davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

eclipse reformatting.

Browse Source 
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@242 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2011-02-09 23:58:56 +00:00
parent faae654a23
commit 453bf283ba
2 changed files with 892 additions and 784 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
src/com/verisignlabs/dnssec/cl/SignKeyset.java
View File

@ -59,13 +59,15 @@ import com.verisignlabs.dnssec.security.*;
* @author $Author: davidb $
* @version $Revision: 2235 $
*/
public class SignKeyset {
public class SignKeyset
{
private static Logger log;
/**
* This is an inner class used to hold all of the command line option state.
*/
private static class CLIState {
private static class CLIState
{
private Options opts;
private File keyDirectory = null;
public String[] keyFiles = null;
@ -75,7 +77,8 @@ public class SignKeyset {
public String outputfile = null;
public boolean verifySigs = false;
public CLIState() {
public CLIState()
{
setupCLI();
}
@ -84,7 +87,8 @@ public class SignKeyset {
*
* @return a set of command line options.
*/
private void setupCLI() {
private void setupCLI()
{
opts = new Options();
// boolean options
@ -123,8 +127,8 @@ public class SignKeyset {
}
public void parseCommandLine(String[] args)
throws org.apache.commons.cli.ParseException, ParseException,
IOException {
throws org.apache.commons.cli.ParseException, ParseException, IOException
{
CommandLineParser cli_parser = new PosixParser();
CommandLine cli = cli_parser.parse(opts, args);
@ -169,25 +173,32 @@ public class SignKeyset {
if (cli.hasOption('a')) verifySigs = true;
if ((optstr = cli.getOptionValue('D')) != null) {
if ((optstr = cli.getOptionValue('D')) != null)
{
keyDirectory = new File(optstr);
if (!keyDirectory.isDirectory()) {
System.err.println("error: " + optstr
+ " is not a directory");
if (!keyDirectory.isDirectory())
{
System.err.println("error: " + optstr + " is not a directory");
usage();
}
}
if ((optstr = cli.getOptionValue('s')) != null) {
if ((optstr = cli.getOptionValue('s')) != null)
{
start = convertDuration(null, optstr);
} else {
}
else
{
// default is now - 1 hour.
start = new Date(System.currentTimeMillis() - (3600 * 1000));
}
if ((optstr = cli.getOptionValue('e')) != null) {
if ((optstr = cli.getOptionValue('e')) != null)
{
expire = convertDuration(start, optstr);
} else {
}
else
{
expire = convertDuration(start, "+2592000"); // 30 days
}
@ -195,20 +206,23 @@ public class SignKeyset {
String[] files = cli.getArgs();
if (files.length < 1) {
if (files.length < 1)
{
System.err.println("error: missing zone file and/or key files");
usage();
}
inputfile = files[0];
if (files.length > 1) {
if (files.length > 1)
{
keyFiles = new String[files.length - 1];
System.arraycopy(files, 1, keyFiles, 0, files.length - 1);
}
}
/** Print out the usage and help statements, then quit. */
private void usage() {
private void usage()
{
HelpFormatter f = new HelpFormatter();
PrintWriter out = new PrintWriter(System.err);
@ -234,11 +248,15 @@ public class SignKeyset {
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def) {
try {
private static int parseInt(String s, int def)
{
try
{
int v = Integer.parseInt(s);
return v;
} catch (NumberFormatException e) {
}
catch (NumberFormatException e)
{
return def;
}
}
@ -254,12 +272,14 @@ public class SignKeyset {
* a list of keypairs used the sign the zone.
* @return true if all of the signatures validated.
*/
private static boolean verifySigs(Name zonename, List records, List keypairs) {
private static boolean verifySigs(Name zonename, List records, List keypairs)
{
boolean secure = true;
DnsSecVerifier verifier = new DnsSecVerifier();
for (Iterator i = keypairs.iterator(); i.hasNext();) {
for (Iterator i = keypairs.iterator(); i.hasNext();)
{
verifier.addTrustedKey((DnsKeyPair) i.next());
}
@ -267,7 +287,8 @@ public class SignKeyset {
List rrsets = SignUtils.assembleIntoRRsets(records);
for (Iterator i = rrsets.iterator(); i.hasNext();) {
for (Iterator i = rrsets.iterator(); i.hasNext();)
{
RRset rrset = (RRset) i.next();
// skip unsigned rrsets.
