davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

eclipse reformatting.

Browse Source 
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@242 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2011-02-09 23:58:56 +00:00
parent faae654a23
commit 453bf283ba
2 changed files with 892 additions and 784 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
src/com/verisignlabs/dnssec/cl/SignKeyset.java
View File

@ -59,13 +59,15 @@ import com.verisignlabs.dnssec.security.*;
* @author $Author: davidb $ * @author $Author: davidb $
* @version $Revision: 2235 $ * @version $Revision: 2235 $
*/ */
public class SignKeyset { public class SignKeyset
{
private static Logger log; private static Logger log;
/** /**
* This is an inner class used to hold all of the command line option state. * This is an inner class used to hold all of the command line option state.
*/ */
private static class CLIState { private static class CLIState
{
private Options opts; private Options opts;
private File keyDirectory = null; private File keyDirectory = null;
public String[] keyFiles = null; public String[] keyFiles = null;
@ -75,7 +77,8 @@ public class SignKeyset {
public String outputfile = null; public String outputfile = null;
public boolean verifySigs = false; public boolean verifySigs = false;
public CLIState() { public CLIState()
{
setupCLI(); setupCLI();
} }
@ -84,7 +87,8 @@ public class SignKeyset {
* *
* @return a set of command line options. * @return a set of command line options.
*/ */
private void setupCLI() { private void setupCLI()
{
opts = new Options(); opts = new Options();
// boolean options // boolean options
@ -123,8 +127,8 @@ public class SignKeyset {
} }
public void parseCommandLine(String[] args) public void parseCommandLine(String[] args)
throws org.apache.commons.cli.ParseException, ParseException, throws org.apache.commons.cli.ParseException, ParseException, IOException
IOException { {
CommandLineParser cli_parser = new PosixParser(); CommandLineParser cli_parser = new PosixParser();
CommandLine cli = cli_parser.parse(opts, args); CommandLine cli = cli_parser.parse(opts, args);
@ -169,25 +173,32 @@ public class SignKeyset {
if (cli.hasOption('a')) verifySigs = true; if (cli.hasOption('a')) verifySigs = true;
if ((optstr = cli.getOptionValue('D')) != null) { if ((optstr = cli.getOptionValue('D')) != null)
{
keyDirectory = new File(optstr); keyDirectory = new File(optstr);
if (!keyDirectory.isDirectory()) { if (!keyDirectory.isDirectory())
System.err.println("error: " + optstr {
+ " is not a directory"); System.err.println("error: " + optstr + " is not a directory");
usage(); usage();
} }
} }
if ((optstr = cli.getOptionValue('s')) != null) { if ((optstr = cli.getOptionValue('s')) != null)
{
start = convertDuration(null, optstr); start = convertDuration(null, optstr);
} else { }
else
{
// default is now - 1 hour. // default is now - 1 hour.
start = new Date(System.currentTimeMillis() - (3600 * 1000)); start = new Date(System.currentTimeMillis() - (3600 * 1000));
} }
if ((optstr = cli.getOptionValue('e')) != null) { if ((optstr = cli.getOptionValue('e')) != null)
{
expire = convertDuration(start, optstr); expire = convertDuration(start, optstr);
} else { }
else
{
expire = convertDuration(start, "+2592000"); // 30 days expire = convertDuration(start, "+2592000"); // 30 days
} }
@ -195,20 +206,23 @@ public class SignKeyset {
String[] files = cli.getArgs(); String[] files = cli.getArgs();
if (files.length < 1) { if (files.length < 1)
{
System.err.println("error: missing zone file and/or key files"); System.err.println("error: missing zone file and/or key files");
usage(); usage();
} }
inputfile = files[0]; inputfile = files[0];
if (files.length > 1) { if (files.length > 1)
{
keyFiles = new String[files.length - 1]; keyFiles = new String[files.length - 1];
System.arraycopy(files, 1, keyFiles, 0, files.length - 1); System.arraycopy(files, 1, keyFiles, 0, files.length - 1);
} }
} }
/** Print out the usage and help statements, then quit. */ /** Print out the usage and help statements, then quit. */
private void usage() { private void usage()
{
HelpFormatter f = new HelpFormatter(); HelpFormatter f = new HelpFormatter();
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
@ -234,11 +248,15 @@ public class SignKeyset {
* the default value, if the string doesn't parse. * the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) { private static int parseInt(String s, int def)
try { {
try
{
int v = Integer.parseInt(s); int v = Integer.parseInt(s);
return v; return v;
} catch (NumberFormatException e) { }
catch (NumberFormatException e)
{
return def; return def;
} }
} }
@ -254,12 +272,14 @@ public class SignKeyset {
* a list of keypairs used the sign the zone. * a list of keypairs used the sign the zone.
