From ccb1ffb7e5b148238326f8a388809269724ebde4 Mon Sep 17 00:00:00 2001 From: David Blacka Date: Mon, 2 Feb 2009 05:01:03 +0000 Subject: [PATCH] Formatting (from a new Eclipse, for better or worse) git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e --- example.signed | 174 ++++++++++++++++++ example.signed.dave | 72 ++++++++ example.signed.roy | 72 ++++++++ sign_example.sh | 14 ++ src/com/verisignlabs/dnssec/cl/DSTool.java | 65 ++++--- src/com/verisignlabs/dnssec/cl/KeyGen.java | 66 +++---- .../verisignlabs/dnssec/cl/KeyInfoTool.java | 73 ++++---- .../verisignlabs/dnssec/cl/VerifyZone.java | 111 +++++------ .../verisignlabs/dnssec/cl/ZoneFormat.java | 47 +++-- .../dnssec/security/BINDKeyUtils.java | 128 +++++++------ .../dnssec/security/ByteArrayComparator.java | 6 +- .../dnssec/security/DnsKeyConverter.java | 1 - .../dnssec/security/DnsKeyPair.java | 44 ++--- .../dnssec/security/DnsSecVerifier.java | 37 ++-- .../dnssec/security/RecordComparator.java | 17 +- .../verisignlabs/dnssec/security/SHA256.java | 33 ++-- .../verisignlabs/dnssec/security/TypeMap.java | 10 +- .../dnssec/security/ZoneUtils.java | 26 +-- 18 files changed, 658 insertions(+), 338 deletions(-) create mode 100644 example.signed create mode 100644 example.signed.dave create mode 100644 example.signed.roy create mode 100644 sign_example.sh diff --git a/example.signed b/example.signed new file mode 100644 index 0000000..4d9cb8b --- /dev/null +++ b/example.signed @@ -0,0 +1,174 @@ +example. 3600 IN SOA ns1.example. bugs.x.w.example. ( + 1 ; serial + 3600 ; refresh + 300 ; retry + 3600000 ; expire + 3600 ) ; minimum +example. 3600 IN RRSIG SOA 133 1 3600 ( + 20150420235959 20051021000000 62827 example. + hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHj + qfY0X5G+rynLZNqsbLm40Q== ) +example. 3600 IN NS ns1.example. +example. 3600 IN NS ns2.example. +example. 3600 IN RRSIG NS 133 1 3600 ( + 20150420235959 20051021000000 62827 example. + D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jA + t7+SR7B5JpiZcff2Cj2B0w== ) +example. 3600 IN MX 1 xx.example. +example. 3600 IN RRSIG MX 133 1 3600 ( + 20150420235959 20051021000000 62827 example. + jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5 + DlAz57p+RllUJk3DWktkjw== ) +example. 3600 IN DNSKEY 256 3 133 ( + AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhw + kkGby1TLExXT48OGGdbfIme5 ) ; key_tag = 62827 +example. 3600 IN DNSKEY 257 3 133 ( + AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeM + OpcUeGB1zsYKWJ7BvR2894hX ) ; key_tag = 22088 +example. 3600 IN RRSIG DNSKEY 133 1 3600 ( + 20150420235959 20051021000000 22088 example. + Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk + 6waLIaxuliqUBOkCjLUZMw== ) +example. 3600 IN NSEC3PARAM 1 12 AABBCCDD +example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 ( + 20150420235959 20051021000000 62827 example. + LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDp + LyyMRbGt4L0XlqhGJCcAsA== ) +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM ; example. +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OP + nZPYoW6fqlpIWuVv0srD4w== ) +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1 +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRy + cWmF9ZpYMcPgqAgrGZJ+jA== ) +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ; ns1.example. +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI + +0Nd+8h6My6W2Bp/OzDcnQ== ) +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG ; x.y.w.example. +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKp + mF3UzOkgW/E9gXinV/kQbg== ) +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG ; a.example. +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw3 + 9G5pPobyDE4Ll8KyyEDZjw== ) +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG ; c.example. +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbM + prW1OGVOW52D3aeCHgN9Fg== ) +a.example. 3600 IN NS ns1.a.example. +a.example. 3600 IN NS ns2.a.example. +a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C +a.example. 3600 IN RRSIG DS 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDB + ku+A4HMHJdLqJr5p4JctLg== ) +ns1.a.example. 3600 IN A 192.168.2.5 +ns2.a.example. 3600 IN A 192.168.2.6 +ai.example. 3600 IN A 192.168.2.9 +ai.example. 3600 IN RRSIG A 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz9 + 93IqSyUgjumoQ8qs1isY4Q== ) +ai.example. 3600 IN HINFO "KLH-10" "ITS" +ai.example. 3600 IN RRSIG HINFO 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxP + mLlLiYpAi3q2sEjTJhocGQ== ) +ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. 3600 IN RRSIG AAAA 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3o + zrM/3X0x2ruyuN0zC+PABA== ) +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ; x.w.example. +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gx + VbsOS52kw9DPbkG/3jG4TQ== ) +c.example. 3600 IN NS ns1.c.example. +c.example. 3600 IN NS ns2.c.example. +ns1.c.example. 3600 IN A 192.168.2.7 +ns2.c.example. 3600 IN A 192.168.2.8 +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG ; ai.example. +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x + 1cHrOsLVx8oEDoKzTCztsA== ) +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h ; y.w.example. +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKz + bE5X0+ac8Dw7zLvDAr4kwQ== ) +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi ; w.example. +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jB + Q9I2B3kRQFQO6sA1YJZyaQ== ) +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG ; 2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9e + pK7nOTTd8VtHcd7uPCPI5A== ) +ns1.example. 3600 IN A 192.168.2.1 +ns1.example. 3600 IN RRSIG A 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL + 2znQr8QJ0/QDt8ufz6tZyg== ) +ns2.example. 3600 IN A 192.168.2.2 +ns2.example. 3600 IN RRSIG A 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI + 2mvVJFR11M07gNwzYG2Ypw== ) +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ; ns2.example. +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcV + cjfD9W1XR6Sy4jby7QK0iQ== ) +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ; *.w.example. +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBT + q86tM/bvTQ4GFQiCWnOFNw== ) +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG ; xx.example. +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lE + jRhRXqB8ay2EeHx2iKOOKg== ) +*.w.example. 3600 IN MX 1 ai.example. +*.w.example. 3600 IN RRSIG MX 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXc + MYJ+TDkqa7Xfz/f9xzvSTw== ) +x.w.example. 3600 IN MX 1 xx.example. +x.w.example. 3600 IN RRSIG MX 133 3 3600 ( + 20150420235959 20051021000000 62827 example. + BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8 + ZpEjhh6b8cj0f5yQOUyShw== ) +x.y.w.example. 3600 IN MX 1 xx.example. +x.y.w.example. 3600 IN RRSIG MX 133 4 3600 ( + 20150420235959 20051021000000 62827 example. + GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeM + AhclxUSQeoCggUBVhFfB1Q== ) +xx.example. 3600 IN A 192.168.2.10 +xx.example. 3600 IN RRSIG A 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0i + g50I3Wvbkmyw4sQ5CspOcA== ) +xx.example. 3600 IN HINFO "KLH-10" "TOPS-20" +xx.example. 3600 IN RRSIG HINFO 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiO + GZrNmZef8NgQhW8kGEgN1Q== ) +xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa +xx.example. 