davidb/captive-validator
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add error_file, count options; configure log4j so it stops whining; eclipse formatting madness

Browse Source
This commit is contained in:
davidb 2010-06-10 14:54:39 -04:00
parent fe4179ad39
commit 7a15f36b17
4 changed files with 103 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.settings/org.eclipse.jdt.core.prefs
View File

@ -1,11 +1,11 @@
#Mon May 31 12:14:23 EDT 2010 #Thu Jun 10 13:45:36 EDT 2010
eclipse.preferences.version=1 eclipse.preferences.version=1
org.eclipse.jdt.core.formatter.align_type_members_on_columns=false org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=0
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=0
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=0
org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=0
org.eclipse.jdt.core.formatter.alignment_for_assignment=0 org.eclipse.jdt.core.formatter.alignment_for_assignment=0
org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
org.eclipse.jdt.core.formatter.alignment_for_compact_if=16 org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
@ -15,7 +15,7 @@ org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=16 org.eclipse.jdt.core.formatter.alignment_for_selector_in_method_invocation=0
org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_superclass_in_type_declaration=16
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_enum_declaration=16
org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16 org.eclipse.jdt.core.formatter.alignment_for_superinterfaces_in_type_declaration=16

2
build.xml
View File

@ -45,7 +45,7 @@
<zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" /> <zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" />
<zipfileset src="${lib.dir}/log4j-1.2.15.jar" /> <zipfileset src="${lib.dir}/log4j-1.2.15.jar" />
<zipfileset dir="${lib.dir}" prefix="lib" includes="**/*.properties" />
<manifest> <manifest>
<attribute name="Main-Class" <attribute name="Main-Class"
value="com.verisign.cl.DNSSECReconciler" /> value="com.verisign.cl.DNSSECReconciler" />

24
lib/log4j.properties Normal file
View File

@ -0,0 +1,24 @@
####################################################################
#
# L O G 4 j A P P E N D E R s
#
###################################################################
###################
# Write Output to Console (aka TTY)
#
log4j.appender.console=org.apache.log4j.ConsoleAppender
log4j.appender.console.layout=org.apache.log4j.PatternLayout
log4j.appender.console.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
####################################################################
#
# R O O T D E B U G G I N G L E V E L
#
###################################################################
######################
# Set root logger level to an (Appender)
#
log4j.rootLogger=FATAL, console

