fix warnings and findbugs hints

This commit is contained in:
davidb 2010-06-25 19:03:08 -04:00
parent 6ae8eb27da
commit df70e41643
7 changed files with 43 additions and 40 deletions

View File

@ -957,9 +957,9 @@ public class CaptiveValidator {
break; break;
case NODATA: case NODATA:
log.trace("Validating a NODATA response"); log.trace("Validating a NODATA response");
validateNodataResponse(message, key_rrset, mErrorList); validateNodataResponse(message, key_rrset, mErrorList);
break; break;

View File

@ -46,28 +46,35 @@ public class DnsSecVerifier {
private Logger log = Logger.getLogger(this.getClass()); private Logger log = Logger.getLogger(this.getClass());
/** /**
* This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA * This is a mapping of DNSSEC algorithm numbers to JCA algorithm
* algorithm identifiers. * identifiers.
*/ */
private HashMap<Integer, AlgEntry> mAlgorithmMap; private HashMap<Integer, AlgEntry> mAlgorithmMap;
/**
* This is a mapping of DNSSEC private (DNS name) identifiers to JCA
* algorithm identifiers.
*/
private HashMap<Name, AlgEntry> mPrivateAlgorithmMap;
public DnsSecVerifier() { public DnsSecVerifier() {
mAlgorithmMap = new HashMap<Integer, AlgEntry>(); mAlgorithmMap = new HashMap<Integer, AlgEntry>();
mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
// set the default algorithm map. // set the default algorithm map.
mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry(
"MD5withRSA", DNSSEC.RSAMD5, false)); "MD5withRSA", DNSSEC.RSAMD5, false));
mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA", mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
DNSSEC.DSA, true)); DNSSEC.DSA, true));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false)); "SHA1withRSA", DNSSEC.RSASHA1, false));
mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
"SHA1withDSA", DNSSEC.DSA, true)); "SHA1withDSA", DNSSEC.DSA, true));
mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false)); "SHA1withRSA", DNSSEC.RSASHA1, false));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry(
"SHA256withRSA", DNSSEC.RSASHA256, false)); "SHA256withRSA", DNSSEC.RSASHA256, false));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512), new AlgEntry( mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry(
"SHA512withRSA", DNSSEC.RSASHA512, false)); "SHA512withRSA", DNSSEC.RSASHA512, false));
} }
@ -85,7 +92,7 @@ public class DnsSecVerifier {
return false; return false;
} }
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
if (entry != null) { if (entry != null) {
return entry.isDSA; return entry.isDSA;
@ -107,8 +114,8 @@ public class DnsSecVerifier {
"dns.algorithm."); "dns.algorithm.");
for (Util.ConfigEntry entry : aliases) { for (Util.ConfigEntry entry : aliases) {
Integer alg_alias = new Integer(Util.parseInt(entry.key, -1)); Integer alg_alias = Integer.valueOf(Util.parseInt(entry.key, -1));
Integer alg_orig = new Integer(Util.parseInt(entry.value, -1)); Integer alg_orig = Integer.valueOf(Util.parseInt(entry.value, -1));
if (!mAlgorithmMap.containsKey(alg_orig)) { if (!mAlgorithmMap.containsKey(alg_orig)) {
log.warn("Unable to alias " + alg_alias log.warn("Unable to alias " + alg_alias
@ -152,7 +159,7 @@ public class DnsSecVerifier {
* @return A List contains a one or more DNSKEYRecord objects, or null if a * @return A List contains a one or more DNSKEYRecord objects, or null if a
* matching DNSKEY could not be found. * matching DNSKEY could not be found.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) { private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
if (!signature.getSigner().equals(dnskey_rrset.getName())) { if (!signature.getSigner().equals(dnskey_rrset.getName())) {
log.trace("findKey: could not find appropriate key because " log.trace("findKey: could not find appropriate key because "
@ -236,7 +243,7 @@ public class DnsSecVerifier {
} }
public PublicKey parseDNSKEY(DNSKEYRecord key) { public PublicKey parseDNSKEY(DNSKEYRecord key) {
AlgEntry ae = (AlgEntry) mAlgorithmMap.get(new Integer(key AlgEntry ae = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(key
.getAlgorithm())); .getAlgorithm()));
if (key.getAlgorithm() != ae.dnssecAlg) { if (key.getAlgorithm() != ae.dnssecAlg) {
@ -361,7 +368,7 @@ public class DnsSecVerifier {
* @return SecurityStatus.SECURE if the rrest verified positively, * @return SecurityStatus.SECURE if the rrest verified positively,
* SecurityStatus.BOGUS otherwise. * SecurityStatus.BOGUS otherwise.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
public byte verify(RRset rrset, RRset key_rrset) { public byte verify(RRset rrset, RRset key_rrset) {
Iterator i = rrset.sigs(); Iterator i = rrset.sigs();
@ -397,7 +404,7 @@ public class DnsSecVerifier {
* The DNSKEY to verify with. * The DNSKEY to verify with.
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise. * @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
public byte verify(RRset rrset, DNSKEYRecord dnskey) { public byte verify(RRset rrset, DNSKEYRecord dnskey) {
// Iterate over RRSIGS // Iterate over RRSIGS
Iterator i = rrset.sigs(); Iterator i = rrset.sigs();
@ -429,11 +436,11 @@ public class DnsSecVerifier {
} }
public boolean supportsAlgorithm(int algorithm) { public boolean supportsAlgorithm(int algorithm) {
return mAlgorithmMap.containsKey(new Integer(algorithm)); return mAlgorithmMap.containsKey(Integer.valueOf(algorithm));
} }
public boolean supportsAlgorithm(Name private_id) { public boolean supportsAlgorithm(Name private_id) {
return mAlgorithmMap.containsKey(private_id); return mPrivateAlgorithmMap.containsKey(private_id);
} }
public int baseAlgorithm(int algorithm) { public int baseAlgorithm(int algorithm) {
@ -446,7 +453,7 @@ public class DnsSecVerifier {
return DSA; return DSA;
} }
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm)); AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
if (entry == null) { if (entry == null) {
return UNKNOWN; return UNKNOWN;
@ -465,7 +472,7 @@ public class DnsSecVerifier {
try { try {
AlgEntry entry = (AlgEntry) mAlgorithmMap AlgEntry entry = (AlgEntry) mAlgorithmMap
.get(new Integer(algorithm)); .get(Integer.valueOf(algorithm));
if (entry == null) { if (entry == null) {
log.info("DNSSEC algorithm " + algorithm + " not recognized."); log.info("DNSSEC algorithm " + algorithm + " not recognized.");

