diff --git a/src/com/verisign/tat/dnssec/CaptiveValidator.java b/src/com/verisign/tat/dnssec/CaptiveValidator.java index 74853de..9ee511a 100644 --- a/src/com/verisign/tat/dnssec/CaptiveValidator.java +++ b/src/com/verisign/tat/dnssec/CaptiveValidator.java @@ -957,9 +957,9 @@ public class CaptiveValidator { break; - case NODATA: - log.trace("Validating a NODATA response"); - validateNodataResponse(message, key_rrset, mErrorList); + case NODATA: + log.trace("Validating a NODATA response"); + validateNodataResponse(message, key_rrset, mErrorList); break; diff --git a/src/com/verisign/tat/dnssec/DnsSecVerifier.java b/src/com/verisign/tat/dnssec/DnsSecVerifier.java index 904558e..cff769f 100644 --- a/src/com/verisign/tat/dnssec/DnsSecVerifier.java +++ b/src/com/verisign/tat/dnssec/DnsSecVerifier.java @@ -46,28 +46,35 @@ public class DnsSecVerifier { private Logger log = Logger.getLogger(this.getClass()); /** - * This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA - * algorithm identifiers. + * This is a mapping of DNSSEC algorithm numbers to JCA algorithm + * identifiers. */ private HashMap mAlgorithmMap; + /** + * This is a mapping of DNSSEC private (DNS name) identifiers to JCA + * algorithm identifiers. + */ + private HashMap mPrivateAlgorithmMap; + public DnsSecVerifier() { mAlgorithmMap = new HashMap(); + mPrivateAlgorithmMap = new HashMap(); // set the default algorithm map. - mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry( "MD5withRSA", DNSSEC.RSAMD5, false)); - mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA", + mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA", DNSSEC.DSA, true)); - mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry( "SHA1withRSA", DNSSEC.RSASHA1, false)); - mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry( "SHA1withDSA", DNSSEC.DSA, true)); - mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry( "SHA1withRSA", DNSSEC.RSASHA1, false)); - mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry( "SHA256withRSA", DNSSEC.RSASHA256, false)); - mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512), new AlgEntry( + mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry( "SHA512withRSA", DNSSEC.RSASHA512, false)); } @@ -85,7 +92,7 @@ public class DnsSecVerifier { return false; } - AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm)); if (entry != null) { return entry.isDSA; @@ -107,8 +114,8 @@ public class DnsSecVerifier { "dns.algorithm."); for (Util.ConfigEntry entry : aliases) { - Integer alg_alias = new Integer(Util.parseInt(entry.key, -1)); - Integer alg_orig = new Integer(Util.parseInt(entry.value, -1)); + Integer alg_alias = Integer.valueOf(Util.parseInt(entry.key, -1)); + Integer alg_orig = Integer.valueOf(Util.parseInt(entry.value, -1)); if (!mAlgorithmMap.containsKey(alg_orig)) { log.warn("Unable to alias " + alg_alias @@ -152,7 +159,7 @@ public class DnsSecVerifier { * @return A List contains a one or more DNSKEYRecord objects, or null if a * matching DNSKEY could not be found. */ - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") private List findKey(RRset dnskey_rrset, RRSIGRecord signature) { if (!signature.getSigner().equals(dnskey_rrset.getName())) { log.trace("findKey: could not find appropriate key because " @@ -236,7 +243,7 @@ public class DnsSecVerifier { } public PublicKey parseDNSKEY(DNSKEYRecord key) { - AlgEntry ae = (AlgEntry) mAlgorithmMap.get(new Integer(key + AlgEntry ae = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(key .getAlgorithm())); if (key.getAlgorithm() != ae.dnssecAlg) { @@ -361,7 +368,7 @@ public class DnsSecVerifier { * @return SecurityStatus.SECURE if the rrest verified positively, * SecurityStatus.BOGUS otherwise. */ - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") public byte verify(RRset rrset, RRset key_rrset) { Iterator i = rrset.sigs(); @@ -397,7 +404,7 @@ public class DnsSecVerifier { * The DNSKEY to verify with. * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise. */ - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") public byte verify(RRset rrset, DNSKEYRecord dnskey) { // Iterate over RRSIGS Iterator i = rrset.sigs(); @@ -429,11 +436,11 @@ public class DnsSecVerifier { } public boolean supportsAlgorithm(int algorithm) { - return mAlgorithmMap.containsKey(new Integer(algorithm)); + return mAlgorithmMap.containsKey(Integer.valueOf(algorithm)); } public boolean supportsAlgorithm(Name private_id) { - return