path: root/src/org/xbill/DNS/TLSARecord.java

// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)

package org.xbill.DNS;

import java.io.*;
import org.xbill.DNS.utils.*;

/**
 * Transport Layer Security Authentication
 *
 * @author Brian Wellington
 */

public class TLSARecord extends Record {

private static final long serialVersionUID = 356494267028580169L;

public static class CertificateUsage {
	private CertificateUsage() {}

	public static final int CA_CONSTRAINT = 0;
	public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1;
	public static final int TRUST_ANCHOR_ASSERTION = 2;
	public static final int DOMAIN_ISSUED_CERTIFICATE = 3;
}

public static class Selector {
	private Selector() {}

	/**
	 * Full certificate; the Certificate binary structure defined in
	 * [RFC5280]
	 */
	public static final int FULL_CERTIFICATE = 0;

	/**
	 * SubjectPublicKeyInfo; DER-encoded binary structure defined in
	 * [RFC5280]
	 */
	public static final int SUBJECT_PUBLIC_KEY_INFO = 1;
}

public static class MatchingType {
	private MatchingType() {}

	/** Exact match on selected content */
	public static final int EXACT = 0;

	/** SHA-256 hash of selected content [RFC6234] */
	public static final int SHA256 = 1;

	/** SHA-512 hash of selected content [RFC6234] */
	public static final int SHA512 = 2;
}

private int certificateUsage;
private int selector;
private int matchingType;
private byte [] certificateAssociationData;

TLSARecord() {}

Record
getObject() {
	return new TLSARecord();
}

/**
 * Creates an TLSA Record from the given data
 * @param certificateUsage The provided association that will be used to
 * match the certificate presented in the TLS handshake. 
 * @param selector The part of the TLS certificate presented by the server
 * that will be matched against the association data. 
 * @param matchingType How the certificate association is presented.
 * @param certificateAssociationData The "certificate association data" to be
 * matched.
 */
public
TLSARecord(Name name, int dclass, long ttl, 
	   int certificateUsage, int selector, int matchingType,
	   byte [] certificateAssociationData)
{
	super(name, Type.TLSA, dclass, ttl);
	this.certificateUsage = checkU8("certificateUsage", certificateUsage);
	this.selector = checkU8("selector", selector);
	this.matchingType = checkU8("matchingType", matchingType);
	this.certificateAssociationData = checkByteArrayLength(
						"certificateAssociationData",
						certificateAssociationData,
						0xFFFF);
}

void
rrFromWire(DNSInput in) throws IOException {
	certificateUsage = in.readU8();
	selector = in.readU8();
	matchingType = in.readU8();
	certificateAssociationData = in.readByteArray();
}

void
rdataFromString(Tokenizer st, Name origin) throws IOException {
	certificateUsage = st.getUInt8();
	selector = st.getUInt8();
	matchingType = st.getUInt8();
	certificateAssociationData = st.getHex();
}

/** Converts rdata to a String */
String
rrToString() {
	StringBuffer sb = new StringBuffer();
	sb.append(certificateUsage);
	sb.append(" ");
	sb.append(selector);
	sb.append(" ");
	sb.append(matchingType);
	sb.append(" ");
	sb.append(base16.toString(certificateAssociationData));

	return sb.toString();
}

void
rrToWire(DNSOutput out, Compression c, boolean canonical) {
	out.writeU8(certificateUsage);
	out.writeU8(selector);
	out.writeU8(matchingType);
	out.writeByteArray(certificateAssociationData);
}

/** Returns the certificate usage of the TLSA record */
public int
getCertificateUsage() {
	return certificateUsage;
}

/** Returns the selector of the TLSA record */
public int
getSelector() {
	return selector;
}

/** Returns the matching type of the TLSA record */
public int
getMatchingType() {
	return matchingType;
}

/** Returns the certificate associate data of this TLSA record */
public final byte []
getCertificateAssociationData() {
	return certificateAssociationData;
}

}