Use the SOA minimum value for the generated NSEC records' TTL

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@131 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2009-02-07 16:16:44 +00:00
parent c7e5d9e09b
commit b0fac2fd43

View File

@ -122,8 +122,8 @@ public class SignUtils
*
* @param presig
* the RRSIG RR prototype.
* @return the RDATA portion of the prototype RRSIG record. This forms the first
* part of the data to be signed.
* @return the RDATA portion of the prototype RRSIG record. This forms the
* first part of the data to be signed.
*/
private static byte[] generatePreSigRdata(RRSIGRecord presig)
{
@ -338,13 +338,17 @@ public class SignUtils
public static byte[] convertDSASignature(DSAParams params, byte[] signature)
throws SignatureException
{
if (signature[0] != ASN1_SEQ || signature[2] != ASN1_INT) { throw new SignatureException(
"Invalid ASN.1 signature format: expected SEQ, INT"); }
if (signature[0] != ASN1_SEQ || signature[2] != ASN1_INT)
{
throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT");
}
byte r_pad = (byte) (signature[3] - 20);
if (signature[24 + r_pad] != ASN1_INT) { throw new SignatureException(
"Invalid ASN.1 signature format: expected SEQ, INT, INT"); }
if (signature[24 + r_pad] != ASN1_INT)
{
throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT, INT");
}
log.finer("(start) ASN.1 DSA Sig:\n" + base64.toString(signature));
@ -499,7 +503,8 @@ public class SignUtils
// Current record is part of the current RRset.
if (rrset.getName().equals(r.getName())
&& rrset.getDClass() == r.getDClass()
&& ((r.getType() == Type.RRSIG && rrset.getType() == ((RRSIGRecord) r).getTypeCovered()) || rrset.getType() == r.getType()))
&& ((r.getType() == Type.RRSIG && rrset.getType() == ((RRSIGRecord) r).getTypeCovered()) ||
rrset.getType() == r.getType()))
{
rrset.addRR(r);
continue;
@ -601,6 +606,24 @@ public class SignUtils
Name last_cut = null;
int backup;
long nsec_ttl = 0;
// First find the SOA record -- it should be near the beginning -- and get
// the soa minimum
for (Iterator i = records.iterator(); i.hasNext();)
{
Object o = i.next();
if (o instanceof SOARecord)
{
SOARecord soa = (SOARecord) o;
nsec_ttl = soa.getMinimum();
break;
}
}
if (nsec_ttl == 0)
{
throw new IllegalArgumentException("Zone did not contain a SOA record");
}
for (ListIterator i = records.listIterator(); i.hasNext();)
{
@ -634,7 +657,7 @@ public class SignUtils
if (last_node != null)
{
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
last_node.ttl, current_node.name,
nsec_ttl, current_node.name,
last_node.getTypes());
// Note: we have to add this through the iterator, otherwise
// the next access via the iterator will generate a
@ -661,7 +684,7 @@ public class SignUtils
if (last_node != null)
{
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
last_node.ttl, current_node.name,
nsec_ttl, current_node.name,
last_node.getTypes());
records.add(last_node.nsecIndex - 1, nsec);
log.finer("Generated: " + nsec);
@ -669,7 +692,7 @@ public class SignUtils
// Generate last NSEC
NSECRecord nsec = new NSECRecord(current_node.name, current_node.dclass,
current_node.ttl, zonename,
nsec_ttl, zonename,
current_node.getTypes());
records.add(nsec);