Shuyi Chen | d7955ce | 2013-05-22 14:51:55 -0700 | [diff] [blame] | 1 | // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org) |
| 2 | |
| 3 | package org.xbill.DNS; |
| 4 | |
| 5 | import java.io.*; |
| 6 | import java.security.PublicKey; |
| 7 | import java.util.*; |
| 8 | |
| 9 | /** |
| 10 | * Key - contains a cryptographic public key. The data can be converted |
| 11 | * to objects implementing java.security.interfaces.PublicKey |
| 12 | * @see DNSSEC |
| 13 | * |
| 14 | * @author Brian Wellington |
| 15 | */ |
| 16 | |
| 17 | public class KEYRecord extends KEYBase { |
| 18 | |
| 19 | private static final long serialVersionUID = 6385613447571488906L; |
| 20 | |
| 21 | public static class Protocol { |
| 22 | /** |
| 23 | * KEY protocol identifiers. |
| 24 | */ |
| 25 | |
| 26 | private Protocol() {} |
| 27 | |
| 28 | /** No defined protocol. */ |
| 29 | public static final int NONE = 0; |
| 30 | |
| 31 | /** Transaction Level Security */ |
| 32 | public static final int TLS = 1; |
| 33 | |
| 34 | /** Email */ |
| 35 | public static final int EMAIL = 2; |
| 36 | |
| 37 | /** DNSSEC */ |
| 38 | public static final int DNSSEC = 3; |
| 39 | |
| 40 | /** IPSEC Control */ |
| 41 | public static final int IPSEC = 4; |
| 42 | |
| 43 | /** Any protocol */ |
| 44 | public static final int ANY = 255; |
| 45 | |
| 46 | private static Mnemonic protocols = new Mnemonic("KEY protocol", |
| 47 | Mnemonic.CASE_UPPER); |
| 48 | |
| 49 | static { |
| 50 | protocols.setMaximum(0xFF); |
| 51 | protocols.setNumericAllowed(true); |
| 52 | |
| 53 | protocols.add(NONE, "NONE"); |
| 54 | protocols.add(TLS, "TLS"); |
| 55 | protocols.add(EMAIL, "EMAIL"); |
| 56 | protocols.add(DNSSEC, "DNSSEC"); |
| 57 | protocols.add(IPSEC, "IPSEC"); |
| 58 | protocols.add(ANY, "ANY"); |
| 59 | } |
| 60 | |
| 61 | /** |
| 62 | * Converts an KEY protocol value into its textual representation |
| 63 | */ |
| 64 | public static String |
| 65 | string(int type) { |
| 66 | return protocols.getText(type); |
| 67 | } |
| 68 | |
| 69 | /** |
| 70 | * Converts a textual representation of a KEY protocol into its |
| 71 | * numeric code. Integers in the range 0..255 are also accepted. |
| 72 | * @param s The textual representation of the protocol |
| 73 | * @return The protocol code, or -1 on error. |
| 74 | */ |
| 75 | public static int |
| 76 | value(String s) { |
| 77 | return protocols.getValue(s); |
| 78 | } |
| 79 | } |
| 80 | |
| 81 | public static class Flags { |
| 82 | /** |
| 83 | * KEY flags identifiers. |
| 84 | */ |
| 85 | |
| 86 | private Flags() {} |
| 87 | |
| 88 | /** KEY cannot be used for confidentiality */ |
| 89 | public static final int NOCONF = 0x4000; |
| 90 | |
| 91 | /** KEY cannot be used for authentication */ |
| 92 | public static final int NOAUTH = 0x8000; |
| 93 | |
| 94 | /** No key present */ |
| 95 | public static final int NOKEY = 0xC000; |
| 96 | |
| 97 | /** Bitmask of the use fields */ |
| 98 | public static final int USE_MASK = 0xC000; |
| 99 | |
| 100 | /** Flag 2 (unused) */ |
| 101 | public static final int FLAG2 = 0x2000; |
| 102 | |
| 103 | /** Flags extension */ |
| 104 | public static final int EXTEND = 0x1000; |
| 105 | |
| 106 | /** Flag 4 (unused) */ |
| 107 | public static final int FLAG4 = 0x0800; |
| 108 | |
| 109 | /** Flag 5 (unused) */ |
| 110 | public static final int FLAG5 = 0x0400; |
| 111 | |
| 112 | /** Key is owned by a user. */ |
| 113 | public static final int USER = 0x0000; |
| 114 | |
| 115 | /** Key is owned by a zone. */ |
| 116 | public static final int ZONE = 0x0100; |
| 117 | |
| 118 | /** Key is owned by a host. */ |
| 119 | public static final int HOST = 0x0200; |
| 120 | |
| 121 | /** Key owner type 3 (reserved). */ |
| 122 | public static final int NTYP3 = 0x0300; |
| 123 | |
| 124 | /** Key owner bitmask. */ |
| 125 | public static final int OWNER_MASK = 0x0300; |
| 126 | |
| 127 | /** Flag 8 (unused) */ |
