarg;
|
||||||
} else if (opt.equals("query_file")) {
|
} else if (opt.equals("query_file")) {
|
||||||
dr.queryFile = optarg;
|
dr.queryFile = optarg;
|
||||||
|
} else if (opt.equals("count")) {
|
||||||
|
dr.count = Util.parseInt(optarg, 0);
|
||||||
|
} else if (opt.equals("error_file")) {
|
||||||
|
dr.errorFile = optarg;
|
||||||
} else if (opt.equals("dnskey_file")) {
|
} else if (opt.equals("dnskey_file")) {
|
||||||
dr.dnskeyFile = optarg;
|
dr.dnskeyFile = optarg;
|
||||||
} else if (opt.equals("dnskey_query")) {
|
} else if (opt.equals("dnskey_query")) {
|
||||||
@ -301,14 +331,12 @@ public class DNSSECReconciler {
|
|||||||
System.exit(1);
|
System.exit(1);
|
||||||
}
|
}
|
||||||
if (dr.query == null && dr.queryFile == null) {
|
if (dr.query == null && dr.queryFile == null) {
|
||||||
System.err
|
System.err.println("Either 'query' or 'query_file' must be specified");
|
||||||
.println("Either 'query' or 'query_file' must be specified");
|
|
||||||
usage();
|
usage();
|
||||||
System.exit(1);
|
System.exit(1);
|
||||||
}
|
}
|
||||||
if (dr.dnskeyFile == null && dr.dnskeyNames == null) {
|
if (dr.dnskeyFile == null && dr.dnskeyNames == null) {
|
||||||
System.err
|
System.err.println("Either 'dnskey_file' or 'dnskey_query' must be specified");
|
||||||
.println("Either 'dnskey_file' or 'dnskey_query' must be specified");
|
|
||||||
usage();
|
usage();
|
||||||
System.exit(1);
|
System.exit(1);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user