static byte[] buildDH(DHPublicKey key) {
DataByteOutputStream out = new DataByteOutputStream();
BigInteger p = key.getParams().getP();
BigInteger g = key.getParams().getG();
BigInteger y = key.getY();
int pLength, gLength, yLength;
if (g.equals(TWO) && (p.equals(DHPRIME768) || p.equals(DHPRIME1024))) {
pLength = 1;
gLength = 0;
} else {
pLength = BigIntegerLength(p);
gLength = BigIntegerLength(g);
}
yLength = BigIntegerLength(y);
out.writeShort(pLength);
if (pLength == 1) {
if (p.bitLength() == 768) out.writeByte((byte) 1);
else out.writeByte((byte) 2);
} else out.writeBigInteger(p);
out.writeShort(gLength);
if (gLength > 0) out.writeBigInteger(g);
out.writeShort(yLength);
out.writeBigInteger(y);
return out.toByteArray();
}
/** Returns the key's footprint (after computing it) */
public short getFootprint() {
if (footprint >= 0) return (short) footprint;
int foot = 0;
DataByteOutputStream out = new DataByteOutputStream();
try {
rrToWire(out, null);
} catch (IOException e) {
}
byte[] rdata = out.toByteArray();
if (alg == DNSSEC.RSA) {
int d1 = rdata[rdata.length - 3] & 0xFF;
int d2 = rdata[rdata.length - 2] & 0xFF;
foot = (d1 << 8) + d2;
} else {
int i;
for (i = 0; i < rdata.length - 1; i += 2) {
int d1 = rdata[i] & 0xFF;
int d2 = rdata[i + 1] & 0xFF;
foot += ((d1 << 8) + d2);
}
if (i < rdata.length) {
int d1 = rdata[i] & 0xFF;
foot += (d1 << 8);
}
foot += ((foot >> 16) & 0xffff);
}
footprint = (foot & 0xffff);
return (short) footprint;
}
void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
if (key == null && (flags & (FLAG_NOKEY)) != (FLAG_NOKEY)) return;
out.writeShort(flags);
out.writeByte(proto);
out.writeByte(alg);
if (key != null) out.write(key);
}
void rrToWire(DataByteOutputStream out, Compression c, boolean canonical) {
if (cert == null) return;
out.writeShort(certType);
out.writeShort(keyTag);
out.writeByte(alg);
out.writeArray(cert);
}
/**
* Creates an array containing fields of the SIG record and the message to be signed.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param msg The message to be signed/verified.
* @param previous If this is a response, the signature from the query.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
if (previous != null) out.writeArray(previous);
msg.toWire(out);
return out.toByteArray();
}
static byte[] buildDSA(DSAPublicKey key) {
DataByteOutputStream out = new DataByteOutputStream();
BigInteger q = key.getParams().getQ();
BigInteger p = key.getParams().getP();
BigInteger g = key.getParams().getG();
BigInteger y = key.getY();
int t = (p.toByteArray().length - 64) / 8;
out.writeByte(t);
out.writeBigInteger(q);
out.writeBigInteger(p);
out.writeBigInteger(g);
out.writeBigInteger(y);
return out.toByteArray();
}
void rrToWire(DataByteOutputStream out, Compression c, boolean canonical) {
if (signature == null) return;
out.writeShort(covered);
out.writeByte(alg);
out.writeByte(labels);
out.writeInt(origttl);
out.writeInt((int) (expire.getTime() / 1000));
out.writeInt((int) (timeSigned.getTime() / 1000));
out.writeShort(footprint);
signer.toWire(out, null, canonical);
out.writeArray(signature);
}
/**
* Creates an array containing fields of the SIG record and the RRsets to be signed/verified.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param rrset The data to be signed/verified.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestRRset(SIGRecord sig, RRset rrset) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
int size = rrset.size();
byte[][] records = new byte[size][];
Iterator it = rrset.rrs();
Name name = rrset.getName();
Name wild = null;
if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels());
while (it.hasNext()) {
Record rec = (Record) it.next();
if (wild != null) rec = rec.withName(wild);
records[--size] = rec.toWireCanonical();
}
Arrays.sort(records);
for (int i = 0; i < records.length; i++) out.writeArray(records[i]);
return out.toByteArray();
}
private static void digestSIG(DataByteOutputStream out, SIGRecord sig) {
out.writeShort(sig.getTypeCovered());
out.writeByte(sig.getAlgorithm());
out.writeByte(sig.getLabels());
out.writeUnsignedInt(sig.getOrigTTL());
out.writeInt((int) (sig.getExpire().getTime() / 1000));
out.writeInt((int) (sig.getTimeSigned().getTime() / 1000));
out.writeShort(sig.getFootprint());
sig.getSigner().toWireCanonical(out);
}
static byte[] buildRSA(RSAPublicKey key) {
DataByteOutputStream out = new DataByteOutputStream();
BigInteger exponent = key.getPublicExponent();
BigInteger modulus = key.getModulus();
int exponentLength = BigIntegerLength(exponent);
if (exponentLength < 256) out.writeByte(exponentLength);
else {
out.writeByte(0);
out.writeShort(exponentLength);
}
out.writeBigInteger(exponent);
out.writeBigInteger(modulus);
return out.toByteArray();
}
void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
if (data != null) out.write(data);
}