* @return true if all of the signatures validated. * @return true if all of the signatures validated.
*/ */
private static boolean verifySigs(Name zonename, List records, List keypairs) { private static boolean verifySigs(Name zonename, List records, List keypairs)
{
boolean secure = true; boolean secure = true;
DnsSecVerifier verifier = new DnsSecVerifier(); DnsSecVerifier verifier = new DnsSecVerifier();
for (Iterator i = keypairs.iterator(); i.hasNext();) { for (Iterator i = keypairs.iterator(); i.hasNext();)
{
verifier.addTrustedKey((DnsKeyPair) i.next()); verifier.addTrustedKey((DnsKeyPair) i.next());
} }
@ -267,7 +287,8 @@ public class SignKeyset {
List rrsets = SignUtils.assembleIntoRRsets(records); List rrsets = SignUtils.assembleIntoRRsets(records);
for (Iterator i = rrsets.iterator(); i.hasNext();) { for (Iterator i = rrsets.iterator(); i.hasNext();)
{
RRset rrset = (RRset) i.next(); RRset rrset = (RRset) i.next();
// skip unsigned rrsets. // skip unsigned rrsets.
@ -275,9 +296,9 @@ public class SignKeyset {
int result = verifier.verify(rrset, null); int result = verifier.verify(rrset, null);
if (result != DNSSEC.Secure) { if (result != DNSSEC.Secure)
log.fine("Signatures did not verify for RRset: (" + result {
+ "): " + rrset); log.fine("Signatures did not verify for RRset: (" + result + "): " + rrset);
secure = false; secure = false;
} }
} }
@ -298,8 +319,9 @@ public class SignKeyset {
* the directory to look in (may be null). * the directory to look in (may be null).
* @return a list of keypair objects. * @return a list of keypair objects.
*/ */
private static List getKeys(String[] keyfiles, int start_index, private static List getKeys(String[] keyfiles, int start_index, File inDirectory)
File inDirectory) throws IOException { throws IOException
{
if (keyfiles == null) return null; if (keyfiles == null) return null;
int len = keyfiles.length - start_index; int len = keyfiles.length - start_index;
@ -307,7 +329,8 @@ public class SignKeyset {
ArrayList keys = new ArrayList(len); ArrayList keys = new ArrayList(len);
for (int i = start_index; i < keyfiles.length; i++) { for (int i = start_index; i < keyfiles.length; i++)
{
DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory); DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory);
if (k != null) keys.add(k); if (k != null) keys.add(k);
} }
@ -315,25 +338,28 @@ public class SignKeyset {
return keys; return keys;
} }
private static class KeyFileFilter implements FileFilter { private static class KeyFileFilter implements FileFilter
{
private String prefix; private String prefix;
public KeyFileFilter(Name origin) { public KeyFileFilter(Name origin)
{
prefix = "K" + origin.toString(); prefix = "K" + origin.toString();
} }
public boolean accept(File pathname) { public boolean accept(File pathname)
{
if (!pathname.isFile()) return false; if (!pathname.isFile()) return false;
String name = pathname.getName(); String name = pathname.getName();
if (name.startsWith(prefix) && name.endsWith(".private")) if (name.startsWith(prefix) && name.endsWith(".private")) return true;
return true;
return false; return false;
} }
} }
private static List findZoneKeys(File inDirectory, Name zonename) private static List findZoneKeys(File inDirectory, Name zonename) throws IOException
throws IOException { {
if (inDirectory == null) { if (inDirectory == null)
{
inDirectory = new File("."); inDirectory = new File(".");
} }
@ -343,9 +369,9 @@ public class SignKeyset {
// read in all of the records // read in all of the records
ArrayList keys = new ArrayList(); ArrayList keys = new ArrayList();
for (int i = 0; i < files.length; i++) { for (int i = 0; i < files.length; i++)
DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(), {
inDirectory); DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(), inDirectory);
keys.add(p); keys.add(p);
} }
@ -362,17 +388,19 @@ public class SignKeyset {
* the time/offset string to parse. * the time/offset string to parse.
