use of org.xbill.DNS.RRSIGRecord in project dim by 1and1.
the class ZoneVerifier method addRRtoRRset.
@SuppressWarnings("rawtypes")
private boolean addRRtoRRset(RRset rrset, Record rr) {
if (mIgnoreDuplicateRRs) {
rrset.addRR(rr);
return true;
}
Iterator i = (rr instanceof RRSIGRecord) ? rrset.sigs() : rrset.rrs();
for (; i.hasNext(); ) {
Record record = (Record) i.next();
if (rr.equals(record))
return false;
}
rrset.addRR(rr);
return true;
}
use of org.xbill.DNS.RRSIGRecord in project dim by 1and1.
the class SignRRset method execute.
@SuppressWarnings("unchecked")
public void execute() throws Exception {
// Read in the zone
List<Record> records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) {
System.err.println("error: empty RRset file");
state.usage();
}
// Construct the RRset. Complain if the records in the input file
// consist of more than one RRset.
RRset rrset = null;
for (Record r : records) {
// skip RRSIGs
if (r.getType() == Type.RRSIG || r.getType() == Type.SIG) {
continue;
}
// Handle the first record.
if (rrset == null) {
rrset = new RRset();
rrset.addRR(r);
continue;
}
// Ensure that the remaining records all belong to the same rrset.
if (rrset.getName().equals(r.getName()) && rrset.getType() == r.getType() && rrset.getDClass() == r.getDClass()) {
rrset.addRR(r);
} else {
System.err.println("Records do not all belong to the same RRset.");
state.usage();
}
}
if (rrset.size() == 0) {
System.err.println("No records found in inputfile.");
state.usage();
}
if (state.keyFiles.length == 0) {
System.err.println("error: at least one keyfile must be specified");
state.usage();
}
List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, state.keyDirectory);
// Make sure that all the keypairs have the same name.
// This will be used as the zone name, too.
Name keysetName = null;
for (DnsKeyPair pair : keypairs) {
if (keysetName == null) {
keysetName = pair.getDNSKEYName();
continue;
}
if (!pair.getDNSKEYName().equals(keysetName)) {
System.err.println("Keys do not all have the same name.");
state.usage();
}
}
// default the output file, if not set.
if (state.outputfile == null && !state.inputfile.equals("-")) {
state.outputfile = state.inputfile + ".signed";
}
JCEDnsSecSigner signer = new JCEDnsSecSigner();
List<RRSIGRecord> sigs = signer.signRRset(rrset, keypairs, state.start, state.expire);
for (RRSIGRecord s : sigs) {
rrset.addRR(s);
}
// write out the signed RRset
List<Record> signed_records = new ArrayList<Record>();
for (Iterator<Record> i = rrset.rrs(); i.hasNext(); ) {
signed_records.add(i.next());
}
for (Iterator<Record> i = rrset.sigs(); i.hasNext(); ) {
signed_records.add(i.next());
}
// write out the signed zone
ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) {
log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) {
System.out.println("Generated signatures verified");
// log.info("Generated signatures verified");
} else {
System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify.");
}
}
}
use of org.xbill.DNS.RRSIGRecord in project dim by 1and1.
the class SignKeyset method execute.
@SuppressWarnings("unchecked")
public void execute() throws Exception {
// Read in the zone
List<Record> records = ZoneUtils.readZoneFile(state.inputfile, null);
if (records == null || records.size() == 0) {
System.err.println("error: empty keyset file");
state.usage();
}
// Make sure that all records are DNSKEYs with the same name.
Name keysetName = null;
RRset keyset = new RRset();
for (Record r : records) {
if (r.getType() != Type.DNSKEY) {
System.err.println("error: Non DNSKEY RR found in keyset: " + r);
continue;
}
if (keysetName == null) {
keysetName = r.getName();
}
if (!r.getName().equals(keysetName)) {
System.err.println("error: DNSKEY with a different name found!");
state.usage();
}
keyset.addRR(r);
}
if (keyset.size() == 0) {
System.err.println("error: No DNSKEYs found in keyset file");
state.usage();
}
// Load the key pairs.
