forgot to commit the version update

add -t option to verifyzone
Fix critical typo in ZoneVerifier; more sonarlint
2023-07-24 08:22:28 -04:00 · 2023-07-24 08:10:10 -04:00 · 2023-07-24 00:12:28 -04:00 · 2023-07-23 23:45:47 -04:00
10 changed files with 53 additions and 21 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-version=0.17
+version=0.17.1
--- a/build.gradle
+++ b/build.gradle
@ -10,7 +10,7 @@ apply plugin: 'idea'

 jar {
    baseName = 'jdnssec-tools'
-    version =  '0.17'
+    version =  '0.17.1'
 }

 repositories {
--- a/build.xml
+++ b/build.xml
@ -47,8 +47,8 @@
           deprecation="true"
           includeantruntime="false"
           includes="com/verisignlabs/dnssec/"
-           source="8"
-           target="8" />
+           source="11"
+           target="11" />
  </target>

  <target name="sectools-jar" depends="usage,sectools">
--- a/src/main/java/com/verisignlabs/dnssec/cl/SignKeyset.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/SignKeyset.java
@ -22,7 +22,6 @@ import java.io.FileFilter;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;

 import org.apache.commons.cli.CommandLine;
@ -184,11 +183,11 @@ public class SignKeyset extends CLBase {
  private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
      File inDirectory) throws IOException {
    if (keyfiles == null)
-      return Collections.emptyList();
+      return new ArrayList<>();

    int len = keyfiles.length - startIndex;
    if (len <= 0)
-      return Collections.emptyList();
+      return new ArrayList<>();

    ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

--- a/src/main/java/com/verisignlabs/dnssec/cl/SignRRset.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/SignRRset.java
@ -21,7 +21,6 @@ import java.io.File;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;

 import org.apache.commons.cli.CommandLine;
@ -191,11 +190,11 @@ public class SignRRset extends CLBase {
  private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
      File inDirectory) throws IOException {
    if (keyfiles == null)
-      return Collections.emptyList();
+      return new ArrayList<>();

    int len = keyfiles.length - startIndex;
    if (len <= 0)
-      return Collections.emptyList();
+      return new ArrayList<>();

    ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

--- a/src/main/java/com/verisignlabs/dnssec/cl/SignZone.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/SignZone.java
@ -24,7 +24,6 @@ import java.io.FileReader;
 import java.io.IOException;
 import java.time.Instant;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Random;
@ -331,11 +330,11 @@ public class SignZone extends CLBase {
  private static List<DnsKeyPair> getKeys(String[] keyfiles, int startIndex,
      File inDirectory) throws IOException {
    if (keyfiles == null)
-      return Collections.emptyList();
+      return new ArrayList<>();

    int len = keyfiles.length - startIndex;
    if (len <= 0)
-      return Collections.emptyList();
+      return new ArrayList<>();

    ArrayList<DnsKeyPair> keys = new ArrayList<>(len);

--- a/src/main/java/com/verisignlabs/dnssec/cl/VerifyZone.java
+++ b/src/main/java/com/verisignlabs/dnssec/cl/VerifyZone.java
@ -17,11 +17,13 @@

 package com.verisignlabs.dnssec.cl;

+import java.time.Instant;
 import java.util.List;

 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.Option;
+import org.apache.commons.cli.ParseException;
 import org.xbill.DNS.Record;

 import com.verisignlabs.dnssec.security.ZoneUtils;
@ -47,6 +49,7 @@ public class VerifyZone extends CLBase {
    public int expirefudge = 0;
    public boolean ignoreTime = false;
    public boolean ignoreDups = false;
+    public Instant currentTime = null;

    public CLIState() {
      super("jdnssec-verifyzone [..options..] zonefile");
@ -54,10 +57,13 @@ public class VerifyZone extends CLBase {

    @Override
    protected void setupOptions(Options opts) {
-      opts.addOption(Option.builder("S").optionalArg(true).argName("seconds").longOpt("sig-start-fudge")
+      opts.addOption(Option.builder("S").hasArg().argName("seconds").longOpt("sig-start-fudge")
          .desc("'fudge' RRSIG inception ties by 'seconds'").build());
-      opts.addOption(Option.builder("E").optionalArg(true).argName("seconds").longOpt("sig-expire-fudge")
+      opts.addOption(Option.builder("E").hasArg().argName("seconds").longOpt("sig-expire-fudge")
          .desc("'fudge' RRSIG expiration times by 'seconds'").build());
+      opts.addOption(Option.builder("t").hasArg().argName("time").longOpt("use-time")
+          .desc("Use 'time' as the time for verification purposes.").build());
+
      opts.addOption(
          Option.builder().longOpt("ignore-time").desc("Ignore RRSIG inception and expiration time errors.").build());
      opts.addOption(Option.builder().longOpt("ignore-duplicate-rrs").desc("Ignore duplicate record errors.").build());
@ -82,6 +88,15 @@ public class VerifyZone extends CLBase {
        expirefudge = parseInt(optstr, 0);
      }

