fix warnings and findbugs hints

src/com/verisign/tat/dnssec/CaptiveValidator.java

@@ -957,9 +957,9 @@ public class CaptiveValidator {
 
             break;
 
-            case NODATA:
+        case NODATA:
-                log.trace("Validating a NODATA response");
+            log.trace("Validating a NODATA response");
-                validateNodataResponse(message, key_rrset, mErrorList);
+            validateNodataResponse(message, key_rrset, mErrorList);
 
             break;
 

src/com/verisign/tat/dnssec/DnsSecVerifier.java

@@ -46,28 +46,35 @@ public class DnsSecVerifier {
     private Logger log = Logger.getLogger(this.getClass());
 
     /**
-     * This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
+     * This is a mapping of DNSSEC algorithm numbers to JCA algorithm
-     * algorithm identifiers.
+     * identifiers.
      */
     private HashMap<Integer, AlgEntry> mAlgorithmMap;
 
+    /**
+     * This is a mapping of DNSSEC private (DNS name) identifiers to JCA
+     * algorithm identifiers.
+     */
+    private HashMap<Name, AlgEntry> mPrivateAlgorithmMap;
+
     public DnsSecVerifier() {
         mAlgorithmMap = new HashMap<Integer, AlgEntry>();
+        mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
 
         // set the default algorithm map.
-        mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry(
                 "MD5withRSA", DNSSEC.RSAMD5, false));
-        mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
                 DNSSEC.DSA, true));
-        mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry(
                 "SHA1withRSA", DNSSEC.RSASHA1, false));
-        mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
                 "SHA1withDSA", DNSSEC.DSA, true));
-        mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
                 "SHA1withRSA", DNSSEC.RSASHA1, false));
-        mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry(
                 "SHA256withRSA", DNSSEC.RSASHA256, false));
-        mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512), new AlgEntry(
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry(
                 "SHA512withRSA", DNSSEC.RSASHA512, false));
     }
 
@@ -85,7 +92,7 @@ public class DnsSecVerifier {
             return false;
         }
 
-        AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
+        AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
 
         if (entry != null) {
             return entry.isDSA;
@@ -107,8 +114,8 @@ public class DnsSecVerifier {
                 "dns.algorithm.");
 
         for (Util.ConfigEntry entry : aliases) {
-            Integer alg_alias = new Integer(Util.parseInt(entry.key, -1));
+            Integer alg_alias = Integer.valueOf(Util.parseInt(entry.key, -1));
-            Integer alg_orig = new Integer(Util.parseInt(entry.value, -1));
+            Integer alg_orig = Integer.valueOf(Util.parseInt(entry.value, -1));
 
             if (!mAlgorithmMap.containsKey(alg_orig)) {
                 log.warn("Unable to alias " + alg_alias
@@ -152,7 +159,7 @@ public class DnsSecVerifier {
      * @return A List contains a one or more DNSKEYRecord objects, or null if a
      *         matching DNSKEY could not be found.
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
         if (!signature.getSigner().equals(dnskey_rrset.getName())) {
             log.trace("findKey: could not find appropriate key because "
@@ -236,7 +243,7 @@ public class DnsSecVerifier {
     }
 
     public PublicKey parseDNSKEY(DNSKEYRecord key) {
-        AlgEntry ae = (AlgEntry) mAlgorithmMap.get(new Integer(key
+        AlgEntry ae = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(key
                 .getAlgorithm()));
 
         if (key.getAlgorithm() != ae.dnssecAlg) {
@@ -361,7 +368,7 @@ public class DnsSecVerifier {
      * @return SecurityStatus.SECURE if the rrest verified positively,
      *         SecurityStatus.BOGUS otherwise.
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public byte verify(RRset rrset, RRset key_rrset) {
         Iterator i = rrset.sigs();
 
