sonarlint and formatting for the rest
This commit is contained in:
parent
15eb319b26
commit
1e342b1fb6
@ -71,7 +71,8 @@ public class DSTool extends CLBase {
|
||||
protected void setupOptions(Options opts) {
|
||||
opts.addOption(Option.builder("D").longOpt("dlv").desc("Generate a DLV record instead.").build());
|
||||
opts.addOption(Option.builder("C").longOpt("cds").desc("Generate a CDS record instead").build());
|
||||
opts.addOption(Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
|
||||
opts.addOption(
|
||||
Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
|
||||
opts.addOption(Option.builder("f").hasArg().argName("file").longOpt("output").desc("output to file").build());
|
||||
}
|
||||
|
||||
@ -120,9 +121,9 @@ public class DSTool extends CLBase {
|
||||
log.fine("creating CDS.");
|
||||
CDSRecord cds = new CDSRecord(ds.getName(), ds.getDClass(), ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
|
||||
ds.getDClass(), ds.getDigest());
|
||||
res = cds;
|
||||
res = cds;
|
||||
}
|
||||
|
||||
|
||||
if (state.outputfile != null && !state.outputfile.equals("-")) {
|
||||
try (PrintWriter out = new PrintWriter(new FileWriter(state.outputfile))) {
|
||||
out.println(res);
|
||||
|
@ -75,10 +75,14 @@ public class SignKeyset extends CLBase {
|
||||
opts.addOption("a", "verify", false, "verify generated signatures>");
|
||||
|
||||
// Argument options
|
||||
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory").desc("directory where key files are found (default '.').").build());
|
||||
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time").desc("signature starting time (default is now - 1 hour)").build());
|
||||
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time").desc("signature expiration time (default is start-time + 30 days)").build());
|
||||
opts.addOption(Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
|
||||
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory")
|
||||
.desc("directory where key files are found (default '.').").build());
|
||||
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time")
|
||||
.desc("signature starting time (default is now - 1 hour)").build());
|
||||
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time")
|
||||
.desc("signature expiration time (default is start-time + 30 days)").build());
|
||||
opts.addOption(
|
||||
Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -129,11 +133,9 @@ public class SignKeyset extends CLBase {
|
||||
|
||||
/**
|
||||
* Verify the generated signatures.
|
||||
*
|
||||
* @param records
|
||||
* a list of {@link org.xbill.DNS.Record}s.
|
||||
* @param keypairs
|
||||
* a list of keypairs used the sign the zone.
|
||||
*
|
||||
* @param records a list of {@link org.xbill.DNS.Record}s.
|
||||
* @param keypairs a list of keypairs used the sign the zone.
|
||||
* @return true if all of the signatures validated.
|
||||
*/
|
||||
private static boolean verifySigs(List<Record> records,
|
||||
@ -168,16 +170,13 @@ public class SignKeyset extends CLBase {
|
||||
|
||||
/**
|
||||
* Load the key pairs from the key files.
|
||||
*
|
||||
* @param keyfiles
|
||||
* a string array containing the base names or paths of the
|
||||
* keys
|
||||
* to be loaded.
|
||||
* @param startIndex
|
||||
* the starting index of keyfiles string array to use. This
|
||||
* allows us to use the straight command line argument array.
|
||||
* @param inDirectory
|
||||
* the directory to look in (may be null).
|
||||
*
|
||||
* @param keyfiles a string array containing the base names or paths of the
|
||||
* keys to be loaded.
|
||||
* @param startIndex the starting index of keyfiles string array to use. This
|
||||
* allows us to use the straight command line argument
|
||||
* array.
|
||||
* @param inDirectory the directory to look in (may be null).
|
||||
* @return a list of keypair objects.
|
||||
*/
|
||||
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
||||
@ -244,8 +243,8 @@ public class SignKeyset extends CLBase {
|
||||
}
|
||||
|
||||
// Make sure that all records are DNSKEYs with the same name.
|
||||
Name keysetName = null;
|
||||
RRset keyset = new RRset();
|
||||
Name keysetName = null;
|
||||
RRset keyset = new RRset();
|
||||
|
||||
for (Record r : records) {
|
||||
if (r.getType() != Type.DNSKEY) {
|
||||
|
@ -55,14 +55,14 @@ public class SignRRset extends CLBase {
|
||||
* This is an inner class used to hold all of the command line option state.
