fix warnings and findbugs hints
This commit is contained in:
davidb
parent
6ae8eb27da
commit
df70e41643
|
|
@ -957,9 +957,9 @@ public class CaptiveValidator {
|
|||
|
||||
break;
|
||||
|
||||
case NODATA:
|
||||
log.trace("Validating a NODATA response");
|
||||
validateNodataResponse(message, key_rrset, mErrorList);
|
||||
case NODATA:
|
||||
log.trace("Validating a NODATA response");
|
||||
validateNodataResponse(message, key_rrset, mErrorList);
|
||||
|
||||
break;
|
||||
|
||||
|
|
|
|||
|
|
@ -46,28 +46,35 @@ public class DnsSecVerifier {
|
|||
private Logger log = Logger.getLogger(this.getClass());
|
||||
|
||||
/**
|
||||
* This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
|
||||
* algorithm identifiers.
|
||||
* This is a mapping of DNSSEC algorithm numbers to JCA algorithm
|
||||
* identifiers.
|
||||
*/
|
||||
private HashMap<Integer, AlgEntry> mAlgorithmMap;
|
||||
|
||||
/**
|
||||
* This is a mapping of DNSSEC private (DNS name) identifiers to JCA
|
||||
* algorithm identifiers.
|
||||
*/
|
||||
private HashMap<Name, AlgEntry> mPrivateAlgorithmMap;
|
||||
|
||||
public DnsSecVerifier() {
|
||||
mAlgorithmMap = new HashMap<Integer, AlgEntry>();
|
||||
mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
|
||||
|
||||
// set the default algorithm map.
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry(
|
||||
"MD5withRSA", DNSSEC.RSAMD5, false));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
|
||||
DNSSEC.DSA, true));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry(
|
||||
"SHA1withRSA", DNSSEC.RSASHA1, false));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
|
||||
"SHA1withDSA", DNSSEC.DSA, true));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
|
||||
"SHA1withRSA", DNSSEC.RSASHA1, false));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry(
|
||||
"SHA256withRSA", DNSSEC.RSASHA256, false));
|
||||
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512), new AlgEntry(
|
||||
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry(
|
||||
"SHA512withRSA", DNSSEC.RSASHA512, false));
|
||||
}
|
||||
|
||||
|
|
@ -85,7 +92,7 @@ public class DnsSecVerifier {
|
|||
return false;
|
||||
}
|
||||
|
||||
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
|
||||
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
|
||||
|
||||
if (entry != null) {
|
||||
return entry.isDSA;
|
||||
|
|
@ -107,8 +114,8 @@ public class DnsSecVerifier {
|
|||
"dns.algorithm.");
|
||||
|
||||
for (Util.ConfigEntry entry : aliases) {
|
||||
Integer alg_alias = new Integer(Util.parseInt(entry.key, -1));
|
||||
Integer alg_orig = new Integer(Util.parseInt(entry.value, -1));
|
||||
Integer alg_alias = Integer.valueOf(Util.parseInt(entry.key, -1));
|
||||
Integer alg_orig = Integer.valueOf(Util.parseInt(entry.value, -1));
|
||||
|
||||
if (!mAlgorithmMap.containsKey(alg_orig)) {
|
||||
log.warn("Unable to alias " + alg_alias
|
||||
|
|
@ -152,7 +159,7 @@ public class DnsSecVerifier {
|
|||
* @return A List contains a one or more DNSKEYRecord objects, or null if a
|
||||
* matching DNSKEY could not be found.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
|
||||
if (!signature.getSigner().equals(dnskey_rrset.getName())) {
|
||||
log.trace("findKey: could not find appropriate key because "
|
||||
|
|
@ -236,7 +243,7 @@ public class DnsSecVerifier {
|
|||
}
|
||||
|
||||
public PublicKey parseDNSKEY(DNSKEYRecord key) {
|
||||
AlgEntry ae = (AlgEntry) mAlgorithmMap.get(new Integer(key
|
||||
AlgEntry ae = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(key
|
||||
.getAlgorithm()));
|
||||
|
||||
if (key.getAlgorithm() != ae.dnssecAlg) {
|
||||
|
|
@ -361,7 +368,7 @@ public class DnsSecVerifier {
|
|||
* @return SecurityStatus.SECURE if the rrest verified positively,
|
||||
* SecurityStatus.BOGUS otherwise.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
public byte verify(RRset rrset, RRset key_rrset) {
|
||||
Iterator i = rrset.sigs();
|
||||
|
||||
|
|
@ -397,7 +404,7 @@ public class DnsSecVerifier {
|
|||
* The DNSKEY to verify with.
