Example 1 with AlgorithmNotSupportedReason
use of org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason in project minidns by MiniDNS.
the class Verifier method verify.
public UnverifiedReason verify(Record<DNSKEY> dnskeyRecord, DelegatingDnssecRR ds) {
DNSKEY dnskey = dnskeyRecord.payloadData;
DigestCalculator digestCalculator = algorithmMap.getDsDigestCalculator(ds.digestType);
if (digestCalculator == null) {
return new AlgorithmNotSupportedReason(ds.digestTypeByte, ds.getType(), dnskeyRecord);
}
byte[] dnskeyData = dnskey.toByteArray();
byte[] dnskeyOwner = dnskeyRecord.name.getBytes();
byte[] combined = new byte[dnskeyOwner.length + dnskeyData.length];
System.arraycopy(dnskeyOwner, 0, combined, 0, dnskeyOwner.length);
System.arraycopy(dnskeyData, 0, combined, dnskeyOwner.length, dnskeyData.length);
byte[] digest;
try {
digest = digestCalculator.digest(combined);
} catch (Exception e) {
return new AlgorithmExceptionThrownReason(ds.digestType, "DS", dnskeyRecord, e);
}
if (!ds.digestEquals(digest)) {
throw new DNSSECValidationFailedException(dnskeyRecord, "SEP is not properly signed by parent DS!");
}
return null;
}
Also used :
AlgorithmExceptionThrownReason(org.minidns.dnssec.UnverifiedReason.AlgorithmExceptionThrownReason)
AlgorithmNotSupportedReason(org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)
DNSKEY(org.minidns.record.DNSKEY)
IOException(java.io.IOException)
Example 2 with AlgorithmNotSupportedReason
use of org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason in project minidns by MiniDNS.
the class Verifier method verifyNsec3.
public UnverifiedReason verifyNsec3(DNSName zone, Record<? extends Data> nsec3record, Question q) {
NSEC3 nsec3 = (NSEC3) nsec3record.payloadData;
DigestCalculator digestCalculator = algorithmMap.getNsecDigestCalculator(nsec3.hashAlgorithm);
if (digestCalculator == null) {
return new AlgorithmNotSupportedReason(nsec3.hashAlgorithmByte, nsec3.getType(), nsec3record);
}
byte[] bytes = nsec3hash(digestCalculator, nsec3.salt, q.name.getBytes(), nsec3.iterations);
String s = Base32.encodeToString(bytes);
DNSName computedNsec3Record = DNSName.from(s + "." + zone);
if (nsec3record.name.equals(computedNsec3Record)) {
for (TYPE type : nsec3.types) {
if (type.equals(q.type)) {
return new NSECDoesNotMatchReason(q, nsec3record);
}
}
return null;
}
if (nsecMatches(s, nsec3record.name.getHostpart(), Base32.encodeToString(nsec3.nextHashed))) {
return null;
}
return new NSECDoesNotMatchReason(q, nsec3record);
}
Also used :
NSEC3(org.minidns.record.NSEC3)
AlgorithmNotSupportedReason(org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)
NSECDoesNotMatchReason(org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason)
DNSName(org.minidns.dnsname.DNSName)
TYPE(org.minidns.record.Record.TYPE)
Aggregations
AlgorithmNotSupportedReason (org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)2
IOException (java.io.IOException)1
DNSName (org.minidns.dnsname.DNSName)1
AlgorithmExceptionThrownReason (org.minidns.dnssec.UnverifiedReason.AlgorithmExceptionThrownReason)1
NSECDoesNotMatchReason (org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason)1
DNSKEY (org.minidns.record.DNSKEY)1
NSEC3 (org.minidns.record.NSEC3)1
TYPE (org.minidns.record.Record.TYPE)1
