Examples with Record org.minidns.record.Record used on opensource projects

Example 6 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSMessageTest method testComNsec3Lookup.

@Test
public void testComNsec3Lookup() throws Exception {
    DNSMessage m = getMessageFromResource("com-nsec3");
    assertEquals(0, m.answerSection.size());
    List<Record<? extends Data>> records = m.authoritySection;
    assertEquals(8, records.size());
    for (Record<? extends Data> record : records) {
        if (record.type == TYPE.NSEC3) {
            assertEquals(TYPE.NSEC3, record.getPayload().getType());
            NSEC3 nsec3 = (NSEC3) record.payloadData;
            assertEquals(HashAlgorithm.SHA1, nsec3.hashAlgorithm);
            assertEquals(1, nsec3.flags);
            assertEquals(0, nsec3.iterations);
            assertEquals(0, nsec3.salt.length);
            switch(record.name.ace) {
                case "CK0POJMG874LJREF7EFN8430QVIT8BSM.com":
                    assertCsEquals("CK0QFMDQRCSRU0651QLVA1JQB21IF7UR", Base32.encodeToString(nsec3.nextHashed));
                    assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.SOA, TYPE.RRSIG, TYPE.DNSKEY, TYPE.NSEC3PARAM }, nsec3.types);
                    break;
                case "V2I33UBTHNVNSP9NS85CURCLSTFPTE24.com":
                    assertCsEquals("V2I4KPUS7NGDML5EEJU3MVHO26GKB6PA", Base32.encodeToString(nsec3.nextHashed));
                    assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.DS, TYPE.RRSIG }, nsec3.types);
                    break;
                case "3RL20VCNK6KV8OT9TDIJPI0JU1SS6ONS.com":
                    assertCsEquals("3RL3UFVFRUE94PV5888AIC2TPS0JA9V2", Base32.encodeToString(nsec3.nextHashed));
                    assertArrayContentEquals(new TYPE[] { TYPE.NS, TYPE.DS, TYPE.RRSIG }, nsec3.types);
                    break;
            }
        }
    }
}

Example 7 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSMessageTest method testSoaLookup.

@Test
public void testSoaLookup() throws Exception {
    DNSMessage m = getMessageFromResource("oracle-soa");
    assertFalse(m.authoritativeAnswer);
    List<Record<? extends Data>> answers = m.answerSection;
    assertEquals(1, answers.size());
    Record<? extends Data> answer = answers.get(0);
    assertTrue(answer.getPayload() instanceof SOA);
    assertEquals(TYPE.SOA, answer.getPayload().getType());
    SOA soa = (SOA) answer.getPayload();
    assertCsEquals("orcldns1.ultradns.com", soa.mname);
    assertCsEquals("hostmaster\\@oracle.com", soa.rname);
    assertEquals(2015032404L, soa.serial);
    assertEquals(10800, soa.refresh);
    assertEquals(3600, soa.retry);
    assertEquals(1209600, soa.expire);
    assertEquals(900L, soa.minimum);
}

Example 8 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSMessageTest method testALookup.

@Test
public void testALookup() throws Exception {
    DNSMessage m = getMessageFromResource("sun-a");
    assertFalse(m.authoritativeAnswer);
    List<Record<? extends Data>> answers = m.answerSection;
    assertEquals(2, answers.size());
    Record<? extends Data> cname = answers.get(0);
    Record<? extends Data> a = answers.get(1);
    assertTrue(cname.getPayload() instanceof RRWithTarget);
    assertEquals(TYPE.CNAME, cname.getPayload().getType());
    assertCsEquals("legacy-sun.oraclegha.com", ((RRWithTarget) (cname.getPayload())).target);
    assertCsEquals("legacy-sun.oraclegha.com", a.name);
    assertTrue(a.getPayload() instanceof A);
    assertEquals(TYPE.A, a.getPayload().getType());
    assertCsEquals("156.151.59.35", a.getPayload().toString());
}

Example 9 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSSECClient method verifySignedRecords.