3600 IN RRSIG AAAA 133 2 3600 ( + 20150420235959 20051021000000 62827 example. + VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvG + wSCP1nFsEOlXyNFQJ0fWGA== ) diff --git a/example.signed.dave b/example.signed.dave new file mode 100644 index 0000000..236e0e2 --- /dev/null +++ b/example.signed.dave @@ -0,0 +1,72 @@ +example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600 +example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q== +example. 3600 IN NS ns1.example. +example. 3600 IN NS ns2.example. +example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w== +example. 3600 IN MX 1 xx.example. +example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw== +example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5 +example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX +example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw== +example. 3600 IN NSEC3PARAM 1 12 AABBCCDD +example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA== +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w== +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1 +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA== +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ== +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg== +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw== +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg== +a.example. 3600 IN NS ns1.a.example. +a.example. 3600 IN NS ns2.a.example. +a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C +a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg== +ns1.a.example. 3600 IN A 192.168.2.5 +ns2.a.example. 3600 IN A 192.168.2.6 +ai.example. 3600 IN A 192.168.2.9 +ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q== +ai.example. 3600 IN HINFO "KLH-10" "ITS" +ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ== +ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA== +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ== +c.example. 3600 IN NS ns1.c.example. +c.example. 3600 IN NS ns2.c.example. +ns1.c.example. 3600 IN A 192.168.2.7 +ns2.c.example. 3600 IN A 192.168.2.8 +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA== +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ== +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ== +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A== +ns1.example. 3600 IN A 192.168.2.1 +ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg== +ns2.example. 3600 IN A 192.168.2.2 +ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw== +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ== +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw== +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg== +*.w.example. 3600 IN MX 1 ai.example. +*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw== +x.w.example. 3600 IN MX 1 xx.example. +x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw== +x.y.w.example. 3600 IN MX 1 xx.example. +x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q== +xx.example. 3600 IN A 192.168.2.10 +xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA== +xx.example. 3600 IN HINFO "KLH-10" "TOPS-20" +xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q== +xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa +xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA== diff --git a/example.signed.roy b/example.signed.roy new file mode 100644 index 0000000..236e0e2 --- /dev/null +++ b/example.signed.roy @@ -0,0 +1,72 @@ +example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600 +example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q== +example. 3600 IN NS ns1.example. +example. 3600 IN NS ns2.example. +example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w== +example. 3600 IN MX 1 xx.example. +example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw== +example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5 +example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX +example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw== +example. 3600 IN NSEC3PARAM 1 12 AABBCCDD +example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA== +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM +0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w== +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1 +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA== +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG +2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ== +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG +2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg== +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG +35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw== +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG +4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg== +a.example. 3600 IN NS ns1.a.example. +a.example. 3600 IN NS ns2.a.example. +a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C +a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg== +ns1.a.example. 3600 IN A 192.168.2.5 +ns2.a.example. 3600 IN A 192.168.2.6 +ai.example. 3600 IN A 192.168.2.9 +ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q== +ai.example. 3600 IN HINFO "KLH-10" "ITS" +ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ== +ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9 +ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA== +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG +b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ== +c.example. 3600 IN NS ns1.c.example. +c.example. 3600 IN NS ns2.c.example. +ns1.c.example. 3600 IN A 192.168.2.7 +ns2.c.example. 3600 IN A 192.168.2.8 +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG +gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA== +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h +ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ== +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi +k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ== +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG +kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A== +ns1.example. 3600 IN A 192.168.2.1 +ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg== +ns2.example. 3600 IN A 192.168.2.2 +ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw== +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG +q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ== +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG +r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw== +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG +t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg== +*.w.example. 3600 IN MX 1 ai.example. +*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw== +x.w.example. 3600 IN MX 1 xx.example. +x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw== +x.y.w.example. 3600 IN MX 1 xx.example. +x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q== +xx.example. 3600 IN A 192.168.2.10 +xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA== +xx.example. 3600 IN HINFO "KLH-10" "TOPS-20" +xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q== +xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa +xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA== diff --git a/sign_example.sh b/sign_example.sh new file mode 100644 index 0000000..72f2d62 --- /dev/null +++ b/sign_example.sh @@ -0,0 +1,14 @@ +#! /bin/bash + +./bin/_jdnssec-signzone \ + -3 \ + -A 133:5:RSASHA1-NSEC3 \ + -s 20051021000000 \ + -e 20150420235959 \ + -D test/ \ + -S AABBCCDD \ + --iterations 12 \ + -k Kexample.