davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Formatting (from a new Eclipse, for better or worse)

Browse Source 
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
2009-02-02 05:01:03 +00:00
parent 3f1787695d
commit ccb1ffb7e5
18 changed files with 658 additions and 338 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
src/com/verisignlabs/dnssec/security/BINDKeyUtils.java
View File

@@ -119,7 +119,7 @@ public class BINDKeyUtils
key_buf.append('\n');
}
in.close();
return key_buf.toString().trim();
}
@@ -138,18 +138,23 @@ public class BINDKeyUtils
}
/**
* Given the information necessary to construct the path to a BIND9
* generated key pair, load the key pair.
* Given the information necessary to construct the path to a BIND9 generated
* key pair, load the key pair.
*
* @param signer the DNS name of the key.
* @param algorithm the DNSSEC algorithm of the key.
* @param keyid the DNSSEC key footprint.
* @param inDirectory the directory to look for the files (may be null).
* @param signer
* the DNS name of the key.
* @param algorithm
* the DNSSEC algorithm of the key.
* @param keyid
* the DNSSEC key footprint.
* @param inDirectory
* the directory to look for the files (may be null).
* @return the loaded key pair.
* @throws IOException if there was a problem reading the BIND9 files.
* @throws IOException
* if there was a problem reading the BIND9 files.
*/
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
String keyFileBase = getKeyFileBase(signer, algorithm, keyid);
@@ -159,15 +164,17 @@ public class BINDKeyUtils
/**
* Given a base path to a BIND9 key pair, load the key pair.
*
* @param keyFileBasePath the base filename (or real filename for either the
* public or private key) of the key.
* @param inDirectory the directory to look in, if the keyFileBasePath is
* relative.
* @param keyFileBasePath
* the base filename (or real filename for either the public or
* private key) of the key.
* @param inDirectory
* the directory to look in, if the keyFileBasePath is relative.
* @return the loaded key pair.
* @throws IOException if there was a problem reading the files
* @throws IOException
* if there was a problem reading the files
*/
public static DnsKeyPair loadKeyPair(String keyFileBasePath,
File inDirectory) throws IOException
public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
throws IOException
{
keyFileBasePath = fixKeyFileBasePath(keyFileBasePath);
// FIXME: should we throw the IOException when one of the files
@@ -190,12 +197,13 @@ public class BINDKeyUtils
* Given a base path to a BIND9 key pair, load the public part (only) of the
* key pair
*
* @param keyFileBasePath the base or real path to the public part of a key
* pair.
* @param inDirectory the directory to look in if the path is relative (may
* be null).
* @param keyFileBasePath
* the base or real path to the public part of a key pair.
* @param inDirectory
* the directory to look in if the path is relative (may be null).
* @return a {@link DnsKeyPair} containing just the public key information.
* @throws IOException if there was a problem reading the public key file.
* @throws IOException
* if there was a problem reading the public key file.
*/
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
throws IOException
@@ -212,15 +220,18 @@ public class BINDKeyUtils
}
/**
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these
* files "keyset-[signer]." where [signer] is the DNS owner name of the key.
* The keyset may be signed, but doesn't have to be.
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these files
* "keyset-[signer]." where [signer] is the DNS owner name of the key. The
* keyset may be signed, but doesn't have to be.
*
* @param keysetFileName the name of the keyset file.
* @param inDirectory the directory to look in if the path is relative (may
* be null, defaults to the current working directory).
* @param keysetFileName
* the name of the keyset file.
* @param inDirectory
* the directory to look in if the path is relative (may be null,
* defaults to the current working directory).
* @return a RRset contain the KEY records and any associated SIG records.
* @throws IOException if there was a problem reading the keyset file.
* @throws IOException
* if there was a problem reading the keyset file.
*/
public static RRset loadKeySet(String keysetFileName, File inDirectory)
throws IOException
@@ -242,8 +253,8 @@ public class BINDKeyUtils
/**
* Calculate the key file base for this key pair.
*
* @param pair the {@link DnsKeyPair} to work from. It only needs a public
* key.
* @param pair
* the {@link DnsKeyPair} to work from. It only needs a public key.
* @return the base name of the key files.
