davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Formatting (from a new Eclipse, for better or worse)

Browse Source 
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
2009-02-02 05:01:03 +00:00
parent 3f1787695d
commit ccb1ffb7e5
18 changed files with 658 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
src/com/verisignlabs/dnssec/cl/DSTool.java
View File

@@ -35,8 +35,7 @@ import com.verisignlabs.dnssec.security.DnsKeyPair;
import com.verisignlabs.dnssec.security.SignUtils;
/**
* This class forms the command line implementation of a DNSSEC DS/DLV
* generator
* This class forms the command line implementation of a DNSSEC DS/DLV generator
*
* @author David Blacka (original)
* @author $Author: davidb $
@@ -76,19 +75,22 @@ public class DSTool
opts.addOption("h", "help", false, "Print this message.");
opts.addOption(OptionBuilder.withLongOpt("dlv")
.withDescription("Generate a DLV record instead.").create());
.withDescription("Generate a DLV record instead.")
.create());
// Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, " + "6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription("verbosity level -- 0 is silence, 5 is debug information, 6 is trace information.\n"
+ "default is level 5.")
.create('v'));
opts.addOption(OptionBuilder.hasArg().withLongOpt("digest")
opts.addOption(OptionBuilder.hasArg()
.withLongOpt("digest")
.withArgName("id")
.withDescription("The Digest ID to use (numerically): "
+ "either 1 for SHA1 or 2 for SHA256").create('d'));
.withDescription("The Digest ID to use (numerically): either 1 for SHA1 or 2 for SHA256")
.create('d'));
}
public void parseCommandLine(String[] args)
@@ -105,14 +107,14 @@ public class DSTool
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@@ -142,14 +144,9 @@ public class DSTool
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-dstool [..options..] keyfile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-dstool [..options..] keyfile", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@@ -159,8 +156,10 @@ public class DSTool
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@@ -187,17 +186,16 @@ public class DSTool
log.warning("DNSKEY is not an SEP-flagged key.");
}
DSRecord ds = SignUtils.calculateDSRecord(dnskey,
state.digest_id,
dnskey.getTTL());
DSRecord ds = SignUtils.calculateDSRecord(dnskey, state.digest_id,
dnskey.getTTL());
Record res = ds;
if (state.createDLV)
{
log.fine("creating DLV.");
DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(),
ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(),
ds.getDigestID(), ds.getDigest());
DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), ds.getTTL(),
ds.getFootprint(), ds.getAlgorithm(),
ds.getDigestID(), ds.getDigest());
res = dlv;
}
@@ -223,14 +221,13 @@ public class DSTool
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)
{
System.err.println("error: mutually exclusive options have "
+ "been selected:\n " + e.getMessage());
System.err.println("error: mutually exclusive options have been selected:\n "
+ e.getMessage());
state.usage();
}
catch (Exception e)

66
src/com/verisignlabs/dnssec/cl/KeyGen.java
View File

@@ -78,12 +78,10 @@ public class KeyGen
// boolean options
opts.addOption("h", "help", false, "Print this message.");
opts.addOption("k",
"kskflag",
false,
"Key is a key-signing-key (sets the SEP flag).");
opts.addOption("k", "kskflag", false,
"Key is a key-signing-key (sets the SEP flag).");
opts.addOption("e", "large-exponent", false, "Use large RSA exponent");
// Argument options
OptionBuilder.hasArg();
OptionBuilder.withLongOpt("nametype");
@@ -101,9 +99,8 @@ public class KeyGen
OptionBuilder.hasArg();
OptionBuilder.withArgName("algorithm");
OptionBuilder
.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, "
+ "RSASHA1 is default.");
OptionBuilder.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, "
+ "RSASHA1 is default.");
opts.addOption(OptionBuilder.create('a'));
OptionBuilder.hasArg();
@@ -117,8 +114,7 @@ public class KeyGen
OptionBuilder.hasArg();
OptionBuilder.withArgName("file");
OptionBuilder.withLongOpt("output-file");
OptionBuilder
.withDescription("base filename for the public/private key files");
OptionBuilder.withDescription("base filename for the public/private key files");
opts.addOption(OptionBuilder.create('f'));
OptionBuilder.hasArg();
@@ -151,14 +147,14 @@ public class KeyGen
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@@ -167,7 +163,7 @@ public class KeyGen
if (cli.hasOption('k')) kskFlag = true;
if (cli.hasOption('e')) useLargeE = true;
outputfile = cli.getOptionValue('f');
if ((optstr = cli.getOptionValue('d')) != null)
@@ -221,22 +217,22 @@ public class KeyGen
private void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
/** Print out the usage and help statements, then quit. */
private void usage()
{
@@ -245,14 +241,9 @@ public class KeyGen
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-keygen [..options..] name",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-keygen [..options..] name", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@@ -262,8 +253,10 @@ public class KeyGen
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@@ -310,13 +303,9 @@ public class KeyGen
+ state.ttl + ", alg = " + state.algorithm + ", flags = " + flags
+ ", length = " + state.keylength + ")");
DnsKeyPair pair = signer.generateKey(owner_name,
state.ttl,
DClass.IN,
state.algorithm,
flags,
state.keylength,
state.useLargeE);
DnsKeyPair pair = signer.generateKey(owner_name, state.ttl, DClass.IN,
state.algorithm, flags,
state.keylength, state.useLargeE);
if (state.outputfile != null)
{
@@ -338,8 +327,7 @@ public class KeyGen
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