List<DnsKeyPair> keypairs = getKeys(state.keyFiles, 0, state.keyDirectory);
// that match
if (keypairs == null) {
keypairs = findZoneKeys(state.keyDirectory, keysetName);
}
// If there *still* aren't any ZSKs defined, bail.
if (keypairs == null || keypairs.size() == 0) {
System.err.println("error: No signing keys could be determined.");
state.usage();
}
// default the output file, if not set.
if (state.outputfile == null) {
if (keysetName.isAbsolute()) {
state.outputfile = keysetName + "signed_keyset";
} else {
state.outputfile = keysetName + ".signed_keyset";
}
}
JCEDnsSecSigner signer = new JCEDnsSecSigner();
List<RRSIGRecord> sigs = signer.signRRset(keyset, keypairs, state.start, state.expire);
for (RRSIGRecord s : sigs) {
keyset.addRR(s);
}
// write out the signed RRset
List<Record> signed_records = new ArrayList<Record>();
for (Iterator<Record> i = keyset.rrs(); i.hasNext(); ) {
signed_records.add(i.next());
}
for (Iterator<Record> i = keyset.sigs(); i.hasNext(); ) {
signed_records.add(i.next());
}
// write out the signed zone
ZoneUtils.writeZoneFile(signed_records, state.outputfile);
if (state.verifySigs) {
log.fine("verifying generated signatures");
boolean res = verifySigs(keysetName, signed_records, keypairs);
if (res) {
System.out.println("Generated signatures verified");
// log.info("Generated signatures verified");
} else {
System.out.println("Generated signatures did not verify.");
// log.warn("Generated signatures did not verify.");
}
}
}
use of org.xbill.DNS.RRSIGRecord in project dim by 1and1.
the class RRsetTest method setUp.
public void setUp() throws TextParseException, UnknownHostException {
m_rs = new RRset();
m_name = Name.fromString("this.is.a.test.");
m_name2 = Name.fromString("this.is.another.test.");
m_ttl = 0xABCDL;
m_a1 = new ARecord(m_name, DClass.IN, m_ttl, InetAddress.getByName("192.169.232.11"));
m_a2 = new ARecord(m_name, DClass.IN, m_ttl + 1, InetAddress.getByName("192.169.232.12"));
m_s1 = new RRSIGRecord(m_name, DClass.IN, m_ttl, Type.A, 0xF, 0xABCDEL, new Date(), new Date(), 0xA, m_name, new byte[0]);
m_s2 = new RRSIGRecord(m_name, DClass.IN, m_ttl, Type.A, 0xF, 0xABCDEL, new Date(), new Date(), 0xA, m_name2, new byte[0]);
}
use of org.xbill.DNS.RRSIGRecord in project dim by 1and1.
the class ZoneVerifier method processRRset.
@SuppressWarnings("unchecked")
private int processRRset(RRset rrset) {
List<String> reasons = new ArrayList<String>();
boolean result = false;
for (Iterator<Record> i = rrset.sigs(); i.hasNext(); ) {
RRSIGRecord sigrec = (RRSIGRecord) i.next();
boolean res = mVerifier.verifySignature(rrset, sigrec, reasons);
if (!res) {
log.warning("Signature failed to verify RRset:\n rr: " + ZoneUtils.rrsetToString(rrset, false) + "\n sig: " + sigrec + "\n" + reasonListToString(reasons));
}
if (res)
result = res;
}
String rrsetname = rrset.getName() + "/" + Type.string(rrset.getType());
if (result) {
log.fine("RRset " + rrsetname + " verified.");
} else {
log.warning("RRset " + rrsetname + " did not verify.");
}
return result ? 0 : 1;
}
Aggregations