Example 1 with DNSSECValidationFailedException
use of org.minidns.dnssec.DNSSECValidationFailedException in project minidns by MiniDNS.
the class DSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
int t = dis.readUnsignedByte();
byte[] subPrimeBytes = new byte[LENGTH];
dis.readFully(subPrimeBytes);
BigInteger subPrime = new BigInteger(1, subPrimeBytes);
byte[] primeBytes = new byte[64 + t * 8];
dis.readFully(primeBytes);
BigInteger prime = new BigInteger(1, primeBytes);
byte[] baseBytes = new byte[64 + t * 8];
dis.readFully(baseBytes);
BigInteger base = new BigInteger(1, baseBytes);
byte[] pubKeyBytes = new byte[64 + t * 8];
dis.readFully(pubKeyBytes);
BigInteger pubKey = new BigInteger(1, pubKeyBytes);
return getKeyFactory().generatePublic(new DSAPublicKeySpec(pubKey, prime, subPrime, base));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
Also used :
DataInput(java.io.DataInput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
BigInteger(java.math.BigInteger)
IOException(java.io.IOException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DataInputStream(java.io.DataInputStream)
DSAPublicKeySpec(java.security.spec.DSAPublicKeySpec)
Example 2 with DNSSECValidationFailedException
use of org.minidns.dnssec.DNSSECValidationFailedException in project minidns by MiniDNS.
the class DSASignatureVerifier method getSignature.
@Override
protected byte[] getSignature(byte[] rrsigData) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(rrsigData));
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
// Convert RFC 2536 to ASN.1
try {
@SuppressWarnings("unused") byte t = dis.readByte();
byte[] r = new byte[LENGTH];
dis.readFully(r);
int rlen = (r[0] < 0) ? LENGTH + 1 : LENGTH;
byte[] s = new byte[LENGTH];
dis.readFully(s);
int slen = (s[0] < 0) ? LENGTH + 1 : LENGTH;
dos.writeByte(0x30);
dos.writeByte(rlen + slen + 4);
dos.writeByte(0x2);
dos.writeByte(rlen);
if (rlen > LENGTH)
dos.writeByte(0);
dos.write(r);
dos.writeByte(0x2);
dos.writeByte(slen);
if (slen > LENGTH)
dos.writeByte(0);
dos.write(s);
} catch (IOException e) {
throw new DNSSECValidationFailedException("Invalid signature!", e);
}
return bos.toByteArray();
}
Also used :
DataInput(java.io.DataInput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
DataOutputStream(java.io.DataOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DataInputStream(java.io.DataInputStream)
Example 3 with DNSSECValidationFailedException
use of org.minidns.dnssec.DNSSECValidationFailedException in project minidns by MiniDNS.
the class JavaSecSignatureVerifier method verify.
@Override
public boolean verify(byte[] content, byte[] rrsigData, byte[] key) {
try {
PublicKey publicKey = getPublicKey(key);
Signature signature = Signature.getInstance(signatureAlgorithm);
signature.initVerify(publicKey);
signature.update(content);
return signature.verify(getSignature(rrsigData));
} catch (NoSuchAlgorithmException e) {
// We checked against this before, it should never happen!
throw new IllegalStateException();
} catch (InvalidKeyException | SignatureException | ArithmeticException e) {
throw new DNSSECValidationFailedException("Validating signature failed", e);
}
}
Also used :
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
PublicKey(java.security.PublicKey)
Signature(java.security.Signature)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SignatureException(java.security.SignatureException)
InvalidKeyException(java.security.InvalidKeyException)
Example 4 with DNSSECValidationFailedException
use of org.minidns.dnssec.DNSSECValidationFailedException in project minidns by MiniDNS.
the class RSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
int exponentLength = dis.readUnsignedByte();
int bytesRead = 1;
if (exponentLength == 0) {
bytesRead += 2;
exponentLength = dis.readUnsignedShort();
}
byte[] exponentBytes = new byte[exponentLength];
dis.readFully(exponentBytes);
bytesRead += exponentLength;
BigInteger exponent = new BigInteger(1, exponentBytes);
byte[] modulusBytes = new byte[key.length - bytesRead];
dis.readFully(modulusBytes);
BigInteger modulus = new BigInteger(1, modulusBytes);
return getKeyFactory().generatePublic(new RSAPublicKeySpec(modulus, exponent));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
Also used :
DataInput(java.io.DataInput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
BigInteger(java.math.BigInteger)
RSAPublicKeySpec(java.security.spec.RSAPublicKeySpec)
IOException(java.io.IOException)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DataInputStream(java.io.DataInputStream)
Example 5 with DNSSECValidationFailedException
use of org.minidns.dnssec.DNSSECValidationFailedException in project minidns by MiniDNS.
the class ECDSASignatureVerifier method getSignature.
@Override
protected byte[] getSignature(byte[] rrsigData) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(rrsigData));
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
try {
byte[] r = new byte[length];
dis.readFully(r);
int rlen = (r[0] < 0) ? length + 1 : length;
byte[] s = new byte[length];
dis.readFully(s);
int slen = (s[0] < 0) ? length + 1 : length;
dos.writeByte(0x30);
dos.writeByte(rlen + slen + 4);
dos.writeByte(0x2);
dos.writeByte(rlen);
if (rlen > length)
dos.writeByte(0);
dos.write(r);
dos.writeByte(0x2);
dos.writeByte(slen);
if (slen > length)
dos.writeByte(0);
dos.write(s);
} catch (IOException e) {
throw new DNSSECValidationFailedException("Invalid signature!", e);
}
return bos.toByteArray();
}
Also used :
DataInput(java.io.DataInput)
ByteArrayInputStream(java.io.ByteArrayInputStream)
DNSSECValidationFailedException(org.minidns.dnssec.DNSSECValidationFailedException)
DataOutputStream(java.io.DataOutputStream)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
IOException(java.io.IOException)
DataInputStream(java.io.DataInputStream)
ECPoint(java.security.spec.ECPoint)
Aggregations
DNSSECValidationFailedException (org.minidns.dnssec.DNSSECValidationFailedException)7
ByteArrayInputStream (java.io.ByteArrayInputStream)6
DataInput (java.io.DataInput)6
DataInputStream (java.io.DataInputStream)6
IOException (java.io.IOException)6
BigInteger (java.math.BigInteger)4
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)4
ECPoint (java.security.spec.ECPoint)3
ByteArrayOutputStream (java.io.ByteArrayOutputStream)2
DataOutputStream (java.io.DataOutputStream)2
ECPublicKeySpec (java.security.spec.ECPublicKeySpec)2
InvalidKeyException (java.security.InvalidKeyException)1
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1
PublicKey (java.security.PublicKey)1
Signature (java.security.Signature)1
SignatureException (java.security.SignatureException)1
DSAPublicKeySpec (java.security.spec.DSAPublicKeySpec)1
RSAPublicKeySpec (java.security.spec.RSAPublicKeySpec)1
Test (org.junit.jupiter.api.Test)1
DnsClient (org.minidns.DnsClient)1