73
src/com/verisignlabs/dnssec/cl/KeyInfoTool.java
View File

@@ -32,8 +32,7 @@ import com.verisignlabs.dnssec.security.DnsKeyAlgorithm;
import com.verisignlabs.dnssec.security.DnsKeyPair;
/**
* This class forms the command line implementation of a DNSSEC DS/DLV
* generator
* This class forms the command line implementation of a DNSSEC DS/DLV generator
*
* @author David Blacka (original)
* @author $Author: davidb $
@@ -49,7 +48,7 @@ public class KeyInfoTool
private static class CLIState
{
private Options opts;
public String keyname = null;
public String keyname = null;
public CLIState()
{
@@ -69,12 +68,16 @@ public class KeyInfoTool
opts.addOption("h", "help", false, "Print this message.");
// Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, " + "6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription(
"verbosity level -- 0 is silence, "
+ "5 is debug information, "
+ "6 is trace information.\n"
+ "default is level 5.")
.create('v'));
OptionBuilder.hasArg();
OptionBuilder.withLongOpt("alg-alias");
OptionBuilder.withArgName("alias:original:mnemonic");
@@ -96,14 +99,14 @@ public class KeyInfoTool
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6 :
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
@@ -136,14 +139,9 @@ public class KeyInfoTool
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-keyinfo [..options..] keyfile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-keyinfo [..options..] keyfile", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@@ -153,8 +151,10 @@ public class KeyInfoTool
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@@ -169,48 +169,48 @@ public class KeyInfoTool
return def;
}
}
private static void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
public static void execute(CLIState state) throws Exception
{
DnsKeyPair key = BINDKeyUtils.loadKey(state.keyname, null);
DNSKEYRecord dnskey = key.getDNSKEYRecord();
DnsKeyAlgorithm dnskeyalg = DnsKeyAlgorithm.getInstance();
boolean isSEP = (dnskey.getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0;
System.out.println("Name: " + dnskey.getName());
System.out.println("SEP: " + isSEP);
System.out.println("Algorithm: " + dnskeyalg.algToString(dnskey.getAlgorithm()));
System.out.println("Algorithm: "
+ dnskeyalg.algToString(dnskey.getAlgorithm()));
System.out.println("ID: " + dnskey.getFootprint());
if (dnskeyalg.baseType(dnskey.getAlgorithm()) == dnskeyalg.RSA)
if (dnskeyalg.baseType(dnskey.getAlgorithm()) == DnsKeyAlgorithm.RSA)
{
RSAPublicKey pub = (RSAPublicKey) key.getPublic();
System.out.println("RSA Public Exponent: " + pub.getPublicExponent());
System.out.println("RSA Modulus: " + pub.getModulus());
}
}
public static void main(String[] args)
@@ -223,8 +223,7 @@ public class KeyInfoTool
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