| 128 | public static final int FLAG8 = 0x0080; |
| 129 | |
| 130 | /** Flag 9 (unused) */ |
| 131 | public static final int FLAG9 = 0x0040; |
| 132 | |
| 133 | /** Flag 10 (unused) */ |
| 134 | public static final int FLAG10 = 0x0020; |
| 135 | |
| 136 | /** Flag 11 (unused) */ |
| 137 | public static final int FLAG11 = 0x0010; |
| 138 | |
| 139 | /** Signatory value 0 */ |
| 140 | public static final int SIG0 = 0; |
| 141 | |
| 142 | /** Signatory value 1 */ |
| 143 | public static final int SIG1 = 1; |
| 144 | |
| 145 | /** Signatory value 2 */ |
| 146 | public static final int SIG2 = 2; |
| 147 | |
| 148 | /** Signatory value 3 */ |
| 149 | public static final int SIG3 = 3; |
| 150 | |
| 151 | /** Signatory value 4 */ |
| 152 | public static final int SIG4 = 4; |
| 153 | |
| 154 | /** Signatory value 5 */ |
| 155 | public static final int SIG5 = 5; |
| 156 | |
| 157 | /** Signatory value 6 */ |
| 158 | public static final int SIG6 = 6; |
| 159 | |
| 160 | /** Signatory value 7 */ |
| 161 | public static final int SIG7 = 7; |
| 162 | |
| 163 | /** Signatory value 8 */ |
| 164 | public static final int SIG8 = 8; |
| 165 | |
| 166 | /** Signatory value 9 */ |
| 167 | public static final int SIG9 = 9; |
| 168 | |
| 169 | /** Signatory value 10 */ |
| 170 | public static final int SIG10 = 10; |
| 171 | |
| 172 | /** Signatory value 11 */ |
| 173 | public static final int SIG11 = 11; |
| 174 | |
| 175 | /** Signatory value 12 */ |
| 176 | public static final int SIG12 = 12; |
| 177 | |
| 178 | /** Signatory value 13 */ |
| 179 | public static final int SIG13 = 13; |
| 180 | |
| 181 | /** Signatory value 14 */ |
| 182 | public static final int SIG14 = 14; |
| 183 | |
| 184 | /** Signatory value 15 */ |
| 185 | public static final int SIG15 = 15; |
| 186 | |
| 187 | private static Mnemonic flags = new Mnemonic("KEY flags", |
| 188 | Mnemonic.CASE_UPPER); |
| 189 | |
| 190 | static { |
| 191 | flags.setMaximum(0xFFFF); |
| 192 | flags.setNumericAllowed(false); |
| 193 | |
| 194 | flags.add(NOCONF, "NOCONF"); |
| 195 | flags.add(NOAUTH, "NOAUTH"); |
| 196 | flags.add(NOKEY, "NOKEY"); |
| 197 | flags.add(FLAG2, "FLAG2"); |
| 198 | flags.add(EXTEND, "EXTEND"); |
| 199 | flags.add(FLAG4, "FLAG4"); |
| 200 | flags.add(FLAG5, "FLAG5"); |
| 201 | flags.add(USER, "USER"); |
| 202 | flags.add(ZONE, "ZONE"); |
| 203 | flags.add(HOST, "HOST"); |
| 204 | flags.add(NTYP3, "NTYP3"); |
| 205 | flags.add(FLAG8, "FLAG8"); |
| 206 | flags.add(FLAG9, "FLAG9"); |
| 207 | flags.add(FLAG10, "FLAG10"); |
| 208 | flags.add(FLAG11, "FLAG11"); |
| 209 | flags.add(SIG0, "SIG0"); |
| 210 | flags.add(SIG1, "SIG1"); |
| 211 | flags.add(SIG2, "SIG2"); |
| 212 | flags.add(SIG3, "SIG3"); |
| 213 | flags.add(SIG4, "SIG4"); |
| 214 | flags.add(SIG5, "SIG5"); |
| 215 | flags.add(SIG6, "SIG6"); |
| 216 | flags.add(SIG7, "SIG7"); |
| 217 | flags.add(SIG8, "SIG8"); |
| 218 | flags.add(SIG9, "SIG9"); |
| 219 | flags.add(SIG10, "SIG10"); |
| 220 | flags.add(SIG11, "SIG11"); |
| 221 | flags.add(SIG12, "SIG12"); |
| 222 | flags.add(SIG13, "SIG13"); |
| 223 | flags.add(SIG14, "SIG14"); |
| 224 | flags.add(SIG15, "SIG15"); |
| 225 | } |
| 226 | |
| 227 | /** |
| 228 | * Converts a textual representation of KEY flags into its |
| 229 | * numeric code. Integers in the range 0..65535 are also accepted. |
| 230 | * @param s The textual representation of the protocol |
| 231 | * @return The protocol code, or -1 on error. |
| 232 | */ |
| 233 | public static int |
| 234 | value(String s) { |
| 235 | int value; |
| 236 | try { |
| 237 | value = Integer.parseInt(s); |
| 238 | if (value >= 0 && value <= 0xFFFF) { |
| 239 | return value; |
| 240 | } |
| 241 | return -1; |
| 242 | } catch (NumberFormatException e) { |
| 243 | } |
| 244 | StringTokenizer st = new StringTokenizer(s, "|"); |
| 245 | value = 0; |
| 246 | while (st.hasMoreTokens()) { |
