bug fixes: RecordComparator needs to also compare RDATA so the removeDuplicates step actually works reliably -- this was masked by the duplicate suppression in RRset; only allow one command line specified KSK, since commons-cli doesn't seem to handle multi-arg options correctly; do not croak on the lack of command-line keys for now;; Also: new dnsjava lib that contains NSEC3 changes for the -04pre draft

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@55 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e

src/com/verisignlabs/dnssec/cl/SignZone.java

@@ -182,7 +182,15 @@ public class SignZone
 
       outputfile = cli.getOptionValue('f');
 
-      kskFiles = cli.getOptionValues('k');
+      // FIXME: this is a bit awkward, because we really want -k to repeat,
+      // but the CLI classes don't do it quite right. Instead we just convert
+      // our single argument to an array.
+      String kskFile = cli.getOptionValue('k');
+      if (kskFile != null)
+      {
+        kskFiles = new String[1];
+        kskFiles[0] = kskFile;
+      }
 
       if ((optstr = cli.getOptionValue('I')) != null)
       {
@@ -213,16 +221,19 @@ public class SignZone
 
       String[] files = cli.getArgs();
 
-      if (files.length < 2)
+      if (files.length < 1)
       {
         System.err.println("error: missing zone file and/or key files");
         usage();
       }
 
       zonefile = files[0];
+      if (files.length > 1)
+      {
         keyFiles = new String[files.length - 1];
         System.arraycopy(files, 1, keyFiles, 0, files.length - 1);
       }
+    }
 
     /**
      * Set up the command line options.
@@ -264,9 +275,10 @@ public class SignZone
       opts.addOption(OptionBuilder.hasArg().withArgName("outfile")
           .withDescription("file the signed zone is written to "
               + "(default is <origin>.signed).").create('f'));
-      opts.addOption(OptionBuilder.hasArgs().withArgName("KSK file")
+      opts.addOption(OptionBuilder.hasArg()
-          .withLongOpt("ksk-file").withDescription("this key is a key "
+          .withArgName("KSK file").withLongOpt("ksk-file")
-              + "signing key (may repeat).").create('k'));
+          .withDescription("this key is the key signing key.")
+          .create('k'));
       opts.addOption(OptionBuilder.hasArg().withArgName("file")
           .withLongOpt("include-file")
           .withDescription("include names in this "
@@ -857,6 +869,20 @@ public class SignZone
       }
     }
 
+    // If there are no ZSKs defined at this point (yet there are KSKs
+    // provided), all KSKs will be treated as ZSKs, as well.
+    if (keypairs == null || keypairs.size() == 0)
+    {
+      keypairs = kskpairs;
+    }
+    
+    // If there *still* aren't any ZSKs defined, bail.
+    if (keypairs == null || keypairs.size() == 0)
+    {
+      System.err.println("No zone signing keys could be determined.");
+      state.usage();
+    }
+    
     // Read in the zone
     List records = ZoneUtils.readZoneFile(state.zonefile, null);
     if (records == null || records.size() == 0)

src/com/verisignlabs/dnssec/security/RecordComparator.java

@@ -60,6 +60,19 @@ public class RecordComparator implements Comparator
     return 1;
   }
 
+  private int compareRDATA(Record a, Record b)
+  {
+    byte[] a_rdata = a.rdataToWireCanonical();
+    byte[] b_rdata = b.rdataToWireCanonical();
+    
+    for (int i = 0; i < a_rdata.length && i < b_rdata.length; i++) 
+    {
+      int n = (a_rdata[i] & 0xFF) - (b_rdata[i] & 0xFF);
+      if (n != 0) return n;
+    }
+    return (a_rdata.length - b_rdata.length);
+  }
+  
   public int compare(Object o1, Object o2) throws ClassCastException
   {
     Record a = (Record) o1;
@@ -92,6 +105,6 @@ public class RecordComparator implements Comparator
 
     if (sig_type != 0) return sig_type;
 
-    return 0;
+    return compareRDATA(a, b);
   }
 }