111
src/com/verisignlabs/dnssec/cl/VerifyZone.java
View File

@@ -36,8 +36,7 @@ import org.xbill.DNS.*;
import com.verisignlabs.dnssec.security.*;
/**
* This class forms the command line implementation of a DNSSEC zone
* validator.
* This class forms the command line implementation of a DNSSEC zone validator.
*
* @author David Blacka (original)
* @author $Author$
@@ -75,26 +74,31 @@ public class VerifyZone
// boolean options
opts.addOption("h", "help", false, "Print this message.");
opts.addOption("s",
"strict",
false,
"Zone will only be considered valid if all "
+ "signatures could be cryptographically verified");
opts.addOption("s", "strict", false,
"Zone will only be considered valid if all "
+ "signatures could be cryptographically verified");
// Argument options
opts.addOption(OptionBuilder.hasArg().withLongOpt("keydir")
.withArgName("dir").withDescription("directory to find "
+ "trusted key files").create('d'));
opts.addOption(OptionBuilder.hasArg()
.withLongOpt("keydir")
.withArgName("dir")
.withDescription("directory to find " + "trusted key files")
.create('d'));
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose")
opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level")
.withDescription("verbosity level -- 0 is silence, "
+ "5 is debug information, 6 is trace information.\n"
+ "default is level 5.").create('v'));
.withDescription(
"verbosity level -- 0 is silence, "
+ "5 is debug information, 6 is trace information.\n"
+ "default is level 5.")
.create('v'));
opts.addOption(OptionBuilder.hasArg()
.withArgName("alias:original:mnemonic").withLongOpt("alg-alias")
.withDescription("Define an alias for an algorithm").create('A'));
.withArgName("alias:original:mnemonic")
.withLongOpt("alg-alias")
.withDescription("Define an alias for an algorithm")
.create('A'));
}
@@ -114,16 +118,16 @@ public class VerifyZone
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
rootLogger.setLevel(Level.FINE);
break;
case 6 :
rootLogger.setLevel(Level.ALL);
break;
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
}
@@ -142,7 +146,7 @@ public class VerifyZone
addArgAlias(optstrs[i]);
}
}
String[] cl_args = cli.getArgs();
if (cl_args.length < 1)
@@ -163,22 +167,22 @@ public class VerifyZone
private void addArgAlias(String s)
{
if (s == null) return;
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
String[] v = s.split(":");
if (v.length < 2) return;
int alias = parseInt(v[0], -1);
if (alias <= 0) return;
int orig = parseInt(v[1], -1);
if (orig <= 0) return;
String mn = null;
if (v.length > 2) mn = v[2];
algs.addAlias(alias, mn, orig);
}
/** Print out the usage and help statements, then quit. */
public void usage()
{
@@ -187,14 +191,10 @@ public class VerifyZone
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"verifyZone.sh [..options..] zonefile " + "[keyfile [keyfile...]]",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "verifyZone.sh [..options..] zonefile "
+ "[keyfile [keyfile...]]", null, opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@@ -204,8 +204,10 @@ public class VerifyZone
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@@ -327,19 +329,19 @@ public class VerifyZone
switch (result)
{
case DNSSEC.Failed :
case DNSSEC.Failed:
System.out.println("zone did not verify.");
System.exit(1);
break;
case DNSSEC.Insecure:
if (state.strict)
{
System.out.println("zone did not verify.");
System.exit(1);
break;
case DNSSEC.Insecure :
if (state.strict)
{
System.out.println("zone did not verify.");
System.exit(1);
}
case DNSSEC.Secure :
System.out.println("zone verified.");
break;
}
case DNSSEC.Secure:
System.out.println("zone verified.");
break;
}
System.exit(0);
}
@@ -354,8 +356,7 @@ public class VerifyZone
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

