Examples with Data - org.minidns.record.Data

Example 21 with Data

use of org.minidns.record.Data in project minidns by MiniDNS.

the class DNSSECClient method verifySignatures.

private VerifySignaturesResult verifySignatures(Question q, Collection<Record<? extends Data>> reference, List<Record<? extends Data>> toBeVerified) throws IOException {
    final Date now = new Date();
    final List<RRSIG> outdatedRrSigs = new LinkedList<>();
    VerifySignaturesResult result = new VerifySignaturesResult();
    final List<Record<RRSIG>> rrsigs = new ArrayList<>(toBeVerified.size());
    for (Record<? extends Data> recordToBeVerified : toBeVerified) {
        Record<RRSIG> record = recordToBeVerified.ifPossibleAs(RRSIG.class);
        if (record == null)
            continue;
        RRSIG rrsig = record.payloadData;
        if (rrsig.signatureExpiration.compareTo(now) < 0 || rrsig.signatureInception.compareTo(now) > 0) {
            // This RRSIG is out of date, but there might be one that is not.
            outdatedRrSigs.add(rrsig);
            continue;
        }
        rrsigs.add(record);
    }
    if (rrsigs.isEmpty()) {
        if (!outdatedRrSigs.isEmpty()) {
            result.reasons.add(new NoActiveSignaturesReason(q, outdatedRrSigs));
        } else {
            result.reasons.add(new NoSignaturesReason(q));
        }
        return result;
    }
    for (Record<RRSIG> sigRecord : rrsigs) {
        RRSIG rrsig = sigRecord.payloadData;
        List<Record<? extends Data>> records = new ArrayList<>(reference.size());
        for (Record<? extends Data> record : reference) {
            if (record.type == rrsig.typeCovered && record.name.equals(sigRecord.name)) {
                records.add(record);
            }
        }
        Set<UnverifiedReason> reasons = verifySignedRecords(q, rrsig, records);
        result.reasons.addAll(reasons);
        if (q.name.equals(rrsig.signerName) && rrsig.typeCovered == TYPE.DNSKEY) {
            for (Iterator<Record<? extends Data>> iterator = records.iterator(); iterator.hasNext(); ) {
                Record<DNSKEY> dnsKeyRecord = iterator.next().ifPossibleAs(DNSKEY.class);
                // dnsKeyRecord should never be null here.
                DNSKEY dnskey = dnsKeyRecord.payloadData;
                // DNSKEYs are verified separately, so don't mark them verified now.
                iterator.remove();
                if (dnskey.getKeyTag() == rrsig.keyTag) {
                    result.sepSignaturePresent = true;
                }
            }
            // DNSKEY's should be signed by a SEP
            result.sepSignatureRequired = true;
        }
        if (!isParentOrSelf(sigRecord.name.ace, rrsig.signerName.ace)) {
            LOGGER.finer("Records at " + sigRecord.name + " are cross-signed with a key from " + rrsig.signerName);
        } else {
            toBeVerified.removeAll(records);
        }
        toBeVerified.remove(sigRecord);
    }
    return result;
}

Also used : ArrayList(java.util.ArrayList) Data(org.minidns.record.Data) NoActiveSignaturesReason(org.minidns.dnssec.UnverifiedReason.NoActiveSignaturesReason) DNSKEY(org.minidns.record.DNSKEY) Date(java.util.Date) LinkedList(java.util.LinkedList) NoSignaturesReason(org.minidns.dnssec.UnverifiedReason.NoSignaturesReason) Record(org.minidns.record.Record) RRSIG(org.minidns.record.RRSIG)

Example 22 with Data

use of org.minidns.record.Data in project minidns by MiniDNS.

the class ExtendedLRUCache method gather.

private final void gather(Map<DNSMessage, List<Record<? extends Data>>> extraCaches, DNSMessage q, List<Record<? extends Data>> records, DNSName authoritativeZone) {
    for (Record<? extends Data> extraRecord : records) {
        if (!shouldGather(extraRecord, q.getQuestion(), authoritativeZone))
            continue;
        DNSMessage.Builder additionalRecordQuestionBuilder = extraRecord.getQuestionMessage();
        if (additionalRecordQuestionBuilder == null)
            continue;
        additionalRecordQuestionBuilder.copyFlagsFrom(q);
        additionalRecordQuestionBuilder.setAdditionalResourceRecords(q.additionalSection);
        DNSMessage additionalRecordQuestion = additionalRecordQuestionBuilder.build();
        if (additionalRecordQuestion.equals(q)) {
            // No need to cache the additional question if it is the same as the original question.
            continue;
        }
        List<Record<? extends Data>> additionalRecords = extraCaches.get(additionalRecordQuestion);
        if (additionalRecords == null) {
            additionalRecords = new LinkedList<>();
            extraCaches.put(additionalRecordQuestion, additionalRecords);
        }
        additionalRecords.add(extraRecord);
    }
}

Also used : Record(org.minidns.record.Record) Data(org.minidns.record.Data) DNSMessage(org.minidns.dnsmessage.DNSMessage)

Aggregations

Data (org.minidns.record.Data)22 Record (org.minidns.record.Record)21 DNSMessage (org.minidns.dnsmessage.DNSMessage)16 Test (org.junit.Test)14 HashSet (java.util.HashSet)5 DNSName (org.minidns.dnsname.DNSName)4 DNSKEY (org.minidns.record.DNSKEY)4 ArrayList (java.util.ArrayList)3 Question (org.minidns.dnsmessage.Question)3 EDNS (org.minidns.edns.EDNS)3 IOException (java.io.IOException)2 LinkedList (java.util.LinkedList)2 LRUCache (org.minidns.cache.LRUCache)2 NoSignaturesReason (org.minidns.dnssec.UnverifiedReason.NoSignaturesReason)2 AAAA (org.minidns.record.AAAA)2 RRSIG (org.minidns.record.RRSIG)2 SOA (org.minidns.record.SOA)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 DataOutputStream (java.io.DataOutputStream)1 InetAddress (java.net.InetAddress)1