davidb/jdnssec-tools
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Compare commits

base: davidb:5fef1dcf24627529077538cffa399be745a73878
Branches Tags
davidb:master
davidb:davidb/refactor-signzone
davidb:v0.20
davidb:v0.19
davidb:v0.17.1
davidb:v0.17
davidb:v0.16.1
davidb:v0.16
davidb:v0.15
davidb:0.14
davidb:0.13
davidb:0.12
davidb:v0.11
davidb:v0.10.1
..
compare: davidb:e322186112c778fd945625fa320a2bfb1ed15e4e
Branches Tags
davidb:master
davidb:davidb/refactor-signzone
davidb:v0.20
davidb:v0.19
davidb:v0.17.1
davidb:v0.17
davidb:v0.16.1
davidb:v0.16
davidb:v0.15
davidb:0.14
davidb:0.13
davidb:0.12
davidb:v0.11
davidb:v0.10.1

No commits in common. "5fef1dcf24627529077538cffa399be745a73878" and "e322186112c778fd945625fa320a2bfb1ed15e4e" have entirely different histories.
5fef1dcf24 ... e322186112

10 changed files with 21 additions and 53 deletions
Show Stats Expand all files Collapse all files

2
VERSION
View File

@ -1 +1 @@
version=0.17.1 version=0.17

2
build.gradle
View File

@ -10,7 +10,7 @@ apply plugin: 'idea'
jar { jar {
baseName = 'jdnssec-tools' baseName = 'jdnssec-tools'
version = '0.17.1' version = '0.17'
} }
repositories { repositories {

4
build.xml
View File

@ -47,8 +47,8 @@
deprecation="true" deprecation="true"
includeantruntime="false" includeantruntime="false"
includes="com/verisignlabs/dnssec/" includes="com/verisignlabs/dnssec/"
source="11" source="8"
target="11" /> target="8" />
</target> </target>
<target name="sectools-jar" depends="usage,sectools"> <target name="sectools-jar" depends="usage,sectools">

5
src/main/java/com/verisignlabs/dnssec/cl/SignKeyset.java
View File

@ -22,6 +22,7 @@ import java.io.FileFilter;
import java.io.IOException; import java.io.IOException;
import java.time.Instant; import java.time.Instant;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.List; import java.util.List;
import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLine;
@ -183,11 +184,11 @@ public class SignKeyset extends CLBase {
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex, private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
File inDirectory) throws IOException { File inDirectory) throws IOException {
if (keyfiles == null) if (keyfiles == null)
return new ArrayList<>(); return Collections.emptyList();
int len = keyfiles.length - startIndex; int len = keyfiles.length - startIndex;
if (len <= 0) if (len <= 0)
return new ArrayList<>(); return Collections.emptyList();
ArrayList<DnsKeyPair> keys = new ArrayList<>(len); ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

5
src/main/java/com/verisignlabs/dnssec/cl/SignRRset.java
View File

@ -21,6 +21,7 @@ import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.time.Instant; import java.time.Instant;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.List; import java.util.List;
import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLine;
@ -190,11 +191,11 @@ public class SignRRset extends CLBase {
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex, private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
File inDirectory) throws IOException { File inDirectory) throws IOException {
if (keyfiles == null) if (keyfiles == null)
return new ArrayList<>(); return Collections.emptyList();
int len = keyfiles.length - startIndex; int len = keyfiles.length - startIndex;
if (len <= 0) if (len <= 0)
return new ArrayList<>(); return Collections.emptyList();
ArrayList<DnsKeyPair> keys = new ArrayList<>(len); ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

5
src/main/java/com/verisignlabs/dnssec/cl/SignZone.java
View File

@ -24,6 +24,7 @@ import java.io.FileReader;
import java.io.IOException; import java.io.IOException;
import java.time.Instant; import java.time.Instant;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator; import java.util.Iterator;
import java.util.List; import java.util.List;
import java.util.Random; import java.util.Random;
@ -330,11 +331,11 @@ public class SignZone extends CLBase {
private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex, private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
File inDirectory) throws IOException { File inDirectory) throws IOException {
if (keyfiles == null) if (keyfiles == null)
return new ArrayList<>(); return Collections.emptyList();
int len = keyfiles.length - startIndex; int len = keyfiles.length - startIndex;
if (len <= 0) if (len <= 0)
return new ArrayList<>(); return Collections.emptyList();
ArrayList<DnsKeyPair> keys = new ArrayList<>(len); ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

