davidb
/
jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Switch to dnsjava-2.0.7: the NSEC3 comments won't work, and I had to rescue the nsec3 hash calculation function from the original NSEC3Record implementation. 

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@183 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2009-11-03 02:23:59 +00:00
parent 2bd2bef727
commit 1fe3b49c17
4 changed files with 55 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
lib/dnsjava-2.0.6-vrsn-4.jar
View File

Binary file not shown.

BIN
lib/dnsjava-2.0.7.jar Normal file
View File

Binary file not shown.

18
src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
View File

@ -48,6 +48,7 @@ public class ProtoNSEC3
private int dclass;
private long ttl;
static base32 b32 = new base32(base32.Alphabet.BASE32HEX, true, true);
/**
* Creates an NSEC3 Record from the given data.
*/
@ -79,7 +80,7 @@ public class ProtoNSEC3
private String hashToString(byte[] hash)
{
if (hash == null) return null;
return base32.toString(hash).toLowerCase();
return b32.toString(hash);
}
public Name getName()
@ -116,14 +117,14 @@ public class ProtoNSEC3
public boolean getOptOutFlag()
{
return (flags & NSEC3Record.OPT_OUT_FLAG) != 0;
return (flags & NSEC3Record.Flags.OPT_OUT) != 0;
}
public void setOptOutFlag(boolean optOutFlag)
{
if (optOutFlag) this.flags |= NSEC3Record.OPT_OUT_FLAG;
if (optOutFlag) this.flags |= NSEC3Record.Flags.OPT_OUT;
else
this.flags &= ~NSEC3Record.OPT_OUT_FLAG;
this.flags &= ~NSEC3Record.Flags.OPT_OUT;
}
public long getTTL()
@ -183,10 +184,10 @@ public class ProtoNSEC3
public NSEC3Record getNSEC3Record()
{
String comment = (originalOwner == null) ? "(unknown original ownername)"
: originalOwner.toString();
// String comment = (originalOwner == null) ? "(unknown original ownername)"
// : originalOwner.toString();
return new NSEC3Record(getName(), dclass, ttl, hashAlg, flags, iterations,
salt, next, getTypes(), comment);
salt, next, getTypes());
}
public void mergeTypes(TypeMap new_types)
@ -228,8 +229,7 @@ public class ProtoNSEC3
sb.append(' ');
sb.append(salt == null ? "-" : base16.toString(salt));
sb.append(' ');
String nextstr = (next == null) ? "(null)" : base32.toString(next)
.toLowerCase();
String nextstr = (next == null) ? "(null)" : b32.toString(next);
sb.append(nextstr);
int[] types = getTypes();

47
src/com/verisignlabs/dnssec/security/SignUtils.java
View File

@ -1053,7 +1053,7 @@ public class SignUtils
boolean optIn, int[] types)
throws NoSuchAlgorithmException
{
byte[] hash = NSEC3Record.hash(name, NSEC3Record.SHA1_DIGEST_ID,
byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID,
iterations, salt);
byte flags = (byte) (optIn ? 0x01 : 0x00);
@ -1433,4 +1433,49 @@ public class SignUtils
return null;
}
}
/**
* Calculate an NSEC3 hash based on a DNS name and NSEC3 hash parameters.
*
* @param n The name to hash.
* @param hash_algorithm The hash algorithm to use.
* @param iterations The number of iterations to do.
* @param salt The salt to use.
* @return The calculated hash as a byte array.
* @throws NoSuchAlgorithmException If the hash algorithm is unrecognized.
*/
public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations,
byte[] salt) throws NoSuchAlgorithmException
{
MessageDigest md;
switch (hash_algorithm)
{
case NSEC3Record.SHA1_DIGEST_ID:
md = MessageDigest.getInstance("SHA1");
break;
default :
throw new NoSuchAlgorithmException(
"Unknown NSEC3 algorithm identifier: " + hash_algorithm);
}
// Construct our wire form.
byte[] wire_name = n.toWireCanonical();
byte[] res = wire_name; // for the first iteration.
for (int i = 0; i <= iterations; i++)
{
// Concatenate the salt, if it exists.
if (salt != null)
{
byte[] concat = new byte[res.length + salt.length];
System.arraycopy(res, 0, concat, 0, res.length);
System.arraycopy(salt, 0, concat, res.length, salt.length);
res = concat;
}
res = md.digest(res);
}
return res;
}
}