use of org.minidns.record.RRSIG in project minidns by MiniDNS.
the class DNSSECClientTest method testSignatureInFuture.
@SuppressWarnings("unchecked")
@Test
public void testSignatureInFuture() throws IOException {
Date signatureExpiration = new Date(System.currentTimeMillis() + 28L * 24L * 60L * 60L * 1000L);
Date signatureInception = new Date(System.currentTimeMillis() + 14 * 24 * 60 * 60 * 1000);
RRSIG outOfDateSig = rrsig(Record.TYPE.A, algorithm, 2, 3600, signatureExpiration, signatureInception, comZSK.getKeyTag(), "com", new byte[0]);
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ds("com", digestType, comKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comPrivateZSK, outOfDateSig, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.record.RRSIG in project minidns by MiniDNS.
the class DNSSECClientTest method testSignatureOutOfDate.
@SuppressWarnings("unchecked")
@Test
public void testSignatureOutOfDate() throws IOException {
Date signatureExpiration = new Date(System.currentTimeMillis() - 14 * 24 * 60 * 60 * 1000);
Date signatureInception = new Date(System.currentTimeMillis() - 28L * 24L * 60L * 60L * 1000L);
RRSIG outOfDateSig = rrsig(Record.TYPE.A, algorithm, 2, 3600, signatureExpiration, signatureInception, comZSK.getKeyTag(), "com", new byte[0]);
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ds("com", digestType, comKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comPrivateZSK, outOfDateSig, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.record.RRSIG in project minidns by MiniDNS.
the class DNSSECClientTest method testUnknownAlgorithm.
@SuppressWarnings("unchecked")
@Test
public void testUnknownAlgorithm() throws IOException {
Date signatureExpiration = new Date(System.currentTimeMillis() + 14 * 24 * 60 * 60 * 1000);
Date signatureInception = new Date(System.currentTimeMillis() - 14 * 24 * 60 * 60 * 1000);
RRSIG unknownRrsig = rrsig(Record.TYPE.A, 213, 2, 3600, signatureExpiration, signatureInception, comZSK.getKeyTag(), "com", new byte[0]);
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ds("com", digestType, comKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), zone("com", "ns.com", "1.1.1.1", record("com", comKSK), record("com", comZSK), record("example.com", a("1.1.1.2")), record("example.com", unknownRrsig)));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.record.RRSIG in project minidns by MiniDNS.
the class DNSSECWorld method rrsigRecord.
@SuppressWarnings("unchecked")
public static Record<? extends Data> rrsigRecord(DNSKEY key, String signerName, PrivateKey privateKey, SignatureAlgorithm algorithm, Record<? extends Data>... records) {
Record.TYPE typeCovered = records[0].type;
String name = records[0].name.ace;
int labels = name.isEmpty() ? 0 : name.split("\\.").length;
long originalTtl = records[0].ttl;
Date signatureExpiration = new Date(System.currentTimeMillis() + 14 * 24 * 60 * 60 * 1000);
Date signatureInception = new Date(System.currentTimeMillis() - 14 * 24 * 60 * 60 * 1000);
RRSIG rrsig = rrsig(typeCovered, algorithm, labels, originalTtl, signatureExpiration, signatureInception, key.getKeyTag(), signerName, new byte[0]);
return rrsigRecord(privateKey, rrsig, records);
}
use of org.minidns.record.RRSIG in project minidns by MiniDNS.
the class DNSMessageTest method testComDsAndRrsigLookup.
@Test
public void testComDsAndRrsigLookup() throws Exception {
DNSMessage m = getMessageFromResource("com-ds-rrsig");
assertFalse(m.authoritativeAnswer);
assertTrue(m.recursionDesired);
assertTrue(m.recursionAvailable);
List<Record<? extends Data>> answers = m.answerSection;
assertEquals(2, answers.size());
assertEquals(TYPE.DS, answers.get(0).type);
assertEquals(TYPE.DS, answers.get(0).payloadData.getType());
DS ds = (DS) answers.get(0).payloadData;
assertEquals(30909, ds.keyTag);
assertEquals(SignatureAlgorithm.RSASHA256, ds.algorithm);
assertEquals(DigestAlgorithm.SHA256, ds.digestType);
assertCsEquals("E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CFC41A5766", ds.getDigestHex());
assertEquals(TYPE.RRSIG, answers.get(1).type);
assertEquals(TYPE.RRSIG, answers.get(1).payloadData.getType());
RRSIG rrsig = (RRSIG) answers.get(1).payloadData;
assertEquals(TYPE.DS, rrsig.typeCovered);
assertEquals(SignatureAlgorithm.RSASHA256, rrsig.algorithm);
assertEquals(1, rrsig.labels);
assertEquals(86400, rrsig.originalTtl);
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyyMMddHHmmss");
dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
assertCsEquals("20150629170000", dateFormat.format(rrsig.signatureExpiration));
assertCsEquals("20150619160000", dateFormat.format(rrsig.signatureInception));
assertEquals(48613, rrsig.keyTag);
assertCsEquals(".", rrsig.signerName);
assertEquals(128, rrsig.signature.length);
List<Record<? extends Data>> arr = m.additionalSection;
assertEquals(1, arr.size());
assertEquals(TYPE.OPT, arr.get(0).getPayload().getType());
Record<? extends Data> opt = arr.get(0);
EDNS edns = EDNS.fromRecord(opt);
assertEquals(512, edns.udpPayloadSize);
assertEquals(0, edns.version);
assertTrue(edns.dnssecOk);
}
Aggregations