sonarlint and formatting for the rest

This commit is contained in:
David Blacka 2024-03-29 22:19:58 -04:00
parent 15eb319b26
commit 1e342b1fb6
11 changed files with 149 additions and 191 deletions

View File

@ -71,7 +71,8 @@ public class DSTool extends CLBase {
protected void setupOptions(Options opts) {
opts.addOption(Option.builder("D").longOpt("dlv").desc("Generate a DLV record instead.").build());
opts.addOption(Option.builder("C").longOpt("cds").desc("Generate a CDS record instead").build());
opts.addOption(Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
opts.addOption(
Option.builder("d").hasArg().argName("id").longOpt("digest").desc("The digest algorithm to use").build());
opts.addOption(Option.builder("f").hasArg().argName("file").longOpt("output").desc("output to file").build());
}
@ -120,9 +121,9 @@ public class DSTool extends CLBase {
log.fine("creating CDS.");
CDSRecord cds = new CDSRecord(ds.getName(), ds.getDClass(), ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
ds.getDClass(), ds.getDigest());
res = cds;
res = cds;
}
if (state.outputfile != null && !state.outputfile.equals("-")) {
try (PrintWriter out = new PrintWriter(new FileWriter(state.outputfile))) {
out.println(res);

View File

@ -75,10 +75,14 @@ public class SignKeyset extends CLBase {
opts.addOption("a", "verify", false, "verify generated signatures>");
// Argument options
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory").desc("directory where key files are found (default '.').").build());
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time").desc("signature starting time (default is now - 1 hour)").build());
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time").desc("signature expiration time (default is start-time + 30 days)").build());
opts.addOption(Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
opts.addOption(Option.builder("D").hasArg().argName("dir").longOpt("key-directory")
.desc("directory where key files are found (default '.').").build());
opts.addOption(Option.builder("s").hasArg().argName("time/offset").longOpt("start-time")
.desc("signature starting time (default is now - 1 hour)").build());
opts.addOption(Option.builder("e").hasArg().argName("time/offset").longOpt("expire-time")
.desc("signature expiration time (default is start-time + 30 days)").build());
opts.addOption(
Option.builder("f").hasArg().argName("outfile").desc("file the signed keyset is written to").build());
}
@Override
@ -129,11 +133,9 @@ public class SignKeyset extends CLBase {
/**
* Verify the generated signatures.
*
* @param records
* a list of {@link org.xbill.DNS.Record}s.
* @param keypairs
* a list of keypairs used the sign the zone.
*
* @param records a list of {@link org.xbill.DNS.Record}s.
* @param keypairs a list of keypairs used the sign the zone.
* @return true if all of the signatures validated.
*/
private static boolean verifySigs(List<Record> records,
@ -168,16 +170,13 @@ public class SignKeyset extends CLBase {
/**
* Load the key pairs from the key files.
*
* @param keyfiles
* a string array containing the base names or paths of the
* keys
* to be loaded.
* @param startIndex
* the starting index of keyfiles string array to use. This
* allows us to use the straight command line argument array.
* @param inDirectory
* the directory to look in (may be null).
*
* @param keyfiles a string array containing the base names or paths of the
* keys to be loaded.
* @param startIndex the starting index of keyfiles string array to use. This
* allows us to use the straight command line argument
* array.
* @param inDirectory the directory to look in (may be null).
* @return a list of keypair objects.
*/
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
@ -244,8 +243,8 @@ public class SignKeyset extends CLBase {
}
// Make sure that all records are DNSKEYs with the same name.
Name keysetName = null;
RRset keyset = new RRset();
Name keysetName = null;
RRset keyset = new RRset();
for (Record r : records) {
if (r.getType() != Type.DNSKEY) {