|
||||
*/
|
||||
protected static class CLIState extends CLIStateBase {
|
||||
private File keyDirectory = null;
|
||||
public String[] keyFiles = null;
|
||||
public Instant start = null;
|
||||
public Instant expire = null;
|
||||
public String inputfile = null;
|
||||
public String outputfile = null;
|
||||
public boolean verifySigs = false;
|
||||
public boolean verboseSigning = false;
|
||||
private File keyDirectory = null;
|
||||
public String[] keyFiles = null;
|
||||
public Instant start = null;
|
||||
public Instant expire = null;
|
||||
public String inputfile = null;
|
||||
public String outputfile = null;
|
||||
public boolean verifySigs = false;
|
||||
public boolean verboseSigning = false;
|
||||
|
||||
public CLIState() {
|
||||
super("jdnssec-signrrset [..options..] rrset_file key_file [key_file ...]");
|
||||
@ -137,10 +137,8 @@ public class SignRRset extends CLBase {
|
||||
/**
|
||||
* Verify the generated signatures.
|
||||
*
|
||||
* @param records
|
||||
* a list of {@link org.xbill.DNS.Record}s.
|
||||
* @param keypairs
|
||||
* a list of keypairs used the sign the zone.
|
||||
* @param records a list of {@link org.xbill.DNS.Record}s.
|
||||
* @param keypairs a list of keypairs used the sign the zone.
|
||||
* @return true if all of the signatures validated.
|
||||
*/
|
||||
private static boolean verifySigs(List<Record> records, List<DnsKeyPair> keypairs) {
|
||||
@ -176,15 +174,12 @@ public class SignRRset extends CLBase {
|
||||
/**
|
||||
* Load the key pairs from the key files.
|
||||
*
|
||||
* @param keyfiles
|
||||
* a string array containing the base names or paths of the
|
||||
* keys
|
||||
* to be loaded.
|
||||
* @param startIndex
|
||||
* the starting index of keyfiles string array to use. This
|
||||
* allows us to use the straight command line argument array.
|
||||
* @param inDirectory
|
||||
* the directory to look in (may be null).
|
||||
* @param keyfiles a string array containing the base names or paths of the
|
||||
* keys to be loaded.
|
||||
* @param startIndex the starting index of keyfiles string array to use. This
|
||||
* allows us to use the straight command line argument
|
||||
* array.
|
||||
* @param inDirectory the directory to look in (may be null).
|
||||
* @return a list of keypair objects.
|
||||
*/
|
||||
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
||||
|
@ -100,7 +100,6 @@ public class ZoneFormat extends CLBase {
|
||||
|
||||
private static void formatZone(List<Record> zone) {
|
||||
|
||||
|
||||
for (Record r : zone) {
|
||||
System.out.println(r.toString());
|
||||
}
|
||||
|
@ -107,17 +107,12 @@ public class BINDKeyUtils {
|
||||
* Given the information necessary to construct the path to a BIND9 generated
|
||||
* key pair, load the key pair.
|
||||
*
|
||||
* @param signer
|
||||
* the DNS name of the key.
|
||||
* @param algorithm
|
||||
* the DNSSEC algorithm of the key.
|
||||
* @param keyid
|
||||
* the DNSSEC key footprint.
|
||||
* @param inDirectory
|
||||
* the directory to look for the files (may be null).
|
||||
* @param signer the DNS name of the key.
|
||||
* @param algorithm the DNSSEC algorithm of the key.
|
||||
* @param keyid the DNSSEC key footprint.
|
||||
* @param inDirectory the directory to look for the files (may be null).
|
||||
* @return the loaded key pair.
|
||||
* @throws IOException
|
||||
* if there was a problem reading the BIND9 files.
|
||||
* @throws IOException if there was a problem reading the BIND9 files.
|
||||
*/
|
||||
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
|
||||
File inDirectory) throws IOException {
|
||||
@ -129,16 +124,12 @@ public class BINDKeyUtils {
|
||||
/**
|
||||
* Given a base path to a BIND9 key pair, load the key pair.
|
||||
*
|
||||
* @param keyFileBasePath
|
||||
* the base filename (or real filename for either the
|
||||
* public or
|
||||
* private key) of the key.