*/
public static String keyFileBase(DnsKeyPair pair)
@@ -251,9 +262,8 @@ public class BINDKeyUtils
DNSKEYRecord keyrec = pair.getDNSKEYRecord();
if (keyrec == null) return null;
return getKeyFileBase(keyrec.getName(),
keyrec.getAlgorithm(),
keyrec.getFootprint());
return getKeyFileBase(keyrec.getName(), keyrec.getAlgorithm(),
keyrec.getFootprint());
}
/**
@@ -281,10 +291,11 @@ public class BINDKeyUtils
}
/**
* Given a the contents of a BIND9 private key file, convert it into a
* native {@link java.security.PrivateKey} object.
* Given a the contents of a BIND9 private key file, convert it into a native
* {@link java.security.PrivateKey} object.
*
* @param privateKeyString the contents of a BIND9 key file in string form.
* @param privateKeyString
* the contents of a BIND9 key file in string form.
* @return a {@link java.security.PrivateKey}
*/
public static PrivateKey convertPrivateKeyString(String privateKeyString)
@@ -314,13 +325,14 @@ public class BINDKeyUtils
* Given a native private key, convert it into a BIND9 private key file
* format.
*
* @param priv the private key to convert.
* @param pub the private key's corresponding public key. Some algorithms
* @param priv
* the private key to convert.
* @param pub
* the private key's corresponding public key. Some algorithms
* require information from both.
* @return a string containing the contents of a BIND9 private key file.
*/
public static String convertPrivateKey(PrivateKey priv, PublicKey pub,
int alg)
public static String convertPrivateKey(PrivateKey priv, PublicKey pub, int alg)
{
if (priv != null)
{
@@ -337,9 +349,8 @@ public class BINDKeyUtils
/**
* Convert the KEY record to the exact string format that the dnssec-*
* routines need. Currently, the DNSJAVA package uses a multiline mode for
* its record formatting. The BIND9 tools require everything on a single
* line.
* routines need. Currently, the DNSJAVA package uses a multiline mode for its
* record formatting. The BIND9 tools require everything on a single line.
*/
private static String DNSKEYtoString(DNSKEYRecord rec)
{
@@ -361,23 +372,26 @@ public class BINDKeyUtils
/**
* This routine will write out the BIND9 dnssec-* tool compatible files.
*
* @param baseFileName use this base file name. If null, the standard BIND9
* base file name will be computed.
* @param pair the keypair in question.
* @param inDirectory the directory to write to (may be null).
* @throws IOException if there is a problem writing the files.
* @param baseFileName
* use this base file name. If null, the standard BIND9 base file
* name will be computed.
* @param pair
* the keypair in question.
* @param inDirectory
* the directory to write to (may be null).
* @throws IOException
* if there is a problem writing the files.
*/
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
File inDirectory) throws IOException
File inDirectory) throws IOException
{
DNSKEYRecord pub = pair.getDNSKEYRecord();
String priv = pair.getPrivateKeyString();
if (priv == null)
{
priv = convertPrivateKey(pair.getPrivate(),
pair.getPublic(),
pair.getDNSKEYAlgorithm());
priv = convertPrivateKey(pair.getPrivate(), pair.getPublic(),
pair.getDNSKEYAlgorithm());
}
if (pub == null || priv == null) return;
@@ -397,11 +411,13 @@ public class BINDKeyUtils
}
/**
* This routine will write out the BIND9 dnssec-* tool compatible files to
* the standard file names.
* This routine will write out the BIND9 dnssec-* tool compatible files to the
* standard file names.
*
* @param pair the key pair in question.
* @param inDirectory the directory to write to (may be null).
* @param pair
* the key pair in question.
* @param inDirectory
* the directory to write to (may be null).
*/
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
throws IOException

6
src/com/verisignlabs/dnssec/security/ByteArrayComparator.java
View File

@@ -21,9 +21,9 @@ package com.verisignlabs.dnssec.security;
import java.util.Comparator;
/**
* This class implements a basic comparitor for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC
* canonical ordering.
* This class implements a basic comparator for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC canonical
* ordering.
*
* @author David Blacka (original)
* @author $Author$

1
src/com/verisignlabs/dnssec/security/DnsKeyConverter.java
View File

@@ -77,7 +77,6 @@ public class DnsKeyConverter
{
if (pKeyRecord.getKey() == null) return null;
// FIXME: this won't work at all with alg aliases.
// For now, instead of re-implementing parseRecord (or adding this stuff
// to DNSjava), we will just translate the algorithm back to a standard
// algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1.

