Formatting (from a new Eclipse, for better or worse)

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2009-02-02 05:01:03 +00:00
parent 3f1787695d
commit ccb1ffb7e5
18 changed files with 658 additions and 338 deletions

174
example.signed Normal file
View File

@ -0,0 +1,174 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. (
1 ; serial
3600 ; refresh
300 ; retry
3600000 ; expire
3600 ) ; minimum
example. 3600 IN RRSIG SOA 133 1 3600 (
20150420235959 20051021000000 62827 example.
hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHj
qfY0X5G+rynLZNqsbLm40Q== )
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 (
20150420235959 20051021000000 62827 example.
D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jA
t7+SR7B5JpiZcff2Cj2B0w== )
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 (
20150420235959 20051021000000 62827 example.
jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5
DlAz57p+RllUJk3DWktkjw== )
example. 3600 IN DNSKEY 256 3 133 (
AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhw
kkGby1TLExXT48OGGdbfIme5 ) ; key_tag = 62827
example. 3600 IN DNSKEY 257 3 133 (
AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeM
OpcUeGB1zsYKWJ7BvR2894hX ) ; key_tag = 22088
example. 3600 IN RRSIG DNSKEY 133 1 3600 (
20150420235959 20051021000000 22088 example.
Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk
6waLIaxuliqUBOkCjLUZMw== )
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 (
20150420235959 20051021000000 62827 example.
LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDp
LyyMRbGt4L0XlqhGJCcAsA== )
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM ; example.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OP
nZPYoW6fqlpIWuVv0srD4w== )
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRy
cWmF9ZpYMcPgqAgrGZJ+jA== )
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG ; ns1.example.
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI
+0Nd+8h6My6W2Bp/OzDcnQ== )
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG ; x.y.w.example.
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKp
mF3UzOkgW/E9gXinV/kQbg== )
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG ; a.example.
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw3
9G5pPobyDE4Ll8KyyEDZjw== )
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG ; c.example.
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbM
prW1OGVOW52D3aeCHgN9Fg== )
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 (
20150420235959 20051021000000 62827 example.
qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDB
ku+A4HMHJdLqJr5p4JctLg== )
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz9
93IqSyUgjumoQ8qs1isY4Q== )
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 (
20150420235959 20051021000000 62827 example.
BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxP
mLlLiYpAi3q2sEjTJhocGQ== )
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 (
20150420235959 20051021000000 62827 example.
m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3o
zrM/3X0x2ruyuN0zC+PABA== )
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG ; x.w.example.
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gx
VbsOS52kw9DPbkG/3jG4TQ== )
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG ; ai.example.
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x
1cHrOsLVx8oEDoKzTCztsA== )
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h ; y.w.example.
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKz
bE5X0+ac8Dw7zLvDAr4kwQ== )
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi ; w.example.
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jB
Q9I2B3kRQFQO6sA1YJZyaQ== )
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG ; 2t7b4g4vsa5smi47k61mv5bv1a22bojr.example.
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9e
pK7nOTTd8VtHcd7uPCPI5A== )
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL
2znQr8QJ0/QDt8ufz6tZyg== )
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI
2mvVJFR11M07gNwzYG2Ypw== )
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG ; ns2.example.
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcV
cjfD9W1XR6Sy4jby7QK0iQ== )
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG ; *.w.example.
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBT
q86tM/bvTQ4GFQiCWnOFNw== )
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG ; xx.example.
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 (
20150420235959 20051021000000 62827 example.
cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lE
jRhRXqB8ay2EeHx2iKOOKg== )
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 (
20150420235959 20051021000000 62827 example.
DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXc
MYJ+TDkqa7Xfz/f9xzvSTw== )
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 (
20150420235959 20051021000000 62827 example.
BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8
ZpEjhh6b8cj0f5yQOUyShw== )
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 (
20150420235959 20051021000000 62827 example.
GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeM
AhclxUSQeoCggUBVhFfB1Q== )
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 (
20150420235959 20051021000000 62827 example.
qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0i
g50I3Wvbkmyw4sQ5CspOcA== )
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 (
20150420235959 20051021000000 62827 example.
YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiO
GZrNmZef8NgQhW8kGEgN1Q== )
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 (
20150420235959 20051021000000 62827 example.
VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvG
wSCP1nFsEOlXyNFQJ0fWGA== )

72
example.signed.dave Normal file
View File

@ -0,0 +1,72 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q==
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w==
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw==
example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5
example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX
example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw==
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA==
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ==
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg==
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw==
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg==
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg==
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q==
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ==
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA==
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ==
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA==
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ==
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ==
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A==
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg==
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw==
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ==
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw==
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg==
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw==
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw==
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q==
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA==
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q==
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA==