|
||||
* @param inDirectory
|
||||
* the directory to look in, if the keyFileBasePath is
|
||||
* @param keyFileBasePath the base filename (or real filename for either the
|
||||
* public or private key) of the key.
|
||||
* @param inDirectory the directory to look in, if the keyFileBasePath is
|
||||
* relative.
|
||||
* @return the loaded key pair.
|
||||
* @throws IOException
|
||||
* if there was a problem reading the files
|
||||
* @throws IOException if there was a problem reading the files
|
||||
*/
|
||||
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
|
||||
throws IOException {
|
||||
@ -163,15 +154,12 @@ public class BINDKeyUtils {
|
||||
* Given a base path to a BIND9 key pair, load the public part (only) of the
|
||||
* key pair
|
||||
*
|
||||
* @param keyFileBasePath
|
||||
* the base or real path to the public part of a key
|
||||
* @param keyFileBasePath the base or real path to the public part of a key
|
||||
* pair.
|
||||
* @param inDirectory
|
||||
* the directory to look in if the path is relative (may
|
||||
* be null).
|
||||
* @param inDirectory the directory to look in if the path is relative
|
||||
* (may be null).
|
||||
* @return a {@link DnsKeyPair} containing just the public key information.
|
||||
* @throws IOException
|
||||
* if there was a problem reading the public key file.
|
||||
* @throws IOException if there was a problem reading the public key file.
|
||||
*/
|
||||
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
|
||||
throws IOException {
|
||||
@ -191,15 +179,11 @@ public class BINDKeyUtils {
|
||||
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
|
||||
* keyset may be signed, but doesn't have to be.
|
||||
*
|
||||
* @param keysetFileName
|
||||
* the name of the keyset file.
|
||||
* @param inDirectory
|
||||
* the directory to look in if the path is relative (may
|
||||
* be null,
|
||||
* defaults to the current working directory).
|
||||
* @param keysetFileName the name of the keyset file.
|
||||
* @param inDirectory the directory to look in if the path is relative (may
|
||||
* be null, defaults to the current working directory).
|
||||
* @return a RRset contain the KEY records and any associated SIG records.
|
||||
* @throws IOException
|
||||
* if there was a problem reading the keyset file.
|
||||
* @throws IOException if there was a problem reading the keyset file.
|
||||
*/
|
||||
public static RRset loadKeySet(String keysetFileName, File inDirectory)
|
||||
throws IOException {
|
||||
@ -219,8 +203,8 @@ public class BINDKeyUtils {
|
||||
/**
|
||||
* Calculate the key file base for this key pair.
|
||||
*
|
||||
* @param pair
|
||||
* the {@link DnsKeyPair} to work from. It only needs a public key.
|
||||
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
|
||||
* key.
|
||||
* @return the base name of the key files.
|
||||
*/
|
||||
public static String keyFileBase(DnsKeyPair pair) {
|
||||
@ -260,8 +244,7 @@ public class BINDKeyUtils {
|
||||
* Given a the contents of a BIND9 private key file, convert it into a native
|
||||
* {@link java.security.PrivateKey} object.
|
||||
*
|
||||
* @param privateKeyString
|
||||
* the contents of a BIND9 key file in string form.
|
||||
* @param privateKeyString the contents of a BIND9 key file in string form.
|
||||
* @return a {@link java.security.PrivateKey}
|
||||
*/
|
||||
public static PrivateKey convertPrivateKeyString(String privateKeyString) {
|
||||
@ -284,10 +267,8 @@ public class BINDKeyUtils {
|
||||
* Given a native private key, convert it into a BIND9 private key file
|
||||
* format.
|
||||
*
|
||||
* @param priv
|
||||
* the private key to convert.
|
||||
* @param pub
|
||||
* the private key's corresponding public key. Some algorithms
|
||||
* @param priv the private key to convert.
|
||||
* @param pub the private key's corresponding public key. Some algorithms
|
||||
* require information from both.
|
||||
* @return a string containing the contents of a BIND9 private key file.
|
||||
*/
|
||||
@ -328,16 +309,11 @@ public class BINDKeyUtils {
|
||||
/**
|
||||
* This routine will write out the BIND9 dnssec-* tool compatible files.
