| Shuyi Chen | d7955ce | 2013-05-22 14:51:55 -0700 | [diff] [blame] | 1 | // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org) |
| 2 | |
| 3 | package org.xbill.DNS; |
| 4 | |
| 5 | import java.io.*; |
| 6 | import org.xbill.DNS.utils.*; |
| 7 | |
| 8 | /** |
| 9 | * Transport Layer Security Authentication |
| 10 | * |
| 11 | * @author Brian Wellington |
| 12 | */ |
| 13 | |
| 14 | public class TLSARecord extends Record { |
| 15 | |
| 16 | private static final long serialVersionUID = 356494267028580169L; |
| 17 | |
| 18 | public static class CertificateUsage { |
| 19 | private CertificateUsage() {} |
| 20 | |
| 21 | public static final int CA_CONSTRAINT = 0; |
| 22 | public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1; |
| 23 | public static final int TRUST_ANCHOR_ASSERTION = 2; |
| 24 | public static final int DOMAIN_ISSUED_CERTIFICATE = 3; |
| 25 | } |
| 26 | |
| 27 | public static class Selector { |
| 28 | private Selector() {} |
| 29 | |
| 30 | /** |
| 31 | * Full certificate; the Certificate binary structure defined in |
| 32 | * [RFC5280] |
| 33 | */ |
| 34 | public static final int FULL_CERTIFICATE = 0; |
| 35 | |
| 36 | /** |
| 37 | * SubjectPublicKeyInfo; DER-encoded binary structure defined in |
| 38 | * [RFC5280] |
| 39 | */ |
| 40 | public static final int SUBJECT_PUBLIC_KEY_INFO = 1; |
| 41 | } |
| 42 | |
| 43 | public static class MatchingType { |
| 44 | private MatchingType() {} |
| 45 | |
| 46 | /** Exact match on selected content */ |
| 47 | public static final int EXACT = 0; |
| 48 | |
| 49 | /** SHA-256 hash of selected content [RFC6234] */ |
| 50 | public static final int SHA256 = 1; |
| 51 | |
| 52 | /** SHA-512 hash of selected content [RFC6234] */ |
| 53 | public static final int SHA512 = 2; |
| 54 | } |
| 55 | |
| 56 | private int certificateUsage; |
| 57 | private int selector; |
| 58 | private int matchingType; |
| 59 | private byte [] certificateAssociationData; |
| 60 | |
| 61 | TLSARecord() {} |
| 62 | |
| 63 | Record |
| 64 | getObject() { |
| 65 | return new TLSARecord(); |
| 66 | } |
| 67 | |
| 68 | /** |
| 69 | * Creates an TLSA Record from the given data |
| 70 | * @param certificateUsage The provided association that will be used to |
| 71 | * match the certificate presented in the TLS handshake. |
| 72 | * @param selector The part of the TLS certificate presented by the server |
| 73 | * that will be matched against the association data. |
| 74 | * @param matchingType How the certificate association is presented. |
| 75 | * @param certificateAssociationData The "certificate association data" to be |
| 76 | * matched. |
| 77 | */ |
| 78 | public |
| 79 | TLSARecord(Name name, int dclass, long ttl, |
| 80 | int certificateUsage, int selector, int matchingType, |
| 81 | byte [] certificateAssociationData) |
| 82 | { |
| 83 | super(name, Type.TLSA, dclass, ttl); |
| 84 | this.certificateUsage = checkU8("certificateUsage", certificateUsage); |
| 85 | this.selector = checkU8("selector", selector); |
| 86 | this.matchingType = checkU8("matchingType", matchingType); |
| 87 | this.certificateAssociationData = checkByteArrayLength( |
| 88 | "certificateAssociationData", |
| 89 | certificateAssociationData, |
| 90 | 0xFFFF); |
| 91 | } |
| 92 | |
| 93 | void |
| 94 | rrFromWire(DNSInput in) throws IOException { |
| 95 | certificateUsage = in.readU8(); |
| 96 | selector = in.readU8(); |
| 97 | matchingType = in.readU8(); |
| 98 | certificateAssociationData = in.readByteArray(); |
| 99 | } |
| 100 | |
| 101 | void |
| 102 | rdataFromString(Tokenizer st, Name origin) throws IOException { |
| 103 | certificateUsage = st.getUInt8(); |
| 104 | selector = st.getUInt8(); |
| 105 | matchingType = st.getUInt8(); |
| 106 | certificateAssociationData = st.getHex(); |
| 107 | } |
| 108 | |
| 109 | /** Converts rdata to a String */ |
| 110 | String |
| 111 | rrToString() { |
| 112 | StringBuffer sb = new StringBuffer(); |
| 113 | sb.append(certificateUsage); |
| 114 | sb.append(" "); |
| 115 | sb.append(selector); |
| 116 | sb.append(" "); |
| 117 | sb.append(matchingType); |
| 118 | sb.append(" "); |
| 119 | sb.append(base16.toString(certificateAssociationData)); |
| 120 | |
| 121 | return sb.toString(); |
| 122 | } |
| 123 | |
| 124 | void |
| 125 | rrToWire(DNSOutput out, Compression c, boolean canonical) { |
| 126 | out.writeU8(certificateUsage); |
| 127 | out.writeU8(selector); |
| 128 | out.writeU8(matchingType); |
| 129 | out.writeByteArray(certificateAssociationData); |
| 130 | } |
| 131 | |
| 132 | /** Returns the certificate usage of the TLSA record */ |
| 133 | public int |
| 134 | getCertificateUsage() { |
| 135 | return certificateUsage; |
| 136 | } |
| 137 | |
| 138 | /** Returns the selector of the TLSA record */ |
| 139 | public int |
| 140 | getSelector() { |
| 141 | return selector; |
| 142 | } |
| 143 | |
| 144 | /** Returns the matching type of the TLSA record */ |
| 145 | public int |
| 146 | getMatchingType() { |
| 147 | return matchingType; |
| 148 | } |
| 149 | |
| 150 | /** Returns the certificate associate data of this TLSA record */ |
| 151 | public final byte [] |
| 152 | getCertificateAssociationData() { |
| 153 | return certificateAssociationData; |
| 154 | } |
| 155 | |
| 156 | } |