View File

@ -55,14 +55,14 @@ public class SignRRset extends CLBase {
* This is an inner class used to hold all of the command line option state.
*/
protected static class CLIState extends CLIStateBase {
private File keyDirectory = null;
public String[] keyFiles = null;
public Instant start = null;
public Instant expire = null;
public String inputfile = null;
public String outputfile = null;
public boolean verifySigs = false;
public boolean verboseSigning = false;
private File keyDirectory = null;
public String[] keyFiles = null;
public Instant start = null;
public Instant expire = null;
public String inputfile = null;
public String outputfile = null;
public boolean verifySigs = false;
public boolean verboseSigning = false;
public CLIState() {
super("jdnssec-signrrset [..options..] rrset_file key_file [key_file ...]");
@ -137,10 +137,8 @@ public class SignRRset extends CLBase {
/**
* Verify the generated signatures.
*
* @param records
* a list of {@link org.xbill.DNS.Record}s.
* @param keypairs
* a list of keypairs used the sign the zone.
* @param records a list of {@link org.xbill.DNS.Record}s.
* @param keypairs a list of keypairs used the sign the zone.
* @return true if all of the signatures validated.
*/
private static boolean verifySigs(List<Record> records, List<DnsKeyPair> keypairs) {
@ -176,15 +174,12 @@ public class SignRRset extends CLBase {
/**
* Load the key pairs from the key files.
*
* @param keyfiles
* a string array containing the base names or paths of the
* keys
* to be loaded.
* @param startIndex
* the starting index of keyfiles string array to use. This
* allows us to use the straight command line argument array.
* @param inDirectory
* the directory to look in (may be null).
* @param keyfiles a string array containing the base names or paths of the
* keys to be loaded.
* @param startIndex the starting index of keyfiles string array to use. This
* allows us to use the straight command line argument
* array.
* @param inDirectory the directory to look in (may be null).
* @return a list of keypair objects.
*/
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,

View File

@ -100,7 +100,6 @@ public class ZoneFormat extends CLBase {
private static void formatZone(List<Record> zone) {
for (Record r : zone) {
System.out.println(r.toString());
}

View File

@ -107,17 +107,12 @@ public class BINDKeyUtils {
* Given the information necessary to construct the path to a BIND9 generated
* key pair, load the key pair.
*
* @param signer
* the DNS name of the key.
* @param algorithm
* the DNSSEC algorithm of the key.
* @param keyid
* the DNSSEC key footprint.
* @param inDirectory
* the directory to look for the files (may be null).
* @param signer the DNS name of the key.
* @param algorithm the DNSSEC algorithm of the key.
* @param keyid the DNSSEC key footprint.
* @param inDirectory the directory to look for the files (may be null).
* @return the loaded key pair.
* @throws IOException
* if there was a problem reading the BIND9 files.
* @throws IOException if there was a problem reading the BIND9 files.
*/
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
File inDirectory) throws IOException {
@ -129,16 +124,12 @@ public class BINDKeyUtils {
/**
* Given a base path to a BIND9 key pair, load the key pair.
*
* @param keyFileBasePath
* the base filename (or real filename for either the
* public or
* private key) of the key.
* @param inDirectory
* the directory to look in, if the keyFileBasePath is
* @param keyFileBasePath the base filename (or real filename for either the
* public or private key) of the key.
* @param inDirectory the directory to look in, if the keyFileBasePath is
* relative.
* @return the loaded key pair.
* @throws IOException
* if there was a problem reading the files
* @throws IOException if there was a problem reading the files
*/
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
throws IOException {
@ -163,15 +154,12 @@ public class BINDKeyUtils {
* Given a base path to a BIND9 key pair, load the public part (only) of the
