/** Returns the key's footprint (after computing it) */
public short getFootprint() {
if (footprint >= 0) return (short) footprint;
int foot = 0;
DataByteOutputStream out = new DataByteOutputStream();
try {
rrToWire(out, null);
} catch (IOException e) {
}
byte[] rdata = out.toByteArray();
if (alg == DNSSEC.RSA) {
int d1 = rdata[rdata.length - 3] & 0xFF;
int d2 = rdata[rdata.length - 2] & 0xFF;
foot = (d1 << 8) + d2;
} else {
int i;
for (i = 0; i < rdata.length - 1; i += 2) {
int d1 = rdata[i] & 0xFF;
int d2 = rdata[i + 1] & 0xFF;
foot += ((d1 << 8) + d2);
}
if (i < rdata.length) {
int d1 = rdata[i] & 0xFF;
foot += (d1 << 8);
}
foot += ((foot >> 16) & 0xffff);
}
footprint = (foot & 0xffff);
return (short) footprint;
}
void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
if (key == null && (flags & (FLAG_NOKEY)) != (FLAG_NOKEY)) return;
out.writeShort(flags);
out.writeByte(proto);
out.writeByte(alg);
if (key != null) out.write(key);
}
/**
* Creates an array containing fields of the SIG record and the message to be signed.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param msg The message to be signed/verified.
* @param previous If this is a response, the signature from the query.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
if (previous != null) out.writeArray(previous);
msg.toWire(out);
return out.toByteArray();
}
void rrToWire(DataByteOutputStream out, Compression c, boolean canonical) {
if (signature == null) return;
out.writeShort(covered);
out.writeByte(alg);
out.writeByte(labels);
out.writeInt(origttl);
out.writeInt((int) (expire.getTime() / 1000));
out.writeInt((int) (timeSigned.getTime() / 1000));
out.writeShort(footprint);
signer.toWire(out, null, canonical);
out.writeArray(signature);
}
/**
* Creates an array containing fields of the SIG record and the RRsets to be signed/verified.
*
* @param sig The SIG record used to sign/verify the rrset.
* @param rrset The data to be signed/verified.
* @return The data to be cryptographically signed or verified.
*/
public static byte[] digestRRset(SIGRecord sig, RRset rrset) {
DataByteOutputStream out = new DataByteOutputStream();
digestSIG(out, sig);
int size = rrset.size();
byte[][] records = new byte[size][];
Iterator it = rrset.rrs();
Name name = rrset.getName();
Name wild = null;
if (name.labels() > sig.getLabels()) wild = name.wild(name.labels() - sig.getLabels());
while (it.hasNext()) {
Record rec = (Record) it.next();
if (wild != null) rec = rec.withName(wild);
records[--size] = rec.toWireCanonical();
}
Arrays.sort(records);
for (int i = 0; i < records.length; i++) out.writeArray(records[i]);
return out.toByteArray();
}
private static void digestSIG(DataByteOutputStream out, SIGRecord sig) {
out.writeShort(sig.getTypeCovered());
out.writeByte(sig.getAlgorithm());
out.writeByte(sig.getLabels());
out.writeUnsignedInt(sig.getOrigTTL());
out.writeInt((int) (sig.getExpire().getTime() / 1000));
out.writeInt((int) (sig.getTimeSigned().getTime() / 1000));
out.writeShort(sig.getFootprint());
sig.getSigner().toWireCanonical(out);
}
void rrToWire(DataByteOutputStream dbs, Compression c) throws IOException {
if (target == null) return;
dbs.writeShort(priority);
target.toWire(dbs, null);
}
void rrToWire(DataByteOutputStream out, Compression c) throws IOException {
if (data != null) out.write(data);
}