davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Use generic types when possible.

Browse Source 
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@246 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
This commit is contained in:
David Blacka
2011-02-12 21:25:42 +00:00
parent 91207aeed2
commit fb75a5419f
17 changed files with 427 additions and 520 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
src/com/verisignlabs/dnssec/security/BareLogFormatter.java
View File

@@ -1,24 +0,0 @@
package com.verisignlabs.dnssec.security;
import java.util.logging.LogRecord;
/**
* This is a very simple log formatter that simply outputs the log level and log
* string.
*/
public class BareLogFormatter extends java.util.logging.Formatter
{
@Override
public String format(LogRecord arg0)
{
StringBuilder out = new StringBuilder();
String lvl = arg0.getLevel().getName();
out.append(lvl);
out.append(": ");
out.append(arg0.getMessage());
out.append("\n");
return out.toString();
}
}

7
src/com/verisignlabs/dnssec/security/ByteArrayComparator.java
View File

@@ -30,7 +30,7 @@ import java.util.logging.Logger;
* @author $Author$
* @version $Revision$
*/
public class ByteArrayComparator implements Comparator
public class ByteArrayComparator implements Comparator<byte[]>
{
private int mOffset = 0;
private boolean mDebug = false;
@@ -46,11 +46,8 @@ public class ByteArrayComparator implements Comparator
mDebug = debug;
}
public int compare(Object o1, Object o2) throws ClassCastException
public int compare(byte[] b1, byte[] b2)
{
byte[] b1 = (byte[]) o1;
byte[] b2 = (byte[]) o2;
for (int i = mOffset; i < b1.length && i < b2.length; i++)
{
if (b1[i] != b2[i])

58
src/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java
View File

@@ -77,32 +77,32 @@ public class DnsKeyAlgorithm
* This is a mapping of algorithm identifier to Entry. The Entry contains the
* data needed to map the algorithm to the various crypto implementations.
*/
private HashMap mAlgorithmMap;
private HashMap<Integer, Entry> mAlgorithmMap;
/**
* This is a mapping of algorithm mnemonics to algorithm identifiers.
*/
private HashMap mMnemonicToIdMap;
private HashMap<String, Integer> mMnemonicToIdMap;
/**
* This is a mapping of identifiers to preferred mnemonic -- the preferred one
* is the first defined one
*/
private HashMap mIdToMnemonicMap;
private HashMap<Integer, String> mIdToMnemonicMap;
/** This is a cached key pair generator for RSA keys. */
private KeyPairGenerator mRSAKeyGenerator;
private KeyPairGenerator mRSAKeyGenerator;
/** This is a cache key pair generator for DSA keys. */
private KeyPairGenerator mDSAKeyGenerator;
private KeyPairGenerator mDSAKeyGenerator;
private Logger log = Logger.getLogger(this.getClass().toString());
private Logger log = Logger.getLogger(this.getClass().toString());
/** This is the global instance for this class. */
private static DnsKeyAlgorithm mInstance = null;
private static DnsKeyAlgorithm mInstance = null;
public DnsKeyAlgorithm()
{
mAlgorithmMap = new HashMap();
mMnemonicToIdMap = new HashMap();
mIdToMnemonicMap = new HashMap();
mAlgorithmMap = new HashMap<Integer, Entry>();
mMnemonicToIdMap = new HashMap<String, Integer>();
mIdToMnemonicMap = new HashMap<Integer, String>();
// Load the standard DNSSEC algorithms.
addAlgorithm(DNSSEC.RSAMD5, new Entry("MD5withRSA", RSA));
@@ -137,40 +137,34 @@ public class DnsKeyAlgorithm
private void addAlgorithm(int algorithm, Entry entry)
{
Integer a = new Integer(algorithm);
mAlgorithmMap.put(a, entry);
mAlgorithmMap.put(algorithm, entry);
}
private void addMnemonic(String m, int alg)
{
Integer a = new Integer(alg);
mMnemonicToIdMap.put(m.toUpperCase(), a);
if (!mIdToMnemonicMap.containsKey(a))
mMnemonicToIdMap.put(m.toUpperCase(), alg);
if (!mIdToMnemonicMap.containsKey(alg))
{
mIdToMnemonicMap.put(a, m);
mIdToMnemonicMap.put(alg, m);
}
}
public void addAlias(int alias, String mnemonic, int original_algorithm)
{
Integer a = new Integer(alias);
Integer o = new Integer(original_algorithm);
if (mAlgorithmMap.containsKey(a))
if (mAlgorithmMap.containsKey(alias))
{
log.warning("Unable to alias algorithm " + alias
+ " because it already exists.");
log.warning("Unable to alias algorithm " + alias + " because it already exists.");
return;
}
if (!mAlgorithmMap.containsKey(o))
if (!mAlgorithmMap.containsKey(original_algorithm))
{
log.warning("Unable to alias algorith " + alias
+ " to unknown algorithm identifier " + original_algorithm);
return;
}
mAlgorithmMap.put(a, mAlgorithmMap.get(o));
mAlgorithmMap.put(alias, mAlgorithmMap.get(original_algorithm));
if (mnemonic != null)
{
@@ -180,7 +174,7 @@ public class DnsKeyAlgorithm
private Entry getEntry(int alg)
{
return (Entry) mAlgorithmMap.get(new Integer(alg));
return mAlgorithmMap.get(alg);
}
public Signature getSignature(int algorithm)
@@ -196,8 +190,8 @@ public class DnsKeyAlgorithm
}
catch (NoSuchAlgorithmException e)
{
log.severe("Unable to get signature implementation for algorithm "
+ algorithm + ": " + e);
log.severe("Unable to get signature implementation for algorithm " + algorithm
+ ": " + e);
}
return s;
@@ -205,14 +199,14 @@ public class DnsKeyAlgorithm
public int stringToAlgorithm(String s)
{
Integer alg = (Integer) mMnemonicToIdMap.get(s.toUpperCase());
Integer alg = mMnemonicToIdMap.get(s.toUpperCase());
if (alg != null) return alg.intValue();
return -1;
}
public String algToString(int algorithm)
{
return (String) mIdToMnemonicMap.get(new Integer(algorithm));
return mIdToMnemonicMap.get(algorithm);
}
public int baseType(int algorithm)
@@ -257,13 +251,11 @@ public class DnsKeyAlgorithm
RSAKeyGenParameterSpec rsa_spec;
if (useLargeExp)
{
rsa_spec = new RSAKeyGenParameterSpec(keysize,
RSAKeyGenParameterSpec.F4);
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F4);
}
else
{
rsa_spec = new RSAKeyGenParameterSpec(keysize,
RSAKeyGenParameterSpec.F0);
rsa_spec = new RSAKeyGenParameterSpec(keysize, RSAKeyGenParameterSpec.F0);
}
try
{