@ -275,9 +296,9 @@ public class SignKeyset {
int result = verifier.verify(rrset, null);
if (result != DNSSEC.Secure) {
log.fine("Signatures did not verify for RRset: (" + result
+ "): " + rrset);
if (result != DNSSEC.Secure)
{
log.fine("Signatures did not verify for RRset: (" + result + "): " + rrset);
secure = false;
}
}
@ -298,8 +319,9 @@ public class SignKeyset {
* the directory to look in (may be null).
* @return a list of keypair objects.
*/
private static List getKeys(String[] keyfiles, int start_index,
File inDirectory) throws IOException {
private static List getKeys(String[] keyfiles, int start_index, File inDirectory)
throws IOException
{
if (keyfiles == null) return null;
int len = keyfiles.length - start_index;
@ -307,7 +329,8 @@ public class SignKeyset {
ArrayList keys = new ArrayList(len);
for (int i = start_index; i < keyfiles.length; i++) {
for (int i = start_index; i < keyfiles.length; i++)
{
DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory);
if (k != null) keys.add(k);
}
@ -315,25 +338,28 @@ public class SignKeyset {
return keys;
}
private static class KeyFileFilter implements FileFilter {
private static class KeyFileFilter implements FileFilter
{
private String prefix;
public KeyFileFilter(Name origin) {
public KeyFileFilter(Name origin)
{
prefix = "K" + origin.toString();
}
public boolean accept(File pathname) {
public boolean accept(File pathname)
{
if (!pathname.isFile()) return false;
String name = pathname.getName();
if (name.startsWith(prefix) && name.endsWith(".private"))
return true;
if (name.startsWith(prefix) && name.endsWith(".private")) return true;
return false;
}
}
private static List findZoneKeys(File inDirectory, Name zonename)
throws IOException {
if (inDirectory == null) {
private static List findZoneKeys(File inDirectory, Name zonename) throws IOException
{
if (inDirectory == null)
{
inDirectory = new File(".");
}
@ -343,9 +369,9 @@ public class SignKeyset {
// read in all of the records
ArrayList keys = new ArrayList();
for (int i = 0; i < files.length; i++) {
DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(),
inDirectory);
for (int i = 0; i < files.length; i++)
{
DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(), inDirectory);
keys.add(p);
}
@ -362,17 +388,19 @@ public class SignKeyset {
* the time/offset string to parse.
* @return the calculated time.
*/
private static Date convertDuration(Date start, String duration)
throws ParseException {
private static Date convertDuration(Date start, String duration) throws ParseException
{
if (start == null) start = new Date();
if (duration.startsWith("now")) {
if (duration.startsWith("now"))
{
start = new Date();
if (duration.indexOf("+") < 0) return start;
duration = duration.substring(3);
}
if (duration.startsWith("+")) {
if (duration.startsWith("+"))
{
long offset = (long) parseInt(duration.substring(1), 0) * 1000;
return new Date(start.getTime() + offset);
}
@ -382,10 +410,12 @@ public class SignKeyset {
return dateFormatter.parse(duration);
}
public static void execute(CLIState state) throws Exception {
public static void execute(CLIState state) throws Exception
{
// Read in the zone
List records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) {
if (records == null || records.size() == 0)
{
System.err.println("error: empty keyset file");
state.usage();
}
@ -393,23 +423,28 @@ public class SignKeyset {
// Make sure that all records are DNSKEYs with the same name.
Name keysetName = null;
RRset keyset = new RRset();
for (Iterator i = records.iterator(); i.hasNext();) {
for (Iterator i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
if (r.getType() != Type.DNSKEY) {
if (r.getType() != Type.DNSKEY)
{
System.err.println("error: Non DNSKEY RR found in keyset: " + r);
continue;
}
if (keysetName == null) {
if (keysetName == null)
{
keysetName = r.getName();
}
if (!r.getName().equals(keysetName)) {
if (!r.getName().equals(keysetName))
{
System.err.println("error: DNSKEY with a different name found!");
state.usage();
}
keyset.addRR(r);
}
if (keyset.size() == 0) {
if (keyset.size() == 0)
{
System.err.println("error: No DNSKEYs found in keyset file");
state.usage();
}
@ -420,39 +455,47 @@ public class SignKeyset {
// If we *still* don't have any key pairs, look for keys the key
// directory
// that match
if (keypairs == null) {
if (keypairs == null)
{
keypairs = findZoneKeys(state.keyDirectory, keysetName);
}
// If there *still* aren't any ZSKs defined, bail.