98
src/com/verisign/cl/DNSSECReconciler.java
View File

@ -1,15 +1,15 @@
package com.verisign.cl; package com.verisign.cl;
import java.io.BufferedReader; import java.io.*;
import java.io.FileReader;
import java.io.IOException;
import java.net.SocketTimeoutException; import java.net.SocketTimeoutException;
import java.util.*; import java.util.*;
import org.apache.log4j.PropertyConfigurator;
import org.xbill.DNS.*; import org.xbill.DNS.*;
import com.verisign.tat.dnssec.CaptiveValidator; import com.verisign.tat.dnssec.CaptiveValidator;
import com.verisign.tat.dnssec.SecurityStatus; import com.verisign.tat.dnssec.SecurityStatus;
import com.verisign.tat.dnssec.Util;
public class DNSSECReconciler { public class DNSSECReconciler {
@ -21,6 +21,7 @@ public class DNSSECReconciler {
private SimpleResolver resolver; private SimpleResolver resolver;
private BufferedReader queryStream; private BufferedReader queryStream;
private PrintStream errorStream;
private Set<Name> zoneNames; private Set<Name> zoneNames;
// Options // Options
@ -29,6 +30,8 @@ public class DNSSECReconciler {
public String queryFile; public String queryFile;
public String dnskeyFile; public String dnskeyFile;
public List<String> dnskeyNames; public List<String> dnskeyNames;
public String errorFile;
public long count = 0;
DNSSECReconciler() { DNSSECReconciler() {
validator = new CaptiveValidator(); validator = new CaptiveValidator();
@ -62,6 +65,7 @@ public class DNSSECReconciler {
for (int i = 1; i < tokens.length; i++) { for (int i = 1; i < tokens.length; i++) {
if (tokens[i].startsWith("+")) { if (tokens[i].startsWith("+")) {
// For now, we ignore flags as uninteresting // For now, we ignore flags as uninteresting
// All queries will get the DO bit anyway
continue; continue;
} }
@ -83,8 +87,7 @@ public class DNSSECReconciler {
qclass = DClass.IN; qclass = DClass.IN;
} }
Message query = Message Message query = Message.newQuery(Record.newRecord(qname, qtype, qclass));
.newQuery(Record.newRecord(qname, qtype, qclass));
return query; return query;
} }
@ -134,7 +137,7 @@ public class DNSSECReconciler {
for (String key : validator.listTrustedKeys()) { for (String key : validator.listTrustedKeys()) {
String[] components = key.split("/"); String[] components = key.split("/");
Name keyname = Name.fromString(components[0]); Name keyname = Name.fromString(components[0]);
if (! keyname.isAbsolute()) { if (!keyname.isAbsolute()) {
keyname = Name.concatenate(keyname, Name.root); keyname = Name.concatenate(keyname, Name.root);
} }
zoneNames.add(keyname); zoneNames.add(keyname);
@ -156,17 +159,21 @@ public class DNSSECReconciler {
try { try {
return resolver.send(query); return resolver.send(query);
} catch (SocketTimeoutException e) { } catch (SocketTimeoutException e) {
System.err.println("Error: timed out querying " + server + " for " + queryToString(query)); System.err.println("Error: timed out querying " + server + " for "
+ queryToString(query));
} catch (IOException e) { } catch (IOException e) {
System.err.println("Error: error querying " + server + " for " + queryToString(query) + ":" + e.getMessage()); System.err.println("Error: error querying " + server + " for "
+ queryToString(query) + ":" + e.getMessage());
} }
return null; return null;
} }
private String queryToString(Message query) { private String queryToString(Message query) {
if (query == null) return null; if (query == null)
return null;
Record question = query.getQuestion(); Record question = query.getQuestion();
return question.getName() + "/" + Type.string(question.getType()) + "/" + DClass.string(question.getDClass()); return question.getName() + "/" + Type.string(question.getType()) + "/"
+ DClass.string(question.getDClass());
} }
public void execute() throws IOException { public void execute() throws IOException {
@ -174,6 +181,13 @@ public class DNSSECReconciler {
resolver = new SimpleResolver(server); resolver = new SimpleResolver(server);
resolver.setEDNS(0, 4096, Flags.DO, null); resolver.setEDNS(0, 4096, Flags.DO, null);
// Create our DNSSEC error stream
if (errorFile != null) {
errorStream = new PrintStream(new FileOutputStream(errorFile, true));
} else {
errorStream = System.out;
}
// Prime the validator // Prime the validator
if (dnskeyFile != null) { if (dnskeyFile != null) {
validator.addTrustedKeysFromFile(dnskeyFile); validator.addTrustedKeysFromFile(dnskeyFile);
@ -192,7 +206,9 @@ public class DNSSECReconciler {
// Iterate over all queries // Iterate over all queries
Message query = nextQuery(); Message query = nextQuery();
long count = 0; long total = 0;
long validCount = 0;
long errorCount = 0;
while (query != null) { while (query != null) {
