davidb
/
jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Formatting (from a new Eclipse, for better or worse) 

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2009-02-02 05:01:03 +00:00
parent 3f1787695d
commit ccb1ffb7e5
18 changed files with 658 additions and 338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
example.signed Normal file
View File

@ -0,0 +1,174 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. (
1 ; serial
3600 ; refresh
300 ; retry
3600000 ; expire
3600 ) ; minimum
example. 3600 IN RRSIG SOA 133 1 3600 (
20150420235959 20051021000000 62827 example.
hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHj
qfY0X5G+rynLZNqsbLm40Q== )
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 (
20150420235959 20051021000000 62827 example.
D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jA
t7+SR7B5JpiZcff2Cj2B0w== )
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 (
20150420235959 20051021000000 62827 example.
jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5
DlAz57p+RllUJk3DWktkjw== )
example. 3600 IN DNSKEY 256 3 133 (
AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhw
kkGby1TLExXT48OGGdbfIme5 ) ; key_tag = 62827
example. 3600 IN DNSKEY 257 3 133 (
AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeM
OpcUeGB1zsYKWJ7BvR2894hX ) ; key_tag = 22088
example. 3600 IN RRSIG DNSKEY 133 1 3600 (
20150420235959 20051021000000 22088 example.
Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk
6waLIaxuliqUBOkCjLUZMw== )
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 (
20150420235959 20051021000000 62827 example.
LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDp
LyyMRbGt4L0XlqhGJCcAsA== )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM ; example.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OP
nZPYoW6fqlpIWuVv0srD4w== )
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRy
cWmF9ZpYMcPgqAgrGZJ+jA== )
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ; ns1.example.
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI
+0Nd+8h6My6W2Bp/OzDcnQ== )
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG ; x.y.w.example.
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKp
mF3UzOkgW/E9gXinV/kQbg== )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG ; a.example.
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw3
9G5pPobyDE4Ll8KyyEDZjw== )
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG ; c.example.
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbM
prW1OGVOW52D3aeCHgN9Fg== )
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 (
20150420235959 20051021000000 62827 example.
qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDB
ku+A4HMHJdLqJr5p4JctLg== )
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz9
93IqSyUgjumoQ8qs1isY4Q== )
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 (
20150420235959 20051021000000 62827 example.
BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxP
mLlLiYpAi3q2sEjTJhocGQ== )
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 (
20150420235959 20051021000000 62827 example.
m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3o
zrM/3X0x2ruyuN0zC+PABA== )
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ; x.w.example.
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gx
VbsOS52kw9DPbkG/3jG4TQ== )
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG ; ai.example.
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x
1cHrOsLVx8oEDoKzTCztsA== )
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h ; y.w.example.
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKz
bE5X0+ac8Dw7zLvDAr4kwQ== )
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi ; w.example.
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jB
Q9I2B3kRQFQO6sA1YJZyaQ== )
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG ; 2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9e
pK7nOTTd8VtHcd7uPCPI5A== )
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL
2znQr8QJ0/QDt8ufz6tZyg== )
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI
2mvVJFR11M07gNwzYG2Ypw== )
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ; ns2.example.
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcV
cjfD9W1XR6Sy4jby7QK0iQ== )
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ; *.w.example.
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBT
q86tM/bvTQ4GFQiCWnOFNw== )
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG ; xx.example.
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lE
jRhRXqB8ay2EeHx2iKOOKg== )
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 (
20150420235959 20051021000000 62827 example.
DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXc
MYJ+TDkqa7Xfz/f9xzvSTw== )
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 (
20150420235959 20051021000000 62827 example.
BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8
ZpEjhh6b8cj0f5yQOUyShw== )
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 (
20150420235959 20051021000000 62827 example.
GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeM
AhclxUSQeoCggUBVhFfB1Q== )
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0i
g50I3Wvbkmyw4sQ5CspOcA== )
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 (
20150420235959 20051021000000 62827 example.
YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiO
GZrNmZef8NgQhW8kGEgN1Q== )
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 (
20150420235959 20051021000000 62827 example.
VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvG
wSCP1nFsEOlXyNFQJ0fWGA== )

72
example.signed.dave Normal file
View File

@ -0,0 +1,72 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q==
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w==
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw==
example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5
example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX
example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw==
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA==
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ==
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg==
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw==
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg==
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg==
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q==
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ==
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA==
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ==
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA==
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ==
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ==
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A==
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg==
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw==
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ==
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw==
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg==
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw==
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw==
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q==
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA==
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q==
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA==

