David Blacka
3da308c4b9
Fix TypeMap.fromBytes() and add a TypeMap.fromString() method.
2012-07-16 14:16:13 -04:00
d3e8c4c913
Add duplicate RR detection to jdnssec-verifyzone, and a command line option to disable it.
2012-05-26 23:14:12 -04:00
69d965cc0f
Wrap the new exceptions to mimic prior behavior.
2012-05-26 16:40:50 -04:00
ca7f10bd07
Instead of using DNSSEC.Secure, DNSSEC.Failed, etc, just use boolean results.
...
This means we lose the idea of Insecure, but that wasn't effectively being used anyway.
Further, remove any use of the DNSJava Cache class -- that also wasn't being used.
2012-05-26 16:40:50 -04:00
25cc81d46a
Replace use of old KEYConverter with new DNSKEYRecord constructor.
2012-05-26 16:40:50 -04:00
2a90a6ccd9
byte -> int for NSEC3 digest type.
2012-05-26 16:40:49 -04:00
b18a96cbfc
Change dnsjava algorithm references from DNSSEC.<alg> to DNSSEC.Algorithm.<alg>
2012-05-26 16:40:49 -04:00
David Blacka
fb75a5419f
Use generic types when possible.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@246 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-12 21:25:42 +00:00
David Blacka
faae654a23
make reading and writing to stdin/stdout work for most of the tools
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@241 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-09 23:58:54 +00:00
David Blacka
e770f01958
Clean up logging: recognize all levels for -v, normalize the code that forces java.util.logging to set the correct log level, normalize on the use of our very simple log formatter.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@237 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-03 20:24:33 +00:00
David Blacka
03737a1efd
Handle the new bind 9.7 private key files (hopefully).
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@227 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-02 19:36:40 +00:00
David Blacka
86072cbcc8
Add options for fudging or ignoring times in verifyzone.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@224 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-14 18:01:12 +00:00
David Blacka
3d6b21b0fc
output changes for VerifyZone, some code cleanup and bug fixes for ZoneVerifier
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@220 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-07 05:31:58 +00:00
David Blacka
41c96feffd
Refactor the zone verification tool to fully check zones for correctness. Not quite complete, as more testing needs to be done and the output needs to be standardized
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@219 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-06 05:59:42 +00:00
David Blacka
3c9e33baf7
fix a number of jdnssec-signzone signing bugs: do not incorrectly set the RRSIG bit on NSEC3 RRs corresponding to insecure delegations, ignore junk below a DNAME, ignore delegations below other delegations
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@218 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-06 00:25:04 +00:00
David Blacka
14ea619299
add verbose signing mode to signzone; some comment fixes, some unused vars and imports removed
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@217 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-05 23:08:13 +00:00
David Blacka
34e6f91ef2
restore NSEC3 original ownername comments.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@185 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:24:04 +00:00
David Blacka
64f5de7b38
fix our base32 context
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@184 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:24:02 +00:00
David Blacka
1fe3b49c17
Switch to dnsjava-2.0.7: the NSEC3 comments won't work, and I had to rescue the nsec3 hash calculation function from the original NSEC3Record implementation.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@183 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:23:59 +00:00
David Blacka
2bd2bef727
Use the RFC 5702 algorithm identifiers
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@182 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:23:57 +00:00
David Blacka
8b1203c243
Merge changes from experimental branch 2255:2273.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@172 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-08-23 19:13:42 +00:00
David Blacka
e6cf5e27a0
Use constants now defined in dnsjava (local copy, for now). Add BIND 9.6 mnemonics to the NSEC3 key aliases.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@142 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-08 17:36:18 +00:00
David Blacka
865fcf09bf
update to dnsjava 2.0.6-vrsn-2; remove obsoleted workaround in DnsKeyConverter
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@138 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 21:01:28 +00:00
David Blacka
b35bab0bdd
Add ability to define the TTL of the NSEC3PARAM record.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@133 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 20:37:29 +00:00
David Blacka
b0fac2fd43
Use the SOA minimum value for the generated NSEC records' TTL
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@131 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 16:16:44 +00:00
David Blacka
8b61f84308
Add ability for jdnssec-signzone to find the necessary keys by either looking in the zone to find DNSKEY RRs, or by looking on disk for key files matching the zonename.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@122 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:04:30 +00:00
David Blacka
49dfddb432
Add (provisional) entries for RSASHA256 and RSASHA512.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@121 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:02:29 +00:00
David Blacka
32b0f15b70
Use the JCE implementation of SHA-256 instead of the contributed one (which doesn't actually work correctly).