* key pair
*
* @param keyFileBasePath
* the base or real path to the public part of a key
* @param keyFileBasePath the base or real path to the public part of a key
* pair.
* @param inDirectory
* the directory to look in if the path is relative (may
* be null).
* @param inDirectory the directory to look in if the path is relative
* (may be null).
* @return a {@link DnsKeyPair} containing just the public key information.
* @throws IOException
* if there was a problem reading the public key file.
* @throws IOException if there was a problem reading the public key file.
*/
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
throws IOException {
@ -191,15 +179,11 @@ public class BINDKeyUtils {
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
* keyset may be signed, but doesn't have to be.
*
* @param keysetFileName
* the name of the keyset file.
* @param inDirectory
* the directory to look in if the path is relative (may
* be null,
* defaults to the current working directory).
* @param keysetFileName the name of the keyset file.
* @param inDirectory the directory to look in if the path is relative (may
* be null, defaults to the current working directory).
* @return a RRset contain the KEY records and any associated SIG records.
* @throws IOException
* if there was a problem reading the keyset file.
* @throws IOException if there was a problem reading the keyset file.
*/
public static RRset loadKeySet(String keysetFileName, File inDirectory)
throws IOException {
@ -219,8 +203,8 @@ public class BINDKeyUtils {
/**
* Calculate the key file base for this key pair.
*
* @param pair
* the {@link DnsKeyPair} to work from. It only needs a public key.
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
* key.
* @return the base name of the key files.
*/
public static String keyFileBase(DnsKeyPair pair) {
@ -260,8 +244,7 @@ public class BINDKeyUtils {
* Given a the contents of a BIND9 private key file, convert it into a native
* {@link java.security.PrivateKey} object.
*
* @param privateKeyString
* the contents of a BIND9 key file in string form.
* @param privateKeyString the contents of a BIND9 key file in string form.
* @return a {@link java.security.PrivateKey}
*/
public static PrivateKey convertPrivateKeyString(String privateKeyString) {
@ -284,10 +267,8 @@ public class BINDKeyUtils {
* Given a native private key, convert it into a BIND9 private key file
* format.
*
* @param priv
* the private key to convert.
* @param pub
* the private key's corresponding public key. Some algorithms
* @param priv the private key to convert.
* @param pub the private key's corresponding public key. Some algorithms
* require information from both.
* @return a string containing the contents of a BIND9 private key file.
*/
@ -328,16 +309,11 @@ public class BINDKeyUtils {
/**
* This routine will write out the BIND9 dnssec-* tool compatible files.
*
* @param baseFileName
* use this base file name. If null, the standard BIND9 base
* file
* name will be computed.
* @param pair
* the keypair in question.
* @param inDirectory
* the directory to write to (may be null).
* @throws IOException
* if there is a problem writing the files.
* @param baseFileName use this base file name. If null, the standard BIND9
* base file name will be computed.
* @param pair the keypair in question.
* @param inDirectory the directory to write to (may be null).
* @throws IOException if there is a problem writing the files.
*/
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
File inDirectory) throws IOException {
@ -370,10 +346,8 @@ public class BINDKeyUtils {
* This routine will write out the BIND9 dnssec-* tool compatible files to the
* standard file names.
*
* @param pair
* the key pair in question.
* @param inDirectory
* the directory to write to (may be null).
* @param pair the key pair in question.
* @param inDirectory the directory to write to (may be null).
*/
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
throws IOException {