+      if ((optstr = cli.getOptionValue('t')) != null) {
+        try {
+          currentTime = convertDuration(null, optstr);
+        } catch (ParseException e) {
+          System.err.println("error: could not parse timespec");
+          usage();
+        }
+      }
+
      String[] optstrs = null;
      if ((optstrs = cli.getOptionValues('A')) != null) {
        for (int i = 0; i < optstrs.length; i++) {
@ -110,6 +125,7 @@ public class VerifyZone extends CLBase {
    zoneverifier.getVerifier().setStartFudge(state.startfudge);
    zoneverifier.getVerifier().setExpireFudge(state.expirefudge);
    zoneverifier.getVerifier().setIgnoreTime(state.ignoreTime);
+    zoneverifier.getVerifier().setCurrentTime(state.currentTime);
    zoneverifier.setIgnoreDuplicateRRs(state.ignoreDups);

    List<Record> records = ZoneUtils.readZoneFile(state.zonefile, null);
--- a/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java
+++ b/src/main/java/com/verisignlabs/dnssec/security/DnsKeyAlgorithm.java
@ -455,9 +455,7 @@ public class DnsKeyAlgorithm {
   *         alias.
   */
  public boolean supportedAlgorithm(int algorithm) {
-    if (mAlgorithmMap.containsKey(algorithm))
-      return true;
-    return false;
+    return mAlgorithmMap.containsKey(algorithm);
  }

  /**
--- a/src/main/java/com/verisignlabs/dnssec/security/DnsSecVerifier.java
+++ b/src/main/java/com/verisignlabs/dnssec/security/DnsSecVerifier.java
@ -92,6 +92,7 @@ public class DnsSecVerifier {
  private int mExpireFudge = 0;
  private boolean mVerifyAllSigs = false;
  private boolean mIgnoreTime = false;
+  private Instant mCurrentTime = null;

  private Logger log;

@ -133,6 +134,10 @@ public class DnsSecVerifier {
    mIgnoreTime = v;
  }

+  public void setCurrentTime(Instant time) {
+    mCurrentTime = time;
+  }
+
  private DnsKeyPair findKey(Name name, int algorithm, int footprint) {
    return mKeyStore.find(name, algorithm, footprint);
  }
@ -155,7 +160,13 @@ public class DnsSecVerifier {
    if (mIgnoreTime)
      return true;

-    Instant now = Instant.now();
+    Instant now;
+    if (mCurrentTime != null) {
+      now = mCurrentTime;
+    } else {
+      now = Instant.now();
+    }
+
    Instant start = sigrec.getTimeSigned();
    Instant expire = sigrec.getExpire();

@ -262,7 +273,7 @@ public class DnsSecVerifier {
   * @return true if the set verified, false if it did not.
   */
  public boolean verify(RRset rrset) {
-    boolean result = mVerifyAllSigs ? true : false;
+    boolean result = mVerifyAllSigs;

    if (rrset.sigs().isEmpty()) {
      log.fine("RRset failed to verify due to lack of signatures");
--- a/src/main/java/com/verisignlabs/dnssec/security/ZoneVerifier.java
+++ b/src/main/java/com/verisignlabs/dnssec/security/ZoneVerifier.java
@ -84,6 +84,14 @@ public class ZoneVerifier {
    private static final long serialVersionUID = 1L;
    private boolean mIsMarked = false;

+    @Override
+    public boolean equals(Object o) {
+      return super.equals(o);
+    }
+    @Override
+    public int hashCode() {
+      return super.hashCode();
+    }
    boolean getMark() {
      return mIsMarked;
    }
@ -161,7 +169,7 @@ public class ZoneVerifier {
      if (mNSEC3Map == null) {
        mNSEC3Map = new TreeMap<>();
      }
-      MarkRRset rrset = mNSECMap.computeIfAbsent(n, k -> new MarkRRset());
+      MarkRRset rrset = mNSEC3Map.computeIfAbsent(n, k -> new MarkRRset());

      return addRRtoRRset(rrset, r);
    }
@ -326,6 +334,8 @@ public class ZoneVerifier {
      }

      switch (mDNSSECType) {
+        case UNSIGNED:
+          throw new IllegalArgumentException("Cannot process Unsigned zone");
        case NSEC:
          // all nodes with NSEC records have NSEC and RRSIG types
          typeset.add(Type.NSEC);
Author	SHA1	Message	Date
David Blacka	5fef1dcf24	forgot to commit the version update	2023-07-24 08:22:28 -04:00
David Blacka	e73b5ddd53	add -t option to verifyzone	2023-07-24 08:10:10 -04:00
David Blacka	3601676406	Fix critical typo in ZoneVerifier; more sonarlint	2023-07-24 00:12:28 -04:00
David Blacka	69a0a34239	do not use Collections.emptyList()	2023-07-23 23:45:47 -04:00