VERSION

@@ -1 +1 @@
-version=0.17.1
+version=0.17

build.gradle

@@ -10,7 +10,7 @@ apply plugin: 'idea'
 
 jar {
     baseName = 'jdnssec-tools'
-    version =  '0.17.1'
+    version =  '0.17'
 }
 
 repositories {

build.xml

@@ -47,8 +47,8 @@
            deprecation="true"
            includeantruntime="false"
            includes="com/verisignlabs/dnssec/"
-           source="11"
-           target="11" />
+           source="8"
+           target="8" />
   </target>
 
   <target name="sectools-jar" depends="usage,sectools">

src/main/java/com/verisignlabs/dnssec/cl/SignKeyset.java

@@ -22,6 +22,7 @@ import java.io.FileFilter;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import org.apache.commons.cli.CommandLine;
@@ -183,11 +184,11 @@ public class SignKeyset extends CLBase {
   private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
       File inDirectory) throws IOException {
     if (keyfiles == null)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     int len = keyfiles.length - startIndex;
     if (len <= 0)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     ArrayList<DnsKeyPair> keys = new ArrayList<>(len);
 

src/main/java/com/verisignlabs/dnssec/cl/SignRRset.java

@@ -21,6 +21,7 @@ import java.io.File;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.List;
 
 import org.apache.commons.cli.CommandLine;
@@ -190,11 +191,11 @@ public class SignRRset extends CLBase {
   private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
       File inDirectory) throws IOException {
     if (keyfiles == null)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     int len = keyfiles.length - startIndex;
     if (len <= 0)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     ArrayList<DnsKeyPair> keys = new ArrayList<>(len);
 

src/main/java/com/verisignlabs/dnssec/cl/SignZone.java

@@ -24,6 +24,7 @@ import java.io.FileReader;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Random;
@@ -330,11 +331,11 @@ public class SignZone extends CLBase {
   private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
       File inDirectory) throws IOException {
     if (keyfiles == null)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     int len = keyfiles.length - startIndex;
     if (len <= 0)
-      return new ArrayList<>();
+      return Collections.emptyList();
 
     ArrayList<DnsKeyPair> keys = new ArrayList<>(len);
 

src/main/java/com/verisignlabs/dnssec/cl/VerifyZone.java

@@ -17,13 +17,11 @@
 
 package com.verisignlabs.dnssec.cl;
 
-import java.time.Instant;
 import java.util.List;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.Option;
-import org.apache.commons.cli.ParseException;
 import org.xbill.DNS.Record;
 
 import com.verisignlabs.dnssec.security.ZoneUtils;
@@ -49,7 +47,6 @@ public class VerifyZone extends CLBase {
     public int expirefudge = 0;
     public boolean ignoreTime = false;
     public boolean ignoreDups = false;
-    public Instant currentTime = null;
 
     public CLIState() {
       super("jdnssec-verifyzone [..options..] zonefile");
@@ -57,13 +54,10 @@ public class VerifyZone extends CLBase {
 
     @Override
     protected void setupOptions(Options opts) {
-      opts.addOption(Option.builder("S").hasArg().argName("seconds").longOpt("sig-start-fudge")
+      opts.addOption(Option.builder("S").optionalArg(true).argName("seconds").longOpt("sig-start-fudge")
           .desc("'fudge' RRSIG inception ties by 'seconds'").build());
-      opts.addOption(Option.builder("E").hasArg().argName("seconds").longOpt("sig-expire-fudge")
+      opts.addOption(Option.builder("E").optionalArg(true).argName("seconds").longOpt("sig-expire-fudge")
           .desc("'fudge' RRSIG expiration times by 'seconds'").build());
-      opts.addOption(Option.builder("t").hasArg().argName("time").longOpt("use-time")
-          .desc("Use 'time' as the time for verification purposes.").build());
-
       opts.addOption(
           Option.builder().longOpt("ignore-time").desc("Ignore RRSIG inception and expiration time errors.").build());
       opts.addOption(Option.builder().longOpt("ignore-duplicate-rrs").desc("Ignore duplicate record errors.").build());
@@ -88,15 +82,6 @@ public class VerifyZone extends CLBase {
         expirefudge = parseInt(optstr, 0);
       }
 