+133+22088 \ + test/example \ + Kexample.+133+62827 + diff --git a/src/com/verisignlabs/dnssec/cl/DSTool.java b/src/com/verisignlabs/dnssec/cl/DSTool.java index c530c57..83f195c 100644 --- a/src/com/verisignlabs/dnssec/cl/DSTool.java +++ b/src/com/verisignlabs/dnssec/cl/DSTool.java @@ -35,8 +35,7 @@ import com.verisignlabs.dnssec.security.DnsKeyPair; import com.verisignlabs.dnssec.security.SignUtils; /** - * This class forms the command line implementation of a DNSSEC DS/DLV - * generator + * This class forms the command line implementation of a DNSSEC DS/DLV generator * * @author David Blacka (original) * @author $Author: davidb $ @@ -76,19 +75,22 @@ public class DSTool opts.addOption("h", "help", false, "Print this message."); opts.addOption(OptionBuilder.withLongOpt("dlv") - .withDescription("Generate a DLV record instead.").create()); + .withDescription("Generate a DLV record instead.") + .create()); // Argument options - opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") + opts.addOption(OptionBuilder.hasOptionalArg() + .withLongOpt("verbose") .withArgName("level") - .withDescription("verbosity level -- 0 is silence, " - + "5 is debug information, " + "6 is trace information.\n" - + "default is level 5.").create('v')); + .withDescription("verbosity level -- 0 is silence, 5 is debug information, 6 is trace information.\n" + + "default is level 5.") + .create('v')); - opts.addOption(OptionBuilder.hasArg().withLongOpt("digest") + opts.addOption(OptionBuilder.hasArg() + .withLongOpt("digest") .withArgName("id") - .withDescription("The Digest ID to use (numerically): " - + "either 1 for SHA1 or 2 for SHA256").create('d')); + .withDescription("The Digest ID to use (numerically): either 1 for SHA1 or 2 for SHA256") + .create('d')); } public void parseCommandLine(String[] args) @@ -105,14 +107,14 @@ public class DSTool Logger rootLogger = Logger.getLogger(""); switch (value) { - case 0 : + case 0: rootLogger.setLevel(Level.OFF); break; - case 5 : - default : + case 5: + default: rootLogger.setLevel(Level.FINE); break; - case 6 : + case 6: rootLogger.setLevel(Level.ALL); break; } @@ -142,14 +144,9 @@ public class DSTool PrintWriter out = new PrintWriter(System.err); // print our own usage statement: - f.printHelp(out, - 75, - "jdnssec-dstool [..options..] keyfile", - null, - opts, - HelpFormatter.DEFAULT_LEFT_PAD, - HelpFormatter.DEFAULT_DESC_PAD, - null); + f.printHelp(out, 75, "jdnssec-dstool [..options..] keyfile", null, opts, + HelpFormatter.DEFAULT_LEFT_PAD, + HelpFormatter.DEFAULT_DESC_PAD, null); out.flush(); System.exit(64); @@ -159,8 +156,10 @@ public class DSTool /** * This is just a convenience method for parsing integers from strings. * - * @param s the string to parse. - * @param def the default value, if the string doesn't parse. + * @param s + * the string to parse. + * @param def + * the default value, if the string doesn't parse. * @return the parsed integer, or the default. */ private static int parseInt(String s, int def) @@ -187,17 +186,16 @@ public class DSTool log.warning("DNSKEY is not an SEP-flagged key."); } - DSRecord ds = SignUtils.calculateDSRecord(dnskey, - state.digest_id, - dnskey.getTTL()); + DSRecord ds = SignUtils.calculateDSRecord(dnskey, state.digest_id, + dnskey.getTTL()); Record res = ds; if (state.createDLV) { log.fine("creating DLV."); - DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), - ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(), - ds.getDigestID(), ds.getDigest()); + DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), ds.getTTL(), + ds.getFootprint(), ds.getAlgorithm(), + ds.getDigestID(), ds.getDigest()); res = dlv; } @@ -223,14 +221,13 @@ public class DSTool } catch (UnrecognizedOptionException e) { - System.err.println("error: unknown option encountered: " - + e.getMessage()); + System.err.println("error: unknown option encountered: " + e.getMessage()); state.usage(); } catch (AlreadySelectedException e) { - System.err.println("error: mutually exclusive options have " - + "been selected:\n " + e.getMessage()); + System.err.println("error: mutually exclusive options have been selected:\n " + + e.getMessage()); state.usage(); } catch (Exception e) diff --git a/src/com/verisignlabs/dnssec/cl/KeyGen.java b/src/com/verisignlabs/dnssec/cl/KeyGen.java index 683a330..953f7af 100644 --- a/src/com/verisignlabs/dnssec/cl/KeyGen.java +++ b/src/com/verisignlabs/dnssec/cl/KeyGen.java @@ -78,12 +78,10 @@ public class KeyGen // boolean options opts.addOption("h", "help", false, "Print this message."); - opts.addOption("k", - "kskflag", - false, - "Key is a key-signing-key (sets the SEP flag)."); + opts.addOption("k", "kskflag", false, + "Key is a key-signing-key (sets the SEP flag)."); opts.addOption("e", "large-exponent", false, "Use large RSA exponent"); - + // Argument options OptionBuilder.hasArg(); OptionBuilder.withLongOpt("nametype"); @@ -101,9 +99,8 @@ public class KeyGen OptionBuilder.hasArg(); OptionBuilder.withArgName("algorithm"); - OptionBuilder - .withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, " - + "RSASHA1 is default."); + OptionBuilder.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, " + + "RSASHA1 is default."); opts.addOption(OptionBuilder.create('a')); OptionBuilder.hasArg(); @@ -117,8 +114,7 @@ public class KeyGen OptionBuilder.hasArg(); OptionBuilder.withArgName("file"); OptionBuilder.withLongOpt("output-file"); - OptionBuilder - .withDescription("base filename for the public/private key files"); + OptionBuilder.withDescription("base filename for the public/private key files"); opts.addOption(OptionBuilder.create('f')); OptionBuilder.hasArg(); @@ -151,14 +147,14 @@ public class KeyGen Logger rootLogger = Logger.getLogger(""); switch (value) { - case 0 : + case 0: rootLogger.setLevel(Level.OFF); break; - case 5 : - default : + case 5: + default: rootLogger.setLevel(Level.FINE); break; - case 6 : + case 6: rootLogger.setLevel(Level.ALL); break; } @@ -167,7 +163,7 @@ public class KeyGen if (cli.hasOption('k')) kskFlag = true; if (cli.hasOption('e')) useLargeE = true; - + outputfile = cli.getOptionValue('f'); if ((optstr = cli.getOptionValue('d')) != null) @@ -221,22 +217,22 @@ public class KeyGen private void addArgAlias(String s) { if (s == null) return; - + DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - + String[] v = s.split(":"); if (v.length < 2) return; - + int alias = parseInt(v[0], -1); if (alias <= 0) return; int orig = parseInt(v[1], -1); if (orig <= 0) return; String mn = null; if (v.length > 2) mn = v[2]; - + algs.addAlias(alias, mn, orig); } - + /** Print out the usage and help statements, then quit. */ private void usage() { @@ -245,14 +241,9 @@ public class KeyGen PrintWriter out = new PrintWriter(System.err); // print our own usage statement: - f.printHelp(out, - 75, - "jdnssec-keygen [..options..] name", - null, - opts, - HelpFormatter.DEFAULT_LEFT_PAD, - HelpFormatter.DEFAULT_DESC_PAD, - null); + f.printHelp(out, 75, "jdnssec-keygen [..options..] name", null, opts, + HelpFormatter.DEFAULT_LEFT_PAD, + HelpFormatter.DEFAULT_DESC_PAD, null); out.flush(); System.exit(64); @@ -262,8 +253,10 @@ public class KeyGen /** * This is just a convenience method for parsing integers from strings. * - * @param s the string to parse. - * @param def the default value, if the string doesn't parse. + * @param s + * the string to parse. + * @param def + * the default value, if