update to dnsjava 2.0.6-vrsn-2; remove obsoleted workaround in DnsKeyConverter
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@138 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
parent
319bbdceb1
commit
865fcf09bf
@ -1,5 +1,13 @@
|
|||||||
2009-02-07 David Blacka <davidb@verisignlabs.com>
|
2009-02-07 David Blacka <davidb@verisignlabs.com>
|
||||||
|
|
||||||
|
* SignZone: add argument for setting the TTL of the NSEC3PARAM
|
||||||
|
record. This is so we can match current dnssec-signzone
|
||||||
|
(9.6.0-p1) behavior of using a TTL of zero.
|
||||||
|
|
||||||
|
* Update dnsjava to 2.0.6-vrsn-2, commons-cli to 1.1
|
||||||
|
|
||||||
|
* SignUtils: fix bug where NSEC3 algorithm and flags were transposed.
|
||||||
|
|
||||||
* SignUtils: Make sure to use the SOA minimum value for NSEC TTLs,
|
* SignUtils: Make sure to use the SOA minimum value for NSEC TTLs,
|
||||||
instead of the ttl of the "node".
|
instead of the ttl of the "node".
|
||||||
|
|
||||||
|
|||||||
Binary file not shown.
BIN
lib/dnsjava-2.0.6-vrsn-2.jar
Normal file
BIN
lib/dnsjava-2.0.6-vrsn-2.jar
Normal file
Binary file not shown.
@ -46,6 +46,8 @@ import javax.crypto.spec.DHPrivateKeySpec;
|
|||||||
import org.xbill.DNS.DNSKEYRecord;
|
import org.xbill.DNS.DNSKEYRecord;
|
||||||
import org.xbill.DNS.KEYRecord;
|
import org.xbill.DNS.KEYRecord;
|
||||||
import org.xbill.DNS.Name;
|
import org.xbill.DNS.Name;
|
||||||
|
import org.xbill.DNS.Record;
|
||||||
|
import org.xbill.DNS.Type;
|
||||||
import org.xbill.DNS.security.KEYConverter;
|
import org.xbill.DNS.security.KEYConverter;
|
||||||
import org.xbill.DNS.utils.base64;
|
import org.xbill.DNS.utils.base64;
|
||||||
|
|
||||||
@ -90,9 +92,11 @@ public class DnsKeyConverter
|
|||||||
|
|
||||||
if (pKeyRecord.getAlgorithm() != standard_alg)
|
if (pKeyRecord.getAlgorithm() != standard_alg)
|
||||||
{
|
{
|
||||||
pKeyRecord = new DNSKEYRecord(pKeyRecord.getName(), pKeyRecord
|
pKeyRecord = new DNSKEYRecord(pKeyRecord.getName(),
|
||||||
.getDClass(), pKeyRecord.getTTL(), pKeyRecord.getFlags(),
|
pKeyRecord.getDClass(),
|
||||||
pKeyRecord.getProtocol(), standard_alg, pKeyRecord.getKey());
|
pKeyRecord.getTTL(), pKeyRecord.getFlags(),
|
||||||
|
pKeyRecord.getProtocol(), standard_alg,
|
||||||
|
pKeyRecord.getKey());
|
||||||
}
|
}
|
||||||
|
|
||||||
return KEYConverter.parseRecord(pKeyRecord);
|
return KEYConverter.parseRecord(pKeyRecord);
|
||||||
@ -102,20 +106,12 @@ public class DnsKeyConverter
|
|||||||
* Given a JCA public key and the ancillary data, generate a DNSKEY record.
|
* Given a JCA public key and the ancillary data, generate a DNSKEY record.
|
||||||
*/
|
*/
|
||||||
public DNSKEYRecord generateDNSKEYRecord(Name name, int dclass, long ttl,
|
public DNSKEYRecord generateDNSKEYRecord(Name name, int dclass, long ttl,
|
||||||
int flags, int alg, PublicKey key)
|
int flags, int alg, PublicKey key)
|
||||||
{
|
{
|
||||||
// FIXME: currenty org.xbill.DNS.security.KEYConverter will only
|
Record kr = KEYConverter.buildRecord(name, Type.DNSKEY, dclass, ttl, flags,
|
||||||
// convert to KEYRecords, and even then, assume that an RSA
|
DNSKEYRecord.Protocol.DNSSEC, alg, key);
|
||||||
// PublicKey means alg 1.
