/** * Creates an array containing fields of the SIG record and the message to be signed. * * @param sig The SIG record used to sign/verify the rrset. * @param msg The message to be signed/verified. * @param previous If this is a response, the signature from the query. * @return The data to be cryptographically signed or verified. */ public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) { DataByteOutputStream out = new DataByteOutputStream(); digestSIG(out, sig); if (previous != null) out.writeArray(previous); msg.toWire(out); return out.toByteArray(); }
/** * Adds all data from a Message into the Cache. Each record is added with the appropriate * credibility, and negative answers are cached as such. * * @param in The Message to be added * @see Message */ public void addMessage(Message in) { boolean isAuth = in.getHeader().getFlag(Flags.AA); Name qname = in.getQuestion().getName(); Name curname = qname; short qtype = in.getQuestion().getType(); short qclass = in.getQuestion().getDClass(); byte cred; short rcode = in.getHeader().getRcode(); boolean haveAnswer = false; boolean completed = false; boolean restart = false; RRset[] answers, auth, addl; if (rcode != Rcode.NOERROR && rcode != Rcode.NXDOMAIN) return; if (secure) { Cache c = new Cache(dclass); c.addMessage(in); verifyRecords(c); return; } answers = in.getSectionRRsets(Section.ANSWER); for (int i = 0; i < answers.length; i++) { if (answers[i].getDClass() != qclass) continue; short type = answers[i].getType(); Name name = answers[i].getName(); cred = getCred(Section.ANSWER, isAuth); if (type == Type.CNAME && name.equals(curname)) { CNAMERecord cname; addRRset(answers[i], cred); cname = (CNAMERecord) answers[i].first(); curname = cname.getTarget(); restart = true; haveAnswer = true; } else if (type == Type.DNAME && curname.subdomain(name)) { DNAMERecord dname; addRRset(answers[i], cred); dname = (DNAMERecord) answers[i].first(); try { curname = curname.fromDNAME(dname); } catch (NameTooLongException e) { break; } restart = true; haveAnswer = true; } else if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) { addRRset(answers[i], cred); completed = true; haveAnswer = true; } if (restart) { restart = false; i = 0; } } auth = in.getSectionRRsets(Section.AUTHORITY); if (!completed) { /* This is a negative response or a referral. */ RRset soa = null, ns = null; for (int i = 0; i < auth.length; i++) { if (auth[i].getType() == Type.SOA && curname.subdomain(auth[i].getName())) soa = auth[i]; else if (auth[i].getType() == Type.NS && curname.subdomain(auth[i].getName())) ns = auth[i]; } short cachetype = (rcode == Rcode.NXDOMAIN) ? (short) 0 : qtype; if (soa != null || ns == null) { /* Negative response */ cred = getCred(Section.AUTHORITY, isAuth); SOARecord soarec = null; if (soa != null) soarec = (SOARecord) soa.first(); addNegative(curname, cachetype, soarec, cred); /* NXT records are not cached yet. */ } else { /* Referral response */ cred = getCred(Section.AUTHORITY, isAuth); addRRset(ns, cred); } } addl = in.getSectionRRsets(Section.ADDITIONAL); for (int i = 0; i < addl.length; i++) { short type = addl[i].getType(); if (type != Type.A && type != Type.AAAA && type != Type.A6) continue; /* XXX check the name */ Name name = addl[i].getName(); cred = getCred(Section.ADDITIONAL, isAuth); addRRset(addl[i], cred); } }