the string doesn't parse. * @return the parsed integer, or the default. */ private static int parseInt(String s, int def) @@ -310,13 +303,9 @@ public class KeyGen + state.ttl + ", alg = " + state.algorithm + ", flags = " + flags + ", length = " + state.keylength + ")"); - DnsKeyPair pair = signer.generateKey(owner_name, - state.ttl, - DClass.IN, - state.algorithm, - flags, - state.keylength, - state.useLargeE); + DnsKeyPair pair = signer.generateKey(owner_name, state.ttl, DClass.IN, + state.algorithm, flags, + state.keylength, state.useLargeE); if (state.outputfile != null) { @@ -338,8 +327,7 @@ public class KeyGen } catch (UnrecognizedOptionException e) { - System.err.println("error: unknown option encountered: " - + e.getMessage()); + System.err.println("error: unknown option encountered: " + e.getMessage()); state.usage(); } catch (AlreadySelectedException e) diff --git a/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java b/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java index 95a0802..d51d496 100644 --- a/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java +++ b/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java @@ -32,8 +32,7 @@ import com.verisignlabs.dnssec.security.DnsKeyAlgorithm; import com.verisignlabs.dnssec.security.DnsKeyPair; /** - * This class forms the command line implementation of a DNSSEC DS/DLV - * generator + * This class forms the command line implementation of a DNSSEC DS/DLV generator * * @author David Blacka (original) * @author $Author: davidb $ @@ -49,7 +48,7 @@ public class KeyInfoTool private static class CLIState { private Options opts; - public String keyname = null; + public String keyname = null; public CLIState() { @@ -69,12 +68,16 @@ public class KeyInfoTool opts.addOption("h", "help", false, "Print this message."); // Argument options - opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") + opts.addOption(OptionBuilder.hasOptionalArg() + .withLongOpt("verbose") .withArgName("level") - .withDescription("verbosity level -- 0 is silence, " - + "5 is debug information, " + "6 is trace information.\n" - + "default is level 5.").create('v')); - + .withDescription( + "verbosity level -- 0 is silence, " + + "5 is debug information, " + + "6 is trace information.\n" + + "default is level 5.") + .create('v')); + OptionBuilder.hasArg(); OptionBuilder.withLongOpt("alg-alias"); OptionBuilder.withArgName("alias:original:mnemonic"); @@ -96,14 +99,14 @@ public class KeyInfoTool Logger rootLogger = Logger.getLogger(""); switch (value) { - case 0 : + case 0: rootLogger.setLevel(Level.OFF); break; - case 5 : - default : + case 5: + default: rootLogger.setLevel(Level.FINE); break; - case 6 : + case 6: rootLogger.setLevel(Level.ALL); break; } @@ -136,14 +139,9 @@ public class KeyInfoTool PrintWriter out = new PrintWriter(System.err); // print our own usage statement: - f.printHelp(out, - 75, - "jdnssec-keyinfo [..options..] keyfile", - null, - opts, - HelpFormatter.DEFAULT_LEFT_PAD, - HelpFormatter.DEFAULT_DESC_PAD, - null); + f.printHelp(out, 75, "jdnssec-keyinfo [..options..] keyfile", null, opts, + HelpFormatter.DEFAULT_LEFT_PAD, + HelpFormatter.DEFAULT_DESC_PAD, null); out.flush(); System.exit(64); @@ -153,8 +151,10 @@ public class KeyInfoTool /** * This is just a convenience method for parsing integers from strings. * - * @param s the string to parse. - * @param def the default value, if the string doesn't parse. + * @param s + * the string to parse. + * @param def + * the default value, if the string doesn't parse. * @return the parsed integer, or the default. */ private static int parseInt(String s, int def) @@ -169,48 +169,48 @@ public class KeyInfoTool return def; } } - + private static void addArgAlias(String s) { if (s == null) return; - + DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - + String[] v = s.split(":"); if (v.length < 2) return; - + int alias = parseInt(v[0], -1); if (alias <= 0) return; int orig = parseInt(v[1], -1); if (orig <= 0) return; String mn = null; if (v.length > 2) mn = v[2]; - + algs.addAlias(alias, mn, orig); } - - + public static void execute(CLIState state) throws Exception { DnsKeyPair key = BINDKeyUtils.loadKey(state.keyname, null); DNSKEYRecord dnskey = key.getDNSKEYRecord(); DnsKeyAlgorithm dnskeyalg = DnsKeyAlgorithm.getInstance(); - + boolean isSEP = (dnskey.getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0; - + System.out.println("Name: " + dnskey.getName()); System.out.println("SEP: " + isSEP); - - System.out.println("Algorithm: " + dnskeyalg.algToString(dnskey.getAlgorithm())); + + System.out.println("Algorithm: " + + dnskeyalg.algToString(dnskey.getAlgorithm())); System.out.println("ID: " + dnskey.getFootprint()); - if (dnskeyalg.baseType(dnskey.getAlgorithm()) == dnskeyalg.RSA) + if (dnskeyalg.baseType(dnskey.getAlgorithm()) == DnsKeyAlgorithm.RSA) { RSAPublicKey pub = (RSAPublicKey) key.getPublic(); System.out.println("RSA Public Exponent: " + pub.getPublicExponent()); System.out.println("RSA Modulus: " + pub.getModulus()); } - + } public static void main(String[] args) @@ -223,8 +223,7 @@ public class KeyInfoTool } catch (UnrecognizedOptionException e) { - System.err.println("error: unknown option encountered: " - + e.getMessage()); + System.err.println("error: unknown option encountered: " + e.getMessage()); state.usage(); } catch (AlreadySelectedException e) diff --git a/src/com/verisignlabs/dnssec/cl/VerifyZone.java b/src/com/verisignlabs/dnssec/cl/VerifyZone.java index ac4810a..b61ae87 100644 --- a/src/com/verisignlabs/dnssec/cl/VerifyZone.java +++ b/src/com/verisignlabs/dnssec/cl/VerifyZone.java @@ -36,8 +36,7 @@ import org.xbill.DNS.*; import com.verisignlabs.dnssec.security.*; /** - * This class forms the command line implementation of a DNSSEC zone - * validator. + * This class forms the command line implementation of a DNSSEC zone validator. * * @author David Blacka (original) * @author $Author$ @@ -75,26 +74,31 @@ public class VerifyZone // boolean options opts.addOption("h", "help", false, "Print this message."); - opts.addOption("s", - "strict", - false, - "Zone will only be considered valid if all " - + "signatures could be cryptographically verified"); + opts.addOption("s", "strict", false, + "Zone will only be considered valid if all " + + "signatures could be cryptographically verified"); // Argument options - opts.addOption(OptionBuilder.hasArg().withLongOpt("keydir") - .withArgName("dir").withDescription("directory to find " - + "trusted key files").create('d')); + opts.addOption(OptionBuilder.hasArg() + .withLongOpt("keydir") + .withArgName("dir") + .withDescription("directory to find " + "trusted key files") + .create('d')); - opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") + opts.addOption(OptionBuilder.hasOptionalArg() + .withLongOpt("verbose") .withArgName("level") - .withDescription("verbosity level -- 0 is silence, " - + "5 is debug information, 6 is trace information.\n" - + "default is level 5.").create('v')); + .withDescription( + "verbosity level -- 0 is silence, " + + "5 is debug information, 6 is trace information.