44
src/com/verisignlabs/dnssec/security/DnsKeyPair.java
View File

@@ -26,10 +26,10 @@ import org.xbill.DNS.*;
/**
* This class forms the basis for representing public/private key pairs in a
* DNSSEC context. It is possible to get a JCA public and private key from
* this object, as well as a DNSKEYRecord encoding of the public key. This
* class is implemented as a UNION of all the functionality needed for handing
* native java, BIND, and possibly other underlying DNSKEY engines.
* DNSSEC context. It is possible to get a JCA public and private key from this
* object, as well as a DNSKEYRecord encoding of the public key. This class is
* implemented as a UNION of all the functionality needed for handing native
* java, BIND, and possibly other underlying DNSKEY engines.
*
* JCA == Java Cryptography Architecture.
*
@@ -47,8 +47,8 @@ public class DnsKeyPair
protected DNSKEYRecord mPublicKeyRecord;
/**
* This is a precalcuated cache of the KEYRecord converted into a JCA public
* key.
* This is a pre-calculated cache of the DNSKEYRecord converted into a JCA
* public key.
*/
private PublicKey mPublicKey;
@@ -59,8 +59,8 @@ public class DnsKeyPair
protected String mPrivateKeyString;
/**
* The private key in JCA format. This is the base encoding for instances
* were JCA private keys are used.
* The private key in JCA format. This is the base encoding for instances where
* JCA private keys are used.
*/
protected PrivateKey mPrivateKey;
@@ -73,7 +73,7 @@ public class DnsKeyPair
protected Signature mSigner;
/**
* a caches Signature used for verifying (intialized with the public key)
* a caches Signature used for verifying (initialized with the public key)
*/
protected Signature mVerifier;
@@ -113,12 +113,8 @@ public class DnsKeyPair
this();
DnsKeyConverter conv = new DnsKeyConverter();
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName,
DClass.IN,
0,
0,
algorithm,
publicKey);
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DClass.IN, 0, 0,
algorithm, publicKey);
setDNSKEYRecord(keyrec);
setPrivate(privateKey);
}
@@ -208,9 +204,8 @@ public class DnsKeyPair
if (mPrivateKeyString == null && mPrivateKey != null)
{
PublicKey pub = getPublic();
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey,
pub,
getDNSKEYAlgorithm());
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, pub,
getDNSKEYAlgorithm());
}
return mPrivateKeyString;
@@ -231,9 +226,9 @@ public class DnsKeyPair
}
/**
* Sets the private key from the encoded form (PKCS#8). This routine
* requires that the public key already be assigned. Currently it can only
* handle DSA and RSA keys.
* Sets the private key from the encoded form (PKCS#8). This routine requires
* that the public key already be assigned. Currently it can only handle DSA
* and RSA keys.
*/
public void setEncodedPrivate(byte[] encoded)
{
@@ -275,7 +270,7 @@ public class DnsKeyPair
}
else
{
// do not return an unitialized signer.
// do not return an uninitialized signer.
return null;
}
}
@@ -301,11 +296,12 @@ public class DnsKeyPair
mVerifier.initVerify(pk);
}
catch (InvalidKeyException e)
{}
{
}
}
else
{
// do not return an unitialized verifier
// do not return an uninitialized verifier
return null;
}
}