mAlgorithmMap.containsKey(private_id); + return mPrivateAlgorithmMap.containsKey(private_id); } public int baseAlgorithm(int algorithm) { @@ -446,7 +453,7 @@ public class DnsSecVerifier { return DSA; } - AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); + AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm)); if (entry == null) { return UNKNOWN; @@ -465,7 +472,7 @@ public class DnsSecVerifier { try { AlgEntry entry = (AlgEntry) mAlgorithmMap - .get(new Integer(algorithm)); + .get(Integer.valueOf(algorithm)); if (entry == null) { log.info("DNSSEC algorithm " + algorithm + " not recognized."); diff --git a/src/com/verisign/tat/dnssec/NSEC3ValUtils.java b/src/com/verisign/tat/dnssec/NSEC3ValUtils.java index b7f5386..0678c5a 100644 --- a/src/com/verisign/tat/dnssec/NSEC3ValUtils.java +++ b/src/com/verisign/tat/dnssec/NSEC3ValUtils.java @@ -137,17 +137,6 @@ public class NSEC3ValUtils { } } - private static byte[] hash(Name name, NSEC3Record nsec3) { - try { - return nsec3.hashName(name); - } catch (NoSuchAlgorithmException e) { - st_log.warn("Did not recognize hash algorithm: " - + nsec3.getHashAlgorithm()); - - return null; - } - } - /** * Given the name of a closest encloser, return the name *.closest_encloser. * @@ -458,7 +447,7 @@ public class NSEC3ValUtils { return -1; } - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") private static boolean validIterations(NSEC3Parameters nsec3params, RRset dnskey_rrset, DnsSecVerifier verifier) { // for now, we return the maximum iterations based simply on the key diff --git a/src/com/verisign/tat/dnssec/SRRset.java b/src/com/verisign/tat/dnssec/SRRset.java index 25fff0c..645c560 100644 --- a/src/com/verisign/tat/dnssec/SRRset.java +++ b/src/com/verisign/tat/dnssec/SRRset.java @@ -31,6 +31,7 @@ import java.util.*; * A version of the RRset class overrides the standard security status. */ public class SRRset extends RRset { + private static final long serialVersionUID = 1L; private SecurityStatus mSecurityStatus; /** Create a new, blank SRRset. */ @@ -43,7 +44,7 @@ public class SRRset extends RRset { * Create a new SRRset from an existing RRset. This SRRset will contain that * same internal Record objects as the original RRset. */ - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") public SRRset(RRset r) { this(); diff --git a/src/com/verisign/tat/dnssec/SecurityStatus.java b/src/com/verisign/tat/dnssec/SecurityStatus.java index a2f1e01..44b70b3 100644 --- a/src/com/verisign/tat/dnssec/SecurityStatus.java +++ b/src/com/verisign/tat/dnssec/SecurityStatus.java @@ -23,12 +23,16 @@ package com.verisign.tat.dnssec; +import java.io.Serializable; + /** * Codes for DNSSEC security statuses. * * @author davidb */ -public class SecurityStatus { +public class SecurityStatus implements Serializable { + private static final long serialVersionUID = 1L; + public static final byte INVALID = -1; /** diff --git a/src/com/verisign/tat/dnssec/SignUtils.java b/src/com/verisign/tat/dnssec/SignUtils.java index 36a218d..e8cf963 100644 --- a/src/com/verisign/tat/dnssec/SignUtils.java +++ b/src/com/verisign/tat/dnssec/SignUtils.java @@ -35,6 +35,7 @@ import org.xbill.DNS.utils.base64; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.Serializable; import java.security.SignatureException; import java.security.interfaces.DSAParams; @@ -178,7 +179,7 @@ public class SignUtils { * @return the canonical wire line format of the rrset. This is the second * part of data to be signed. */ - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl, int labels) { DNSOutput image = new DNSOutput(); @@ -456,7 +457,8 @@ public class SignUtils { * useful for comparing RDATA portions of DNS records in doing DNSSEC * canonical ordering. */ - public static class ByteArrayComparator implements Comparator { + public static class ByteArrayComparator implements Comparator, Serializable { + private static final long serialVersionUID = 1L; private int mOffset = 0; private boolean mDebug = false; diff --git a/src/com/verisign/tat/dnssec/ValUtils.java b/src/com/verisign/tat/dnssec/ValUtils.java index 80dc0b7..9841149 100644 --- a/src/com/verisign/tat/dnssec/ValUtils.java +++ b/src/com/verisign/tat/dnssec/ValUtils.java @@ -339,7 +339,7 @@ public class ValUtils { return false; } - @SuppressWarnings("unchecked") + @SuppressWarnings("rawtypes") public static RRSIGRecord rrsetFirstSig(RRset rrset) { for (Iterator i = rrset.sigs(); i.hasNext();) { return (RRSIGRecord) i.next();