47
src/com/verisignlabs/dnssec/cl/ZoneFormat.java
View File

@@ -56,7 +56,7 @@ public class ZoneFormat
private static class CLIState
{
private org.apache.commons.cli.Options opts;
public String file;
public String file;
public CLIState()
{
@@ -79,16 +79,16 @@ public class ZoneFormat
Logger rootLogger = Logger.getLogger("");
switch (value)
{
case 0 :
rootLogger.setLevel(Level.OFF);
break;
case 5 :
default :
rootLogger.setLevel(Level.FINE);
break;
case 6 :
rootLogger.setLevel(Level.ALL);
break;
case 0:
rootLogger.setLevel(Level.OFF);
break;
case 5:
default:
rootLogger.setLevel(Level.FINE);
break;
case 6:
rootLogger.setLevel(Level.ALL);
break;
}
}
@@ -133,14 +133,9 @@ public class ZoneFormat
PrintWriter out = new PrintWriter(System.err);
// print our own usage statement:
f.printHelp(out,
75,
"jdnssec-zoneformat [..options..] zonefile",
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
f.printHelp(out, 75, "jdnssec-zoneformat [..options..] zonefile", null,
opts, HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD, null);
out.flush();
System.exit(64);
@@ -150,8 +145,10 @@ public class ZoneFormat
/**
* This is just a convenience method for parsing integers from strings.
*
* @param s the string to parse.
* @param def the default value, if the string doesn't parse.
* @param s
* the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default.
*/
private static int parseInt(String s, int def)
@@ -194,13 +191,14 @@ public class ZoneFormat
RecordComparator cmp = new RecordComparator();
Collections.sort(zone, cmp);
for (Iterator i = zone.iterator(); i.hasNext(); )
for (Iterator i = zone.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
System.out.println(r.toString());
}
}
private static void execute(CLIState state) throws IOException
{
List z = readZoneFile(state.file);
@@ -217,8 +215,7 @@ public class ZoneFormat
}
catch (UnrecognizedOptionException e)
{
System.err.println("error: unknown option encountered: "
+ e.getMessage());
System.err.println("error: unknown option encountered: " + e.getMessage());
state.usage();
}
catch (AlreadySelectedException e)

