Esempio n. 1
0
 /**
  * Verify a message using SIG(0).
  *
  * @param message The message to be signed
  * @param b An array containing the message in unparsed form. This is necessary since SIG(0) signs
  *     the message in wire format, and we can't recreate the exact wire format (with the same name
  *     compression).
  * @param key The KEY record to verify the signature with.
  * @param previous If this message is a response, the SIG(0) from the query
  */
 public static void verifyMessage(Message message, byte[] b, KEYRecord key, SIGRecord previous)
     throws DNSSEC.DNSSECException {
   SIGRecord sig = null;
   Record[] additional = message.getSectionArray(Section.ADDITIONAL);
   for (int i = 0; i < additional.length; i++) {
     if (additional[i].getType() != Type.SIG) {
       continue;
     }
     if (((SIGRecord) additional[i]).getTypeCovered() != 0) {
       continue;
     }
     sig = (SIGRecord) additional[i];
     break;
   }
   DNSSEC.verifyMessage(message, b, sig, previous, key);
 }
Esempio n. 2
0
  /**
   * Sign a message with SIG(0). The DNS key and private key must refer to the same underlying
   * cryptographic key.
   *
   * @param message The message to be signed
   * @param key The DNSKEY record to use as part of signing
   * @param privkey The PrivateKey to use when signing
   * @param previous If this message is a response, the SIG(0) from the query
   */
  public static void signMessage(
      Message message, KEYRecord key, PrivateKey privkey, SIGRecord previous)
      throws DNSSEC.DNSSECException {

    int validity = Options.intValue("sig0validity");
    if (validity < 0) {
      validity = VALIDITY;
    }

    long now = System.currentTimeMillis();
    Date timeSigned = new Date(now);
    Date timeExpires = new Date(now + validity * 1000);

    SIGRecord sig = DNSSEC.signMessage(message, previous, key, privkey, timeSigned, timeExpires);

    message.addRecord(sig, Section.ADDITIONAL);
  }