if (keypairs == null || keypairs.size() == 0) {
if (keypairs == null || keypairs.size() == 0)
{
System.err.println("error: No signing keys could be determined.");
state.usage();
}
// default the output file, if not set.
if (state.outputfile == null) {
if (keysetName.isAbsolute()) {
if (state.outputfile == null)
{
if (keysetName.isAbsolute())
{
state.outputfile = keysetName + "signed_keyset";
} else {
}
else
{
state.outputfile = keysetName + ".signed_keyset";
}
}
JCEDnsSecSigner signer = new JCEDnsSecSigner();
List sigs = signer.signRRset(keyset, keypairs, state.start,
state.expire);
for (Iterator i = sigs.iterator(); i.hasNext();) {
List sigs = signer.signRRset(keyset, keypairs, state.start, state.expire);
for (Iterator i = sigs.iterator(); i.hasNext();)
{
keyset.addRR((Record) i.next());
}
// write out the signed RRset
List signed_records = new ArrayList();
for (Iterator i = keyset.rrs(); i.hasNext();) {
for (Iterator i = keyset.rrs(); i.hasNext();)
{
signed_records.add(i.next());
}
for (Iterator i = keyset.sigs(); i.hasNext();) {
for (Iterator i = keyset.sigs(); i.hasNext();)
{
signed_records.add(i.next());
}
@ -461,14 +504,18 @@ public class SignKeyset {
org.xbill.DNS.Options.set("multiline");
ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) {
if (state.verifySigs)
{
log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) {
if (res)
{
System.out.println("Generated signatures verified");
// log.info("Generated signatures verified");
} else {
}
else
{
System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify.");
}
@ -476,19 +523,26 @@ public class SignKeyset {
}
public static void main(String[] args) {
public static void main(String[] args)
{
CLIState state = new CLIState();
try {
try
{
state.parseCommandLine(args);
} catch (UnrecognizedOptionException e) {
System.err.println("error: unknown option encountered: "
+ e.getMessage());
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
} catch (AlreadySelectedException e) {
}
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage());
state.usage();
} catch (Exception e) {
}
catch (Exception e)
{
System.err.println("error: unknown command line parsing exception:");
e.printStackTrace();
state.usage();
@ -496,9 +550,12 @@ public class SignKeyset {
log = Logger.getLogger(SignKeyset.class.toString());
try {
try
{
execute(state);
} catch (Exception e) {
}
catch (Exception e)
{
e.printStackTrace();
}
}

189
src/com/verisignlabs/dnssec/cl/SignRRset.java
View File

@ -60,13 +60,15 @@ import com.verisignlabs.dnssec.security.*;
* @author $Author: davidb $
* @version $Revision: 2235 $
*/
public class SignRRset {
public class SignRRset
{
private static Logger log;
/**
* This is an inner class used to hold all of the command line option state.
*/
private static class CLIState {
private static class CLIState
{
private Options opts;
private File keyDirectory = null;
public String[] keyFiles = null;
@ -76,7 +78,8 @@ public class SignRRset {
public String outputfile = null;
public boolean verifySigs = false;
public CLIState() {
public CLIState()
{
setupCLI();
}
@ -85,7 +88,8 @@ public class SignRRset {
*
* @return a set of command line options.
*/
private void setupCLI() {
private void setupCLI()
{
opts = new Options();
// boolean options
@ -125,8 +129,8 @@ public class SignRRset {
}
public void parseCommandLine(String[] args)
throws org.apache.commons.cli.ParseException, ParseException,
IOException {
throws org.apache.commons.cli.ParseException, ParseException, IOException
{
CommandLineParser cli_parser = new PosixParser();
CommandLine cli = cli_parser.parse(opts, args);
@ -172,25 +176,32 @@ public class SignRRset {
if (cli.hasOption('a')) verifySigs = true;
if (cli.hasOption('m')) org.xbill.DNS.Options.set("multiline");
if ((optstr = cli.getOptionValue('D')) != null) {
if ((optstr = cli.getOptionValue('D')) != null)
{
keyDirectory = new File(optstr);
if (!keyDirectory.isDirectory()) {
System.err.println("error: " + optstr
+ " is not a directory");
if (!keyDirectory.isDirectory())
{
System.err.println("error: " + optstr + " is not a directory");
usage();
}
}
if ((optstr = cli.getOptionValue('s')) != null) {
if ((optstr = cli.getOptionValue('s')) != null)
{
start = convertDuration(null, optstr);
} else {
}
else
{
// default is now - 1 hour.
