diff --git a/ChangeLog b/ChangeLog index 4caaba7..692bb49 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2011-02-12 David Blacka + * Use Java 1.5 generic types when possible. DNSJava itself still + doesn't use them, so we have to suppress warnings when we use + RRset.rrs(), etc. * Update commons-cli to version 1.2. * Refactor all of the command line classes. A new command line base class has been created to eliminate much of the duplicated diff --git a/src/com/verisignlabs/dnssec/cl/SignKeyset.java b/src/com/verisignlabs/dnssec/cl/SignKeyset.java index ec7d201..552844e 100644 --- a/src/com/verisignlabs/dnssec/cl/SignKeyset.java +++ b/src/com/verisignlabs/dnssec/cl/SignKeyset.java @@ -25,12 +25,12 @@ import java.util.Date; import java.util.Iterator; import java.util.List; - import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.OptionBuilder; import org.apache.commons.cli.Options; import org.xbill.DNS.DNSSEC; import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; @@ -53,7 +53,7 @@ public class SignKeyset extends CLBase */ protected static class CLIState extends CLIStateBase { - public File keyDirectory = null; + public File keyDirectory = null; public String[] keyFiles = null; public Date start = null; public Date expire = null; @@ -99,7 +99,8 @@ public class SignKeyset extends CLBase opts.addOption(OptionBuilder.create('f')); } - protected void processOptions(CommandLine cli) throws org.apache.commons.cli.ParseException + protected void processOptions(CommandLine cli) + throws org.apache.commons.cli.ParseException { String optstr = null; @@ -164,25 +165,24 @@ public class SignKeyset extends CLBase * a list of keypairs used the sign the zone. * @return true if all of the signatures validated. */ - private static boolean verifySigs(Name zonename, List records, List keypairs) + private static boolean verifySigs(Name zonename, List records, + List keypairs) { boolean secure = true; DnsSecVerifier verifier = new DnsSecVerifier(); - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - verifier.addTrustedKey((DnsKeyPair) i.next()); + verifier.addTrustedKey(pair); } verifier.setVerifyAllSigs(true); - List rrsets = SignUtils.assembleIntoRRsets(records); + List rrsets = SignUtils.assembleIntoRRsets(records); - for (Iterator i = rrsets.iterator(); i.hasNext();) + for (RRset rrset : rrsets) { - RRset rrset = (RRset) i.next(); - // skip unsigned rrsets. if (!rrset.sigs().hasNext()) continue; @@ -211,15 +211,15 @@ public class SignKeyset extends CLBase * the directory to look in (may be null). * @return a list of keypair objects. */ - private static List getKeys(String[] keyfiles, int start_index, File inDirectory) - throws IOException + private static List getKeys(String[] keyfiles, int start_index, + File inDirectory) throws IOException { if (keyfiles == null) return null; int len = keyfiles.length - start_index; if (len <= 0) return null; - ArrayList keys = new ArrayList(len); + ArrayList keys = new ArrayList(len); for (int i = start_index; i < keyfiles.length; i++) { @@ -248,7 +248,8 @@ public class SignKeyset extends CLBase } } - private static List findZoneKeys(File inDirectory, Name zonename) throws IOException + private static List findZoneKeys(File inDirectory, Name zonename) + throws IOException { if (inDirectory == null) { @@ -260,7 +261,7 @@ public class SignKeyset extends CLBase File[] files = inDirectory.listFiles(filter); // read in all of the records - ArrayList keys = new ArrayList(); + ArrayList keys = new ArrayList(); for (int i = 0; i < files.length; i++) { DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(), inDirectory); @@ -271,10 +272,11 @@ public class SignKeyset extends CLBase return null; } + @SuppressWarnings("unchecked") public void execute() throws Exception { // Read in the zone - List records = ZoneUtils.readZoneFile(state.inputfile, null); + List records = ZoneUtils.readZoneFile(state.inputfile, null); if (records == null || records.size() == 0) { System.err.println("error: empty keyset file"); @@ -284,9 +286,9 @@ public class SignKeyset extends CLBase // Make sure that all records are DNSKEYs with the same name. Name keysetName = null; RRset keyset = new RRset(); - for (Iterator i = records.iterator(); i.hasNext();) + + for (Record r : records) { - Record r = (Record) i.next(); if (r.getType() != Type.DNSKEY) { System.err.println("error: Non DNSKEY RR found in keyset: " + r); @@ -311,7 +313,7 @@ public class SignKeyset extends CLBase } // Load the key pairs. - List keypairs = getKeys(state.keyFiles, 0, state.keyDirectory); + List keypairs = getKeys(state.keyFiles, 0, state.keyDirectory); // If we *still* don't have any key pairs, look for keys the key // directory @@ -343,26 +345,24 @@ public class SignKeyset extends CLBase JCEDnsSecSigner signer = new JCEDnsSecSigner(); - List sigs = signer.signRRset(keyset, keypairs, state.start, state.expire); - for (Iterator i = sigs.iterator(); i.hasNext();) + List sigs = signer.signRRset(keyset, keypairs, state.start, state.expire); + for (RRSIGRecord s : sigs) { - keyset.addRR((Record) i.next()); + keyset.addRR(s); } // write out the signed RRset - List signed_records = new ArrayList(); - for (Iterator i = keyset.rrs(); i.hasNext();) + List signed_records = new ArrayList(); + for (Iterator i = keyset.rrs(); i.hasNext();) { signed_records.add(i.next()); } - for (Iterator i = keyset.sigs(); i.hasNext();) + for (Iterator i = keyset.sigs(); i.hasNext();) { signed_records.add(i.next()); } // write out the signed zone - // force multiline mode for now - org.xbill.DNS.Options.set("multiline"); ZoneUtils.writeZoneFile(signed_records, state.outputfile); if (state.verifySigs) @@ -388,7 +388,7 @@ public class SignKeyset extends CLBase { SignKeyset tool = new SignKeyset(); tool.state = new CLIState(); - + tool.run(tool.state, args); } } diff --git a/src/com/verisignlabs/dnssec/cl/SignRRset.java b/src/com/verisignlabs/dnssec/cl/SignRRset.java index ca80344..e27ae8d 100644 --- a/src/com/verisignlabs/dnssec/cl/SignRRset.java +++ b/src/com/verisignlabs/dnssec/cl/SignRRset.java @@ -30,6 +30,7 @@ import org.apache.commons.cli.Options; import org.xbill.DNS.DNSSEC; import org.xbill.DNS.Name; +import org.xbill.DNS.RRSIGRecord; import org.xbill.DNS.RRset; import org.xbill.DNS.Record; import org.xbill.DNS.Type; @@ -164,25 +165,23 @@ public class SignRRset extends CLBase * a list of keypairs used the sign the zone. * @return true if all of the signatures validated. */ - private static boolean verifySigs(Name zonename, List records, List keypairs) + private static boolean verifySigs(Name zonename, List records, List keypairs) { boolean secure = true; DnsSecVerifier verifier = new DnsSecVerifier(); - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - verifier.addTrustedKey((DnsKeyPair) i.next()); + verifier.addTrustedKey(pair); } verifier.setVerifyAllSigs(true); - List rrsets = SignUtils.assembleIntoRRsets(records); + List rrsets = SignUtils.assembleIntoRRsets(records); - for (Iterator i = rrsets.iterator(); i.hasNext();) + for (RRset rrset : rrsets) { - RRset rrset = (RRset) i.next(); - // skip unsigned rrsets. if (!rrset.sigs().hasNext()) continue; @@ -230,10 +229,11 @@ public class SignRRset extends CLBase return keys; } + @SuppressWarnings("unchecked") public void execute() throws Exception { // Read in the zone - List records = ZoneUtils.readZoneFile(state.inputfile, null); + List records = ZoneUtils.readZoneFile(state.inputfile, null); if (records == null || records.size() == 0) { System.err.println("error: empty RRset file"); @@ -242,10 +242,9 @@ public class SignRRset extends CLBase // Construct the RRset. Complain if the records in the input file // consist of more than one RRset. RRset rrset = null; - for (Iterator i = records.iterator(); i.hasNext();) - { - Record r = (Record) i.next(); + for (Record r : records) + { // skip RRSIGs if (r.getType() == Type.RRSIG || r.getType() == Type.SIG) { @@ -314,19 +313,19 @@ public class SignRRset extends CLBase JCEDnsSecSigner signer = new JCEDnsSecSigner(); - List sigs = signer.signRRset(rrset, keypairs, state.start, state.expire); - for (Iterator i = sigs.iterator(); i.hasNext();) + List sigs = signer.signRRset(rrset, keypairs, state.start, state.expire); + for (RRSIGRecord s : sigs) { - rrset.addRR((Record) i.next()); + rrset.addRR(s); } // write out the signed RRset - List signed_records = new ArrayList(); - for (Iterator i = rrset.rrs(); i.hasNext();) + List signed_records = new ArrayList(); + for (Iterator i = rrset.rrs(); i.hasNext();) { signed_records.add(i.next()); } - for (Iterator i = rrset.sigs(); i.hasNext();) + for (Iterator i = rrset.sigs(); i.hasNext();) { signed_records.add(i.next()); } diff --git a/src/com/verisignlabs/dnssec/cl/SignZone.java b/src/com/verisignlabs/dnssec/cl/SignZone.java index 45b971b..87700ca 100644 --- a/src/com/verisignlabs/dnssec/cl/SignZone.java +++ b/src/com/verisignlabs/dnssec/cl/SignZone.java @@ -64,24 +64,24 @@ public class SignZone extends CLBase */ private static class CLIState extends CLIStateBase { - public File keyDirectory = null; - public File keysetDirectory = null; - public String[] kskFiles = null; - public String[] keyFiles = null; - public String zonefile = null; - public Date start = null; - public Date expire = null; - public String outputfile = null; - public boolean verifySigs = false; - public boolean useOptOut = false; - public boolean fullySignKeyset = false; - public List includeNames = null; - public boolean useNsec3 = false; - public byte[] salt = null; - public int iterations = 0; - public int digest_id = DSRecord.SHA1_DIGEST_ID; - public long nsec3paramttl = -1; - public boolean verboseSigning = false; + public File keyDirectory = null; + public File keysetDirectory = null; + public String[] kskFiles = null; + public String[] keyFiles = null; + public String zonefile = null; + public Date start = null; + public Date expire = null; + public String outputfile = null; + public boolean verifySigs = false; + public boolean useOptOut = false; + public boolean fullySignKeyset = false; + public List includeNames = null; + public boolean useNsec3 = false; + public byte[] salt = null; + public int iterations = 0; + public int digest_id = DSRecord.SHA1_DIGEST_ID; + public long nsec3paramttl = -1; + public boolean verboseSigning = false; public CLIState() { @@ -176,8 +176,7 @@ public class SignZone extends CLBase protected void processOptions(CommandLine cli) throws ParseException { - String optstr; - String[] optstrs; + String optstr = null; if (cli.hasOption('a')) verifySigs = true; if (cli.hasOption('3')) useNsec3 = true; @@ -323,25 +322,24 @@ public class SignZone extends CLBase * a list of keypairs used the sign the zone. * @return true if all of the signatures validated. */ - private static boolean verifyZoneSigs(Name zonename, List records, List keypairs) + private static boolean verifyZoneSigs(Name zonename, List records, + List keypairs) { boolean secure = true; DnsSecVerifier verifier = new DnsSecVerifier(); - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - verifier.addTrustedKey((DnsKeyPair) i.next()); + verifier.addTrustedKey(pair); } verifier.setVerifyAllSigs(true); - List rrsets = SignUtils.assembleIntoRRsets(records); + List rrsets = SignUtils.assembleIntoRRsets(records); - for (Iterator i = rrsets.iterator(); i.hasNext();) + for (RRset rrset : rrsets) { - RRset rrset = (RRset) i.next(); - // skip unsigned rrsets. if (!rrset.sigs().hasNext()) continue; @@ -371,15 +369,15 @@ public class SignZone extends CLBase * the directory to look in (may be null). * @return a list of keypair objects. */ - private static List getKeys(String[] keyfiles, int start_index, File inDirectory) - throws IOException + private static List getKeys(String[] keyfiles, int start_index, + File inDirectory) throws IOException { if (keyfiles == null) return null; int len = keyfiles.length - start_index; if (len <= 0) return null; - ArrayList keys = new ArrayList(len); + ArrayList keys = new ArrayList(len); for (int i = start_index; i < keyfiles.length; i++) { @@ -390,14 +388,17 @@ public class SignZone extends CLBase return keys; } - private static List getKeys(List dnskeyrrs, File inDirectory) throws IOException + private static List getKeys(List dnskeyrrs, File inDirectory) + throws IOException { - List res = new ArrayList(); - for (Iterator i = dnskeyrrs.iterator(); i.hasNext();) + List res = new ArrayList(); + for (Record r : dnskeyrrs) { + if (r.getType() != Type.DNSKEY) continue; + // Construct a public-key-only DnsKeyPair just so we can calculate the // base name. - DnsKeyPair pub = new DnsKeyPair((DNSKEYRecord) i.next()); + DnsKeyPair pub = new DnsKeyPair((DNSKEYRecord) r); DnsKeyPair pair = BINDKeyUtils.loadKeyPair(BINDKeyUtils.keyFileBase(pub), inDirectory); if (pair != null) @@ -428,7 +429,8 @@ public class SignZone extends CLBase } } - private static List findZoneKeys(File inDirectory, Name zonename) throws IOException + private static List findZoneKeys(File inDirectory, Name zonename) + throws IOException { if (inDirectory == null) { @@ -440,7 +442,7 @@ public class SignZone extends CLBase File[] files = inDirectory.listFiles(filter); // read in all of the records - ArrayList keys = new ArrayList(); + ArrayList keys = new ArrayList(); for (int i = 0; i < files.length; i++) { DnsKeyPair p = BINDKeyUtils.loadKeyPair(files[i].getName(), inDirectory); @@ -480,7 +482,8 @@ public class SignZone extends CLBase * @return a list of {@link org.xbill.DNS.Record}s found in the keyset * files. */ - private static List getKeysets(File inDirectory, Name zonename) throws IOException + private static List getKeysets(File inDirectory, Name zonename) + throws IOException { if (inDirectory == null) { @@ -492,17 +495,17 @@ public class SignZone extends CLBase File[] files = inDirectory.listFiles(filter); // read in all of the records - ArrayList keysetRecords = new ArrayList(); + ArrayList keysetRecords = new ArrayList(); for (int i = 0; i < files.length; i++) { - List l = ZoneUtils.readZoneFile(files[i].getAbsolutePath(), zonename); + List l = ZoneUtils.readZoneFile(files[i].getAbsolutePath(), zonename); keysetRecords.addAll(l); } // discard records that do not belong to the zone in question. - for (Iterator i = keysetRecords.iterator(); i.hasNext();) + for (Iterator i = keysetRecords.iterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); if (!r.getName().subdomain(zonename)) { i.remove(); @@ -519,10 +522,10 @@ public class SignZone extends CLBase * the path of a file containing a bare list of DNS names. * @return a list of {@link org.xbill.DNS.Name} objects. */ - private static List getNameList(File nameListFile) throws IOException + private static List getNameList(File nameListFile) throws IOException { BufferedReader br = new BufferedReader(new FileReader(nameListFile)); - List res = new ArrayList(); + List res = new ArrayList(); String line = null; while ((line = br.readLine()) != null) @@ -559,13 +562,12 @@ public class SignZone extends CLBase * zone. * @return true if the keypairs valid. */ - private static boolean keyPairsValidForZone(Name zonename, List keypairs) + private static boolean keyPairsValidForZone(Name zonename, List keypairs) { if (keypairs == null) return true; // technically true, I guess. - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair kp : keypairs) { - DnsKeyPair kp = (DnsKeyPair) i.next(); Name keyname = kp.getDNSKEYRecord().getName(); if (!keyname.equals(zonename)) { @@ -579,7 +581,7 @@ public class SignZone extends CLBase public void execute() throws Exception { // Read in the zone - List records = ZoneUtils.readZoneFile(state.zonefile, null); + List records = ZoneUtils.readZoneFile(state.zonefile, null); if (records == null || records.size() == 0) { System.err.println("error: empty zone file"); @@ -596,14 +598,14 @@ public class SignZone extends CLBase // Load the key pairs. - List keypairs = getKeys(state.keyFiles, 0, state.keyDirectory); - List kskpairs = getKeys(state.kskFiles, 0, state.keyDirectory); + List keypairs = getKeys(state.keyFiles, 0, state.keyDirectory); + List kskpairs = getKeys(state.kskFiles, 0, state.keyDirectory); // If we didn't get any keys on the command line, look at the zone apex for // any public keys. if (keypairs == null && kskpairs == null) { - List dnskeys = ZoneUtils.findRRs(records, zonename, Type.DNSKEY); + List dnskeys = ZoneUtils.findRRs(records, zonename, Type.DNSKEY); keypairs = getKeys(dnskeys, state.keyDirectory); } @@ -621,13 +623,13 @@ public class SignZone extends CLBase if ((kskpairs == null || kskpairs.size() == 0) && keypairs != null && keypairs.size() > 1) { - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (Iterator i = keypairs.iterator(); i.hasNext();) { - DnsKeyPair pair = (DnsKeyPair) i.next(); + DnsKeyPair pair = i.next(); DNSKEYRecord kr = pair.getDNSKEYRecord(); if ((kr.getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0) { - if (kskpairs == null) kskpairs = new ArrayList(); + if (kskpairs == null) kskpairs = new ArrayList(); kskpairs.add(pair); i.remove(); } @@ -674,21 +676,21 @@ public class SignZone extends CLBase // removes duplicate records. if (kskpairs != null) { - for (Iterator i = kskpairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : kskpairs) { - records.add(((DnsKeyPair) i.next()).getDNSKEYRecord()); + records.add(pair.getDNSKEYRecord()); } } if (keypairs != null) { - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - records.add(((DnsKeyPair) i.next()).getDNSKEYRecord()); + records.add(pair.getDNSKEYRecord()); } } // read in the keysets, if any. - List keysetrecs = getKeysets(state.keysetDirectory, zonename); + List keysetrecs = getKeysets(state.keysetDirectory, zonename); if (keysetrecs != null) { records.addAll(keysetrecs); @@ -697,7 +699,7 @@ public class SignZone extends CLBase JCEDnsSecSigner signer = new JCEDnsSecSigner(state.verboseSigning); // Sign the zone. - List signed_records; + List signed_records; if (state.useNsec3) { diff --git a/src/com/verisignlabs/dnssec/cl/VerifyZone.java b/src/com/verisignlabs/dnssec/cl/VerifyZone.java index 35a958e..a203e71 100644 --- a/src/com/verisignlabs/dnssec/cl/VerifyZone.java +++ b/src/com/verisignlabs/dnssec/cl/VerifyZone.java @@ -22,6 +22,7 @@ import java.util.List; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.OptionBuilder; import org.apache.commons.cli.Options; +import org.xbill.DNS.Record; import com.verisignlabs.dnssec.security.ZoneUtils; import com.verisignlabs.dnssec.security.ZoneVerifier; @@ -126,7 +127,7 @@ public class VerifyZone extends CLBase zoneverifier.getVerifier().setExpireFudge(state.expirefudge); zoneverifier.getVerifier().setIgnoreTime(state.ignoreTime); - List records = ZoneUtils.readZoneFile(state.zonefile, null); + List records = ZoneUtils.readZoneFile(state.zonefile, null); log.fine("verifying zone..."); int errors = zoneverifier.verifyZone(records); diff --git a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java index 594171c..f6d57d6 100644 --- a/src/com/verisignlabs/dnssec/cl/ZoneFormat.java +++ b/src/com/verisignlabs/dnssec/cl/ZoneFormat.java @@ -18,16 +18,23 @@ package com.verisignlabs.dnssec.cl; import java.io.IOException; -import java.io.PrintWriter; import java.security.NoSuchAlgorithmException; -import java.util.