aboutsummaryrefslogtreecommitdiff
path: root/src/org/xbill/DNS/SIG0.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/org/xbill/DNS/SIG0.java')
-rw-r--r--src/org/xbill/DNS/SIG0.java79
1 files changed, 79 insertions, 0 deletions
diff --git a/src/org/xbill/DNS/SIG0.java b/src/org/xbill/DNS/SIG0.java
new file mode 100644
index 0000000..5a00e72
--- /dev/null
+++ b/src/org/xbill/DNS/SIG0.java
@@ -0,0 +1,79 @@
+// Copyright (c) 2001-2004 Brian Wellington (bwelling@xbill.org)
+
+package org.xbill.DNS;
+
+import java.security.PrivateKey;
+import java.util.Date;
+
+/**
+ * Creates SIG(0) transaction signatures.
+ *
+ * @author Pasi Eronen
+ * @author Brian Wellington
+ */
+
+public class SIG0 {
+
+/**
+ * The default validity period for outgoing SIG(0) signed messages.
+ * Can be overriden by the sig0validity option.
+ */
+private static final short VALIDITY = 300;
+
+private
+SIG0() { }
+
+/**
+ * Sign a message with SIG(0). The DNS key and private key must refer to the
+ * same underlying cryptographic key.
+ * @param message The message to be signed
+ * @param key The DNSKEY record to use as part of signing
+ * @param privkey The PrivateKey to use when signing
+ * @param previous If this message is a response, the SIG(0) from the query
+ */
+public static void
+signMessage(Message message, KEYRecord key, PrivateKey privkey,
+ SIGRecord previous) throws DNSSEC.DNSSECException
+{
+
+ int validity = Options.intValue("sig0validity");
+ if (validity < 0)
+ validity = VALIDITY;
+
+ long now = System.currentTimeMillis();
+ Date timeSigned = new Date(now);
+ Date timeExpires = new Date(now + validity * 1000);
+
+ SIGRecord sig = DNSSEC.signMessage(message, previous, key, privkey,
+ timeSigned, timeExpires);
+
+ message.addRecord(sig, Section.ADDITIONAL);
+}
+
+/**
+ * Verify a message using SIG(0).
+ * @param message The message to be signed
+ * @param b An array containing the message in unparsed form. This is
+ * necessary since SIG(0) signs the message in wire format, and we can't
+ * recreate the exact wire format (with the same name compression).
+ * @param key The KEY record to verify the signature with.
+ * @param previous If this message is a response, the SIG(0) from the query
+ */
+public static void
+verifyMessage(Message message, byte [] b, KEYRecord key, SIGRecord previous)
+ throws DNSSEC.DNSSECException
+{
+ SIGRecord sig = null;
+ Record [] additional = message.getSectionArray(Section.ADDITIONAL);
+ for (int i = 0; i < additional.length; i++) {
+ if (additional[i].getType() != Type.SIG)
+ continue;
+ if (((SIGRecord) additional[i]).getTypeCovered() != 0)
+ continue;
+ sig = (SIGRecord) additional[i];
+ break;
+ }
+ DNSSEC.verifyMessage(message, b, sig, previous, key);
+}
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-28 17:32:11 +0000