72
example.signed.roy Normal file
View File

@ -0,0 +1,72 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q==
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w==
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw==
example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5
example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX
example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw==
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA==
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ==
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg==
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw==
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg==
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg==
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q==
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ==
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA==
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ==
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA==
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ==
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ==
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A==
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg==
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw==
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ==
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw==
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg==
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw==
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw==
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q==
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA==
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q==
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA==

14
sign_example.sh Normal file
View File

@ -0,0 +1,14 @@
#! /bin/bash
./bin/_jdnssec-signzone \
-3 \
-A 133:5:RSASHA1-NSEC3 \
-s 20051021000000 \
-e 20150420235959 \
-D test/ \
-S AABBCCDD \
--iterations 12 \
-k Kexample.+133+22088 \
test/example \
Kexample.+133+62827

65
src/com/verisignlabs/dnssec/cl/DSTool.java
View File

@ -35,8 +35,7 @@ import com.verisignlabs.dnssec.security.DnsKeyPair;
import com.verisignlabs.dnssec.security.SignUtils;
/**
* This class forms the command line implementation of a DNSSEC DS/DLV
* generator
* This class forms the command line implementation of a DNSSEC DS/DLV generator
*
* @author David Blacka (original)
* @author $Author: davidb $
@ -76,19 +75,22 @@ public class DSTool
opts.addOption("h", "help", false, "Print this message.");
opts.addOption(OptionBuilder.withLongOpt("dlv")
.withDescription("Generate a DLV record instead.").create());
.withDescription("Generate a DLV record instead.")
.create());
// Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, " + "6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription("verbosity level -- 0 is silence, 5 is debug information, 6 is trace information.\n"
+ "default is level 5.")
.create('v'));
opts.addOption(OptionBuilder.hasArg().withLongOpt("digest")
opts.addOption(OptionBuilder.hasArg()
.withLongOpt("digest")
.withArgName("id")
.withDescription("The Digest ID to use (numerically): "
+ "either 1 for SHA1 or 2 for SHA256").create('d'));
.withDescription("The Digest ID to use (numerically): either 1 for SHA1 or 2 for SHA256")
.create('d'));
}
public void parseCommandLine(String[] args)
@ -105,14 +107,14 @@ public class DSTool
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@ -142,14 +144,9 @@ public class DSTool
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-dstool [..options..] keyfile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-dstool [..options..] keyfile", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@ -159,8 +156,10 @@ public class DSTool
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@ -187,17 +186,16 @@ public class DSTool
log.warning("DNSKEY is not an SEP-flagged key.");
}
DSRecord ds = SignUtils.calculateDSRecord(dnskey,
state.digest_id,
dnskey.getTTL());
DSRecord ds = SignUtils.calculateDSRecord(dnskey, state.digest_id,
dnskey.getTTL());
Record res = ds;
if (state.createDLV)
{
log.fine("creating DLV.");
DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(),
ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
ds.getDigestID(), ds.getDigest());
DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), ds.getTTL(),
ds.getFootprint(), ds.getAlgorithm(),
ds.getDigestID(), ds.getDigest());
res = dlv;
}
@ -223,14 +221,13 @@ public class DSTool
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage());
System.err.println("error: mutually exclusive options have been selected:\n "
+ e.getMessage());
state.usage();
}
catch (Exception e)

66
src/com/verisignlabs/dnssec/cl/KeyGen.java
View File

@ -78,12 +78,10 @@ public class KeyGen
// boolean options
opts.addOption("h", "help", false, "Print this message.");
opts.addOption("k",
"kskflag",
false,
"Key is a key-signing-key (sets the SEP flag).");
opts.addOption("k", "kskflag", false,
"Key is a key-signing-key (sets the SEP flag).");
opts.addOption("e", "large-exponent", false, "Use large RSA exponent");
// Argument options
OptionBuilder.hasArg();
OptionBuilder.withLongOpt("nametype");
@ -101,9 +99,8 @@ public class KeyGen
OptionBuilder.hasArg();
OptionBuilder.withArgName("algorithm");
OptionBuilder
.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, "
+ "RSASHA1 is default.");
OptionBuilder.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, "
+ "RSASHA1 is default.");
opts.addOption(OptionBuilder.create('a'));
OptionBuilder.hasArg();
@ -117,8 +114,7 @@ public class KeyGen
OptionBuilder.hasArg();
OptionBuilder.withArgName("file");
OptionBuilder.withLongOpt("output-file");
OptionBuilder
.withDescription("base filename for the public/private key files");
OptionBuilder.withDescription("base filename for the public/private key files");
opts.addOption(OptionBuilder.create('f'));
OptionBuilder.hasArg();
@ -151,14 +147,14 @@ public class KeyGen
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@ -167,7 +163,7 @@ public class KeyGen
if (cli.hasOption('k')) kskFlag = true;
if (cli.hasOption('e')) useLargeE = true;
outputfile = cli.getOptionValue('f');
if ((optstr = cli.getOptionValue('d')) != null)
@ -221,22 +217,22 @@ public class KeyGen
private void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
/** Print out the usage and help statements, then quit. */
private void usage()
{
@ -245,14 +241,9 @@ public class KeyGen
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-keygen [..options..] name",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-keygen [..options..] name", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@ -262,8 +253,10 @@ public class KeyGen
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@ -310,13 +303,9 @@ public class KeyGen
+ state.ttl + ", alg = " + state.algorithm + ", flags = " + flags
+ ", length = " + state.keylength + ")");
DnsKeyPair pair = signer.generateKey(owner_name,
state.ttl,
DClass.IN,
state.algorithm,
flags,
state.keylength,
state.useLargeE);
DnsKeyPair pair = signer.generateKey(owner_name, state.ttl, DClass.IN,
state.algorithm, flags,
state.keylength, state.useLargeE);
if (state.outputfile != null)
{
@ -338,8 +327,7 @@ public class KeyGen
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