72
example.signed.roy Normal file
View File

@ -0,0 +1,72 @@
example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
example. 3600 IN RRSIG SOA 133 1 3600 20150420235959 20051021000000 62827 example. hNIkW1xzn+c+9P3W7PUVVptI72xEmOtn+eqQux0BE7Pfc6ikx4m7ivOVWETjbwHjqfY0X5G+rynLZNqsbLm40Q==
example. 3600 IN NS ns1.example.
example. 3600 IN NS ns2.example.
example. 3600 IN RRSIG NS 133 1 3600 20150420235959 20051021000000 62827 example. D9+iBwcbeKL5+TorTfYn4/pLr2lSFwyGYCyMgfq4TpFaZpxrCJPLxHbKjdkR18jAt7+SR7B5JpiZcff2Cj2B0w==
example. 3600 IN MX 1 xx.example.
example. 3600 IN RRSIG MX 133 1 3600 20150420235959 20051021000000 62827 example. jsGuTpXTTrZHzUKnViUpJ8YyGNpDd6n/sy2gHnSC0nj2jPxTC5VENLo3GxSpCSA5DlAz57p+RllUJk3DWktkjw==
example. 3600 IN DNSKEY 256 3 133 AQO0gEmbZUL6xbD/xQczHbnwYnf+jQjwz/sU5k44rHTt0Ty+3aOdYoome9TjGMhwkkGby1TLExXT48OGGdbfIme5
example. 3600 IN DNSKEY 257 3 133 AQOnsGyJvywVjYmiLbh0EwIRuWYcDiB/8blXcpkoxtpe19Oicv6Zko+8brVsTMeMOpcUeGB1zsYKWJ7BvR2894hX
example. 3600 IN RRSIG DNSKEY 133 1 3600 20150420235959 20051021000000 22088 example. Xpo9ptByXb8M1JR1i0KuRmKGc/YeOLcc6PtnRJOx6ADLSL2mU6AYX5tAJRMTKTXk6waLIaxuliqUBOkCjLUZMw==
example. 3600 IN NSEC3PARAM 1 12 AABBCCDD
example. 3600 IN RRSIG NSEC3PARAM 133 1 3600 20150420235959 20051021000000 62827 example. LIDOPjIUc2DtDpXUlOaLnJkHKbacDvXZlhRmg4eFGnaEd794HnjRjeT9w5QwtLDpLyyMRbGt4L0XlqhGJCcAsA==
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA MX RRSIG DNSKEY NSEC3PARAM
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. SLMEpd0dWGX8+uU0H3kDcE1O2+0+o2HPEiywPwQ+LRC4QI7zectSLH3lw3EJi6OPnZPYoW6fqlpIWuVv0srD4w==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN A 127.0.0.1
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Enu4zogLLDz0p/lLcuH3+jpfuWR/Uyw4fyvglsaFNvFfs7t+f5TPEt5GLX4U2eRycWmF9ZpYMcPgqAgrGZJ+jA==
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN NSEC3 1 0 12 AABBCCDD 2vptu5timamqttgl4luu9kg21e0aor3s A RRSIG
2t7b4g4vsa5smi47k61mv5bv1a22bojr.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. LltO1bbeZ3rVOjYcBRCMZ+ZtHOBtGaNMKtV7BzSPlCK0AUphcn0tg2cr0FONQgrI+0Nd+8h6My6W2Bp/OzDcnQ==
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN NSEC3 1 0 12 AABBCCDD 35mthgpgcu1qg68fab165klnsnk3dpvl MX RRSIG
2vptu5timamqttgl4luu9kg21e0aor3s.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. c9D5yjzQulfpNUWkeZFBoBsZYAxh06LySa44Ef1SvzGZrT0l02bFTSMYPXciPQKpmF3UzOkgW/E9gXinV/kQbg==
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 0 12 AABBCCDD 4g6p9u5gvfshp30pqecj98b3maqbn1ck NS DS RRSIG
35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. K35oTrxIxZewqnGlqua+5fweIKdi9vxDzHC0XBy/U6w1XtTsgEuNJepdXfSCBEw39G5pPobyDE4Ll8KyyEDZjw==
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN NSEC3 1 0 12 AABBCCDD b4um86eghhds6nea196smvmlo4ors995 NS RRSIG
4g6p9u5gvfshp30pqecj98b3maqbn1ck.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. rfscDMnDv/CJ5XWyvN8Ag6w0DMsrV82jqfet+UkYtxszAzdw9B0w9Iv3h1y9xIbMprW1OGVOW52D3aeCHgN9Fg==
a.example. 3600 IN NS ns1.a.example.
a.example. 3600 IN NS ns2.a.example.
a.example. 3600 IN DS 58470 5 1 3079F1593EBAD6DC121E202A8B766A6A4837206C
a.example. 3600 IN RRSIG DS 133 2 3600 20150420235959 20051021000000 62827 example. qxw4j5LNe70UDu121YqAaqQjyjYbdKNd/4bEnH0kjQswuiGs9EuArCBhcWocWQDBku+A4HMHJdLqJr5p4JctLg==
ns1.a.example. 3600 IN A 192.168.2.5
ns2.a.example. 3600 IN A 192.168.2.6
ai.example. 3600 IN A 192.168.2.9
ai.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. ZaXcOIABcqe1UbwBrisSfk1EBZN11ccgg81ZvZ4qVRhQRdMTprjO9boMYL3q7nz993IqSyUgjumoQ8qs1isY4Q==
ai.example. 3600 IN HINFO "KLH-10" "ITS"
ai.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. BuDv+No06VEcIsEnvBdjdKm6kxQGrhOgKEKbGsb8DJRjY7Lia+YG2//s6OlOIfxPmLlLiYpAi3q2sEjTJhocGQ==
ai.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baa9
ai.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. m65zc0A16Xbx3jYb0t5vPwMzE2xS15mKh76MhSuKfiFVhBFcQ9IilEM0pXnLzt3ozrM/3X0x2ruyuN0zC+PABA==
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 0 12 AABBCCDD gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. ckq4/fbGcW7MBHRIE4vjJTCLijvbBKcPbAOcG4OfJe1+TO1ttGUzRSWv0ZWkn7gxVbsOS52kw9DPbkG/3jG4TQ==
c.example. 3600 IN NS ns1.c.example.
c.example. 3600 IN NS ns2.c.example.
ns1.c.example. 3600 IN A 192.168.2.7
ns2.c.example. 3600 IN A 192.168.2.8
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN NSEC3 1 0 12 AABBCCDD ji6neoaepv8b5o6k4ev33abha8ht9fgc A HINFO AAAA RRSIG
gjeqe526plbf1g8mklp59enfd789njgi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. DcvlIYwhANn1NSV05tBQ9ngC+Gaw3pBdpXlrpSWN4xrvvguaarf0Kbe0LF2+KJ5x1cHrOsLVx8oEDoKzTCztsA==
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN NSEC3 1 0 12 AABBCCDD k8udemvp1j2f7eg6jebps17vp3n8i58h
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. GSlthW4H4KIpxxBHYXl2IDZWlvnwAKVgPkW/ZlWcGyv+Ro2nYOwS8Qv/yNop1JKzbE5X0+ac8Dw7zLvDAr4kwQ==
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 0 12 AABBCCDD kohar7mbb8dc2ce8a9qvl8hon4k53uhi
k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Ob3coJUfYXYeYfIlXj9VhuT0CN/cZeFwMwbzSz3GyDNyeUo+3QqJY5kabenFB0jBQ9I2B3kRQFQO6sA1YJZyaQ==
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN NSEC3 1 0 12 AABBCCDD q04jkcevqvmu85r014c7dkba38o0ji5r A RRSIG
kohar7mbb8dc2ce8a9qvl8hon4k53uhi.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. Tm0ZvbTsHGTsBpdL9KTIi1q+4AW0VZ4zuTWH2zoJPBP4PS1P9A1oWhnal7Ahrm9epK7nOTTd8VtHcd7uPCPI5A==
ns1.example. 3600 IN A 192.168.2.1
ns1.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. KS4zeGDaXO99zFfZdkH8BPj5Mm2r9NdxrW5hcwZbIngiTAlE0DcVVBNY8b0h2DZL2znQr8QJ0/QDt8ufz6tZyg==
ns2.example. 3600 IN A 192.168.2.2
ns2.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. Hc6i5zNssmqTB7zhORrMT9uvhLdQ9c3DPjuqUjw/UOw4xJIMjhG4qDwQRav4XpyI2mvVJFR11M07gNwzYG2Ypw==
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN NSEC3 1 0 12 AABBCCDD r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. W8dGSgyF9g7x5uSdwcVvLUHjU3u+NHrRqfIWOvylwUgLikJL07t3Yj+phVgibpcVcjfD9W1XR6Sy4jby7QK0iQ==
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 0 12 AABBCCDD t644ebqk9bibcna874givr6joj62mlhv MX RRSIG
r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. KKcNGSMH1QRz1+WtADVTrW7bJ4ipvWuuXSDNgTs8JgJ8r0zz1oeiDwDtR+z9elBTq86tM/bvTQ4GFQiCWnOFNw==
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN NSEC3 1 0 12 AABBCCDD 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom A HINFO AAAA RRSIG
t644ebqk9bibcna874givr6joj62mlhv.example. 3600 IN RRSIG NSEC3 133 2 3600 20150420235959 20051021000000 62827 example. cWBONm5AfvchgLPHhUeJHNdnZ9dqSMI3UpHS/s3Ek1csDKKA6BUc/OM+kVRWT9lEjRhRXqB8ay2EeHx2iKOOKg==
*.w.example. 3600 IN MX 1 ai.example.
*.w.example. 3600 IN RRSIG MX 133 2 3600 20150420235959 20051021000000 62827 example. DnT0Y6dRBM8f3v8HdKmZUsGVkXh+b+htujCRc423x6c8erEMGVnxcrmcrZ53qGXcMYJ+TDkqa7Xfz/f9xzvSTw==
x.w.example. 3600 IN MX 1 xx.example.
x.w.example. 3600 IN RRSIG MX 133 3 3600 20150420235959 20051021000000 62827 example. BLSDMos8kYR7+2U7iwwdqdhU82hzq0s57xtwF08tWU/d19jrNO6LdWfBL/FJ8zL8ZpEjhh6b8cj0f5yQOUyShw==
x.y.w.example. 3600 IN MX 1 xx.example.
x.y.w.example. 3600 IN RRSIG MX 133 4 3600 20150420235959 20051021000000 62827 example. GPzELyUCxrnyep8uMcqthUXjTqYBmgeaveb92vQgzUyPLLamNN/YqMHr6tGQNxeMAhclxUSQeoCggUBVhFfB1Q==
xx.example. 3600 IN A 192.168.2.10
xx.example. 3600 IN RRSIG A 133 2 3600 20150420235959 20051021000000 62827 example. qxwCQAqdWxq4bDNPKyOVG679cSJwKVv/Q5Rj9WKymDOhOPTmEs8xDxbiM4EXyv0ig50I3Wvbkmyw4sQ5CspOcA==
xx.example. 3600 IN HINFO "KLH-10" "TOPS-20"
xx.example. 3600 IN RRSIG HINFO 133 2 3600 20150420235959 20051021000000 62827 example. YJFwmD0By0NpGEvO1nE1ZTH10XrmpKnVuAEIcAxLLHyPs3qyGQdDEG7sQX5+PfiOGZrNmZef8NgQhW8kGEgN1Q==
xx.example. 3600 IN AAAA 2001:db8:0:0:0:0:f00:baaa
xx.example. 3600 IN RRSIG AAAA 133 2 3600 20150420235959 20051021000000 62827 example. VAJBlXoTOScrIM6yPlDsd9o05v39qIzFnemR2vgw1s4l8maJVWi9IHEg8oiypJvGwSCP1nFsEOlXyNFQJ0fWGA==