29
src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@@ -48,23 +48,23 @@ public class DnsSecVerifier implements Verifier
private class TrustedKeyStore
{
// for now, this is implemented as a hashtable of lists of
// for now, this is implemented as a hash table of lists of
// DnsKeyPair objects (obviously, all of them will not have
// private keys).
private HashMap mKeyMap;
private HashMap<String, List<DnsKeyPair>> mKeyMap;
public TrustedKeyStore()
{
mKeyMap = new HashMap();
mKeyMap = new HashMap<String, List<DnsKeyPair>>();
}
public void add(DnsKeyPair pair)
{
String n = pair.getDNSKEYName().toString().toLowerCase();
List l = (List) mKeyMap.get(n);
List<DnsKeyPair> l = mKeyMap.get(n);
if (l == null)
{
l = new ArrayList();
l = new ArrayList<DnsKeyPair>();
mKeyMap.put(n, l);
}
@@ -86,14 +86,13 @@ public class DnsSecVerifier implements Verifier
public DnsKeyPair find(Name name, int algorithm, int keyid)
{
String n = name.toString().toLowerCase();
List l = (List) mKeyMap.get(n);
List<DnsKeyPair> l = mKeyMap.get(n);
if (l == null) return null;
// FIXME: this algorithm assumes that name+alg+footprint is
// unique, which isn't necessarily true.
for (Iterator i = l.iterator(); i.hasNext();)
for (DnsKeyPair p : l)
{
DnsKeyPair p = (DnsKeyPair) i.next();
if (p.getDNSKEYAlgorithm() == algorithm && p.getDNSKEYFootprint() == keyid)
{
return p;
@@ -158,6 +157,7 @@ public class DnsSecVerifier implements Verifier
mIgnoreTime = v;
}
@SuppressWarnings("unchecked")
private DnsKeyPair findCachedKey(Cache cache, Name name, int algorithm, int footprint)
{
RRset[] keysets = cache.findAnyRecords(name, Type.KEY);
@@ -165,11 +165,11 @@ public class DnsSecVerifier implements Verifier
// look for the particular key
// FIXME: this assumes that name+alg+footprint is unique.
for (Iterator i = keysets[0].rrs(); i.hasNext();)
for (Iterator<Record> i = keysets[0].rrs(); i.hasNext();)
{
Object o = i.next();
if (!(o instanceof DNSKEYRecord)) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) o;
Record r = i.next();
if (r.getType() != Type.DNSKEY) continue;
DNSKEYRecord keyrec = (DNSKEYRecord) r;
if (keyrec.getAlgorithm() == algorithm && keyrec.getFootprint() == footprint)
{
return new DnsKeyPair(keyrec, (PrivateKey) null);
@@ -190,7 +190,7 @@ public class DnsSecVerifier implements Verifier
return pair;
}
private byte validateSignature(RRset rrset, RRSIGRecord sigrec, List reasons)
private byte validateSignature(RRset rrset, RRSIGRecord sigrec, List<String> reasons)
{
if (rrset == null || sigrec == null) return DNSSEC.Failed;
if (!rrset.getName().equals(sigrec.getName()))
@@ -255,7 +255,7 @@ public class DnsSecVerifier implements Verifier
* could not be completed (usually because the public key was not
* available).
*/
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache, List reasons)
public byte verifySignature(RRset rrset, RRSIGRecord sigrec, Cache cache, List<String> reasons)
{
byte result = validateSignature(rrset, sigrec, reasons);
if (result != DNSSEC.Secure) return result;
@@ -314,6 +314,7 @@ public class DnsSecVerifier implements Verifier
* @return DNSSEC.Secure if the set verified, DNSSEC.Failed if it did not, and
* DNSSEC.Insecure if verification could not complete.
*/
@SuppressWarnings("unchecked")
public int verify(RRset rrset, Cache cache)
{
int result = mVerifyAllSigs ? DNSSEC.Secure : DNSSEC.Insecure;