* @return the calculated time. * @return the calculated time.
*/ */
private static Date convertDuration(Date start, String duration) private static Date convertDuration(Date start, String duration) throws ParseException
throws ParseException { {
if (start == null) start = new Date(); if (start == null) start = new Date();
if (duration.startsWith("now")) { if (duration.startsWith("now"))
{
start = new Date(); start = new Date();
if (duration.indexOf("+") < 0) return start; if (duration.indexOf("+") < 0) return start;
duration = duration.substring(3); duration = duration.substring(3);
} }
if (duration.startsWith("+")) { if (duration.startsWith("+"))
{
long offset = (long) parseInt(duration.substring(1), 0) * 1000; long offset = (long) parseInt(duration.substring(1), 0) * 1000;
return new Date(start.getTime() + offset); return new Date(start.getTime() + offset);
} }
@ -382,10 +410,12 @@ public class SignKeyset {
return dateFormatter.parse(duration); return dateFormatter.parse(duration);
} }
public static void execute(CLIState state) throws Exception { public static void execute(CLIState state) throws Exception
{
// Read in the zone // Read in the zone
List records = ZoneUtils.readZoneFile(state.inputfile, null); List records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) { if (records == null || records.size() == 0)
{
System.err.println("error: empty keyset file"); System.err.println("error: empty keyset file");
state.usage(); state.usage();
} }
@ -393,23 +423,28 @@ public class SignKeyset {
// Make sure that all records are DNSKEYs with the same name. // Make sure that all records are DNSKEYs with the same name.
Name keysetName = null; Name keysetName = null;
RRset keyset = new RRset(); RRset keyset = new RRset();
for (Iterator i = records.iterator(); i.hasNext();) { for (Iterator i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next(); Record r = (Record) i.next();
if (r.getType() != Type.DNSKEY) { if (r.getType() != Type.DNSKEY)
{
System.err.println("error: Non DNSKEY RR found in keyset: " + r); System.err.println("error: Non DNSKEY RR found in keyset: " + r);
continue; continue;
} }
if (keysetName == null) { if (keysetName == null)
{
keysetName = r.getName(); keysetName = r.getName();
} }
if (!r.getName().equals(keysetName)) { if (!r.getName().equals(keysetName))
{
System.err.println("error: DNSKEY with a different name found!"); System.err.println("error: DNSKEY with a different name found!");
state.usage(); state.usage();
} }
keyset.addRR(r); keyset.addRR(r);
} }
if (keyset.size() == 0) { if (keyset.size() == 0)
{
System.err.println("error: No DNSKEYs found in keyset file"); System.err.println("error: No DNSKEYs found in keyset file");
state.usage(); state.usage();
} }
@ -420,39 +455,47 @@ public class SignKeyset {
// If we *still* don't have any key pairs, look for keys the key // If we *still* don't have any key pairs, look for keys the key
// directory // directory
// that match // that match
if (keypairs == null) { if (keypairs == null)
{
keypairs = findZoneKeys(state.keyDirectory, keysetName); keypairs = findZoneKeys(state.keyDirectory, keysetName);
} }
// If there *still* aren't any ZSKs defined, bail. // If there *still* aren't any ZSKs defined, bail.
if (keypairs == null || keypairs.size() == 0) { if (keypairs == null || keypairs.size() == 0)
{
System.err.println("error: No signing keys could be determined."); System.err.println("error: No signing keys could be determined.");
state.usage(); state.usage();
} }
// default the output file, if not set. // default the output file, if not set.