14
sign_example.sh Normal file
View File

@ -0,0 +1,14 @@
#! /bin/bash
./bin/_jdnssec-signzone \
-3 \
-A 133:5:RSASHA1-NSEC3 \
-s 20051021000000 \
-e 20150420235959 \
-D test/ \
-S AABBCCDD \
--iterations 12 \
-k Kexample.+133+22088 \
test/example \
Kexample.+133+62827

View File

@ -35,8 +35,7 @@ import com.verisignlabs.dnssec.security.DnsKeyPair;
import com.verisignlabs.dnssec.security.SignUtils; import com.verisignlabs.dnssec.security.SignUtils;
/** /**
* This class forms the command line implementation of a DNSSEC DS/DLV * This class forms the command line implementation of a DNSSEC DS/DLV generator
* generator
* *
* @author David Blacka (original) * @author David Blacka (original)
* @author $Author: davidb $ * @author $Author: davidb $
@ -76,19 +75,22 @@ public class DSTool
opts.addOption("h", "help", false, "Print this message."); opts.addOption("h", "help", false, "Print this message.");
opts.addOption(OptionBuilder.withLongOpt("dlv") opts.addOption(OptionBuilder.withLongOpt("dlv")
.withDescription("Generate a DLV record instead.").create()); .withDescription("Generate a DLV record instead.")
.create());
// Argument options // Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level") .withArgName("level")
.withDescription("verbosity level -- 0 is silence, " .withDescription("verbosity level -- 0 is silence, 5 is debug information, 6 is trace information.\n"
+ "5 is debug information, " + "6 is trace information.\n" + "default is level 5.")
+ "default is level 5.").create('v')); .create('v'));
opts.addOption(OptionBuilder.hasArg().withLongOpt("digest") opts.addOption(OptionBuilder.hasArg()
.withLongOpt("digest")
.withArgName("id") .withArgName("id")
.withDescription("The Digest ID to use (numerically): " .withDescription("The Digest ID to use (numerically): either 1 for SHA1 or 2 for SHA256")
+ "either 1 for SHA1 or 2 for SHA256").create('d')); .create('d'));
} }
public void parseCommandLine(String[] args) public void parseCommandLine(String[] args)
@ -105,14 +107,14 @@ public class DSTool
Logger rootLogger = Logger.getLogger(""); Logger rootLogger = Logger.getLogger("");
switch (value) switch (value)
{ {
case 0 : case 0:
rootLogger.setLevel(Level.OFF); rootLogger.setLevel(Level.OFF);
break; break;
case 5 : case 5:
default : default:
rootLogger.setLevel(Level.FINE); rootLogger.setLevel(Level.FINE);
break; break;
case 6 : case 6:
rootLogger.setLevel(Level.ALL); rootLogger.setLevel(Level.ALL);
break; break;
} }
@ -142,14 +144,9 @@ public class DSTool
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out, 75, "jdnssec-dstool [..options..] keyfile", null, opts,
75, HelpFormatter.DEFAULT_LEFT_PAD,
"jdnssec-dstool [..options..] keyfile", HelpFormatter.DEFAULT_DESC_PAD, null);
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
out.flush(); out.flush();
System.exit(64); System.exit(64);
@ -159,8 +156,10 @@ public class DSTool
/** /**
* This is just a convenience method for parsing integers from strings. * This is just a convenience method for parsing integers from strings.
* *
* @param s the string to parse. * @param s
* @param def the default value, if the string doesn't parse. * the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) private static int parseInt(String s, int def)
@ -187,17 +186,16 @@ public class DSTool
log.warning("DNSKEY is not an SEP-flagged key."); log.warning("DNSKEY is not an SEP-flagged key.");
} }
DSRecord ds = SignUtils.calculateDSRecord(dnskey, DSRecord ds = SignUtils.calculateDSRecord(dnskey, state.digest_id,
state.digest_id, dnskey.getTTL());
dnskey.getTTL());
Record res = ds; Record res = ds;
if (state.createDLV) if (state.createDLV)
{ {
log.fine("creating DLV."); log.fine("creating DLV.");
DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), DLVRecord dlv = new DLVRecord(ds.getName(), ds.getDClass(), ds.getTTL(),
ds.getTTL(), ds.getFootprint(), ds.getAlgorithm(), ds.getFootprint(), ds.getAlgorithm(),
ds.getDigestID(), ds.getDigest()); ds.getDigestID(), ds.getDigest());
res = dlv; res = dlv;
} }
@ -223,14 +221,13 @@ public class DSTool
} }
catch (UnrecognizedOptionException e) catch (UnrecognizedOptionException e)
{ {
System.err.println("error: unknown option encountered: " System.err.println("error: unknown option encountered: " + e.getMessage());
+ e.getMessage());
state.usage(); state.usage();
} }
catch (AlreadySelectedException e) catch (AlreadySelectedException e)
{ {
System.err.println("error: mutually exclusive options have " System.err.println("error: mutually exclusive options have been selected:\n "
+ "been selected:\n " + e.getMessage()); + e.getMessage());
state.usage(); state.usage();
} }
catch (Exception e) catch (Exception e)