97
src/com/verisignlabs/dnssec/security/JCEDnsSecSigner.java
View File

@@ -57,8 +57,8 @@ public class JCEDnsSecSigner
{
private DnsKeyConverter mKeyConverter;
private boolean mVerboseSigning = false;
private Logger log;
private Logger log;
public JCEDnsSecSigner()
{
@@ -130,8 +130,9 @@ public class JCEDnsSecSigner
* the expiration time for the resulting RRSIG records.
* @return a list of RRSIGRecord objects.
*/
public List signRRset(RRset rrset, List keypairs, Date start, Date expire)
throws IOException, GeneralSecurityException
public List<RRSIGRecord> signRRset(RRset rrset, List<DnsKeyPair> keypairs, Date start,
Date expire) throws IOException,
GeneralSecurityException
{
if (rrset == null || keypairs == null) return null;
@@ -149,12 +150,11 @@ public class JCEDnsSecSigner
// first, pre-calculate the RRset bytes.
byte[] rrset_data = SignUtils.generateCanonicalRRsetData(rrset, 0, 0);
ArrayList sigs = new ArrayList(keypairs.size());
ArrayList<RRSIGRecord> sigs = new ArrayList<RRSIGRecord>(keypairs.size());
// for each keypair, sign the RRset.
for (Iterator i = keypairs.iterator(); i.hasNext();)
for (DnsKeyPair pair : keypairs)
{
DnsKeyPair pair = (DnsKeyPair) i.next();
DNSKEYRecord keyrec = pair.getDNSKEYRecord();
if (keyrec == null) continue;
@@ -164,8 +164,9 @@ public class JCEDnsSecSigner
if (mVerboseSigning)
{
log.info("Canonical pre-signature data to sign with key " + keyrec.getName().toString() + "/"
+ keyrec.getAlgorithm() + "/" + keyrec.getFootprint() + ":");
log.info("Canonical pre-signature data to sign with key "
+ keyrec.getName().toString() + "/" + keyrec.getAlgorithm() + "/"
+ keyrec.getFootprint() + ":");
log.info(hexdump.dump(null, sign_data));
}
@@ -174,8 +175,7 @@ public class JCEDnsSecSigner
if (signer == null)
{
// debug
log.fine("missing private key that goes with:\n"
+ pair.getDNSKEYRecord());
log.fine("missing private key that goes with:\n" + pair.getDNSKEYRecord());
throw new GeneralSecurityException("cannot sign without a valid Signer "
+ "(probably missing private key)");
}
@@ -219,24 +219,23 @@ public class JCEDnsSecSigner
* the RRSIG expiration time.
* @return a signed RRset.
*/
public RRset makeKeySet(List keypairs, Date start, Date expire) throws IOException,
GeneralSecurityException
public RRset makeKeySet(List<DnsKeyPair> keypairs, Date start, Date expire)
throws IOException, GeneralSecurityException
{
// Generate a KEY RR set to sign.
RRset keyset = new RRset();
for (Iterator i = keypairs.iterator(); i.hasNext();)
for (DnsKeyPair pair : keypairs)
{
DnsKeyPair pair = (DnsKeyPair) i.next();
keyset.addRR(pair.getDNSKEYRecord());
}
List records = signRRset(keyset, keypairs, start, expire);
List<RRSIGRecord> records = signRRset(keyset, keypairs, start, expire);
for (Iterator i = records.iterator(); i.hasNext();)
for (RRSIGRecord r : records)
{
keyset.addRR((Record) i.next());
keyset.addRR(r);
}
return keyset;
@@ -266,12 +265,14 @@ public class JCEDnsSecSigner
*
* @return the name of the new last_cut.
*/
private Name addRRset(List toList, Name zonename, RRset rrset, List kskpairs,
List zskpairs, Date start, Date expire, boolean fullySignKeyset,
Name last_cut, Name last_dname) throws IOException, GeneralSecurityException
@SuppressWarnings("unchecked")
private Name addRRset(List<Record> toList, Name zonename, RRset rrset,
List<DnsKeyPair> kskpairs, List<DnsKeyPair> zskpairs, Date start,
Date expire, boolean fullySignKeyset, Name last_cut,
Name last_dname) throws IOException, GeneralSecurityException
{
// add the records themselves
for (Iterator i = rrset.rrs(); i.hasNext();)
for (Iterator<Record> i = rrset.rrs(); i.hasNext();)
{
toList.add(i.next());
}
@@ -296,7 +297,7 @@ public class JCEDnsSecSigner
// them with the zsks.
if (kskpairs != null && kskpairs.size() > 0)
{
List sigs = signRRset(rrset, kskpairs, start, expire);
List<RRSIGRecord> sigs = signRRset(rrset, kskpairs, start, expire);
toList.addAll(sigs);
// If we aren't going to sign with all the keys, bail out now.
@@ -305,7 +306,7 @@ public class JCEDnsSecSigner
}
// otherwise, we are OK to sign this set.
List sigs = signRRset(rrset, zskpairs, start, expire);
List<RRSIGRecord> sigs = signRRset(rrset, zskpairs, start, expire);
toList.addAll(sigs);
return last_cut;
@@ -365,11 +366,13 @@ public class JCEDnsSecSigner
* @throws IOException
* @throws GeneralSecurityException
*/
private List signZone(Name zonename, List records, List kskpairs, List zskpairs,
Date start, Date expire, boolean fullySignKeyset,
int ds_digest_alg, int mode, List includedNames, byte[] salt,
int iterations, long nsec3paramttl, boolean beConservative)
throws IOException, GeneralSecurityException
private List<Record> signZone(Name zonename, List<Record> records,
List<DnsKeyPair> kskpairs, List<DnsKeyPair> zskpairs,
Date start, Date expire, boolean fullySignKeyset,
int ds_digest_alg, int mode, List<Name> includedNames,
byte[] salt, int iterations, long nsec3paramttl,
boolean beConservative) throws IOException,
GeneralSecurityException
{
// Remove any existing generated DNSSEC records (NSEC, NSEC3, NSEC3PARAM,
// RRSIG)
@@ -410,13 +413,13 @@ public class JCEDnsSecSigner
// Assemble into RRsets and sign.
RRset rrset = new RRset();
ArrayList signed_records = new ArrayList();
ArrayList<Record> signed_records = new ArrayList<Record>();
Name last_cut = null;
Name last_dname = null;
for (ListIterator i = records.listIterator(); i.hasNext();)
for (ListIterator<Record> i = records.listIterator(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
// First record
if (rrset.size() == 0)
@@ -478,9 +481,11 @@ public class JCEDnsSecSigner
* @return an ordered list of {@link org.xbill.DNS.Record} objects,
* representing the signed zone.
*/
public List signZone(Name zonename, List records, List kskpairs, List zskpairs,
Date start, Date expire, boolean fullySignKeyset, int ds_digest_alg)
throws IOException, GeneralSecurityException
public List<Record> signZone(Name zonename, List<Record> records,
List<DnsKeyPair> kskpairs, List<DnsKeyPair> zskpairs,
Date start, Date expire, boolean fullySignKeyset,
int ds_digest_alg) throws IOException,
GeneralSecurityException
{
return signZone(zonename, records, kskpairs, zskpairs, start, expire,
fullySignKeyset, ds_digest_alg, NSEC_MODE, null, null, 0, 0, false);
@@ -527,11 +532,13 @@ public class JCEDnsSecSigner
* @throws IOException
* @throws GeneralSecurityException
*/
public List signZoneNSEC3(Name zonename, List records, List kskpairs, List zskpairs,
Date start, Date expire, boolean fullySignKeyset,
boolean useOptOut, List includedNames, byte[] salt,
int iterations, int ds_digest_alg, long nsec3paramttl)
throws IOException, GeneralSecurityException
public List<Record> signZoneNSEC3(Name zonename, List<Record> records,
List<DnsKeyPair> kskpairs, List<DnsKeyPair> zskpairs,
Date start, Date expire, boolean fullySignKeyset,
boolean useOptOut, List<Name> includedNames,
byte[] salt, int iterations, int ds_digest_alg,
long nsec3paramttl) throws IOException,
GeneralSecurityException
{
if (useOptOut)
{
@@ -577,10 +584,12 @@ public class JCEDnsSecSigner
* @return an ordered list of {@link org.xbill.DNS.Record} objects,
* representing the signed zone.
*/
public List signZoneOptIn(Name zonename, List records, List kskpairs, List zskpairs,
Date start, Date expire, boolean useConservativeOptIn,
boolean fullySignKeyset, List NSECIncludeNames,
int ds_digest_alg) throws IOException,
public List<Record> signZoneOptIn(Name zonename, List<Record> records,
List<DnsKeyPair> kskpairs, List<DnsKeyPair> zskpairs,
Date start, Date expire,
boolean useConservativeOptIn,
boolean fullySignKeyset, List<Name> NSECIncludeNames,
int ds_digest_alg) throws IOException,
GeneralSecurityException
{

7
src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
View File

@@ -254,12 +254,11 @@ public class ProtoNSEC3
return sb.toString();
}
public static class Comparator implements java.util.Comparator
public static class Comparator implements java.util.Comparator<ProtoNSEC3>
{
public int compare(Object o1, Object o2)
public int compare(ProtoNSEC3 a, ProtoNSEC3 b)
{
return ((ProtoNSEC3) o1).compareTo((ProtoNSEC3) o2);
return a.compareTo(b);
}
}

7
src/com/verisignlabs/dnssec/security/RecordComparator.java
View File

@@ -35,7 +35,7 @@ import org.xbill.DNS.Type;
* @version $Revision$
*/
public class RecordComparator implements Comparator
public class RecordComparator implements Comparator<Record>
{
public RecordComparator()
{
@@ -75,11 +75,8 @@ public class RecordComparator implements Comparator
return (a_rdata.length - b_rdata.length);
}
public int compare(Object o1, Object o2) throws ClassCastException
public int compare(Record a, Record b)
{
Record a = (Record) o1;
Record b = (Record) o2;
if (a == null && b == null) return 0;
if (a == null) return 1;
if (b == null) return -1;

