make VerifyZone work with just the zone (which is self-signed anyway)

git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@50 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka 2005-11-14 22:45:09 +00:00
parent 13fae1fc81
commit e349476def
3 changed files with 43 additions and 12 deletions

View File

@ -30,9 +30,8 @@ import java.util.logging.Level;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.apache.commons.cli.*; import org.apache.commons.cli.*;
import org.xbill.DNS.DNSSEC; import org.apache.commons.cli.Options;
import org.xbill.DNS.RRSIGRecord; import org.xbill.DNS.*;
import org.xbill.DNS.RRset;
import com.verisignlabs.dnssec.security.BINDKeyUtils; import com.verisignlabs.dnssec.security.BINDKeyUtils;
import com.verisignlabs.dnssec.security.DnsKeyPair; import com.verisignlabs.dnssec.security.DnsKeyPair;
@ -116,15 +115,12 @@ public class VerifyZone
zonefile = cl_args[0]; zonefile = cl_args[0];
if (cl_args.length < 2) if (cl_args.length >= 2)
{ {
System.err.println("error: at least one trusted key is required");
usage();
}
keyfiles = new String[cl_args.length - 1]; keyfiles = new String[cl_args.length - 1];
System.arraycopy(cl_args, 1, keyfiles, 0, keyfiles.length); System.arraycopy(cl_args, 1, keyfiles, 0, keyfiles.length);
} }
}
/** /**
* Set up the command line options. * Set up the command line options.
@ -170,7 +166,7 @@ public class VerifyZone
// print our own usage statement: // print our own usage statement:
f.printHelp(out, f.printHelp(out,
75, 75,
"verifyZone.sh [..options..] zonefile " + "keyfile [keyfile...]", "verifyZone.sh [..options..] zonefile " + "[keyfile [keyfile...]]",
null, null,
opts, opts,
HelpFormatter.DEFAULT_LEFT_PAD, HelpFormatter.DEFAULT_LEFT_PAD,
@ -247,6 +243,27 @@ public class VerifyZone
return result; return result;
} }
private static List getTrustedKeysFromZone(List records)
{
List res = new ArrayList();
Name zonename = null;
for (Iterator i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
if (r.getType() == Type.SOA)
{
zonename = r.getName();
}
if (r.getName().equals(zonename) && r.getType() == Type.DNSKEY)
{
DnsKeyPair pair = new DnsKeyPair((DNSKEYRecord) r);
res.add(pair);
}
}
return res;
}
private static List getTrustedKeys(String[] keyfiles, File inDirectory) private static List getTrustedKeys(String[] keyfiles, File inDirectory)
throws IOException throws IOException
{ {
@ -266,9 +283,17 @@ public class VerifyZone
public static void execute(CLIState state) throws Exception public static void execute(CLIState state) throws Exception
{ {
List keypairs = getTrustedKeys(state.keyfiles, state.keydir);
List records = ZoneUtils.readZoneFile(state.zonefile, null); List records = ZoneUtils.readZoneFile(state.zonefile, null);
List keypairs = null;
if (state.keyfiles != null)
{
keypairs = getTrustedKeys(state.keyfiles, state.keydir);
}
else
{
keypairs = getTrustedKeysFromZone(records);
}
Collections.sort(records, new RecordComparator()); Collections.sort(records, new RecordComparator());
log.fine("verifying signatures..."); log.fine("verifying signatures...");

View File

@ -100,6 +100,13 @@ public class DnsKeyPair
setPrivateKeyString(privateKeyString); setPrivateKeyString(privateKeyString);
} }
public DnsKeyPair(DNSKEYRecord keyRecord)
{
this();
setDNSKEYRecord(keyRecord);
setPrivateKeyString(null);
}
public DnsKeyPair(Name keyName, int algorithm, PublicKey publicKey, public DnsKeyPair(Name keyName, int algorithm, PublicKey publicKey,
PrivateKey privateKey) PrivateKey privateKey)
{ {

View File

@ -29,7 +29,6 @@ import java.util.*;
import java.util.logging.Logger; import java.util.logging.Logger;
import org.xbill.DNS.*; import org.xbill.DNS.*;
import org.xbill.DNS.utils.base16;
import org.xbill.DNS.utils.base64; import org.xbill.DNS.utils.base64;
/** /**