|
||||
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
public byte verify(RRset rrset, DNSKEYRecord dnskey) {
|
||||
// Iterate over RRSIGS
|
||||
Iterator i = rrset.sigs();
|
||||
|
|
@ -429,11 +436,11 @@ public class DnsSecVerifier {
|
|||
}
|
||||
|
||||
public boolean supportsAlgorithm(int algorithm) {
|
||||
return mAlgorithmMap.containsKey(new Integer(algorithm));
|
||||
return mAlgorithmMap.containsKey(Integer.valueOf(algorithm));
|
||||
}
|
||||
|
||||
public boolean supportsAlgorithm(Name private_id) {
|
||||
return mAlgorithmMap.containsKey(private_id);
|
||||
return mPrivateAlgorithmMap.containsKey(private_id);
|
||||
}
|
||||
|
||||
public int baseAlgorithm(int algorithm) {
|
||||
|
|
@ -446,7 +453,7 @@ public class DnsSecVerifier {
|
|||
return DSA;
|
||||
}
|
||||
|
||||
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
|
||||
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
|
||||
|
||||
if (entry == null) {
|
||||
return UNKNOWN;
|
||||
|
|
@ -465,7 +472,7 @@ public class DnsSecVerifier {
|
|||
|
||||
try {
|
||||
AlgEntry entry = (AlgEntry) mAlgorithmMap
|
||||
.get(new Integer(algorithm));
|
||||
.get(Integer.valueOf(algorithm));
|
||||
|
||||
if (entry == null) {
|
||||
log.info("DNSSEC algorithm " + algorithm + " not recognized.");
|
||||
|
|
|
|||
|
|
@ -137,17 +137,6 @@ public class NSEC3ValUtils {
|
|||
}
|
||||
}
|
||||
|
||||
private static byte[] hash(Name name, NSEC3Record nsec3) {
|
||||
try {
|
||||
return nsec3.hashName(name);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
st_log.warn("Did not recognize hash algorithm: "
|
||||
+ nsec3.getHashAlgorithm());
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Given the name of a closest encloser, return the name *.closest_encloser.
|
||||
*
|
||||
|
|
@ -458,7 +447,7 @@ public class NSEC3ValUtils {
|
|||
return -1;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
private static boolean validIterations(NSEC3Parameters nsec3params,
|
||||
RRset dnskey_rrset, DnsSecVerifier verifier) {
|
||||
// for now, we return the maximum iterations based simply on the key
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import java.util.*;
|
|||
* A version of the RRset class overrides the standard security status.
|
||||
*/
|
||||
public class SRRset extends RRset {
|
||||
private static final long serialVersionUID = 1L;
|
||||
private SecurityStatus mSecurityStatus;
|
||||
|
||||
/** Create a new, blank SRRset. */
|
||||
|
|
@ -43,7 +44,7 @@ public class SRRset extends RRset {
|
|||
* Create a new SRRset from an existing RRset. This SRRset will contain that
|
||||
* same internal Record objects as the original RRset.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
public SRRset(RRset r) {
|
||||
this();
|
||||
|
||||
|
|
|
|||
|
|
@ -23,12 +23,16 @@
|
|||
|
||||
package com.verisign.tat.dnssec;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* Codes for DNSSEC security statuses.
|
||||
*
|
||||
* @author davidb
|
||||
*/
|
||||
public class SecurityStatus {
|
||||
public class SecurityStatus implements Serializable {
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
public static final byte INVALID = -1;
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ import org.xbill.DNS.utils.base64;
|
|||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.Serializable;
|
||||
|
||||
import java.security.SignatureException;
|
||||
import java.security.interfaces.DSAParams;
|
||||
|
|
@ -178,7 +179,7 @@ public class SignUtils {
|
|||
* @return the canonical wire line format of the rrset. This is the second
|
||||
* part of data to be signed.
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
|
||||
int labels) {
|
||||
DNSOutput image = new DNSOutput();
|
||||
|
|
@ -456,7 +457,8 @@ public class SignUtils {
|
|||
* useful for comparing RDATA portions of DNS records in doing DNSSEC
|
||||
* canonical ordering.
|
||||
*/
|
||||
public static class ByteArrayComparator implements Comparator<byte[]> {
|
||||
public static class ByteArrayComparator implements Comparator<byte[]>, Serializable {
|
||||
private static final long serialVersionUID = 1L;
|
||||
private int mOffset = 0;
|
||||
private boolean mDebug = false;
|
||||
|
||||
|
|
|
|||
|
|
@ -339,7 +339,7 @@ public class ValUtils {
|
|||
return false;
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
@SuppressWarnings("rawtypes")
|
||||
public static RRSIGRecord rrsetFirstSig(RRset rrset) {
|
||||
for (Iterator i = rrset.sigs(); i.hasNext();) {
|
||||
return (RRSIGRecord) i.next();
|
||||
|
|
|
|||
Loading…
Reference in New Issue