*; -import java.util.logging.Handler; -import java.util.logging.Level; -import java.util.logging.Logger; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; -import org.apache.commons.cli.*; +import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Options; -import org.xbill.DNS.*; +import org.apache.commons.cli.ParseException; +import org.xbill.DNS.Master; +import org.xbill.DNS.NSEC3PARAMRecord; +import org.xbill.DNS.NSEC3Record; +import org.xbill.DNS.Name; +import org.xbill.DNS.Record; +import org.xbill.DNS.Section; +import org.xbill.DNS.Type; import org.xbill.DNS.utils.base32; import com.verisignlabs.dnssec.security.RecordComparator; @@ -80,11 +87,11 @@ public class ZoneFormat extends CLBase } } - private static List readZoneFile(String filename) throws IOException + private static List readZoneFile(String filename) throws IOException { Master master = new Master(filename); - List res = new ArrayList(); + List res = new ArrayList(); Record r = null; while ((r = master.nextRecord()) != null) @@ -99,21 +106,21 @@ public class ZoneFormat extends CLBase return res; } - private static void formatZone(List zone) + private static void formatZone(List zone) { // Put the zone into a consistent (name and RR type) order. RecordComparator cmp = new RecordComparator(); Collections.sort(zone, cmp); - for (Iterator i = zone.iterator(); i.hasNext();) + for (Record r : zone) { - Record r = (Record) i.next(); System.out.println(r.toString()); } } - private static void determineNSEC3Owners(List zone) throws NoSuchAlgorithmException + private static void determineNSEC3Owners(List zone) + throws NoSuchAlgorithmException { // Put the zone into a consistent (name and RR type) order. Collections.sort(zone, new RecordComparator()); @@ -121,12 +128,11 @@ public class ZoneFormat extends CLBase // first, find the NSEC3PARAM record -- this is an inefficient linear // search. NSEC3PARAMRecord nsec3param = null; - HashMap map = new HashMap(); + HashMap map = new HashMap(); base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, true); - for (Iterator i = zone.iterator(); i.hasNext();) + for (Record r : zone) { - Record r = (Record) i.next(); if (r.getType() == Type.NSEC3PARAM) { nsec3param = (NSEC3PARAMRecord) r; @@ -139,9 +145,8 @@ public class ZoneFormat extends CLBase // Next pass, calculate a mapping between ownernames and hashnames Name last_name = null; - for (Iterator i = zone.iterator(); i.hasNext();) + for (Record r : zone) { - Record r = (Record) i.next(); if (r.getName().equals(last_name)) continue; if (r.getType() == Type.NSEC3) continue; @@ -152,9 +157,9 @@ public class ZoneFormat extends CLBase } // Final pass, assign the names if we can - for (ListIterator i = zone.listIterator(); i.hasNext();) + for (ListIterator i = zone.listIterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); if (r.getType() != Type.NSEC3) continue; NSEC3Record nsec3 = (NSEC3Record) r; String hashname = nsec3.getName().getLabelString(0).toLowerCase(); @@ -171,7 +176,7 @@ public class ZoneFormat extends CLBase public void execute() throws IOException, NoSuchAlgorithmException { - List z = readZoneFile(state.file); + List z = readZoneFile(state.file); if (state.assignNSEC3) determineNSEC3Owners(z); formatZone(z); } @@ -180,7 +185,7 @@ public class ZoneFormat extends CLBase { ZoneFormat tool = new ZoneFormat(); tool.state = new CLIState(); - + tool.run(tool.state, args); } diff --git a/src/com/verisignlabs/dnssec/security/BareLogFormatter.java b/src/com/verisignlabs/dnssec/security/BareLogFormatter.java deleted file mode 100644 index 71297e5..0000000 --- a/src/com/verisignlabs/dnssec/security/BareLogFormatter.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.verisignlabs.dnssec.security; - -import java.util.logging.LogRecord; - -/** - * This is a very simple log formatter that simply outputs the log level and log - * string. - */ -public class BareLogFormatter extends java.util.logging.Formatter -{ - @Override - public String format(LogRecord arg0) - { - StringBuilder out = new StringBuilder(); - String lvl = arg0.getLevel().getName(); - - out.append(lvl); - out.append(": "); - out.append(arg0.getMessage()); - out.append("\n"); - - return out.toString(); - } -} \ No newline at end of file diff --git a/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java b/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java index 317b785..f8d5a1d 100644 --- a/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java +++ b/src/com/verisignlabs/dnssec/security/ByteArrayComparator.java @@ -30,7 +30,7 @@ import java.util.logging.Logger; * @author $Author$ * @version $Revision$ */ -public class ByteArrayComparator implements Comparator +public class ByteArrayComparator implements Comparator { private int mOffset = 0; private boolean mDebug = false; @@ -46,11 +46,8 @@ public class ByteArrayComparator implements Comparator mDebug = debug; } - public int compare(Object o1, Object o2) throws ClassCastException + public int compare(byte[] b1, byte[] b2) { - byte[] b1 = (byte[]) o1; - byte[] b2 = (byte[]) o2; - for (int i = mOffset; i < b1.length && i < b2.length; i++) { if (b1[i] != b2[i]) diff --git a/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java b/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java index 5991ea1..14920fd 100644 --- a/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java +++ b/src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java @@ -77,32 +77,32 @@ public class DnsKeyAlgorithm * This is a mapping of algorithm identifier to Entry. The Entry contains the * data needed to map the algorithm to the various crypto implementations. */ - private HashMap mAlgorithmMap; + private HashMap mAlgorithmMap; /** * This is a mapping of algorithm mnemonics to algorithm identifiers. */ - private HashMap mMnemonicToIdMap; + private HashMap mMnemonicToIdMap; /** * This is a mapping of identifiers to preferred mnemonic -- the preferred one * is the first defined one */ - private HashMap mIdToMnemonicMap; + private HashMap mIdToMnemonicMap; /** This is a cached key pair generator for RSA keys. */ - private KeyPairGenerator mRSAKeyGenerator; + private KeyPairGenerator mRSAKeyGenerator; /** This is a cache key pair generator for DSA keys. */ - private KeyPairGenerator mDSAKeyGenerator; + private KeyPairGenerator mDSAKeyGenerator; - private Logger log = Logger.getLogger(this.getClass().toString()); + private Logger log = Logger.getLogger(this.getClass().toString()); /** This is the global instance for this class. */ - private static DnsKeyAlgorithm mInstance = null; + private static DnsKeyAlgorithm mInstance = null; public DnsKeyAlgorithm() { - mAlgorithmMap = new HashMap(); - mMnemonicToIdMap = new HashMap(); - mIdToMnemonicMap = new HashMap(); + mAlgorithmMap = new HashMap(); + mMnemonicToIdMap = new HashMap(); + mIdToMnemonicMap = new HashMap(); // Load the standard DNSSEC algorithms. addAlgorithm(DNSSEC.RSAMD5, new Entry("MD5withRSA", RSA)); @@ -137,40 +137,34 @@ public class DnsKeyAlgorithm private void addAlgorithm(int algorithm, Entry entry) { - Integer a = new Integer(algorithm); - mAlgorithmMap.put(a, entry); + mAlgorithmMap.put(algorithm, entry); } private void addMnemonic(String m, int alg) { - Integer a = new Integer(alg); - mMnemonicToIdMap.put(m.toUpperCase(), a); - if (!mIdToMnemonicMap.containsKey(a)) + mMnemonicToIdMap.put(m.toUpperCase(), alg); + if (!mIdToMnemonicMap.containsKey(alg)) { - mIdToMnemonicMap.put(a, m); + mIdToMnemonicMap.put(alg, m); } } public void addAlias(int alias, String mnemonic, int original_algorithm) { - Integer a = new Integer(alias); - Integer o = new Integer(original_algorithm); - - if (mAlgorithmMap.containsKey(a)) + if (mAlgorithmMap.containsKey(alias)) { - log.warning("Unable to alias algorithm " + alias - + " because it already exists."); + log.warning("Unable to alias algorithm " + alias + " because it already exists."); return; } - if (!mAlgorithmMap.containsKey(o)) + if (!mAlgorithmMap.containsKey(original_algorithm)) { log.warning("Unable to alias algorith " + alias + " to unknown algorithm identifier " + original_algorithm); return; } - mAlgorithmMap.put(a, mAlgorithmMap.get(o)); + mAlgorithmMap.put(alias, mAlgorithmMap.get(original_algorithm)); if (mnemonic != null) { @@ -180,7 +174,7 @@ public class DnsKeyAlgorithm private Entry getEntry(int