73
src/com/verisignlabs/dnssec/cl/KeyInfoTool.java
View File

@ -32,8 +32,7 @@ import com.verisignlabs.dnssec.security.DnsKeyAlgorithm;
import com.verisignlabs.dnssec.security.DnsKeyPair;
/**
* This class forms the command line implementation of a DNSSEC DS/DLV
* generator
* This class forms the command line implementation of a DNSSEC DS/DLV generator
*
* @author David Blacka (original)
* @author $Author: davidb $
@ -49,7 +48,7 @@ public class KeyInfoTool
private static class CLIState
{
private Options opts;
public String keyname = null;
public String keyname = null;
public CLIState()
{
@ -69,12 +68,16 @@ public class KeyInfoTool
opts.addOption("h", "help", false, "Print this message.");
// Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, " + "6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription(
"verbosity level -- 0 is silence, "
+ "5 is debug information, "
+ "6 is trace information.\n"
+ "default is level 5.")
.create('v'));
OptionBuilder.hasArg();
OptionBuilder.withLongOpt("alg-alias");
OptionBuilder.withArgName("alias:original:mnemonic");
@ -96,14 +99,14 @@ public class KeyInfoTool
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@ -136,14 +139,9 @@ public class KeyInfoTool
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-keyinfo [..options..] keyfile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-keyinfo [..options..] keyfile", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@ -153,8 +151,10 @@ public class KeyInfoTool
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@ -169,48 +169,48 @@ public class KeyInfoTool
return def;
}
}
private static void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
public static void execute(CLIState state) throws Exception
{
DnsKeyPair key = BINDKeyUtils.loadKey(state.keyname, null);
DNSKEYRecord dnskey = key.getDNSKEYRecord();
DnsKeyAlgorithm dnskeyalg = DnsKeyAlgorithm.getInstance();
boolean isSEP = (dnskey.getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0;
System.out.println("Name: " + dnskey.getName());
System.out.println("SEP: " + isSEP);
System.out.println("Algorithm: " + dnskeyalg.algToString(dnskey.getAlgorithm()));
System.out.println("Algorithm: "
+ dnskeyalg.algToString(dnskey.getAlgorithm()));
System.out.println("ID: " + dnskey.getFootprint());
if (dnskeyalg.baseType(dnskey.getAlgorithm()) == dnskeyalg.RSA)
if (dnskeyalg.baseType(dnskey.getAlgorithm()) == DnsKeyAlgorithm.RSA)
{
RSAPublicKey pub = (RSAPublicKey) key.getPublic();
System.out.println("RSA Public Exponent: " + pub.getPublicExponent());
System.out.println("RSA Modulus: " + pub.getModulus());
}
}
public static void main(String[] args)
@ -223,8 +223,7 @@ public class KeyInfoTool
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

