sonarlint and formatting for the rest
This commit is contained in:
parent
15eb319b26
commit
1e342b1fb6
@ -71,7 +71,8 @@ public class DSTool extends CLBase {
|
|||||||
protected void setupOptions(Options opts) {
|
protected void setupOptions(Options opts) {
|
||||||
opts.addOption(Option.builder("D").longOpt("dlv").desc("Generate a DLV record instead.").build());
|
opts.addOption(Option.builder("D").longOpt("dlv").desc("Generate a DLV record instead.").build());
|
||||||
opts.addOption(Option.builder("C").longOpt("cds").desc("Generate a CDS record instead").build());
|
opts.addOption(Option.builder("C").longOpt("cds").desc("Generate a CDS record instead").build());
|
||||||
opts.addOption(Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
|
opts.addOption(
|
||||||
|
Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
|
||||||
opts.addOption(Option.builder("f").hasArg().argName("file").longOpt("output").desc("output to file").build());
|
opts.addOption(Option.builder("f").hasArg().argName("file").longOpt("output").desc("output to file").build());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -120,9 +121,9 @@ public class DSTool extends CLBase {
|
|||||||
log.fine("creating CDS.");
|
log.fine("creating CDS.");
|
||||||
CDSRecord cds = new CDSRecord(ds.getName(), ds.getDClass(), ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
|
CDSRecord cds = new CDSRecord(ds.getName(), ds.getDClass(), ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
|
||||||
ds.getDClass(), ds.getDigest());
|
ds.getDClass(), ds.getDigest());
|
||||||
res = cds;
|
res = cds;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (state.outputfile != null && !state.outputfile.equals("-")) {
|
if (state.outputfile != null && !state.outputfile.equals("-")) {
|
||||||
try (PrintWriter out = new PrintWriter(new FileWriter(state.outputfile))) {
|
try (PrintWriter out = new PrintWriter(new FileWriter(state.outputfile))) {
|
||||||
out.println(res);
|
out.println(res);
|
||||||
|
@ -75,10 +75,14 @@ public class SignKeyset extends CLBase {
|
|||||||
opts.addOption("a", "verify", false, "verify generated signatures>");
|
opts.addOption("a", "verify", false, "verify generated signatures>");
|
||||||
|
|
||||||
// Argument options
|
// Argument options
|
||||||
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory").desc("directory where key files are found (default '.').").build());
|
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory")
|
||||||
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time").desc("signature starting time (default is now - 1 hour)").build());
|
.desc("directory where key files are found (default '.').").build());
|
||||||
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time").desc("signature expiration time (default is start-time + 30 days)").build());
|
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time")
|
||||||
opts.addOption(Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
|
.desc("signature starting time (default is now - 1 hour)").build());
|
||||||
|
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time")
|
||||||
|
.desc("signature expiration time (default is start-time + 30 days)").build());
|
||||||
|
opts.addOption(
|
||||||
|
Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -129,11 +133,9 @@ public class SignKeyset extends CLBase {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Verify the generated signatures.
|
* Verify the generated signatures.
|
||||||
*
|
*
|
||||||
* @param records
|
* @param records a list of {@link org.xbill.DNS.Record}s.
|
||||||
* a list of {@link org.xbill.DNS.Record}s.
|
* @param keypairs a list of keypairs used the sign the zone.
|
||||||
* @param keypairs
|
|
||||||
* a list of keypairs used the sign the zone.
|
|
||||||
* @return true if all of the signatures validated.
|
* @return true if all of the signatures validated.
|
||||||
*/
|
*/
|
||||||
private static boolean verifySigs(List<Record> records,
|
private static boolean verifySigs(List<Record> records,
|
||||||
@ -168,16 +170,13 @@ public class SignKeyset extends CLBase {
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* Load the key pairs from the key files.
|
* Load the key pairs from the key files.
|
||||||
*
|
*
|
||||||
* @param keyfiles
|
* @param keyfiles a string array containing the base names or paths of the
|
||||||
* a string array containing the base names or paths of the
|
* keys to be loaded.
|
||||||
* keys
|
* @param startIndex the starting index of keyfiles string array to use. This
|
||||||
* to be loaded.
|
* allows us to use the straight command line argument
|
||||||
* @param startIndex
|
* array.
|
||||||
* the starting index of keyfiles string array to use. This
|
* @param inDirectory the directory to look in (may be null).
|
||||||
* allows us to use the straight command line argument array.
|
|
||||||
* @param inDirectory
|
|
||||||
* the directory to look in (may be null).
|
|
||||||
* @return a list of keypair objects.
|
* @return a list of keypair objects.
|
||||||
*/
|
*/
|
||||||
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
||||||
@ -244,8 +243,8 @@ public class SignKeyset extends CLBase {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Make sure that all records are DNSKEYs with the same name.
|
// Make sure that all records are DNSKEYs with the same name.
|
||||||
Name keysetName = null;
|
Name keysetName = null;
|
||||||
RRset keyset = new RRset();
|
RRset keyset = new RRset();
|
||||||
|
|
||||||
for (Record r : records) {
|
for (Record r : records) {
|
||||||
if (r.getType() != Type.DNSKEY) {
|
if (r.getType() != Type.DNSKEY) {
|
||||||
|
@ -55,14 +55,14 @@ public class SignRRset extends CLBase {
|
|||||||
* This is an inner class used to hold all of the command line option state.
|
* This is an inner class used to hold all of the command line option state.