start = new Date(System.currentTimeMillis() - (3600 * 1000));
}
if ((optstr = cli.getOptionValue('e')) != null) {
if ((optstr = cli.getOptionValue('e')) != null)
{
expire = convertDuration(start, optstr);
} else {
}
else
{
expire = convertDuration(start, "+2592000"); // 30 days
}
@ -198,20 +209,23 @@ public class SignRRset {
String[] files = cli.getArgs();
if (files.length < 1) {
if (files.length < 1)
{
System.err.println("error: missing zone file and/or key files");
usage();
}
inputfile = files[0];
if (files.length > 1) {
if (files.length > 1)
{
keyFiles = new String[files.length - 1];
System.arraycopy(files, 1, keyFiles, 0, files.length - 1);
}
}
/** Print out the usage and help statements, then quit. */
private void usage() {
private void usage()
{
HelpFormatter f = new HelpFormatter();
PrintWriter out = new PrintWriter(System.err);
@ -219,8 +233,7 @@ public class SignRRset {
// print our own usage statement:
f.printHelp(out, 75, "jdnssec-signrrset [..options..] "
+ "rrset_file key_file [key_file ...]", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
HelpFormatter.DEFAULT_LEFT_PAD, HelpFormatter.DEFAULT_DESC_PAD,
"\ntime/offset = YYYYMMDDHHmmss|+offset|\"now\"+offset\n");
out.flush();
@ -237,11 +250,15 @@ public class SignRRset {
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def) {
try {
private static int parseInt(String s, int def)
{
try
{
int v = Integer.parseInt(s);
return v;
} catch (NumberFormatException e) {
}
catch (NumberFormatException e)
{
return def;
}
}
@ -257,12 +274,14 @@ public class SignRRset {
* a list of keypairs used the sign the zone.
* @return true if all of the signatures validated.
*/
private static boolean verifySigs(Name zonename, List records, List keypairs) {
private static boolean verifySigs(Name zonename, List records, List keypairs)
{
boolean secure = true;
DnsSecVerifier verifier = new DnsSecVerifier();
for (Iterator i = keypairs.iterator(); i.hasNext();) {
for (Iterator i = keypairs.iterator(); i.hasNext();)
{
verifier.addTrustedKey((DnsKeyPair) i.next());
}
@ -270,7 +289,8 @@ public class SignRRset {
List rrsets = SignUtils.assembleIntoRRsets(records);
for (Iterator i = rrsets.iterator(); i.hasNext();) {
for (Iterator i = rrsets.iterator(); i.hasNext();)
{
RRset rrset = (RRset) i.next();
// skip unsigned rrsets.
@ -278,9 +298,9 @@ public class SignRRset {
int result = verifier.verify(rrset, null);
if (result != DNSSEC.Secure) {
log.fine("Signatures did not verify for RRset: (" + result
+ "): " + rrset);
if (result != DNSSEC.Secure)
{
log.fine("Signatures did not verify for RRset: (" + result + "): " + rrset);
secure = false;
}
}
@ -302,8 +322,8 @@ public class SignRRset {
* @return a list of keypair objects.
*/
private static List<DnsKeyPair> getKeys(String[] keyfiles, int start_index,
File inDirectory)
throws IOException {
File inDirectory) throws IOException
{
if (keyfiles == null) return null;
int len = keyfiles.length - start_index;
@ -311,7 +331,8 @@ public class SignRRset {
ArrayList<DnsKeyPair> keys = new ArrayList<DnsKeyPair>(len);
for (int i = start_index; i < keyfiles.length; i++) {
for (int i = start_index; i < keyfiles.length; i++)
{
DnsKeyPair k = BINDKeyUtils.loadKeyPair(keyfiles[i], inDirectory);
if (k != null) keys.add(k);
}
@ -328,17 +349,19 @@ public class SignRRset {
* the time/offset string to parse.
* @return the calculated time.
