// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
package org.xbill.DNS.security;
import org.xbill.DNS.CERTRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.Options;
import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
* Routines to convert between a DNS CERT record and a Java Certificate.
* @see CERTRecord
* @see java.security.cert.Certificate
*
* @author Brian Wellington
*/
public class CERTConverter {
/** Converts a CERT record into a Certificate */
public static Certificate
parseRecord(CERTRecord r) {
int type = r.getCertType();
byte [] data = r.getCert();
Certificate cert;
try {
switch (type) {
case CERTRecord.PKIX: {
CertificateFactory cf;
ByteArrayInputStream bs;
cf = CertificateFactory.getInstance("X.509");
bs = new ByteArrayInputStream(data);
cert = cf.generateCertificate(bs);
break;
}
default:
return null;
}
return cert;
}
catch (CertificateException e) {
if (Options.check("verboseexceptions"))
System.err.println("Cert parse exception:" + e);
return null;
}
}
/** Builds a CERT record from a Certificate associated with a key also in DNS */
public static CERTRecord
buildRecord(Name name, int dclass, long ttl, Certificate cert, int tag,
int alg)
{
int type;
byte [] data;
try {
if (cert instanceof X509Certificate) {
type = CERTRecord.PKIX;
data = cert.getEncoded();
}
else
return null;
return new CERTRecord(name, dclass, ttl, type, tag, alg, data);
}
catch (CertificateException e) {
if (Options.check("verboseexceptions"))
System.err.println("Cert build exception:" + e);
return null;
}
}
/** Builds a CERT record from a Certificate */
public static CERTRecord
buildRecord(Name name, int dclass, long ttl, Certificate cert) {
return buildRecord(name, dclass, ttl, cert, 0, 0);
}
}