128
src/com/verisignlabs/dnssec/security/BINDKeyUtils.java
View File

@@ -119,7 +119,7 @@ public class BINDKeyUtils
key_buf.append('\n');
}
in.close();
return key_buf.toString().trim();
}
@@ -138,18 +138,23 @@ public class BINDKeyUtils
}
/**
* Given the information necessary to construct the path to a BIND9
* generated key pair, load the key pair.
* Given the information necessary to construct the path to a BIND9 generated
* key pair, load the key pair.
*
* @param signer the DNS name of the key.
* @param algorithm the DNSSEC algorithm of the key.
* @param keyid the DNSSEC key footprint.
* @param inDirectory the directory to look for the files (may be null).
* @param signer
* the DNS name of the key.
* @param algorithm
* the DNSSEC algorithm of the key.
* @param keyid
* the DNSSEC key footprint.
* @param inDirectory
* the directory to look for the files (may be null).
* @return the loaded key pair.
* @throws IOException if there was a problem reading the BIND9 files.
* @throws IOException
* if there was a problem reading the BIND9 files.
*/
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
String keyFileBase = getKeyFileBase(signer, algorithm, keyid);
@@ -159,15 +164,17 @@ public class BINDKeyUtils
/**
* Given a base path to a BIND9 key pair, load the key pair.
*
* @param keyFileBasePath the base filename (or real filename for either the
* public or private key) of the key.
* @param inDirectory the directory to look in, if the keyFileBasePath is
* relative.
* @param keyFileBasePath
* the base filename (or real filename for either the public or
* private key) of the key.
* @param inDirectory
* the directory to look in, if the keyFileBasePath is relative.
* @return the loaded key pair.
* @throws IOException if there was a problem reading the files
* @throws IOException
* if there was a problem reading the files
*/
public static DnsKeyPair loadKeyPair(String keyFileBasePath,
File inDirectory) throws IOException
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
throws IOException
{
keyFileBasePath = fixKeyFileBasePath(keyFileBasePath);
// FIXME: should we throw the IOException when one of the files
@@ -190,12 +197,13 @@ public class BINDKeyUtils
* Given a base path to a BIND9 key pair, load the public part (only) of the
* key pair
*
* @param keyFileBasePath the base or real path to the public part of a key
* pair.
* @param inDirectory the directory to look in if the path is relative (may
* be null).
* @param keyFileBasePath
* the base or real path to the public part of a key pair.
* @param inDirectory
* the directory to look in if the path is relative (may be null).
* @return a {@link DnsKeyPair} containing just the public key information.
* @throws IOException if there was a problem reading the public key file.
* @throws IOException
* if there was a problem reading the public key file.
*/
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
throws IOException
@@ -212,15 +220,18 @@ public class BINDKeyUtils
}
/**
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these
* files "keyset-[signer]." where [signer] is the DNS owner name of the key.
* The keyset may be signed, but doesn't have to be.
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these files
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
* keyset may be signed, but doesn't have to be.
*
* @param keysetFileName the name of the keyset file.
* @param inDirectory the directory to look in if the path is relative (may
* be null, defaults to the current working directory).
* @param keysetFileName
* the name of the keyset file.
* @param inDirectory
* the directory to look in if the path is relative (may be null,
* defaults to the current working directory).
* @return a RRset contain the KEY records and any associated SIG records.
* @throws IOException if there was a problem reading the keyset file.
* @throws IOException
* if there was a problem reading the keyset file.
*/
public static RRset loadKeySet(String keysetFileName, File inDirectory)
throws IOException
@@ -242,8 +253,8 @@ public class BINDKeyUtils
/**
* Calculate the key file base for this key pair.
*
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
* key.
* @param pair
* the {@link DnsKeyPair} to work from. It only needs a public key.
* @return the base name of the key files.
*/
public static String keyFileBase(DnsKeyPair pair)
@@ -251,9 +262,8 @@ public class BINDKeyUtils
DNSKEYRecord keyrec = pair.getDNSKEYRecord();
if (keyrec == null) return null;
return getKeyFileBase(keyrec.getName(),
keyrec.getAlgorithm(),
keyrec.getFootprint());
return getKeyFileBase(keyrec.getName(), keyrec.getAlgorithm(),
keyrec.getFootprint());
}
/**
@@ -281,10 +291,11 @@ public class BINDKeyUtils
}
/**
* Given a the contents of a BIND9 private key file, convert it into a
* native {@link java.security.PrivateKey} object.
* Given a the contents of a BIND9 private key file, convert it into a native
* {@link java.security.PrivateKey} object.
*
* @param privateKeyString the contents of a BIND9 key file in string form.
* @param privateKeyString
* the contents of a BIND9 key file in string form.
* @return a {@link java.security.PrivateKey}
*/
public static PrivateKey convertPrivateKeyString(String privateKeyString)
@@ -314,13 +325,14 @@ public class BINDKeyUtils
* Given a native private key, convert it into a BIND9 private key file
* format.
*
* @param priv the private key to convert.
* @param pub the private key's corresponding public key. Some algorithms
* @param priv
* the private key to convert.
* @param pub
* the private key's corresponding public key. Some algorithms
* require information from both.
* @return a string containing the contents of a BIND9 private key file.
*/
public static String convertPrivateKey(PrivateKey priv, PublicKey pub,
int alg)
public static String convertPrivateKey(PrivateKey priv, PublicKey pub, int alg)
{
if (priv != null)
{
@@ -337,9 +349,8 @@ public class BINDKeyUtils
/**
* Convert the KEY record to the exact string format that the dnssec-*
* routines need. Currently, the DNSJAVA package uses a multiline mode for
* its record formatting. The BIND9 tools require everything on a single
* line.
* routines need. Currently, the DNSJAVA package uses a multiline mode for its
* record formatting. The BIND9 tools require everything on a single line.
*/
private static String DNSKEYtoString(DNSKEYRecord rec)
{
@@ -361,23 +372,26 @@ public class BINDKeyUtils
/**
* This routine will write out the BIND9 dnssec-* tool compatible files.
*
* @param baseFileName use this base file name. If null, the standard BIND9
* base file name will be computed.
* @param pair the keypair in question.
* @param inDirectory the directory to write to (may be null).
* @throws IOException if there is a problem writing the files.
* @param baseFileName
* use this base file name. If null, the standard BIND9 base file
* name will be computed.
* @param pair
* the keypair in question.
* @param inDirectory
* the directory to write to (may be null).
* @throws IOException
* if there is a problem writing the files.
*/
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
DNSKEYRecord pub = pair.getDNSKEYRecord();
String priv = pair.getPrivateKeyString();
if (priv == null)
{
priv = convertPrivateKey(pair.getPrivate(),
pair.getPublic(),
pair.getDNSKEYAlgorithm());
priv = convertPrivateKey(pair.getPrivate(), pair.getPublic(),
pair.getDNSKEYAlgorithm());
}
if (pub == null || priv == null) return;
@@ -397,11 +411,13 @@ public class BINDKeyUtils
}
/**
* This routine will write out the BIND9 dnssec-* tool compatible files to
* the standard file names.
* This routine will write out the BIND9 dnssec-* tool compatible files to the
* standard file names.
*
* @param pair the key pair in question.
* @param inDirectory the directory to write to (may be null).
* @param pair
* the key pair in question.
* @param inDirectory
* the directory to write to (may be null).
*/
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
throws IOException