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@120 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:01:03 +00:00
David Blacka
ccb1ffb7e5
Formatting (from a new Eclipse, for better or worse)
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 05:01:03 +00:00
David Blacka
3f1787695d
Fix issue where the DS digest algorithm would be ignored when converting in-zone DNSKEY RRs to DS records; formatting
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@115 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 05:00:28 +00:00
David Blacka
09d21a1d67
use "OptOut" instead of "OptIn" to match RFC 5155 terminology; formatting.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@114 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:58:18 +00:00
David Blacka
4073e6a576
Add aliases defined in RFC 5155 (NSEC3); formatting.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@113 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:51:15 +00:00
David Blacka
e5270de8ee
Move all signZone() method variants into JCEDnsSecSigner, make the SignZone class use them.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@112 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:45:49 +00:00
David Blacka
5170a087c9
close the private key file after reading it. patch by Wolfgang Nagele
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@111 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-01 18:24:30 +00:00
David Blacka
1b778f279d
updates for nsec3-08 (wire format changes)
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@108 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-12-15 15:00:10 +00:00
David Blacka
ddd612231a
fix RRSIG order issue when dealing with mulitple RRSIGs with a given owner, class, and type
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@104 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-19 19:17:52 +00:00
David Blacka
3bd38f9fbc
add large exponent option to the key generation code
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@87 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-10 16:48:21 +00:00
David Blacka
08b2c4bc32
NSEC3PARAM support
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@85 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-01 02:23:40 +00:00
David Blacka
dff0e250f6
Add support for the SHA256 DS digest algorithm.
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@76 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-24 22:19:31 +00:00
David Blacka
435acff6d0
add support for algorithm aliases, fix SignZone so you can specify more than one KSK
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@64 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-23 21:24:00 +00:00
David Blacka
da83c56fa8
type map changes for NSEC3 (changed in nsec3-05pre)
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@59 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-03-15 16:11:33 +00:00
David Blacka
e2977c41f8
bug fixes: RecordComparator needs to also compare RDATA so the removeDuplicates step actually works reliably -- this was masked by the duplicate suppression in RRset; only allow one command line specified KSK, since commons-cli doesn't seem to handle multi-arg options correctly; do not croak on the lack of command-line keys for now;; Also: new dnsjava lib that contains NSEC3 changes for the -04pre draft
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@55 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-02-16 20:23:56 +00:00
David Blacka
e349476def
make VerifyZone work with just the zone (which is self-signed anyway)
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@50 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-14 22:45:09 +00:00
David Blacka
13fae1fc81
add original ownername comments to the NSEC3 generation
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@49 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-09 22:21:02 +00:00
David Blacka
0b8c4c747d
new zoneformatter, bug fixes
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@42 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-08 19:08:13 +00:00
David Blacka
528bc6193a
new dnsjava w/bugfix; fix ordering problem with ProtoNSEC3s
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@41 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-07 05:20:00 +00:00
David Blacka
1f08b8abb8
up the version; fix minor issues
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@36 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-10-27 22:42:57 +00:00
David Blacka
04ab26f434
NSEC3 support, remove plain opt-in support until private algs work
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@35 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-10-27 21:50:54 +00:00
David Blacka
ab479a3e7b
move signzone function into the command line tool; clean up some; add local _jdnssec-* shell wrappers
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@17 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-08-14 17:05:50 +00:00
David Blacka
4b84bbf4db
update to dnsjava-2.0.0; refactor command line parseing a bit; switch to java.util.logging
...
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@16 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-08-14 02:08:48 +00:00