|
||||
*
|
||||
* @param baseFileName
|
||||
* use this base file name. If null, the standard BIND9 base
|
||||
* file
|
||||
* name will be computed.
|
||||
* @param pair
|
||||
* the keypair in question.
|
||||
* @param inDirectory
|
||||
* the directory to write to (may be null).
|
||||
* @throws IOException
|
||||
* if there is a problem writing the files.
|
||||
* @param baseFileName use this base file name. If null, the standard BIND9
|
||||
* base file name will be computed.
|
||||
* @param pair the keypair in question.
|
||||
* @param inDirectory the directory to write to (may be null).
|
||||
* @throws IOException if there is a problem writing the files.
|
||||
*/
|
||||
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
|
||||
File inDirectory) throws IOException {
|
||||
@ -370,10 +346,8 @@ public class BINDKeyUtils {
|
||||
* This routine will write out the BIND9 dnssec-* tool compatible files to the
|
||||
* standard file names.
|
||||
*
|
||||
* @param pair
|
||||
* the key pair in question.
|
||||
* @param inDirectory
|
||||
* the directory to write to (may be null).
|
||||
* @param pair the key pair in question.
|
||||
* @param inDirectory the directory to write to (may be null).
|
||||
*/
|
||||
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
|
||||
throws IOException {
|
||||
|
@ -27,7 +27,7 @@ import java.util.logging.Logger;
|
||||
* @author David Blacka
|
||||
*/
|
||||
public class ByteArrayComparator implements Comparator<byte[]> {
|
||||
private int mOffset = 0;
|
||||
private int mOffset = 0;
|
||||
private boolean mDebug = false;
|
||||
private Logger log;
|
||||
|
||||
|
@ -279,19 +279,19 @@ public class DnsKeyAlgorithm {
|
||||
mIdToMnemonicMap.computeIfAbsent(alg, k -> m);
|
||||
}
|
||||
|
||||
public void addAlias(int alias, String mnemonic, int original_algorithm) {
|
||||
public void addAlias(int alias, String mnemonic, int origAlgorithm) {
|
||||
if (mAlgorithmMap.containsKey(alias)) {
|
||||
log.warning("Unable to alias algorithm " + alias + " because it already exists.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!mAlgorithmMap.containsKey(original_algorithm)) {
|
||||
if (!mAlgorithmMap.containsKey(origAlgorithm)) {
|
||||
log.warning("Unable to alias algorithm " + alias
|
||||
+ " to unknown algorithm identifier " + original_algorithm);
|
||||
+ " to unknown algorithm identifier " + origAlgorithm);
|
||||
return;
|
||||
}
|
||||
|
||||
mAlgorithmMap.put(alias, mAlgorithmMap.get(original_algorithm));
|
||||
mAlgorithmMap.put(alias, mAlgorithmMap.get(origAlgorithm));
|
||||
|
||||
if (mnemonic != null) {
|
||||
addMnemonic(mnemonic, alias);
|
||||
@ -325,8 +325,8 @@ public class DnsKeyAlgorithm {
|
||||
private ECParameterSpec ECSpecFromName(String stdName) {
|
||||
try {
|
||||
AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
|
||||
ECGenParameterSpec ecg_spec = new ECGenParameterSpec(stdName);
|
||||
ap.init(ecg_spec);
|
||||
ECGenParameterSpec ecgSpec = new ECGenParameterSpec(stdName);
|
||||
ap.init(ecgSpec);
|
||||
return ap.getParameterSpec(ECParameterSpec.class);
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
log.info("Elliptic Curve not supported by any crypto provider: " + e.getMessage());
|
||||
@ -343,12 +343,7 @@ public class DnsKeyAlgorithm {
|
||||
if (spec != null)
|
||||
return spec;
|
||||
throw new InvalidParameterSpecException("Edwards Curve " + stdName + " not found.");
|
||||
}
|
||||
// catch (NoSuchAlgorithmException e) {
|
||||
// log.info("Edwards Curve not supported by any crypto provider: " +
|
||||
// e.getMessage());
|
||||
// }
|
||||
catch (InvalidParameterSpecException e) {
|
||||
} catch (InvalidParameterSpecException e) {
|
||||
log.info("Edwards Curve " + stdName + " not supported");
|
||||
}
|
||||
return null;
|
||||
@ -391,11 +386,10 @@ public class DnsKeyAlgorithm {
|
||||
}
|
||||
|
||||
/**
|
||||
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return
|
||||
* the elliptic curve parameters.