352
src/com/verisignlabs/dnssec/security/SignUtils.java
View File

@@ -81,13 +81,11 @@ public class SignUtils
*
* @return a prototype signature based on the RRset and key information.
*/
public static RRSIGRecord generatePreRRSIG(RRset rrset, DNSKEYRecord key,
Date start, Date expire,
long sig_ttl)
public static RRSIGRecord generatePreRRSIG(RRset rrset, DNSKEYRecord key, Date start,
Date expire, long sig_ttl)
{
return new RRSIGRecord(rrset.getName(), rrset.getDClass(), sig_ttl,
rrset.getType(), key.getAlgorithm(),
(int) rrset.getTTL(), expire, start,
return new RRSIGRecord(rrset.getName(), rrset.getDClass(), sig_ttl, rrset.getType(),
key.getAlgorithm(), (int) rrset.getTTL(), expire, start,
key.getFootprint(), key.getName(), null);
}
@@ -108,14 +106,12 @@ public class SignUtils
*
* @return a prototype signature based on the Record and key information.
*/
public static RRSIGRecord generatePreRRSIG(Record rec, DNSKEYRecord key,
Date start, Date expire,
long sig_ttl)
public static RRSIGRecord generatePreRRSIG(Record rec, DNSKEYRecord key, Date start,
Date expire, long sig_ttl)
{
return new RRSIGRecord(rec.getName(), rec.getDClass(), sig_ttl,
rec.getType(), key.getAlgorithm(), rec.getTTL(),
expire, start, key.getFootprint(), key.getName(),
null);
return new RRSIGRecord(rec.getName(), rec.getDClass(), sig_ttl, rec.getType(),
key.getAlgorithm(), rec.getTTL(), expire, start,
key.getFootprint(), key.getName(), null);
}
/**
@@ -150,23 +146,22 @@ public class SignUtils
return image.toByteArray();
}
/**
* Calculate the canonical wire line format of the RRset.
*
* @param rrset
* the RRset to convert.
* the RRset to convert.
* @param ttl
* the TTL to use when canonicalizing -- this is generally the
* TTL of the signature if there is a pre-existing signature. If
* not it is just the ttl of the rrset itself.
* the TTL to use when canonicalizing -- this is generally the
* TTL of the signature if there is a pre-existing signature. If
* not it is just the ttl of the rrset itself.
* @param labels
* the labels field of the signature, or 0.
* the labels field of the signature, or 0.
* @return the canonical wire line format of the rrset. This is the second
* part of data to be signed.
*/
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl,
int labels)
@SuppressWarnings("unchecked")
public static byte[] generateCanonicalRRsetData(RRset rrset, long ttl, int labels)
{
DNSOutput image = new DNSOutput();
@@ -186,24 +181,22 @@ public class SignUtils
{
n = n.wild(n.labels() - labels);
wildcardName = true;
log.fine("Detected wildcard expansion: " + rrset.getName()
+ " changed to " + n);
log.fine("Detected wildcard expansion: " + rrset.getName() + " changed to " + n);
}
// now convert the wire format records in the RRset into a
// list of byte arrays.
ArrayList canonical_rrs = new ArrayList();
for (Iterator i = rrset.rrs(); i.hasNext();)
ArrayList<byte[]> canonical_rrs = new ArrayList<byte[]>();
for (Iterator<Record> i = rrset.rrs(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
if (r.getTTL() != ttl || wildcardName)
{
// If necessary, we need to create a new record with a new ttl
// or ownername.
// In the TTL case, this avoids changing the ttl in the
// response.
r = Record.newRecord(n, r.getType(), r.getDClass(), ttl, r
.rdataToWireCanonical());
r = Record.newRecord(n, r.getType(), r.getDClass(), ttl, r.rdataToWireCanonical());
}
byte[] wire_fmt = r.toWireCanonical();
canonical_rrs.add(wire_fmt);
@@ -218,9 +211,8 @@ public class SignUtils
Collections.sort(canonical_rrs, bac);
for (Iterator i = canonical_rrs.iterator(); i.hasNext();)
for (byte[] wire_fmt_rec : canonical_rrs)
{
byte[] wire_fmt_rec = (byte[]) i.next();
image.writeByteArray(wire_fmt_rec);
}
@@ -240,8 +232,7 @@ public class SignUtils
public static byte[] generateSigData(RRset rrset, RRSIGRecord presig)
throws IOException
{
byte[] rrset_data = generateCanonicalRRsetData(rrset,
presig.getOrigTTL(),
byte[] rrset_data = generateCanonicalRRsetData(rrset, presig.getOrigTTL(),
presig.getLabels());
return generateSigData(rrset_data, presig);
@@ -285,11 +276,11 @@ public class SignUtils
*/
public static RRSIGRecord generateRRSIG(byte[] signature, RRSIGRecord presig)
{
return new RRSIGRecord(presig.getName(), presig.getDClass(),
presig.getTTL(), presig.getTypeCovered(),
presig.getAlgorithm(), presig.getOrigTTL(),
presig.getExpire(), presig.getTimeSigned(),
presig.getFootprint(), presig.getSigner(), signature);
return new RRSIGRecord(presig.getName(), presig.getDClass(), presig.getTTL(),
presig.getTypeCovered(), presig.getAlgorithm(),
presig.getOrigTTL(), presig.getExpire(),
presig.getTimeSigned(), presig.getFootprint(),
presig.getSigner(), signature);
}
/**
@@ -311,8 +302,7 @@ public class SignUtils
* if there was something wrong with the RFC 2536 formatted
* signature.
*/
public static byte[] convertDSASignature(byte[] signature)
throws SignatureException
public static byte[] convertDSASignature(byte[] signature) throws SignatureException
{
if (signature.length != 41)
throw new SignatureException("RFC 2536 signature not expected length.");
@@ -380,8 +370,7 @@ public class SignUtils
{
if (signature[0] != ASN1_SEQ || signature[2] != ASN1_INT)
{
throw new SignatureException(
"Invalid ASN.1 signature format: expected SEQ, INT");
throw new SignatureException("Invalid ASN.1 signature format: expected SEQ, INT");
}
byte r_pad = (byte) (signature[3] - 20);
@@ -478,8 +467,8 @@ public class SignUtils
* the name of the last DELEGATION record/set that was encountered
* while iterating over the zone in canonical order.
*/
public static int recordSecType(Name zonename, Name name, int type,
Name last_cut, Name last_dname)
public static int recordSecType(Name zonename, Name name, int type, Name last_cut,
Name last_dname)
{
// records not even in the zone itself are invalid.
if (!name.subdomain(zonename)) return RR_INVALID;
@@ -493,7 +482,7 @@ public class SignUtils
// a delegation point (NS, DS, NSEC), this is glue.
if (name.equals(last_cut))
{
if (type != Type.NS && type != Type.DS && type != Type.NXT && type != Type.NSEC)
if (type != Type.NS && type != Type.DS && type != Type.NXT && type != Type.NSEC)
{
return RR_GLUE;
}
@@ -503,18 +492,19 @@ public class SignUtils
{
return RR_GLUE;
}
}
// if we are below a DNAME, then the RR is invalid.