20
src/main/java/com/verisignlabs/dnssec/cl/VerifyZone.java
View File

@ -17,13 +17,11 @@
package com.verisignlabs.dnssec.cl; package com.verisignlabs.dnssec.cl;
import java.time.Instant;
import java.util.List; import java.util.List;
import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Options; import org.apache.commons.cli.Options;
import org.apache.commons.cli.Option; import org.apache.commons.cli.Option;
import org.apache.commons.cli.ParseException;
import org.xbill.DNS.Record; import org.xbill.DNS.Record;
import com.verisignlabs.dnssec.security.ZoneUtils; import com.verisignlabs.dnssec.security.ZoneUtils;
@ -49,7 +47,6 @@ public class VerifyZone extends CLBase {
public int expirefudge = 0; public int expirefudge = 0;
public boolean ignoreTime = false; public boolean ignoreTime = false;
public boolean ignoreDups = false; public boolean ignoreDups = false;
public Instant currentTime = null;
public CLIState() { public CLIState() {
super("jdnssec-verifyzone [..options..] zonefile"); super("jdnssec-verifyzone [..options..] zonefile");
@ -57,13 +54,10 @@ public class VerifyZone extends CLBase {
@Override @Override
protected void setupOptions(Options opts) { protected void setupOptions(Options opts) {
opts.addOption(Option.builder("S").hasArg().argName("seconds").longOpt("sig-start-fudge") opts.addOption(Option.builder("S").optionalArg(true).argName("seconds").longOpt("sig-start-fudge")
.desc("'fudge' RRSIG inception ties by 'seconds'").build()); .desc("'fudge' RRSIG inception ties by 'seconds'").build());
opts.addOption(Option.builder("E").hasArg().argName("seconds").longOpt("sig-expire-fudge") opts.addOption(Option.builder("E").optionalArg(true).argName("seconds").longOpt("sig-expire-fudge")
.desc("'fudge' RRSIG expiration times by 'seconds'").build()); .desc("'fudge' RRSIG expiration times by 'seconds'").build());
opts.addOption(Option.builder("t").hasArg().argName("time").longOpt("use-time")
.desc("Use 'time' as the time for verification purposes.").build());
opts.addOption( opts.addOption(
Option.builder().longOpt("ignore-time").desc("Ignore RRSIG inception and expiration time errors.").build()); Option.builder().longOpt("ignore-time").desc("Ignore RRSIG inception and expiration time errors.").build());
opts.addOption(Option.builder().longOpt("ignore-duplicate-rrs").desc("Ignore duplicate record errors.").build()); opts.addOption(Option.builder().longOpt("ignore-duplicate-rrs").desc("Ignore duplicate record errors.").build());
@ -88,15 +82,6 @@ public class VerifyZone extends CLBase {
expirefudge = parseInt(optstr, 0); expirefudge = parseInt(optstr, 0);
} }
if ((optstr = cli.getOptionValue('t')) != null) {
try {
currentTime = convertDuration(null, optstr);
} catch (ParseException e) {
System.err.println("error: could not parse timespec");
usage();
}
}
String[] optstrs = null; String[] optstrs = null;
if ((optstrs = cli.getOptionValues('A')) != null) { if ((optstrs = cli.getOptionValues('A')) != null) {
for (int i = 0; i < optstrs.length; i++) { for (int i = 0; i < optstrs.length; i++) {
@ -125,7 +110,6 @@ public class VerifyZone extends CLBase {
zoneverifier.getVerifier().setStartFudge(state.startfudge); zoneverifier.getVerifier().setStartFudge(state.startfudge);
zoneverifier.getVerifier().setExpireFudge(state.expirefudge); zoneverifier.getVerifier().setExpireFudge(state.expirefudge);
zoneverifier.getVerifier().setIgnoreTime(state.ignoreTime); zoneverifier.getVerifier().setIgnoreTime(state.ignoreTime);
zoneverifier.getVerifier().setCurrentTime(state.currentTime);
zoneverifier.setIgnoreDuplicateRRs(state.ignoreDups); zoneverifier.setIgnoreDuplicateRRs(state.ignoreDups);
List<Record> records = ZoneUtils.readZoneFile(state.zonefile, null); List<Record> records = ZoneUtils.readZoneFile(state.zonefile, null);

