private String[] getRoots() { if (ROOTS != null) return ROOTS; try { Master master = new Master(ROOTS_FILE); Record record; ArrayList<Record> records = new ArrayList<Record>(); while ((record = master.nextRecord()) != null) records.add(record); ROOTS = findAddresses(null, records.toArray(new Record[records.size()])); return ROOTS; } catch (Exception e) { throw new RuntimeException(e); } }
private void initialize(Master master) throws IOException { m_records = new HashMap<String, List<Record>>(); for (Record rec = null; (rec = master.nextRecord()) != null;) { String name = rec.getName().toString(); List<Record> list = m_records.get(name); if (list == null) { list = new ArrayList<Record>(); m_records.put(name, list); } list.add(rec); } }
protected Record toRecord(String data){ try { InputStream in = new ByteArrayInputStream(data.getBytes("UTF-8")); Master m = new Master(in, Name.root); return m._nextRecord(); } catch (IOException e) { throw new RuntimeException(e); } }
/** * Load the trust anchor file into the trust anchor store. The trust anchors * are currently stored in a zone file format list of DNSKEY or DS records. * * @param data The trust anchor data. * @throws IOException when the trust anchor data could not be read. */ @SuppressWarnings("unchecked") public void loadTrustAnchors(InputStream data) throws IOException { // First read in the whole trust anchor file. Master master = new Master(data, Name.root, 0); List<Record> records = new ArrayList<Record>(); Record mr; while ((mr = master.nextRecord()) != null) { records.add(mr); } // Record.compareTo() should sort them into DNSSEC canonical order. // Don't care about canonical order per se, but do want them to be // formable into RRsets. Collections.sort(records); SRRset currentRrset = new SRRset(); for (Record r : records) { // Skip RR types that cannot be used as trust anchors. if (r.getType() != Type.DNSKEY && r.getType() != Type.DS) { continue; } // If our current set is empty, we can just add it. if (currentRrset.size() == 0) { currentRrset.addRR(r); continue; } // If this record matches our current RRset, we can just add it. if (currentRrset.getName().equals(r.getName()) && currentRrset.getType() == r.getType() && currentRrset.getDClass() == r.getDClass()) { currentRrset.addRR(r); continue; } // Otherwise, we add the rrset to our set of trust anchors and begin // a new set this.trustAnchors.store(currentRrset); currentRrset = new SRRset(); currentRrset.addRR(r); } // add the last rrset (if it was not empty) if (currentRrset.size() > 0) { this.trustAnchors.store(currentRrset); } }
private Record parseRecord(String line) throws IOException { try { Master ma = new Master(new ByteArrayInputStream(line.getBytes()), null, 3600); Record r = ma.nextRecord(); if (r.getType() == Type.RRSIG) { RRSIGRecord rr = (RRSIGRecord)r; // unbound directly uses the DER format for DSA signatures // instead of the format specified in rfc2536#section-3 if (rr.getAlgorithm() == Algorithm.DSA && rr.getSignature().length > 41) { Method DSASignaturetoDNS = DNSSEC.class.getDeclaredMethod("DSASignaturetoDNS", byte[].class, int.class); DSASignaturetoDNS.setAccessible(true); byte[] signature = (byte[])DSASignaturetoDNS.invoke(null, rr.getSignature(), 0); RRSIGRecord fixed = new RRSIGRecord(rr.getName(), rr.getDClass(), rr.getTTL(), rr.getTypeCovered(), rr.getAlgorithm(), rr.getOrigTTL(), rr.getExpire(), rr.getTimeSigned(), rr.getFootprint(), rr.getSigner(), signature); Field f = getField(RRSIGRecord.class, "labels"); f.setAccessible(true); f.set(fixed, rr.getLabels()); r = fixed; } } return r; } catch (Exception ex) { if (ex.getMessage() != null && ex.getMessage().contains("expected an integer")) { String[] data = line.split("\\s"); StringBuilder sb = new StringBuilder(); for (int i = 0; i < data.length; i++) { if (this.algoStrings.contains(data[i])) { sb.append(Algorithm.value(data[i])); } else { sb.append(data[i]); } sb.append(' '); } return parseRecord(sb.toString()); } else { throw new IOException(line, ex); } } }
