Examples with NSECDoesNotMatchReason - org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason

Example 1 with NSECDoesNotMatchReason

use of org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason in project minidns by MiniDNS.

the class Verifier method verifyNsec3.

public UnverifiedReason verifyNsec3(DNSName zone, Record<? extends Data> nsec3record, Question q) {
    NSEC3 nsec3 = (NSEC3) nsec3record.payloadData;
    DigestCalculator digestCalculator = algorithmMap.getNsecDigestCalculator(nsec3.hashAlgorithm);
    if (digestCalculator == null) {
        return new AlgorithmNotSupportedReason(nsec3.hashAlgorithmByte, nsec3.getType(), nsec3record);
    }
    byte[] bytes = nsec3hash(digestCalculator, nsec3.salt, q.name.getBytes(), nsec3.iterations);
    String s = Base32.encodeToString(bytes);
    DNSName computedNsec3Record = DNSName.from(s + "." + zone);
    if (nsec3record.name.equals(computedNsec3Record)) {
        for (TYPE type : nsec3.types) {
            if (type.equals(q.type)) {
                return new NSECDoesNotMatchReason(q, nsec3record);
            }
        }
        return null;
    }
    if (nsecMatches(s, nsec3record.name.getHostpart(), Base32.encodeToString(nsec3.nextHashed))) {
        return null;
    }
    return new NSECDoesNotMatchReason(q, nsec3record);
}

Also used : NSEC3(org.minidns.record.NSEC3) AlgorithmNotSupportedReason(org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason) NSECDoesNotMatchReason(org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason) DNSName(org.minidns.dnsname.DNSName) TYPE(org.minidns.record.Record.TYPE)

Aggregations

DNSName (org.minidns.dnsname.DNSName)1 AlgorithmNotSupportedReason (org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)1 NSECDoesNotMatchReason (org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason)1 NSEC3 (org.minidns.record.NSEC3)1 TYPE (org.minidns.record.Record.TYPE)1