Beispiel #1
0
  /**
   * Creates an array containing fields of the SIG record and the message to be signed.
   *
   * @param sig The SIG record used to sign/verify the rrset.
   * @param msg The message to be signed/verified.
   * @param previous If this is a response, the signature from the query.
   * @return The data to be cryptographically signed or verified.
   */
  public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) {
    DataByteOutputStream out = new DataByteOutputStream();
    digestSIG(out, sig);

    if (previous != null) out.writeArray(previous);

    msg.toWire(out);
    return out.toByteArray();
  }
Beispiel #2
0
  /**
   * Adds all data from a Message into the Cache. Each record is added with the appropriate
   * credibility, and negative answers are cached as such.
   *
   * @param in The Message to be added
   * @see Message
   */
  public void addMessage(Message in) {
    boolean isAuth = in.getHeader().getFlag(Flags.AA);
    Name qname = in.getQuestion().getName();
    Name curname = qname;
    short qtype = in.getQuestion().getType();
    short qclass = in.getQuestion().getDClass();
    byte cred;
    short rcode = in.getHeader().getRcode();
    boolean haveAnswer = false;
    boolean completed = false;
    boolean restart = false;
    RRset[] answers, auth, addl;

    if (rcode != Rcode.NOERROR && rcode != Rcode.NXDOMAIN) return;

    if (secure) {
      Cache c = new Cache(dclass);
      c.addMessage(in);
      verifyRecords(c);
      return;
    }

    answers = in.getSectionRRsets(Section.ANSWER);
    for (int i = 0; i < answers.length; i++) {
      if (answers[i].getDClass() != qclass) continue;
      short type = answers[i].getType();
      Name name = answers[i].getName();
      cred = getCred(Section.ANSWER, isAuth);
      if (type == Type.CNAME && name.equals(curname)) {
        CNAMERecord cname;
        addRRset(answers[i], cred);
        cname = (CNAMERecord) answers[i].first();
        curname = cname.getTarget();
        restart = true;
        haveAnswer = true;
      } else if (type == Type.DNAME && curname.subdomain(name)) {
        DNAMERecord dname;
        addRRset(answers[i], cred);
        dname = (DNAMERecord) answers[i].first();
        try {
          curname = curname.fromDNAME(dname);
        } catch (NameTooLongException e) {
          break;
        }
        restart = true;
        haveAnswer = true;
      } else if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) {
        addRRset(answers[i], cred);
        completed = true;
        haveAnswer = true;
      }
      if (restart) {
        restart = false;
        i = 0;
      }
    }

    auth = in.getSectionRRsets(Section.AUTHORITY);
    if (!completed) {
      /* This is a negative response or a referral. */
      RRset soa = null, ns = null;
      for (int i = 0; i < auth.length; i++) {
        if (auth[i].getType() == Type.SOA && curname.subdomain(auth[i].getName())) soa = auth[i];
        else if (auth[i].getType() == Type.NS && curname.subdomain(auth[i].getName())) ns = auth[i];
      }
      short cachetype = (rcode == Rcode.NXDOMAIN) ? (short) 0 : qtype;
      if (soa != null || ns == null) {
        /* Negative response */
        cred = getCred(Section.AUTHORITY, isAuth);
        SOARecord soarec = null;
        if (soa != null) soarec = (SOARecord) soa.first();
        addNegative(curname, cachetype, soarec, cred);
        /* NXT records are not cached yet. */
      } else {
        /* Referral response */
        cred = getCred(Section.AUTHORITY, isAuth);
        addRRset(ns, cred);
      }
    }

    addl = in.getSectionRRsets(Section.ADDITIONAL);
    for (int i = 0; i < addl.length; i++) {
      short type = addl[i].getType();
      if (type != Type.A && type != Type.AAAA && type != Type.A6) continue;
      /* XXX check the name */
      Name name = addl[i].getName();
      cred = getCred(Section.ADDITIONAL, isAuth);
      addRRset(addl[i], cred);
    }
  }