View File

@ -27,7 +27,7 @@ import java.util.logging.Logger;
* @author David Blacka
*/
public class ByteArrayComparator implements Comparator<byte[]> {
private int mOffset = 0;
private int mOffset = 0;
private boolean mDebug = false;
private Logger log;

View File

@ -279,19 +279,19 @@ public class DnsKeyAlgorithm {
mIdToMnemonicMap.computeIfAbsent(alg, k -> m);
}
public void addAlias(int alias, String mnemonic, int original_algorithm) {
public void addAlias(int alias, String mnemonic, int origAlgorithm) {
if (mAlgorithmMap.containsKey(alias)) {
log.warning("Unable to alias algorithm " + alias + " because it already exists.");
return;
}
if (!mAlgorithmMap.containsKey(original_algorithm)) {
if (!mAlgorithmMap.containsKey(origAlgorithm)) {
log.warning("Unable to alias algorithm " + alias
+ " to unknown algorithm identifier " + original_algorithm);
+ " to unknown algorithm identifier " + origAlgorithm);
return;
}
mAlgorithmMap.put(alias, mAlgorithmMap.get(original_algorithm));
mAlgorithmMap.put(alias, mAlgorithmMap.get(origAlgorithm));
if (mnemonic != null) {
addMnemonic(mnemonic, alias);
@ -325,8 +325,8 @@ public class DnsKeyAlgorithm {
private ECParameterSpec ECSpecFromName(String stdName) {
try {
AlgorithmParameters ap = AlgorithmParameters.getInstance("EC");
ECGenParameterSpec ecg_spec = new ECGenParameterSpec(stdName);
ap.init(ecg_spec);
ECGenParameterSpec ecgSpec = new ECGenParameterSpec(stdName);
ap.init(ecgSpec);
return ap.getParameterSpec(ECParameterSpec.class);
} catch (NoSuchAlgorithmException e) {
log.info("Elliptic Curve not supported by any crypto provider: " + e.getMessage());
@ -343,12 +343,7 @@ public class DnsKeyAlgorithm {
if (spec != null)
return spec;
throw new InvalidParameterSpecException("Edwards Curve " + stdName + " not found.");
}
// catch (NoSuchAlgorithmException e) {
// log.info("Edwards Curve not supported by any crypto provider: " +
// e.getMessage());
// }
catch (InvalidParameterSpecException e) {
} catch (InvalidParameterSpecException e) {
log.info("Edwards Curve " + stdName + " not supported");
}
return null;
@ -391,11 +386,10 @@ public class DnsKeyAlgorithm {
}
/**
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return
* the elliptic curve parameters.
* Given one of the ECDSA algorithms (ECDSAP256SHA256, etc.) return the
* elliptic curve parameters.
*
* @param algorithm
* The DNSSEC algorithm number.
* @param algorithm The DNSSEC algorithm number.
* @return The calculated JCA ECParameterSpec for that DNSSEC algorithm, or
* null if not a recognized/supported EC algorithm.
*/
@ -405,19 +399,18 @@ public class DnsKeyAlgorithm {
return null;
if (!(entry instanceof ECAlgEntry))
return null;
ECAlgEntry ec_entry = (ECAlgEntry) entry;
ECAlgEntry ecEntry = (ECAlgEntry) entry;
return ec_entry.ecSpec;
return ecEntry.ecSpec;
}
/**
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the
* elliptic curve parameters.
* Given one of the EdDSA algorithms (Ed25519, Ed448) return the elliptic
* curve parameters.
*
* @param algorithm
* The DNSSEC algorithm number.
* @return The stored EdDSAParameterSpec for that algorithm, or
* null if not a recognized/supported EdDSA algorithm.
* @param algorithm The DNSSEC algorithm number.
* @return The stored EdDSAParameterSpec for that algorithm, or null if not a
* recognized/supported EdDSA algorithm.
*/
public EdDSAParameterSpec getEdwardsCurveParams(int algorithm) {
AlgEntry entry = getEntry(algorithm);
@ -425,17 +418,16 @@ public class DnsKeyAlgorithm {
return null;
if (!(entry instanceof EdAlgEntry))
return null;
EdAlgEntry ed_entry = (EdAlgEntry) entry;
EdAlgEntry edEntry = (EdAlgEntry) entry;
return ed_entry.edSpec;
return edEntry.edSpec;
}
/**
* Translate a possible algorithm alias back to the original DNSSEC algorithm
* number
*
* @param algorithm
* a DNSSEC algorithm that may be an alias.
* @param algorithm a DNSSEC algorithm that may be an alias.
* @return -1 if the algorithm isn't recognised, the orignal algorithm number
* if it is.
*/
@ -461,8 +453,7 @@ public class DnsKeyAlgorithm {
* Given an algorithm mnemonic, convert the mnemonic to a DNSSEC algorithm
* number.
*
* @param s
* The mnemonic string. This is case-insensitive.
* @param s The mnemonic string. This is case-insensitive.
* @return -1 if the mnemonic isn't recognized or supported, the algorithm
* number if it is.
*/
@ -476,8 +467,7 @@ public class DnsKeyAlgorithm {
/**
* Given a DNSSEC algorithm number, return the "preferred" mnemonic.
*
* @param algorithm
* A DNSSEC algorithm number.
* @param algorithm A DNSSEC algorithm number.
* @return The preferred mnemonic string, or null if not supported or
* recognized.
*/
@ -505,14 +495,14 @@ public class DnsKeyAlgorithm {
mRSAKeyGenerator = KeyPairGenerator.getInstance("RSA");
}
RSAKeyGenParameterSpec rsa_spec;
RSAKeyGenParameterSpec rsaSpec;
if (useLargeExp) {
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
} else {
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
rsaSpec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
}
try {
mRSAKeyGenerator.initialize(rsa_spec);
mRSAKeyGenerator.initialize(rsaSpec);
} catch (InvalidAlgorithmParameterException e) {
// Fold the InvalidAlgorithmParameterException into our existing
// thrown exception. Ugly, but requires less code change.