|
||||
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return the
|
||||
* elliptic curve parameters.
|
||||
*
|
||||
* @param algorithm
|
||||
* The DNSSEC algorithm number.
|
||||
* @param algorithm The DNSSEC algorithm number.
|
||||
* @return The calculated JCA ECParameterSpec for that DNSSEC algorithm, or
|
||||
* null if not a recognized/supported EC algorithm.
|
||||
*/
|
||||
@ -405,19 +399,18 @@ public class DnsKeyAlgorithm {
|
||||
return null;
|
||||
if (!(entry instanceof ECAlgEntry))
|
||||
return null;
|
||||
ECAlgEntry ec_entry = (ECAlgEntry) entry;
|
||||
ECAlgEntry ecEntry = (ECAlgEntry) entry;
|
||||
|
||||
return ec_entry.ecSpec;
|
||||
return ecEntry.ecSpec;
|
||||
}
|
||||
|
||||
/**
|
||||
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the
|
||||
* elliptic curve parameters.
|
||||
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the elliptic
|
||||
* curve parameters.
|
||||
*
|
||||
* @param algorithm
|
||||
* The DNSSEC algorithm number.
|
||||
* @return The stored EdDSAParameterSpec for that algorithm, or
|
||||
* null if not a recognized/supported EdDSA algorithm.
|
||||
* @param algorithm The DNSSEC algorithm number.
|
||||
* @return The stored EdDSAParameterSpec for that algorithm, or null if not a
|
||||
* recognized/supported EdDSA algorithm.
|
||||
*/
|
||||
public EdDSAParameterSpec getEdwardsCurveParams(int algorithm) {
|
||||
AlgEntry entry = getEntry(algorithm);
|
||||
@ -425,17 +418,16 @@ public class DnsKeyAlgorithm {
|
||||
return null;
|
||||
if (!(entry instanceof EdAlgEntry))
|
||||
return null;
|
||||
EdAlgEntry ed_entry = (EdAlgEntry) entry;
|
||||
EdAlgEntry edEntry = (EdAlgEntry) entry;
|
||||
|
||||
return ed_entry.edSpec;
|
||||
return edEntry.edSpec;
|
||||
}
|
||||
|
||||
/**
|
||||
* Translate a possible algorithm alias back to the original DNSSEC algorithm
|
||||
* number
|
||||
*
|
||||
* @param algorithm
|
||||
* a DNSSEC algorithm that may be an alias.
|
||||
* @param algorithm a DNSSEC algorithm that may be an alias.
|
||||
* @return -1 if the algorithm isn't recognised, the orignal algorithm number
|
||||
* if it is.
|
||||
*/
|
||||
@ -461,8 +453,7 @@ public class DnsKeyAlgorithm {
|
||||
* Given an algorithm mnemonic, convert the mnemonic to a DNSSEC algorithm
|
||||
* number.
|
||||
*
|
||||
* @param s
|
||||
* The mnemonic string. This is case-insensitive.
|
||||
* @param s The mnemonic string. This is case-insensitive.
|
||||
* @return -1 if the mnemonic isn't recognized or supported, the algorithm
|
||||
* number if it is.
|
||||
*/
|
||||
@ -476,8 +467,7 @@ public class DnsKeyAlgorithm {
|
||||
/**
|
||||
* Given a DNSSEC algorithm number, return the "preferred" mnemonic.
|
||||
*
|
||||
* @param algorithm
|
||||
* A DNSSEC algorithm number.
|
||||
* @param algorithm A DNSSEC algorithm number.
|
||||
* @return The preferred mnemonic string, or null if not supported or
|
||||
* recognized.
|
||||
*/
|
||||
@ -505,14 +495,14 @@ public class DnsKeyAlgorithm {
|
||||
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
|
||||
}
|
||||
|
||||
RSAKeyGenParameterSpec rsa_spec;
|
||||
RSAKeyGenParameterSpec rsaSpec;
|
||||
if (useLargeExp) {
|
||||
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
|
||||
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
|
||||
} else {
|
||||
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
|
||||
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
|
||||
}
|
||||
try {
|
||||
mRSAKeyGenerator.initialize(rsa_spec);
|
||||
mRSAKeyGenerator.initialize(rsaSpec);
|
||||
} catch (InvalidAlgorithmParameterException e) {
|
||||
// Fold the InvalidAlgorithmParameterException into our existing
|
||||
// thrown exception. Ugly, but requires less code change.