37
src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@@ -95,10 +95,7 @@ public class DnsSecVerifier implements Verifier
{
DnsKeyPair p = (DnsKeyPair) i.next();
if (p.getDNSKEYAlgorithm() == algorithm
&& p.getDNSKEYFootprint() == keyid)
{
return p;
}
&& p.getDNSKEYFootprint() == keyid) { return p; }
}
return null;
}
@@ -154,7 +151,7 @@ public class DnsSecVerifier implements Verifier
}
private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
RRset[] keysets = cache.findAnyRecords(name, Type.KEY);
if (keysets == null) return null;
@@ -167,17 +164,15 @@ public class DnsSecVerifier implements Verifier
if (!(o instanceof DNSKEYRecord)) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) o;
if (keyrec.getAlgorithm() == algorithm
&& keyrec.getFootprint() == footprint)
{
return new DnsKeyPair(keyrec, (PrivateKey) null);
}
&& keyrec.getFootprint() == footprint) { return new DnsKeyPair(
keyrec, (PrivateKey) null); }
}
return null;
}
private DnsKeyPair findKey(Cache cache, Name name, int algorithm,
int footprint)
int footprint)
{
DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint);
if (pair == null && cache != null)
@@ -238,9 +233,9 @@ public class DnsSecVerifier implements Verifier
/**
* Verify an RRset against a particular signature.
*
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did
* not verify (for any reason), and DNSSEC.Insecure if verification
* could not be completed (usually because the public key was not
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did not
* verify (for any reason), and DNSSEC.Insecure if verification could
* not be completed (usually because the public key was not
* available).
*/
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache)
@@ -248,10 +243,8 @@ public class DnsSecVerifier implements Verifier
byte result = validateSignature(rrset, sigrec);
if (result != DNSSEC.Secure) return result;
DnsKeyPair keypair = findKey(cache,
sigrec.getSigner(),
sigrec.getAlgorithm(),
sigrec.getFootprint());
DnsKeyPair keypair = findKey(cache, sigrec.getSigner(),
sigrec.getAlgorithm(), sigrec.getFootprint());
if (keypair == null)
{
@@ -264,17 +257,17 @@ public class DnsSecVerifier implements Verifier
byte[] data = SignUtils.generateSigData(rrset, sigrec);
DnsKeyAlgorithm algs = DnsKeyAlgorithm.getInstance();
Signature signer = keypair.getVerifier();
signer.update(data);
byte[] sig = sigrec.getSignature();
if (algs.baseType(sigrec.getAlgorithm()) == DnsKeyAlgorithm.DSA)
{
sig = SignUtils.convertDSASignature(sig);
}
if (!signer.verify(sig))
{
log.info("Signature failed to verify cryptographically");
@@ -299,8 +292,8 @@ public class DnsSecVerifier implements Verifier
/**
* Verifies an RRset. This routine does not modify the RRset.
*
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not,
* and DNSSEC.Insecure if verification could not complete.
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and
* DNSSEC.Insecure if verification could not complete.
*/
public int verify(RRset rrset, Cache cache)
{

17
src/com/verisignlabs/dnssec/security/RecordComparator.java
View File

@@ -26,10 +26,9 @@ import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class implements a comparison operator for {@link
* org.xbill.DNS.Record} objects. It imposes a canonical order consistent with
* DNSSEC. It does not put records within a RRset into canonical order: see
* {@link ByteArrayComparator}.
* This class implements a comparison operator for {@link org.xbill.DNS.Record}
* objects. It imposes a canonical order consistent with DNSSEC. It does not put
* records within a RRset into canonical order: see {@link ByteArrayComparator}.
*
* @author David Blacka (original)
* @author $Author$
@@ -43,8 +42,8 @@ public class RecordComparator implements Comparator
}
/**
* In general, types are compared numerically. However, SOA and NS are
* ordered before the rest.
* In general, types are compared numerically. However, SOA and NS are ordered
* before the rest.
*/
private int compareTypes(int a, int b)
{
@@ -64,15 +63,15 @@ public class RecordComparator implements Comparator
{
byte[] a_rdata = a.rdataToWireCanonical();
byte[] b_rdata = b.rdataToWireCanonical();
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++)
{
int n = (a_rdata[i] & 0xFF) - (b_rdata[i] & 0xFF);
if (n != 0) return n;
}
return (a_rdata.length - b_rdata.length);
}
public int compare(Object o1, Object o2) throws ClassCastException
{
Record a = (Record) o1;