111
src/com/verisignlabs/dnssec/cl/VerifyZone.java
View File

@ -36,8 +36,7 @@ import org.xbill.DNS.*;
import com.verisignlabs.dnssec.security.*;
/**
* This class forms the command line implementation of a DNSSEC zone
* validator.
* This class forms the command line implementation of a DNSSEC zone validator.
*
* @author David Blacka (original)
* @author $Author$
@ -75,26 +74,31 @@ public class VerifyZone
// boolean options
opts.addOption("h", "help", false, "Print this message.");
opts.addOption("s",
"strict",
false,
"Zone will only be considered valid if all "
+ "signatures could be cryptographically verified");
opts.addOption("s", "strict", false,
"Zone will only be considered valid if all "
+ "signatures could be cryptographically verified");
// Argument options
opts.addOption(OptionBuilder.hasArg().withLongOpt("keydir")
.withArgName("dir").withDescription("directory to find "
+ "trusted key files").create('d'));
opts.addOption(OptionBuilder.hasArg()
.withLongOpt("keydir")
.withArgName("dir")
.withDescription("directory to find " + "trusted key files")
.create('d'));
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, 6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription(
"verbosity level -- 0 is silence, "
+ "5 is debug information, 6 is trace information.\n"
+ "default is level 5.")
.create('v'));
opts.addOption(OptionBuilder.hasArg()
.withArgName("alias:original:mnemonic").withLongOpt("alg-alias")
.withDescription("Define an alias for an algorithm").create('A'));
.withArgName("alias:original:mnemonic")
.withLongOpt("alg-alias")
.withDescription("Define an alias for an algorithm")
.create('A'));
}
@ -114,16 +118,16 @@ public class VerifyZone
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
rootLogger.setLevel(Level.FINE);
break;
case 6 :
rootLogger.setLevel(Level.ALL);
break;
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
}
@ -142,7 +146,7 @@ public class VerifyZone
addArgAlias(optstrs[i]);
}
}
String[] cl_args = cli.getArgs();
if (cl_args.length < 1)
@ -163,22 +167,22 @@ public class VerifyZone
private void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
/** Print out the usage and help statements, then quit. */
public void usage()
{
@ -187,14 +191,10 @@ public class VerifyZone
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"verifyZone.sh [..options..] zonefile " + "[keyfile [keyfile...]]",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "verifyZone.sh [..options..] zonefile "
+ "[keyfile [keyfile...]]", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@ -204,8 +204,10 @@ public class VerifyZone
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@ -327,19 +329,19 @@ public class VerifyZone
switch (result)
{
case DNSSEC.Failed :
case DNSSEC.Failed:
System.out.println("zone did not verify.");
System.exit(1);
break;
case DNSSEC.Insecure:
if (state.strict)
{
System.out.println("zone did not verify.");
System.exit(1);
break;
case DNSSEC.Insecure :
if (state.strict)
{
System.out.println("zone did not verify.");
System.exit(1);
}
case DNSSEC.Secure :
System.out.println("zone verified.");
break;
}
case DNSSEC.Secure:
System.out.println("zone verified.");
break;
}
System.exit(0);
}
@ -354,8 +356,7 @@ public class VerifyZone
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

47
src/com/verisignlabs/dnssec/cl/ZoneFormat.java
View File

@ -56,7 +56,7 @@ public class ZoneFormat
private static class CLIState
{
private org.apache.commons.cli.Options opts;
public String file;
public String file;
public CLIState()
{
@ -79,16 +79,16 @@ public class ZoneFormat
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
rootLogger.setLevel(Level.FINE);
break;
case 6 :
rootLogger.setLevel(Level.ALL);
break;
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
}
@ -133,14 +133,9 @@ public class ZoneFormat
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-zoneformat [..options..] zonefile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-zoneformat [..options..] zonefile", null,
opts, HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@ -150,8 +145,10 @@ public class ZoneFormat
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@ -194,13 +191,14 @@ public class ZoneFormat
RecordComparator cmp = new RecordComparator();
Collections.sort(zone, cmp);
for (Iterator i = zone.iterator(); i.hasNext(); )
for (Iterator i = zone.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
System.out.println(r.toString());
}
}
private static void execute(CLIState state) throws IOException
{
List z = readZoneFile(state.file);
@ -217,8 +215,7 @@ public class ZoneFormat
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