|
||||||
*/
|
*/
|
||||||
protected static class CLIState extends CLIStateBase {
|
protected static class CLIState extends CLIStateBase {
|
||||||
private File keyDirectory = null;
|
private File keyDirectory = null;
|
||||||
public String[] keyFiles = null;
|
public String[] keyFiles = null;
|
||||||
public Instant start = null;
|
public Instant start = null;
|
||||||
public Instant expire = null;
|
public Instant expire = null;
|
||||||
public String inputfile = null;
|
public String inputfile = null;
|
||||||
public String outputfile = null;
|
public String outputfile = null;
|
||||||
public boolean verifySigs = false;
|
public boolean verifySigs = false;
|
||||||
public boolean verboseSigning = false;
|
public boolean verboseSigning = false;
|
||||||
|
|
||||||
public CLIState() {
|
public CLIState() {
|
||||||
super("jdnssec-signrrset [..options..] rrset_file key_file [key_file ...]");
|
super("jdnssec-signrrset [..options..] rrset_file key_file [key_file ...]");
|
||||||
@ -137,10 +137,8 @@ public class SignRRset extends CLBase {
|
|||||||
/**
|
/**
|
||||||
* Verify the generated signatures.
|
* Verify the generated signatures.
|
||||||
*
|
*
|
||||||
* @param records
|
* @param records a list of {@link org.xbill.DNS.Record}s.
|
||||||
* a list of {@link org.xbill.DNS.Record}s.
|
* @param keypairs a list of keypairs used the sign the zone.
|
||||||
* @param keypairs
|
|
||||||
* a list of keypairs used the sign the zone.
|
|
||||||
* @return true if all of the signatures validated.
|
* @return true if all of the signatures validated.
|
||||||
*/
|
*/
|
||||||
private static boolean verifySigs(List<Record> records, List<DnsKeyPair> keypairs) {
|
private static boolean verifySigs(List<Record> records, List<DnsKeyPair> keypairs) {
|
||||||
@ -176,15 +174,12 @@ public class SignRRset extends CLBase {
|
|||||||
/**
|
/**
|
||||||
* Load the key pairs from the key files.
|
* Load the key pairs from the key files.
|
||||||
*
|
*
|
||||||
* @param keyfiles
|
* @param keyfiles a string array containing the base names or paths of the
|
||||||
* a string array containing the base names or paths of the
|
* keys to be loaded.
|
||||||
* keys
|
* @param startIndex the starting index of keyfiles string array to use. This
|
||||||
* to be loaded.
|
* allows us to use the straight command line argument
|
||||||
* @param startIndex
|
* array.
|
||||||
* the starting index of keyfiles string array to use. This
|
* @param inDirectory the directory to look in (may be null).
|
||||||
* allows us to use the straight command line argument array.
|
|
||||||
* @param inDirectory
|
|
||||||
* the directory to look in (may be null).
|
|
||||||
* @return a list of keypair objects.
|
* @return a list of keypair objects.
|
||||||
*/
|
*/
|
||||||
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
|
||||||
|
@ -100,7 +100,6 @@ public class ZoneFormat extends CLBase {
|
|||||||
|
|
||||||
private static void formatZone(List<Record> zone) {
|
private static void formatZone(List<Record> zone) {
|
||||||
|
|
||||||
|
|
||||||
for (Record r : zone) {
|
for (Record r : zone) {
|
||||||
System.out.println(r.toString());
|
System.out.println(r.toString());
|
||||||
}
|
}
|
||||||
|
@ -107,17 +107,12 @@ public class BINDKeyUtils {
|
|||||||
* Given the information necessary to construct the path to a BIND9 generated
|
* Given the information necessary to construct the path to a BIND9 generated
|
||||||
* key pair, load the key pair.
|
* key pair, load the key pair.
|
||||||
*
|
*
|
||||||
* @param signer
|
* @param signer the DNS name of the key.
|
||||||
* the DNS name of the key.
|
* @param algorithm the DNSSEC algorithm of the key.
|
||||||
* @param algorithm
|
* @param keyid the DNSSEC key footprint.
|
||||||
* the DNSSEC algorithm of the key.
|
* @param inDirectory the directory to look for the files (may be null).
|
||||||
* @param keyid
|
|
||||||
* the DNSSEC key footprint.
|
|
||||||
* @param inDirectory
|
|
||||||
* the directory to look for the files (may be null).
|
|
||||||
* @return the loaded key pair.
|
* @return the loaded key pair.
|
||||||
* @throws IOException
|
* @throws IOException if there was a problem reading the BIND9 files.
|
||||||
* if there was a problem reading the BIND9 files.
|
|
||||||
*/
|
*/
|
||||||
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
|
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
|
||||||
File inDirectory) throws IOException {
|
File inDirectory) throws IOException {
|
||||||
@ -129,16 +124,12 @@ public class BINDKeyUtils {
|
|||||||
/**
|
/**
|
||||||
* Given a base path to a BIND9 key pair, load the key pair.
|
* Given a base path to a BIND9 key pair, load the key pair.
|
||||||
*
|
*
|
||||||
* @param keyFileBasePath
|
* @param keyFileBasePath the base filename (or real filename for either the
|
||||||
* the base filename (or real filename for either the
|
* public or private key) of the key.
|
||||||
* public or
|
* @param inDirectory the directory to look in, if the keyFileBasePath is
|
||||||
* private key) of the key.
|
|
||||||
* @param inDirectory
|
|
||||||
* the directory to look in, if the keyFileBasePath is
|
|
||||||
* relative.
|
* relative.
|
||||||
* @return the loaded key pair.
|
* @return the loaded key pair.