if (state.outputfile == null) { if (state.outputfile == null)
if (keysetName.isAbsolute()) { {
if (keysetName.isAbsolute())
{
state.outputfile = keysetName + "signed_keyset"; state.outputfile = keysetName + "signed_keyset";
} else { }
else
{
state.outputfile = keysetName + ".signed_keyset"; state.outputfile = keysetName + ".signed_keyset";
} }
} }
JCEDnsSecSigner signer = new JCEDnsSecSigner(); JCEDnsSecSigner signer = new JCEDnsSecSigner();
List sigs = signer.signRRset(keyset, keypairs, state.start, List sigs = signer.signRRset(keyset, keypairs, state.start, state.expire);
state.expire); for (Iterator i = sigs.iterator(); i.hasNext();)
for (Iterator i = sigs.iterator(); i.hasNext();) { {
keyset.addRR((Record) i.next()); keyset.addRR((Record) i.next());
} }
// write out the signed RRset // write out the signed RRset
List signed_records = new ArrayList(); List signed_records = new ArrayList();
for (Iterator i = keyset.rrs(); i.hasNext();) { for (Iterator i = keyset.rrs(); i.hasNext();)
{
signed_records.add(i.next()); signed_records.add(i.next());
} }
for (Iterator i = keyset.sigs(); i.hasNext();) { for (Iterator i = keyset.sigs(); i.hasNext();)
{
signed_records.add(i.next()); signed_records.add(i.next());
} }
@ -461,14 +504,18 @@ public class SignKeyset {
org.xbill.DNS.Options.set("multiline"); org.xbill.DNS.Options.set("multiline");
ZoneUtils.writeZoneFile(signed_records, state.outputfile); ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) { if (state.verifySigs)
{
log.fine("verifying generated signatures"); log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs); boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) { if (res)
{
System.out.println("Generated signatures verified"); System.out.println("Generated signatures verified");
// log.info("Generated signatures verified"); // log.info("Generated signatures verified");
} else { }
else
{
System.out.println("Generated signatures did not verify."); System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify."); // log.warn("Generated signatures did not verify.");
} }
@ -476,19 +523,26 @@ public class SignKeyset {
} }
public static void main(String[] args) { public static void main(String[] args)
{
CLIState state = new CLIState(); CLIState state = new CLIState();
try { try
{
state.parseCommandLine(args); state.parseCommandLine(args);
} catch (UnrecognizedOptionException e) { }
System.err.println("error: unknown option encountered: " catch (UnrecognizedOptionException e)
+ e.getMessage()); {
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage(); state.usage();
} catch (AlreadySelectedException e) { }
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have " System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage()); + "been selected:\n " + e.getMessage());
state.usage(); state.usage();
} catch (Exception e) { }
catch (Exception e)
{
System.err.println("error: unknown command line parsing exception:"); System.err.println("error: unknown command line parsing exception:");
e.printStackTrace(); e.printStackTrace();
state.usage(); state.usage();
@ -496,9 +550,12 @@ public class SignKeyset {
log = Logger.getLogger(SignKeyset.class.toString()); log = Logger.getLogger(SignKeyset.class.toString());
try { try
{
execute(state); execute(state);
} catch (Exception e) { }
catch (Exception e)
{
e.printStackTrace(); e.printStackTrace();
} }
} }

189
src/com/verisignlabs/dnssec/cl/SignRRset.java
View File

@ -60,13 +60,15 @@ import com.verisignlabs.dnssec.security.*;
* @author $Author: davidb $ * @author $Author: davidb $
* @version $Revision: 2235 $ * @version $Revision: 2235 $
*/ */
public class SignRRset { public class SignRRset
{
private static Logger log; private static Logger log;
/** /**
* This is an inner class used to hold all of the command line option state. * This is an inner class used to hold all of the command line option state.
*/ */
private static class CLIState { private static class CLIState
{
private Options opts; private Options opts;
private File keyDirectory = null; private File keyDirectory = null;
public String[] keyFiles = null; public String[] keyFiles = null;
@ -76,7 +78,8 @@ public class SignRRset {
public String outputfile = null; public String outputfile = null;
public boolean verifySigs = false; public boolean verifySigs = false;
public CLIState() { public CLIState()
{
setupCLI(); setupCLI();
} }
@ -85,7 +88,8 @@ public class SignRRset {
* *
* @return a set of command line options. * @return a set of command line options.
*/ */
private void setupCLI() { private void setupCLI()
{
opts = new Options(); opts = new Options();
// boolean options // boolean options
@ -125,8 +129,8 @@ public class SignRRset {
} }
public void parseCommandLine(String[] args) public void parseCommandLine(String[] args)
throws org.apache.commons.cli.ParseException, ParseException, throws org.apache.commons.cli.ParseException, ParseException, IOException
IOException { {
CommandLineParser cli_parser = new PosixParser(); CommandLineParser cli_parser = new PosixParser();
CommandLine cli = cli_parser.parse(opts, args); CommandLine cli = cli_parser.parse(opts, args);
@ -172,25 +176,32 @@ public class SignRRset {
if (cli.hasOption('a')) verifySigs = true; if (cli.hasOption('a')) verifySigs = true;
if (cli.hasOption('m')) org.xbill.DNS.Options.set("multiline"); if (cli.hasOption('m')) org.xbill.DNS.Options.set("multiline");
if ((optstr = cli.getOptionValue('D')) != null) { if ((optstr = cli.getOptionValue('D')) != null)
{
keyDirectory = new File(optstr); keyDirectory = new File(optstr);
if (!keyDirectory.isDirectory()) { if (!keyDirectory.isDirectory())
System.err.println("error: " + optstr {
+ " is not a directory"); System.err.println("error: " + optstr + " is not a directory");
usage(); usage();
} }
} }
if ((optstr = cli.getOptionValue('s')) != null) { if ((optstr = cli.getOptionValue('s')) != null)
{
start = convertDuration(null, optstr); start = convertDuration(null, optstr);
} else { }
else
{
// default is now - 1 hour. // default is now - 1 hour.