View File

@ -78,10 +78,8 @@ public class KeyGen
// boolean options // boolean options
opts.addOption("h", "help", false, "Print this message."); opts.addOption("h", "help", false, "Print this message.");
opts.addOption("k", opts.addOption("k", "kskflag", false,
"kskflag", "Key is a key-signing-key (sets the SEP flag).");
false,
"Key is a key-signing-key (sets the SEP flag).");
opts.addOption("e", "large-exponent", false, "Use large RSA exponent"); opts.addOption("e", "large-exponent", false, "Use large RSA exponent");
// Argument options // Argument options
@ -101,9 +99,8 @@ public class KeyGen
OptionBuilder.hasArg(); OptionBuilder.hasArg();
OptionBuilder.withArgName("algorithm"); OptionBuilder.withArgName("algorithm");
OptionBuilder OptionBuilder.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, "
.withDescription("RSA | RSASHA1 | RSAMD5 | DH | DSA | alias, " + "RSASHA1 is default.");
+ "RSASHA1 is default.");
opts.addOption(OptionBuilder.create('a')); opts.addOption(OptionBuilder.create('a'));
OptionBuilder.hasArg(); OptionBuilder.hasArg();
@ -117,8 +114,7 @@ public class KeyGen
OptionBuilder.hasArg(); OptionBuilder.hasArg();
OptionBuilder.withArgName("file"); OptionBuilder.withArgName("file");
OptionBuilder.withLongOpt("output-file"); OptionBuilder.withLongOpt("output-file");
OptionBuilder OptionBuilder.withDescription("base filename for the public/private key files");
.withDescription("base filename for the public/private key files");
opts.addOption(OptionBuilder.create('f')); opts.addOption(OptionBuilder.create('f'));
OptionBuilder.hasArg(); OptionBuilder.hasArg();
@ -151,14 +147,14 @@ public class KeyGen
Logger rootLogger = Logger.getLogger(""); Logger rootLogger = Logger.getLogger("");
switch (value) switch (value)
{ {
case 0 : case 0:
rootLogger.setLevel(Level.OFF); rootLogger.setLevel(Level.OFF);
break; break;
case 5 : case 5:
default : default:
rootLogger.setLevel(Level.FINE); rootLogger.setLevel(Level.FINE);
break; break;
case 6 : case 6:
rootLogger.setLevel(Level.ALL); rootLogger.setLevel(Level.ALL);
break; break;
} }
@ -245,14 +241,9 @@ public class KeyGen
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out, 75, "jdnssec-keygen [..options..] name", null, opts,
75, HelpFormatter.DEFAULT_LEFT_PAD,
"jdnssec-keygen [..options..] name", HelpFormatter.DEFAULT_DESC_PAD, null);
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
out.flush(); out.flush();
System.exit(64); System.exit(64);
@ -262,8 +253,10 @@ public class KeyGen
/** /**
* This is just a convenience method for parsing integers from strings. * This is just a convenience method for parsing integers from strings.
* *
* @param s the string to parse. * @param s
* @param def the default value, if the string doesn't parse. * the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) private static int parseInt(String s, int def)
@ -310,13 +303,9 @@ public class KeyGen
+ state.ttl + ", alg = " + state.algorithm + ", flags = " + flags + state.ttl + ", alg = " + state.algorithm + ", flags = " + flags
+ ", length = " + state.keylength + ")"); + ", length = " + state.keylength + ")");
DnsKeyPair pair = signer.generateKey(owner_name, DnsKeyPair pair = signer.generateKey(owner_name, state.ttl, DClass.IN,
state.ttl, state.algorithm, flags,
DClass.IN, state.keylength, state.useLargeE);
state.algorithm,
flags,
state.keylength,
state.useLargeE);
if (state.outputfile != null) if (state.outputfile != null)
{ {
@ -338,8 +327,7 @@ public class KeyGen
} }
catch (UnrecognizedOptionException e) catch (UnrecognizedOptionException e)
{ {
System.err.println("error: unknown option encountered: " System.err.println("error: unknown option encountered: " + e.getMessage());
+ e.getMessage());
state.usage(); state.usage();
} }
catch (AlreadySelectedException e) catch (AlreadySelectedException e)

View File

@ -32,8 +32,7 @@ import com.verisignlabs.dnssec.security.DnsKeyAlgorithm;
import com.verisignlabs.dnssec.security.DnsKeyPair; import com.verisignlabs.dnssec.security.DnsKeyPair;
/** /**
* This class forms the command line implementation of a DNSSEC DS/DLV * This class forms the command line implementation of a DNSSEC DS/DLV generator
* generator
* *
* @author David Blacka (original) * @author David Blacka (original)
* @author $Author: davidb $ * @author $Author: davidb $
@ -49,7 +48,7 @@ public class KeyInfoTool
private static class CLIState private static class CLIState
{ {
private Options opts; private Options opts;
public String keyname = null; public String keyname = null;
public CLIState() public CLIState()
{ {
@ -69,11 +68,15 @@ public class KeyInfoTool
opts.addOption("h", "help", false, "Print this message."); opts.addOption("h", "help", false, "Print this message.");
// Argument options // Argument options
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level") .withArgName("level")
.withDescription("verbosity level -- 0 is silence, " .withDescription(
+ "5 is debug information, " + "6 is trace information.\n" "verbosity level -- 0 is silence, "
+ "default is level 5.").create('v')); + "5 is debug information, "
+ "6 is trace information.\n"
+ "default is level 5.")
.create('v'));
OptionBuilder.hasArg(); OptionBuilder.hasArg();
OptionBuilder.withLongOpt("alg-alias"); OptionBuilder.withLongOpt("alg-alias");
@ -96,14 +99,14 @@ public class KeyInfoTool
Logger rootLogger = Logger.getLogger(""); Logger rootLogger = Logger.getLogger("");
switch (value) switch (value)
{ {
case 0 : case 0:
rootLogger.setLevel(Level.OFF); rootLogger.setLevel(Level.OFF);
break; break;
case 5 : case 5:
default : default:
rootLogger.setLevel(Level.FINE); rootLogger.setLevel(Level.FINE);
break; break;
case 6 : case 6:
rootLogger.setLevel(Level.ALL); rootLogger.setLevel(Level.ALL);
break; break;
} }
@ -136,14 +139,9 @@ public class KeyInfoTool
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out, 75, "jdnssec-keyinfo [..options..] keyfile", null, opts,
75, HelpFormatter.DEFAULT_LEFT_PAD,
"jdnssec-keyinfo [..options..] keyfile", HelpFormatter.DEFAULT_DESC_PAD, null);
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
out.flush(); out.flush();
System.exit(64); System.exit(64);
@ -153,8 +151,10 @@ public class KeyInfoTool
/** /**
* This is just a convenience method for parsing integers from strings. * This is just a convenience method for parsing integers from strings.
* *
* @param s the string to parse. * @param s
* @param def the default value, if the string doesn't parse. * the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) private static int parseInt(String s, int def)
@ -189,7 +189,6 @@ public class KeyInfoTool
algs.addAlias(alias, mn, orig); algs.addAlias(alias, mn, orig);
} }
public static void execute(CLIState state) throws Exception public static void execute(CLIState state) throws Exception
{ {
@ -202,9 +201,10 @@ public class KeyInfoTool
System.out.println("Name: " + dnskey.getName()); System.out.println("Name: " + dnskey.getName());
System.out.println("SEP: " + isSEP); System.out.println("SEP: " + isSEP);
System.out.println("Algorithm: " + dnskeyalg.algToString(dnskey.getAlgorithm())); System.out.println("Algorithm: "
+ dnskeyalg.algToString(dnskey.getAlgorithm()));
System.out.println("ID: " + dnskey.getFootprint()); System.out.println("ID: " + dnskey.getFootprint());
if (dnskeyalg.baseType(dnskey.getAlgorithm()) == dnskeyalg.RSA) if (dnskeyalg.baseType(dnskey.getAlgorithm()) == DnsKeyAlgorithm.RSA)
{ {
RSAPublicKey pub = (RSAPublicKey) key.getPublic(); RSAPublicKey pub = (RSAPublicKey) key.getPublic();
System.out.println("RSA Public Exponent: " + pub.getPublicExponent()); System.out.println("RSA Public Exponent: " + pub.getPublicExponent());
@ -223,8 +223,7 @@ public class KeyInfoTool
} }
catch (UnrecognizedOptionException e) catch (UnrecognizedOptionException e)
{ {
System.err.println("error: unknown option encountered: " System.err.println("error: unknown option encountered: " + e.getMessage());
+ e.getMessage());
state.usage(); state.usage();
} }
catch (AlreadySelectedException e) catch (AlreadySelectedException e)