if (last_dname != null && name.subdomain(last_dname) && name.labels() > last_dname.labels())
if (last_dname != null && name.subdomain(last_dname)
&& name.labels() > last_dname.labels())
{
return RR_INVALID;
}
// since we are not at zone level, any NS records are delegations
if (type == Type.NS) return RR_DELEGATION;
// and everything else is normal
return RR_NORMAL;
}
@@ -528,24 +518,13 @@ public class SignUtils
* canonical order.
* @return a List of {@link org.xbill.DNS.RRset} objects.
*/
public static List assembleIntoRRsets(List records)
public static List<RRset> assembleIntoRRsets(List<Record> records)
{
RRset rrset = new RRset();
ArrayList rrsets = new ArrayList();
ArrayList<RRset> rrsets = new ArrayList<RRset>();
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
Object o = i.next();
if (!(o instanceof Record))
{
log.warning("assembleIntoRRsets: a non-record object was "
+ "encountered and skipped: " + o + " (" + o.getClass() + ")");
continue;
}
Record r = (Record) o;
// First record
if (rrset.size() == 0)
{
@@ -581,14 +560,14 @@ public class SignUtils
*/
private static class NodeInfo
{
public Name name;
public int type;
public long ttl;
public int dclass;
public Set typemap;
public boolean isSecureNode; // opt-in support.
public boolean hasOptInSpan; // opt-in support.
public int nsecIndex;
public Name name;
public int type;
public long ttl;
public int dclass;
public Set<Integer> typemap;
public boolean isSecureNode; // opt-in support.
public boolean hasOptInSpan; // opt-in support.
public int nsecIndex;
public NodeInfo(Record r, int nodeType)
{
@@ -596,7 +575,7 @@ public class SignUtils
this.type = nodeType;
this.ttl = r.getTTL();
this.dclass = r.getDClass();
this.typemap = new HashSet();
this.typemap = new HashSet<Integer>();
this.isSecureNode = false;
this.hasOptInSpan = false;
addType(r.getType());
@@ -613,9 +592,10 @@ public class SignUtils
isSecureNode = true;
}
}
public boolean hasType(int type) {
return this.typemap.contains(new Integer(type));
public boolean hasType(int type)
{
return this.typemap.contains(type);
}
public String toString()
@@ -653,7 +633,7 @@ public class SignUtils
* a list of {@link org.xbill.DNS.Record} objects in DNSSEC canonical
* order.
*/
public static void generateNSECRecords(Name zonename, List records)
public static void generateNSECRecords(Name zonename, List<Record> records)
{
// This works by iterating over a known sorted list of records.
@@ -667,24 +647,24 @@ public class SignUtils
// First find the SOA record -- it should be near the beginning -- and get
// the soa minimum
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
Object o = i.next();
if (o instanceof SOARecord)
if (r.getType() == Type.SOA)
{
SOARecord soa = (SOARecord) o;
SOARecord soa = (SOARecord) r;
nsec_ttl = soa.getMinimum();
break;
}
}
if (nsec_ttl == 0)
{
throw new IllegalArgumentException("Zone did not contain a SOA record");
}
for (ListIterator i = records.listIterator(); i.hasNext();)
for (ListIterator<Record> i = records.listIterator(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
Name r_name = r.getName();
int r_type = r.getType();
int r_sectype = recordSecType(zonename, r_name, r_type, last_cut, last_dname);
@@ -697,7 +677,7 @@ public class SignUtils
// if this is a DNAME, note it so we can recognize junk
if (r_type == Type.DNAME) last_dname = r_name;
// first node -- initialize
if (current_node == null)
{
@@ -716,9 +696,8 @@ public class SignUtils
if (last_node != null)
{
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
nsec_ttl, current_node.name,
last_node.getTypes());
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, nsec_ttl,
current_node.name, last_node.getTypes());
// Note: we have to add this through the iterator, otherwise
// the next access via the iterator will generate a
// ConcurrencyModificationException.
@@ -743,17 +722,15 @@ public class SignUtils
// Generate next to last NSEC
if (last_node != null)
{
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
nsec_ttl, current_node.name,
last_node.getTypes());
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, nsec_ttl,
current_node.name, last_node.getTypes());
records.add(last_node.nsecIndex - 1, nsec);
log.finer("Generated: " + nsec);
}
// Generate last NSEC
NSECRecord nsec = new NSECRecord(current_node.name, current_node.dclass,
nsec_ttl, zonename,
current_node.getTypes());
NSECRecord nsec = new NSECRecord(current_node.name, current_node.dclass, nsec_ttl,
zonename, current_node.getTypes());
records.add(nsec);
log.finer("Generated: " + nsec);
@@ -781,12 +758,11 @@ public class SignUtils
* will use the SOA minimum)
* @throws NoSuchAlgorithmException
*/
public static void generateNSEC3Records(Name zonename, List records,
byte[] salt, int iterations,
long nsec3param_ttl)
public static void generateNSEC3Records(Name zonename, List<Record> records,
byte[] salt, int iterations, long nsec3param_ttl)
throws NoSuchAlgorithmException
{
List proto_nsec3s = new ArrayList();
List<ProtoNSEC3> proto_nsec3s = new ArrayList<ProtoNSEC3>();
NodeInfo current_node = null;
NodeInfo last_node = null;
// For detecting glue.
@@ -796,9 +772,8 @@ public class SignUtils
long nsec3_ttl = 0;
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
Record r = (Record) i.next();
Name r_name = r.getName();
int r_type = r.getType();
@@ -813,7 +788,7 @@ public class SignUtils
// note our last DNAME point, so we can recognize junk.
if (r_type == Type.DNAME) last_dname = r_name;
if (r_type == Type.SOA)
{
SOARecord soa = (SOARecord) r;
@@ -841,30 +816,24 @@ public class SignUtils
// At this point, r represents the start of a new node.
// So we move current_node to last_node and generate a new current node.
// But first, we need to do something with the last node.
generateNSEC3ForNode(last_node, zonename, salt, iterations, false,
proto_nsec3s);
generateNSEC3ForNode(last_node, zonename, salt, iterations, false, proto_nsec3s);
last_node = current_node;
current_node = new NodeInfo(r, r_sectype);
}
// process last two nodes.
generateNSEC3ForNode(last_node, zonename, salt, iterations, false,
proto_nsec3s);
generateNSEC3ForNode(current_node, zonename, salt, iterations, false,
proto_nsec3s);
generateNSEC3ForNode(last_node, zonename, salt, iterations, false, proto_nsec3s);
generateNSEC3ForNode(current_node, zonename, salt, iterations, false, proto_nsec3s);