*/
private static Date convertDuration(Date start, String duration)
throws ParseException {
private static Date convertDuration(Date start, String duration) throws ParseException
{
if (start == null) start = new Date();
if (duration.startsWith("now")) {
if (duration.startsWith("now"))
{
start = new Date();
if (duration.indexOf("+") < 0) return start;
duration = duration.substring(3);
}
if (duration.startsWith("+")) {
if (duration.startsWith("+"))
{
long offset = (long) parseInt(duration.substring(1), 0) * 1000;
return new Date(start.getTime() + offset);
}
@ -348,104 +371,122 @@ public class SignRRset {
return dateFormatter.parse(duration);
}
public static void execute(CLIState state) throws Exception {
public static void execute(CLIState state) throws Exception
{
// Read in the zone
List records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) {
if (records == null || records.size() == 0)
{
System.err.println("error: empty RRset file");
state.usage();
}
// Construct the RRset. Complain if the records in the input file
// consist of more than one RRset.
RRset rrset = null;
for (Iterator i = records.iterator(); i.hasNext();) {
for (Iterator i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
// skip RRSIGs
if (r.getType() == Type.RRSIG || r.getType() == Type.SIG) {
if (r.getType() == Type.RRSIG || r.getType() == Type.SIG)
{
continue;
}
// Handle the first record.
if (rrset == null) {
if (rrset == null)
{
rrset = new RRset();
rrset.addRR(r);
continue;
}
// Ensure that the remaining records all belong to the same rrset.
if (rrset.getName().equals(r.getName())
&& rrset.getType() == r.getType()
&& rrset.getDClass() == r.getDClass()) {
if (rrset.getName().equals(r.getName()) && rrset.getType() == r.getType()
&& rrset.getDClass() == r.getDClass())
{
rrset.addRR(r);
} else {
}
else
{
System.err.println("Records do not all belong to the same RRset.");
state.usage();
}
}
if (rrset.size() == 0) {
if (rrset.size() == 0)
{
System.err.println("No records found in inputfile.");
state.usage();
}
// Load the key pairs.
if (state.keyFiles.length == 0) {
if (state.keyFiles.length == 0)
{
System.err.println("error: at least one keyfile must be specified");
state.usage();
}
List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0,
state.keyDirectory);
List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, state.keyDirectory);
// Make sure that all the keypairs have the same name.
// This will be used as the zone name, too.
Name keysetName = null;
for (DnsKeyPair pair : keypairs) {
if (keysetName == null) {
for (DnsKeyPair pair : keypairs)
{
if (keysetName == null)
{
keysetName = pair.getDNSKEYName();
continue;
}
if (!pair.getDNSKEYName().equals(keysetName)) {
if (!pair.getDNSKEYName().equals(keysetName))
{
System.err.println("Keys do not all have the same name.");
state.usage();
}
}
// default the output file, if not set.
if (state.outputfile == null && !state.inputfile.equals("-")) {
if (state.outputfile == null && !state.inputfile.equals("-"))
{
state.outputfile = state.inputfile + ".signed";
}
JCEDnsSecSigner signer = new JCEDnsSecSigner();
List sigs = signer.signRRset(rrset, keypairs, state.start,
state.expire);
for (Iterator i = sigs.iterator(); i.hasNext();) {
List sigs = signer.signRRset(rrset, keypairs, state.start, state.expire);
for (Iterator i = sigs.iterator(); i.hasNext();)
{
rrset.addRR((Record) i.next());
}
// write out the signed RRset
List signed_records = new ArrayList();
for (Iterator i = rrset.rrs(); i.hasNext();) {
for (Iterator i = rrset.rrs(); i.hasNext();)
{
signed_records.add(i.next());
}
for (Iterator i = rrset.sigs(); i.hasNext();) {
for (Iterator i = rrset.sigs(); i.hasNext();)
{
signed_records.add(i.next());
}
// write out the signed zone
ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) {
if (state.verifySigs)
{
log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) {
if (res)
{
System.out.println("Generated signatures verified");
// log.info("Generated signatures verified");
} else {
}
else
{
System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify.");
}
@ -453,19 +494,26 @@ public class SignRRset {
}
public static void main(String[] args) {
public static void main(String[] args)
{
CLIState state = new CLIState();
try {
try
{
state.parseCommandLine(args);
} catch (UnrecognizedOptionException e) {
System.err.println("error: unknown option encountered: "
+ e.getMessage());
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
} catch (AlreadySelectedException e) {
}
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage());
state.usage();
} catch (Exception e) {
}
catch (Exception e)
{
System.err.println("error: unknown command line parsing exception:");
e.printStackTrace();
state.usage();
@ -473,9 +521,12 @@ public class SignRRset {
log = Logger.getLogger(SignRRset.class.toString());
try {
try
{
execute(state);
} catch (Exception e) {
}
catch (Exception e)
{
e.printStackTrace();
}
}