6
src/com/verisignlabs/dnssec/security/ByteArrayComparator.java
View File

@@ -21,9 +21,9 @@ package com.verisignlabs.dnssec.security;
import java.util.Comparator;
/**
* This class implements a basic comparitor for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
* This class implements a basic comparator for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC canonical
* ordering.
*
* @author David Blacka (original)
* @author $Author$

1
src/com/verisignlabs/dnssec/security/DnsKeyConverter.java
View File

@@ -77,7 +77,6 @@ public class DnsKeyConverter
{
if (pKeyRecord.getKey() == null) return null;
// FIXME: this won't work at all with alg aliases.
// For now, instead of re-implementing parseRecord (or adding this stuff
// to DNSjava), we will just translate the algorithm back to a standard
// algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1.

44
src/com/verisignlabs/dnssec/security/DnsKeyPair.java
View File

@@ -26,10 +26,10 @@ import org.xbill.DNS.*;
/**
* This class forms the basis for representing public/private key pairs in a
* DNSSEC context. It is possible to get a JCA public and private key from
* this object, as well as a DNSKEYRecord encoding of the public key. This
* class is implemented as a UNION of all the functionality needed for handing
* native java, BIND, and possibly other underlying DNSKEY engines.
* DNSSEC context. It is possible to get a JCA public and private key from this
* object, as well as a DNSKEYRecord encoding of the public key. This class is
* implemented as a UNION of all the functionality needed for handing native
* java, BIND, and possibly other underlying DNSKEY engines.
*
* JCA == Java Cryptography Architecture.
*
@@ -47,8 +47,8 @@ public class DnsKeyPair
protected DNSKEYRecord mPublicKeyRecord;
/**
* This is a precalcuated cache of the KEYRecord converted into a JCA public
* key.
* This is a pre-calculated cache of the DNSKEYRecord converted into a JCA
* public key.
*/
private PublicKey mPublicKey;
@@ -59,8 +59,8 @@ public class DnsKeyPair
protected String mPrivateKeyString;
/**
* The private key in JCA format. This is the base encoding for instances
* were JCA private keys are used.
* The private key in JCA format. This is the base encoding for instances where
* JCA private keys are used.
*/
protected PrivateKey mPrivateKey;
@@ -73,7 +73,7 @@ public class DnsKeyPair
protected Signature mSigner;
/**
* a caches Signature used for verifying (intialized with the public key)
* a caches Signature used for verifying (initialized with the public key)
*/
protected Signature mVerifier;
@@ -113,12 +113,8 @@ public class DnsKeyPair
this();
DnsKeyConverter conv = new DnsKeyConverter();
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName,
DClass.IN,
0,
0,
algorithm,
publicKey);
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DClass.IN, 0, 0,
algorithm, publicKey);
setDNSKEYRecord(keyrec);
setPrivate(privateKey);
}
@@ -208,9 +204,8 @@ public class DnsKeyPair
if (mPrivateKeyString == null && mPrivateKey != null)
{
PublicKey pub = getPublic();
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey,
pub,
getDNSKEYAlgorithm());
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, pub,
getDNSKEYAlgorithm());
}
return mPrivateKeyString;
@@ -231,9 +226,9 @@ public class DnsKeyPair
}
/**
* Sets the private key from the encoded form (PKCS#8). This routine
* requires that the public key already be assigned. Currently it can only
* handle DSA and RSA keys.
* Sets the private key from the encoded form (PKCS#8). This routine requires
* that the public key already be assigned. Currently it can only handle DSA
* and RSA keys.
*/
public void setEncodedPrivate(byte[] encoded)
{
@@ -275,7 +270,7 @@ public class DnsKeyPair
}
else
{
// do not return an unitialized signer.
// do not return an uninitialized signer.
return null;
}
}
@@ -301,11 +296,12 @@ public class DnsKeyPair
mVerifier.initVerify(pk);
}
catch (InvalidKeyException e)
{}
{
}
}
else
{
// do not return an unitialized verifier
// do not return an uninitialized verifier
return null;
}
}