\n" + + "default is level 5.") + .create('v')); opts.addOption(OptionBuilder.hasArg() - .withArgName("alias:original:mnemonic").withLongOpt("alg-alias") - .withDescription("Define an alias for an algorithm").create('A')); + .withArgName("alias:original:mnemonic") + .withLongOpt("alg-alias") + .withDescription("Define an alias for an algorithm") + .create('A')); } @@ -114,16 +118,16 @@ public class VerifyZone Logger rootLogger = Logger.getLogger(""); switch (value) { - case 0 : - rootLogger.setLevel(Level.OFF); - break; - case 5 : - default : - rootLogger.setLevel(Level.FINE); - break; - case 6 : - rootLogger.setLevel(Level.ALL); - break; + case 0: + rootLogger.setLevel(Level.OFF); + break; + case 5: + default: + rootLogger.setLevel(Level.FINE); + break; + case 6: + rootLogger.setLevel(Level.ALL); + break; } } @@ -142,7 +146,7 @@ public class VerifyZone addArgAlias(optstrs[i]); } } - + String[] cl_args = cli.getArgs(); if (cl_args.length < 1) @@ -163,22 +167,22 @@ public class VerifyZone private void addArgAlias(String s) { if (s == null) return; - + DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - + String[] v = s.split(":"); if (v.length < 2) return; - + int alias = parseInt(v[0], -1); if (alias <= 0) return; int orig = parseInt(v[1], -1); if (orig <= 0) return; String mn = null; if (v.length > 2) mn = v[2]; - + algs.addAlias(alias, mn, orig); } - + /** Print out the usage and help statements, then quit. */ public void usage() { @@ -187,14 +191,10 @@ public class VerifyZone PrintWriter out = new PrintWriter(System.err); // print our own usage statement: - f.printHelp(out, - 75, - "verifyZone.sh [..options..] zonefile " + "[keyfile [keyfile...]]", - null, - opts, - HelpFormatter.DEFAULT_LEFT_PAD, - HelpFormatter.DEFAULT_DESC_PAD, - null); + f.printHelp(out, 75, "verifyZone.sh [..options..] zonefile " + + "[keyfile [keyfile...]]", null, opts, + HelpFormatter.DEFAULT_LEFT_PAD, + HelpFormatter.DEFAULT_DESC_PAD, null); out.flush(); System.exit(64); @@ -204,8 +204,10 @@ public class VerifyZone /** * This is just a convenience method for parsing integers from strings. * - * @param s the string to parse. - * @param def the default value, if the string doesn't parse. + * @param s + * the string to parse. + * @param def + * the default value, if the string doesn't parse. * @return the parsed integer, or the default. */ private static int parseInt(String s, int def) @@ -327,19 +329,19 @@ public class VerifyZone switch (result) { - case DNSSEC.Failed : + case DNSSEC.Failed: + System.out.println("zone did not verify."); + System.exit(1); + break; + case DNSSEC.Insecure: + if (state.strict) + { System.out.println("zone did not verify."); System.exit(1); - break; - case DNSSEC.Insecure : - if (state.strict) - { - System.out.println("zone did not verify."); - System.exit(1); - } - case DNSSEC.Secure : - System.out.println("zone verified."); - break; + } + case DNSSEC.Secure: + System.out.println("zone verified."); + break; } System.exit(0); } @@ -354,8 +356,7 @@ public class VerifyZone } catch (UnrecognizedOptionException e) { - System.err.println("error: unknown option encountered: " - + e.getMessage()); + System.err.println("error: unknown option encountered: " + e.getMessage()); state.usage(); } catch (AlreadySelectedException e) diff --git a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java index c5b095a..3643a02 100644 --- a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java +++ b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java @@ -56,7 +56,7 @@ public class ZoneFormat private static class CLIState { private org.apache.commons.cli.Options opts; - public String file; + public String file; public CLIState() { @@ -79,16 +79,16 @@ public class ZoneFormat Logger rootLogger = Logger.getLogger(""); switch (value) { - case 0 : - rootLogger.setLevel(Level.OFF); - break; - case 5 : - default : - rootLogger.setLevel(Level.FINE); - break; - case 6 : - rootLogger.setLevel(Level.ALL); - break; + case 0: + rootLogger.setLevel(Level.OFF); + break; + case 5: + default: + rootLogger.setLevel(Level.FINE); + break; + case 6: + rootLogger.setLevel(Level.ALL); + break; } } @@ -133,14 +133,9 @@ public class ZoneFormat PrintWriter out = new PrintWriter(System.err); // print our own usage statement: - f.printHelp(out, - 75, - "jdnssec-zoneformat [..options..] zonefile", - null, - opts, - HelpFormatter.DEFAULT_LEFT_PAD, - HelpFormatter.DEFAULT_DESC_PAD, - null); + f.printHelp(out, 75, "jdnssec-zoneformat [..options..] zonefile", null, + opts, HelpFormatter.DEFAULT_LEFT_PAD, + HelpFormatter.DEFAULT_DESC_PAD, null); out.flush(); System.exit(64); @@ -150,8 +145,10 @@ public class ZoneFormat /** * This is just a convenience method for parsing integers from strings. * - * @param s the string to parse. - * @param def the default value, if the string doesn't parse. + * @param s + * the string to parse. + * @param def + * the default value, if the string doesn't parse. * @return the parsed integer, or the default. */ private static int parseInt(String s, int def) @@ -194,13 +191,14 @@ public class ZoneFormat RecordComparator cmp = new RecordComparator(); Collections.sort(zone, cmp); - - for (Iterator i = zone.iterator(); i.hasNext(); ) + + for (Iterator i = zone.iterator(); i.hasNext();) { Record r = (Record) i.next(); System.out.println(r.toString()); } } + private static void execute(CLIState state) throws IOException { List z = readZoneFile(state.file); @@ -217,8 +215,7 @@ public class ZoneFormat } catch (UnrecognizedOptionException e) { - System.err.println("error: unknown option encountered: " - + e.getMessage()); + System.err.println("error: unknown option encountered: " + e.getMessage()); state.usage(); } catch (AlreadySelectedException e) diff --git a/src/com/verisignlabs/dnssec/security/BINDKeyUtils.java b/src/com/verisignlabs/dnssec/security/BINDKeyUtils.java index 6345a17..48ef713 100644 --- a/src/com/verisignlabs/dnssec/security/BINDKeyUtils.java +++ b/src/com/verisignlabs/dnssec/security/BINDKeyUtils.java @@ -119,7 +119,7 @@ public class BINDKeyUtils key_buf.append('\n'); } in.close(); - + return key_buf.toString().trim(); } @@ -138,18 +138,23 @@ public class BINDKeyUtils } /** - * Given the information necessary to construct the path to a BIND9 - * generated key pair, load the key pair. + * Given the information necessary to construct the path to a BIND9 generated + * key pair, load the key pair. * - * @param signer the DNS name of the key. - * @param algorithm the DNSSEC algorithm of the key. - * @param keyid the DNSSEC key footprint. - * @param inDirectory the directory to look for the files (may be null). + * @param signer + * the DNS name of the key. + * @param algorithm + * the DNSSEC algorithm of the key. + * @param keyid + * the DNSSEC key footprint. + * @param inDirectory + * the directory to look for the files (may be null). * @return the loaded key pair. - * @throws IOException if there was a problem reading the BIND9 files. + * @throws IOException + * if there was a problem reading the BIND9 files. */ public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid, - File inDirectory) throws IOException + File inDirectory) throws IOException { String keyFileBase = getKeyFileBase(signer, algorithm, keyid); @@ -159,15 +164,17 @@ public class BINDKeyUtils /** * Given a base path to a BIND9 key pair, load the key pair. * - * @param keyFileBasePath the base filename (or real filename for either the - * public or private key) of the key. - * @param inDirectory the directory to look in, if the keyFileBasePath is - * relative. + * @param keyFileBasePath + * the base filename (or real filename for either the public or + * private key) of the key. + * @param inDirectory + * the directory to look in, if the keyFileBasePath is