128
src/com/verisignlabs/dnssec/security/BINDKeyUtils.java
View File

@ -119,7 +119,7 @@ public class BINDKeyUtils
key_buf.append('\n');
}
in.close();
return key_buf.toString().trim();
}
@ -138,18 +138,23 @@ public class BINDKeyUtils
}
/**
* Given the information necessary to construct the path to a BIND9
* generated key pair, load the key pair.
* Given the information necessary to construct the path to a BIND9 generated
* key pair, load the key pair.
*
* @param signer the DNS name of the key.
* @param algorithm the DNSSEC algorithm of the key.
* @param keyid the DNSSEC key footprint.
* @param inDirectory the directory to look for the files (may be null).
* @param signer
* the DNS name of the key.
* @param algorithm
* the DNSSEC algorithm of the key.
* @param keyid
* the DNSSEC key footprint.
* @param inDirectory
* the directory to look for the files (may be null).
* @return the loaded key pair.
* @throws IOException if there was a problem reading the BIND9 files.
* @throws IOException
* if there was a problem reading the BIND9 files.
*/
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
String keyFileBase = getKeyFileBase(signer, algorithm, keyid);
@ -159,15 +164,17 @@ public class BINDKeyUtils
/**
* Given a base path to a BIND9 key pair, load the key pair.
*
* @param keyFileBasePath the base filename (or real filename for either the
* public or private key) of the key.
* @param inDirectory the directory to look in, if the keyFileBasePath is
* relative.
* @param keyFileBasePath
* the base filename (or real filename for either the public or
* private key) of the key.
* @param inDirectory
* the directory to look in, if the keyFileBasePath is relative.
* @return the loaded key pair.
* @throws IOException if there was a problem reading the files
* @throws IOException
* if there was a problem reading the files
*/
public static DnsKeyPair loadKeyPair(String keyFileBasePath,
File inDirectory) throws IOException
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
throws IOException
{
keyFileBasePath = fixKeyFileBasePath(keyFileBasePath);
// FIXME: should we throw the IOException when one of the files
@ -190,12 +197,13 @@ public class BINDKeyUtils
* Given a base path to a BIND9 key pair, load the public part (only) of the
* key pair
*
* @param keyFileBasePath the base or real path to the public part of a key
* pair.
* @param inDirectory the directory to look in if the path is relative (may
* be null).
* @param keyFileBasePath
* the base or real path to the public part of a key pair.
* @param inDirectory
* the directory to look in if the path is relative (may be null).
* @return a {@link DnsKeyPair} containing just the public key information.
* @throws IOException if there was a problem reading the public key file.
* @throws IOException
* if there was a problem reading the public key file.
*/
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
throws IOException
@ -212,15 +220,18 @@ public class BINDKeyUtils
}
/**
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these
* files "keyset-[signer]." where [signer] is the DNS owner name of the key.
* The keyset may be signed, but doesn't have to be.
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these files
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
* keyset may be signed, but doesn't have to be.
*
* @param keysetFileName the name of the keyset file.
* @param inDirectory the directory to look in if the path is relative (may
* be null, defaults to the current working directory).
* @param keysetFileName
* the name of the keyset file.
* @param inDirectory
* the directory to look in if the path is relative (may be null,
* defaults to the current working directory).
* @return a RRset contain the KEY records and any associated SIG records.
* @throws IOException if there was a problem reading the keyset file.
* @throws IOException
* if there was a problem reading the keyset file.
*/
public static RRset loadKeySet(String keysetFileName, File inDirectory)
throws IOException
@ -242,8 +253,8 @@ public class BINDKeyUtils
/**
* Calculate the key file base for this key pair.
*
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
* key.
* @param pair
* the {@link DnsKeyPair} to work from. It only needs a public key.
* @return the base name of the key files.
*/
public static String keyFileBase(DnsKeyPair pair)
@ -251,9 +262,8 @@ public class BINDKeyUtils
DNSKEYRecord keyrec = pair.getDNSKEYRecord();
if (keyrec == null) return null;
return getKeyFileBase(keyrec.getName(),
keyrec.getAlgorithm(),
keyrec.getFootprint());
return getKeyFileBase(keyrec.getName(), keyrec.getAlgorithm(),
keyrec.getFootprint());
}
/**
@ -281,10 +291,11 @@ public class BINDKeyUtils
}
/**
* Given a the contents of a BIND9 private key file, convert it into a
* native {@link java.security.PrivateKey} object.
* Given a the contents of a BIND9 private key file, convert it into a native
* {@link java.security.PrivateKey} object.
*
* @param privateKeyString the contents of a BIND9 key file in string form.
* @param privateKeyString
* the contents of a BIND9 key file in string form.
* @return a {@link java.security.PrivateKey}
*/
public static PrivateKey convertPrivateKeyString(String privateKeyString)
@ -314,13 +325,14 @@ public class BINDKeyUtils
* Given a native private key, convert it into a BIND9 private key file
* format.
*
* @param priv the private key to convert.
* @param pub the private key's corresponding public key. Some algorithms
* @param priv
* the private key to convert.
* @param pub
* the private key's corresponding public key. Some algorithms
* require information from both.
* @return a string containing the contents of a BIND9 private key file.
*/
public static String convertPrivateKey(PrivateKey priv, PublicKey pub,
int alg)
public static String convertPrivateKey(PrivateKey priv, PublicKey pub, int alg)
{
if (priv != null)
{
@ -337,9 +349,8 @@ public class BINDKeyUtils
/**
* Convert the KEY record to the exact string format that the dnssec-*
* routines need. Currently, the DNSJAVA package uses a multiline mode for
* its record formatting. The BIND9 tools require everything on a single
* line.
* routines need. Currently, the DNSJAVA package uses a multiline mode for its
* record formatting. The BIND9 tools require everything on a single line.
*/
private static String DNSKEYtoString(DNSKEYRecord rec)
{
@ -361,23 +372,26 @@ public class BINDKeyUtils
/**
* This routine will write out the BIND9 dnssec-* tool compatible files.
*
* @param baseFileName use this base file name. If null, the standard BIND9
* base file name will be computed.
* @param pair the keypair in question.
* @param inDirectory the directory to write to (may be null).
* @throws IOException if there is a problem writing the files.
* @param baseFileName
* use this base file name. If null, the standard BIND9 base file
* name will be computed.
* @param pair
* the keypair in question.
* @param inDirectory
* the directory to write to (may be null).
* @throws IOException
* if there is a problem writing the files.
*/
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
DNSKEYRecord pub = pair.getDNSKEYRecord();
String priv = pair.getPrivateKeyString();
if (priv == null)
{
priv = convertPrivateKey(pair.getPrivate(),
pair.getPublic(),
pair.getDNSKEYAlgorithm());
priv = convertPrivateKey(pair.getPrivate(), pair.getPublic(),
pair.getDNSKEYAlgorithm());
}
if (pub == null || priv == null) return;
@ -397,11 +411,13 @@ public class BINDKeyUtils
}
/**
* This routine will write out the BIND9 dnssec-* tool compatible files to
* the standard file names.
* This routine will write out the BIND9 dnssec-* tool compatible files to the
* standard file names.
*
* @param pair the key pair in question.
* @param inDirectory the directory to write to (may be null).
* @param pair
* the key pair in question.
* @param inDirectory
* the directory to write to (may be null).
*/
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
throws IOException

