Example 1 with NSEC3
use of org.minidns.record.NSEC3 in project minidns by MiniDNS.
the class DNSMessageTest method testComNsec3Lookup.
@Test
public void testComNsec3Lookup() throws Exception {
DNSMessage m = getMessageFromResource("com-nsec3");
assertEquals(0, m.answerSection.size());
List<Record<? extends Data>> records = m.authoritySection;
assertEquals(8, records.size());
for (Record<? extends Data> record : records) {
if (record.type == TYPE.NSEC3) {
assertEquals(TYPE.NSEC3, record.getPayload().getType());
NSEC3 nsec3 = (NSEC3) record.payloadData;
assertEquals(HashAlgorithm.SHA1, nsec3.hashAlgorithm);
assertEquals(1, nsec3.flags);
assertEquals(0, nsec3.iterations);
assertEquals(0, nsec3.salt.length);
switch(record.name.ace) {
case "CK0POJMG874LJREF7EFN8430QVIT8BSM.com":
assertCsEquals("CK0QFMDQRCSRU0651QLVA1JQB21IF7UR", Base32.encodeToString(nsec3.nextHashed));
assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.SOA, TYPE.RRSIG, TYPE.DNSKEY, TYPE.NSEC3PARAM }, nsec3.types);
break;
case "V2I33UBTHNVNSP9NS85CURCLSTFPTE24.com":
assertCsEquals("V2I4KPUS7NGDML5EEJU3MVHO26GKB6PA", Base32.encodeToString(nsec3.nextHashed));
assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.DS, TYPE.RRSIG }, nsec3.types);
break;
case "3RL20VCNK6KV8OT9TDIJPI0JU1SS6ONS.com":
assertCsEquals("3RL3UFVFRUE94PV5888AIC2TPS0JA9V2", Base32.encodeToString(nsec3.nextHashed));
assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.DS, TYPE.RRSIG }, nsec3.types);
break;
}
}
}
}
Also used :
NSEC3(org.minidns.record.NSEC3)
Record(org.minidns.record.Record)
Data(org.minidns.record.Data)
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Test(org.junit.Test)
Example 2 with NSEC3
use of org.minidns.record.NSEC3 in project minidns by MiniDNS.
the class Verifier method verifyNsec3.
public UnverifiedReason verifyNsec3(DNSName zone, Record<? extends Data> nsec3record, Question q) {
NSEC3 nsec3 = (NSEC3) nsec3record.payloadData;
DigestCalculator digestCalculator = algorithmMap.getNsecDigestCalculator(nsec3.hashAlgorithm);
if (digestCalculator == null) {
return new AlgorithmNotSupportedReason(nsec3.hashAlgorithmByte, nsec3.getType(), nsec3record);
}
byte[] bytes = nsec3hash(digestCalculator, nsec3.salt, q.name.getBytes(), nsec3.iterations);
String s = Base32.encodeToString(bytes);
DNSName computedNsec3Record = DNSName.from(s + "." + zone);
if (nsec3record.name.equals(computedNsec3Record)) {
for (TYPE type : nsec3.types) {
if (type.equals(q.type)) {
return new NSECDoesNotMatchReason(q, nsec3record);
}
}
return null;
}
if (nsecMatches(s, nsec3record.name.getHostpart(), Base32.encodeToString(nsec3.nextHashed))) {
return null;
}
return new NSECDoesNotMatchReason(q, nsec3record);
}
Also used :
NSEC3(org.minidns.record.NSEC3)
AlgorithmNotSupportedReason(org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)
NSECDoesNotMatchReason(org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason)
DNSName(org.minidns.dnsname.DNSName)
TYPE(org.minidns.record.Record.TYPE)
Aggregations
NSEC3 (org.minidns.record.NSEC3)2
Test (org.junit.Test)1
DNSMessage (org.minidns.dnsmessage.DNSMessage)1
DNSName (org.minidns.dnsname.DNSName)1
AlgorithmNotSupportedReason (org.minidns.dnssec.UnverifiedReason.AlgorithmNotSupportedReason)1
NSECDoesNotMatchReason (org.minidns.dnssec.UnverifiedReason.NSECDoesNotMatchReason)1
Data (org.minidns.record.Data)1
Record (org.minidns.record.Record)1
TYPE (org.minidns.record.Record.TYPE)1