|
||||
|
@ -154,10 +154,10 @@ public class DnsKeyConverter {
|
||||
|
||||
private DNSKEYRecord generateEdDSADNSKEYRecord(Name name, int dclass, long ttl,
|
||||
int flags, int alg, PublicKey key) {
|
||||
EdDSAPublicKey ed_key = (EdDSAPublicKey) key;
|
||||
byte[] key_data = ed_key.getAbyte();
|
||||
EdDSAPublicKey edKey = (EdDSAPublicKey) key;
|
||||
byte[] keyData = edKey.getAbyte();
|
||||
return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg,
|
||||
key_data);
|
||||
keyData);
|
||||
}
|
||||
// Private Key Specific Parsing routines
|
||||
|
||||
@ -272,12 +272,12 @@ public class DnsKeyConverter {
|
||||
private PrivateKey parsePrivateRSA(StringTokenizer lines)
|
||||
throws NoSuchAlgorithmException {
|
||||
BigInteger modulus = null;
|
||||
BigInteger public_exponent = null;
|
||||
BigInteger private_exponent = null;
|
||||
BigInteger prime_p = null;
|
||||
BigInteger prime_q = null;
|
||||
BigInteger prime_p_exponent = null;
|
||||
BigInteger prime_q_exponent = null;
|
||||
BigInteger publicExponent = null;
|
||||
BigInteger privateExponent = null;
|
||||
BigInteger primeP = null;
|
||||
BigInteger primeQ = null;
|
||||
BigInteger primePExponent = null;
|
||||
BigInteger primeQExponent = null;
|
||||
BigInteger coefficient = null;
|
||||
|
||||
while (lines.hasMoreTokens()) {
|
||||
@ -296,33 +296,28 @@ public class DnsKeyConverter {
|
||||
|
||||
if (line.startsWith("Modulus: ")) {
|
||||
modulus = new BigInteger(1, data);
|
||||
// printBigIntCompare(data, modulus);
|
||||
} else if (line.startsWith("PublicExponent: ")) {
|
||||
public_exponent = new BigInteger(1, data);
|
||||
// printBigIntCompare(data, public_exponent);
|
||||
publicExponent = new BigInteger(1, data);
|
||||
} else if (line.startsWith("PrivateExponent: ")) {
|
||||
private_exponent = new BigInteger(1, data);
|
||||
// printBigIntCompare(data, private_exponent);
|
||||
privateExponent = new BigInteger(1, data);
|
||||
} else if (line.startsWith("Prime1: ")) {
|
||||
prime_p = new BigInteger(1, data);
|
||||
// printBigIntCompare(data, prime_p);
|
||||
primeP = new BigInteger(1, data);
|
||||
} else if (line.startsWith("Prime2: ")) {
|
||||
prime_q = new BigInteger(1, data);
|
||||
// printBigIntCompare(data, prime_q);
|
||||
primeQ = new BigInteger(1, data);
|
||||
} else if (line.startsWith("Exponent1: ")) {
|
||||
prime_p_exponent = new BigInteger(1, data);
|
||||
primePExponent = new BigInteger(1, data);
|
||||
} else if (line.startsWith("Exponent2: ")) {
|
||||
prime_q_exponent = new BigInteger(1, data);
|
||||
primeQExponent = new BigInteger(1, data);
|
||||
} else if (line.startsWith("Coefficient: ")) {
|
||||
coefficient = new BigInteger(1, data);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, public_exponent,
|
||||
private_exponent, prime_p,
|
||||
prime_q, prime_p_exponent,
|
||||
prime_q_exponent, coefficient);
|
||||
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, publicExponent,
|
||||
privateExponent, primeP,
|
||||
primeQ, primePExponent,
|
||||
primeQExponent, coefficient);
|
||||
if (mRSAKeyFactory == null) {
|
||||
mRSAKeyFactory = KeyFactory.getInstance("RSA");
|
||||
}
|
||||
@ -466,13 +461,13 @@ public class DnsKeyConverter {
|
||||
if (mECKeyFactory == null) {
|
||||
mECKeyFactory = KeyFactory.getInstance("EC");
|
||||
}
|
||||
ECParameterSpec ec_spec = mAlgorithms.getEllipticCurveParams(algorithm);
|
||||
if (ec_spec == null) {
|
||||
ECParameterSpec ecSpec = mAlgorithms.getEllipticCurveParams(algorithm);
