use of org.minidns.dnssec.DnssecValidationFailedException in project minidns by MiniDNS.
the class DSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
int t = dis.readUnsignedByte();
byte[] subPrimeBytes = new byte[LENGTH];
dis.readFully(subPrimeBytes);
BigInteger subPrime = new BigInteger(1, subPrimeBytes);
byte[] primeBytes = new byte[64 + t * 8];
dis.readFully(primeBytes);
BigInteger prime = new BigInteger(1, primeBytes);
byte[] baseBytes = new byte[64 + t * 8];
dis.readFully(baseBytes);
BigInteger base = new BigInteger(1, baseBytes);
byte[] pubKeyBytes = new byte[64 + t * 8];
dis.readFully(pubKeyBytes);
BigInteger pubKey = new BigInteger(1, pubKeyBytes);
return getKeyFactory().generatePublic(new DSAPublicKeySpec(pubKey, prime, subPrime, base));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
use of org.minidns.dnssec.DnssecValidationFailedException in project minidns by MiniDNS.
the class DSASignatureVerifier method getSignature.
@Override
protected byte[] getSignature(byte[] rrsigData) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(rrsigData));
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
// Convert RFC 2536 to ASN.1
try {
@SuppressWarnings("unused") byte t = dis.readByte();
byte[] r = new byte[LENGTH];
dis.readFully(r);
int rlen = (r[0] < 0) ? LENGTH + 1 : LENGTH;
byte[] s = new byte[LENGTH];
dis.readFully(s);
int slen = (s[0] < 0) ? LENGTH + 1 : LENGTH;
dos.writeByte(0x30);
dos.writeByte(rlen + slen + 4);
dos.writeByte(0x2);
dos.writeByte(rlen);
if (rlen > LENGTH)
dos.writeByte(0);
dos.write(r);
dos.writeByte(0x2);
dos.writeByte(slen);
if (slen > LENGTH)
dos.writeByte(0);
dos.write(s);
} catch (IOException e) {
throw new DNSSECValidationFailedException("Invalid signature!", e);
}
return bos.toByteArray();
}
use of org.minidns.dnssec.DnssecValidationFailedException in project minidns by MiniDNS.
the class JavaSecSignatureVerifier method verify.
@Override
public boolean verify(byte[] content, byte[] rrsigData, byte[] key) {
try {
PublicKey publicKey = getPublicKey(key);
Signature signature = Signature.getInstance(signatureAlgorithm);
signature.initVerify(publicKey);
signature.update(content);
return signature.verify(getSignature(rrsigData));
} catch (NoSuchAlgorithmException e) {
// We checked against this before, it should never happen!
throw new IllegalStateException();
} catch (InvalidKeyException | SignatureException | ArithmeticException e) {
throw new DNSSECValidationFailedException("Validating signature failed", e);
}
}
use of org.minidns.dnssec.DnssecValidationFailedException in project minidns by MiniDNS.
the class RSASignatureVerifier method getPublicKey.
@Override
protected PublicKey getPublicKey(byte[] key) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(key));
try {
int exponentLength = dis.readUnsignedByte();
int bytesRead = 1;
if (exponentLength == 0) {
bytesRead += 2;
exponentLength = dis.readUnsignedShort();
}
byte[] exponentBytes = new byte[exponentLength];
dis.readFully(exponentBytes);
bytesRead += exponentLength;
BigInteger exponent = new BigInteger(1, exponentBytes);
byte[] modulusBytes = new byte[key.length - bytesRead];
dis.readFully(modulusBytes);
BigInteger modulus = new BigInteger(1, modulusBytes);
return getKeyFactory().generatePublic(new RSAPublicKeySpec(modulus, exponent));
} catch (IOException | InvalidKeySpecException e) {
throw new DNSSECValidationFailedException("Invalid public key!", e);
}
}
use of org.minidns.dnssec.DnssecValidationFailedException in project minidns by MiniDNS.
the class ECDSASignatureVerifier method getSignature.
@Override
protected byte[] getSignature(byte[] rrsigData) {
DataInput dis = new DataInputStream(new ByteArrayInputStream(rrsigData));
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
try {
byte[] r = new byte[length];
dis.readFully(r);
int rlen = (r[0] < 0) ? length + 1 : length;
byte[] s = new byte[length];
dis.readFully(s);
int slen = (s[0] < 0) ? length + 1 : length;
dos.writeByte(0x30);
dos.writeByte(rlen + slen + 4);
dos.writeByte(0x2);
dos.writeByte(rlen);
if (rlen > length)
dos.writeByte(0);
dos.write(r);
dos.writeByte(0x2);
dos.writeByte(slen);
if (slen > length)
dos.writeByte(0);
dos.write(s);
} catch (IOException e) {
throw new DNSSECValidationFailedException("Invalid signature!", e);
}
return bos.toByteArray();
}
Aggregations