|
|
||||||
KEYRecord kr = KEYConverter.buildRecord(name,
|
|
||||||
dclass,
|
|
||||||
ttl,
|
|
||||||
flags,
|
|
||||||
KEYRecord.PROTOCOL_DNSSEC,
|
|
||||||
key);
|
|
||||||
|
|
||||||
return new DNSKEYRecord(name, dclass, ttl, flags,
|
return (DNSKEYRecord) kr;
|
||||||
DNSKEYRecord.Protocol.DNSSEC, alg, kr.getKey());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Private Key Specific Parsing routines
|
// Private Key Specific Parsing routines
|
||||||
@ -132,14 +128,15 @@ public class DnsKeyConverter
|
|||||||
{
|
{
|
||||||
switch (algs.baseType(algorithm))
|
switch (algs.baseType(algorithm))
|
||||||
{
|
{
|
||||||
case DnsKeyAlgorithm.RSA :
|
case DnsKeyAlgorithm.RSA:
|
||||||
return mRSAKeyFactory.generatePrivate(spec);
|
return mRSAKeyFactory.generatePrivate(spec);
|
||||||
case DnsKeyAlgorithm.DSA :
|
case DnsKeyAlgorithm.DSA:
|
||||||
return mDSAKeyFactory.generatePrivate(spec);
|
return mDSAKeyFactory.generatePrivate(spec);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (GeneralSecurityException e)
|
catch (GeneralSecurityException e)
|
||||||
{}
|
{
|
||||||
|
}
|
||||||
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -192,13 +189,13 @@ public class DnsKeyConverter
|
|||||||
|
|
||||||
switch (algs.baseType(alg))
|
switch (algs.baseType(alg))
|
||||||
{
|
{
|
||||||
case DnsKeyAlgorithm.RSA :
|
case DnsKeyAlgorithm.RSA:
|
||||||
return parsePrivateRSA(lines);
|
return parsePrivateRSA(lines);
|
||||||
case DnsKeyAlgorithm.DSA :
|
case DnsKeyAlgorithm.DSA:
|
||||||
return parsePrivateDSA(lines);
|
return parsePrivateDSA(lines);
|
||||||
case DnsKeyAlgorithm.DH :
|
case DnsKeyAlgorithm.DH:
|
||||||
return parsePrivateDH(lines);
|
return parsePrivateDH(lines);
|
||||||
default :
|
default:
|
||||||
throw new IOException("unsupported private key algorithm: " + val);
|
throw new IOException("unsupported private key algorithm: " + val);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -207,8 +204,7 @@ public class DnsKeyConverter
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the value part of an "attribute:value" pair. The value is
|
* @return the value part of an "attribute:value" pair. The value is trimmed.
|
||||||
* trimmed.
|
|
||||||
*/
|
*/
|
||||||
private String value(String av)
|
private String value(String av)
|
||||||
{
|
{
|
||||||
@ -226,7 +222,8 @@ public class DnsKeyConverter
|
|||||||
* Given the rest of the RSA BIND9 string format private key, parse and
|
* Given the rest of the RSA BIND9 string format private key, parse and
|
||||||
* translate into a JCA private key
|
* translate into a JCA private key
|
||||||
*
|
*
|
||||||
* @throws NoSuchAlgorithmException if the RSA algorithm is not available.
|
* @throws NoSuchAlgorithmException
|
||||||
|
* if the RSA algorithm is not available.
|
||||||
*/
|
*/
|
||||||
private PrivateKey parsePrivateRSA(StringTokenizer lines)
|
private PrivateKey parsePrivateRSA(StringTokenizer lines)
|
||||||
throws NoSuchAlgorithmException
|
throws NoSuchAlgorithmException
|
||||||
@ -294,8 +291,9 @@ public class DnsKeyConverter
|
|||||||
try
|
try
|
||||||
{
|
{
|
||||||
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, public_exponent,
|
KeySpec spec = new RSAPrivateCrtKeySpec(modulus, public_exponent,
|
||||||
private_exponent, prime_p, prime_q, prime_p_exponent,
|
private_exponent, prime_p,
|
||||||
prime_q_exponent, coefficient);
|
prime_q, prime_p_exponent,
|
||||||
|
prime_q_exponent, coefficient);
|
||||||
if (mRSAKeyFactory == null)
|
if (mRSAKeyFactory == null)
|
||||||
{
|
{
|
||||||
mRSAKeyFactory = KeyFactory.getInstance("RSA");
|
mRSAKeyFactory = KeyFactory.getInstance("RSA");
|
||||||
@ -313,7 +311,8 @@ public class DnsKeyConverter
|
|||||||
* Given the remaining lines in a BIND9 style DH private key, parse the key
|
* Given the remaining lines in a BIND9 style DH private key, parse the key
|
||||||
* info and translate it into a JCA private key.
|
* info and translate it into a JCA private key.
|
||||||
*
|
*
|
||||||
* @throws NoSuchAlgorithmException if the DH algorithm is not available.
|
* @throws NoSuchAlgorithmException
|
||||||
|
* if the DH algorithm is not available.
|
||||||
*/
|
*/
|
||||||
private PrivateKey parsePrivateDH(StringTokenizer lines)
|
private PrivateKey parsePrivateDH(StringTokenizer lines)
|
||||||
throws NoSuchAlgorithmException
|
throws NoSuchAlgorithmException
|
||||||
@ -368,7 +367,8 @@ public class DnsKeyConverter
|
|||||||
* Given the remaining lines in a BIND9 style DSA private key, parse the key
|
* Given the remaining lines in a BIND9 style DSA private key, parse the key
|
||||||
* info and translate it into a JCA private key.