6
src/com/verisignlabs/dnssec/security/ByteArrayComparator.java
View File

@ -21,9 +21,9 @@ package com.verisignlabs.dnssec.security;
import java.util.Comparator;
/**
* This class implements a basic comparitor for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
* This class implements a basic comparator for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC canonical
* ordering.
*
* @author David Blacka (original)
* @author $Author$

1
src/com/verisignlabs/dnssec/security/DnsKeyConverter.java
View File

@ -77,7 +77,6 @@ public class DnsKeyConverter
{
if (pKeyRecord.getKey() == null) return null;
// FIXME: this won't work at all with alg aliases.
// For now, instead of re-implementing parseRecord (or adding this stuff
// to DNSjava), we will just translate the algorithm back to a standard
// algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1.

44
src/com/verisignlabs/dnssec/security/DnsKeyPair.java
View File

@ -26,10 +26,10 @@ import org.xbill.DNS.*;
/**
* This class forms the basis for representing public/private key pairs in a
* DNSSEC context. It is possible to get a JCA public and private key from
* this object, as well as a DNSKEYRecord encoding of the public key. This
* class is implemented as a UNION of all the functionality needed for handing
* native java, BIND, and possibly other underlying DNSKEY engines.
* DNSSEC context. It is possible to get a JCA public and private key from this
* object, as well as a DNSKEYRecord encoding of the public key. This class is
* implemented as a UNION of all the functionality needed for handing native
* java, BIND, and possibly other underlying DNSKEY engines.
*
* JCA == Java Cryptography Architecture.
*
@ -47,8 +47,8 @@ public class DnsKeyPair
protected DNSKEYRecord mPublicKeyRecord;
/**
* This is a precalcuated cache of the KEYRecord converted into a JCA public
* key.
* This is a pre-calculated cache of the DNSKEYRecord converted into a JCA
* public key.
*/
private PublicKey mPublicKey;
@ -59,8 +59,8 @@ public class DnsKeyPair
protected String mPrivateKeyString;
/**
* The private key in JCA format. This is the base encoding for instances
* were JCA private keys are used.
* The private key in JCA format. This is the base encoding for instances where
* JCA private keys are used.
*/
protected PrivateKey mPrivateKey;
@ -73,7 +73,7 @@ public class DnsKeyPair
protected Signature mSigner;
/**
* a caches Signature used for verifying (intialized with the public key)
* a caches Signature used for verifying (initialized with the public key)
*/
protected Signature mVerifier;
@ -113,12 +113,8 @@ public class DnsKeyPair
this();
DnsKeyConverter conv = new DnsKeyConverter();
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName,
DClass.IN,
0,
0,
algorithm,
publicKey);
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DClass.IN, 0, 0,
algorithm, publicKey);
setDNSKEYRecord(keyrec);
setPrivate(privateKey);
}
@ -208,9 +204,8 @@ public class DnsKeyPair
if (mPrivateKeyString == null && mPrivateKey != null)
{
PublicKey pub = getPublic();
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey,
pub,
getDNSKEYAlgorithm());
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, pub,
getDNSKEYAlgorithm());
}
return mPrivateKeyString;
@ -231,9 +226,9 @@ public class DnsKeyPair
}
/**
* Sets the private key from the encoded form (PKCS#8). This routine
* requires that the public key already be assigned. Currently it can only
* handle DSA and RSA keys.
* Sets the private key from the encoded form (PKCS#8). This routine requires
* that the public key already be assigned. Currently it can only handle DSA
* and RSA keys.
*/
public void setEncodedPrivate(byte[] encoded)
{
@ -275,7 +270,7 @@ public class DnsKeyPair
}
else
{
// do not return an unitialized signer.
// do not return an uninitialized signer.
return null;
}
}
@ -301,11 +296,12 @@ public class DnsKeyPair
mVerifier.initVerify(pk);
}
catch (InvalidKeyException e)
{}
{
}
}
else
{
// do not return an unitialized verifier
// do not return an uninitialized verifier
return null;
}
}