|
||||||
* @throws IOException
|
* @throws IOException if there was a problem reading the files
|
||||||
* if there was a problem reading the files
|
|
||||||
*/
|
*/
|
||||||
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
|
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
@ -163,15 +154,12 @@ public class BINDKeyUtils {
|
|||||||
* Given a base path to a BIND9 key pair, load the public part (only) of the
|
* Given a base path to a BIND9 key pair, load the public part (only) of the
|
||||||
* key pair
|
* key pair
|
||||||
*
|
*
|
||||||
* @param keyFileBasePath
|
* @param keyFileBasePath the base or real path to the public part of a key
|
||||||
* the base or real path to the public part of a key
|
|
||||||
* pair.
|
* pair.
|
||||||
* @param inDirectory
|
* @param inDirectory the directory to look in if the path is relative
|
||||||
* the directory to look in if the path is relative (may
|
* (may be null).
|
||||||
* be null).
|
|
||||||
* @return a {@link DnsKeyPair} containing just the public key information.
|
* @return a {@link DnsKeyPair} containing just the public key information.
|
||||||
* @throws IOException
|
* @throws IOException if there was a problem reading the public key file.
|
||||||
* if there was a problem reading the public key file.
|
|
||||||
*/
|
*/
|
||||||
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
|
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
@ -191,15 +179,11 @@ public class BINDKeyUtils {
|
|||||||
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
|
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
|
||||||
* keyset may be signed, but doesn't have to be.
|
* keyset may be signed, but doesn't have to be.
|
||||||
*
|
*
|
||||||
* @param keysetFileName
|
* @param keysetFileName the name of the keyset file.
|
||||||
* the name of the keyset file.
|
* @param inDirectory the directory to look in if the path is relative (may
|
||||||
* @param inDirectory
|
* be null, defaults to the current working directory).
|
||||||
* the directory to look in if the path is relative (may
|
|
||||||
* be null,
|
|
||||||
* defaults to the current working directory).
|
|
||||||
* @return a RRset contain the KEY records and any associated SIG records.
|
* @return a RRset contain the KEY records and any associated SIG records.
|
||||||
* @throws IOException
|
* @throws IOException if there was a problem reading the keyset file.
|
||||||
* if there was a problem reading the keyset file.
|
|
||||||
*/
|
*/
|
||||||
public static RRset loadKeySet(String keysetFileName, File inDirectory)
|
public static RRset loadKeySet(String keysetFileName, File inDirectory)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
@ -219,8 +203,8 @@ public class BINDKeyUtils {
|
|||||||
/**
|
/**
|
||||||
* Calculate the key file base for this key pair.
|
* Calculate the key file base for this key pair.
|
||||||
*
|
*
|
||||||
* @param pair
|
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
|
||||||
* the {@link DnsKeyPair} to work from. It only needs a public key.
|
* key.
|
||||||
* @return the base name of the key files.
|
* @return the base name of the key files.
|
||||||
*/
|
*/
|
||||||
public static String keyFileBase(DnsKeyPair pair) {
|
public static String keyFileBase(DnsKeyPair pair) {
|
||||||
@ -260,8 +244,7 @@ public class BINDKeyUtils {
|
|||||||
* Given a the contents of a BIND9 private key file, convert it into a native
|
* Given a the contents of a BIND9 private key file, convert it into a native
|
||||||
* {@link java.security.PrivateKey} object.
|
* {@link java.security.PrivateKey} object.
|
||||||
*
|
*
|
||||||
* @param privateKeyString
|
* @param privateKeyString the contents of a BIND9 key file in string form.
|
||||||
* the contents of a BIND9 key file in string form.
|
|
||||||
* @return a {@link java.security.PrivateKey}
|
* @return a {@link java.security.PrivateKey}
|
||||||
*/
|
*/
|
||||||
public static PrivateKey convertPrivateKeyString(String privateKeyString) {
|
public static PrivateKey convertPrivateKeyString(String privateKeyString) {
|
||||||
@ -284,10 +267,8 @@ public class BINDKeyUtils {
|
|||||||
* Given a native private key, convert it into a BIND9 private key file
|
* Given a native private key, convert it into a BIND9 private key file
|
||||||
* format.
|
* format.
|
||||||
*
|
*
|
||||||
* @param priv
|
* @param priv the private key to convert.
|
||||||
* the private key to convert.
|
* @param pub the private key's corresponding public key. Some algorithms
|
||||||
* @param pub
|
|
||||||
* the private key's corresponding public key. Some algorithms
|
|
||||||
* require information from both.
|
* require information from both.
|
||||||
* @return a string containing the contents of a BIND9 private key file.
|
* @return a string containing the contents of a BIND9 private key file.
|
||||||
*/
|
*/
|
||||||
@ -328,16 +309,11 @@ public class BINDKeyUtils {
|
|||||||
/**
|
/**
|
||||||
* This routine will write out the BIND9 dnssec-* tool compatible files.
|
* This routine will write out the BIND9 dnssec-* tool compatible files.
|
||||||
*
|
*
|
||||||
* @param baseFileName
|
* @param baseFileName use this base file name. If null, the standard BIND9
|
||||||
* use this base file name. If null, the standard BIND9 base
|
* base file name will be computed.
|
||||||
* file
|
* @param pair the keypair in question.
|
||||||
* name will be computed.
|
* @param inDirectory the directory to write to (may be null).
|
||||||
* @param pair
|
* @throws IOException if there is a problem writing the files.
|
||||||
* the keypair in question.