relative. * @return the loaded key pair. - * @throws IOException if there was a problem reading the files + * @throws IOException + * if there was a problem reading the files */ - public static DnsKeyPair loadKeyPair(String keyFileBasePath, - File inDirectory) throws IOException + public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory) + throws IOException { keyFileBasePath = fixKeyFileBasePath(keyFileBasePath); // FIXME: should we throw the IOException when one of the files @@ -190,12 +197,13 @@ public class BINDKeyUtils * Given a base path to a BIND9 key pair, load the public part (only) of the * key pair * - * @param keyFileBasePath the base or real path to the public part of a key - * pair. - * @param inDirectory the directory to look in if the path is relative (may - * be null). + * @param keyFileBasePath + * the base or real path to the public part of a key pair. + * @param inDirectory + * the directory to look in if the path is relative (may be null). * @return a {@link DnsKeyPair} containing just the public key information. - * @throws IOException if there was a problem reading the public key file. + * @throws IOException + * if there was a problem reading the public key file. */ public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory) throws IOException @@ -212,15 +220,18 @@ public class BINDKeyUtils } /** - * Load a BIND keyset file. The BIND 9 dnssec tools typically call these - * files "keyset-[signer]." where [signer] is the DNS owner name of the key. - * The keyset may be signed, but doesn't have to be. + * Load a BIND keyset file. The BIND 9 dnssec tools typically call these files + * "keyset-[signer]." where [signer] is the DNS owner name of the key. The + * keyset may be signed, but doesn't have to be. * - * @param keysetFileName the name of the keyset file. - * @param inDirectory the directory to look in if the path is relative (may - * be null, defaults to the current working directory). + * @param keysetFileName + * the name of the keyset file. + * @param inDirectory + * the directory to look in if the path is relative (may be null, + * defaults to the current working directory). * @return a RRset contain the KEY records and any associated SIG records. - * @throws IOException if there was a problem reading the keyset file. + * @throws IOException + * if there was a problem reading the keyset file. */ public static RRset loadKeySet(String keysetFileName, File inDirectory) throws IOException @@ -242,8 +253,8 @@ public class BINDKeyUtils /** * Calculate the key file base for this key pair. * - * @param pair the {@link DnsKeyPair} to work from. It only needs a public - * key. + * @param pair + * the {@link DnsKeyPair} to work from. It only needs a public key. * @return the base name of the key files. */ public static String keyFileBase(DnsKeyPair pair) @@ -251,9 +262,8 @@ public class BINDKeyUtils DNSKEYRecord keyrec = pair.getDNSKEYRecord(); if (keyrec == null) return null; - return getKeyFileBase(keyrec.getName(), - keyrec.getAlgorithm(), - keyrec.getFootprint()); + return getKeyFileBase(keyrec.getName(), keyrec.getAlgorithm(), + keyrec.getFootprint()); } /** @@ -281,10 +291,11 @@ public class BINDKeyUtils } /** - * Given a the contents of a BIND9 private key file, convert it into a - * native {@link java.security.PrivateKey} object. + * Given a the contents of a BIND9 private key file, convert it into a native + * {@link java.security.PrivateKey} object. * - * @param privateKeyString the contents of a BIND9 key file in string form. + * @param privateKeyString + * the contents of a BIND9 key file in string form. * @return a {@link java.security.PrivateKey} */ public static PrivateKey convertPrivateKeyString(String privateKeyString) @@ -314,13 +325,14 @@ public class BINDKeyUtils * Given a native private key, convert it into a BIND9 private key file * format. * - * @param priv the private key to convert. - * @param pub the private key's corresponding public key. Some algorithms + * @param priv + * the private key to convert. + * @param pub + * the private key's corresponding public key. Some algorithms * require information from both. * @return a string containing the contents of a BIND9 private key file. */ - public static String convertPrivateKey(PrivateKey priv, PublicKey pub, - int alg) + public static String convertPrivateKey(PrivateKey priv, PublicKey pub, int alg) { if (priv != null) { @@ -337,9 +349,8 @@ public class BINDKeyUtils /** * Convert the KEY record to the exact string format that the dnssec-* - * routines need. Currently, the DNSJAVA package uses a multiline mode for - * its record formatting. The BIND9 tools require everything on a single - * line. + * routines need. Currently, the DNSJAVA package uses a multiline mode for its + * record formatting. The BIND9 tools require everything on a single line. */ private static String DNSKEYtoString(DNSKEYRecord rec) { @@ -361,23 +372,26 @@ public class BINDKeyUtils /** * This routine will write out the BIND9 dnssec-* tool compatible files. * - * @param baseFileName use this base file name. If null, the standard BIND9 - * base file name will be computed. - * @param pair the keypair in question. - * @param inDirectory the directory to write to (may be null). - * @throws IOException if there is a problem writing the files. + * @param baseFileName + * use this base file name. If null, the standard BIND9 base file + * name will be computed. + * @param pair + * the keypair in question. + * @param inDirectory + * the directory to write to (may be null). + * @throws IOException + * if there is a problem writing the files. */ public static void writeKeyFiles(String baseFileName, DnsKeyPair pair, - File inDirectory) throws IOException + File inDirectory) throws IOException { DNSKEYRecord pub = pair.getDNSKEYRecord(); String priv = pair.getPrivateKeyString(); if (priv == null) { - priv = convertPrivateKey(pair.getPrivate(), - pair.getPublic(), - pair.getDNSKEYAlgorithm()); + priv = convertPrivateKey(pair.getPrivate(), pair.getPublic(), + pair.getDNSKEYAlgorithm()); } if (pub == null || priv == null) return; @@ -397,11 +411,13 @@ public class BINDKeyUtils } /** - * This routine will write out the BIND9 dnssec-* tool compatible files to - * the standard file names. + * This routine will write out the BIND9 dnssec-* tool compatible files to the + * standard file names. * - * @param pair the key pair in question. - * @param inDirectory the directory to write to (may be null). + * @param pair + * the key pair in question. + * @param inDirectory + * the directory to write to (may be null). */ public static void writeKeyFiles(DnsKeyPair pair, File inDirectory) throws IOException diff --git a/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java b/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java index fa6df76..273010a 100644 --- a/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java +++ b/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java @@ -21,9 +21,9 @@ package com.verisignlabs.dnssec.security; import java.util.Comparator; /** - * This class implements a basic comparitor for byte arrays. It is primarily - * useful for comparing RDATA portions of DNS records in doing DNSSEC - * canonical ordering. + * This class implements a basic comparator for byte arrays. It is primarily + * useful for comparing RDATA portions of DNS records in doing DNSSEC canonical + * ordering. * * @author David Blacka (original) * @author $Author$ diff --git a/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java b/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java index 99d9a7e..20670ea 100644 --- a/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java +++ b/src/com/verisignlabs/dnssec/security/DnsKeyConverter.java @@ -77,7 +77,6 @@ public class DnsKeyConverter { if (pKeyRecord.getKey() == null) return null; - // FIXME: this won't work at all with alg aliases. // For now, instead of re-implementing parseRecord (or adding this stuff // to DNSjava), we will just translate the algorithm back to a standard // algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1. diff --git a/src/com/verisignlabs/dnssec/security/DnsKeyPair.java b/src/com/verisignlabs/dnssec/security/DnsKeyPair.java index 3fcd00b..802cba6 100644 --- a/src/com/verisignlabs/dnssec/security/DnsKeyPair.java +++ b/src/com/verisignlabs/dnssec/security/DnsKeyPair.java @@ -26,10 +26,10 @@ import org.xbill.DNS.