/**
* Creates an array containing fields of the SIG record and the message to be signed.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param msg The message to be signed/verified.
* @param previous If this is a response, the signature from the query.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
if (previous != null) out.writeArray(previous);
msg.toWire(out);
return out.toByteArray();
}
/**
* Adds all data from a Message into the Cache. Each record is added with the appropriate
* credibility, and negative answers are cached as such.
*
* @param in The Message to be added
* @see Message
*/
public void addMessage(Message in) {
boolean isAuth = in.getHeader().getFlag(Flags.AA);
Name qname = in.getQuestion().getName();
Name curname = qname;
short qtype = in.getQuestion().getType();
short qclass = in.getQuestion().getDClass();
byte cred;
short rcode = in.getHeader().getRcode();
boolean haveAnswer = false;
boolean completed = false;
boolean restart = false;
RRset[] answers, auth, addl;
if (rcode != Rcode.NOERROR && rcode != Rcode.NXDOMAIN) return;
if (secure) {
Cache c = new Cache(dclass);
c.addMessage(in);
verifyRecords(c);
return;
}
answers = in.getSectionRRsets(Section.ANSWER);
for (int i = 0; i < answers.length; i++) {
if (answers[i].getDClass() != qclass) continue;
short type = answers[i].getType();
Name name = answers[i].getName();
cred = getCred(Section.ANSWER, isAuth);
if (type == Type.CNAME && name.equals(curname)) {
CNAMERecord cname;
addRRset(answers[i], cred);
cname = (CNAMERecord) answers[i].first();
curname = cname.getTarget();
restart = true;
haveAnswer = true;
} else if (type == Type.DNAME && curname.subdomain(name)) {
DNAMERecord dname;
addRRset(answers[i], cred);
dname = (DNAMERecord) answers[i].first();
try {
curname = curname.fromDNAME(dname);
} catch (NameTooLongException e) {
break;
}
restart = true;
haveAnswer = true;
} else if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) {
addRRset(answers[i], cred);
completed = true;
haveAnswer = true;
}
if (restart) {
restart = false;
i = 0;
}
}
auth = in.getSectionRRsets(Section.AUTHORITY);
if (!completed) {
/* This is a negative response or a referral. */
RRset soa = null, ns = null;
for (int i = 0; i < auth.length; i++) {
if (auth[i].getType() == Type.SOA && curname.subdomain(auth[i].getName())) soa = auth[i];
else if (auth[i].getType() == Type.NS && curname.subdomain(auth[i].getName())) ns = auth[i];
}
short cachetype = (rcode == Rcode.NXDOMAIN) ? (short) 0 : qtype;
if (soa != null || ns == null) {
/* Negative response */
cred = getCred(Section.AUTHORITY, isAuth);
SOARecord soarec = null;
if (soa != null) soarec = (SOARecord) soa.first();
addNegative(curname, cachetype, soarec, cred);
/* NXT records are not cached yet. */
} else {
/* Referral response */
cred = getCred(Section.AUTHORITY, isAuth);
addRRset(ns, cred);
}
}
addl = in.getSectionRRsets(Section.ADDITIONAL);
for (int i = 0; i < addl.length; i++) {
short type = addl[i].getType();
if (type != Type.A && type != Type.AAAA && type != Type.A6) continue;
/* XXX check the name */
Name name = addl[i].getName();
cred = getCred(Section.ADDITIONAL, isAuth);
addRRset(addl[i], cred);
}
}