View File

@ -36,8 +36,7 @@ import org.xbill.DNS.*;
import com.verisignlabs.dnssec.security.*; import com.verisignlabs.dnssec.security.*;
/** /**
* This class forms the command line implementation of a DNSSEC zone * This class forms the command line implementation of a DNSSEC zone validator.
* validator.
* *
* @author David Blacka (original) * @author David Blacka (original)
* @author $Author$ * @author $Author$
@ -75,26 +74,31 @@ public class VerifyZone
// boolean options // boolean options
opts.addOption("h", "help", false, "Print this message."); opts.addOption("h", "help", false, "Print this message.");
opts.addOption("s", opts.addOption("s", "strict", false,
"strict", "Zone will only be considered valid if all "
false, + "signatures could be cryptographically verified");
"Zone will only be considered valid if all "
+ "signatures could be cryptographically verified");
// Argument options // Argument options
opts.addOption(OptionBuilder.hasArg().withLongOpt("keydir") opts.addOption(OptionBuilder.hasArg()
.withArgName("dir").withDescription("directory to find " .withLongOpt("keydir")
+ "trusted key files").create('d')); .withArgName("dir")
.withDescription("directory to find " + "trusted key files")
.create('d'));
opts.addOption(OptionBuilder.hasOptionalArg().withLongOpt("verbose") opts.addOption(OptionBuilder.hasOptionalArg()
.withLongOpt("verbose")
.withArgName("level") .withArgName("level")
.withDescription("verbosity level -- 0 is silence, " .withDescription(
+ "5 is debug information, 6 is trace information.\n" "verbosity level -- 0 is silence, "
+ "default is level 5.").create('v')); + "5 is debug information, 6 is trace information.\n"
+ "default is level 5.")
.create('v'));
opts.addOption(OptionBuilder.hasArg() opts.addOption(OptionBuilder.hasArg()
.withArgName("alias:original:mnemonic").withLongOpt("alg-alias") .withArgName("alias:original:mnemonic")
.withDescription("Define an alias for an algorithm").create('A')); .withLongOpt("alg-alias")
.withDescription("Define an alias for an algorithm")
.create('A'));
} }
@ -114,16 +118,16 @@ public class VerifyZone
Logger rootLogger = Logger.getLogger(""); Logger rootLogger = Logger.getLogger("");
switch (value) switch (value)
{ {
case 0 : case 0:
rootLogger.setLevel(Level.OFF); rootLogger.setLevel(Level.OFF);
break; break;
case 5 : case 5:
default : default:
rootLogger.setLevel(Level.FINE); rootLogger.setLevel(Level.FINE);
break; break;
case 6 : case 6:
rootLogger.setLevel(Level.ALL); rootLogger.setLevel(Level.ALL);
break; break;
} }
} }
@ -187,14 +191,10 @@ public class VerifyZone
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out, 75, "verifyZone.sh [..options..] zonefile "
75, + "[keyfile [keyfile...]]", null, opts,
"verifyZone.sh [..options..] zonefile " + "[keyfile [keyfile...]]", HelpFormatter.DEFAULT_LEFT_PAD,
null, HelpFormatter.DEFAULT_DESC_PAD, null);
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
out.flush(); out.flush();
System.exit(64); System.exit(64);
@ -204,8 +204,10 @@ public class VerifyZone
/** /**
* This is just a convenience method for parsing integers from strings. * This is just a convenience method for parsing integers from strings.
* *
* @param s the string to parse. * @param s
* @param def the default value, if the string doesn't parse. * the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) private static int parseInt(String s, int def)
@ -327,19 +329,19 @@ public class VerifyZone
switch (result) switch (result)
{ {
case DNSSEC.Failed : case DNSSEC.Failed:
System.out.println("zone did not verify.");
System.exit(1);
break;
case DNSSEC.Insecure:
if (state.strict)
{
System.out.println("zone did not verify."); System.out.println("zone did not verify.");
System.exit(1); System.exit(1);
break; }
case DNSSEC.Insecure : case DNSSEC.Secure:
if (state.strict) System.out.println("zone verified.");
{ break;
System.out.println("zone did not verify.");
System.exit(1);
}
case DNSSEC.Secure :
System.out.println("zone verified.");
break;
} }
System.exit(0); System.exit(0);
} }
@ -354,8 +356,7 @@ public class VerifyZone
} }
catch (UnrecognizedOptionException e) catch (UnrecognizedOptionException e)
{ {
System.err.println("error: unknown option encountered: " System.err.println("error: unknown option encountered: " + e.getMessage());
+ e.getMessage());
state.usage(); state.usage();
} }
catch (AlreadySelectedException e) catch (AlreadySelectedException e)

View File

@ -56,7 +56,7 @@ public class ZoneFormat
private static class CLIState private static class CLIState
{ {
private org.apache.commons.cli.Options opts; private org.apache.commons.cli.Options opts;
public String file; public String file;
public CLIState() public CLIState()
{ {
@ -79,16 +79,16 @@ public class ZoneFormat
Logger rootLogger = Logger.getLogger(""); Logger rootLogger = Logger.getLogger("");
switch (value) switch (value)
{ {
case 0 : case 0:
rootLogger.setLevel(Level.OFF); rootLogger.setLevel(Level.OFF);
break; break;
case 5 : case 5:
default : default:
rootLogger.setLevel(Level.FINE); rootLogger.setLevel(Level.FINE);
break; break;
case 6 : case 6:
rootLogger.setLevel(Level.ALL); rootLogger.setLevel(Level.ALL);
break; break;
} }
} }
@ -133,14 +133,9 @@ public class ZoneFormat
PrintWriter out = new PrintWriter(System.err); PrintWriter out = new PrintWriter(System.err);
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out, 75, "jdnssec-zoneformat [..options..] zonefile", null,
75, opts, HelpFormatter.DEFAULT_LEFT_PAD,
"jdnssec-zoneformat [..options..] zonefile", HelpFormatter.DEFAULT_DESC_PAD, null);
null,
opts,
HelpFormatter.DEFAULT_LEFT_PAD,
HelpFormatter.DEFAULT_DESC_PAD,
null);
out.flush(); out.flush();
System.exit(64); System.exit(64);
@ -150,8 +145,10 @@ public class ZoneFormat
/** /**
* This is just a convenience method for parsing integers from strings. * This is just a convenience method for parsing integers from strings.
* *
* @param s the string to parse. * @param s
* @param def the default value, if the string doesn't parse. * the string to parse.
* @param def
* the default value, if the string doesn't parse.
* @return the parsed integer, or the default. * @return the parsed integer, or the default.
*/ */
private static int parseInt(String s, int def) private static int parseInt(String s, int def)
@ -195,12 +192,13 @@ public class ZoneFormat
Collections.sort(zone, cmp); Collections.sort(zone, cmp);
for (Iterator i = zone.iterator(); i.hasNext(); ) for (Iterator i = zone.iterator(); i.hasNext();)
{ {
Record r = (Record) i.next(); Record r = (Record) i.next();
System.out.println(r.toString()); System.out.println(r.toString());
} }
} }
private static void execute(CLIState state) throws IOException private static void execute(CLIState state) throws IOException
{ {
List z = readZoneFile(state.file); List z = readZoneFile(state.file);
@ -217,8 +215,7 @@ public class ZoneFormat
} }
catch (UnrecognizedOptionException e) catch (UnrecognizedOptionException e)
{ {
System.err.println("error: unknown option encountered: " System.err.println("error: unknown option encountered: " + e.getMessage());
+ e.getMessage());
state.usage(); state.usage();
} }
catch (AlreadySelectedException e) catch (AlreadySelectedException e)

