fix warnings and findbugs hints

This commit is contained in:
davidb 2010-06-25 19:03:08 -04:00
parent 6ae8eb27da
commit df70e41643
7 changed files with 43 additions and 40 deletions

View File

@ -46,28 +46,35 @@ public class DnsSecVerifier {
private Logger log = Logger.getLogger(this.getClass());
/**
* This is a mapping of DNSSEC algorithm numbers/private identifiers to JCA
* algorithm identifiers.
* This is a mapping of DNSSEC algorithm numbers to JCA algorithm
* identifiers.
*/
private HashMap<Integer, AlgEntry> mAlgorithmMap;
/**
* This is a mapping of DNSSEC private (DNS name) identifiers to JCA
* algorithm identifiers.
*/
private HashMap<Name, AlgEntry> mPrivateAlgorithmMap;
public DnsSecVerifier() {
mAlgorithmMap = new HashMap<Integer, AlgEntry>();
mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
// set the default algorithm map.
mAlgorithmMap.put(new Integer(DNSSEC.RSAMD5), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry(
"MD5withRSA", DNSSEC.RSAMD5, false));
mAlgorithmMap.put(new Integer(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
DNSSEC.DSA, true));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA1), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false));
mAlgorithmMap.put(new Integer(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
"SHA1withDSA", DNSSEC.DSA, true));
mAlgorithmMap.put(new Integer(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
"SHA1withRSA", DNSSEC.RSASHA1, false));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA256), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry(
"SHA256withRSA", DNSSEC.RSASHA256, false));
mAlgorithmMap.put(new Integer(DNSSEC.RSASHA512), new AlgEntry(
mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry(
"SHA512withRSA", DNSSEC.RSASHA512, false));
}
@ -85,7 +92,7 @@ public class DnsSecVerifier {
return false;
}
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
if (entry != null) {
return entry.isDSA;
@ -107,8 +114,8 @@ public class DnsSecVerifier {
"dns.algorithm.");
for (Util.ConfigEntry entry : aliases) {
Integer alg_alias = new Integer(Util.parseInt(entry.key, -1));
Integer alg_orig = new Integer(Util.parseInt(entry.value, -1));
Integer alg_alias = Integer.valueOf(Util.parseInt(entry.key, -1));
Integer alg_orig = Integer.valueOf(Util.parseInt(entry.value, -1));
if (!mAlgorithmMap.containsKey(alg_orig)) {
log.warn("Unable to alias " + alg_alias
@ -152,7 +159,7 @@ public class DnsSecVerifier {
* @return A List contains a one or more DNSKEYRecord objects, or null if a
* matching DNSKEY could not be found.
*/
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
private List<DNSKEYRecord> findKey(RRset dnskey_rrset, RRSIGRecord signature) {
if (!signature.getSigner().equals(dnskey_rrset.getName())) {
log.trace("findKey: could not find appropriate key because "
@ -236,7 +243,7 @@ public class DnsSecVerifier {
}
public PublicKey parseDNSKEY(DNSKEYRecord key) {
AlgEntry ae = (AlgEntry) mAlgorithmMap.get(new Integer(key
AlgEntry ae = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(key
.getAlgorithm()));
if (key.getAlgorithm() != ae.dnssecAlg) {
@ -361,7 +368,7 @@ public class DnsSecVerifier {
* @return SecurityStatus.SECURE if the rrest verified positively,
* SecurityStatus.BOGUS otherwise.
*/
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
public byte verify(RRset rrset, RRset key_rrset) {
Iterator i = rrset.sigs();
@ -397,7 +404,7 @@ public class DnsSecVerifier {
* The DNSKEY to verify with.
* @return SecurityStatus.SECURE if the rrset verified, BOGUS otherwise.
*/
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
public byte verify(RRset rrset, DNSKEYRecord dnskey) {
// Iterate over RRSIGS
Iterator i = rrset.sigs();
@ -429,11 +436,11 @@ public class DnsSecVerifier {
}
public boolean supportsAlgorithm(int algorithm) {
return mAlgorithmMap.containsKey(new Integer(algorithm));
return mAlgorithmMap.containsKey(Integer.valueOf(algorithm));
}
public boolean supportsAlgorithm(Name private_id) {
return mAlgorithmMap.containsKey(private_id);
return mPrivateAlgorithmMap.containsKey(private_id);
}
public int baseAlgorithm(int algorithm) {
@ -446,7 +453,7 @@ public class DnsSecVerifier {
return DSA;
}
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(new Integer(algorithm));
AlgEntry entry = (AlgEntry) mAlgorithmMap.get(Integer.valueOf(algorithm));
if (entry == null) {
return UNKNOWN;
@ -465,7 +472,7 @@ public class DnsSecVerifier {
try {
AlgEntry entry = (AlgEntry) mAlgorithmMap
.get(new Integer(algorithm));
.get(Integer.valueOf(algorithm));
if (entry == null) {
log.info("DNSSEC algorithm " + algorithm + " not recognized.");

View File

@ -137,17 +137,6 @@ public class NSEC3ValUtils {
}
}
private static byte[] hash(Name name, NSEC3Record nsec3) {
try {
return nsec3.hashName(name);
} catch (NoSuchAlgorithmException e) {
st_log.warn("Did not recognize hash algorithm: "
+ nsec3.getHashAlgorithm());
return null;
}
}
/**
* Given the name of a closest encloser, return the name *.closest_encloser.
*
@ -458,7 +447,7 @@ public class NSEC3ValUtils {
return -1;
}
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
private static boolean validIterations(NSEC3Parameters nsec3params,
RRset dnskey_rrset, DnsSecVerifier verifier) {
// for now, we return the maximum iterations based simply on the key

View File

@ -31,6 +31,7 @@ import java.util.*;
* A version of the RRset class overrides the standard security status.
*/
public class SRRset extends RRset {
private static final long serialVersionUID = 1L;
private SecurityStatus mSecurityStatus;
/** Create a new, blank SRRset. */
@ -43,7 +44,7 @@ public class SRRset extends RRset {
* Create a new SRRset from an existing RRset. This SRRset will contain that
* same internal Record objects as the original RRset.
*/
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
public SRRset(RRset r) {
this();

View File

@ -23,12 +23,16 @@
package com.verisign.tat.dnssec;
import java.io.Serializable;
/**
* Codes for DNSSEC security statuses.
*
* @author davidb
*/
public class SecurityStatus {
public class SecurityStatus implements Serializable {
private static final long serialVersionUID = 1L;
public static final byte INVALID = -1;
/**

View File

@ -35,6 +35,7 @@ import org.xbill.DNS.utils.base64;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.Serializable;
import java.security.SignatureException;
import java.security.interfaces.DSAParams;
@ -178,7 +179,7 @@ public class SignUtils {
* @return the canonical wire line format of the rrset. This is the second
* part of data to be signed.
*/
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
int labels) {
DNSOutput image = new DNSOutput();
@ -456,7 +457,8 @@ public class SignUtils {
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
*/
public static class ByteArrayComparator implements Comparator<byte[]> {
public static class ByteArrayComparator implements Comparator<byte[]>, Serializable {
private static final long serialVersionUID = 1L;
private int mOffset = 0;
private boolean mDebug = false;

View File

@ -339,7 +339,7 @@ public class ValUtils {
return false;
}
@SuppressWarnings("unchecked")
@SuppressWarnings("rawtypes")
public static RRSIGRecord rrsetFirstSig(RRset rrset) {
for (Iterator i = rrset.sigs(); i.hasNext();) {
return (RRSIGRecord) i.next();