View File

@ -137,17 +137,6 @@ public class NSEC3ValUtils {
} }
} }
private static byte[] hash(Name name, NSEC3Record nsec3) {
try {
return nsec3.hashName(name);
} catch (NoSuchAlgorithmException e) {
st_log.warn("Did not recognize hash algorithm: "
+ nsec3.getHashAlgorithm());
return null;
}
}
/** /**
* Given the name of a closest encloser, return the name *.closest_encloser. * Given the name of a closest encloser, return the name *.closest_encloser.
* *
@ -458,7 +447,7 @@ public class NSEC3ValUtils {
return -1; return -1;
} }
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
private static boolean validIterations(NSEC3Parameters nsec3params, private static boolean validIterations(NSEC3Parameters nsec3params,
RRset dnskey_rrset, DnsSecVerifier verifier) { RRset dnskey_rrset, DnsSecVerifier verifier) {
// for now, we return the maximum iterations based simply on the key // for now, we return the maximum iterations based simply on the key

View File

@ -31,6 +31,7 @@ import java.util.*;
* A version of the RRset class overrides the standard security status. * A version of the RRset class overrides the standard security status.
*/ */
public class SRRset extends RRset { public class SRRset extends RRset {
private static final long serialVersionUID = 1L;
private SecurityStatus mSecurityStatus; private SecurityStatus mSecurityStatus;
/** Create a new, blank SRRset. */ /** Create a new, blank SRRset. */
@ -43,7 +44,7 @@ public class SRRset extends RRset {
* Create a new SRRset from an existing RRset. This SRRset will contain that * Create a new SRRset from an existing RRset. This SRRset will contain that
* same internal Record objects as the original RRset. * same internal Record objects as the original RRset.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
public SRRset(RRset r) { public SRRset(RRset r) {
this(); this();

View File

@ -23,12 +23,16 @@
package com.verisign.tat.dnssec; package com.verisign.tat.dnssec;
import java.io.Serializable;
/** /**
* Codes for DNSSEC security statuses. * Codes for DNSSEC security statuses.
* *
* @author davidb * @author davidb
*/ */
public class SecurityStatus { public class SecurityStatus implements Serializable {
private static final long serialVersionUID = 1L;
public static final byte INVALID = -1; public static final byte INVALID = -1;
/** /**

View File

@ -35,6 +35,7 @@ import org.xbill.DNS.utils.base64;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.Serializable;
import java.security.SignatureException; import java.security.SignatureException;
import java.security.interfaces.DSAParams; import java.security.interfaces.DSAParams;
@ -178,7 +179,7 @@ public class SignUtils {
* @return the canonical wire line format of the rrset. This is the second * @return the canonical wire line format of the rrset. This is the second
* part of data to be signed. * part of data to be signed.
*/ */
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl, public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
int labels) { int labels) {
DNSOutput image = new DNSOutput(); DNSOutput image = new DNSOutput();
@ -456,7 +457,8 @@ public class SignUtils {
* useful for comparing RDATA portions of DNS records in doing DNSSEC * useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering. * canonical ordering.
*/ */
public static class ByteArrayComparator implements Comparator<byte[]> { public static class ByteArrayComparator implements Comparator<byte[]>, Serializable {
private static final long serialVersionUID = 1L;
private int mOffset = 0; private int mOffset = 0;
private boolean mDebug = false; private boolean mDebug = false;

View File

@ -339,7 +339,7 @@ public class ValUtils {
return false; return false;
} }
@SuppressWarnings("unchecked") @SuppressWarnings("rawtypes")
public static RRSIGRecord rrsetFirstSig(RRset rrset) { public static RRSIGRecord rrsetFirstSig(RRset rrset) {
for (Iterator i = rrset.sigs(); i.hasNext();) { for (Iterator i = rrset.sigs(); i.hasNext();) {
return (RRSIGRecord) i.next(); return (RRSIGRecord) i.next();