37
src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@@ -95,10 +95,7 @@ public class DnsSecVerifier implements Verifier
{
DnsKeyPair p = (DnsKeyPair) i.next();
if (p.getDNSKEYAlgorithm() == algorithm
&& p.getDNSKEYFootprint() == keyid)
{
return p;
}
&& p.getDNSKEYFootprint() == keyid) { return p; }
}
return null;
}
@@ -154,7 +151,7 @@ public class DnsSecVerifier implements Verifier
}
private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
RRset[] keysets = cache.findAnyRecords(name, Type.KEY);
if (keysets == null) return null;
@@ -167,17 +164,15 @@ public class DnsSecVerifier implements Verifier
if (!(o instanceof DNSKEYRecord)) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) o;
if (keyrec.getAlgorithm() == algorithm
&& keyrec.getFootprint() == footprint)
{
return new DnsKeyPair(keyrec, (PrivateKey) null);
}
&& keyrec.getFootprint() == footprint) { return new DnsKeyPair(
keyrec, (PrivateKey) null); }
}
return null;
}
private DnsKeyPair findKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint);
if (pair == null && cache != null)
@@ -238,9 +233,9 @@ public class DnsSecVerifier implements Verifier
/**
* Verify an RRset against a particular signature.
*
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did
* not verify (for any reason), and DNSSEC.Insecure if verification
* could not be completed (usually because the public key was not
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did not
* verify (for any reason), and DNSSEC.Insecure if verification could
* not be completed (usually because the public key was not
* available).
*/
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache)
@@ -248,10 +243,8 @@ public class DnsSecVerifier implements Verifier
byte result = validateSignature(rrset, sigrec);
if (result != DNSSEC.Secure) return result;
DnsKeyPair keypair = findKey(cache,
sigrec.getSigner(),
sigrec.getAlgorithm(),
sigrec.getFootprint());
DnsKeyPair keypair = findKey(cache, sigrec.getSigner(),
sigrec.getAlgorithm(), sigrec.getFootprint());
if (keypair == null)
{
@@ -264,17 +257,17 @@ public class DnsSecVerifier implements Verifier
byte[] data = SignUtils.generateSigData(rrset, sigrec);
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
Signature signer = keypair.getVerifier();
signer.update(data);
byte[] sig = sigrec.getSignature();
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.DSA)
{
sig = SignUtils.convertDSASignature(sig);
}
if (!signer.verify(sig))
{
log.info("Signature failed to verify cryptographically");
@@ -299,8 +292,8 @@ public class DnsSecVerifier implements Verifier
/**
* Verifies an RRset. This routine does not modify the RRset.
*
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not,
* and DNSSEC.Insecure if verification could not complete.
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and
* DNSSEC.Insecure if verification could not complete.
*/
public int verify(RRset rrset, Cache cache)
{

17
src/com/verisignlabs/dnssec/security/RecordComparator.java
View File

@@ -26,10 +26,9 @@ import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class implements a comparison operator for {@link
* org.xbill.DNS.Record} objects. It imposes a canonical order consistent with
* DNSSEC. It does not put records within a RRset into canonical order: see
* {@link ByteArrayComparator}.
* This class implements a comparison operator for {@link org.xbill.DNS.Record}
* objects. It imposes a canonical order consistent with DNSSEC. It does not put
* records within a RRset into canonical order: see {@link ByteArrayComparator}.
*
* @author David Blacka (original)
* @author $Author$
@@ -43,8 +42,8 @@ public class RecordComparator implements Comparator
}
/**
* In general, types are compared numerically. However, SOA and NS are
* ordered before the rest.
* In general, types are compared numerically. However, SOA and NS are ordered
* before the rest.
*/
private int compareTypes(int a, int b)
{
@@ -64,15 +63,15 @@ public class RecordComparator implements Comparator
{
byte[] a_rdata = a.rdataToWireCanonical();
byte[] b_rdata = b.rdataToWireCanonical();
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
{
int n = (a_rdata[i] & 0xFF) - (b_rdata[i] & 0xFF);
if (n != 0) return n;
}
return (a_rdata.length - b_rdata.length);
}
public int compare(Object o1, Object o2) throws ClassCastException
{
Record a = (Record) o1;