|
||||
if (ecSpec == null) {
|
||||
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
||||
" is not a recognized Elliptic Curve algorithm");
|
||||
}
|
||||
|
||||
KeySpec spec = new ECPrivateKeySpec(s, ec_spec);
|
||||
KeySpec spec = new ECPrivateKeySpec(s, ecSpec);
|
||||
|
||||
try {
|
||||
return mECKeyFactory.generatePrivate(spec);
|
||||
@ -516,13 +511,13 @@ public class DnsKeyConverter {
|
||||
if (mEdKeyFactory == null) {
|
||||
mEdKeyFactory = KeyFactory.getInstance("EdDSA");
|
||||
}
|
||||
EdDSAParameterSpec ed_spec = mAlgorithms.getEdwardsCurveParams(algorithm);
|
||||
if (ed_spec == null) {
|
||||
EdDSAParameterSpec edSpec = mAlgorithms.getEdwardsCurveParams(algorithm);
|
||||
if (edSpec == null) {
|
||||
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
||||
" is not a recognized Edwards Curve algorithm");
|
||||
}
|
||||
|
||||
KeySpec spec = new EdDSAPrivateKeySpec(seed, ed_spec);
|
||||
KeySpec spec = new EdDSAPrivateKeySpec(seed, edSpec);
|
||||
|
||||
try {
|
||||
return mEdKeyFactory.generatePrivate(spec);
|
||||
@ -556,16 +551,16 @@ public class DnsKeyConverter {
|
||||
* Convert from 'unsigned' big integer to original 'signed format' in Base64
|
||||
*/
|
||||
private static String b64BigInt(BigInteger i) {
|
||||
byte[] orig_bytes = i.toByteArray();
|
||||
byte[] origBytes = i.toByteArray();
|
||||
|
||||
if (orig_bytes[0] != 0 || orig_bytes.length == 1) {
|
||||
return base64.toString(orig_bytes);
|
||||
if (origBytes[0] != 0 || origBytes.length == 1) {
|
||||
return base64.toString(origBytes);
|
||||
}
|
||||
|
||||
byte[] signed_bytes = new byte[orig_bytes.length - 1];
|
||||
System.arraycopy(orig_bytes, 1, signed_bytes, 0, signed_bytes.length);
|
||||
byte[] signedBytes = new byte[origBytes.length - 1];
|
||||
System.arraycopy(origBytes, 1, signedBytes, 0, signedBytes.length);
|
||||
|
||||
return base64.toString(signed_bytes);
|
||||
return base64.toString(signedBytes);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -264,11 +264,12 @@ public class DnsKeyPair {
|
||||
* @throws NoSuchAlgorithmException
|
||||
*/
|
||||
public Signature getVerifier() {
|
||||
if (mVerifier != null) return mVerifier;
|
||||
|
||||
if (mVerifier != null)
|
||||
return mVerifier;
|
||||
|
||||
mVerifier = getSignature();
|
||||
PublicKey pk = getPublic();
|
||||
|
||||
|
||||
if (mVerifier == null || pk == null) {
|
||||
log.warning("Could not get a Signature object for this key pair" + this);
|
||||
return null;
|
||||
@ -330,15 +331,16 @@ public class DnsKeyPair {
|
||||
return -1;
|
||||
}
|
||||
|
||||
// This is from a StackOverflow answer. There are number of bytes-to-hex
|
||||
// This is from a StackOverflow answer. There are number of bytes-to-hex
|
||||
// converters in the ecosystem, but this avoid extra dependencies
|
||||
private static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
|
||||
|
||||
public static String toHex(byte[] bytes) {
|
||||
byte[] hexChars = new byte[bytes.length * 2];
|
||||
for (int j = 0; j < bytes.length; j++) {
|
||||
int v = bytes[j] & 0xFF;
|
||||
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
|
||||
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
|
||||
int v = bytes[j] & 0xFF;
|
||||
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
|
||||
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
|
||||
}
|
||||
return new String(hexChars, StandardCharsets.UTF_8);
|
||||
}
|
||||
|
