Beispiel #1
0
  /** Returns the key's footprint (after computing it) */
  public short getFootprint() {
    if (footprint >= 0) return (short) footprint;

    int foot = 0;

    DataByteOutputStream out = new DataByteOutputStream();
    try {
      rrToWire(out, null);
    } catch (IOException e) {
    }
    byte[] rdata = out.toByteArray();

    if (alg == DNSSEC.RSA) {
      int d1 = rdata[rdata.length - 3] & 0xFF;
      int d2 = rdata[rdata.length - 2] & 0xFF;
      foot = (d1 << 8) + d2;
    } else {
      int i;
      for (i = 0; i < rdata.length - 1; i += 2) {
        int d1 = rdata[i] & 0xFF;
        int d2 = rdata[i + 1] & 0xFF;
        foot += ((d1 << 8) + d2);
      }
      if (i < rdata.length) {
        int d1 = rdata[i] & 0xFF;
        foot += (d1 << 8);
      }
      foot += ((foot >> 16) & 0xffff);
    }
    footprint = (foot & 0xffff);
    return (short) footprint;
  }
Beispiel #2
0
  void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
    if (key == null && (flags & (FLAG_NOKEY)) != (FLAG_NOKEY)) return;

    out.writeShort(flags);
    out.writeByte(proto);
    out.writeByte(alg);
    if (key != null) out.write(key);
  }
Beispiel #3
0
  /**
   * Creates an array containing fields of the SIG record and the message to be signed.
   *
   * @param sig The SIG record used to sign/verify the rrset.
   * @param msg The message to be signed/verified.
   * @param previous If this is a response, the signature from the query.
   * @return The data to be cryptographically signed or verified.
   */
  public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) {
    DataByteOutputStream out = new DataByteOutputStream();
    digestSIG(out, sig);

    if (previous != null) out.writeArray(previous);

    msg.toWire(out);
    return out.toByteArray();
  }
Beispiel #4
0
  void rrToWire(DataByteOutputStream out, Compression c, boolean canonical) {
    if (signature == null) return;

    out.writeShort(covered);
    out.writeByte(alg);
    out.writeByte(labels);
    out.writeInt(origttl);
    out.writeInt((int) (expire.getTime() / 1000));
    out.writeInt((int) (timeSigned.getTime() / 1000));
    out.writeShort(footprint);
    signer.toWire(out, null, canonical);
    out.writeArray(signature);
  }
Beispiel #5
0
  /**
   * Creates an array containing fields of the SIG record and the RRsets to be signed/verified.
   *
   * @param sig The SIG record used to sign/verify the rrset.
   * @param rrset The data to be signed/verified.
   * @return The data to be cryptographically signed or verified.
   */
  public static byte[] digestRRset(SIGRecord sig, RRset rrset) {
    DataByteOutputStream out = new DataByteOutputStream();
    digestSIG(out, sig);

    int size = rrset.size();
    byte[][] records = new byte[size][];

    Iterator it = rrset.rrs();
    Name name = rrset.getName();
    Name wild = null;
    if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels());
    while (it.hasNext()) {
      Record rec = (Record) it.next();
      if (wild != null) rec = rec.withName(wild);
      records[--size] = rec.toWireCanonical();
    }
    Arrays.sort(records);
    for (int i = 0; i < records.length; i++) out.writeArray(records[i]);
    return out.toByteArray();
  }
Beispiel #6
0
 private static void digestSIG(DataByteOutputStream out, SIGRecord sig) {
   out.writeShort(sig.getTypeCovered());
   out.writeByte(sig.getAlgorithm());
   out.writeByte(sig.getLabels());
   out.writeUnsignedInt(sig.getOrigTTL());
   out.writeInt((int) (sig.getExpire().getTime() / 1000));
   out.writeInt((int) (sig.getTimeSigned().getTime() / 1000));
   out.writeShort(sig.getFootprint());
   sig.getSigner().toWireCanonical(out);
 }
Beispiel #7
0
  void rrToWire(DataByteOutputStream dbs, Compression c) throws IOException {
    if (target == null) return;

    dbs.writeShort(priority);
    target.toWire(dbs, null);
  }
Beispiel #8
0
 void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
   if (data != null) out.write(data);
 }