View File

@ -154,10 +154,10 @@ public class DnsKeyConverter {
private DNSKEYRecord generateEdDSADNSKEYRecord(Name name, int dclass, long ttl,
int flags, int alg, PublicKey key) {
EdDSAPublicKey ed_key = (EdDSAPublicKey) key;
byte[] key_data = ed_key.getAbyte();
EdDSAPublicKey edKey = (EdDSAPublicKey) key;
byte[] keyData = edKey.getAbyte();
return new DNSKEYRecord(name, dclass, ttl, flags, DNSKEYRecord.Protocol.DNSSEC, alg,
key_data);
keyData);
}
// Private Key Specific Parsing routines
@ -272,12 +272,12 @@ public class DnsKeyConverter {
private PrivateKey parsePrivateRSA(StringTokenizer lines)
throws NoSuchAlgorithmException {
BigInteger modulus = null;
BigInteger public_exponent = null;
BigInteger private_exponent = null;
BigInteger prime_p = null;
BigInteger prime_q = null;
BigInteger prime_p_exponent = null;
BigInteger prime_q_exponent = null;
BigInteger publicExponent = null;
BigInteger privateExponent = null;
BigInteger primeP = null;
BigInteger primeQ = null;
BigInteger primePExponent = null;
BigInteger primeQExponent = null;
BigInteger coefficient = null;
while (lines.hasMoreTokens()) {
@ -296,33 +296,28 @@ public class DnsKeyConverter {
if (line.startsWith("Modulus: ")) {
modulus = new BigInteger(1, data);
// printBigIntCompare(data, modulus);
} else if (line.startsWith("PublicExponent: ")) {
public_exponent = new BigInteger(1, data);
// printBigIntCompare(data, public_exponent);
publicExponent = new BigInteger(1, data);
} else if (line.startsWith("PrivateExponent: ")) {
private_exponent = new BigInteger(1, data);
// printBigIntCompare(data, private_exponent);
privateExponent = new BigInteger(1, data);
} else if (line.startsWith("Prime1: ")) {
prime_p = new BigInteger(1, data);
// printBigIntCompare(data, prime_p);
primeP = new BigInteger(1, data);
} else if (line.startsWith("Prime2: ")) {
prime_q = new BigInteger(1, data);
// printBigIntCompare(data, prime_q);
primeQ = new BigInteger(1, data);
} else if (line.startsWith("Exponent1: ")) {
prime_p_exponent = new BigInteger(1, data);
primePExponent = new BigInteger(1, data);
} else if (line.startsWith("Exponent2: ")) {
prime_q_exponent = new BigInteger(1, data);
primeQExponent = new BigInteger(1, data);
} else if (line.startsWith("Coefficient: ")) {
coefficient = new BigInteger(1, data);
}
}
try {
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, public_exponent,
private_exponent, prime_p,
prime_q, prime_p_exponent,
prime_q_exponent, coefficient);
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, publicExponent,
privateExponent, primeP,
primeQ, primePExponent,
primeQExponent, coefficient);
if (mRSAKeyFactory == null) {
mRSAKeyFactory = KeyFactory.getInstance("RSA");
}
@ -466,13 +461,13 @@ public class DnsKeyConverter {
if (mECKeyFactory == null) {
mECKeyFactory = KeyFactory.getInstance("EC");
}
ECParameterSpec ec_spec = mAlgorithms.getEllipticCurveParams(algorithm);
if (ec_spec == null) {
ECParameterSpec ecSpec = mAlgorithms.getEllipticCurveParams(algorithm);
if (ecSpec == null) {
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
" is not a recognized Elliptic Curve algorithm");
}
KeySpec spec = new ECPrivateKeySpec(s, ec_spec);
KeySpec spec = new ECPrivateKeySpec(s, ecSpec);
try {
return mECKeyFactory.generatePrivate(spec);
@ -516,13 +511,13 @@ public class DnsKeyConverter {
if (mEdKeyFactory == null) {
mEdKeyFactory = KeyFactory.getInstance("EdDSA");
}
EdDSAParameterSpec ed_spec = mAlgorithms.getEdwardsCurveParams(algorithm);
if (ed_spec == null) {
EdDSAParameterSpec edSpec = mAlgorithms.getEdwardsCurveParams(algorithm);
if (edSpec == null) {
throw new NoSuchAlgorithmException("DNSSEC algorithm " + algorithm +
" is not a recognized Edwards Curve algorithm");
}
KeySpec spec = new EdDSAPrivateKeySpec(seed, ed_spec);
KeySpec spec = new EdDSAPrivateKeySpec(seed, edSpec);
try {
return mEdKeyFactory.generatePrivate(spec);
@ -556,16 +551,16 @@ public class DnsKeyConverter {
* Convert from 'unsigned' big integer to original 'signed format' in Base64
*/
private static String b64BigInt(BigInteger i) {
byte[] orig_bytes = i.toByteArray();
byte[] origBytes = i.toByteArray();
if (orig_bytes[0] != 0 || orig_bytes.length == 1) {
return base64.toString(orig_bytes);
if (origBytes[0] != 0 || origBytes.length == 1) {
return base64.toString(origBytes);
}
byte[] signed_bytes = new byte[orig_bytes.length - 1];
System.arraycopy(orig_bytes, 1, signed_bytes, 0, signed_bytes.length);
byte[] signedBytes = new byte[origBytes.length - 1];
System.arraycopy(origBytes, 1, signedBytes, 0, signedBytes.length);
return base64.toString(signed_bytes);
return base64.toString(signedBytes);
}
/**