List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl);
List<NSEC3Record> nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl);
records.addAll(nsec3s);
NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(
zonename,
DClass.IN,
NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN,
nsec3param_ttl,
NSEC3Record.SHA1_DIGEST_ID,
(byte) 0, iterations,
salt);
(byte) 0, iterations, salt);
records.add(nsec3param);
}
@@ -897,13 +866,12 @@ public class SignUtils
* will use the SOA minimum)
* @throws NoSuchAlgorithmException
*/
public static void generateOptOutNSEC3Records(Name zonename, List records,
List includedNames,
byte[] salt, int iterations,
long nsec3param_ttl)
public static void generateOptOutNSEC3Records(Name zonename, List<Record> records,
List<Name> includedNames, byte[] salt,
int iterations, long nsec3param_ttl)
throws NoSuchAlgorithmException
{
List proto_nsec3s = new ArrayList();
List<ProtoNSEC3> proto_nsec3s = new ArrayList<ProtoNSEC3>();
NodeInfo current_node = null;
NodeInfo last_node = null;
// For detecting glue.
@@ -913,15 +881,14 @@ public class SignUtils
long nsec3_ttl = 0;
HashSet includeSet = null;
HashSet<Name> includeSet = null;
if (includedNames != null)
{
includeSet = new HashSet(includedNames);
includeSet = new HashSet<Name>(includedNames);
}
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
Record r = (Record) i.next();
Name r_name = r.getName();
int r_type = r.getType();
@@ -935,7 +902,7 @@ public class SignUtils
if (r_sectype == RR_DELEGATION) last_cut = r_name;
if (r_type == Type.DNAME) last_dname = r_name;
if (r_type == Type.SOA)
{
SOARecord soa = (SOARecord) r;
@@ -968,8 +935,7 @@ public class SignUtils
// At this point, r represents the start of a new node.
// So we move current_node to last_node and generate a new current node.
// But first, we need to do something with the last node.
generateNSEC3ForNode(last_node, zonename, salt, iterations, true,
proto_nsec3s);
generateNSEC3ForNode(last_node, zonename, salt, iterations, true, proto_nsec3s);
if (current_node.isSecureNode)
{
@@ -984,21 +950,16 @@ public class SignUtils
}
// process last two nodes.
generateNSEC3ForNode(last_node, zonename, salt, iterations, true,
proto_nsec3s);
generateNSEC3ForNode(current_node, zonename, salt, iterations, true,
proto_nsec3s);
generateNSEC3ForNode(last_node, zonename, salt, iterations, true, proto_nsec3s);
generateNSEC3ForNode(current_node, zonename, salt, iterations, true, proto_nsec3s);
List nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl);
List<NSEC3Record> nsec3s = finishNSEC3s(proto_nsec3s, nsec3_ttl);
records.addAll(nsec3s);
NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(
zonename,
DClass.IN,
NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN,
nsec3param_ttl,
NSEC3Record.SHA1_DIGEST_ID,
(byte) 0, iterations,
salt);
(byte) 0, iterations, salt);
records.add(nsec3param);
}
@@ -1021,16 +982,16 @@ public class SignUtils
* The current list of NSEC3s -- this will be updated.
* @throws NoSuchAlgorithmException
*/
private static void generateNSEC3ForNode(NodeInfo node, Name zonename,
byte[] salt, int iterations,
boolean optIn, List nsec3s)
private static void generateNSEC3ForNode(NodeInfo node, Name zonename, byte[] salt,
int iterations, boolean optIn, List<ProtoNSEC3> nsec3s)
throws NoSuchAlgorithmException
{
if (node == null) return;
if (optIn && !node.isSecureNode) return;
// Add our default types.
if (node.type == RR_NORMAL || (node.type == RR_DELEGATION && node.hasType(Type.DS))) {
if (node.type == RR_NORMAL || (node.type == RR_DELEGATION && node.hasType(Type.DS)))
{
node.addType(Type.RRSIG);
}
if (node.name.equals(zonename)) node.addType(Type.NSEC3PARAM);
@@ -1042,13 +1003,13 @@ public class SignUtils
{
Name n = new Name(node.name, i);
log.fine("Generating ENT NSEC3 for " + n);
ProtoNSEC3 nsec3 = generateNSEC3(n, zonename, node.ttl, salt, iterations,
optIn, null);
ProtoNSEC3 nsec3 = generateNSEC3(n, zonename, node.ttl, salt, iterations, optIn,
null);
nsec3s.add(nsec3);
}
ProtoNSEC3 nsec3 = generateNSEC3(node.name, zonename, node.ttl, salt,
iterations, optIn, node.getTypes());
ProtoNSEC3 nsec3 = generateNSEC3(node.name, zonename, node.ttl, salt, iterations,
optIn, node.getTypes());
nsec3s.add(nsec3);
}
@@ -1074,17 +1035,15 @@ public class SignUtils
* @throws NoSuchAlgorithmException
*/
private static ProtoNSEC3 generateNSEC3(Name name, Name zonename, long ttl,
byte[] salt, int iterations,
boolean optIn, int[] types)
throws NoSuchAlgorithmException
byte[] salt, int iterations, boolean optIn,
int[] types) throws NoSuchAlgorithmException
{
byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID,
iterations, salt);
byte[] hash = nsec3hash(name, NSEC3Record.SHA1_DIGEST_ID, iterations, salt);
byte flags = (byte) (optIn ? 0x01 : 0x00);
ProtoNSEC3 r = new ProtoNSEC3(hash, name, zonename, DClass.IN, ttl,
NSEC3Record.SHA1_DIGEST_ID, flags,
iterations, salt, null, types);
NSEC3Record.SHA1_DIGEST_ID, flags, iterations, salt,
null, types);
log.finer("Generated: " + r);
return r;
@@ -1102,7 +1061,7 @@ public class SignUtils
* should match the SOA minimum value for the zone.
* @return The list of {@link org.xbill.DNS.NSEC3Record} objects.
*/
private static List finishNSEC3s(List nsec3s, long ttl)
private static List<NSEC3Record> finishNSEC3s(List<ProtoNSEC3> nsec3s, long ttl)
{
if (nsec3s == null) return null;
Collections.sort(nsec3s, new ProtoNSEC3.Comparator());
@@ -1111,9 +1070,9 @@ public class SignUtils
ProtoNSEC3 cur_nsec3 = null;
byte[] first_nsec3_hash = null;
for (ListIterator i = nsec3s.listIterator(); i.hasNext();)
for (ListIterator<ProtoNSEC3> i = nsec3s.listIterator(); i.hasNext();)
{
cur_nsec3 = (ProtoNSEC3) i.next();
cur_nsec3 = i.next();
// check to see if cur is a duplicate (by name)
if (prev_nsec3 != null
@@ -1154,10 +1113,9 @@ public class SignUtils
}
// Convert our ProtoNSEC3s to actual (immutable) NSEC3Record objects.
List res = new ArrayList(nsec3s.size());
for (Iterator i = nsec3s.iterator(); i.hasNext();)
List<NSEC3Record> res = new ArrayList<NSEC3Record>(nsec3s.size());
for (ProtoNSEC3 p : nsec3s)
{
ProtoNSEC3 p = (ProtoNSEC3) i.next();
p.setTTL(ttl);
res.add(p.getNSEC3Record());
}
@@ -1184,8 +1142,8 @@ public class SignUtils
* if true, then Opt-In NXTs will only be generated where there is
