Examples with Record - org.minidns.record.Record

Example 21 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class DNSSECClient method verifySignatures.

private VerifySignaturesResult verifySignatures(Question q, Collection<Record<? extends Data>> reference, List<Record<? extends Data>> toBeVerified) throws IOException {
    final Date now = new Date();
    final List<RRSIG> outdatedRrSigs = new LinkedList<>();
    VerifySignaturesResult result = new VerifySignaturesResult();
    final List<Record<RRSIG>> rrsigs = new ArrayList<>(toBeVerified.size());
    for (Record<? extends Data> recordToBeVerified : toBeVerified) {
        Record<RRSIG> record = recordToBeVerified.ifPossibleAs(RRSIG.class);
        if (record == null)
            continue;
        RRSIG rrsig = record.payloadData;
        if (rrsig.signatureExpiration.compareTo(now) < 0 || rrsig.signatureInception.compareTo(now) > 0) {
            // This RRSIG is out of date, but there might be one that is not.
            outdatedRrSigs.add(rrsig);
            continue;
        }
        rrsigs.add(record);
    }
    if (rrsigs.isEmpty()) {
        if (!outdatedRrSigs.isEmpty()) {
            result.reasons.add(new NoActiveSignaturesReason(q, outdatedRrSigs));
        } else {
            result.reasons.add(new NoSignaturesReason(q));
        }
        return result;
    }
    for (Record<RRSIG> sigRecord : rrsigs) {
        RRSIG rrsig = sigRecord.payloadData;
        List<Record<? extends Data>> records = new ArrayList<>(reference.size());
        for (Record<? extends Data> record : reference) {
            if (record.type == rrsig.typeCovered && record.name.equals(sigRecord.name)) {
                records.add(record);
            }
        }
        Set<UnverifiedReason> reasons = verifySignedRecords(q, rrsig, records);
        result.reasons.addAll(reasons);
        if (q.name.equals(rrsig.signerName) && rrsig.typeCovered == TYPE.DNSKEY) {
            for (Iterator<Record<? extends Data>> iterator = records.iterator(); iterator.hasNext(); ) {
                Record<DNSKEY> dnsKeyRecord = iterator.next().ifPossibleAs(DNSKEY.class);
                // dnsKeyRecord should never be null here.
                DNSKEY dnskey = dnsKeyRecord.payloadData;
                // DNSKEYs are verified separately, so don't mark them verified now.
                iterator.remove();
                if (dnskey.getKeyTag() == rrsig.keyTag) {
                    result.sepSignaturePresent = true;
                }
            }
            // DNSKEY's should be signed by a SEP
            result.sepSignatureRequired = true;
        }
        if (!isParentOrSelf(sigRecord.name.ace, rrsig.signerName.ace)) {
            LOGGER.finer("Records at " + sigRecord.name + " are cross-signed with a key from " + rrsig.signerName);
        } else {
            toBeVerified.removeAll(records);
        }
        toBeVerified.remove(sigRecord);
    }
    return result;
}

Also used : ArrayList(java.util.ArrayList) Data(org.minidns.record.Data) NoActiveSignaturesReason(org.minidns.dnssec.UnverifiedReason.NoActiveSignaturesReason) DNSKEY(org.minidns.record.DNSKEY) Date(java.util.Date) LinkedList(java.util.LinkedList) NoSignaturesReason(org.minidns.dnssec.UnverifiedReason.NoSignaturesReason) Record(org.minidns.record.Record) RRSIG(org.minidns.record.RRSIG)

Example 22 with Record

use of org.minidns.record.Record in project minidns by MiniDNS.

the class ExtendedLRUCache method gather.

private final void gather(Map<DNSMessage, List<Record<? extends Data>>> extraCaches, DNSMessage q, List<Record<? extends Data>> records, DNSName authoritativeZone) {
    for (Record<? extends Data> extraRecord : records) {
        if (!shouldGather(extraRecord, q.getQuestion(), authoritativeZone))
            continue;
        DNSMessage.Builder additionalRecordQuestionBuilder = extraRecord.getQuestionMessage();
        if (additionalRecordQuestionBuilder == null)
            continue;
        additionalRecordQuestionBuilder.copyFlagsFrom(q);
        additionalRecordQuestionBuilder.setAdditionalResourceRecords(q.additionalSection);
        DNSMessage additionalRecordQuestion = additionalRecordQuestionBuilder.build();
        if (additionalRecordQuestion.equals(q)) {
            // No need to cache the additional question if it is the same as the original question.
            continue;
        }
        List<Record<? extends Data>> additionalRecords = extraCaches.get(additionalRecordQuestion);
        if (additionalRecords == null) {
            additionalRecords = new LinkedList<>();
            extraCaches.put(additionalRecordQuestion, additionalRecords);
        }
        additionalRecords.add(extraRecord);
    }
}

Also used : Record(org.minidns.record.Record) Data(org.minidns.record.Data) DNSMessage(org.minidns.dnsmessage.DNSMessage)

Aggregations

Record (org.minidns.record.Record)22 Data (org.minidns.record.Data)21 DNSMessage (org.minidns.dnsmessage.DNSMessage)16 Test (org.junit.Test)14 HashSet (java.util.HashSet)4 DNSName (org.minidns.dnsname.DNSName)4 DNSKEY (org.minidns.record.DNSKEY)4 ArrayList (java.util.ArrayList)3 Question (org.minidns.dnsmessage.Question)3 EDNS (org.minidns.edns.EDNS)3 RRSIG (org.minidns.record.RRSIG)3 IOException (java.io.IOException)2 Date (java.util.Date)2 LinkedList (java.util.LinkedList)2 LRUCache (org.minidns.cache.LRUCache)2 NoSignaturesReason (org.minidns.dnssec.UnverifiedReason.NoSignaturesReason)2 AAAA (org.minidns.record.AAAA)2 SOA (org.minidns.record.SOA)2 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 DataOutputStream (java.io.DataOutputStream)1