|
|
||||||
* @param inDirectory
|
|
||||||
* the directory to write to (may be null).
|
|
||||||
* @throws IOException
|
|
||||||
* if there is a problem writing the files.
|
|
||||||
*/
|
*/
|
||||||
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
|
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
|
||||||
File inDirectory) throws IOException {
|
File inDirectory) throws IOException {
|
||||||
@ -370,10 +346,8 @@ public class BINDKeyUtils {
|
|||||||
* This routine will write out the BIND9 dnssec-* tool compatible files to the
|
* This routine will write out the BIND9 dnssec-* tool compatible files to the
|
||||||
* standard file names.
|
* standard file names.
|
||||||
*
|
*
|
||||||
* @param pair
|
* @param pair the key pair in question.
|
||||||
* the key pair in question.
|
* @param inDirectory the directory to write to (may be null).
|
||||||
* @param inDirectory
|
|
||||||
* the directory to write to (may be null).
|
|
||||||
*/
|
*/
|
||||||
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
|
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
|
||||||
throws IOException {
|
throws IOException {
|
||||||
|
@ -27,7 +27,7 @@ import java.util.logging.Logger;
|
|||||||
* @author David Blacka
|
* @author David Blacka
|
||||||
*/
|
*/
|
||||||
public class ByteArrayComparator implements Comparator<byte[]> {
|
public class ByteArrayComparator implements Comparator<byte[]> {
|
||||||
private int mOffset = 0;
|
private int mOffset = 0;
|
||||||
private boolean mDebug = false;
|
private boolean mDebug = false;
|
||||||
private Logger log;
|
private Logger log;
|
||||||
|
|
||||||
|
@ -279,19 +279,19 @@ public class DnsKeyAlgorithm {
|
|||||||
mIdToMnemonicMap.computeIfAbsent(alg, k -> m);
|
mIdToMnemonicMap.computeIfAbsent(alg, k -> m);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void addAlias(int alias, String mnemonic, int original_algorithm) {
|
public void addAlias(int alias, String mnemonic, int origAlgorithm) {
|
||||||
if (mAlgorithmMap.containsKey(alias)) {
|
if (mAlgorithmMap.containsKey(alias)) {
|
||||||
log.warning("Unable to alias algorithm " + alias + " because it already exists.");
|
log.warning("Unable to alias algorithm " + alias + " because it already exists.");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!mAlgorithmMap.containsKey(original_algorithm)) {
|
if (!mAlgorithmMap.containsKey(origAlgorithm)) {
|
||||||
log.warning("Unable to alias algorithm " + alias
|
log.warning("Unable to alias algorithm " + alias
|
||||||
+ " to unknown algorithm identifier " + original_algorithm);
|
+ " to unknown algorithm identifier " + origAlgorithm);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
mAlgorithmMap.put(alias, mAlgorithmMap.get(original_algorithm));
|
mAlgorithmMap.put(alias, mAlgorithmMap.get(origAlgorithm));
|
||||||
|
|
||||||
if (mnemonic != null) {
|
if (mnemonic != null) {
|
||||||
addMnemonic(mnemonic, alias);
|
addMnemonic(mnemonic, alias);
|
||||||
@ -325,8 +325,8 @@ public class DnsKeyAlgorithm {
|
|||||||
private ECParameterSpec ECSpecFromName(String stdName) {
|
private ECParameterSpec ECSpecFromName(String stdName) {
|
||||||
try {
|
try {
|
||||||
AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
|
AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
|
||||||
ECGenParameterSpec ecg_spec = new ECGenParameterSpec(stdName);
|
ECGenParameterSpec ecgSpec = new ECGenParameterSpec(stdName);
|
||||||
ap.init(ecg_spec);
|
ap.init(ecgSpec);
|
||||||
return ap.getParameterSpec(ECParameterSpec.class);
|
return ap.getParameterSpec(ECParameterSpec.class);
|
||||||
} catch (NoSuchAlgorithmException e) {
|
} catch (NoSuchAlgorithmException e) {
|
||||||
log.info("Elliptic Curve not supported by any crypto provider: " + e.getMessage());
|
log.info("Elliptic Curve not supported by any crypto provider: " + e.getMessage());
|
||||||
@ -343,12 +343,7 @@ public class DnsKeyAlgorithm {
|
|||||||
if (spec != null)
|
if (spec != null)
|
||||||
return spec;
|
return spec;
|
||||||
throw new InvalidParameterSpecException("Edwards Curve " + stdName + " not found.");
|
throw new InvalidParameterSpecException("Edwards Curve " + stdName + " not found.");
|
||||||
}
|
} catch (InvalidParameterSpecException e) {
|
||||||
// catch (NoSuchAlgorithmException e) {
|
|
||||||
// log.info("Edwards Curve not supported by any crypto provider: " +
|
|
||||||
// e.getMessage());
|
|
||||||
// }
|
|
||||||
catch (InvalidParameterSpecException e) {
|
|
||||||
log.info("Edwards Curve " + stdName + " not supported");
|
log.info("Edwards Curve " + stdName + " not supported");
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
@ -391,11 +386,10 @@ public class DnsKeyAlgorithm {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return
|
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return the
|
||||||
* the elliptic curve parameters.
|
* elliptic curve parameters.
|
||||||
*
|
*
|
||||||
* @param algorithm
|
* @param algorithm The DNSSEC algorithm number.
|
||||||
* The DNSSEC algorithm number.
|
|
||||||
* @return The calculated JCA ECParameterSpec for that DNSSEC algorithm, or
|
* @return The calculated JCA ECParameterSpec for that DNSSEC algorithm, or
|
||||||
* null if not a recognized/supported EC algorithm.