-      if ((optstr = cli.getOptionValue('t')) != null) {
-        try {
-          currentTime = convertDuration(null, optstr);
-        } catch (ParseException e) {
-          System.err.println("error: could not parse timespec");
-          usage();
-        }
-      }
-
       String[] optstrs = null;
       if ((optstrs = cli.getOptionValues('A')) != null) {
         for (int i = 0; i < optstrs.length; i++) {
@@ -125,7 +110,6 @@ public class VerifyZone extends CLBase {
     zoneverifier.getVerifier().setStartFudge(state.startfudge);
     zoneverifier.getVerifier().setExpireFudge(state.expirefudge);
     zoneverifier.getVerifier().setIgnoreTime(state.ignoreTime);
-    zoneverifier.getVerifier().setCurrentTime(state.currentTime);
     zoneverifier.setIgnoreDuplicateRRs(state.ignoreDups);
 
     List<Record> records = ZoneUtils.readZoneFile(state.zonefile, null);

src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java

@@ -455,7 +455,9 @@ public class DnsKeyAlgorithm {
    *         alias.
    */
   public boolean supportedAlgorithm(int algorithm) {
-    return mAlgorithmMap.containsKey(algorithm);
+    if (mAlgorithmMap.containsKey(algorithm))
+      return true;
+    return false;
   }
 
   /**

src/main/java/com/verisignlabs/dnssec/security/DnsSecVerifier.java

@@ -92,7 +92,6 @@ public class DnsSecVerifier {
   private int mExpireFudge = 0;
   private boolean mVerifyAllSigs = false;
   private boolean mIgnoreTime = false;
-  private Instant mCurrentTime = null;
 
   private Logger log;
 
@@ -134,10 +133,6 @@ public class DnsSecVerifier {
     mIgnoreTime = v;
   }
 
-  public void setCurrentTime(Instant time) {
-    mCurrentTime = time;
-  }
-
   private DnsKeyPair findKey(Name name, int algorithm, int footprint) {
     return mKeyStore.find(name, algorithm, footprint);
   }
@@ -160,13 +155,7 @@ public class DnsSecVerifier {
     if (mIgnoreTime)
       return true;
 
-    Instant now;
-    if (mCurrentTime != null) {
-      now = mCurrentTime;
-    } else {
-      now = Instant.now();
-    }
-
+    Instant now = Instant.now();
     Instant start = sigrec.getTimeSigned();
     Instant expire = sigrec.getExpire();
 
@@ -273,7 +262,7 @@ public class DnsSecVerifier {
    * @return true if the set verified, false if it did not.
    */
   public boolean verify(RRset rrset) {
-    boolean result = mVerifyAllSigs;
+    boolean result = mVerifyAllSigs ? true : false;
 
     if (rrset.sigs().isEmpty()) {
       log.fine("RRset failed to verify due to lack of signatures");

src/main/java/com/verisignlabs/dnssec/security/ZoneVerifier.java

@@ -84,14 +84,6 @@ public class ZoneVerifier {
     private static final long serialVersionUID = 1L;
     private boolean mIsMarked = false;
 
-    @Override
-    public boolean equals(Object o) {
-      return super.equals(o);
-    }
-    @Override
-    public int hashCode() {
-      return super.hashCode();
-    }
     boolean getMark() {
       return mIsMarked;
     }
@@ -169,7 +161,7 @@ public class ZoneVerifier {
       if (mNSEC3Map == null) {
         mNSEC3Map = new TreeMap<>();
       }
-      MarkRRset rrset = mNSEC3Map.computeIfAbsent(n, k -> new MarkRRset());
+      MarkRRset rrset = mNSECMap.computeIfAbsent(n, k -> new MarkRRset());
 
       return addRRtoRRset(rrset, r);
     }
@@ -334,8 +326,6 @@ public class ZoneVerifier {
       }
 
       switch (mDNSSECType) {
-        case UNSIGNED:
-          throw new IllegalArgumentException("Cannot process Unsigned zone");
         case NSEC:
           // all nodes with NSEC records have NSEC and RRSIG types
           typeset.add(Type.NSEC);