View File

@ -138,18 +138,23 @@ public class BINDKeyUtils
} }
/** /**
* Given the information necessary to construct the path to a BIND9 * Given the information necessary to construct the path to a BIND9 generated
* generated key pair, load the key pair. * key pair, load the key pair.
* *
* @param signer the DNS name of the key. * @param signer
* @param algorithm the DNSSEC algorithm of the key. * the DNS name of the key.
* @param keyid the DNSSEC key footprint. * @param algorithm
* @param inDirectory the directory to look for the files (may be null). * the DNSSEC algorithm of the key.
* @param keyid
* the DNSSEC key footprint.
* @param inDirectory
* the directory to look for the files (may be null).
* @return the loaded key pair. * @return the loaded key pair.
* @throws IOException if there was a problem reading the BIND9 files. * @throws IOException
* if there was a problem reading the BIND9 files.
*/ */
public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid, public static DnsKeyPair loadKeyPair(Name signer, int algorithm, int keyid,
File inDirectory) throws IOException File inDirectory) throws IOException
{ {
String keyFileBase = getKeyFileBase(signer, algorithm, keyid); String keyFileBase = getKeyFileBase(signer, algorithm, keyid);
@ -159,15 +164,17 @@ public class BINDKeyUtils
/** /**
* Given a base path to a BIND9 key pair, load the key pair. * Given a base path to a BIND9 key pair, load the key pair.
* *
* @param keyFileBasePath the base filename (or real filename for either the * @param keyFileBasePath
* public or private key) of the key. * the base filename (or real filename for either the public or
* @param inDirectory the directory to look in, if the keyFileBasePath is * private key) of the key.
* relative. * @param inDirectory
* the directory to look in, if the keyFileBasePath is relative.
* @return the loaded key pair. * @return the loaded key pair.
* @throws IOException if there was a problem reading the files * @throws IOException
* if there was a problem reading the files
*/ */
public static DnsKeyPair loadKeyPair(String keyFileBasePath, public static DnsKeyPair loadKeyPair(String keyFileBasePath, File inDirectory)
File inDirectory) throws IOException throws IOException
{ {
keyFileBasePath = fixKeyFileBasePath(keyFileBasePath); keyFileBasePath = fixKeyFileBasePath(keyFileBasePath);
// FIXME: should we throw the IOException when one of the files // FIXME: should we throw the IOException when one of the files
@ -190,12 +197,13 @@ public class BINDKeyUtils
* Given a base path to a BIND9 key pair, load the public part (only) of the * Given a base path to a BIND9 key pair, load the public part (only) of the
* key pair * key pair
* *
* @param keyFileBasePath the base or real path to the public part of a key * @param keyFileBasePath
* pair. * the base or real path to the public part of a key pair.
* @param inDirectory the directory to look in if the path is relative (may * @param inDirectory
* be null). * the directory to look in if the path is relative (may be null).
* @return a {@link DnsKeyPair} containing just the public key information. * @return a {@link DnsKeyPair} containing just the public key information.
* @throws IOException if there was a problem reading the public key file. * @throws IOException
* if there was a problem reading the public key file.
*/ */
public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory) public static DnsKeyPair loadKey(String keyFileBasePath, File inDirectory)
throws IOException throws IOException
@ -212,15 +220,18 @@ public class BINDKeyUtils
} }
/** /**
* Load a BIND keyset file. The BIND 9 dnssec tools typically call these * Load a BIND keyset file. The BIND 9 dnssec tools typically call these files
* files "keyset-[signer]." where [signer] is the DNS owner name of the key. * "keyset-[signer]." where [signer] is the DNS owner name of the key. The
* The keyset may be signed, but doesn't have to be. * keyset may be signed, but doesn't have to be.
* *
* @param keysetFileName the name of the keyset file. * @param keysetFileName
* @param inDirectory the directory to look in if the path is relative (may * the name of the keyset file.
* be null, defaults to the current working directory). * @param inDirectory
* the directory to look in if the path is relative (may be null,
* defaults to the current working directory).
* @return a RRset contain the KEY records and any associated SIG records. * @return a RRset contain the KEY records and any associated SIG records.
* @throws IOException if there was a problem reading the keyset file. * @throws IOException
* if there was a problem reading the keyset file.
*/ */
public static RRset loadKeySet(String keysetFileName, File inDirectory) public static RRset loadKeySet(String keysetFileName, File inDirectory)
throws IOException throws IOException
@ -242,8 +253,8 @@ public class BINDKeyUtils
/** /**
* Calculate the key file base for this key pair. * Calculate the key file base for this key pair.
* *
* @param pair the {@link DnsKeyPair} to work from. It only needs a public * @param pair
* key. * the {@link DnsKeyPair} to work from. It only needs a public key.
* @return the base name of the key files. * @return the base name of the key files.
*/ */
public static String keyFileBase(DnsKeyPair pair) public static String keyFileBase(DnsKeyPair pair)
@ -251,9 +262,8 @@ public class BINDKeyUtils
DNSKEYRecord keyrec = pair.getDNSKEYRecord(); DNSKEYRecord keyrec = pair.getDNSKEYRecord();
if (keyrec == null) return null; if (keyrec == null) return null;
return getKeyFileBase(keyrec.getName(), return getKeyFileBase(keyrec.getName(), keyrec.getAlgorithm(),
keyrec.getAlgorithm(), keyrec.getFootprint());
keyrec.getFootprint());
} }
/** /**
@ -281,10 +291,11 @@ public class BINDKeyUtils
} }
/** /**
* Given a the contents of a BIND9 private key file, convert it into a * Given a the contents of a BIND9 private key file, convert it into a native
* native {@link java.security.PrivateKey} object. * {@link java.security.PrivateKey} object.
* *
* @param privateKeyString the contents of a BIND9 key file in string form. * @param privateKeyString
* the contents of a BIND9 key file in string form.
* @return a {@link java.security.PrivateKey} * @return a {@link java.security.PrivateKey}
*/ */
public static PrivateKey convertPrivateKeyString(String privateKeyString) public static PrivateKey convertPrivateKeyString(String privateKeyString)
@ -314,13 +325,14 @@ public class BINDKeyUtils
* Given a native private key, convert it into a BIND9 private key file * Given a native private key, convert it into a BIND9 private key file
* format. * format.
* *
* @param priv the private key to convert. * @param priv
* @param pub the private key's corresponding public key. Some algorithms * the private key to convert.
* @param pub
* the private key's corresponding public key. Some algorithms
* require information from both. * require information from both.
* @return a string containing the contents of a BIND9 private key file. * @return a string containing the contents of a BIND9 private key file.
*/ */
public static String convertPrivateKey(PrivateKey priv, PublicKey pub, public static String convertPrivateKey(PrivateKey priv, PublicKey pub, int alg)
int alg)
{ {
if (priv != null) if (priv != null)
{ {
@ -337,9 +349,8 @@ public class BINDKeyUtils
/** /**
* Convert the KEY record to the exact string format that the dnssec-* * Convert the KEY record to the exact string format that the dnssec-*
* routines need. Currently, the DNSJAVA package uses a multiline mode for * routines need. Currently, the DNSJAVA package uses a multiline mode for its
* its record formatting. The BIND9 tools require everything on a single * record formatting. The BIND9 tools require everything on a single line.
* line.
*/ */
private static String DNSKEYtoString(DNSKEYRecord rec) private static String DNSKEYtoString(DNSKEYRecord rec)
{ {
@ -361,23 +372,26 @@ public class BINDKeyUtils
/** /**
* This routine will write out the BIND9 dnssec-* tool compatible files. * This routine will write out the BIND9 dnssec-* tool compatible files.
* *
* @param baseFileName use this base file name. If null, the standard BIND9 * @param baseFileName
* base file name will be computed. * use this base file name. If null, the standard BIND9 base file
* @param pair the keypair in question. * name will be computed.
* @param inDirectory the directory to write to (may be null). * @param pair
* @throws IOException if there is a problem writing the files. * the keypair in question.
* @param inDirectory
* the directory to write to (may be null).
* @throws IOException
* if there is a problem writing the files.
*/ */
public static void writeKeyFiles(String baseFileName, DnsKeyPair pair, public static void writeKeyFiles(String baseFileName, DnsKeyPair pair,
File inDirectory) throws IOException File inDirectory) throws IOException
{ {
DNSKEYRecord pub = pair.getDNSKEYRecord(); DNSKEYRecord pub = pair.getDNSKEYRecord();
String priv = pair.getPrivateKeyString(); String priv = pair.getPrivateKeyString();
if (priv == null) if (priv == null)
{ {
priv = convertPrivateKey(pair.getPrivate(), priv = convertPrivateKey(pair.getPrivate(), pair.getPublic(),
pair.getPublic(), pair.getDNSKEYAlgorithm());
pair.getDNSKEYAlgorithm());
} }
if (pub == null || priv == null) return; if (pub == null || priv == null) return;
@ -397,11 +411,13 @@ public class BINDKeyUtils
} }
/** /**
* This routine will write out the BIND9 dnssec-* tool compatible files to * This routine will write out the BIND9 dnssec-* tool compatible files to the
* the standard file names. * standard file names.
* *
* @param pair the key pair in question. * @param pair
* @param inDirectory the directory to write to (may be null). * the key pair in question.
* @param inDirectory
* the directory to write to (may be null).
*/ */
public static void writeKeyFiles(DnsKeyPair pair, File inDirectory) public static void writeKeyFiles(DnsKeyPair pair, File inDirectory)
throws IOException throws IOException