* actually a span of insecure delegations.
*/
public static void generateOptInNSECRecords(Name zonename, List records,
List includeNames,
public static void generateOptInNSECRecords(Name zonename, List<Record> records,
List<Name> includeNames,
boolean beConservative)
{
// This works by iterating over a known sorted list of records.
@@ -1195,18 +1153,18 @@ public class SignUtils
Name last_cut = null;
Name last_dname = null;
int backup;
HashSet includeSet = null;
HashSet<Name> includeSet = null;
if (includeNames != null)
{
includeSet = new HashSet(includeNames);
includeSet = new HashSet<Name>(includeNames);
}
for (ListIterator i = records.listIterator(); i.hasNext();)
for (ListIterator<Record> i = records.listIterator(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
Name r_name = r.getName();
int r_type = r.getType();
int r_sectype = recordSecType(zonename, r_name, r_type, last_cut, last_dname);
@@ -1218,7 +1176,7 @@ public class SignUtils
if (r_sectype == RR_DELEGATION) last_cut = r_name;
if (r_type == Type.DNAME) last_dname = r_name;
// first node -- initialize
if (current_node == null)
{
@@ -1248,9 +1206,8 @@ public class SignUtils
{
last_node.addType(Type.NSEC);
}
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
last_node.ttl, current_node.name,
last_node.getTypes());
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl,
current_node.name, last_node.getTypes());
// Note: we have to add this through the iterator, otherwise
// the next access via the iterator will generate a
// ConcurrencyModificationException.
@@ -1289,9 +1246,8 @@ public class SignUtils
{
last_node.addType(Type.NSEC);
}
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass,
last_node.ttl, current_node.name,
last_node.getTypes());
NSECRecord nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl,
current_node.name, last_node.getTypes());
records.add(last_node.nsecIndex - 1, nsec);
log.finer("Generated: " + nsec);
}
@@ -1304,16 +1260,16 @@ public class SignUtils
{
current_node.addType(Type.NSEC);
}
nsec = new NSECRecord(current_node.name, current_node.dclass,
current_node.ttl, zonename, current_node.getTypes());
nsec = new NSECRecord(current_node.name, current_node.dclass, current_node.ttl,
zonename, current_node.getTypes());
// we can just tack this on the end as we are working on the
// last node.
records.add(nsec);
}
else
{
nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl,
zonename, last_node.getTypes());
nsec = new NSECRecord(last_node.name, last_node.dclass, last_node.ttl, zonename,
last_node.getTypes());
// We need to tack this on after the last secure node, not the
// end of the whole list.
records.add(last_node.nsecIndex, nsec);
@@ -1334,13 +1290,12 @@ public class SignUtils
* @param digest_alg
* The digest algorithm to use.
*/
public static void generateDSRecords(Name zonename, List records,
int digest_alg)
public static void generateDSRecords(Name zonename, List<Record> records, int digest_alg)
{
for (ListIterator i = records.listIterator(); i.hasNext();)
for (ListIterator<Record> i = records.listIterator(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
if (r == null) continue; // this should never be true.
Name r_name = r.getName();
@@ -1349,8 +1304,7 @@ public class SignUtils
// Convert non-zone level KEY records into DS records.
if (r.getType() == Type.DNSKEY && !r_name.equals(zonename))
{
DSRecord ds = calculateDSRecord((DNSKEYRecord) r, digest_alg,
r.getTTL());
DSRecord ds = calculateDSRecord((DNSKEYRecord) r, digest_alg, r.getTTL());
i.set(ds);
}
@@ -1365,9 +1319,9 @@ public class SignUtils
* @param records
* a list of {@link org.xbill.DNS.Record} objects.
*/
public static void removeGeneratedRecords(Name zonename, List records)
public static void removeGeneratedRecords(Name zonename, List<Record> records)
{
for (Iterator i = records.iterator(); i.hasNext();)
for (Iterator<Record> i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
@@ -1387,12 +1341,12 @@ public class SignUtils
* @param records
* a list of {@link org.xbill.DNS.Record} object, in sorted order.
*/
public static void removeDuplicateRecords(List records)
public static void removeDuplicateRecords(List<Record> records)
{
Record lastrec = null;
for (Iterator i = records.iterator(); i.hasNext();)
for (Iterator<Record> i = records.iterator(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
if (lastrec == null)
{
lastrec = r;
@@ -1419,8 +1373,7 @@ public class SignUtils
* the original KEY RR's TTL will be used.
* @return the corresponding {@link org.xbill.DNS.DSRecord}
*/
public static DSRecord calculateDSRecord(DNSKEYRecord keyrec, int digest_alg,
long ttl)
public static DSRecord calculateDSRecord(DNSKEYRecord keyrec, int digest_alg, long ttl)
{
if (keyrec == null) return null;
@@ -1451,8 +1404,8 @@ public class SignUtils
}
return new DSRecord(keyrec.getName(), keyrec.getDClass(), ttl,
keyrec.getFootprint(), keyrec.getAlgorithm(),
digest_alg, digest);
keyrec.getFootprint(), keyrec.getAlgorithm(), digest_alg,
digest);
}
catch (NoSuchAlgorithmException e)
@@ -1464,16 +1417,21 @@ public class SignUtils
/**
* Calculate an NSEC3 hash based on a DNS name and NSEC3 hash parameters.
*
* @param n The name to hash.
* @param hash_algorithm The hash algorithm to use.
* @param iterations The number of iterations to do.
* @param salt The salt to use.
*
* @param n
* The name to hash.
* @param hash_algorithm
* The hash algorithm to use.
* @param iterations
* The number of iterations to do.
* @param salt
* The salt to use.
* @return The calculated hash as a byte array.
* @throws NoSuchAlgorithmException If the hash algorithm is unrecognized.
* @throws NoSuchAlgorithmException
* If the hash algorithm is unrecognized.
*/
public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations,
byte[] salt) throws NoSuchAlgorithmException
public static byte[] nsec3hash(Name n, byte hash_algorithm, int iterations, byte[] salt)
throws NoSuchAlgorithmException
{
MessageDigest md;
@@ -1482,9 +1440,9 @@ public class SignUtils
case NSEC3Record.SHA1_DIGEST_ID:
md = MessageDigest.getInstance("SHA1");
break;
default :
throw new NoSuchAlgorithmException(
"Unknown NSEC3 algorithm identifier: " + hash_algorithm);
default:
throw new NoSuchAlgorithmException("Unknown NSEC3 algorithm identifier: "
+ hash_algorithm);
}
// Construct our wire form.

