diff --git a/src/com/verisignlabs/dnssec/cl/DSTool.java b/src/com/verisignlabs/dnssec/cl/DSTool.java index 6750e9d..b07da9e 100644 --- a/src/com/verisignlabs/dnssec/cl/DSTool.java +++ b/src/com/verisignlabs/dnssec/cl/DSTool.java @@ -21,6 +21,7 @@ package com.verisignlabs.dnssec.cl; import java.io.FileWriter; import java.io.PrintWriter; +import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.Logger; @@ -30,9 +31,7 @@ import org.xbill.DNS.DNSKEYRecord; import org.xbill.DNS.DSRecord; import org.xbill.DNS.Record; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.SignUtils; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC DS/DLV generator @@ -101,17 +100,28 @@ public class DSTool if (cli.hasOption('h')) usage(); + Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; - case 5: + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); + case 5: rootLogger.setLevel(Level.FINE); break; case 6: @@ -119,6 +129,12 @@ public class DSTool break; } } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); + } outputfile = cli.getOptionValue('f'); createDLV = cli.hasOption("dlv"); diff --git a/src/com/verisignlabs/dnssec/cl/KeyGen.java b/src/com/verisignlabs/dnssec/cl/KeyGen.java index 727ebaf..2d8a871 100644 --- a/src/com/verisignlabs/dnssec/cl/KeyGen.java +++ b/src/com/verisignlabs/dnssec/cl/KeyGen.java @@ -21,6 +21,7 @@ package com.verisignlabs.dnssec.cl; import java.io.File; import java.io.PrintWriter; +import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.Logger; @@ -29,10 +30,7 @@ import org.xbill.DNS.DClass; import org.xbill.DNS.DNSKEYRecord; import org.xbill.DNS.Name; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyAlgorithm; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC key generator @@ -141,17 +139,28 @@ public class KeyGen if (cli.hasOption('h')) usage(); + Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; - case 5: + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); + case 5: rootLogger.setLevel(Level.FINE); break; case 6: @@ -159,6 +168,12 @@ public class KeyGen break; } } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); + } if (cli.hasOption('k')) kskFlag = true; diff --git a/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java b/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java index 01c52c1..9d3cac4 100644 --- a/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java +++ b/src/com/verisignlabs/dnssec/cl/KeyInfoTool.java @@ -22,15 +22,14 @@ package com.verisignlabs.dnssec.cl; import java.io.PrintWriter; import java.security.interfaces.DSAPublicKey; import java.security.interfaces.RSAPublicKey; +import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.Logger; import org.apache.commons.cli.*; import org.xbill.DNS.DNSKEYRecord; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyAlgorithm; -import com.verisignlabs.dnssec.security.DnsKeyPair; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a key introspection tool. @@ -92,17 +91,28 @@ public class KeyInfoTool if (cli.hasOption('h')) usage(); + Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; - case 5: + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); + case 5: rootLogger.setLevel(Level.FINE); break; case 6: @@ -110,6 +120,12 @@ public class KeyInfoTool break; } } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); + } String[] optstrs; if ((optstrs = cli.getOptionValues('A')) != null) diff --git a/src/com/verisignlabs/dnssec/cl/SignKeyset.java b/src/com/verisignlabs/dnssec/cl/SignKeyset.java index b7c8048..438c1e9 100644 --- a/src/com/verisignlabs/dnssec/cl/SignKeyset.java +++ b/src/com/verisignlabs/dnssec/cl/SignKeyset.java @@ -48,12 +48,7 @@ import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.DnsSecVerifier; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import com.verisignlabs.dnssec.security.SignUtils; -import com.verisignlabs.dnssec.security.ZoneUtils; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC keyset signer. @@ -136,28 +131,40 @@ public class SignKeyset { String optstr = null; if (cli.hasOption('h')) usage(); - if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); - - switch (value) { + Logger rootLogger = Logger.getLogger(""); + if (cli.hasOption('v')) + { + int value = parseInt(cli.getOptionValue('v'), -1); + switch (value) + { case 0: - rootLogger.setLevel(Level.OFF); - break; - case 4: + rootLogger.setLevel(Level.OFF); + break; + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: - rootLogger.setLevel(Level.INFO); - break; + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); case 5: - rootLogger.setLevel(Level.FINE); - break; + rootLogger.setLevel(Level.FINE); + break; case 6: - rootLogger.setLevel(Level.ALL); - break; - } - Handler[] handlers = rootLogger.getHandlers(); - for (int i = 0; i < handlers.length; i++) - handlers[i].setLevel(rootLogger.getLevel()); + rootLogger.setLevel(Level.ALL); + break; + } + } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); } if (cli.hasOption('a')) verifySigs = true; diff --git a/src/com/verisignlabs/dnssec/cl/SignRRset.java b/src/com/verisignlabs/dnssec/cl/SignRRset.java index 684c93e..00d0c4e 100644 --- a/src/com/verisignlabs/dnssec/cl/SignRRset.java +++ b/src/com/verisignlabs/dnssec/cl/SignRRset.java @@ -47,12 +47,7 @@ import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.DnsSecVerifier; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import com.verisignlabs.dnssec.security.SignUtils; -import com.verisignlabs.dnssec.security.ZoneUtils; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC RRset signer. @@ -137,28 +132,40 @@ public class SignRRset { String optstr = null; if (cli.hasOption('h')) usage(); - if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); - - switch (value) { + Logger rootLogger = Logger.getLogger(""); + if (cli.hasOption('v')) + { + int value = parseInt(cli.getOptionValue('v'), -1); + switch (value) + { case 0: - rootLogger.setLevel(Level.OFF); - break; - case 4: + rootLogger.setLevel(Level.OFF); + break; + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: - rootLogger.setLevel(Level.INFO); - break; + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); case 5: - rootLogger.setLevel(Level.FINE); - break; + rootLogger.setLevel(Level.FINE); + break; case 6: - rootLogger.setLevel(Level.ALL); - break; - } - Handler[] handlers = rootLogger.getHandlers(); - for (int i = 0; i < handlers.length; i++) - handlers[i].setLevel(rootLogger.getLevel()); + rootLogger.setLevel(Level.ALL); + break; + } + } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); } if (cli.hasOption('a')) verifySigs = true; diff --git a/src/com/verisignlabs/dnssec/cl/SignZone.java b/src/com/verisignlabs/dnssec/cl/SignZone.java index 5b68fa0..510b397 100644 --- a/src/com/verisignlabs/dnssec/cl/SignZone.java +++ b/src/com/verisignlabs/dnssec/cl/SignZone.java @@ -55,13 +55,7 @@ import org.xbill.DNS.TextParseException; import org.xbill.DNS.Type; import org.xbill.DNS.utils.base16; -import com.verisignlabs.dnssec.security.BINDKeyUtils; -import com.verisignlabs.dnssec.security.DnsKeyAlgorithm; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.DnsSecVerifier; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import com.verisignlabs.dnssec.security.SignUtils; -import com.verisignlabs.dnssec.security.ZoneUtils; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC zone signer. @@ -120,11 +114,12 @@ public class SignZone "sign the zone apex keyset with all available keys."); opts.addOption("V", "verbose-signing", false, "Display verbose signing activity."); + // Argument options OptionBuilder.hasOptionalArg(); OptionBuilder.withLongOpt("verbose"); OptionBuilder.withArgName("level"); - OptionBuilder.withDescription("verbosity level."); - // Argument options + OptionBuilder.withDescription("verbosity level -- 0 is silence, 3 is info, " + + "5 is debug information, 6 is trace information. default is level 2 (warning)"); opts.addOption(OptionBuilder.create('v')); OptionBuilder.hasArg(); @@ -221,20 +216,27 @@ public class SignZone if (cli.hasOption('h')) usage(); + Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); - + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; - case 4: + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: rootLogger.setLevel(Level.INFO); break; + case 4: + rootLogger.setLevel(Level.CONFIG); case 5: rootLogger.setLevel(Level.FINE); break; @@ -242,16 +244,19 @@ public class SignZone rootLogger.setLevel(Level.ALL); break; } - Handler[] handlers = rootLogger.getHandlers(); - for (int i = 0; i < handlers.length; i++) - handlers[i].setLevel(rootLogger.getLevel()); + } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); } if (cli.hasOption('a')) verifySigs = true; if (cli.hasOption('3')) useNsec3 = true; if (cli.hasOption('O')) useOptOut = true; if (cli.hasOption('V')) verboseSigning = true; - + if (useOptOut && !useNsec3) { System.err.println("Opt-Out not supported without NSEC3 -- ignored."); diff --git a/src/com/verisignlabs/dnssec/cl/VerifyZone.java b/src/com/verisignlabs/dnssec/cl/VerifyZone.java index ba3fd5b..975362c 100644 --- a/src/com/verisignlabs/dnssec/cl/VerifyZone.java +++ b/src/com/verisignlabs/dnssec/cl/VerifyZone.java @@ -23,7 +23,6 @@ import java.io.PrintWriter; import java.util.List; import java.util.logging.Handler; import java.util.logging.Level; -import java.util.logging.LogRecord; import java.util.logging.Logger; import org.apache.commons.cli.AlreadySelectedException; @@ -35,9 +34,7 @@ import org.apache.commons.cli.Options; import org.apache.commons.cli.PosixParser; import org.apache.commons.cli.UnrecognizedOptionException; -import com.verisignlabs.dnssec.security.DnsKeyAlgorithm; -import com.verisignlabs.dnssec.security.ZoneUtils; -import com.verisignlabs.dnssec.security.ZoneVerifier; +import com.verisignlabs.dnssec.security.*; /** * This class forms the command line implementation of a DNSSEC zone validator. @@ -50,25 +47,6 @@ public class VerifyZone { private static Logger log; - // A log formatter that strips away all of the noise that the default - // SimpleFormatter has - private static class MyLogFormatter extends java.util.logging.Formatter - { - @Override - public String format(LogRecord arg0) - { - StringBuilder out = new StringBuilder(); - String lvl = arg0.getLevel().getName(); - - out.append(lvl); - out.append(": "); - out.append(arg0.getMessage()); - out.append("\n"); - - return out.toString(); - } - } - /** * This is a small inner class used to hold all of the command line option * state. @@ -103,8 +81,8 @@ public class VerifyZone OptionBuilder.hasOptionalArg(); OptionBuilder.withLongOpt("verbose"); OptionBuilder.withArgName("level"); - OptionBuilder.withDescription("verbosity level -- 0 is silence, " - + "5 is debug information, 6 is trace information. default is level 5."); + OptionBuilder.withDescription("verbosity level -- 0 is silence, 3 is info, " + + "5 is debug information, 6 is trace information. default is level 2 (warning)"); opts.addOption(OptionBuilder.create('v')); OptionBuilder.hasArg(); @@ -141,17 +119,25 @@ public class VerifyZone Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 1); + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: + default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: rootLogger.setLevel(Level.INFO); break; + case 4: + rootLogger.setLevel(Level.CONFIG); case 5: - default: rootLogger.setLevel(Level.FINE); break; case 6: @@ -163,7 +149,7 @@ public class VerifyZone for (Handler h : rootLogger.getHandlers()) { h.setLevel(rootLogger.getLevel()); - h.setFormatter(new MyLogFormatter()); + h.setFormatter(new BareLogFormatter()); } if (cli.hasOption('m')) diff --git a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java index 8b56b69..99d9de9 100644 --- a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java +++ b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java @@ -33,6 +33,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.security.NoSuchAlgorithmException; import java.util.