@ -211,53 +227,63 @@ public class DNSSECReconciler {
switch (result) { switch (result) {
case SecurityStatus.BOGUS: case SecurityStatus.BOGUS:
case SecurityStatus.INVALID: case SecurityStatus.INVALID:
System.out.println("BOGUS Answer:"); errorStream.println("BOGUS Answer:");
System.out.println("Query: " + queryToString(query)); errorStream.println("Query: " + queryToString(query));
System.out.println("Response:\n" + response); errorStream.println("Response:\n" + response);
for (String err : validator.getErrorList()) { for (String err : validator.getErrorList()) {
System.out.println("Error: " + err); errorStream.println("Error: " + err);
} }
System.out.println(""); errorStream.println("");
errorCount++;
break; break;
case SecurityStatus.INSECURE: case SecurityStatus.INSECURE:
case SecurityStatus.INDETERMINATE: case SecurityStatus.INDETERMINATE:
case SecurityStatus.UNCHECKED: case SecurityStatus.UNCHECKED:
System.out.println("Insecure Answer:"); errorStream.println("Insecure Answer:");
System.out.println("Query: " + queryToString(query)); errorStream.println("Query: " + queryToString(query));
System.out.println("Response:\n" + response); errorStream.println("Response:\n" + response);
for (String err : validator.getErrorList()) { for (String err : validator.getErrorList()) {
System.out.println("Error: " + err); errorStream.println("Error: " + err);
} }
errorCount++;
break; break;
case SecurityStatus.SECURE: case SecurityStatus.SECURE:
validCount++;
break; break;
} }
if (++count % 1000 == 0) { if (++total % 1000 == 0) {
System.out.println("Completed " + count + " queries."); System.out.println("Completed " + total + " queries: "
+ validCount + " valid, " + errorCount + " errors.");
}
if (count > 0 && total >= count) {
break;
} }
query = nextQuery(); query = nextQuery();
} }
System.out.println("Completed " + count + (count > 1 ? " queries" : " query")); System.out.println("Completed " + total
+ (total > 1 ? " queries" : " query") +
": " + validCount + " valid, " + errorCount + " errors.");
} }
private static void usage() { private static void usage() {
System.err System.err.println("usage: java -jar dnssecreconiler.jar [..options..]");
.println("usage: java -jar dnssecreconiler.jar [..options..]");
System.err.println(" server: the DNS server to query."); System.err.println(" server: the DNS server to query.");
System.err.println(" query: a name [type [flags]] string."); System.err.println(" query: a name [type [flags]] string.");
System.err System.err.println(" query_file: a list of queries, one query per line.");
.println(" query_file: a list of queries, one query per line."); System.err.println(" count: send up to'count' queries, then stop.");
System.err System.err.println(" dnskey_file: a file containing DNSKEY RRs to trust.");
.println(" dnskey_file: a file containing DNSKEY RRs to trust."); System.err.println(" dnskey_query: query 'server' for DNSKEY at given name to trust, may repeat");
System.err System.err.println(" error_file: write DNSSEC validation failure details to this file");
.println(" dnskey_query: query 'server' for DNSKEY at given name to trust, may repeat");
} }
public static void main(String[] argv) { public static void main(String[] argv) {
PropertyConfigurator.configure("lib/log4j.properties");
DNSSECReconciler dr = new DNSSECReconciler(); DNSSECReconciler dr = new DNSSECReconciler();
try { try {
@ -280,6 +306,10 @@ public class DNSSECReconciler {
dr.query = optarg; dr.query = optarg;
} else if (opt.equals("query_file")) { } else if (opt.equals("query_file")) {
dr.queryFile = optarg; dr.queryFile = optarg;
} else if (opt.equals("count")) {
dr.count = Util.parseInt(optarg, 0);
} else if (opt.equals("error_file")) {
dr.errorFile = optarg;
} else if (opt.equals("dnskey_file")) { } else if (opt.equals("dnskey_file")) {
dr.dnskeyFile = optarg; dr.dnskeyFile = optarg;
} else if (opt.equals("dnskey_query")) { } else if (opt.equals("dnskey_query")) {
@ -301,14 +331,12 @@ public class DNSSECReconciler {
System.exit(1); System.exit(1);
} }
if (dr.query == null && dr.queryFile == null) { if (dr.query == null && dr.queryFile == null) {
System.err System.err.println("Either 'query' or 'query_file' must be specified");
.println("Either 'query' or 'query_file' must be specified");
usage(); usage();
System.exit(1); System.exit(1);
} }
if (dr.dnskeyFile == null && dr.dnskeyNames == null) { if (dr.dnskeyFile == null && dr.dnskeyNames == null) {
System.err System.err.println("Either 'dnskey_file' or 'dnskey_query' must be specified");
.println("Either 'dnskey_file' or 'dnskey_query' must be specified");
usage(); usage();
System.exit(1); System.exit(1);
} }