Switch to dnsjava-2.0.7: the NSEC3 comments won't work, and I had to rescue the nsec3 hash calculation function from the original NSEC3Record implementation.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@183 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
parent
2bd2bef727
commit
1fe3b49c17
Binary file not shown.
BIN
lib/dnsjava-2.0.7.jar
Normal file
BIN
lib/dnsjava-2.0.7.jar
Normal file
Binary file not shown.
@ -48,6 +48,7 @@ public class ProtoNSEC3
|
|||||||
private int dclass;
|
private int dclass;
|
||||||
private long ttl;
|
private long ttl;
|
||||||
|
|
||||||
|
static base32 b32 = new base32(base32.Alphabet.BASE32HEX, true, true);
|
||||||
/**
|
/**
|
||||||
* Creates an NSEC3 Record from the given data.
|
* Creates an NSEC3 Record from the given data.
|
||||||
*/
|
*/
|
||||||
@ -79,7 +80,7 @@ public class ProtoNSEC3
|
|||||||
private String hashToString(byte[] hash)
|
private String hashToString(byte[] hash)
|
||||||
{
|
{
|
||||||
if (hash == null) return null;
|
if (hash == null) return null;
|
||||||
return base32.toString(hash).toLowerCase();
|
return b32.toString(hash);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Name getName()
|
public Name getName()
|
||||||
@ -116,14 +117,14 @@ public class ProtoNSEC3
|
|||||||
|
|
||||||
public boolean getOptOutFlag()
|
public boolean getOptOutFlag()
|
||||||
{
|
{
|
||||||
return (flags & NSEC3Record.OPT_OUT_FLAG) != 0;
|
return (flags & NSEC3Record.Flags.OPT_OUT) != 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setOptOutFlag(boolean optOutFlag)
|
public void setOptOutFlag(boolean optOutFlag)
|
||||||
{
|
{
|
||||||
if (optOutFlag) this.flags |= NSEC3Record.OPT_OUT_FLAG;
|
if (optOutFlag) this.flags |= NSEC3Record.Flags.OPT_OUT;
|
||||||
else
|
else
|
||||||
this.flags &= ~NSEC3Record.OPT_OUT_FLAG;
|
this.flags &= ~NSEC3Record.Flags.OPT_OUT;
|
||||||
}
|
}
|
||||||
|
|
||||||
public long getTTL()
|
public long getTTL()
|
||||||
@ -183,10 +184,10 @@ public class ProtoNSEC3
|
|||||||
|
|
||||||
public NSEC3Record getNSEC3Record()
|
public NSEC3Record getNSEC3Record()
|
||||||
{
|
{
|
||||||
String comment = (originalOwner == null) ? "(unknown original ownername)"
|
// String comment = (originalOwner == null) ? "(unknown original ownername)"
|
||||||
: originalOwner.toString();
|
// : originalOwner.toString();
|
||||||
return new NSEC3Record(getName(), dclass, ttl, hashAlg, flags, iterations,
|
return new NSEC3Record(getName(), dclass, ttl, hashAlg, flags, iterations,
|
||||||
salt, next, getTypes(), comment);
|
salt, next, getTypes());
|
||||||
}
|
}
|
||||||
|
|
||||||
public void mergeTypes(TypeMap new_types)
|
public void mergeTypes(TypeMap new_types)
|
||||||
@ -228,8 +229,7 @@ public class ProtoNSEC3
|
|||||||
sb.append(' ');
|
sb.append(' ');
|
||||||
sb.append(salt == null ? "-" : base16.toString(salt));
|
sb.append(salt == null ? "-" : base16.toString(salt));
|
||||||
sb.append(' ');
|
sb.append(' ');
|
||||||
String nextstr = (next == null) ? "(null)" : base32.toString(next)
|
String nextstr = (next == null) ? "(null)" : b32.toString(next);
|
||||||
.toLowerCase();
|
|
||||||
sb.append(nextstr);
|
sb.append(nextstr);
|
||||||
|
|
||||||
int[] types = getTypes();
|
int[] types = getTypes();
|
||||||
|
|||||||
@ -1053,7 +1053,7 @@ public class SignUtils
|
|||||||
boolean optIn, int[] types)
|
boolean optIn, int[] types)
|
||||||
throws NoSuchAlgorithmException
|
throws NoSuchAlgorithmException
|
||||||
{
|
{
|
||||||
byte[] hash = NSEC3Record.hash(name, NSEC3Record.SHA1_DIGEST_ID,
|
byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID,
|
||||||
iterations, salt);
|
iterations, salt);
|
||||||
byte flags = (byte) (optIn ? 0x01 : 0x00);
|
byte flags = (byte) (optIn ? 0x01 : 0x00);
|
||||||
|
|
||||||
@ -1433,4 +1433,49 @@ public class SignUtils
|
|||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Calculate an NSEC3 hash based on a DNS name and NSEC3 hash parameters.
|
||||||
|
*
|
||||||
|
* @param n The name to hash.
|
||||||
|
* @param hash_algorithm The hash algorithm to use.
|
||||||
|
* @param iterations The number of iterations to do.
|
||||||
|
* @param salt The salt to use.
|
||||||
|
* @return The calculated hash as a byte array.
|
||||||
|
* @throws NoSuchAlgorithmException If the hash algorithm is unrecognized.
|
||||||
|
*/
|
||||||
|
public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations,
|
||||||
|
byte[] salt) throws NoSuchAlgorithmException
|
||||||
|
{
|
||||||
|
MessageDigest md;
|
||||||
|
|
||||||
|
switch (hash_algorithm)
|
||||||
|
{
|
||||||
|
case NSEC3Record.SHA1_DIGEST_ID:
|
||||||
|
md = MessageDigest.getInstance("SHA1");
|
||||||
|
break;
|
||||||
|
default :
|
||||||
|
throw new NoSuchAlgorithmException(
|
||||||
|
"Unknown NSEC3 algorithm identifier: " + hash_algorithm);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Construct our wire form.
|
||||||
|
byte[] wire_name = n.toWireCanonical();
|
||||||
|
byte[] res = wire_name; // for the first iteration.
|
||||||
|
for (int i = 0; i <= iterations; i++)
|
||||||
|
{
|
||||||
|
// Concatenate the salt, if it exists.
|
||||||
|
if (salt != null)
|
||||||
|
{
|
||||||
|
byte[] concat = new byte[res.length + salt.length];
|
||||||
|
System.arraycopy(res, 0, concat, 0, res.length);
|
||||||
|
System.arraycopy(salt, 0, concat, res.length, salt.length);
|
||||||
|
res = concat;
|
||||||
|
}
|
||||||
|
res = md.digest(res);
|
||||||
|
}
|
||||||
|
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user