Commit Graph

57 Commits

Author SHA1 Message Date
David Blacka
c459de830f update jdnssec-keygen to use a default algorithm of 8 instead of 5.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@238 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-03 20:29:54 +00:00
David Blacka
e770f01958 Clean up logging: recognize all levels for -v, normalize the code that forces java.util.logging to set the correct log level, normalize on the use of our very simple log formatter.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@237 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-03 20:24:33 +00:00
David Blacka
03737a1efd Handle the new bind 9.7 private key files (hopefully).
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@227 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-02 19:36:40 +00:00
David Blacka
1616d07fe6 Add -N option for calculating original ownernames for NSEC3 RRs
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@226 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-02 19:36:14 +00:00
David Blacka
04d751ae56 Add -m option to jdnssec-zoneformat
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@225 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2011-02-02 18:59:06 +00:00
David Blacka
86072cbcc8 Add options for fudging or ignoring times in verifyzone.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@224 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-14 18:01:12 +00:00
David Blacka
3d6b21b0fc output changes for VerifyZone, some code cleanup and bug fixes for ZoneVerifier
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@220 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-07 05:31:58 +00:00
David Blacka
41c96feffd Refactor the zone verification tool to fully check zones for correctness. Not quite complete, as more testing needs to be done and the output needs to be standardized
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@219 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-06 05:59:42 +00:00
David Blacka
3c9e33baf7 fix a number of jdnssec-signzone signing bugs: do not incorrectly set the RRSIG bit on NSEC3 RRs corresponding to insecure delegations, ignore junk below a DNAME, ignore delegations below other delegations
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@218 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-06 00:25:04 +00:00
David Blacka
14ea619299 add verbose signing mode to signzone; some comment fixes, some unused vars and imports removed
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@217 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-12-05 23:08:13 +00:00
David Blacka
beca0e4872 Add jdnssec-signrrset tool which will sign any single rrset with any key.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@208 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2010-07-21 17:09:56 +00:00
David Blacka
34e6f91ef2 restore NSEC3 original ownername comments.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@185 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:24:04 +00:00
David Blacka
64f5de7b38 fix our base32 context
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@184 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:24:02 +00:00
David Blacka
1fe3b49c17 Switch to dnsjava-2.0.7: the NSEC3 comments won't work, and I had to rescue the nsec3 hash calculation function from the original NSEC3Record implementation.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@183 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:23:59 +00:00
David Blacka
2bd2bef727 Use the RFC 5702 algorithm identifiers
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@182 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-11-03 02:23:57 +00:00
David Blacka
ca9bee9d49 allow for multiple -k options (for signing with multiple KSKs)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@176 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-09-03 04:16:49 +00:00
David Blacka
8b1203c243 Merge changes from experimental branch 2255:2273.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@172 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-08-23 19:13:42 +00:00
David Blacka
e6cf5e27a0 Use constants now defined in dnsjava (local copy, for now). Add BIND 9.6 mnemonics to the NSEC3 key aliases.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@142 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-08 17:36:18 +00:00
David Blacka
b90877444d Make the keyinfo tool slightly more useful: handle multiple keys at a time, print out DSA key information, etc.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@141 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-08 17:35:20 +00:00
David Blacka
f09eeaffaa Make using the RSA large exponent the default (like BIND); print the name of the keyfile base at the end (unless the user dictated the filename) (also like BIND)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@140 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-08 17:34:05 +00:00
David Blacka
971d13d81f Make the comments accurate.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@139 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-08 17:32:58 +00:00
David Blacka
865fcf09bf update to dnsjava 2.0.6-vrsn-2; remove obsoleted workaround in DnsKeyConverter
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@138 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 21:01:28 +00:00
David Blacka
b35bab0bdd Add ability to define the TTL of the NSEC3PARAM record.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@133 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 20:37:29 +00:00
David Blacka
b0fac2fd43 Use the SOA minimum value for the generated NSEC records' TTL
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@131 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-07 16:16:44 +00:00
David Blacka
531dc115aa Use ObjectBuilder statically (this was generating warnings for me)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@123 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:05:32 +00:00
David Blacka
8b61f84308 Add ability for jdnssec-signzone to find the necessary keys by either looking in the zone to find DNSKEY RRs, or by looking on disk for key files matching the zonename.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@122 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:04:30 +00:00
David Blacka
49dfddb432 Add (provisional) entries for RSASHA256 and RSASHA512.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@121 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:02:29 +00:00
David Blacka
32b0f15b70 Use the JCE implementation of SHA-256 instead of the contributed one (which doesn't actually work correctly).