alg) { - return (Entry) mAlgorithmMap.get(new Integer(alg)); + return mAlgorithmMap.get(alg); } public Signature getSignature(int algorithm) @@ -196,8 +190,8 @@ public class DnsKeyAlgorithm } catch (NoSuchAlgorithmException e) { - log.severe("Unable to get signature implementation for algorithm " - + algorithm + ": " + e); + log.severe("Unable to get signature implementation for algorithm " + algorithm + + ": " + e); } return s; @@ -205,14 +199,14 @@ public class DnsKeyAlgorithm public int stringToAlgorithm(String s) { - Integer alg = (Integer) mMnemonicToIdMap.get(s.toUpperCase()); + Integer alg = mMnemonicToIdMap.get(s.toUpperCase()); if (alg != null) return alg.intValue(); return -1; } public String algToString(int algorithm) { - return (String) mIdToMnemonicMap.get(new Integer(algorithm)); + return mIdToMnemonicMap.get(algorithm); } public int baseType(int algorithm) @@ -257,13 +251,11 @@ public class DnsKeyAlgorithm RSAKeyGenParameterSpec rsa_spec; if (useLargeExp) { - rsa_spec = new RSAKeyGenParameterSpec(keysize, - RSAKeyGenParameterSpec.F4); + rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4); } else { - rsa_spec = new RSAKeyGenParameterSpec(keysize, - RSAKeyGenParameterSpec.F0); + rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0); } try { diff --git a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java index 31ab5fb..bd1120b 100644 --- a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java +++ b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java @@ -48,23 +48,23 @@ public class DnsSecVerifier implements Verifier private class TrustedKeyStore { - // for now, this is implemented as a hashtable of lists of + // for now, this is implemented as a hash table of lists of // DnsKeyPair objects (obviously, all of them will not have // private keys). - private HashMap mKeyMap; + private HashMap> mKeyMap; public TrustedKeyStore() { - mKeyMap = new HashMap(); + mKeyMap = new HashMap>(); } public void add(DnsKeyPair pair) { String n = pair.getDNSKEYName().toString().toLowerCase(); - List l = (List) mKeyMap.get(n); + List l = mKeyMap.get(n); if (l == null) { - l = new ArrayList(); + l = new ArrayList(); mKeyMap.put(n, l); } @@ -86,14 +86,13 @@ public class DnsSecVerifier implements Verifier public DnsKeyPair find(Name name, int algorithm, int keyid) { String n = name.toString().toLowerCase(); - List l = (List) mKeyMap.get(n); + List l = mKeyMap.get(n); if (l == null) return null; // FIXME: this algorithm assumes that name+alg+footprint is // unique, which isn't necessarily true. - for (Iterator i = l.iterator(); i.hasNext();) + for (DnsKeyPair p : l) { - DnsKeyPair p = (DnsKeyPair) i.next(); if (p.getDNSKEYAlgorithm() == algorithm && p.getDNSKEYFootprint() == keyid) { return p; @@ -158,6 +157,7 @@ public class DnsSecVerifier implements Verifier mIgnoreTime = v; } + @SuppressWarnings("unchecked") private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm, int footprint) { RRset[] keysets = cache.findAnyRecords(name, Type.KEY); @@ -165,11 +165,11 @@ public class DnsSecVerifier implements Verifier // look for the particular key // FIXME: this assumes that name+alg+footprint is unique. - for (Iterator i = keysets[0].rrs(); i.hasNext();) + for (Iterator i = keysets[0].rrs(); i.hasNext();) { - Object o = i.next(); - if (!(o instanceof DNSKEYRecord)) continue; - DNSKEYRecord keyrec = (DNSKEYRecord) o; + Record r = i.next(); + if (r.getType() != Type.DNSKEY) continue; + DNSKEYRecord keyrec = (DNSKEYRecord) r; if (keyrec.getAlgorithm() == algorithm && keyrec.getFootprint() == footprint) { return new DnsKeyPair(keyrec, (PrivateKey) null); @@ -190,7 +190,7 @@ public class DnsSecVerifier implements Verifier return pair; } - private byte validateSignature(RRset rrset, RRSIGRecord sigrec, List reasons) + private byte validateSignature(RRset rrset, RRSIGRecord sigrec, List reasons) { if (rrset == null || sigrec == null) return DNSSEC.Failed; if (!rrset.getName().equals(sigrec.getName())) @@ -255,7 +255,7 @@ public class DnsSecVerifier implements Verifier * could not be completed (usually because the public key was not * available). */ - public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache, List reasons) + public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache, List reasons) { byte result = validateSignature(rrset, sigrec, reasons); if (result != DNSSEC.Secure) return result; @@ -314,6 +314,7 @@ public class DnsSecVerifier implements Verifier * @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and * DNSSEC.Insecure if verification could not complete. */ + @SuppressWarnings("unchecked") public int verify(RRset rrset, Cache cache) { int result = mVerifyAllSigs ? DNSSEC.Secure : DNSSEC.Insecure; diff --git a/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java b/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java index b62b797..55a7f18 100644 --- a/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java +++ b/src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java @@ -57,8 +57,8 @@ public class JCEDnsSecSigner { private DnsKeyConverter mKeyConverter; private boolean mVerboseSigning = false; - - private Logger log; + + private Logger log; public JCEDnsSecSigner() { @@ -130,8 +130,9 @@ public class JCEDnsSecSigner * the expiration time for the resulting RRSIG records. * @return a list of RRSIGRecord objects. */ - public List signRRset(RRset rrset, List keypairs, Date start, Date expire) - throws IOException, GeneralSecurityException + public List signRRset(RRset rrset, List keypairs, Date start, + Date expire) throws IOException, + GeneralSecurityException { if (rrset == null || keypairs == null) return null; @@ -149,12 +150,11 @@ public class JCEDnsSecSigner // first, pre-calculate the RRset bytes. byte[] rrset_data = SignUtils.generateCanonicalRRsetData(rrset, 0, 0); - ArrayList sigs = new ArrayList(keypairs.size()); + ArrayList sigs = new ArrayList(keypairs.size()); // for each keypair, sign the RRset. - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - DnsKeyPair pair = (DnsKeyPair) i.next(); DNSKEYRecord keyrec = pair.getDNSKEYRecord(); if (keyrec == null) continue; @@ -164,8 +164,9 @@ public class JCEDnsSecSigner if (mVerboseSigning) { - log.info("Canonical pre-signature data to sign with key " + keyrec.getName().toString() + "/" - + keyrec.getAlgorithm() + "/" + keyrec.getFootprint() + ":"); + log.info("Canonical pre-signature data to sign with key " + + keyrec.getName().toString() + "/" + keyrec.getAlgorithm() + "/" + + keyrec.getFootprint() + ":"); log.info(hexdump.dump(null, sign_data)); } @@ -174,8 +175,7 @@ public class JCEDnsSecSigner if (signer == null) { // debug - log.fine("missing private key that goes with:\n" - + pair.getDNSKEYRecord()); + log.fine("missing private key that goes with:\n" + pair.getDNSKEYRecord()); throw new GeneralSecurityException("cannot sign without a valid Signer " + "(probably missing private key)"); } @@ -219,24 +219,23 @@ public class JCEDnsSecSigner * the RRSIG expiration time. * @return a signed RRset. */ - public RRset makeKeySet(List keypairs, Date start, Date expire) throws IOException, - GeneralSecurityException + public RRset makeKeySet(List keypairs, Date start, Date expire) + throws IOException, GeneralSecurityException { // Generate a KEY RR set to sign. RRset keyset = new RRset(); - for (Iterator i = keypairs.iterator(); i.hasNext();) + for (DnsKeyPair pair : keypairs) { - DnsKeyPair pair = (DnsKeyPair) i.next(); keyset.addRR(pair.getDNSKEYRecord()); } - List records = signRRset(keyset, keypairs, start, expire); + List records = signRRset(keyset, keypairs, start, expire); - for (Iterator i = records.iterator(); i.hasNext();) + for (RRSIGRecord r : records) { - keyset.addRR((Record) i.next()); + keyset.addRR(r); } return keyset; @@ -266,12 +265,14 @@ public class JCEDnsSecSigner * * @return the name of the new last_cut. */ - private Name addRRset(List toList, Name zonename, RRset rrset, List kskpairs, - List zskpairs, Date start, Date expire, boolean fullySignKeyset, - Name last_cut, Name last_dname) throws IOException, GeneralSecurityException + @SuppressWarnings("unchecked") + private Name addRRset(List toList, Name zonename, RRset rrset, + List kskpairs, List zskpairs, Date start, + Date expire, boolean fullySignKeyset, Name last_cut, + Name last_dname) throws IOException, GeneralSecurityException { // add the records themselves - for (Iterator i = rrset.rrs(); i.hasNext();) + for (Iterator i = rrset.rrs(); i.hasNext();) { toList.add(i.next()); } @@ -296,7 +297,7 @@ public class JCEDnsSecSigner // them with the zsks. if (kskpairs != null && kskpairs.size() > 0) { - List sigs = signRRset(rrset, kskpairs, start, expire); + List sigs = signRRset(rrset, kskpairs, start, expire); toList.addAll(sigs); // If we aren't going to sign with all the keys, bail out now. @@ -305,7 +306,7 @@ public class JCEDnsSecSigner } // otherwise, we are OK to sign this set. - List sigs = signRRset(rrset, zskpairs, start, expire); + List sigs = signRRset(rrset, zskpairs, start, expire); toList.addAll(sigs); return last_cut; @@ -365,11 +366,13 @@ public class JCEDnsSecSigner * @throws IOException * @throws GeneralSecurityException */ - private List signZone(Name zonename, List records, List kskpairs, List zskpairs, - Date start, Date expire, boolean fullySignKeyset, - int ds_digest_alg, int mode, List includedNames, byte[] salt, - int iterations, long nsec3paramttl, boolean beConservative) - throws IOException, GeneralSecurityException + private List signZone(Name zonename, List records, + List kskpairs, List zskpairs, + Date start, Date expire, boolean fullySignKeyset, + int ds_digest_alg, int mode, List includedNames, + byte[] salt, int iterations, long nsec3paramttl, + boolean beConservative) throws IOException, + GeneralSecurityException { // Remove any existing generated DNSSEC records (NSEC, NSEC3, NSEC3PARAM, // RRSIG) @@ -410,13 +413,13 @@ public class JCEDnsSecSigner // Assemble into RRsets and sign. RRset rrset = new RRset(); - ArrayList signed_records = new ArrayList(); + ArrayList signed_records = new ArrayList(); Name last_cut = null; Name last_dname = null; - for (ListIterator i = records.listIterator(); i.hasNext();) + for (ListIterator i = records.listIterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); // First record if (rrset.size() == 0) @@ -478,9 +481,11 @@ public class JCEDnsSecSigner * @return an ordered list of {@link org.xbill.DNS.Record} objects, * representing the signed zone. */ - public List signZone(Name zonename, List records, List kskpairs, List zskpairs, - Date start, Date expire, boolean fullySignKeyset, int ds_digest_alg) - throws IOException, GeneralSecurityException + public List signZone(Name zonename, List records, + List kskpairs, List zskpairs, + Date start, Date expire, boolean fullySignKeyset, + int ds_digest_alg) throws IOException, + GeneralSecurityException { return signZone(zonename, records, kskpairs, zskpairs, start, expire, fullySignKeyset, ds_digest_alg, NSEC_MODE, null, null, 0, 0, false); @@ -527,11 +532,13 @@ public class JCEDnsSecSigner * @throws IOException * @throws GeneralSecurityException */ - public List signZoneNSEC3(Name zonename, List records, List kskpairs, List zskpairs, - Date start, Date expire, boolean fullySignKeyset, - boolean useOptOut, List includedNames, byte[] salt, - int iterations, int ds_digest_alg, long nsec3paramttl) - throws IOException, GeneralSecurityException + public List signZoneNSEC3(Name zonename, List records, + List kskpairs, List zskpairs, + Date start, Date expire, boolean fullySignKeyset, + boolean useOptOut, List includedNames, + byte[] salt, int iterations, int ds_digest_alg, + long nsec3paramttl) throws IOException, + GeneralSecurityException { if (useOptOut) { @@ -577,10 +584,12 @@ public class JCEDnsSecSigner * @return an ordered list of {@link org.xbill.DNS.Record} objects, * representing the signed zone. */ - public List signZoneOptIn(Name zonename, List records, List kskpairs, List zskpairs, - Date start, Date expire, boolean useConservativeOptIn, - boolean fullySignKeyset, List NSECIncludeNames, - int ds_digest_alg) throws IOException, + public List signZoneOptIn(Name zonename, List records, + List kskpairs, List zskpairs, + Date start, Date expire, + boolean useConservativeOptIn, + boolean fullySignKeyset, List NSECIncludeNames, + int ds_digest_alg) throws IOException, GeneralSecurityException { diff --git a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java index 337cbae..c6742a4 100644 --- a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java +++ b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java @@ -254,12 +254,11 @@ public class ProtoNSEC3 return sb.toString(); } - public static class Comparator implements java.util.Comparator + public static class Comparator implements java.util.Comparator { - - public int compare(Object o1, Object o2) + public int compare(ProtoNSEC3 a, ProtoNSEC3 b) { - return ((ProtoNSEC3) o1).compareTo((ProtoNSEC3) o2); + return a.compareTo(b); } } diff --git a/src/com/verisignlabs/dnssec/security/RecordComparator.java b/src/com/verisignlabs/dnssec/security/RecordComparator.java index 9dedbd2..049f5a1 100644 --- a/src/com/verisignlabs/dnssec/security/RecordComparator.java +++ b/src/com/verisignlabs/dnssec/security/RecordComparator.java @@ -35,7 +35,7 @@ import org.xbill.DNS.Type; * @version $Revision$ */ -public class RecordComparator implements Comparator +public class RecordComparator implements Comparator { public RecordComparator() { @@ -75,11 +75,8 @@ public class RecordComparator implements Comparator return (a_rdata.length - b_rdata.length); } - public int compare(Object o1, Object o2) throws ClassCastException + public int compare(Record a, Record b) { - Record a = (Record) o1; - Record b = (Record) o2; - if (a == null && b == null) return 0; if (a == null) return 1; if (b == null) return -1; diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java index fad7ec6..e3fc1d1 100644 --- a/src/com/verisignlabs/dnssec/security/SignUtils.java +++ b/src/com/verisignlabs/dnssec/security/SignUtils.java @@ -81,13 +81,11 @@ public class SignUtils * * @return a prototype signature based on the RRset and key information. */ - public static RRSIGRecord generatePreRRSIG(RRset rrset, DNSKEYRecord key, - Date start, Date expire, - long sig_ttl) + public static RRSIGRecord generatePreRRSIG(RRset rrset, DNSKEYRecord key, Date start, + Date expire, long sig_ttl) { - return new RRSIGRecord(rrset.getName(), rrset.getDClass(), sig_ttl, - rrset.getType(), key.getAlgorithm(), - (int) rrset.getTTL(), expire, start, + return new RRSIGRecord(rrset.getName(), rrset.getDClass(), sig_ttl, rrset.getType(), + key.getAlgorithm(), (int) rrset.getTTL(), expire, start, key.getFootprint(), key.getName(), null); } @@ -108,14 +106,12 @@ public class SignUtils * * @return a prototype signature based on the Record and key information. */ - public static RRSIGRecord generatePreRRSIG(Record rec, DNSKEYRecord key, - Date start, Date expire, - long sig_ttl) + public static RRSIGRecord generatePreRRSIG(Record rec, DNSKEYRecord key, Date start, + Date expire, long sig_ttl) { - return new RRSIGRecord(rec.getName(), rec.getDClass(), sig_ttl, - rec.getType(), key.getAlgorithm(), rec.getTTL(), - expire, start, key.getFootprint(), key.getName(), - null); + return new RRSIGRecord(rec.getName(), rec.getDClass(), sig_ttl, rec.getType(), + key.getAlgorithm(), rec.getTTL(), expire, start, + key.getFootprint(), key.getName(), null); } /** @@ -150,23 +146,22 @@ public class SignUtils return image.toByteArray(); } - /** * Calculate the canonical wire line format of the RRset. * * @param rrset - * the RRset to convert. + * the RRset to convert. * @param ttl - * the TTL to use when canonicalizing -- this is generally the - * TTL of the signature if there is a pre-existing signature. If - * not it is just the ttl of the rrset itself. + * the TTL to use when canonicalizing -- this is generally the + * TTL of the signature if there is a pre-existing signature. If + * not it is just the ttl of the rrset itself. * @param labels - * the labels field of the signature, or 0. + * the labels field of the signature, or 0. * @return the canonical wire line format of the rrset. This is the second * part of data to be signed. */ - public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl, - int labels) + @SuppressWarnings("unchecked") + public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl, int labels) { DNSOutput image = new DNSOutput(); @@ -186,24 +181,22 @@ public class SignUtils { n = n.wild(n.labels() - labels); wildcardName = true; - log.fine("Detected wildcard expansion: " + rrset.getName() - + " changed to " + n); + log.fine("Detected wildcard expansion: " + rrset.getName() + " changed to " + n); } // now convert the wire format records in the RRset into a // list of byte arrays. - ArrayList canonical_rrs = new ArrayList(); - for (Iterator i = rrset.rrs(); i.hasNext();) + ArrayList canonical_rrs = new ArrayList(); + for (Iterator i = rrset.rrs(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); if (r.getTTL() != ttl || wildcardName) { // If necessary, we need to create a new record with a new ttl // or ownername. // In the TTL case, this avoids changing the ttl in the // response. - r = Record.newRecord(n, r.getType(), r.getDClass(), ttl, r - .rdataToWireCanonical()); + r = Record.newRecord(n, r.getType(), r.getDClass(), ttl, r.rdataToWireCanonical()); } byte[] wire_fmt = r.toWireCanonical(); canonical_rrs.add(wire_fmt); @@ -218,9 +211,8 @@ public class SignUtils Collections.sort(canonical_rrs, bac); - for (Iterator i = canonical_rrs.iterator(); i.hasNext();) + for (byte[] wire_fmt_rec : canonical_rrs) { - byte[] wire_fmt_rec = (byte[]) i.next(); image.writeByteArray(wire_fmt_rec); } @@ -240,8 +232,7 @@ public class SignUtils public static byte[] generateSigData(RRset rrset, RRSIGRecord presig) throws IOException { - byte[] rrset_data = generateCanonicalRRsetData(rrset, - presig.getOrigTTL(), + byte[] rrset_data = generateCanonicalRRsetData(rrset, presig.getOrigTTL(), presig.getLabels()); return generateSigData(rrset_data, presig); @@ -285,11 +276,11 @@ public class SignUtils */ public static RRSIGRecord generateRRSIG(byte[] signature, RRSIGRecord presig) { - return new