use of org.minidns.record.Data in project minidns by MiniDNS.
the class DNSSECClient method verifySignatures.
private VerifySignaturesResult verifySignatures(Question q, Collection<Record<? extends Data>> reference, List<Record<? extends Data>> toBeVerified) throws IOException {
final Date now = new Date();
final List<RRSIG> outdatedRrSigs = new LinkedList<>();
VerifySignaturesResult result = new VerifySignaturesResult();
final List<Record<RRSIG>> rrsigs = new ArrayList<>(toBeVerified.size());
for (Record<? extends Data> recordToBeVerified : toBeVerified) {
Record<RRSIG> record = recordToBeVerified.ifPossibleAs(RRSIG.class);
if (record == null)
continue;
RRSIG rrsig = record.payloadData;
if (rrsig.signatureExpiration.compareTo(now) < 0 || rrsig.signatureInception.compareTo(now) > 0) {
// This RRSIG is out of date, but there might be one that is not.
outdatedRrSigs.add(rrsig);
continue;
}
rrsigs.add(record);
}
if (rrsigs.isEmpty()) {
if (!outdatedRrSigs.isEmpty()) {
result.reasons.add(new NoActiveSignaturesReason(q, outdatedRrSigs));
} else {
result.reasons.add(new NoSignaturesReason(q));
}
return result;
}
for (Record<RRSIG> sigRecord : rrsigs) {
RRSIG rrsig = sigRecord.payloadData;
List<Record<? extends Data>> records = new ArrayList<>(reference.size());
for (Record<? extends Data> record : reference) {
if (record.type == rrsig.typeCovered && record.name.equals(sigRecord.name)) {
records.add(record);
}
}
Set<UnverifiedReason> reasons = verifySignedRecords(q, rrsig, records);
result.reasons.addAll(reasons);
if (q.name.equals(rrsig.signerName) && rrsig.typeCovered == TYPE.DNSKEY) {
for (Iterator<Record<? extends Data>> iterator = records.iterator(); iterator.hasNext(); ) {
Record<DNSKEY> dnsKeyRecord = iterator.next().ifPossibleAs(DNSKEY.class);
// dnsKeyRecord should never be null here.
DNSKEY dnskey = dnsKeyRecord.payloadData;
// DNSKEYs are verified separately, so don't mark them verified now.
iterator.remove();
if (dnskey.getKeyTag() == rrsig.keyTag) {
result.sepSignaturePresent = true;
}
}
// DNSKEY's should be signed by a SEP
result.sepSignatureRequired = true;
}
if (!isParentOrSelf(sigRecord.name.ace, rrsig.signerName.ace)) {
LOGGER.finer("Records at " + sigRecord.name + " are cross-signed with a key from " + rrsig.signerName);
} else {
toBeVerified.removeAll(records);
}
toBeVerified.remove(sigRecord);
}
return result;
}
use of org.minidns.record.Data in project minidns by MiniDNS.
the class ExtendedLRUCache method gather.
private final void gather(Map<DNSMessage, List<Record<? extends Data>>> extraCaches, DNSMessage q, List<Record<? extends Data>> records, DNSName authoritativeZone) {
for (Record<? extends Data> extraRecord : records) {
if (!shouldGather(extraRecord, q.getQuestion(), authoritativeZone))
continue;
DNSMessage.Builder additionalRecordQuestionBuilder = extraRecord.getQuestionMessage();
if (additionalRecordQuestionBuilder == null)
continue;
additionalRecordQuestionBuilder.copyFlagsFrom(q);
additionalRecordQuestionBuilder.setAdditionalResourceRecords(q.additionalSection);
DNSMessage additionalRecordQuestion = additionalRecordQuestionBuilder.build();
if (additionalRecordQuestion.equals(q)) {
// No need to cache the additional question if it is the same as the original question.
continue;
}
List<Record<? extends Data>> additionalRecords = extraCaches.get(additionalRecordQuestion);
if (additionalRecords == null) {
additionalRecords = new LinkedList<>();
extraCaches.put(additionalRecordQuestion, additionalRecords);
}
additionalRecords.add(extraRecord);
}
}
Aggregations