View File

@ -21,9 +21,9 @@ package com.verisignlabs.dnssec.security;
import java.util.Comparator; import java.util.Comparator;
/** /**
* This class implements a basic comparitor for byte arrays. It is primarily * This class implements a basic comparator for byte arrays. It is primarily
* useful for comparing RDATA portions of DNS records in doing DNSSEC * useful for comparing RDATA portions of DNS records in doing DNSSEC canonical
* canonical ordering. * ordering.
* *
* @author David Blacka (original) * @author David Blacka (original)
* @author $Author$ * @author $Author$

View File

@ -77,7 +77,6 @@ public class DnsKeyConverter
{ {
if (pKeyRecord.getKey() == null) return null; if (pKeyRecord.getKey() == null) return null;
// FIXME: this won't work at all with alg aliases.
// For now, instead of re-implementing parseRecord (or adding this stuff // For now, instead of re-implementing parseRecord (or adding this stuff
// to DNSjava), we will just translate the algorithm back to a standard // to DNSjava), we will just translate the algorithm back to a standard
// algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1. // algorithm. Note that this will unnecessarily convert RSAMD5 to RSASHA1.

View File

@ -26,10 +26,10 @@ import org.xbill.DNS.*;
/** /**
* This class forms the basis for representing public/private key pairs in a * This class forms the basis for representing public/private key pairs in a
* DNSSEC context. It is possible to get a JCA public and private key from * DNSSEC context. It is possible to get a JCA public and private key from this
* this object, as well as a DNSKEYRecord encoding of the public key. This * object, as well as a DNSKEYRecord encoding of the public key. This class is
* class is implemented as a UNION of all the functionality needed for handing * implemented as a UNION of all the functionality needed for handing native
* native java, BIND, and possibly other underlying DNSKEY engines. * java, BIND, and possibly other underlying DNSKEY engines.
* *
* JCA == Java Cryptography Architecture. * JCA == Java Cryptography Architecture.
* *
@ -47,8 +47,8 @@ public class DnsKeyPair
protected DNSKEYRecord mPublicKeyRecord; protected DNSKEYRecord mPublicKeyRecord;
/** /**
* This is a precalcuated cache of the KEYRecord converted into a JCA public * This is a pre-calculated cache of the DNSKEYRecord converted into a JCA
* key. * public key.
*/ */
private PublicKey mPublicKey; private PublicKey mPublicKey;
@ -59,8 +59,8 @@ public class DnsKeyPair
protected String mPrivateKeyString; protected String mPrivateKeyString;
/** /**
* The private key in JCA format. This is the base encoding for instances * The private key in JCA format. This is the base encoding for instances where
* were JCA private keys are used. * JCA private keys are used.
*/ */
protected PrivateKey mPrivateKey; protected PrivateKey mPrivateKey;
@ -73,7 +73,7 @@ public class DnsKeyPair
protected Signature mSigner; protected Signature mSigner;
/** /**
* a caches Signature used for verifying (intialized with the public key) * a caches Signature used for verifying (initialized with the public key)
*/ */
protected Signature mVerifier; protected Signature mVerifier;
@ -113,12 +113,8 @@ public class DnsKeyPair
this(); this();
DnsKeyConverter conv = new DnsKeyConverter(); DnsKeyConverter conv = new DnsKeyConverter();
DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DNSKEYRecord keyrec = conv.generateDNSKEYRecord(keyName, DClass.IN, 0, 0,
DClass.IN, algorithm, publicKey);
0,
0,
algorithm,
publicKey);
setDNSKEYRecord(keyrec); setDNSKEYRecord(keyrec);
setPrivate(privateKey); setPrivate(privateKey);
} }
@ -208,9 +204,8 @@ public class DnsKeyPair
if (mPrivateKeyString == null && mPrivateKey != null) if (mPrivateKeyString == null && mPrivateKey != null)
{ {
PublicKey pub = getPublic(); PublicKey pub = getPublic();
mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, mPrivateKeyString = BINDKeyUtils.convertPrivateKey(mPrivateKey, pub,
pub, getDNSKEYAlgorithm());
getDNSKEYAlgorithm());
} }
return mPrivateKeyString; return mPrivateKeyString;
@ -231,9 +226,9 @@ public class DnsKeyPair
} }
/** /**
* Sets the private key from the encoded form (PKCS#8). This routine * Sets the private key from the encoded form (PKCS#8). This routine requires
* requires that the public key already be assigned. Currently it can only * that the public key already be assigned. Currently it can only handle DSA
* handle DSA and RSA keys. * and RSA keys.
*/ */
public void setEncodedPrivate(byte[] encoded) public void setEncodedPrivate(byte[] encoded)
{ {
@ -275,7 +270,7 @@ public class DnsKeyPair
} }
else else
{ {
// do not return an unitialized signer. // do not return an uninitialized signer.
return null; return null;
} }
} }
@ -301,11 +296,12 @@ public class DnsKeyPair
mVerifier.initVerify(pk); mVerifier.initVerify(pk);
} }
catch (InvalidKeyException e) catch (InvalidKeyException e)
{} {
}
} }
else else
{ {
// do not return an unitialized verifier // do not return an uninitialized verifier
return null; return null;
} }
} }

View File

@ -95,10 +95,7 @@ public class DnsSecVerifier implements Verifier
{ {
DnsKeyPair p = (DnsKeyPair) i.next(); DnsKeyPair p = (DnsKeyPair) i.next();
if (p.getDNSKEYAlgorithm() == algorithm if (p.getDNSKEYAlgorithm() == algorithm
&& p.getDNSKEYFootprint() == keyid) && p.getDNSKEYFootprint() == keyid) { return p; }
{
return p;
}
} }
return null; return null;
} }
@ -154,7 +151,7 @@ public class DnsSecVerifier implements Verifier
} }
private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm, private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm,
int footprint) int footprint)
{ {
RRset[] keysets = cache.findAnyRecords(name, Type.KEY); RRset[] keysets = cache.findAnyRecords(name, Type.KEY);
if (keysets == null) return null; if (keysets == null) return null;
@ -167,17 +164,15 @@ public class DnsSecVerifier implements Verifier
if (!(o instanceof DNSKEYRecord)) continue; if (!(o instanceof DNSKEYRecord)) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) o; DNSKEYRecord keyrec = (DNSKEYRecord) o;
if (keyrec.getAlgorithm() == algorithm if (keyrec.getAlgorithm() == algorithm
&& keyrec.getFootprint() == footprint) && keyrec.getFootprint() == footprint) { return new DnsKeyPair(
{ keyrec, (PrivateKey) null); }
return new DnsKeyPair(keyrec, (PrivateKey) null);
}
} }
return null; return null;
} }
private DnsKeyPair findKey(Cache cache, Name name, int algorithm, private DnsKeyPair findKey(Cache cache, Name name, int algorithm,
int footprint) int footprint)
{ {
DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint); DnsKeyPair pair = mKeyStore.find(name, algorithm, footprint);
if (pair == null && cache != null) if (pair == null && cache != null)
@ -238,9 +233,9 @@ public class DnsSecVerifier implements Verifier
/** /**
* Verify an RRset against a particular signature. * Verify an RRset against a particular signature.
* *
* @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did * @return DNSSEC.Secure if the signature verfied, DNSSEC.Failed if it did not
* not verify (for any reason), and DNSSEC.Insecure if verification * verify (for any reason), and DNSSEC.Insecure if verification could
* could not be completed (usually because the public key was not * not be completed (usually because the public key was not
* available). * available).
*/ */
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache) public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache)
@ -248,10 +243,8 @@ public class DnsSecVerifier implements Verifier
byte result = validateSignature(rrset, sigrec); byte result = validateSignature(rrset, sigrec);
if (result != DNSSEC.Secure) return result; if (result != DNSSEC.Secure) return result;
DnsKeyPair keypair = findKey(cache, DnsKeyPair keypair = findKey(cache, sigrec.getSigner(),
sigrec.getSigner(), sigrec.getAlgorithm(), sigrec.getFootprint());
sigrec.getAlgorithm(),
sigrec.getFootprint());
if (keypair == null) if (keypair == null)
{ {
@ -299,8 +292,8 @@ public class DnsSecVerifier implements Verifier
/** /**
* Verifies an RRset. This routine does not modify the RRset. * Verifies an RRset. This routine does not modify the RRset.
* *
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, * @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and
* and DNSSEC.Insecure if verification could not complete. * DNSSEC.Insecure if verification could not complete.
*/ */
public int verify(RRset rrset, Cache cache) public int verify(RRset rrset, Cache cache)
{ {