start = new Date(System.currentTimeMillis() - (3600 * 1000)); start = new Date(System.currentTimeMillis() - (3600 * 1000));
} }
if ((optstr = cli.getOptionValue('e')) != null) { if ((optstr = cli.getOptionValue('e')) != null)
{
expire = convertDuration(start, optstr); expire = convertDuration(start, optstr);
} else { }
else
{
expire = convertDuration(start, "+2592000"); // 30 days expire = convertDuration(start, "+2592000"); // 30 days
} }
@ -198,20 +209,23 @@ public class SignRRset {
String[] files = cli.getArgs(); String[] files = cli.getArgs();
if (files.length < 1) { if (files.length < 1)
{
System.err.println("error: missing zone file and/or key files"); System.err.println("error: missing zone file and/or key files");
usage(); usage();
} }
inputfile = files[0]; inputfile = files[0];
if (files.length > 1) { if (files.length > 1)
{
keyFiles = new String[files.length - 1]; keyFiles = new String[files.length - 1];
System.arraycopy(files, 1, keyFiles, 0, files.length - 1); System.arraycopy(files, 1, keyFiles, 0, files.length - 1);
} }
} }
/** Print out the usage and help statements, then quit. */ /** Print out the usage and help statements, then quit. */
private void usage() { private void usage()
{
HelpFormatter f = new HelpFormatter(); HelpFormatter f = new HelpFormatter();
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
@ -219,8 +233,7 @@ public class SignRRset {
// print our own usage statement: // print our own usage statement:
f.printHelp(out, 75, "jdnssec-signrrset [..options..] " f.printHelp(out, 75, "jdnssec-signrrset [..options..] "
+ "rrset_file key_file [key_file ...]", null, opts, + "rrset_file key_file [key_file ...]", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD, HelpFormatter.DEFAULT_LEFT_PAD, HelpFormatter.DEFAULT_DESC_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
"\ntime/offset = YYYYMMDDHHmmss|+offset|\"now\"+offset\n"); "\ntime/offset = YYYYMMDDHHmmss|+offset|\"now\"+offset\n");
out.flush(); out.flush();
@ -237,11 +250,15 @@ public class SignRRset {
* the default value, if the string doesn't parse. * the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) { private static int parseInt(String s, int def)
try { {
try
{
int v = Integer.parseInt(s); int v = Integer.parseInt(s);
return v; return v;
} catch (NumberFormatException e) { }
catch (NumberFormatException e)
{
return def; return def;
} }
} }
@ -257,12 +274,14 @@ public class SignRRset {
* a list of keypairs used the sign the zone. * a list of keypairs used the sign the zone.
* @return true if all of the signatures validated. * @return true if all of the signatures validated.
*/ */
private static boolean verifySigs(Name zonename, List records, List keypairs) { private static boolean verifySigs(Name zonename, List records, List keypairs)
{
boolean secure = true; boolean secure = true;
DnsSecVerifier verifier = new DnsSecVerifier(); DnsSecVerifier verifier = new DnsSecVerifier();
for (Iterator i = keypairs.iterator(); i.hasNext();) { for (Iterator i = keypairs.iterator(); i.hasNext();)
{
verifier.addTrustedKey((DnsKeyPair) i.next()); verifier.addTrustedKey((DnsKeyPair) i.next());
} }
@ -270,7 +289,8 @@ public class SignRRset {
List rrsets = SignUtils.assembleIntoRRsets(records); List rrsets = SignUtils.assembleIntoRRsets(records);
for (Iterator i = rrsets.iterator(); i.hasNext();) { for (Iterator i = rrsets.iterator(); i.hasNext();)
{
RRset rrset = (RRset) i.next(); RRset rrset = (RRset) i.next();
// skip unsigned rrsets. // skip unsigned rrsets.
