public SIGBase( Name name, int type, int dclass, long ttl, int covered, int alg, long origttl, Date expire, Date timeSigned, int footprint, Name signer, byte[] signature) { super(name, type, dclass, ttl); Type.check(covered); checkU8("alg", alg); checkU8("labels", labels); TTL.check(origttl); checkU16("footprint", footprint); this.covered = covered; this.alg = alg; this.labels = name.labels(); this.origttl = origttl; this.expire = expire; this.timeSigned = timeSigned; this.footprint = footprint; if (!signer.isAbsolute()) throw new RelativeNameException(signer); this.signer = signer; this.signature = signature; }
/** * Creates an array containing fields of the SIG record and the RRsets to be signed/verified. * * @param sig The SIG record used to sign/verify the rrset. * @param rrset The data to be signed/verified. * @return The data to be cryptographically signed or verified. */ public static byte[] digestRRset(SIGRecord sig, RRset rrset) { DataByteOutputStream out = new DataByteOutputStream(); digestSIG(out, sig); int size = rrset.size(); byte[][] records = new byte[size][]; Iterator it = rrset.rrs(); Name name = rrset.getName(); Name wild = null; if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels()); while (it.hasNext()) { Record rec = (Record) it.next(); if (wild != null) rec = rec.withName(wild); records[--size] = rec.toWireCanonical(); } Arrays.sort(records); for (int i = 0; i < records.length; i++) out.writeArray(records[i]); return out.toByteArray(); }
/** * Creates an SIG Record from the given data * * @param covered The RRset type covered by this signature * @param alg The cryptographic algorithm of the key that generated the signature * @param origttl The original TTL of the RRset * @param expire The time at which the signature expires * @param timeSigned The time at which this signature was generated * @param footprint The footprint/key id of the signing key. * @param signer The owner of the signing key * @param signature Binary data representing the signature */ public SIGRecord( Name name, short dclass, int ttl, int covered, int alg, int origttl, Date expire, Date timeSigned, int footprint, Name signer, byte[] signature) { this(name, dclass, ttl); this.covered = (short) covered; this.alg = (byte) alg; this.labels = name.labels(); this.origttl = origttl; this.expire = expire; this.timeSigned = timeSigned; this.footprint = (short) footprint; this.signer = signer; this.signature = signature; }
/** Finds all matching sets or something that causes the lookup to stop. */ protected Object findSets(Name name, short type) { Object bestns = null; Object o; Name tname; int labels; int olabels; int tlabels; if (!name.subdomain(origin)) return null; labels = name.labels(); olabels = origin.labels(); for (tlabels = olabels; tlabels <= labels; tlabels++) { if (tlabels == olabels) tname = origin; else if (tlabels == labels) tname = name; else tname = new Name(name, labels - tlabels); TypeMap nameInfo = findName(tname); if (nameInfo == null) continue; /* If this is an ANY lookup, return everything. */ if (tlabels == labels && type == Type.ANY) return nameInfo.getAll(); /* Look for an NS */ if (tlabels > olabels || isCache) { o = nameInfo.get(Type.NS); if (o != null) { if (isCache) bestns = o; else return o; } } /* If this is the name, look for the actual type. */ if (tlabels == labels) { o = nameInfo.get(type); if (o != null) return o; } /* If this is the name, look for a CNAME */ if (tlabels == labels) { o = nameInfo.get(Type.CNAME); if (o != null) return o; } /* Look for a DNAME, unless this is the actual name */ if (tlabels < labels) { o = nameInfo.get(Type.DNAME); if (o != null) return o; } /* * If this is the name and this is a cache, look for an * NXDOMAIN entry. */ if (tlabels == labels && isCache) { o = nameInfo.get((short) 0); if (o != null) return o; } /* * If this is the name and we haven't matched anything, * just return the name. */ if (tlabels == labels) return nameInfo; } if (bestns == null) return null; else return bestns; }