@@ -397,7 +404,7 @@ public class DnsSecVerifier {
      *            The DNSKEY to verify with.
      * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public byte verify(RRset rrset, DNSKEYRecord dnskey) {
         // Iterate over RRSIGS
         Iterator i = rrset.sigs();
@@ -429,11 +436,11 @@ public class DnsSecVerifier {
     }
 
     public boolean supportsAlgorithm(int algorithm) {
-        return mAlgorithmMap.containsKey(new Integer(algorithm));
+        return mAlgorithmMap.containsKey(Integer.valueOf(algorithm));
     }
 
     public boolean supportsAlgorithm(Name private_id) {
-        return mAlgorithmMap.containsKey(private_id);
+        return mPrivateAlgorithmMap.containsKey(private_id);
     }
 
     public int baseAlgorithm(int algorithm) {
@@ -446,7 +453,7 @@ public class DnsSecVerifier {
             return DSA;
         }
 
-        AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
+        AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
 
         if (entry == null) {
             return UNKNOWN;
@@ -465,7 +472,7 @@ public class DnsSecVerifier {
 
         try {
             AlgEntry entry = (AlgEntry) mAlgorithmMap
-                    .get(new Integer(algorithm));
+                    .get(Integer.valueOf(algorithm));
 
             if (entry == null) {
                 log.info("DNSSEC algorithm " + algorithm + " not recognized.");

src/com/verisign/tat/dnssec/NSEC3ValUtils.java

@@ -137,17 +137,6 @@ public class NSEC3ValUtils {
         }
     }
 
-    private static byte[] hash(Name name, NSEC3Record nsec3) {
-        try {
-            return nsec3.hashName(name);
-        } catch (NoSuchAlgorithmException e) {
-            st_log.warn("Did not recognize hash algorithm: "
-                    + nsec3.getHashAlgorithm());
-
-            return null;
-        }
-    }
-
     /**
      * Given the name of a closest encloser, return the name *.closest_encloser.
      * 
@@ -458,7 +447,7 @@ public class NSEC3ValUtils {
         return -1;
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     private static boolean validIterations(NSEC3Parameters nsec3params,
             RRset dnskey_rrset, DnsSecVerifier verifier) {
         // for now, we return the maximum iterations based simply on the key

src/com/verisign/tat/dnssec/SRRset.java

@@ -31,6 +31,7 @@ import java.util.*;
  * A version of the RRset class overrides the standard security status.
  */
 public class SRRset extends RRset {
+    private static final long serialVersionUID = 1L;
     private SecurityStatus mSecurityStatus;
 
     /** Create a new, blank SRRset. */
@@ -43,7 +44,7 @@ public class SRRset extends RRset {
      * Create a new SRRset from an existing RRset. This SRRset will contain that
      * same internal Record objects as the original RRset.
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public SRRset(RRset r) {
         this();
 

src/com/verisign/tat/dnssec/SecurityStatus.java

@@ -23,12 +23,16 @@
 
 package com.verisign.tat.dnssec;
 
+import java.io.Serializable;
+
 /**
  * Codes for DNSSEC security statuses.
  * 
  * @author davidb
  */
-public class SecurityStatus {
+public class SecurityStatus implements Serializable {
+    private static final long serialVersionUID = 1L;
+
     public static final byte INVALID = -1;
 
     /**

src/com/verisign/tat/dnssec/SignUtils.java

@@ -35,6 +35,7 @@ import org.xbill.DNS.utils.base64;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.Serializable;
 
 import java.security.SignatureException;
 import java.security.interfaces.DSAParams;
@@ -178,7 +179,7 @@ public class SignUtils {
      * @return the canonical wire line format of the rrset. This is the second
      *         part of data to be signed.
      */
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
             int labels) {
         DNSOutput image = new DNSOutput();
@@ -456,7 +457,8 @@ public class SignUtils {
      * useful for comparing RDATA portions of DNS records in doing DNSSEC
      * canonical ordering.
      */
-    public static class ByteArrayComparator implements Comparator<byte[]> {
+    public static class ByteArrayComparator implements Comparator<byte[]>, Serializable {
+        private static final long serialVersionUID = 1L;
         private int mOffset = 0;
         private boolean mDebug = false;
 

src/com/verisign/tat/dnssec/ValUtils.java

@@ -339,7 +339,7 @@ public class ValUtils {
         return false;
     }
 
-    @SuppressWarnings("unchecked")
+    @SuppressWarnings("rawtypes")
     public static RRSIGRecord rrsetFirstSig(RRset rrset) {
         for (Iterator i = rrset.sigs(); i.hasNext();) {
             return (RRSIGRecord) i.next();