@ -278,9 +298,9 @@ public class SignRRset {
int result = verifier.verify(rrset, null); int result = verifier.verify(rrset, null);
if (result != DNSSEC.Secure) { if (result != DNSSEC.Secure)
log.fine("Signatures did not verify for RRset: (" + result {
+ "): " + rrset); log.fine("Signatures did not verify for RRset: (" + result + "): " + rrset);
secure = false; secure = false;
} }
} }
@ -302,8 +322,8 @@ public class SignRRset {
* @return a list of keypair objects. * @return a list of keypair objects.
*/ */
private static List<DnsKeyPair> getKeys(String[] keyfiles, int start_index, private static List<DnsKeyPair> getKeys(String[] keyfiles, int start_index,
File inDirectory) File inDirectory) throws IOException
throws IOException { {
if (keyfiles == null) return null; if (keyfiles == null) return null;
int len = keyfiles.length - start_index; int len = keyfiles.length - start_index;
@ -311,7 +331,8 @@ public class SignRRset {
ArrayList<DnsKeyPair> keys = new ArrayList<DnsKeyPair>(len); ArrayList<DnsKeyPair> keys = new ArrayList<DnsKeyPair>(len);
for (int i = start_index; i < keyfiles.length; i++) { for (int i = start_index; i < keyfiles.length; i++)
{
DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory); DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory);
if (k != null) keys.add(k); if (k != null) keys.add(k);
} }
@ -328,17 +349,19 @@ public class SignRRset {
* the time/offset string to parse. * the time/offset string to parse.
* @return the calculated time. * @return the calculated time.
*/ */
private static Date convertDuration(Date start, String duration) private static Date convertDuration(Date start, String duration) throws ParseException
throws ParseException { {
if (start == null) start = new Date(); if (start == null) start = new Date();
if (duration.startsWith("now")) { if (duration.startsWith("now"))
{
start = new Date(); start = new Date();
if (duration.indexOf("+") < 0) return start; if (duration.indexOf("+") < 0) return start;
duration = duration.substring(3); duration = duration.substring(3);
} }
if (duration.startsWith("+")) { if (duration.startsWith("+"))
{
long offset = (long) parseInt(duration.substring(1), 0) * 1000; long offset = (long) parseInt(duration.substring(1), 0) * 1000;
return new Date(start.getTime() + offset); return new Date(start.getTime() + offset);
} }
@ -348,104 +371,122 @@ public class SignRRset {
return dateFormatter.parse(duration); return dateFormatter.parse(duration);
} }
public static void execute(CLIState state) throws Exception { public static void execute(CLIState state) throws Exception
{
// Read in the zone // Read in the zone
List records = ZoneUtils.readZoneFile(state.inputfile, null); List records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) { if (records == null || records.size() == 0)
{
System.err.println("error: empty RRset file"); System.err.println("error: empty RRset file");
state.usage(); state.usage();
} }
// Construct the RRset. Complain if the records in the input file // Construct the RRset. Complain if the records in the input file
// consist of more than one RRset. // consist of more than one RRset.
RRset rrset = null; RRset rrset = null;
for (Iterator i = records.iterator(); i.hasNext();) { for (Iterator i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next(); Record r = (Record) i.next();
// skip RRSIGs // skip RRSIGs
if (r.getType() == Type.RRSIG || r.getType() == Type.SIG) { if (r.getType() == Type.RRSIG || r.getType() == Type.SIG)
{
continue; continue;
} }
// Handle the first record. // Handle the first record.
if (rrset == null) { if (rrset == null)
{
rrset = new RRset(); rrset = new RRset();
rrset.addRR(r); rrset.addRR(r);
continue; continue;
} }
// Ensure that the remaining records all belong to the same rrset. // Ensure that the remaining records all belong to the same rrset.
if (rrset.getName().equals(r.getName()) if (rrset.getName().equals(r.getName()) && rrset.getType() == r.getType()
&& rrset.getType() == r.getType() && rrset.getDClass() == r.getDClass())
&& rrset.getDClass() == r.getDClass()) { {
rrset.addRR(r); rrset.addRR(r);
} else { }
else
{
System.err.println("Records do not all belong to the same RRset."); System.err.println("Records do not all belong to the same RRset.");
state.usage(); state.usage();
} }
} }
if (rrset.size() == 0) { if (rrset.size() == 0)
{
System.err.println("No records found in inputfile."); System.err.println("No records found in inputfile.");
state.usage(); state.usage();
} }
// Load the key pairs. // Load the key pairs.