*; /** * This class forms the basis for representing public/private key pairs in a - * DNSSEC context. It is possible to get a JCA public and private key from - * this object, as well as a DNSKEYRecord encoding of the public key. This - * class is implemented as a UNION of all the functionality needed for handing - * native java, BIND, and possibly other underlying DNSKEY engines. + * DNSSEC context. It is possible to get a JCA public and private key from this + * object, as well as a DNSKEYRecord encoding of the public key. This class is + * implemented as a UNION of all the functionality needed for handing native + * java, BIND, and possibly other underlying DNSKEY engines. * * JCA == Java Cryptography Architecture. * @@ -47,8 +47,8 @@ public class DnsKeyPair protected DNSKEYRecord mPublicKeyRecord; /** - * This is a precalcuated cache of the KEYRecord converted into a JCA public - * key. + * This is a pre-calculated cache of the DNSKEYRecord converted into a JCA + * public key. */ private PublicKey mPublicKey; @@ -59,8 +59,8 @@ public class DnsKeyPair protected String mPrivateKeyString; /** - * The private key in JCA format. This is the base encoding for instances - * were JCA private keys are used. + * The private key in JCA format. This is the base encoding for instances where + * JCA private keys are used. */ protected PrivateKey mPrivateKey; @@ -73,7 +73,7 @@ public class DnsKeyPair protected Signature mSigner; /** - * a caches Signature used for verifying (intialized with the public key) + * a caches Signature used for verifying (initialized with the public key) */ protected Signature mVerifier; @@ -113,12 +113,8 @@ public class DnsKeyPair this(); DnsKeyConverter conv = new DnsKeyConverter(); - DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, - DClass.IN, - 0, - 0, - algorithm, - publicKey); + DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DClass.IN, 0, 0, + algorithm, publicKey); setDNSKEYRecord(keyrec); setPrivate(privateKey); } @@ -208,9 +204,8 @@ public class DnsKeyPair if (mPrivateKeyString == null && mPrivateKey != null) { PublicKey pub = getPublic(); - mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, - pub, - getDNSKEYAlgorithm()); + mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, pub, + getDNSKEYAlgorithm()); } return mPrivateKeyString; @@ -231,9 +226,9 @@ public class DnsKeyPair } /** - * Sets the private key from the encoded form (PKCS#8). This routine - * requires that the public key already be assigned. Currently it can only - * handle DSA and RSA keys. + * Sets the private key from the encoded form (PKCS#8). This routine requires + * that the public key already be assigned. Currently it can only handle DSA + * and RSA keys. */ public void setEncodedPrivate(byte[] encoded) { @@ -275,7 +270,7 @@ public class DnsKeyPair } else { - // do not return an unitialized signer. + // do not return an uninitialized signer. return null; } } @@ -301,11 +296,12 @@ public class DnsKeyPair mVerifier.initVerify(pk); } catch (InvalidKeyException e) - {} + { + } } else { - // do not return an unitialized verifier + // do not return an uninitialized verifier return null; } } diff --git a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java index 8a59c10..03fcf72 100644 --- a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java +++ b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java @@ -95,10 +95,7 @@ public class DnsSecVerifier implements Verifier { DnsKeyPair p = (DnsKeyPair) i.next(); if (p.getDNSKEYAlgorithm() == algorithm - && p.getDNSKEYFootprint() == keyid) - { - return p; - } + && p.getDNSKEYFootprint() == keyid) { return p; } } return null; } @@ -154,7 +151,7 @@ public class DnsSecVerifier implements Verifier } private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm, - int footprint) + int footprint) { RRset[] keysets = cache.findAnyRecords(name, Type.KEY); if (keysets == null) return null; @@ -167,17 +164,15 @@ public class DnsSecVerifier implements Verifier if (!(o instanceof DNSKEYRecord)) continue; DNSKEYRecord keyrec = (DNSKEYRecord) o; if (keyrec.getAlgorithm() == algorithm - && keyrec.getFootprint() == footprint) - { - return new DnsKeyPair(keyrec, (PrivateKey) null); - } + && keyrec.getFootprint() == footprint) { return new DnsKeyPair( + keyrec, (PrivateKey) null); } } return null; } private DnsKeyPair findKey(Cache cache, Name name, int algorithm, - int footprint) + int footprint) { DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint); if (pair == null && cache != null) @@ -238,9 +233,9 @@ public class DnsSecVerifier implements Verifier /** * Verify an RRset against a particular signature. * - * @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did - * not verify (for any reason), and DNSSEC.Insecure if verification - * could not be completed (usually because the public key was not + * @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did not + * verify (for any reason), and DNSSEC.Insecure if verification could + * not be completed (usually because the public key was not * available). */ public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache) @@ -248,10 +243,8 @@ public class DnsSecVerifier implements Verifier byte result = validateSignature(rrset, sigrec); if (result != DNSSEC.Secure) return result; - DnsKeyPair keypair = findKey(cache, - sigrec.getSigner(), - sigrec.getAlgorithm(), - sigrec.getFootprint()); + DnsKeyPair keypair = findKey(cache, sigrec.getSigner(), + sigrec.getAlgorithm(), sigrec.getFootprint()); if (keypair == null) { @@ -264,17 +257,17 @@ public class DnsSecVerifier implements Verifier byte[] data = SignUtils.generateSigData(rrset, sigrec); DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance(); - + Signature signer = keypair.getVerifier(); signer.update(data); byte[] sig = sigrec.getSignature(); - + if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.DSA) { sig = SignUtils.convertDSASignature(sig); } - + if (!signer.verify(sig)) { log.info("Signature failed to verify cryptographically"); @@ -299,8 +292,8 @@ public class DnsSecVerifier implements Verifier /** * Verifies an RRset. This routine does not modify the RRset. * - * @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, - * and DNSSEC.Insecure if verification could not complete. + * @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and + * DNSSEC.Insecure if verification could not complete. */ public int verify(RRset rrset, Cache cache) { diff --git