4
src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java
View File

@ -455,7 +455,9 @@ public class DnsKeyAlgorithm {
* alias. * alias.
*/ */
public boolean supportedAlgorithm(int algorithm) { public boolean supportedAlgorithm(int algorithm) {
return mAlgorithmMap.containsKey(algorithm); if (mAlgorithmMap.containsKey(algorithm))
return true;
return false;
} }
/** /**

15
src/main/java/com/verisignlabs/dnssec/security/DnsSecVerifier.java
View File

@ -92,7 +92,6 @@ public class DnsSecVerifier {
private int mExpireFudge = 0; private int mExpireFudge = 0;
private boolean mVerifyAllSigs = false; private boolean mVerifyAllSigs = false;
private boolean mIgnoreTime = false; private boolean mIgnoreTime = false;
private Instant mCurrentTime = null;
private Logger log; private Logger log;
@ -134,10 +133,6 @@ public class DnsSecVerifier {
mIgnoreTime = v; mIgnoreTime = v;
} }
public void setCurrentTime(Instant time) {
mCurrentTime = time;
}
private DnsKeyPair findKey(Name name, int algorithm, int footprint) { private DnsKeyPair findKey(Name name, int algorithm, int footprint) {
return mKeyStore.find(name, algorithm, footprint); return mKeyStore.find(name, algorithm, footprint);
} }
@ -160,13 +155,7 @@ public class DnsSecVerifier {
if (mIgnoreTime) if (mIgnoreTime)
return true; return true;
Instant now; Instant now = Instant.now();
if (mCurrentTime != null) {
now = mCurrentTime;
} else {
now = Instant.now();
}
Instant start = sigrec.getTimeSigned(); Instant start = sigrec.getTimeSigned();
Instant expire = sigrec.getExpire(); Instant expire = sigrec.getExpire();
@ -273,7 +262,7 @@ public class DnsSecVerifier {
* @return true if the set verified, false if it did not. * @return true if the set verified, false if it did not.
*/ */
public boolean verify(RRset rrset) { public boolean verify(RRset rrset) {
boolean result = mVerifyAllSigs; boolean result = mVerifyAllSigs ? true : false;
if (rrset.sigs().isEmpty()) { if (rrset.sigs().isEmpty()) {
log.fine("RRset failed to verify due to lack of signatures"); log.fine("RRset failed to verify due to lack of signatures");

12
src/main/java/com/verisignlabs/dnssec/security/ZoneVerifier.java
View File

@ -84,14 +84,6 @@ public class ZoneVerifier {
private static final long serialVersionUID = 1L; private static final long serialVersionUID = 1L;
private boolean mIsMarked = false; private boolean mIsMarked = false;
@Override
public boolean equals(Object o) {
return super.equals(o);
}
@Override
public int hashCode() {
return super.hashCode();
}
boolean getMark() { boolean getMark() {
return mIsMarked; return mIsMarked;
} }
@ -169,7 +161,7 @@ public class ZoneVerifier {
if (mNSEC3Map == null) { if (mNSEC3Map == null) {
mNSEC3Map = new TreeMap<>(); mNSEC3Map = new TreeMap<>();
} }
MarkRRset rrset = mNSEC3Map.computeIfAbsent(n, k -> new MarkRRset()); MarkRRset rrset = mNSECMap.computeIfAbsent(n, k -> new MarkRRset());
return addRRtoRRset(rrset, r); return addRRtoRRset(rrset, r);
} }
@ -334,8 +326,6 @@ public class ZoneVerifier {
} }
switch (mDNSSECType) { switch (mDNSSECType) {
case UNSIGNED:
throw new IllegalArgumentException("Cannot process Unsigned zone");
case NSEC: case NSEC:
// all nodes with NSEC records have NSEC and RRSIG types // all nodes with NSEC records have NSEC and RRSIG types
typeset.add(Type.NSEC); typeset.add(Type.NSEC);