private Set<UnverifiedReason> verifySignedRecords(Question q, RRSIG rrsig, List<Record<? extends Data>> records) throws IOException {
    Set<UnverifiedReason> result = new HashSet<>();
    DNSKEY dnskey = null;
    if (rrsig.typeCovered == TYPE.DNSKEY) {
        // Key must be present
        for (Record<? extends Data> record : records) {
            Record<DNSKEY> dnsKeyRecord = record.ifPossibleAs(DNSKEY.class);
            if (dnsKeyRecord == null)
                continue;
            if (dnsKeyRecord.payloadData.getKeyTag() == rrsig.keyTag) {
                dnskey = dnsKeyRecord.payloadData;
                break;
            }
        }
    } else if (q.type == TYPE.DS && rrsig.signerName.equals(q.name)) {
        // We should not probe for the self signed DS negative response, as it will be an endless loop.
        result.add(new NoTrustAnchorReason(q.name.ace));
        return result;
    } else {
        DNSSECMessage dnskeyRes = queryDnssec(rrsig.signerName, TYPE.DNSKEY);
        if (dnskeyRes == null) {
            throw new DNSSECValidationFailedException(q, "There is no DNSKEY " + rrsig.signerName + ", but it is used");
        }
        result.addAll(dnskeyRes.getUnverifiedReasons());
        for (Record<? extends Data> record : dnskeyRes.answerSection) {
            Record<DNSKEY> dnsKeyRecord = record.ifPossibleAs(DNSKEY.class);
            if (dnsKeyRecord == null)
                continue;
            if (dnsKeyRecord.payloadData.getKeyTag() == rrsig.keyTag) {
                dnskey = dnsKeyRecord.payloadData;
            }
        }
    }
    if (dnskey == null) {
        throw new DNSSECValidationFailedException(q, records.size() + " " + rrsig.typeCovered + " record(s) are signed using an unknown key.");
    }
    UnverifiedReason unverifiedReason = verifier.verify(records, rrsig, dnskey);
    if (unverifiedReason != null) {
        result.add(unverifiedReason);
    }
    return result;
}

Example 10 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSSECClient method verifyAnswer.

private Set<UnverifiedReason> verifyAnswer(DNSMessage dnsMessage) throws IOException {
    Question q = dnsMessage.questions.get(0);
    List<Record<? extends Data>> answers = dnsMessage.answerSection;
    List<Record<? extends Data>> toBeVerified = dnsMessage.copyAnswers();
    VerifySignaturesResult verifiedSignatures = verifySignatures(q, answers, toBeVerified);
    Set<UnverifiedReason> result = verifiedSignatures.reasons;
    if (!result.isEmpty()) {
        return result;
    }
    // Keep SEPs separated, we only need one valid SEP.
    boolean sepSignatureValid = false;
    Set<UnverifiedReason> sepReasons = new HashSet<>();
    for (Iterator<Record<? extends Data>> iterator = toBeVerified.iterator(); iterator.hasNext(); ) {
        Record<DNSKEY> record = iterator.next().ifPossibleAs(DNSKEY.class);
        if (record == null) {
            continue;
        }
        // Verify all DNSKEYs as if it was a SEP. If we find a single SEP we are safe.
        Set<UnverifiedReason> reasons = verifySecureEntryPoint(q, record);
        if (reasons.isEmpty()) {
            sepSignatureValid = true;
        } else {
            sepReasons.addAll(reasons);
        }
        if (!verifiedSignatures.sepSignaturePresent) {
            LOGGER.finer("SEP key is not self-signed.");
        }
        iterator.remove();
    }
    if (verifiedSignatures.sepSignaturePresent && !sepSignatureValid) {
        result.addAll(sepReasons);
    }
    if (verifiedSignatures.sepSignatureRequired && !verifiedSignatures.sepSignaturePresent) {
        result.add(new NoSecureEntryPointReason(q.name.ace));
    }
    if (!toBeVerified.isEmpty()) {
        if (toBeVerified.size() != answers.size()) {
            throw new DNSSECValidationFailedException(q, "Only some records are signed!");
        } else {
            result.add(new NoSignaturesReason(q));
        }
    }
    return result;
}