|
* info and translate it into a JCA private key.
|
||||||
*
|
*
|
||||||
* @throws NoSuchAlgorithmException if the DSA algorithm is not available.
|
* @throws NoSuchAlgorithmException
|
||||||
|
* if the DSA algorithm is not available.
|
||||||
*/
|
*/
|
||||||
private PrivateKey parsePrivateDSA(StringTokenizer lines)
|
private PrivateKey parsePrivateDSA(StringTokenizer lines)
|
||||||
throws NoSuchAlgorithmException
|
throws NoSuchAlgorithmException
|
||||||
@ -428,8 +428,7 @@ public class DnsKeyConverter
|
|||||||
* Given a private key and public key, generate the BIND9 style private key
|
* Given a private key and public key, generate the BIND9 style private key
|
||||||
* format.
|
* format.
|
||||||
*/
|
*/
|
||||||
public String generatePrivateKeyString(PrivateKey priv, PublicKey pub,
|
public String generatePrivateKeyString(PrivateKey priv, PublicKey pub, int alg)
|
||||||
int alg)
|
|
||||||
{
|
{
|
||||||
if (priv instanceof RSAPrivateCrtKey)
|
if (priv instanceof RSAPrivateCrtKey)
|
||||||
{
|
{
|
||||||
@ -476,8 +475,8 @@ public class DnsKeyConverter
|
|||||||
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
|
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
|
||||||
|
|
||||||
out.println("Private-key-format: v1.2");
|
out.println("Private-key-format: v1.2");
|
||||||
out.println("Algorithm: " + algorithm + " ("
|
out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm)
|
||||||
+ algs.algToString(algorithm) + ")");
|
+ ")");
|
||||||
out.print("Modulus: ");
|
out.print("Modulus: ");
|
||||||
out.println(b64BigInt(key.getModulus()));
|
out.println(b64BigInt(key.getModulus()));
|
||||||
out.print("PublicExponent: ");
|
out.print("PublicExponent: ");
|
||||||
@ -500,7 +499,7 @@ public class DnsKeyConverter
|
|||||||
|
|
||||||
/** Given a DH key pair, return the BIND9-style text encoding */
|
/** Given a DH key pair, return the BIND9-style text encoding */
|
||||||
private String generatePrivateDH(DHPrivateKey key, DHPublicKey pub,
|
private String generatePrivateDH(DHPrivateKey key, DHPublicKey pub,
|
||||||
int algorithm)
|
int algorithm)
|
||||||
{
|
{
|
||||||
StringWriter sw = new StringWriter();
|
StringWriter sw = new StringWriter();
|
||||||
PrintWriter out = new PrintWriter(sw);
|
PrintWriter out = new PrintWriter(sw);
|
||||||
@ -509,8 +508,8 @@ public class DnsKeyConverter
|
|||||||
DHParameterSpec p = key.getParams();
|
DHParameterSpec p = key.getParams();
|
||||||
|
|
||||||
out.println("Private-key-format: v1.2");
|
out.println("Private-key-format: v1.2");
|
||||||
out.println("Algorithm: " + algorithm + " ("
|
out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm)
|
||||||
+ algs.algToString(algorithm) + ")");
|
+ ")");
|
||||||
out.print("Prime(p): ");
|
out.print("Prime(p): ");
|
||||||
out.println(b64BigInt(p.getP()));
|
out.println(b64BigInt(p.getP()));
|
||||||
out.print("Generator(g): ");
|
out.print("Generator(g): ");
|
||||||
@ -525,7 +524,7 @@ public class DnsKeyConverter
|
|||||||
|
|
||||||
/** Given a DSA key pair, return the BIND9-style text encoding */
|
/** Given a DSA key pair, return the BIND9-style text encoding */
|
||||||
private String generatePrivateDSA(DSAPrivateKey key, DSAPublicKey pub,
|
private String generatePrivateDSA(DSAPrivateKey key, DSAPublicKey pub,
|
||||||
int algorithm)
|
int algorithm)
|
||||||
{
|
{
|
||||||
StringWriter sw = new StringWriter();
|
StringWriter sw = new StringWriter();
|
||||||
PrintWriter out = new PrintWriter(sw);
|
PrintWriter out = new PrintWriter(sw);
|
||||||
@ -534,8 +533,8 @@ public class DnsKeyConverter
|
|||||||
DSAParams p = key.getParams();
|
DSAParams p = key.getParams();
|
||||||
|
|
||||||
out.println("Private-key-format: v1.2");
|
out.println("Private-key-format: v1.2");
|
||||||
out.println("Algorithm: " + algorithm + " ("
|
out.println("Algorithm: " + algorithm + " (" + algs.algToString(algorithm)
|
||||||
+ algs.algToString(algorithm) + ")");
|
+ ")");
|
||||||
out.print("Prime(p): ");
|
out.print("Prime(p): ");
|
||||||
out.println(b64BigInt(p.getP()));
|
out.println(b64BigInt(p.getP()));
|
||||||
out.print("Subprime(q): ");
|
out.print("Subprime(q): ");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user