private void verifyRecords(Cache tcache) {
Iterator it;
it = tcache.names();
while (it.hasNext()) {
Name name = (Name) it.next();
Object[] elements = findExactSets(name);
for (int i = 0; i < elements.length; i++) {
Element element = (Element) elements[i];
if (element instanceof PositiveElement) continue;
RRset rrset = ((PositiveElement) element).rrset;
/* for now, ignore negative cache entries */
if (rrset == null) continue;
if (verifier != null) rrset.setSecurity(verifier.verify(rrset, this));
if (rrset.getSecurity() < DNSSEC.Secure) continue;
addSet(name, rrset.getType(), element);
}
}
}
/**
* Adds all data from a Message into the Cache. Each record is added with the appropriate
* credibility, and negative answers are cached as such.
*
* @param in The Message to be added
* @see Message
*/
public void addMessage(Message in) {
boolean isAuth = in.getHeader().getFlag(Flags.AA);
Name qname = in.getQuestion().getName();
Name curname = qname;
short qtype = in.getQuestion().getType();
short qclass = in.getQuestion().getDClass();
byte cred;
short rcode = in.getHeader().getRcode();
boolean haveAnswer = false;
boolean completed = false;
boolean restart = false;
RRset[] answers, auth, addl;
if (rcode != Rcode.NOERROR && rcode != Rcode.NXDOMAIN) return;
if (secure) {
Cache c = new Cache(dclass);
c.addMessage(in);
verifyRecords(c);
return;
}
answers = in.getSectionRRsets(Section.ANSWER);
for (int i = 0; i < answers.length; i++) {
if (answers[i].getDClass() != qclass) continue;
short type = answers[i].getType();
Name name = answers[i].getName();
cred = getCred(Section.ANSWER, isAuth);
if (type == Type.CNAME && name.equals(curname)) {
CNAMERecord cname;
addRRset(answers[i], cred);
cname = (CNAMERecord) answers[i].first();
curname = cname.getTarget();
restart = true;
haveAnswer = true;
} else if (type == Type.DNAME && curname.subdomain(name)) {
DNAMERecord dname;
addRRset(answers[i], cred);
dname = (DNAMERecord) answers[i].first();
try {
curname = curname.fromDNAME(dname);
} catch (NameTooLongException e) {
break;
}
restart = true;
haveAnswer = true;
} else if ((type == qtype || qtype == Type.ANY) && name.equals(curname)) {
addRRset(answers[i], cred);
completed = true;
haveAnswer = true;
}
if (restart) {
restart = false;
i = 0;
}
}
auth = in.getSectionRRsets(Section.AUTHORITY);
if (!completed) {
/* This is a negative response or a referral. */
RRset soa = null, ns = null;
for (int i = 0; i < auth.length; i++) {
if (auth[i].getType() == Type.SOA && curname.subdomain(auth[i].getName())) soa = auth[i];
else if (auth[i].getType() == Type.NS && curname.subdomain(auth[i].getName())) ns = auth[i];
}
short cachetype = (rcode == Rcode.NXDOMAIN) ? (short) 0 : qtype;
if (soa != null || ns == null) {
/* Negative response */
cred = getCred(Section.AUTHORITY, isAuth);
SOARecord soarec = null;
if (soa != null) soarec = (SOARecord) soa.first();
addNegative(curname, cachetype, soarec, cred);
/* NXT records are not cached yet. */
} else {
/* Referral response */
cred = getCred(Section.AUTHORITY, isAuth);
addRRset(ns, cred);
}
}
addl = in.getSectionRRsets(Section.ADDITIONAL);
for (int i = 0; i < addl.length; i++) {
short type = addl[i].getType();
if (type != Type.A && type != Type.AAAA && type != Type.A6) continue;
/* XXX check the name */
Name name = addl[i].getName();
cred = getCred(Section.ADDITIONAL, isAuth);
addRRset(addl[i], cred);
}
}