View File

@ -26,10 +26,9 @@ import org.xbill.DNS.Record;
import org.xbill.DNS.Type; import org.xbill.DNS.Type;
/** /**
* This class implements a comparison operator for {@link * This class implements a comparison operator for {@link org.xbill.DNS.Record}
* org.xbill.DNS.Record} objects. It imposes a canonical order consistent with * objects. It imposes a canonical order consistent with DNSSEC. It does not put
* DNSSEC. It does not put records within a RRset into canonical order: see * records within a RRset into canonical order: see {@link ByteArrayComparator}.
* {@link ByteArrayComparator}.
* *
* @author David Blacka (original) * @author David Blacka (original)
* @author $Author$ * @author $Author$
@ -43,8 +42,8 @@ public class RecordComparator implements Comparator
} }
/** /**
* In general, types are compared numerically. However, SOA and NS are * In general, types are compared numerically. However, SOA and NS are ordered
* ordered before the rest. * before the rest.
*/ */
private int compareTypes(int a, int b) private int compareTypes(int a, int b)
{ {

View File

@ -56,7 +56,7 @@ public class SHA256
} }
// Constants "K" // Constants "K"
private static final int K[] = {0x428a2f98, 0x71374491, 0xb5c0fbcf, private static final int K[] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf,
0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98,
0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7,
0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f,
@ -67,7 +67,7 @@ public class SHA256
0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c,
0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee,
0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7,
0xc67178f2 }; 0xc67178f2 };
private int digest[] = new int[8]; private int digest[] = new int[8];
private byte data[]; private byte data[];
@ -160,11 +160,11 @@ public class SHA256
int aBlock[]; int aBlock[];
byte byteBlock[]; byte byteBlock[];
// for (int n = 0; n < data.length; n++) // for (int n = 0; n < data.length; n++)
// { // {
// System.out.print(Integer.toHexString(data[n]) + " "); // System.out.print(Integer.toHexString(data[n]) + " ");
// } // }
// System.out.println("\n\n"); // System.out.println("\n\n");
if (data.length > 64) if (data.length > 64)
{ {
int n = data.length / 64; int n = data.length / 64;
@ -200,8 +200,7 @@ public class SHA256
} }
/* /*
* this is the method that actually performs the digest and returns the * this is the method that actually performs the digest and returns the result
* result
*/ */
private void transform(int block[]) private void transform(int block[])
{ {
@ -242,14 +241,14 @@ public class SHA256
B = A; B = A;
A = T1 + T2; A = T1 + T2;
// System.out.println("A: " + Integer.toHexString(A)); // System.out.println("A: " + Integer.toHexString(A));
// System.out.println("B: " + Integer.toHexString(B)); // System.out.println("B: " + Integer.toHexString(B));
// System.out.println("C: " + Integer.toHexString(C)); // System.out.println("C: " + Integer.toHexString(C));
// System.out.println("D: " + Integer.toHexString(D)); // System.out.println("D: " + Integer.toHexString(D));
// System.out.println("E: " + Integer.toHexString(E)); // System.out.println("E: " + Integer.toHexString(E));
// System.out.println("F: " + Integer.toHexString(F)); // System.out.println("F: " + Integer.toHexString(F));
// System.out.println("G: " + Integer.toHexString(G)); // System.out.println("G: " + Integer.toHexString(G));
// System.out.println("H: " + Integer.toHexString(H) + "\n"); // System.out.println("H: " + Integer.toHexString(H) + "\n");
} }

View File

@ -12,8 +12,8 @@ import org.xbill.DNS.DNSOutput;
import org.xbill.DNS.Type; import org.xbill.DNS.Type;
/** /**
* This class represents the multiple type maps of the NSEC record. Currently * This class represents the multiple type maps of the NSEC record. Currently it
* it is just used to convert the wire format type map to the int array that * is just used to convert the wire format type map to the int array that
* org.xbill.DNS.NSECRecord uses. * org.xbill.DNS.NSECRecord uses.
*/ */
@ -59,8 +59,8 @@ public class TypeMap
} }
/** /**
* Given an array of bytes representing a wire-format type map, construct * Given an array of bytes representing a wire-format type map, construct the
* the TypeMap object. * TypeMap object.
*/ */
public static TypeMap fromBytes(byte[] map) public static TypeMap fromBytes(byte[] map)
{ {
@ -109,7 +109,7 @@ public class TypeMap
} }
protected static void mapToWire(DNSOutput out, int[] types, int base, protected static void mapToWire(DNSOutput out, int[] types, int base,
int start, int end) int start, int end)
{ {
// calculate the length of this map by looking at the largest // calculate the length of this map by looking at the largest
// typecode in this section. // typecode in this section.

View File

@ -33,7 +33,6 @@ import org.xbill.DNS.RRset;
import org.xbill.DNS.Record; import org.xbill.DNS.Record;
import org.xbill.DNS.Type; import org.xbill.DNS.Type;
/** /**
* This class contains a bunch of utility methods that are generally useful in * This class contains a bunch of utility methods that are generally useful in
* manipulating zones. * manipulating zones.
@ -48,11 +47,14 @@ public class ZoneUtils
/** /**
* Load a zone file. * Load a zone file.
* *
* @param zonefile the filename/path of the zonefile to read. * @param zonefile
* @param origin the origin to use for the zonefile (may be null if the * the filename/path of the zonefile to read.
* origin is specified in the zone file itself). * @param origin
* the origin to use for the zonefile (may be null if the origin is
* specified in the zone file itself).
* @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects. * @return a {@link java.util.List} of {@link org.xbill.DNS.Record} objects.
* @throws IOException if something goes wrong reading the zone file. * @throws IOException
* if something goes wrong reading the zone file.
*/ */
public static List readZoneFile(String zonefile, Name origin) public static List readZoneFile(String zonefile, Name origin)
throws IOException throws IOException
@ -73,10 +75,11 @@ public class ZoneUtils
/** /**
* Write the records out into a zone file. * Write the records out into a zone file.
* *
* @param records a {@link java.util.List} of {@link org.xbill.DNS.Record} * @param records
* objects forming a zone. * a {@link java.util.List} of {@link org.xbill.DNS.Record} objects
* @param zonefile the file to write to. If null or equal to "-", System.out * forming a zone.
* is used. * @param zonefile
* the file to write to. If null or equal to "-", System.out is used.
*/ */
public static void writeZoneFile(List records, String zonefile) public static void writeZoneFile(List records, String zonefile)
throws IOException throws IOException
@ -103,8 +106,9 @@ public class ZoneUtils
/** /**
* Given just the list of records, determine the zone name (origin). * Given just the list of records, determine the zone name (origin).
* *
* @param records a list of {@link org.xbill.DNS.Record} or {@link * @param records
* org.xbill.DNS.RRset} objects. * a list of {@link org.xbill.DNS.Record} or
* {@link org.xbill.DNS.RRset} objects.
* @return the zone name, if found. null if one couldn't be found.q * @return the zone name, if found. null if one couldn't be found.q
*/ */
public static Name findZoneName(List records) public static Name findZoneName(List records)