Exemple #1
0
 public SIGBase(
     Name name,
     int type,
     int dclass,
     long ttl,
     int covered,
     int alg,
     long origttl,
     Date expire,
     Date timeSigned,
     int footprint,
     Name signer,
     byte[] signature) {
   super(name, type, dclass, ttl);
   Type.check(covered);
   checkU8("alg", alg);
   checkU8("labels", labels);
   TTL.check(origttl);
   checkU16("footprint", footprint);
   this.covered = covered;
   this.alg = alg;
   this.labels = name.labels();
   this.origttl = origttl;
   this.expire = expire;
   this.timeSigned = timeSigned;
   this.footprint = footprint;
   if (!signer.isAbsolute()) throw new RelativeNameException(signer);
   this.signer = signer;
   this.signature = signature;
 }
Exemple #2
0
  /**
   * Creates an array containing fields of the SIG record and the RRsets to be signed/verified.
   *
   * @param sig The SIG record used to sign/verify the rrset.
   * @param rrset The data to be signed/verified.
   * @return The data to be cryptographically signed or verified.
   */
  public static byte[] digestRRset(SIGRecord sig, RRset rrset) {
    DataByteOutputStream out = new DataByteOutputStream();
    digestSIG(out, sig);

    int size = rrset.size();
    byte[][] records = new byte[size][];

    Iterator it = rrset.rrs();
    Name name = rrset.getName();
    Name wild = null;
    if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels());
    while (it.hasNext()) {
      Record rec = (Record) it.next();
      if (wild != null) rec = rec.withName(wild);
      records[--size] = rec.toWireCanonical();
    }
    Arrays.sort(records);
    for (int i = 0; i < records.length; i++) out.writeArray(records[i]);
    return out.toByteArray();
  }
Exemple #3
0
 /**
  * Creates an SIG Record from the given data
  *
  * @param covered The RRset type covered by this signature
  * @param alg The cryptographic algorithm of the key that generated the signature
  * @param origttl The original TTL of the RRset
  * @param expire The time at which the signature expires
  * @param timeSigned The time at which this signature was generated
  * @param footprint The footprint/key id of the signing key.
  * @param signer The owner of the signing key
  * @param signature Binary data representing the signature
  */
 public SIGRecord(
     Name name,
     short dclass,
     int ttl,
     int covered,
     int alg,
     int origttl,
     Date expire,
     Date timeSigned,
     int footprint,
     Name signer,
     byte[] signature) {
   this(name, dclass, ttl);
   this.covered = (short) covered;
   this.alg = (byte) alg;
   this.labels = name.labels();
   this.origttl = origttl;
   this.expire = expire;
   this.timeSigned = timeSigned;
   this.footprint = (short) footprint;
   this.signer = signer;
   this.signature = signature;
 }
Exemple #4
0
  /** Finds all matching sets or something that causes the lookup to stop. */
  protected Object findSets(Name name, short type) {
    Object bestns = null;
    Object o;
    Name tname;
    int labels;
    int olabels;
    int tlabels;

    if (!name.subdomain(origin)) return null;
    labels = name.labels();
    olabels = origin.labels();

    for (tlabels = olabels; tlabels <= labels; tlabels++) {
      if (tlabels == olabels) tname = origin;
      else if (tlabels == labels) tname = name;
      else tname = new Name(name, labels - tlabels);
      TypeMap nameInfo = findName(tname);
      if (nameInfo == null) continue;

      /* If this is an ANY lookup, return everything. */
      if (tlabels == labels && type == Type.ANY) return nameInfo.getAll();

      /* Look for an NS */
      if (tlabels > olabels || isCache) {
        o = nameInfo.get(Type.NS);
        if (o != null) {
          if (isCache) bestns = o;
          else return o;
        }
      }

      /* If this is the name, look for the actual type. */
      if (tlabels == labels) {
        o = nameInfo.get(type);
        if (o != null) return o;
      }

      /* If this is the name, look for a CNAME */
      if (tlabels == labels) {
        o = nameInfo.get(Type.CNAME);
        if (o != null) return o;
      }

      /* Look for a DNAME, unless this is the actual name */
      if (tlabels < labels) {
        o = nameInfo.get(Type.DNAME);
        if (o != null) return o;
      }

      /*
       * If this is the name and this is a cache, look for an
       * NXDOMAIN entry.
       */
      if (tlabels == labels && isCache) {
        o = nameInfo.get((short) 0);
        if (o != null) return o;
      }

      /*
       * If this is the name and we haven't matched anything,
       * just return the name.
       */
      if (tlabels == labels) return nameInfo;
    }
    if (bestns == null) return null;
    else return bestns;
  }