RRSIGRecord(presig.getName(), presig.getDClass(), - presig.getTTL(), presig.getTypeCovered(), - presig.getAlgorithm(), presig.getOrigTTL(), - presig.getExpire(), presig.getTimeSigned(), - presig.getFootprint(), presig.getSigner(), signature); + return new RRSIGRecord(presig.getName(), presig.getDClass(), presig.getTTL(), + presig.getTypeCovered(), presig.getAlgorithm(), + presig.getOrigTTL(), presig.getExpire(), + presig.getTimeSigned(), presig.getFootprint(), + presig.getSigner(), signature); } /** @@ -311,8 +302,7 @@ public class SignUtils * if there was something wrong with the RFC 2536 formatted * signature. */ - public static byte[] convertDSASignature(byte[] signature) - throws SignatureException + public static byte[] convertDSASignature(byte[] signature) throws SignatureException { if (signature.length != 41) throw new SignatureException("RFC 2536 signature not expected length."); @@ -380,8 +370,7 @@ public class SignUtils { if (signature[0] != ASN1_SEQ || signature[2] != ASN1_INT) { - throw new SignatureException( - "Invalid ASN.1 signature format: expected SEQ, INT"); + throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT"); } byte r_pad = (byte) (signature[3] - 20); @@ -478,8 +467,8 @@ public class SignUtils * the name of the last DELEGATION record/set that was encountered * while iterating over the zone in canonical order. */ - public static int recordSecType(Name zonename, Name name, int type, - Name last_cut, Name last_dname) + public static int recordSecType(Name zonename, Name name, int type, Name last_cut, + Name last_dname) { // records not even in the zone itself are invalid. if (!name.subdomain(zonename)) return RR_INVALID; @@ -493,7 +482,7 @@ public class SignUtils // a delegation point (NS, DS, NSEC), this is glue. if (name.equals(last_cut)) { - if (type != Type.NS && type != Type.DS && type != Type.NXT && type != Type.NSEC) + if (type != Type.NS && type != Type.DS && type != Type.NXT && type != Type.NSEC) { return RR_GLUE; } @@ -503,18 +492,19 @@ public class SignUtils { return RR_GLUE; } - + } - + // if we are below a DNAME, then the RR is invalid. - if (last_dname != null && name.subdomain(last_dname) && name.labels() > last_dname.labels()) + if (last_dname != null && name.subdomain(last_dname) + && name.labels() > last_dname.labels()) { return RR_INVALID; } // since we are not at zone level, any NS records are delegations if (type == Type.NS) return RR_DELEGATION; - + // and everything else is normal return RR_NORMAL; } @@ -528,24 +518,13 @@ public class SignUtils * canonical order. * @return a List of {@link org.xbill.DNS.RRset} objects. */ - public static List assembleIntoRRsets(List records) + public static List assembleIntoRRsets(List records) { RRset rrset = new RRset(); - ArrayList rrsets = new ArrayList(); + ArrayList rrsets = new ArrayList(); - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - Object o = i.next(); - - if (!(o instanceof Record)) - { - log.warning("assembleIntoRRsets: a non-record object was " - + "encountered and skipped: " + o + " (" + o.getClass() + ")"); - continue; - } - - Record r = (Record) o; - // First record if (rrset.size() == 0) { @@ -581,14 +560,14 @@ public class SignUtils */ private static class NodeInfo { - public Name name; - public int type; - public long ttl; - public int dclass; - public Set typemap; - public boolean isSecureNode; // opt-in support. - public boolean hasOptInSpan; // opt-in support. - public int nsecIndex; + public Name name; + public int type; + public long ttl; + public int dclass; + public Set typemap; + public boolean isSecureNode; // opt-in support. + public boolean hasOptInSpan; // opt-in support. + public int nsecIndex; public NodeInfo(Record r, int nodeType) { @@ -596,7 +575,7 @@ public class SignUtils this.type = nodeType; this.ttl = r.getTTL(); this.dclass = r.getDClass(); - this.typemap = new HashSet(); + this.typemap = new HashSet(); this.isSecureNode = false; this.hasOptInSpan = false; addType(r.getType()); @@ -613,9 +592,10 @@ public class SignUtils isSecureNode = true; } } - - public boolean hasType(int type) { - return this.typemap.contains(new Integer(type)); + + public boolean hasType(int type) + { + return this.typemap.contains(type); } public String toString() @@ -653,7 +633,7 @@ public class SignUtils * a list of {@link org.xbill.DNS.Record} objects in DNSSEC canonical * order. */ - public static void generateNSECRecords(Name zonename, List records) + public static void generateNSECRecords(Name zonename, List records) { // This works by iterating over a known sorted list of records. @@ -667,24 +647,24 @@ public class SignUtils // First find the SOA record -- it should be near the beginning -- and get // the soa minimum - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - Object o = i.next(); - if (o instanceof SOARecord) + if (r.getType() == Type.SOA) { - SOARecord soa = (SOARecord) o; + SOARecord soa = (SOARecord) r; nsec_ttl = soa.getMinimum(); break; } } + if (nsec_ttl == 0) { throw new IllegalArgumentException("Zone did not contain a SOA record"); } - for (ListIterator i = records.listIterator(); i.hasNext();) + for (ListIterator i = records.listIterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); Name r_name = r.getName(); int r_type = r.getType(); int r_sectype = recordSecType(zonename, r_name, r_type, last_cut, last_dname); @@ -697,7 +677,7 @@ public class SignUtils // if this is a DNAME, note it so we can recognize junk if (r_type == Type.DNAME) last_dname = r_name; - + // first node -- initialize if (current_node == null) { @@ -716,9 +696,8 @@ public class SignUtils if (last_node != null) { - NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, - nsec_ttl, current_node.name, - last_node.getTypes()); + NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, nsec_ttl, + current_node.name, last_node.getTypes()); // Note: we have to add this through the iterator, otherwise // the next access via the iterator will generate a // ConcurrencyModificationException. @@ -743,17 +722,15 @@ public class SignUtils // Generate next to last NSEC if (last_node != null) { - NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, - nsec_ttl, current_node.name, - last_node.getTypes()); + NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, nsec_ttl, + current_node.name, last_node.getTypes()); records.add(last_node.nsecIndex - 1, nsec); log.finer("Generated: " + nsec); } // Generate last NSEC - NSECRecord nsec = new NSECRecord(current_node.name, current_node.dclass, - nsec_ttl, zonename, - current_node.getTypes()); + NSECRecord nsec = new NSECRecord(current_node.name, current_node.dclass, nsec_ttl, + zonename, current_node.getTypes()); records.add(nsec); log.finer("Generated: " + nsec); @@ -781,12 +758,11 @@ public class SignUtils * will use the SOA minimum) * @throws NoSuchAlgorithmException */ - public static void generateNSEC3Records(Name zonename, List records, - byte[] salt, int iterations, - long nsec3param_ttl) + public static void generateNSEC3Records(Name zonename, List records, + byte[] salt, int iterations, long nsec3param_ttl) throws NoSuchAlgorithmException { - List proto_nsec3s = new ArrayList(); + List proto_nsec3s = new ArrayList(); NodeInfo current_node = null; NodeInfo last_node = null; // For detecting glue. @@ -796,9 +772,8 @@ public class SignUtils long nsec3_ttl = 0; - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - Record r = (Record) i.next(); Name r_name = r.getName(); int r_type = r.getType(); @@ -813,7 +788,7 @@ public class SignUtils // note our last DNAME point, so we can recognize junk. if (r_type == Type.DNAME) last_dname = r_name; - + if (r_type == Type.SOA) { SOARecord soa = (SOARecord) r; @@ -841,30 +816,24 @@ public class SignUtils // At this point, r represents the start of a new node. // So we move current_node to last_node and generate a new current node. // But first, we need to do something with the last node. - generateNSEC3ForNode(last_node, zonename, salt, iterations, false, - proto_nsec3s); + generateNSEC3ForNode(last_node, zonename, salt, iterations, false, proto_nsec3s); last_node = current_node; current_node = new NodeInfo(r, r_sectype); } // process last two nodes. - generateNSEC3ForNode(last_node, zonename, salt, iterations, false, - proto_nsec3s); - generateNSEC3ForNode(current_node, zonename, salt, iterations, false, - proto_nsec3s); + generateNSEC3ForNode(last_node, zonename, salt, iterations, false, proto_nsec3s); + generateNSEC3ForNode(current_node, zonename, salt, iterations, false, proto_nsec3s); - List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl); + List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl); records.addAll(nsec3s); - NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord( - zonename, - DClass.IN, + NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN, nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, - (byte) 0, iterations, - salt); + (byte) 0, iterations, salt); records.add(nsec3param); } @@ -897,13 +866,12 @@ public class SignUtils * will use the SOA minimum) * @throws NoSuchAlgorithmException */ - public static void generateOptOutNSEC3Records(Name zonename, List records, - List includedNames, - byte[] salt, int iterations, - long nsec3param_ttl) + public static void