13
src/com/verisignlabs/dnssec/security/TypeMap.java
View File

@@ -22,29 +22,29 @@ public class TypeMap
{
private static final Integer[] integerArray = new Integer[0];
private Set typeSet;
private Set<Integer> typeSet;
public TypeMap()
{
this.typeSet = new HashSet();
this.typeSet = new HashSet<Integer>();
}
/** Add the given type to the typemap. */
public void set(int type)
{
typeSet.add(new Integer(type));
typeSet.add(type);
}
/** Remove the given type from the type map. */
public void clear(int type)
{
typeSet.remove(new Integer(type));
typeSet.remove(type);
}
/** @return true if the given type is present in the type map. */
public boolean get(int type)
{
return typeSet.contains(new Integer(type));
return typeSet.contains(type);
}
public static TypeMap fromTypes(int[] types)
@@ -109,8 +109,7 @@ public class TypeMap
return sb.toString();
}
protected static void mapToWire(DNSOutput out, int[] types, int base,
int start, int end)
protected static void mapToWire(DNSOutput out, int[] types, int base, int start, int end)
{
// calculate the length of this map by looking at the largest
// typecode in this section.

74
src/com/verisignlabs/dnssec/security/ZoneUtils.java
View File

@@ -56,9 +56,9 @@ public class ZoneUtils
* @throws IOException
* if something goes wrong reading the zone file.
*/
public static List readZoneFile(String zonefile, Name origin) throws IOException
public static List<Record> readZoneFile(String zonefile, Name origin) throws IOException
{
ArrayList records = new ArrayList();
ArrayList<Record> records = new ArrayList<Record>();
Master m;
if (zonefile.equals("-"))
{
@@ -88,7 +88,7 @@ public class ZoneUtils
* @param zonefile
* the file to write to. If null or equal to "-", System.out is used.
*/
public static void writeZoneFile(List records, String zonefile) throws IOException
public static void writeZoneFile(List<Record> records, String zonefile) throws IOException
{
PrintWriter out = null;
@@ -101,9 +101,9 @@ public class ZoneUtils
out = new PrintWriter(new BufferedWriter(new FileWriter(zonefile)));
}
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
out.println(i.next());
out.println(r);
}
out.close();
@@ -113,63 +113,29 @@ public class ZoneUtils
* Given just the list of records, determine the zone name (origin).
*
* @param records
* a list of {@link org.xbill.DNS.Record} or
* {@link org.xbill.DNS.RRset} objects.
* a list of {@link org.xbill.DNS.Record} objects.
* @return the zone name, if found. null if one couldn't be found.
*/
public static Name findZoneName(List records)
public static Name findZoneName(List<Record> records)
{
for (Iterator i = records.iterator(); i.hasNext();)
for (Record r : records)
{
int type = 0;
Name n = null;
int type = r.getType();
Object o = i.next();
if (o instanceof Record)
{
Record r = (Record) o;
type = r.getType();
n = r.getName();
}
else if (o instanceof RRset)
{
RRset r = (RRset) o;
type = r.getType();
n = r.getName();
}
if (type == Type.SOA) return n;
if (type == Type.SOA) return r.getName();
}
return null;
}
public static List findRRs(List records, Name name, int type)
public static List<Record> findRRs(List<Record> records, Name name, int type)
{
List res = new ArrayList();
for (Iterator i = records.iterator(); i.hasNext();)
List<Record> res = new ArrayList<Record>();
for (Record r : records)
{
Object o = i.next();
if (o instanceof Record)
if (r.getName().equals(name) && r.getType() == type)
{
Record r = (Record) o;
if (r.getName().equals(name) && r.getType() == type)
{
res.add(r);
}
}
else if (o instanceof RRset)
{
RRset r = (RRset) o;
if (r.getName().equals(name) && r.getType() == type)
{
for (Iterator j = r.rrs(); j.hasNext();)
{
res.add(j.next());
}
}
res.add(r);
}
}
@@ -177,21 +143,23 @@ public class ZoneUtils
}
/** This is an alternate way to format an RRset into a string */
@SuppressWarnings("unchecked")
public static String rrsetToString(RRset rrset, boolean includeSigs)
{
StringBuilder out = new StringBuilder();
for (Iterator i = rrset.rrs(false); i.hasNext();)
for (Iterator<Record> i = rrset.rrs(false); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
out.append(r.toString());
out.append("\n");
}
if (includeSigs)
{
for (Iterator i = rrset.sigs(); i.hasNext();)
for (Iterator<Record> i = rrset.sigs(); i.hasNext();)
{
Record r = (Record) i.next();
Record r = i.next();
out.append(r.toString());
out.append("\n");
}

15
src/com/verisignlabs/dnssec/security/ZoneVerifier.java
View File

@@ -337,25 +337,26 @@ public class ZoneVerifier
return errors;
}
private static String reasonListToString(List reasons)
private static String reasonListToString(List<String> reasons)
{
if (reasons == null) return "";
StringBuffer out = new StringBuffer();
for (Iterator i = reasons.iterator(); i.hasNext();)
for (Iterator<String> i = reasons.iterator(); i.hasNext();)
{
out.append("Reason: ");
out.append((String) i.next());
out.append(i.next());
if (i.hasNext()) out.append("\n");
}
return out.toString();
}
@SuppressWarnings("unchecked")
private int processRRset(RRset rrset)
{
List reasons = new ArrayList();
List<String> reasons = new ArrayList<String>();
int result = DNSSEC.Failed;
for (Iterator i = rrset.sigs(); i.hasNext();)
for (Iterator<Record> i = rrset.sigs(); i.hasNext();)
{
RRSIGRecord sigrec = (RRSIGRecord) i.next();
byte res = mVerifier.verifySignature(rrset, sigrec, null, reasons);
@@ -415,7 +416,7 @@ public class ZoneVerifier
// should be empty.
if (typeset == null) return types.length == 0;
Set compareTypeset = new HashSet();
Set<Integer> compareTypeset = new HashSet<Integer>();
for (int i = 0; i < types.length; ++i)
{
compareTypeset.add(types[i]);
@@ -705,7 +706,7 @@ public class ZoneVerifier
return errors;
}
public int verifyZone(List records) throws NoSuchAlgorithmException, TextParseException
public int verifyZone(List<Record> records) throws NoSuchAlgorithmException, TextParseException
{
int errors = 0;