@ -238,13 +238,13 @@ public class DnsSecVerifier {
|
||||
for (DnsKeyPair keypair : keypairs) {
|
||||
Signature signer = keypair.getVerifier();
|
||||
signer.update(data);
|
||||
|
||||
|
||||
byte[] sig = sigrec.getSignature();
|
||||
|
||||
|
||||
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.BaseAlgorithm.DSA) {
|
||||
sig = SignUtils.convertDSASignature(sig);
|
||||
}
|
||||
|
||||
|
||||
if (sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 ||
|
||||
sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) {
|
||||
sig = SignUtils.convertECDSASignature(sig);
|
||||
|
@ -88,10 +88,12 @@ public class ZoneVerifier {
|
||||
public boolean equals(Object o) {
|
||||
return super.equals(o);
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
return super.hashCode();
|
||||
}
|
||||
|
||||
boolean getMark() {
|
||||
return mIsMarked;
|
||||
}
|
||||
@ -148,7 +150,8 @@ public class ZoneVerifier {
|
||||
/**
|
||||
* Add a record to the various maps.
|
||||
*
|
||||
* @return true if the RR was added, false if it wasn't (because it was a duplicate)
|
||||
* @return true if the RR was added, false if it wasn't (because it was a
|
||||
* duplicate)
|
||||
*/
|
||||
private boolean addRR(Record r) {
|
||||
Name n = r.getName();
|
||||
@ -206,7 +209,7 @@ public class ZoneVerifier {
|
||||
* Given an unsorted list of records, load the node and rrset maps, as well as
|
||||
* determine the NSEC3 parameters and signing type.
|
||||
*
|
||||
* @param records
|
||||
* @param records an unsorted list of {@link org.xbill.DNS.Record} objects.
|
||||
* @return the number of errors encountered.
|
||||
*/
|
||||
private int calculateNodes(List<Record> records) {
|
||||
@ -251,7 +254,7 @@ public class ZoneVerifier {
|
||||
* Given a name, typeset, and name of the last zone cut, determine the node
|
||||
* type.
|
||||
*/
|
||||
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name last_cut) {
|
||||
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name lastCut) {
|
||||
// All RRs at the zone apex are normal
|
||||
if (n.equals(mZoneName))
|
||||
return NodeType.NORMAL;
|
||||
@ -263,7 +266,7 @@ public class ZoneVerifier {
|
||||
}
|
||||
// If the node is below a zone cut (either a delegation or DNAME), it is
|
||||
// glue.
|
||||
if (last_cut != null && n.subdomain(last_cut) && !n.equals(last_cut)) {
|
||||
if (lastCut != null && n.subdomain(lastCut) && !n.equals(lastCut)) {
|
||||
return NodeType.GLUE;
|
||||
}
|
||||
|
||||
@ -294,13 +297,13 @@ public class ZoneVerifier {
|
||||
*/
|
||||
private int processNodes() throws NoSuchAlgorithmException, TextParseException {
|
||||
int errors = 0;
|
||||
Name last_cut = null;
|
||||
Name lastCut = null;
|
||||
|
||||
for (Map.Entry<Name, Set<Integer>> entry : mNodeMap.entrySet()) {
|
||||
Name n = entry.getKey();
|
||||
Set<Integer> typeset = entry.getValue();
|
||||
|
||||
NodeType ntype = determineNodeType(n, typeset, last_cut);
|
||||
NodeType ntype = determineNodeType(n, typeset, lastCut);
|
||||
log.finest("Node " + n + " is type " + ntype);
|
||||
|
||||
// we can ignore glue/invalid RRs.
|
||||
@ -309,7 +312,7 @@ public class ZoneVerifier {
|
||||
|
||||
// record the last zone cut if this node is a zone cut.
|
||||
if (ntype == NodeType.DELEGATION || typeset.contains(Type.DNAME)) {
|
||||
last_cut = n;
|
||||
lastCut = n;
|
||||
}
|
||||
|
||||
// check all of the RRsets that should be signed
|
||||
|
Loading…
Reference in New Issue
Block a user