generateOptOutNSEC3Records(Name zonename, List records, + List includedNames, byte[] salt, + int iterations, long nsec3param_ttl) throws NoSuchAlgorithmException { - List proto_nsec3s = new ArrayList(); + List proto_nsec3s = new ArrayList(); NodeInfo current_node = null; NodeInfo last_node = null; // For detecting glue. @@ -913,15 +881,14 @@ public class SignUtils long nsec3_ttl = 0; - HashSet includeSet = null; + HashSet includeSet = null; if (includedNames != null) { - includeSet = new HashSet(includedNames); + includeSet = new HashSet(includedNames); } - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - Record r = (Record) i.next(); Name r_name = r.getName(); int r_type = r.getType(); @@ -935,7 +902,7 @@ public class SignUtils if (r_sectype == RR_DELEGATION) last_cut = r_name; if (r_type == Type.DNAME) last_dname = r_name; - + if (r_type == Type.SOA) { SOARecord soa = (SOARecord) r; @@ -968,8 +935,7 @@ public class SignUtils // At this point, r represents the start of a new node. // So we move current_node to last_node and generate a new current node. // But first, we need to do something with the last node. - generateNSEC3ForNode(last_node, zonename, salt, iterations, true, - proto_nsec3s); + generateNSEC3ForNode(last_node, zonename, salt, iterations, true, proto_nsec3s); if (current_node.isSecureNode) { @@ -984,21 +950,16 @@ public class SignUtils } // process last two nodes. - generateNSEC3ForNode(last_node, zonename, salt, iterations, true, - proto_nsec3s); - generateNSEC3ForNode(current_node, zonename, salt, iterations, true, - proto_nsec3s); + generateNSEC3ForNode(last_node, zonename, salt, iterations, true, proto_nsec3s); + generateNSEC3ForNode(current_node, zonename, salt, iterations, true, proto_nsec3s); - List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl); + List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl); records.addAll(nsec3s); - NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord( - zonename, - DClass.IN, + NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN, nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, - (byte) 0, iterations, - salt); + (byte) 0, iterations, salt); records.add(nsec3param); } @@ -1021,16 +982,16 @@ public class SignUtils * The current list of NSEC3s -- this will be updated. * @throws NoSuchAlgorithmException */ - private static void generateNSEC3ForNode(NodeInfo node, Name zonename, - byte[] salt, int iterations, - boolean optIn, List nsec3s) + private static void generateNSEC3ForNode(NodeInfo node, Name zonename, byte[] salt, + int iterations, boolean optIn, List nsec3s) throws NoSuchAlgorithmException { if (node == null) return; if (optIn && !node.isSecureNode) return; // Add our default types. - if (node.type == RR_NORMAL || (node.type == RR_DELEGATION && node.hasType(Type.DS))) { + if (node.type == RR_NORMAL || (node.type == RR_DELEGATION && node.hasType(Type.DS))) + { node.addType(Type.RRSIG); } if (node.name.equals(zonename)) node.addType(Type.NSEC3PARAM); @@ -1042,13 +1003,13 @@ public class SignUtils { Name n = new Name(node.name, i); log.fine("Generating ENT NSEC3 for " + n); - ProtoNSEC3 nsec3 = generateNSEC3(n, zonename, node.ttl, salt, iterations, - optIn, null); + ProtoNSEC3 nsec3 = generateNSEC3(n, zonename, node.ttl, salt, iterations, optIn, + null); nsec3s.add(nsec3); } - ProtoNSEC3 nsec3 = generateNSEC3(node.name, zonename, node.ttl, salt, - iterations, optIn, node.getTypes()); + ProtoNSEC3 nsec3 = generateNSEC3(node.name, zonename, node.ttl, salt, iterations, + optIn, node.getTypes()); nsec3s.add(nsec3); } @@ -1074,17 +1035,15 @@ public class SignUtils * @throws NoSuchAlgorithmException */ private static ProtoNSEC3 generateNSEC3(Name name, Name zonename, long ttl, - byte[] salt, int iterations, - boolean optIn, int[] types) - throws NoSuchAlgorithmException + byte[] salt, int iterations, boolean optIn, + int[] types) throws NoSuchAlgorithmException { - byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID, - iterations, salt); + byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID, iterations, salt); byte flags = (byte) (optIn ? 0x01 : 0x00); ProtoNSEC3 r = new ProtoNSEC3(hash, name, zonename, DClass.IN, ttl, - NSEC3Record.SHA1_DIGEST_ID, flags, - iterations, salt, null, types); + NSEC3Record.SHA1_DIGEST_ID, flags, iterations, salt, + null, types); log.finer("Generated: " + r); return r; @@ -1102,7 +1061,7 @@ public class SignUtils * should match the SOA minimum value for the zone. * @return The list of {@link org.xbill.DNS.NSEC3Record} objects. */ - private static List finishNSEC3s(List nsec3s, long ttl) + private static List finishNSEC3s(List nsec3s, long ttl) { if (nsec3s == null) return null; Collections.sort(nsec3s, new ProtoNSEC3.Comparator()); @@ -1111,9 +1070,9 @@ public class SignUtils ProtoNSEC3 cur_nsec3 = null; byte[] first_nsec3_hash = null; - for (ListIterator i = nsec3s.listIterator(); i.hasNext();) + for (ListIterator i = nsec3s.listIterator(); i.hasNext();) { - cur_nsec3 = (ProtoNSEC3) i.next(); + cur_nsec3 = i.next(); // check to see if cur is a duplicate (by name) if (prev_nsec3 != null @@ -1154,10 +1113,9 @@ public class SignUtils } // Convert our ProtoNSEC3s to actual (immutable) NSEC3Record objects. - List res = new ArrayList(nsec3s.size()); - for (Iterator i = nsec3s.iterator(); i.hasNext();) + List res = new ArrayList(nsec3s.size()); + for (ProtoNSEC3 p : nsec3s) { - ProtoNSEC3 p = (ProtoNSEC3) i.next(); p.setTTL(ttl); res.add(p.getNSEC3Record()); } @@ -1184,8 +1142,8 @@ public class SignUtils * if true, then Opt-In NXTs will only be generated where there is * actually a span of insecure delegations. */ - public static void generateOptInNSECRecords(Name zonename, List records, - List includeNames, + public static void generateOptInNSECRecords(Name zonename, List records, + List includeNames, boolean beConservative) { // This works by iterating over a known sorted list of records. @@ -1195,18 +1153,18 @@ public class SignUtils Name last_cut = null; Name last_dname = null; - + int backup; - HashSet includeSet = null; + HashSet includeSet = null; if (includeNames != null) { - includeSet = new HashSet(includeNames); + includeSet = new HashSet(includeNames); } - for (ListIterator i = records.listIterator(); i.hasNext();) + for (ListIterator i = records.listIterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); Name r_name = r.getName(); int r_type = r.getType(); int r_sectype = recordSecType(zonename, r_name, r_type, last_cut, last_dname); @@ -1218,7 +1176,7 @@ public class SignUtils if (r_sectype == RR_DELEGATION) last_cut = r_name; if (r_type == Type.DNAME) last_dname = r_name; - + // first node -- initialize if (current_node == null) { @@ -1248,9 +1206,8 @@ public class SignUtils { last_node.addType(Type.NSEC); } - NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, - last_node.ttl, current_node.name, - last_node.getTypes()); + NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl, + current_node.name, last_node.getTypes()); // Note: we have to add this through the iterator, otherwise // the next access via the iterator will generate a // ConcurrencyModificationException. @@ -1289,9 +1246,8 @@ public class SignUtils { last_node.addType(Type.NSEC); } - NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, - last_node.ttl, current_node.name, - last_node.getTypes()); + NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl, + current_node.name, last_node.getTypes()); records.add(last_node.nsecIndex - 1, nsec); log.finer("Generated: " + nsec); } @@ -1304,16 +1260,16 @@ public class SignUtils { current_node.addType(Type.NSEC); } - nsec = new NSECRecord(current_node.name, current_node.dclass, - current_node.ttl, zonename, current_node.getTypes()); + nsec = new NSECRecord(current_node.name, current_node.dclass, current_node.ttl, + zonename, current_node.getTypes()); // we can just tack this on the end as we are working on the // last node. records.add(nsec); } else { - nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl, - zonename, last_node.getTypes()); + nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl, zonename, + last_node.getTypes()); // We need to tack this on after the last secure node, not the // end of the whole list. records.add(last_node.nsecIndex, nsec); @@ -1334,13 +1290,12 @@ public class SignUtils * @param digest_alg * The digest algorithm to use. */ - public static void generateDSRecords(Name zonename, List records, - int digest_alg) + public static void generateDSRecords(Name zonename, List records, int digest_alg) { - for (ListIterator i = records.listIterator(); i.hasNext();) + for (ListIterator i = records.listIterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); if (r == null) continue; // this should never be true. Name r_name = r.getName(); @@ -1349,8 +1304,7 @@ public class SignUtils // Convert non-zone level KEY records into DS records. if (r.getType() == Type.DNSKEY && !r_name.equals(zonename)) { - DSRecord ds = calculateDSRecord((DNSKEYRecord) r, digest_alg, - r.getTTL()); + DSRecord ds = calculateDSRecord((DNSKEYRecord) r, digest_alg, r.getTTL()); i.set(ds); } @@ -1365,9 +1319,9 @@ public class SignUtils * @param records * a list of {@link