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@120 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-05 05:01:03 +00:00
David Blacka
ccb1ffb7e5 Formatting (from a new Eclipse, for better or worse)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@116 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 05:01:03 +00:00
David Blacka
3f1787695d Fix issue where the DS digest algorithm would be ignored when converting in-zone DNSKEY RRs to DS records; formatting
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@115 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 05:00:28 +00:00
David Blacka
09d21a1d67 use "OptOut" instead of "OptIn" to match RFC 5155 terminology; formatting.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@114 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:58:18 +00:00
David Blacka
4073e6a576 Add aliases defined in RFC 5155 (NSEC3); formatting.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@113 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:51:15 +00:00
David Blacka
e5270de8ee Move all signZone() method variants into JCEDnsSecSigner, make the SignZone class use them.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@112 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-02 04:45:49 +00:00
David Blacka
5170a087c9 close the private key file after reading it. patch by Wolfgang Nagele
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@111 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2009-02-01 18:24:30 +00:00
David Blacka
1b778f279d updates for nsec3-08 (wire format changes)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@108 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-12-15 15:00:10 +00:00
David Blacka
ddd612231a fix RRSIG order issue when dealing with mulitple RRSIGs with a given owner, class, and type
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@104 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-19 19:17:52 +00:00
David Blacka
9777a223db make sure the names are lowercased
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@99 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-19 14:47:45 +00:00
David Blacka
4fa0a90fe8 make the keyinfotool handle algorithm aliases
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@90 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-12 12:00:44 +00:00
David Blacka
66f9e9b76c add KeyInfoTool
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@88 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-10 17:05:18 +00:00
David Blacka
3bd38f9fbc add large exponent option to the key generation code
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@87 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-10 16:48:21 +00:00
David Blacka
08b2c4bc32 NSEC3PARAM support
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@85 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-09-01 02:23:40 +00:00
David Blacka
dff0e250f6 Add support for the SHA256 DS digest algorithm.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@76 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-24 22:19:31 +00:00
David Blacka
c95e1296ca add some error checking for NSEC3 parameters
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@72 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-24 19:48:48 +00:00
David Blacka
435acff6d0 add support for algorithm aliases, fix SignZone so you can specify more than one KSK
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@64 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-23 21:24:00 +00:00
David Blacka
5ba24d35b1 add prelim implementation of the dstool dstool is a simple command line tool that takes a DNSKEY record and converts it into a DS record (or DLV). Right now, it requires that the key is stored in a file ending with '.key'. Update the version number.
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@60 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-05-03 16:34:32 +00:00
David Blacka
da83c56fa8 type map changes for NSEC3 (changed in nsec3-05pre)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@59 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-03-15 16:11:33 +00:00
David Blacka
e2977c41f8 bug fixes: RecordComparator needs to also compare RDATA so the removeDuplicates step actually works reliably -- this was masked by the duplicate suppression in RRset; only allow one command line specified KSK, since commons-cli doesn't seem to handle multi-arg options correctly; do not croak on the lack of command-line keys for now;; Also: new dnsjava lib that contains NSEC3 changes for the -04pre draft
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@55 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2006-02-16 20:23:56 +00:00
David Blacka
e349476def make VerifyZone work with just the zone (which is self-signed anyway)
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@50 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-14 22:45:09 +00:00
David Blacka
13fae1fc81 add original ownername comments to the NSEC3 generation
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@49 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-09 22:21:02 +00:00
David Blacka
0b8c4c747d new zoneformatter, bug fixes
git-svn-id: https://svn.verisignlabs.com/jdnssec/tools/trunk@42 4cbd57fe-54e5-0310-bd9a-f30fe5ea5e6e
2005-11-08 19:08:13 +00:00