1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
|
// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
package org.xbill.DNS;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import org.xbill.DNS.utils.base16;
/**
* Next SECure name 3 Parameters - this record contains the parameters (hash
* algorithm, salt, iterations) used for a valid, complete NSEC3 chain present
* in a zone. Zones signed using NSEC3 must include this record at the zone apex
* to inform authoritative servers that NSEC3 is being used with the given
* parameters.
*
* @author Brian Wellington
* @author David Blacka
*/
public class NSEC3PARAMRecord extends Record {
private static final long serialVersionUID = -8689038598776316533L;
private int hashAlg;
private int flags;
private int iterations;
private byte salt[];
NSEC3PARAMRecord() {}
Record getObject() {
return new NSEC3PARAMRecord();
}
/**
* Creates an NSEC3PARAM record from the given data.
*
* @param name The ownername of the NSEC3PARAM record (generally the zone name).
* @param dclass The class.
* @param ttl The TTL.
* @param hashAlg The hash algorithm.
* @param flags The value of the flags field.
* @param iterations The number of hash iterations.
* @param salt The salt to use (may be null).
*/
public NSEC3PARAMRecord(Name name, int dclass, long ttl, int hashAlg,
int flags, int iterations, byte [] salt)
{
super(name, Type.NSEC3PARAM, dclass, ttl);
this.hashAlg = checkU8("hashAlg", hashAlg);
this.flags = checkU8("flags", flags);
this.iterations = checkU16("iterations", iterations);
if (salt != null) {
if (salt.length > 255)
throw new IllegalArgumentException("Invalid salt " +
"length");
if (salt.length > 0) {
this.salt = new byte[salt.length];
System.arraycopy(salt, 0, this.salt, 0, salt.length);
}
}
}
void
rrFromWire(DNSInput in) throws IOException {
hashAlg = in.readU8();
flags = in.readU8();
iterations = in.readU16();
int salt_length = in.readU8();
if (salt_length > 0)
salt = in.readByteArray(salt_length);
else
salt = null;
}
void
rrToWire(DNSOutput out, Compression c, boolean canonical) {
out.writeU8(hashAlg);
out.writeU8(flags);
out.writeU16(iterations);
if (salt != null) {
out.writeU8(salt.length);
out.writeByteArray(salt);
} else
out.writeU8(0);
}
void
rdataFromString(Tokenizer st, Name origin) throws IOException
{
hashAlg = st.getUInt8();
flags = st.getUInt8();
iterations = st.getUInt16();
String s = st.getString();
if (s.equals("-"))
salt = null;
else {
st.unget();
salt = st.getHexString();
if (salt.length > 255)
throw st.exception("salt value too long");
}
}
/** Converts rdata to a String */
String
rrToString() {
StringBuffer sb = new StringBuffer();
sb.append(hashAlg);
sb.append(' ');
sb.append(flags);
sb.append(' ');
sb.append(iterations);
sb.append(' ');
if (salt == null)
sb.append('-');
else
sb.append(base16.toString(salt));
return sb.toString();
}
/** Returns the hash algorithm */
public int
getHashAlgorithm() {
return hashAlg;
}
/** Returns the flags */
public int
getFlags() {
return flags;
}
/** Returns the number of iterations */
public int
getIterations() {
return iterations;
}
/** Returns the salt */
public byte []
getSalt()
{
return salt;
}
/**
* Hashes a name with the parameters of this NSEC3PARAM record.
* @param name The name to hash
* @return The hashed version of the name
* @throws NoSuchAlgorithmException The hash algorithm is unknown.
*/
public byte []
hashName(Name name) throws NoSuchAlgorithmException
{
return NSEC3Record.hashName(name, hashAlg, iterations, salt);
}
}
|