|
* null if not a recognized/supported EC algorithm.
|
||||||
*/
|
*/
|
||||||
@ -405,19 +399,18 @@ public class DnsKeyAlgorithm {
|
|||||||
return null;
|
return null;
|
||||||
if (!(entry instanceof ECAlgEntry))
|
if (!(entry instanceof ECAlgEntry))
|
||||||
return null;
|
return null;
|
||||||
ECAlgEntry ec_entry = (ECAlgEntry) entry;
|
ECAlgEntry ecEntry = (ECAlgEntry) entry;
|
||||||
|
|
||||||
return ec_entry.ecSpec;
|
return ecEntry.ecSpec;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the
|
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the elliptic
|
||||||
* elliptic curve parameters.
|
* curve parameters.
|
||||||
*
|
*
|
||||||
* @param algorithm
|
* @param algorithm The DNSSEC algorithm number.
|
||||||
* The DNSSEC algorithm number.
|
* @return The stored EdDSAParameterSpec for that algorithm, or null if not a
|
||||||
* @return The stored EdDSAParameterSpec for that algorithm, or
|
* recognized/supported EdDSA algorithm.
|
||||||
* null if not a recognized/supported EdDSA algorithm.
|
|
||||||
*/
|
*/
|
||||||
public EdDSAParameterSpec getEdwardsCurveParams(int algorithm) {
|
public EdDSAParameterSpec getEdwardsCurveParams(int algorithm) {
|
||||||
AlgEntry entry = getEntry(algorithm);
|
AlgEntry entry = getEntry(algorithm);
|
||||||
@ -425,17 +418,16 @@ public class DnsKeyAlgorithm {
|
|||||||
return null;
|
return null;
|
||||||
if (!(entry instanceof EdAlgEntry))
|
if (!(entry instanceof EdAlgEntry))
|
||||||
return null;
|
return null;
|
||||||
EdAlgEntry ed_entry = (EdAlgEntry) entry;
|
EdAlgEntry edEntry = (EdAlgEntry) entry;
|
||||||
|
|
||||||
return ed_entry.edSpec;
|
return edEntry.edSpec;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Translate a possible algorithm alias back to the original DNSSEC algorithm
|
* Translate a possible algorithm alias back to the original DNSSEC algorithm
|
||||||
* number
|
* number
|
||||||
*
|
*
|
||||||
* @param algorithm
|
* @param algorithm a DNSSEC algorithm that may be an alias.
|
||||||
* a DNSSEC algorithm that may be an alias.
|
|
||||||
* @return -1 if the algorithm isn't recognised, the orignal algorithm number
|
* @return -1 if the algorithm isn't recognised, the orignal algorithm number
|
||||||
* if it is.
|
* if it is.
|
||||||
*/
|
*/
|
||||||
@ -461,8 +453,7 @@ public class DnsKeyAlgorithm {
|
|||||||
* Given an algorithm mnemonic, convert the mnemonic to a DNSSEC algorithm
|
* Given an algorithm mnemonic, convert the mnemonic to a DNSSEC algorithm
|
||||||
* number.
|
* number.
|
||||||
*
|
*
|
||||||
* @param s
|
* @param s The mnemonic string. This is case-insensitive.
|
||||||
* The mnemonic string. This is case-insensitive.
|
|
||||||
* @return -1 if the mnemonic isn't recognized or supported, the algorithm
|
* @return -1 if the mnemonic isn't recognized or supported, the algorithm
|
||||||
* number if it is.
|
* number if it is.
|
||||||
*/
|
*/
|
||||||
@ -476,8 +467,7 @@ public class DnsKeyAlgorithm {
|
|||||||
/**
|
/**
|
||||||
* Given a DNSSEC algorithm number, return the "preferred" mnemonic.
|
* Given a DNSSEC algorithm number, return the "preferred" mnemonic.
|
||||||
*
|
*
|
||||||
* @param algorithm
|
* @param algorithm A DNSSEC algorithm number.
|
||||||
* A DNSSEC algorithm number.
|
|
||||||
* @return The preferred mnemonic string, or null if not supported or
|
* @return The preferred mnemonic string, or null if not supported or
|
||||||
* recognized.
|
* recognized.
|
||||||
*/
|
*/
|
||||||
@ -505,14 +495,14 @@ public class DnsKeyAlgorithm {
|
|||||||
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
|
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
|
||||||
}
|
}
|
||||||
|
|
||||||
RSAKeyGenParameterSpec rsa_spec;
|
RSAKeyGenParameterSpec rsaSpec;
|
||||||
if (useLargeExp) {
|
if (useLargeExp) {
|
||||||
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
|
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
|
||||||
} else {
|
} else {
|
||||||
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
|
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
mRSAKeyGenerator.initialize(rsa_spec);
|
mRSAKeyGenerator.initialize(rsaSpec);
|
||||||
} catch (InvalidAlgorithmParameterException e) {
|
} catch (InvalidAlgorithmParameterException e) {
|
||||||
// Fold the InvalidAlgorithmParameterException into our existing
|
// Fold the InvalidAlgorithmParameterException into our existing
|
||||||
// thrown exception. Ugly, but requires less code change.
|
// thrown exception. Ugly, but requires less code change.