37
src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@ -95,10 +95,7 @@ public class DnsSecVerifier implements Verifier
{
DnsKeyPair p = (DnsKeyPair) i.next();
if (p.getDNSKEYAlgorithm() == algorithm
&& p.getDNSKEYFootprint() == keyid)
{
return p;
}
&& p.getDNSKEYFootprint() == keyid) { return p; }
}
return null;
}
@ -154,7 +151,7 @@ public class DnsSecVerifier implements Verifier
}
private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
RRset[] keysets = cache.findAnyRecords(name, Type.KEY);
if (keysets == null) return null;
@ -167,17 +164,15 @@ public class DnsSecVerifier implements Verifier
if (!(o instanceof DNSKEYRecord)) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) o;
if (keyrec.getAlgorithm() == algorithm
&& keyrec.getFootprint() == footprint)
{
return new DnsKeyPair(keyrec, (PrivateKey) null);
}
&& keyrec.getFootprint() == footprint) { return new DnsKeyPair(
keyrec, (PrivateKey) null); }
}
return null;
}
private DnsKeyPair findKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint);
if (pair == null && cache != null)
@ -238,9 +233,9 @@ public class DnsSecVerifier implements Verifier
/**
* Verify an RRset against a particular signature.
*
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did
* not verify (for any reason), and DNSSEC.Insecure if verification
* could not be completed (usually because the public key was not
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did not
* verify (for any reason), and DNSSEC.Insecure if verification could
* not be completed (usually because the public key was not
* available).
*/
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache)
@ -248,10 +243,8 @@ public class DnsSecVerifier implements Verifier
byte result = validateSignature(rrset, sigrec);
if (result != DNSSEC.Secure) return result;
DnsKeyPair keypair = findKey(cache,
sigrec.getSigner(),
sigrec.getAlgorithm(),
sigrec.getFootprint());
DnsKeyPair keypair = findKey(cache, sigrec.getSigner(),
sigrec.getAlgorithm(), sigrec.getFootprint());
if (keypair == null)
{
@ -264,17 +257,17 @@ public class DnsSecVerifier implements Verifier
byte[] data = SignUtils.generateSigData(rrset, sigrec);
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
Signature signer = keypair.getVerifier();
signer.update(data);
byte[] sig = sigrec.getSignature();
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.DSA)
{
sig = SignUtils.convertDSASignature(sig);
}
if (!signer.verify(sig))
{
log.info("Signature failed to verify cryptographically");
@ -299,8 +292,8 @@ public class DnsSecVerifier implements Verifier
/**
* Verifies an RRset. This routine does not modify the RRset.
*
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not,
* and DNSSEC.Insecure if verification could not complete.
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and
* DNSSEC.Insecure if verification could not complete.
*/
public int verify(RRset rrset, Cache cache)
{

