public SIGBase(
Name name,
int type,
int dclass,
long ttl,
int covered,
int alg,
long origttl,
Date expire,
Date timeSigned,
int footprint,
Name signer,
byte[] signature) {
super(name, type, dclass, ttl);
Type.check(covered);
checkU8("alg", alg);
checkU8("labels", labels);
TTL.check(origttl);
checkU16("footprint", footprint);
this.covered = covered;
this.alg = alg;
this.labels = name.labels();
this.origttl = origttl;
this.expire = expire;
this.timeSigned = timeSigned;
this.footprint = footprint;
if (!signer.isAbsolute()) throw new RelativeNameException(signer);
this.signer = signer;
this.signature = signature;
}
/**
* Creates an array containing fields of the SIG record and the RRsets to be signed/verified.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param rrset The data to be signed/verified.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestRRset(SIGRecord sig, RRset rrset) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
int size = rrset.size();
byte[][] records = new byte[size][];
Iterator it = rrset.rrs();
Name name = rrset.getName();
Name wild = null;
if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels());
while (it.hasNext()) {
Record rec = (Record) it.next();
if (wild != null) rec = rec.withName(wild);
records[--size] = rec.toWireCanonical();
}
Arrays.sort(records);
for (int i = 0; i < records.length; i++) out.writeArray(records[i]);
return out.toByteArray();
}
/**
* Creates an SIG Record from the given data
*
* @param covered The RRset type covered by this signature
* @param alg The cryptographic algorithm of the key that generated the signature
* @param origttl The original TTL of the RRset
* @param expire The time at which the signature expires
* @param timeSigned The time at which this signature was generated
* @param footprint The footprint/key id of the signing key.
* @param signer The owner of the signing key
* @param signature Binary data representing the signature
*/
public SIGRecord(
Name name,
short dclass,
int ttl,
int covered,
int alg,
int origttl,
Date expire,
Date timeSigned,
int footprint,
Name signer,
byte[] signature) {
this(name, dclass, ttl);
this.covered = (short) covered;
this.alg = (byte) alg;
this.labels = name.labels();
this.origttl = origttl;
this.expire = expire;
this.timeSigned = timeSigned;
this.footprint = (short) footprint;
this.signer = signer;
this.signature = signature;
}
/** Finds all matching sets or something that causes the lookup to stop. */
protected Object findSets(Name name, short type) {
Object bestns = null;
Object o;
Name tname;
int labels;
int olabels;
int tlabels;
if (!name.subdomain(origin)) return null;
labels = name.labels();
olabels = origin.labels();
for (tlabels = olabels; tlabels <= labels; tlabels++) {
if (tlabels == olabels) tname = origin;
else if (tlabels == labels) tname = name;
else tname = new Name(name, labels - tlabels);
TypeMap nameInfo = findName(tname);
if (nameInfo == null) continue;
/* If this is an ANY lookup, return everything. */
if (tlabels == labels && type == Type.ANY) return nameInfo.getAll();
/* Look for an NS */
if (tlabels > olabels || isCache) {
o = nameInfo.get(Type.NS);
if (o != null) {
if (isCache) bestns = o;
else return o;
}
}
/* If this is the name, look for the actual type. */
if (tlabels == labels) {
o = nameInfo.get(type);
if (o != null) return o;
}
/* If this is the name, look for a CNAME */
if (tlabels == labels) {
o = nameInfo.get(Type.CNAME);
if (o != null) return o;
}
/* Look for a DNAME, unless this is the actual name */
if (tlabels < labels) {
o = nameInfo.get(Type.DNAME);
if (o != null) return o;
}
/*
* If this is the name and this is a cache, look for an
* NXDOMAIN entry.
*/
if (tlabels == labels && isCache) {
o = nameInfo.get((short) 0);
if (o != null) return o;
}
/*
* If this is the name and we haven't matched anything,
* just return the name.
*/
if (tlabels == labels) return nameInfo;
}
if (bestns == null) return null;
else return bestns;
}