|
||||||
|
@ -154,10 +154,10 @@ public class DnsKeyConverter {
|
|||||||
|
|
||||||
private DNSKEYRecord generateEdDSADNSKEYRecord(Name name, int dclass, long ttl,
|
private DNSKEYRecord generateEdDSADNSKEYRecord(Name name, int dclass, long ttl,
|
||||||
int flags, int alg, PublicKey key) {
|
int flags, int alg, PublicKey key) {
|
||||||
EdDSAPublicKey ed_key = (EdDSAPublicKey) key;
|
EdDSAPublicKey edKey = (EdDSAPublicKey) key;
|
||||||
byte[] key_data = ed_key.getAbyte();
|
byte[] keyData = edKey.getAbyte();
|
||||||
return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg,
|
return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg,
|
||||||
key_data);
|
keyData);
|
||||||
}
|
}
|
||||||
// Private Key Specific Parsing routines
|
// Private Key Specific Parsing routines
|
||||||
|
|
||||||
@ -272,12 +272,12 @@ public class DnsKeyConverter {
|
|||||||
private PrivateKey parsePrivateRSA(StringTokenizer lines)
|
private PrivateKey parsePrivateRSA(StringTokenizer lines)
|
||||||
throws NoSuchAlgorithmException {
|
throws NoSuchAlgorithmException {
|
||||||
BigInteger modulus = null;
|
BigInteger modulus = null;
|
||||||
BigInteger public_exponent = null;
|
BigInteger publicExponent = null;
|
||||||
BigInteger private_exponent = null;
|
BigInteger privateExponent = null;
|
||||||
BigInteger prime_p = null;
|
BigInteger primeP = null;
|
||||||
BigInteger prime_q = null;
|
BigInteger primeQ = null;
|
||||||
BigInteger prime_p_exponent = null;
|
BigInteger primePExponent = null;
|
||||||
BigInteger prime_q_exponent = null;
|
BigInteger primeQExponent = null;
|
||||||
BigInteger coefficient = null;
|
BigInteger coefficient = null;
|
||||||
|
|
||||||
while (lines.hasMoreTokens()) {
|
while (lines.hasMoreTokens()) {
|
||||||
@ -296,33 +296,28 @@ public class DnsKeyConverter {
|
|||||||
|
|
||||||
if (line.startsWith("Modulus: ")) {
|
if (line.startsWith("Modulus: ")) {
|
||||||
modulus = new BigInteger(1, data);
|
modulus = new BigInteger(1, data);
|
||||||
// printBigIntCompare(data, modulus);
|
|
||||||
} else if (line.startsWith("PublicExponent: ")) {
|
} else if (line.startsWith("PublicExponent: ")) {
|
||||||
public_exponent = new BigInteger(1, data);
|
publicExponent = new BigInteger(1, data);
|
||||||
// printBigIntCompare(data, public_exponent);
|
|
||||||
} else if (line.startsWith("PrivateExponent: ")) {
|
} else if (line.startsWith("PrivateExponent: ")) {
|
||||||
private_exponent = new BigInteger(1, data);
|
privateExponent = new BigInteger(1, data);
|
||||||
// printBigIntCompare(data, private_exponent);
|
|
||||||
} else if (line.startsWith("Prime1: ")) {
|
} else if (line.startsWith("Prime1: ")) {
|
||||||
prime_p = new BigInteger(1, data);
|
primeP = new BigInteger(1, data);
|
||||||
// printBigIntCompare(data, prime_p);
|
|
||||||
} else if (line.startsWith("Prime2: ")) {
|
} else if (line.startsWith("Prime2: ")) {
|
||||||
prime_q = new BigInteger(1, data);
|
primeQ = new BigInteger(1, data);
|
||||||
// printBigIntCompare(data, prime_q);
|
|
||||||
} else if (line.startsWith("Exponent1: ")) {
|
} else if (line.startsWith("Exponent1: ")) {
|
||||||
prime_p_exponent = new BigInteger(1, data);
|
primePExponent = new BigInteger(1, data);
|
||||||
} else if (line.startsWith("Exponent2: ")) {
|
} else if (line.startsWith("Exponent2: ")) {
|
||||||
prime_q_exponent = new BigInteger(1, data);
|
primeQExponent = new BigInteger(1, data);
|
||||||
} else if (line.startsWith("Coefficient: ")) {
|
} else if (line.startsWith("Coefficient: ")) {
|
||||||
coefficient = new BigInteger(1, data);
|
coefficient = new BigInteger(1, data);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, public_exponent,
|
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, publicExponent,
|
||||||
private_exponent, prime_p,
|
privateExponent, primeP,
|
||||||
prime_q, prime_p_exponent,
|
primeQ, primePExponent,
|
||||||
prime_q_exponent, coefficient);
|
primeQExponent, coefficient);
|
||||||
if (mRSAKeyFactory == null) {
|
if (mRSAKeyFactory == null) {
|
||||||
mRSAKeyFactory = KeyFactory.getInstance("RSA");
|
mRSAKeyFactory = KeyFactory.getInstance("RSA");
|
||||||
}
|
}
|
||||||
@ -466,13 +461,13 @@ public class DnsKeyConverter {
|
|||||||
if (mECKeyFactory == null) {
|
if (mECKeyFactory == null) {
|
||||||
mECKeyFactory = KeyFactory.getInstance("EC");
|
mECKeyFactory = KeyFactory.getInstance("EC");
|
||||||
}
|
}
|
||||||
ECParameterSpec ec_spec = mAlgorithms.getEllipticCurveParams(algorithm);
|
ECParameterSpec ecSpec = mAlgorithms.getEllipticCurveParams(algorithm);
|
||||||
if (ec_spec == null) {
|
if (ecSpec == null) {
|
||||||
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
||||||
" is not a recognized Elliptic Curve algorithm");
|
" is not a recognized Elliptic Curve algorithm");
|
||||||
}
|
}
|
||||||
|
|
||||||
KeySpec spec = new ECPrivateKeySpec(s, ec_spec);
|
KeySpec spec = new ECPrivateKeySpec(s, ecSpec);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return mECKeyFactory.generatePrivate(spec);
|
return mECKeyFactory.generatePrivate(spec);
|
||||||
@ -516,13 +511,13 @@ public class DnsKeyConverter {
|
|||||||
if (mEdKeyFactory == null) {
|
if (mEdKeyFactory == null) {
|
||||||
mEdKeyFactory = KeyFactory.getInstance("EdDSA");
|
mEdKeyFactory = KeyFactory.getInstance("EdDSA");
|
||||||
}
|
}
|
||||||
EdDSAParameterSpec ed_spec = mAlgorithms.getEdwardsCurveParams(algorithm);