33
src/com/verisignlabs/dnssec/security/SHA256.java
View File

@@ -56,7 +56,7 @@ public class SHA256
}
// Constants "K"
private static final int K[] = {0x428a2f98, 0x71374491, 0xb5c0fbcf,
private static final int K[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf,
0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98,
0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
@@ -67,7 +67,7 @@ public class SHA256
0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c,
0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee,
0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
0xc67178f2 };
0xc67178f2 };
private int digest[] = new int[8];
private byte data[];
@@ -160,11 +160,11 @@ public class SHA256
int aBlock[];
byte byteBlock[];
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
// for (int n = 0; n < data.length; n++)
// {
// System.out.print(Integer.toHexString(data[n]) + " ");
// }
// System.out.println("\n\n");
if (data.length > 64)
{
int n = data.length / 64;
@@ -200,8 +200,7 @@ public class SHA256
}
/*
* this is the method that actually performs the digest and returns the
* result
* this is the method that actually performs the digest and returns the result
*/
private void transform(int block[])
{
@@ -242,14 +241,14 @@ public class SHA256
B = A;
A = T1 + T2;
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
// System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n");
}

10
src/com/verisignlabs/dnssec/security/TypeMap.java
View File

@@ -12,8 +12,8 @@ import org.xbill.DNS.DNSOutput;
import org.xbill.DNS.Type;
/**
* This class represents the multiple type maps of the NSEC record. Currently
* it is just used to convert the wire format type map to the int array that
* This class represents the multiple type maps of the NSEC record. Currently it
* is just used to convert the wire format type map to the int array that
* org.xbill.DNS.NSECRecord uses.
*/
@@ -59,8 +59,8 @@ public class TypeMap
}
/**
* Given an array of bytes representing a wire-format type map, construct
* the TypeMap object.
* Given an array of bytes representing a wire-format type map, construct the
* TypeMap object.
*/
public static TypeMap fromBytes(byte[] map)
{
@@ -109,7 +109,7 @@ public class TypeMap
}
protected static void mapToWire(DNSOutput out, int[] types, int base,
int start, int end)
int start, int end)
{
// calculate the length of this map by looking at the largest
// typecode in this section.

26
src/com/verisignlabs/dnssec/security/ZoneUtils.java
View File

@@ -33,7 +33,6 @@ import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
/**
* This class contains a bunch of utility methods that are generally useful in
* manipulating zones.
@@ -48,11 +47,14 @@ public class ZoneUtils
/**
* Load a zone file.
*
* @param zonefile the filename/path of the zonefile to read.
* @param origin the origin to use for the zonefile (may be null if the
* origin is specified in the zone file itself).
* @param zonefile
* the filename/path of the zonefile to read.
* @param origin
* the origin to use for the zonefile (may be null if the origin is
* specified in the zone file itself).
* @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects.
* @throws IOException if something goes wrong reading the zone file.
* @throws IOException
* if something goes wrong reading the zone file.
*/
public static List readZoneFile(String zonefile, Name origin)
throws IOException
@@ -73,10 +75,11 @@ public class ZoneUtils
/**
* Write the records out into a zone file.
*
* @param records a {@link java.util.List} of {@link org.xbill.DNS.Record}
* objects forming a zone.
* @param zonefile the file to write to. If null or equal to "-", System.out
* is used.
* @param records
* a {@link java.util.List} of {@link org.xbill.DNS.Record} objects
* forming a zone.
* @param zonefile
* the file to write to. If null or equal to "-", System.out is used.
*/
public static void writeZoneFile(List records, String zonefile)
throws IOException
@@ -103,8 +106,9 @@ public class ZoneUtils
/**
* Given just the list of records, determine the zone name (origin).
*
* @param records a list of {@link org.xbill.DNS.Record} or {@link
* org.xbill.DNS.RRset} objects.
* @param records
* a list of {@link org.xbill.DNS.Record} or
* {@link org.xbill.DNS.RRset} objects.
* @return the zone name, if found. null if one couldn't be found.q
*/
public static Name findZoneName(List records)