*; +import java.util.logging.Handler; import java.util.logging.Level; import java.util.logging.Logger; @@ -41,6 +42,7 @@ import org.xbill.DNS.*; import org.xbill.DNS.Options; import org.xbill.DNS.utils.base32; +import com.verisignlabs.dnssec.security.BareLogFormatter; import com.verisignlabs.dnssec.security.RecordComparator; /** @@ -82,17 +84,28 @@ public class ZoneFormat if (cli.hasOption('m')) Options.set("multiline"); if (cli.hasOption('N')) assignNSEC3 = true; + Logger rootLogger = Logger.getLogger(""); if (cli.hasOption('v')) { - int value = parseInt(cli.getOptionValue('v'), 5); - Logger rootLogger = Logger.getLogger(""); + int value = parseInt(cli.getOptionValue('v'), -1); switch (value) { case 0: rootLogger.setLevel(Level.OFF); break; - case 5: + case 1: + rootLogger.setLevel(Level.SEVERE); + break; + case 2: default: + rootLogger.setLevel(Level.WARNING); + break; + case 3: + rootLogger.setLevel(Level.INFO); + break; + case 4: + rootLogger.setLevel(Level.CONFIG); + case 5: rootLogger.setLevel(Level.FINE); break; case 6: @@ -100,6 +113,12 @@ public class ZoneFormat break; } } + // I hate java.util.logging, btw. + for (Handler h : rootLogger.getHandlers()) + { + h.setLevel(rootLogger.getLevel()); + h.setFormatter(new BareLogFormatter()); + } String[] cl_args = cli.getArgs(); diff --git a/src/com/verisignlabs/dnssec/security/BareLogFormatter.java b/src/com/verisignlabs/dnssec/security/BareLogFormatter.java new file mode 100644 index 0000000..71297e5 --- /dev/null +++ b/src/com/verisignlabs/dnssec/security/BareLogFormatter.java @@ -0,0 +1,24 @@ +package com.verisignlabs.dnssec.security; + +import java.util.logging.LogRecord; + +/** + * This is a very simple log formatter that simply outputs the log level and log + * string. + */ +public class BareLogFormatter extends java.util.logging.Formatter +{ + @Override + public String format(LogRecord arg0) + { + StringBuilder out = new StringBuilder(); + String lvl = arg0.getLevel().getName(); + + out.append(lvl); + out.append(": "); + out.append(arg0.getMessage()); + out.append("\n"); + + return out.toString(); + } +} \ No newline at end of file diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java index 53f46df..fad7ec6 100644 --- a/src/com/verisignlabs/dnssec/security/SignUtils.java +++ b/src/com/verisignlabs/dnssec/security/SignUtils.java @@ -855,13 +855,7 @@ public class SignUtils proto_nsec3s); List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl); - // DEBUG - // for (Iterator i = nsec3s.iterator(); i.hasNext();) - // { - // NSEC3Record nsec3 = (NSEC3Record) i.next(); - // log.fine("NSEC3: " + nsec3 + "\nRDATA: " - // + base16.toString(nsec3.rdataToWireCanonical())); - // } + records.addAll(nsec3s); NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord( @@ -1121,7 +1115,6 @@ public class SignUtils { cur_nsec3 = (ProtoNSEC3) i.next(); - // log.fine("finishNSEC3s: processing " + cur_nsec3); // check to see if cur is a duplicate (by name) if (prev_nsec3 != null && Arrays.equals(prev_nsec3.getOwner(), cur_nsec3.getOwner())) diff --git a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java index 7827c24..3295b21 100644 --- a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java +++ b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java @@ -221,7 +221,12 @@ public class ZoneVerifier // Learn some things about the zone as we do this pass. if (r_type == Type.SOA) mZoneName = r_name; if (r_type == Type.NSEC3PARAM) mNSEC3params = (NSEC3PARAMRecord) r; - if (r_type == Type.DNSKEY) mVerifier.addTrustedKey((DNSKEYRecord) r); + if (r_type == Type.DNSKEY) { + DNSKEYRecord dnskey = (DNSKEYRecord) r; + mVerifier.addTrustedKey(dnskey); + log.info("Adding trusted key: " + dnskey + " ; keytag = " + + dnskey.getFootprint()); + } if (mDNSSECType == DNSSECType.UNSIGNED) mDNSSECType = determineDNSSECType(r); }