|
EdDSAParameterSpec edSpec = mAlgorithms.getEdwardsCurveParams(algorithm);
|
||||||
if (ed_spec == null) {
|
if (edSpec == null) {
|
||||||
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
|
||||||
" is not a recognized Edwards Curve algorithm");
|
" is not a recognized Edwards Curve algorithm");
|
||||||
}
|
}
|
||||||
|
|
||||||
KeySpec spec = new EdDSAPrivateKeySpec(seed, ed_spec);
|
KeySpec spec = new EdDSAPrivateKeySpec(seed, edSpec);
|
||||||
|
|
||||||
try {
|
try {
|
||||||
return mEdKeyFactory.generatePrivate(spec);
|
return mEdKeyFactory.generatePrivate(spec);
|
||||||
@ -556,16 +551,16 @@ public class DnsKeyConverter {
|
|||||||
* Convert from 'unsigned' big integer to original 'signed format' in Base64
|
* Convert from 'unsigned' big integer to original 'signed format' in Base64
|
||||||
*/
|
*/
|
||||||
private static String b64BigInt(BigInteger i) {
|
private static String b64BigInt(BigInteger i) {
|
||||||
byte[] orig_bytes = i.toByteArray();
|
byte[] origBytes = i.toByteArray();
|
||||||
|
|
||||||
if (orig_bytes[0] != 0 || orig_bytes.length == 1) {
|
if (origBytes[0] != 0 || origBytes.length == 1) {
|
||||||
return base64.toString(orig_bytes);
|
return base64.toString(origBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] signed_bytes = new byte[orig_bytes.length - 1];
|
byte[] signedBytes = new byte[origBytes.length - 1];
|
||||||
System.arraycopy(orig_bytes, 1, signed_bytes, 0, signed_bytes.length);
|
System.arraycopy(origBytes, 1, signedBytes, 0, signedBytes.length);
|
||||||
|
|
||||||
return base64.toString(signed_bytes);
|
return base64.toString(signedBytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -264,11 +264,12 @@ public class DnsKeyPair {
|
|||||||
* @throws NoSuchAlgorithmException
|
* @throws NoSuchAlgorithmException
|
||||||
*/
|
*/
|
||||||
public Signature getVerifier() {
|
public Signature getVerifier() {
|
||||||
if (mVerifier != null) return mVerifier;
|
if (mVerifier != null)
|
||||||
|
return mVerifier;
|
||||||
|
|
||||||
mVerifier = getSignature();
|
mVerifier = getSignature();
|
||||||
PublicKey pk = getPublic();
|
PublicKey pk = getPublic();
|
||||||
|
|
||||||
if (mVerifier == null || pk == null) {
|
if (mVerifier == null || pk == null) {
|
||||||
log.warning("Could not get a Signature object for this key pair" + this);
|
log.warning("Could not get a Signature object for this key pair" + this);
|
||||||
return null;
|
return null;
|
||||||
@ -330,15 +331,16 @@ public class DnsKeyPair {
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
// This is from a StackOverflow answer. There are number of bytes-to-hex
|
// This is from a StackOverflow answer. There are number of bytes-to-hex
|
||||||
// converters in the ecosystem, but this avoid extra dependencies
|
// converters in the ecosystem, but this avoid extra dependencies
|
||||||
private static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
|
private static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
|
||||||
|
|
||||||
public static String toHex(byte[] bytes) {
|
public static String toHex(byte[] bytes) {
|
||||||
byte[] hexChars = new byte[bytes.length * 2];
|
byte[] hexChars = new byte[bytes.length * 2];
|
||||||
for (int j = 0; j < bytes.length; j++) {
|
for (int j = 0; j < bytes.length; j++) {
|
||||||
int v = bytes[j] & 0xFF;
|
int v = bytes[j] & 0xFF;
|
||||||
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
|
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
|
||||||
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
|
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
|
||||||
}
|
}
|
||||||
return new String(hexChars, StandardCharsets.UTF_8);
|
return new String(hexChars, StandardCharsets.UTF_8);
|
||||||
}
|
}
|
||||||
|
@ -238,13 +238,13 @@ public class DnsSecVerifier {
|
|||||||
for (DnsKeyPair keypair : keypairs) {
|
for (DnsKeyPair keypair : keypairs) {
|
||||||
Signature signer = keypair.getVerifier();
|
Signature signer = keypair.getVerifier();
|
||||||
signer.update(data);
|
signer.update(data);
|
||||||
|
|
||||||
byte[] sig = sigrec.getSignature();
|
byte[] sig = sigrec.getSignature();
|
||||||
|
|
||||||
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.BaseAlgorithm.DSA) {
|
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.BaseAlgorithm.DSA) {
|
||||||
sig = SignUtils.convertDSASignature(sig);
|
sig = SignUtils.convertDSASignature(sig);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 ||
|
if (sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 ||
|
||||||
sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) {
|
sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) {
|
||||||
sig = SignUtils.convertECDSASignature(sig);
|
sig = SignUtils.convertECDSASignature(sig);
|
||||||
|
@ -88,10 +88,12 @@ public class ZoneVerifier {
|
|||||||
public boolean equals(Object o) {
|
public boolean equals(Object o) {
|
||||||
return super.equals(o);
|
return super.equals(o);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public int hashCode() {
|
public int hashCode() {
|
||||||
return super.hashCode();
|
return super.hashCode();
|
||||||
}
|
}
|
||||||
|
|
||||||
boolean getMark() {
|
boolean getMark() {
|
||||||
return mIsMarked;
|
return mIsMarked;
|
||||||
}
|
}
|
||||||
@ -148,7 +150,8 @@ public class ZoneVerifier {
|
|||||||
/**
|
/**
|
||||||
* Add a record to the various maps.