a/src/com/verisignlabs/dnssec/security/RecordComparator.java b/src/com/verisignlabs/dnssec/security/RecordComparator.java index dcdf0ea..6cac562 100644 --- a/src/com/verisignlabs/dnssec/security/RecordComparator.java +++ b/src/com/verisignlabs/dnssec/security/RecordComparator.java @@ -26,10 +26,9 @@ import org.xbill.DNS.Record; import org.xbill.DNS.Type; /** - * This class implements a comparison operator for {@link - * org.xbill.DNS.Record} objects. It imposes a canonical order consistent with - * DNSSEC. It does not put records within a RRset into canonical order: see - * {@link ByteArrayComparator}. + * This class implements a comparison operator for {@link org.xbill.DNS.Record} + * objects. It imposes a canonical order consistent with DNSSEC. It does not put + * records within a RRset into canonical order: see {@link ByteArrayComparator}. * * @author David Blacka (original) * @author $Author$ @@ -43,8 +42,8 @@ public class RecordComparator implements Comparator } /** - * In general, types are compared numerically. However, SOA and NS are - * ordered before the rest. + * In general, types are compared numerically. However, SOA and NS are ordered + * before the rest. */ private int compareTypes(int a, int b) { @@ -64,15 +63,15 @@ public class RecordComparator implements Comparator { byte[] a_rdata = a.rdataToWireCanonical(); byte[] b_rdata = b.rdataToWireCanonical(); - - for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++) + + for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++) { int n = (a_rdata[i] & 0xFF) - (b_rdata[i] & 0xFF); if (n != 0) return n; } return (a_rdata.length - b_rdata.length); } - + public int compare(Object o1, Object o2) throws ClassCastException { Record a = (Record) o1; diff --git a/src/com/verisignlabs/dnssec/security/SHA256.java b/src/com/verisignlabs/dnssec/security/SHA256.java index 9274976..c90235c 100644 --- a/src/com/verisignlabs/dnssec/security/SHA256.java +++ b/src/com/verisignlabs/dnssec/security/SHA256.java @@ -56,7 +56,7 @@ public class SHA256 } // Constants "K" - private static final int K[] = {0x428a2f98, 0x71374491, 0xb5c0fbcf, + private static final int K[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, @@ -67,7 +67,7 @@ public class SHA256 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, - 0xc67178f2 }; + 0xc67178f2 }; private int digest[] = new int[8]; private byte data[]; @@ -160,11 +160,11 @@ public class SHA256 int aBlock[]; byte byteBlock[]; -// for (int n = 0; n < data.length; n++) -// { -// System.out.print(Integer.toHexString(data[n]) + " "); -// } -// System.out.println("\n\n"); + // for (int n = 0; n < data.length; n++) + // { + // System.out.print(Integer.toHexString(data[n]) + " "); + // } + // System.out.println("\n\n"); if (data.length > 64) { int n = data.length / 64; @@ -200,8 +200,7 @@ public class SHA256 } /* - * this is the method that actually performs the digest and returns the - * result + * this is the method that actually performs the digest and returns the result */ private void transform(int block[]) { @@ -242,14 +241,14 @@ public class SHA256 B = A; A = T1 + T2; -// System.out.println("A: " + Integer.toHexString(A)); -// System.out.println("B: " + Integer.toHexString(B)); -// System.out.println("C: " + Integer.toHexString(C)); -// System.out.println("D: " + Integer.toHexString(D)); -// System.out.println("E: " + Integer.toHexString(E)); -// System.out.println("F: " + Integer.toHexString(F)); -// System.out.println("G: " + Integer.toHexString(G)); -// System.out.println("H: " + Integer.toHexString(H) + "\n"); + // System.out.println("A: " + Integer.toHexString(A)); + // System.out.println("B: " + Integer.toHexString(B)); + // System.out.println("C: " + Integer.toHexString(C)); + // System.out.println("D: " + Integer.toHexString(D)); + // System.out.println("E: " + Integer.toHexString(E)); + // System.out.println("F: " + Integer.toHexString(F)); + // System.out.println("G: " + Integer.toHexString(G)); + // System.out.println("H: " + Integer.toHexString(H) + "\n"); } diff --git a/src/com/verisignlabs/dnssec/security/TypeMap.java b/src/com/verisignlabs/dnssec/security/TypeMap.java index 56c534c..06caf83 100644 --- a/src/com/verisignlabs/dnssec/security/TypeMap.java +++ b/src/com/verisignlabs/dnssec/security/TypeMap.java @@ -12,8 +12,8 @@ import org.xbill.DNS.DNSOutput; import org.xbill.DNS.Type; /** - * This class represents the multiple type maps of the NSEC record. Currently - * it is just used to convert the wire format type map to the int array that + * This class represents the multiple type maps of the NSEC record. Currently it + * is just used to convert the wire format type map to the int array that * org.xbill.DNS.NSECRecord uses. */ @@ -59,8 +59,8 @@ public class TypeMap } /** - * Given an array of bytes representing a wire-format type map, construct - * the TypeMap object. + * Given an array of bytes representing a wire-format type map, construct the + * TypeMap object. */ public static TypeMap fromBytes(byte[] map) { @@ -109,7 +109,7 @@ public class TypeMap } protected static void mapToWire(DNSOutput out, int[] types, int base, - int start, int end) + int start, int end) { // calculate the length of this map by looking at the largest // typecode in this section. diff --git a/src/com/verisignlabs/dnssec/security/ZoneUtils.java b/src/com/verisignlabs/dnssec/security/ZoneUtils.java index 30810ea..16fca12 100644 --- a/src/com/verisignlabs/dnssec/security/ZoneUtils.java +++ b/src/com/verisignlabs/dnssec/security/ZoneUtils.java @@ -33,7 +33,6 @@ import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; - /** * This class contains a bunch of utility methods that are generally useful in * manipulating zones. @@ -48,11 +47,14 @@ public class ZoneUtils /** * Load a zone file. * - * @param zonefile the filename/path of the zonefile to read. - * @param origin the origin to use for the zonefile (may be null if the - * origin is specified in the zone file itself). + * @param zonefile + * the filename/path of the zonefile to read. + * @param origin + * the origin to use for the zonefile (may be null if the origin is + * specified in the zone file itself). * @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects. - * @throws IOException if something goes wrong reading the zone file. + * @throws IOException + * if something goes wrong reading the zone file. */ public static List readZoneFile(String zonefile, Name origin) throws IOException @@ -73,10 +75,11 @@ public class ZoneUtils /** * Write the records out into a zone file. * - * @param records a {@link java.util.List} of {@link org.xbill.DNS.Record} - * objects forming a zone. - * @param zonefile the file to write to. If null or equal to "-", System.out - * is used. + * @param records + * a {@link java.util.List} of {@link org.xbill.DNS.Record} objects + * forming a zone. + * @param zonefile + * the file to write to. If null or equal to "-", System.out is used. */ public static void writeZoneFile(List records, String zonefile) throws IOException @@ -103,8 +106,9 @@ public class ZoneUtils /** * Given just the list of records, determine the zone name (origin). * - * @param records a list of {@link org.xbill.DNS.Record} or {@link - * org.xbill.DNS.RRset} objects. + * @param records + * a list of {@link org.xbill.DNS.Record} or + * {@link org.xbill.DNS.RRset} objects. * @return the zone name, if found. null if one couldn't be found.q */ public static Name findZoneName(List records)