Search in sources :

Example 1 with AlgorithmExceptionThrownReason

use of org.minidns.dnssec.UnverifiedReason.AlgorithmExceptionThrownReason in project minidns by MiniDNS.

the class Verifier method verify.

public UnverifiedReason verify(Record<DNSKEY> dnskeyRecord, DelegatingDnssecRR ds) {
    DNSKEY dnskey = dnskeyRecord.payloadData;
    DigestCalculator digestCalculator = algorithmMap.getDsDigestCalculator(ds.digestType);
    if (digestCalculator == null) {
        return new AlgorithmNotSupportedReason(ds.digestTypeByte, ds.getType(), dnskeyRecord);
    }
    byte[] dnskeyData = dnskey.toByteArray();
    byte[] dnskeyOwner = dnskeyRecord.name.getBytes();
    byte[] combined = new byte[dnskeyOwner.length + dnskeyData.length];
    System.arraycopy(dnskeyOwner, 0, combined, 0, dnskeyOwner.length);
    System.arraycopy(dnskeyData, 0, combined, dnskeyOwner.length, dnskeyData.length);
    byte[] digest;
    try {
        digest = digestCalculator.digest(combined);
    } catch (Exception e) {
        return new AlgorithmExceptionThrownReason(ds.digestType, "DS", dnskeyRecord, e);
    }
    if (!ds.digestEquals(digest)) {
        throw new DNSSECValidationFailedException(dnskeyRecord, "SEP is not properly signed by parent DS!");
    }
    return null;
}
Also used : AlgorithmExceptionThrownReason(org.minidns.dnssec.UnverifiedReason.AlgorithmExceptionThrownReason) AlgorithmNotSupportedReason(org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason) DNSKEY(org.minidns.record.DNSKEY) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)1 AlgorithmExceptionThrownReason (org.minidns.dnssec.UnverifiedReason.AlgorithmExceptionThrownReason)1 AlgorithmNotSupportedReason (org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)1 DNSKEY (org.minidns.record.DNSKEY)1