Java Examples for org.xbill.DNS.DNSSEC.DNSSECException
The following java examples will help you to understand the usage of org.xbill.DNS.DNSSEC.DNSSECException. These source code samples are taken from different open source projects.
Example 1
| Project: DNSSEC4J-master File: DnsSec.java View source code |
/**
* Access the specified URL and verifies the signatures of DNSSEC responses
* if they exist, returning the resolved IP address.
*
* @param name The name of the site.
* @return The IP address for the specified domain, verified if possible.
* @throws IOException If there's an IO error accessing the nameservers or
* sending or receiving messages with them.
* @throws DNSSECException If there's a DNS error verifying the signatures
* for any domain.
*/
public static InetAddress getByName(final String name) throws DNSSECException, IOException {
final Name full = Name.concatenate(Name.fromString(name), Name.root);
System.out.println("Verifying record: " + full);
//final String [] servers = ResolverConfig.getCurrentConfig().servers();
final Resolver res = newResolver();
final Record question = Record.newRecord(full, Type.A, DClass.IN);
final Message query = Message.newQuery(question);
System.out.println("Sending query...");
final Message response = res.send(query);
System.out.println("RESPONSE: " + response);
final RRset[] answer = response.getSectionRRsets(Section.ANSWER);
final ArrayList<InetAddress> addresses = new ArrayList<InetAddress>();
for (final RRset set : answer) {
System.out.println("\n;; RRset to chase:");
// First check for a CNAME and target.
Iterator<Record> rrIter = set.rrs();
boolean hasCname = false;
Name cNameTarget = null;
while (rrIter.hasNext()) {
final Record rec = rrIter.next();
final int type = rec.getType();
if (type == Type.CNAME) {
final CNAMERecord cname = (CNAMERecord) rec;
hasCname = true;
cNameTarget = cname.getTarget();
}
}
rrIter = set.rrs();
while (rrIter.hasNext()) {
final Record rec = rrIter.next();
System.out.println(rec);
final int type = rec.getType();
if (type == Type.A) {
final ARecord arec = (ARecord) rec;
if (hasCname) {
if (rec.getName().equals(cNameTarget)) {
addresses.add(arec.getAddress());
}
} else {
addresses.add(arec.getAddress());
}
}
}
final Iterator<Record> sigIter = set.sigs();
while (sigIter.hasNext()) {
final RRSIGRecord rec = (RRSIGRecord) sigIter.next();
System.out.println("\n;; RRSIG of the RRset to chase:");
System.out.println(rec);
verifyZone(set, rec);
}
}
return addresses.get(0);
}Example 2
| Project: dnssecjava-master File: NSEC3ValUtils.java View source code |
private boolean validIterations(SRRset nsec, KeyCache keyCache) {
SRRset dnskeyRrset = keyCache.find(nsec.getSignerName(), nsec.getDClass()).getRRset();
// algorithms that may have been used to sign the NSEC3 RRsets.
try {
for (Iterator<?> i = dnskeyRrset.rrs(); i.hasNext(); ) {
DNSKEYRecord dnskey = (DNSKEYRecord) i.next();
int keysize;
switch(dnskey.getAlgorithm()) {
case Algorithm.RSAMD5:
// obsoleted by rfc6944
return false;
case Algorithm.RSASHA1:
case Algorithm.RSASHA256:
case Algorithm.RSASHA512:
case Algorithm.RSA_NSEC3_SHA1:
keysize = ((RSAPublicKey) dnskey.getPublicKey()).getModulus().bitLength();
break;
case Algorithm.DSA:
case Algorithm.DSA_NSEC3_SHA1:
keysize = ((DSAPublicKey) dnskey.getPublicKey()).getParams().getP().bitLength();
break;
case Algorithm.ECDSAP256SHA256:
case Algorithm.ECDSAP384SHA384:
keysize = ((ECPublicKey) dnskey.getPublicKey()).getParams().getCurve().getField().getFieldSize();
break;
default:
return false;
}
Integer keyIters = this.maxIterations.floorKey(keysize);
if (keyIters == null) {
keyIters = this.maxIterations.firstKey();
}
keyIters = this.maxIterations.get(keyIters);
if (((NSEC3Record) nsec.first()).getIterations() > keyIters) {
return false;
}
}
return true;
} catch (DNSSECException e) {
logger.error("Could not get public key from NSEC3 record", e);
return false;
}
}Example 3
| Project: AndroidPNClient-master File: DNSSEC.java View source code |
/** Converts a KEY/DNSKEY record into a PublicKey */ static PublicKey toPublicKey(KEYBase r) throws DNSSECException { int alg = r.getAlgorithm(); try { switch(alg) { case Algorithm.RSAMD5: case Algorithm.RSASHA1: case Algorithm.RSA_NSEC3_SHA1: case Algorithm.RSASHA256: case Algorithm.RSASHA512: return toRSAPublicKey(r); case Algorithm.DSA: case Algorithm.DSA_NSEC3_SHA1: return toDSAPublicKey(r); default: throw new UnsupportedAlgorithmException(alg); } } catch (IOException e) { throw new MalformedKeyException(r); } catch (GeneralSecurityException e) { throw new DNSSECException(e.toString()); } }
Example 4
| Project: jdnssec-tools-master File: DnsKeyConverter.java View source code |
/**
* Given a DNS KEY record, return the JCA public key
*
* @throws NoSuchAlgorithmException
*/
public PublicKey parseDNSKEYRecord(DNSKEYRecord pKeyRecord) throws NoSuchAlgorithmException {
if (pKeyRecord.getKey() == null)
return null;
// Because we have arbitrarily aliased algorithms, we need to possibly
// translate the aliased algorithm back to the actual algorithm.
int originalAlgorithm = mAlgorithms.originalAlgorithm(pKeyRecord.getAlgorithm());
if (originalAlgorithm <= 0)
throw new NoSuchAlgorithmException("DNSKEY algorithm " + pKeyRecord.getAlgorithm() + " is unrecognized");
if (pKeyRecord.getAlgorithm() != originalAlgorithm) {
pKeyRecord = new DNSKEYRecord(pKeyRecord.getName(), pKeyRecord.getDClass(), pKeyRecord.getTTL(), pKeyRecord.getFlags(), pKeyRecord.getProtocol(), originalAlgorithm, pKeyRecord.getKey());
}
try {
return pKeyRecord.getPublicKey();
} catch (DNSSECException e) {
throw new NoSuchAlgorithmException(e);
}
}