View File

@ -264,11 +264,12 @@ public class DnsKeyPair {
* @throws NoSuchAlgorithmException
*/
public Signature getVerifier() {
if (mVerifier != null) return mVerifier;
if (mVerifier != null)
return mVerifier;
mVerifier = getSignature();
PublicKey pk = getPublic();
if (mVerifier == null || pk == null) {
log.warning("Could not get a Signature object for this key pair" + this);
return null;
@ -330,15 +331,16 @@ public class DnsKeyPair {
return -1;
}
// This is from a StackOverflow answer. There are number of bytes-to-hex
// This is from a StackOverflow answer. There are number of bytes-to-hex
// converters in the ecosystem, but this avoid extra dependencies
private static final byte[] HEX_ARRAY = "0123456789ABCDEF".getBytes(StandardCharsets.US_ASCII);
public static String toHex(byte[] bytes) {
byte[] hexChars = new byte[bytes.length * 2];
for (int j = 0; j < bytes.length; j++) {
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
int v = bytes[j] & 0xFF;
hexChars[j * 2] = HEX_ARRAY[v >>> 4];
hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
}
return new String(hexChars, StandardCharsets.UTF_8);
}

View File

@ -238,13 +238,13 @@ public class DnsSecVerifier {
for (DnsKeyPair keypair : keypairs) {
Signature signer = keypair.getVerifier();
signer.update(data);
byte[] sig = sigrec.getSignature();
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.BaseAlgorithm.DSA) {
sig = SignUtils.convertDSASignature(sig);
}
if (sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP256SHA256 ||
sigrec.getAlgorithm() == DNSSEC.Algorithm.ECDSAP384SHA384) {
sig = SignUtils.convertECDSASignature(sig);

View File

@ -88,10 +88,12 @@ public class ZoneVerifier {
public boolean equals(Object o) {
return super.equals(o);
}
@Override
public int hashCode() {
return super.hashCode();
}
boolean getMark() {
return mIsMarked;
}
@ -148,7 +150,8 @@ public class ZoneVerifier {
/**
* Add a record to the various maps.
*
* @return true if the RR was added, false if it wasn't (because it was a duplicate)
* @return true if the RR was added, false if it wasn't (because it was a
* duplicate)
*/
private boolean addRR(Record r) {
Name n = r.getName();
@ -206,7 +209,7 @@ public class ZoneVerifier {
* Given an unsorted list of records, load the node and rrset maps, as well as
* determine the NSEC3 parameters and signing type.
*
* @param records
* @param records an unsorted list of {@link org.xbill.DNS.Record} objects.
* @return the number of errors encountered.
*/
private int calculateNodes(List<Record> records) {
@ -251,7 +254,7 @@ public class ZoneVerifier {
* Given a name, typeset, and name of the last zone cut, determine the node
* type.
*/
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name last_cut) {
private NodeType determineNodeType(Name n, Set<Integer> typeset, Name lastCut) {
// All RRs at the zone apex are normal
if (n.equals(mZoneName))
return NodeType.NORMAL;
@ -263,7 +266,7 @@ public class ZoneVerifier {
}
// If the node is below a zone cut (either a delegation or DNAME), it is
// glue.
if (last_cut != null && n.subdomain(last_cut) && !n.equals(last_cut)) {
if (lastCut != null && n.subdomain(lastCut) && !n.equals(lastCut)) {
return NodeType.GLUE;
}
@ -294,13 +297,13 @@ public class ZoneVerifier {
*/
private int processNodes() throws NoSuchAlgorithmException, TextParseException {
int errors = 0;
Name last_cut = null;
Name lastCut = null;
for (Map.Entry<Name, Set<Integer>> entry : mNodeMap.entrySet()) {
Name n = entry.getKey();
Set<Integer> typeset = entry.getValue();
NodeType ntype = determineNodeType(n, typeset, last_cut);
NodeType ntype = determineNodeType(n, typeset, lastCut);
log.finest("Node " + n + " is type " + ntype);
// we can ignore glue/invalid RRs.
@ -309,7 +312,7 @@ public class ZoneVerifier {
// record the last zone cut if this node is a zone cut.
if (ntype == NodeType.DELEGATION || typeset.contains(Type.DNAME)) {
last_cut = n;
lastCut = n;
}
// check all of the RRsets that should be signed