org.xbill.DNS.Record} objects. */ - public static void removeGeneratedRecords(Name zonename, List records) + public static void removeGeneratedRecords(Name zonename, List records) { - for (Iterator i = records.iterator(); i.hasNext();) + for (Iterator i = records.iterator(); i.hasNext();) { Record r = (Record) i.next(); @@ -1387,12 +1341,12 @@ public class SignUtils * @param records * a list of {@link org.xbill.DNS.Record} object, in sorted order. */ - public static void removeDuplicateRecords(List records) + public static void removeDuplicateRecords(List records) { Record lastrec = null; - for (Iterator i = records.iterator(); i.hasNext();) + for (Iterator i = records.iterator(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); if (lastrec == null) { lastrec = r; @@ -1419,8 +1373,7 @@ public class SignUtils * the original KEY RR's TTL will be used. * @return the corresponding {@link org.xbill.DNS.DSRecord} */ - public static DSRecord calculateDSRecord(DNSKEYRecord keyrec, int digest_alg, - long ttl) + public static DSRecord calculateDSRecord(DNSKEYRecord keyrec, int digest_alg, long ttl) { if (keyrec == null) return null; @@ -1451,8 +1404,8 @@ public class SignUtils } return new DSRecord(keyrec.getName(), keyrec.getDClass(), ttl, - keyrec.getFootprint(), keyrec.getAlgorithm(), - digest_alg, digest); + keyrec.getFootprint(), keyrec.getAlgorithm(), digest_alg, + digest); } catch (NoSuchAlgorithmException e) @@ -1464,16 +1417,21 @@ public class SignUtils /** * Calculate an NSEC3 hash based on a DNS name and NSEC3 hash parameters. - * - * @param n The name to hash. - * @param hash_algorithm The hash algorithm to use. - * @param iterations The number of iterations to do. - * @param salt The salt to use. + * + * @param n + * The name to hash. + * @param hash_algorithm + * The hash algorithm to use. + * @param iterations + * The number of iterations to do. + * @param salt + * The salt to use. * @return The calculated hash as a byte array. - * @throws NoSuchAlgorithmException If the hash algorithm is unrecognized. + * @throws NoSuchAlgorithmException + * If the hash algorithm is unrecognized. */ - public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations, - byte[] salt) throws NoSuchAlgorithmException + public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations, byte[] salt) + throws NoSuchAlgorithmException { MessageDigest md; @@ -1482,9 +1440,9 @@ public class SignUtils case NSEC3Record.SHA1_DIGEST_ID: md = MessageDigest.getInstance("SHA1"); break; - default : - throw new NoSuchAlgorithmException( - "Unknown NSEC3 algorithm identifier: " + hash_algorithm); + default: + throw new NoSuchAlgorithmException("Unknown NSEC3 algorithm identifier: " + + hash_algorithm); } // Construct our wire form. diff --git a/src/com/verisignlabs/dnssec/security/TypeMap.java b/src/com/verisignlabs/dnssec/security/TypeMap.java index 903d544..59d6968 100644 --- a/src/com/verisignlabs/dnssec/security/TypeMap.java +++ b/src/com/verisignlabs/dnssec/security/TypeMap.java @@ -22,29 +22,29 @@ public class TypeMap { private static final Integer[] integerArray = new Integer[0]; - private Set typeSet; + private Set typeSet; public TypeMap() { - this.typeSet = new HashSet(); + this.typeSet = new HashSet(); } /** Add the given type to the typemap. */ public void set(int type) { - typeSet.add(new Integer(type)); + typeSet.add(type); } /** Remove the given type from the type map. */ public void clear(int type) { - typeSet.remove(new Integer(type)); + typeSet.remove(type); } /** @return true if the given type is present in the type map. */ public boolean get(int type) { - return typeSet.contains(new Integer(type)); + return typeSet.contains(type); } public static TypeMap fromTypes(int[] types) @@ -109,8 +109,7 @@ public class TypeMap return sb.toString(); } - protected static void mapToWire(DNSOutput out, int[] types, int base, - int start, int end) + protected static void mapToWire(DNSOutput out, int[] types, int base, int start, int end) { // calculate the length of this map by looking at the largest // typecode in this section. diff --git a/src/com/verisignlabs/dnssec/security/ZoneUtils.java b/src/com/verisignlabs/dnssec/security/ZoneUtils.java index 0d47080..02cb2e2 100644 --- a/src/com/verisignlabs/dnssec/security/ZoneUtils.java +++ b/src/com/verisignlabs/dnssec/security/ZoneUtils.java @@ -56,9 +56,9 @@ public class ZoneUtils * @throws IOException * if something goes wrong reading the zone file. */ - public static List readZoneFile(String zonefile, Name origin) throws IOException + public static List readZoneFile(String zonefile, Name origin) throws IOException { - ArrayList records = new ArrayList(); + ArrayList records = new ArrayList(); Master m; if (zonefile.equals("-")) { @@ -88,7 +88,7 @@ public class ZoneUtils * @param zonefile * the file to write to. If null or equal to "-", System.out is used. */ - public static void writeZoneFile(List records, String zonefile) throws IOException + public static void writeZoneFile(List records, String zonefile) throws IOException { PrintWriter out = null; @@ -101,9 +101,9 @@ public class ZoneUtils out = new PrintWriter(new BufferedWriter(new FileWriter(zonefile))); } - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - out.println(i.next()); + out.println(r); } out.close(); @@ -113,63 +113,29 @@ public class ZoneUtils * Given just the list of records, determine the zone name (origin). * * @param records - * a list of {@link org.xbill.DNS.Record} or - * {@link org.xbill.DNS.RRset} objects. + * a list of {@link org.xbill.DNS.Record} objects. * @return the zone name, if found. null if one couldn't be found. */ - public static Name findZoneName(List records) + public static Name findZoneName(List records) { - for (Iterator i = records.iterator(); i.hasNext();) + for (Record r : records) { - int type = 0; - Name n = null; + int type = r.getType(); - Object o = i.next(); - - if (o instanceof Record) - { - Record r = (Record) o; - type = r.getType(); - n = r.getName(); - } - else if (o instanceof RRset) - { - RRset r = (RRset) o; - type = r.getType(); - n = r.getName(); - } - - if (type == Type.SOA) return n; + if (type == Type.SOA) return r.getName(); } return null; } - public static List findRRs(List records, Name name, int type) + public static List findRRs(List records, Name name, int type) { - List res = new ArrayList(); - for (Iterator i = records.iterator(); i.hasNext();) + List res = new ArrayList(); + for (Record r : records) { - Object o = i.next(); - - if (o instanceof Record) + if (r.getName().equals(name) && r.getType() == type) { - Record r = (Record) o; - if (r.getName().equals(name) && r.getType() == type) - { - res.add(r); - } - } - else if (o instanceof RRset) - { - RRset r = (RRset) o; - if (r.getName().equals(name) && r.getType() == type) - { - for (Iterator j = r.rrs(); j.hasNext();) - { - res.add(j.next()); - } - } + res.add(r); } } @@ -177,21 +143,23 @@ public class ZoneUtils } /** This is an alternate way to format an RRset into a string */ + @SuppressWarnings("unchecked") public static String rrsetToString(RRset rrset, boolean includeSigs) { StringBuilder out = new StringBuilder(); - for (Iterator i = rrset.rrs(false); i.hasNext();) + for (Iterator i = rrset.rrs(false); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); out.append(r.toString()); out.append("\n"); } + if (includeSigs) { - for (Iterator i = rrset.sigs(); i.hasNext();) + for (Iterator i = rrset.sigs(); i.hasNext();) { - Record r = (Record) i.next(); + Record r = i.next(); out.append(r.toString()); out.append("\n"); } diff --git a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java index 3295b21..1aff75d 100644 --- a/src/com/verisignlabs/dnssec/security/ZoneVerifier.java +++ b/src/com/verisignlabs/dnssec/security/ZoneVerifier.java @@ -337,25 +337,26 @@ public class ZoneVerifier return errors; } - private static String reasonListToString(List reasons) + private static String reasonListToString(List reasons) { if (reasons == null) return ""; StringBuffer out = new StringBuffer(); - for (Iterator i = reasons.iterator(); i.hasNext();) + for (Iterator i = reasons.iterator(); i.hasNext();) { out.append("Reason: "); - out.append((String) i.next()); + out.append(i.next()); if (i.hasNext()) out.append("\n"); } return out.toString(); } + @SuppressWarnings("unchecked") private int processRRset(RRset rrset) { - List reasons = new ArrayList(); + List reasons = new ArrayList(); int result = DNSSEC.Failed; - for (Iterator i = rrset.sigs(); i.hasNext();) + for (Iterator i = rrset.sigs(); i.hasNext();) { RRSIGRecord sigrec = (RRSIGRecord) i.next(); byte res = mVerifier.verifySignature(rrset, sigrec, null, reasons); @@ -415,7 +416,7 @@ public class ZoneVerifier // should be empty. if (typeset == null) return types.length == 0; - Set compareTypeset = new HashSet(); + Set compareTypeset = new HashSet(); for (int i = 0; i < types.length; ++i) { compareTypeset.add(types[i]); @@ -705,7 +706,7 @@ public class ZoneVerifier return errors; } - public int verifyZone(List records) throws NoSuchAlgorithmException, TextParseException + public int verifyZone(List records) throws NoSuchAlgorithmException, TextParseException { int errors = 0;