if (state.keyFiles.length == 0) { if (state.keyFiles.length == 0)
{
System.err.println("error: at least one keyfile must be specified"); System.err.println("error: at least one keyfile must be specified");
state.usage(); state.usage();
} }
List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, state.keyDirectory);
state.keyDirectory);
// Make sure that all the keypairs have the same name. // Make sure that all the keypairs have the same name.
// This will be used as the zone name, too. // This will be used as the zone name, too.
Name keysetName = null; Name keysetName = null;
for (DnsKeyPair pair : keypairs) { for (DnsKeyPair pair : keypairs)
if (keysetName == null) { {
if (keysetName == null)
{
keysetName = pair.getDNSKEYName(); keysetName = pair.getDNSKEYName();
continue; continue;
} }
if (!pair.getDNSKEYName().equals(keysetName)) { if (!pair.getDNSKEYName().equals(keysetName))
{
System.err.println("Keys do not all have the same name."); System.err.println("Keys do not all have the same name.");
state.usage(); state.usage();
} }
} }
// default the output file, if not set. // default the output file, if not set.
if (state.outputfile == null && !state.inputfile.equals("-")) { if (state.outputfile == null && !state.inputfile.equals("-"))
{
state.outputfile = state.inputfile + ".signed"; state.outputfile = state.inputfile + ".signed";
} }
JCEDnsSecSigner signer = new JCEDnsSecSigner(); JCEDnsSecSigner signer = new JCEDnsSecSigner();
List sigs = signer.signRRset(rrset, keypairs, state.start, List sigs = signer.signRRset(rrset, keypairs, state.start, state.expire);
state.expire); for (Iterator i = sigs.iterator(); i.hasNext();)
for (Iterator i = sigs.iterator(); i.hasNext();) { {
rrset.addRR((Record) i.next()); rrset.addRR((Record) i.next());
} }
// write out the signed RRset // write out the signed RRset
List signed_records = new ArrayList(); List signed_records = new ArrayList();
for (Iterator i = rrset.rrs(); i.hasNext();) { for (Iterator i = rrset.rrs(); i.hasNext();)
{
signed_records.add(i.next()); signed_records.add(i.next());
} }
for (Iterator i = rrset.sigs(); i.hasNext();) { for (Iterator i = rrset.sigs(); i.hasNext();)
{
signed_records.add(i.next()); signed_records.add(i.next());
} }
// write out the signed zone // write out the signed zone
ZoneUtils.writeZoneFile(signed_records, state.outputfile); ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) { if (state.verifySigs)
{
log.fine("verifying generated signatures"); log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs); boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) { if (res)
{
System.out.println("Generated signatures verified"); System.out.println("Generated signatures verified");
// log.info("Generated signatures verified"); // log.info("Generated signatures verified");
} else { }
else
{
System.out.println("Generated signatures did not verify."); System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify."); // log.warn("Generated signatures did not verify.");
} }
@ -453,19 +494,26 @@ public class SignRRset {
} }
public static void main(String[] args) { public static void main(String[] args)
{
CLIState state = new CLIState(); CLIState state = new CLIState();
try { try
{
state.parseCommandLine(args); state.parseCommandLine(args);
} catch (UnrecognizedOptionException e) { }
System.err.println("error: unknown option encountered: " catch (UnrecognizedOptionException e)
+ e.getMessage()); {
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage(); state.usage();
} catch (AlreadySelectedException e) { }
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have " System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage()); + "been selected:\n " + e.getMessage());
state.usage(); state.usage();
} catch (Exception e) { }
catch (Exception e)
{
System.err.println("error: unknown command line parsing exception:"); System.err.println("error: unknown command line parsing exception:");
e.printStackTrace(); e.printStackTrace();
state.usage(); state.usage();
@ -473,9 +521,12 @@ public class SignRRset {
log = Logger.getLogger(SignRRset.class.toString()); log = Logger.getLogger(SignRRset.class.toString());
try { try
{
execute(state); execute(state);
} catch (Exception e) { }
catch (Exception e)
{
e.printStackTrace(); e.printStackTrace();
} }
} }