Examples with NSEC3PARAMRecord - org.xbill.DNS.NSEC3PARAMRecord

Example 1 with NSEC3PARAMRecord

use of org.xbill.DNS.NSEC3PARAMRecord in project dim by 1and1.

the class ZoneFormat method determineNSEC3Owners.

private static void determineNSEC3Owners(List<Record> zone) throws NoSuchAlgorithmException {
    // Put the zone into a consistent (name and RR type) order.
    Collections.sort(zone, new RecordComparator());
    // first, find the NSEC3PARAM record -- this is an inefficient linear
    // search, although it should be near the head of the list.
    NSEC3PARAMRecord nsec3param = null;
    HashMap<String, String> map = new HashMap<String, String>();
    base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, true);
    Name zonename = null;
    for (Record r : zone) {
        if (r.getType() == Type.SOA) {
            zonename = r.getName();
            continue;
        }
        if (r.getType() == Type.NSEC3PARAM) {
            nsec3param = (NSEC3PARAMRecord) r;
            break;
        }
    }
    // If we couldn't determine a zone name, we have an issue.
    if (zonename == null)
        return;
    // If there wasn't one, we have nothing to do.
    if (nsec3param == null)
        return;
    // Next pass, calculate a mapping between ownernames and hashnames
    Name last_name = null;
    for (Record r : zone) {
        if (r.getName().equals(last_name))
            continue;
        if (r.getType() == Type.NSEC3)
            continue;
        Name n = r.getName();
        byte[] hash = nsec3param.hashName(n);
        String hashname = b32.toString(hash);
        map.put(hashname, n.toString().toLowerCase());
        last_name = n;
        // inefficiently create hashes for the possible ancestor ENTs
        for (int i = zonename.labels() + 1; i < n.labels(); ++i) {
            Name parent = new Name(n, n.labels() - i);
            byte[] parent_hash = nsec3param.hashName(parent);
            String parent_hashname = b32.toString(parent_hash);
            if (!map.containsKey(parent_hashname)) {
                map.put(parent_hashname, parent.toString().toLowerCase());
            }
        }
    }
    // Final pass, assign the names if we can
    for (ListIterator<Record> i = zone.listIterator(); i.hasNext(); ) {
        Record r = i.next();
        if (r.getType() != Type.NSEC3)
            continue;
        NSEC3Record nsec3 = (NSEC3Record) r;
        String hashname = nsec3.getName().getLabelString(0).toLowerCase();
        String ownername = (String) map.get(hashname);
        NSEC3Record new_nsec3 = new NSEC3Record(nsec3.getName(), nsec3.getDClass(), nsec3.getTTL(), nsec3.getHashAlgorithm(), nsec3.getFlags(), nsec3.getIterations(), nsec3.getSalt(), nsec3.getNext(), nsec3.getTypes(), ownername);
        i.set(new_nsec3);
    }
}

Also used : NSEC3PARAMRecord(org.xbill.DNS.NSEC3PARAMRecord) HashMap(java.util.HashMap) NSEC3Record(org.xbill.DNS.NSEC3Record) DNS.utils.base32(org.xbill.DNS.utils.base32) NSEC3PARAMRecord(org.xbill.DNS.NSEC3PARAMRecord) NSEC3Record(org.xbill.DNS.NSEC3Record) Record(org.xbill.DNS.Record) RecordComparator(com.verisignlabs.dnssec.security.RecordComparator) Name(org.xbill.DNS.Name)

Example 2 with NSEC3PARAMRecord

use of org.xbill.DNS.NSEC3PARAMRecord in project dim by 1and1.

the class ZoneVerifier method calculateNodes.

/**
 * Given an unsorted list of records, load the node and rrset maps, as well as
 * determine the NSEC3 parameters and signing type.
 *
 * @param records
 * @return TODO
 */
private int calculateNodes(List<Record> records) {
    mNodeMap = new TreeMap<Name, Set<Integer>>();
    mRRsetMap = new HashMap<String, RRset>();
    // The zone is unsigned until we get a clue otherwise.
    mDNSSECType = DNSSECType.UNSIGNED;
    int errors = 0;
    for (Record r : records) {
        Name r_name = r.getName();
        int r_type = r.getType();
        // Add the record to the various maps.
        boolean res = addRR(r);
        if (!res) {
            log.warning("Record '" + r + "' detected as a duplicate");
            errors++;
        }
        // Learn some things about the zone as we do this pass.
        if (r_type == Type.SOA)
            mZoneName = r_name;
        if (r_type == Type.NSEC3PARAM)
            mNSEC3params = (NSEC3PARAMRecord) r;
        if (r_type == Type.DNSKEY) {
            DNSKEYRecord dnskey = (DNSKEYRecord) r;
            mVerifier.addTrustedKey(dnskey);
            log.info("Adding trusted key: " + dnskey + " ; keytag = " + dnskey.getFootprint());
        }
        if (mDNSSECType == DNSSECType.UNSIGNED)
            mDNSSECType = determineDNSSECType(r);
    }
    return errors;
}

Also used : Set(java.util.Set) HashSet(java.util.HashSet) NSEC3PARAMRecord(org.xbill.DNS.NSEC3PARAMRecord) DNSKEYRecord(org.xbill.DNS.DNSKEYRecord) RRset(org.xbill.DNS.RRset) DNSKEYRecord(org.xbill.DNS.DNSKEYRecord) RRSIGRecord(org.xbill.DNS.RRSIGRecord) NSEC3PARAMRecord(org.xbill.DNS.NSEC3PARAMRecord) NSECRecord(org.xbill.DNS.NSECRecord) NSEC3Record(org.xbill.DNS.NSEC3Record) Record(org.xbill.DNS.Record) Name(org.xbill.DNS.Name)

Aggregations

NSEC3PARAMRecord (org.xbill.DNS.NSEC3PARAMRecord)2 NSEC3Record (org.xbill.DNS.NSEC3Record)2 Name (org.xbill.DNS.Name)2 Record (org.xbill.DNS.Record)2 RecordComparator (com.verisignlabs.dnssec.security.RecordComparator)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 DNSKEYRecord (org.xbill.DNS.DNSKEYRecord)1 NSECRecord (org.xbill.DNS.NSECRecord)1 RRSIGRecord (org.xbill.DNS.RRSIGRecord)1 RRset (org.xbill.DNS.RRset)1 DNS.utils.base32 (org.xbill.DNS.utils.base32)1