17
src/com/verisignlabs/dnssec/security/RecordComparator.java
View File

@ -26,10 +26,9 @@ import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class implements a comparison operator for {@link
* org.xbill.DNS.Record} objects. It imposes a canonical order consistent with
* DNSSEC. It does not put records within a RRset into canonical order: see
* {@link ByteArrayComparator}.
* This class implements a comparison operator for {@link org.xbill.DNS.Record}
* objects. It imposes a canonical order consistent with DNSSEC. It does not put
* records within a RRset into canonical order: see {@link ByteArrayComparator}.
*
* @author David Blacka (original)
* @author $Author$
@ -43,8 +42,8 @@ public class RecordComparator implements Comparator
}
/**
* In general, types are compared numerically. However, SOA and NS are
* ordered before the rest.
* In general, types are compared numerically. However, SOA and NS are ordered
* before the rest.
*/
private int compareTypes(int a, int b)
{
@ -64,15 +63,15 @@ public class RecordComparator implements Comparator
{
byte[] a_rdata = a.rdataToWireCanonical();
byte[] b_rdata = b.rdataToWireCanonical();
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
{
int n = (a_rdata[i] & 0xFF) - (b_rdata[i] & 0xFF);
if (n != 0) return n;
}
return (a_rdata.length - b_rdata.length);
}
public int compare(Object o1, Object o2) throws ClassCastException
{
Record a = (Record) o1;

33
src/com/verisignlabs/dnssec/security/SHA256.java
View File

@ -56,7 +56,7 @@ public class SHA256
}
// Constants "K"
private static final int K[] = {0x428a2f98, 0x71374491, 0xb5c0fbcf,
private static final int K[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf,
0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98,
0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
@ -67,7 +67,7 @@ public class SHA256
0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c,
0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee,
0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
0xc67178f2 };
0xc67178f2 };
private int digest[] = new int[8];
private byte data[];
@ -160,11 +160,11 @@ public class SHA256
int aBlock[];
byte byteBlock[];
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
if (data.length > 64)
{
int n = data.length / 64;
@ -200,8 +200,7 @@ public class SHA256
}
/*
* this is the method that actually performs the digest and returns the
* result
* this is the method that actually performs the digest and returns the result
*/
private void transform(int block[])
{
@ -242,14 +241,14 @@ public class SHA256
B = A;
A = T1 + T2;
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
}

10
src/com/verisignlabs/dnssec/security/TypeMap.java
View File

@ -12,8 +12,8 @@ import org.xbill.DNS.DNSOutput;
import org.xbill.DNS.Type;
/**
* This class represents the multiple type maps of the NSEC record. Currently
* it is just used to convert the wire format type map to the int array that
* This class represents the multiple type maps of the NSEC record. Currently it
* is just used to convert the wire format type map to the int array that
* org.xbill.DNS.NSECRecord uses.
*/
@ -59,8 +59,8 @@ public class TypeMap
}
/**
* Given an array of bytes representing a wire-format type map, construct
* the TypeMap object.
* Given an array of bytes representing a wire-format type map, construct the
* TypeMap object.
*/
public static TypeMap fromBytes(byte[] map)
{
@ -109,7 +109,7 @@ public class TypeMap
}
protected static void mapToWire(DNSOutput out, int[] types, int base,
int start, int end)
int start, int end)
{
// calculate the length of this map by looking at the largest
// typecode in this section.

26
src/com/verisignlabs/dnssec/security/ZoneUtils.java
View File

@ -33,7 +33,6 @@ import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class contains a bunch of utility methods that are generally useful in
* manipulating zones.
@ -48,11 +47,14 @@ public class ZoneUtils
/**
* Load a zone file.
*
* @param zonefile the filename/path of the zonefile to read.
* @param origin the origin to use for the zonefile (may be null if the
* origin is specified in the zone file itself).
* @param zonefile
* the filename/path of the zonefile to read.
* @param origin
* the origin to use for the zonefile (may be null if the origin is
* specified in the zone file itself).
* @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects.
* @throws IOException if something goes wrong reading the zone file.
* @throws IOException
* if something goes wrong reading the zone file.
*/
public static List readZoneFile(String zonefile, Name origin)
throws IOException
@ -73,10 +75,11 @@ public class ZoneUtils
/**
* Write the records out into a zone file.
*
* @param records a {@link java.util.List} of {@link org.xbill.DNS.Record}
* objects forming a zone.
* @param zonefile the file to write to. If null or equal to "-", System.out
* is used.
* @param records
* a {@link java.util.List} of {@link org.xbill.DNS.Record} objects
* forming a zone.
* @param zonefile
* the file to write to. If null or equal to "-", System.out is used.
*/
public static void writeZoneFile(List records, String zonefile)
throws IOException
@ -103,8 +106,9 @@ public class ZoneUtils
/**
* Given just the list of records, determine the zone name (origin).
*
* @param records a list of {@link org.xbill.DNS.Record} or {@link
* org.xbill.DNS.RRset} objects.
* @param records
* a list of {@link org.xbill.DNS.Record} or
* {@link org.xbill.DNS.RRset} objects.
* @return the zone name, if found. null if one couldn't be found.q
*/
public static Name findZoneName(List records)