| 247 | int val = flags.getValue(st.nextToken()); |
| 248 | if (val < 0) { |
| 249 | return -1; |
| 250 | } |
| 251 | value |= val; |
| 252 | } |
| 253 | return value; |
| 254 | } |
| 255 | } |
| 256 | |
| 257 | /* flags */ |
| 258 | /** This key cannot be used for confidentiality (encryption) */ |
| 259 | public static final int FLAG_NOCONF = Flags.NOCONF; |
| 260 | |
| 261 | /** This key cannot be used for authentication */ |
| 262 | public static final int FLAG_NOAUTH = Flags.NOAUTH; |
| 263 | |
| 264 | /** This key cannot be used for authentication or confidentiality */ |
| 265 | public static final int FLAG_NOKEY = Flags.NOKEY; |
| 266 | |
| 267 | /** A zone key */ |
| 268 | public static final int OWNER_ZONE = Flags.ZONE; |
| 269 | |
| 270 | /** A host/end entity key */ |
| 271 | public static final int OWNER_HOST = Flags.HOST; |
| 272 | |
| 273 | /** A user key */ |
| 274 | public static final int OWNER_USER = Flags.USER; |
| 275 | |
| 276 | /* protocols */ |
| 277 | /** Key was created for use with transaction level security */ |
| 278 | public static final int PROTOCOL_TLS = Protocol.TLS; |
| 279 | |
| 280 | /** Key was created for use with email */ |
| 281 | public static final int PROTOCOL_EMAIL = Protocol.EMAIL; |
| 282 | |
| 283 | /** Key was created for use with DNSSEC */ |
| 284 | public static final int PROTOCOL_DNSSEC = Protocol.DNSSEC; |
| 285 | |
| 286 | /** Key was created for use with IPSEC */ |
| 287 | public static final int PROTOCOL_IPSEC = Protocol.IPSEC; |
| 288 | |
| 289 | /** Key was created for use with any protocol */ |
| 290 | public static final int PROTOCOL_ANY = Protocol.ANY; |
| 291 | |
| 292 | KEYRecord() {} |
| 293 | |
| 294 | Record |
| 295 | getObject() { |
| 296 | return new KEYRecord(); |
| 297 | } |
| 298 | |
| 299 | /** |
| 300 | * Creates a KEY Record from the given data |
| 301 | * @param flags Flags describing the key's properties |
| 302 | * @param proto The protocol that the key was created for |
| 303 | * @param alg The key's algorithm |
| 304 | * @param key Binary data representing the key |
| 305 | */ |
| 306 | public |
| 307 | KEYRecord(Name name, int dclass, long ttl, int flags, int proto, int alg, |
| 308 | byte [] key) |
| 309 | { |
| 310 | super(name, Type.KEY, dclass, ttl, flags, proto, alg, key); |
| 311 | } |
| 312 | |
| 313 | /** |
| 314 | * Creates a KEY Record from the given data |
| 315 | * @param flags Flags describing the key's properties |
| 316 | * @param proto The protocol that the key was created for |
| 317 | * @param alg The key's algorithm |
| 318 | * @param key The key as a PublicKey |
| 319 | * @throws DNSSEC.DNSSECException The PublicKey could not be converted into DNS |
| 320 | * format. |
| 321 | */ |
| 322 | public |
| 323 | KEYRecord(Name name, int dclass, long ttl, int flags, int proto, int alg, |
| 324 | PublicKey key) throws DNSSEC.DNSSECException |
| 325 | { |
| 326 | super(name, Type.KEY, dclass, ttl, flags, proto, alg, |
| 327 | DNSSEC.fromPublicKey(key, alg)); |
| 328 | publicKey = key; |
| 329 | } |
| 330 | |
| 331 | void |
| 332 | rdataFromString(Tokenizer st, Name origin) throws IOException { |
| 333 | String flagString = st.getIdentifier(); |
| 334 | flags = Flags.value(flagString); |
| 335 | if (flags < 0) |
| 336 | throw st.exception("Invalid flags: " + flagString); |
| 337 | String protoString = st.getIdentifier(); |
| 338 | proto = Protocol.value(protoString); |
| 339 | if (proto < 0) |
| 340 | throw st.exception("Invalid protocol: " + protoString); |
| 341 | String algString = st.getIdentifier(); |
| 342 | alg = DNSSEC.Algorithm.value(algString); |
| 343 | if (alg < 0) |
| 344 | throw st.exception("Invalid algorithm: " + algString); |
| 345 | /* If this is a null KEY, there's no key data */ |
| 346 | if ((flags & Flags.USE_MASK) == Flags.NOKEY) |
| 347 | key = null; |
| 348 | else |
| 349 | key = st.getBase64(); |
| 350 | } |
| 351 | |
| 352 | } |