|
* Add a record to the various maps.
|
||||||
*
|
*
|
||||||
* @return true if the RR was added, false if it wasn't (because it was a duplicate)
|
* @return true if the RR was added, false if it wasn't (because it was a
|
||||||
|
* duplicate)
|
||||||
*/
|
*/
|
||||||
private boolean addRR(Record r) {
|
private boolean addRR(Record r) {
|
||||||
Name n = r.getName();
|
Name n = r.getName();
|
||||||
@ -206,7 +209,7 @@ public class ZoneVerifier {
|
|||||||
* Given an unsorted list of records, load the node and rrset maps, as well as
|
* Given an unsorted list of records, load the node and rrset maps, as well as
|
||||||
* determine the NSEC3 parameters and signing type.
|
* determine the NSEC3 parameters and signing type.
|
||||||
*
|
*
|
||||||
* @param records
|
* @param records an unsorted list of {@link org.xbill.DNS.Record} objects.
|
||||||
* @return the number of errors encountered.
|
* @return the number of errors encountered.
|
||||||
*/
|
*/
|
||||||
private int calculateNodes(List<Record> records) {
|
private int calculateNodes(List<Record> records) {
|
||||||
@ -251,7 +254,7 @@ public class ZoneVerifier {
|
|||||||
* Given a name, typeset, and name of the last zone cut, determine the node
|
* Given a name, typeset, and name of the last zone cut, determine the node
|
||||||
* type.
|
* type.
|
||||||
*/
|
*/
|
||||||
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name last_cut) {
|
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name lastCut) {
|
||||||
// All RRs at the zone apex are normal
|
// All RRs at the zone apex are normal
|
||||||
if (n.equals(mZoneName))
|
if (n.equals(mZoneName))
|
||||||
return NodeType.NORMAL;
|
return NodeType.NORMAL;
|
||||||
@ -263,7 +266,7 @@ public class ZoneVerifier {
|
|||||||
}
|
}
|
||||||
// If the node is below a zone cut (either a delegation or DNAME), it is
|
// If the node is below a zone cut (either a delegation or DNAME), it is
|
||||||
// glue.
|
// glue.
|
||||||
if (last_cut != null && n.subdomain(last_cut) && !n.equals(last_cut)) {
|
if (lastCut != null && n.subdomain(lastCut) && !n.equals(lastCut)) {
|
||||||
return NodeType.GLUE;
|
return NodeType.GLUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -294,13 +297,13 @@ public class ZoneVerifier {
|
|||||||
*/
|
*/
|
||||||
private int processNodes() throws NoSuchAlgorithmException, TextParseException {
|
private int processNodes() throws NoSuchAlgorithmException, TextParseException {
|
||||||
int errors = 0;
|
int errors = 0;
|
||||||
Name last_cut = null;
|
Name lastCut = null;
|
||||||
|
|
||||||
for (Map.Entry<Name, Set<Integer>> entry : mNodeMap.entrySet()) {
|
for (Map.Entry<Name, Set<Integer>> entry : mNodeMap.entrySet()) {
|
||||||
Name n = entry.getKey();
|
Name n = entry.getKey();
|
||||||
Set<Integer> typeset = entry.getValue();
|
Set<Integer> typeset = entry.getValue();
|
||||||
|
|
||||||
NodeType ntype = determineNodeType(n, typeset, last_cut);
|
NodeType ntype = determineNodeType(n, typeset, lastCut);
|
||||||
log.finest("Node " + n + " is type " + ntype);
|
log.finest("Node " + n + " is type " + ntype);
|
||||||
|
|
||||||
// we can ignore glue/invalid RRs.
|
// we can ignore glue/invalid RRs.
|
||||||
@ -309,7 +312,7 @@ public class ZoneVerifier {
|
|||||||
|
|
||||||
// record the last zone cut if this node is a zone cut.
|
// record the last zone cut if this node is a zone cut.
|
||||||
if (ntype == NodeType.DELEGATION || typeset.contains(Type.DNAME)) {
|
if (ntype == NodeType.DELEGATION || typeset.contains(Type.DNAME)) {
|
||||||
last_cut = n;
|
lastCut = n;
|
||||||
}
|
}
|
||||||
|
|
||||||
// check all of the RRsets that should be signed
|
// check all of the RRsets that should be signed
|
||||||
|
Loading…
Reference in New Issue
Block a user