33
src/com/verisignlabs/dnssec/security/SHA256.java
View File

@@ -56,7 +56,7 @@ public class SHA256
}
// Constants "K"
private static final int K[] = {0x428a2f98, 0x71374491, 0xb5c0fbcf,
private static final int K[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf,
0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98,
0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
@@ -67,7 +67,7 @@ public class SHA256
0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c,
0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee,
0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
0xc67178f2 };
0xc67178f2 };
private int digest[] = new int[8];
private byte data[];
@@ -160,11 +160,11 @@ public class SHA256
int aBlock[];
byte byteBlock[];
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
if (data.length > 64)
{
int n = data.length / 64;
@@ -200,8 +200,7 @@ public class SHA256
}
/*
* this is the method that actually performs the digest and returns the
* result
* this is the method that actually performs the digest and returns the result
*/
private void transform(int block[])
{
@@ -242,14 +241,14 @@ public class SHA256
B = A;
A = T1 + T2;
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
}

10
src/com/verisignlabs/dnssec/security/TypeMap.java
View File

@@ -12,8 +12,8 @@ import org.xbill.DNS.DNSOutput;
import org.xbill.DNS.Type;
/**
* This class represents the multiple type maps of the NSEC record. Currently
* it is just used to convert the wire format type map to the int array that
* This class represents the multiple type maps of the NSEC record. Currently it
* is just used to convert the wire format type map to the int array that
* org.xbill.DNS.NSECRecord uses.
*/
@@ -59,8 +59,8 @@ public class TypeMap
}
/**
* Given an array of bytes representing a wire-format type map, construct
* the TypeMap object.
* Given an array of bytes representing a wire-format type map, construct the
* TypeMap object.
*/
public static TypeMap fromBytes(byte[] map)
{
@@ -109,7 +109,7 @@ public class TypeMap
}
protected static void mapToWire(DNSOutput out, int[] types, int base,
int start, int end)
int start, int end)
{
// calculate the length of this map by looking at the largest
// typecode in this section.

26
src/com/verisignlabs/dnssec/security/ZoneUtils.java
View File

@@ -33,7 +33,6 @@ import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class contains a bunch of utility methods that are generally useful in
* manipulating zones.
@@ -48,11 +47,14 @@ public class ZoneUtils
/**
* Load a zone file.
*
* @param zonefile the filename/path of the zonefile to read.
* @param origin the origin to use for the zonefile (may be null if the
* origin is specified in the zone file itself).
* @param zonefile
* the filename/path of the zonefile to read.
* @param origin
* the origin to use for the zonefile (may be null if the origin is
* specified in the zone file itself).
* @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects.
* @throws IOException if something goes wrong reading the zone file.
* @throws IOException
* if something goes wrong reading the zone file.
*/
public static List readZoneFile(String zonefile, Name origin)
throws IOException
@@ -73,10 +75,11 @@ public class ZoneUtils
/**
* Write the records out into a zone file.
*
* @param records a {@link java.util.List} of {@link org.xbill.DNS.Record}
* objects forming a zone.
* @param zonefile the file to write to. If null or equal to "-", System.out
* is used.
* @param records
* a {@link java.util.List} of {@link org.xbill.DNS.Record} objects
* forming a zone.
* @param zonefile
* the file to write to. If null or equal to "-", System.out is used.
*/
public static void writeZoneFile(List records, String zonefile)
throws IOException
@@ -103,8 +106,9 @@ public class ZoneUtils
/**
* Given just the list of records, determine the zone name (origin).
*
* @param records a list of {@link org.xbill.DNS.Record} or {@link
* org.xbill.DNS.RRset} objects.
* @param records
* a list of {@link org.xbill.DNS.Record} or
* {@link org.xbill.DNS.RRset} objects.
* @return the zone name, if found. null if one couldn't be found.q
*/
public static Name findZoneName(List records)