use of org.xbill.DNS.NSEC3PARAMRecord in project dim by 1and1.
the class ZoneFormat method determineNSEC3Owners.
private static void determineNSEC3Owners(List<Record> zone) throws NoSuchAlgorithmException {
// Put the zone into a consistent (name and RR type) order.
Collections.sort(zone, new RecordComparator());
// first, find the NSEC3PARAM record -- this is an inefficient linear
// search, although it should be near the head of the list.
NSEC3PARAMRecord nsec3param = null;
HashMap<String, String> map = new HashMap<String, String>();
base32 b32 = new base32(base32.Alphabet.BASE32HEX, false, true);
Name zonename = null;
for (Record r : zone) {
if (r.getType() == Type.SOA) {
zonename = r.getName();
continue;
}
if (r.getType() == Type.NSEC3PARAM) {
nsec3param = (NSEC3PARAMRecord) r;
break;
}
}
// If we couldn't determine a zone name, we have an issue.
if (zonename == null)
return;
// If there wasn't one, we have nothing to do.
if (nsec3param == null)
return;
// Next pass, calculate a mapping between ownernames and hashnames
Name last_name = null;
for (Record r : zone) {
if (r.getName().equals(last_name))
continue;
if (r.getType() == Type.NSEC3)
continue;
Name n = r.getName();
byte[] hash = nsec3param.hashName(n);
String hashname = b32.toString(hash);
map.put(hashname, n.toString().toLowerCase());
last_name = n;
// inefficiently create hashes for the possible ancestor ENTs
for (int i = zonename.labels() + 1; i < n.labels(); ++i) {
Name parent = new Name(n, n.labels() - i);
byte[] parent_hash = nsec3param.hashName(parent);
String parent_hashname = b32.toString(parent_hash);
if (!map.containsKey(parent_hashname)) {
map.put(parent_hashname, parent.toString().toLowerCase());
}
}
}
// Final pass, assign the names if we can
for (ListIterator<Record> i = zone.listIterator(); i.hasNext(); ) {
Record r = i.next();
if (r.getType() != Type.NSEC3)
continue;
NSEC3Record nsec3 = (NSEC3Record) r;
String hashname = nsec3.getName().getLabelString(0).toLowerCase();
String ownername = (String) map.get(hashname);
NSEC3Record new_nsec3 = new NSEC3Record(nsec3.getName(), nsec3.getDClass(), nsec3.getTTL(), nsec3.getHashAlgorithm(), nsec3.getFlags(), nsec3.getIterations(), nsec3.getSalt(), nsec3.getNext(), nsec3.getTypes(), ownername);
i.set(new_nsec3);
}
}
use of org.xbill.DNS.NSEC3PARAMRecord in project dim by 1and1.
the class ZoneVerifier method calculateNodes.
/**
* Given an unsorted list of records, load the node and rrset maps, as well as
* determine the NSEC3 parameters and signing type.
*
* @param records
* @return TODO
*/
private int calculateNodes(List<Record> records) {
mNodeMap = new TreeMap<Name, Set<Integer>>();
mRRsetMap = new HashMap<String, RRset>();
// The zone is unsigned until we get a clue otherwise.
mDNSSECType = DNSSECType.UNSIGNED;
int errors = 0;
for (Record r : records) {
Name r_name = r.getName();
int r_type = r.getType();
// Add the record to the various maps.
boolean res = addRR(r);
if (!res) {
log.warning("Record '" + r + "' detected as a duplicate");
errors++;
}
// Learn some things about the zone as we do this pass.
if (r_type == Type.SOA)
mZoneName = r_name;
if (r_type == Type.NSEC3PARAM)
mNSEC3params = (NSEC3PARAMRecord) r;
if (r_type == Type.DNSKEY) {
DNSKEYRecord dnskey = (DNSKEYRecord) r;
mVerifier.addTrustedKey(dnskey);
log.info("Adding trusted key: " + dnskey + " ; keytag = " + dnskey.getFootprint());
}
if (mDNSSECType == DNSSECType.UNSIGNED)
mDNSSECType = determineDNSSECType(r);
}
return errors;
}
Aggregations