diff options
Diffstat (limited to 'src/org/xbill/DNS/TLSARecord.java')
-rw-r--r-- | src/org/xbill/DNS/TLSARecord.java | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/src/org/xbill/DNS/TLSARecord.java b/src/org/xbill/DNS/TLSARecord.java new file mode 100644 index 0000000..48e2e80 --- /dev/null +++ b/src/org/xbill/DNS/TLSARecord.java @@ -0,0 +1,156 @@ +// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org) + +package org.xbill.DNS; + +import java.io.*; +import org.xbill.DNS.utils.*; + +/** + * Transport Layer Security Authentication + * + * @author Brian Wellington + */ + +public class TLSARecord extends Record { + +private static final long serialVersionUID = 356494267028580169L; + +public static class CertificateUsage { + private CertificateUsage() {} + + public static final int CA_CONSTRAINT = 0; + public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1; + public static final int TRUST_ANCHOR_ASSERTION = 2; + public static final int DOMAIN_ISSUED_CERTIFICATE = 3; +} + +public static class Selector { + private Selector() {} + + /** + * Full certificate; the Certificate binary structure defined in + * [RFC5280] + */ + public static final int FULL_CERTIFICATE = 0; + + /** + * SubjectPublicKeyInfo; DER-encoded binary structure defined in + * [RFC5280] + */ + public static final int SUBJECT_PUBLIC_KEY_INFO = 1; +} + +public static class MatchingType { + private MatchingType() {} + + /** Exact match on selected content */ + public static final int EXACT = 0; + + /** SHA-256 hash of selected content [RFC6234] */ + public static final int SHA256 = 1; + + /** SHA-512 hash of selected content [RFC6234] */ + public static final int SHA512 = 2; +} + +private int certificateUsage; +private int selector; +private int matchingType; +private byte [] certificateAssociationData; + +TLSARecord() {} + +Record +getObject() { + return new TLSARecord(); +} + +/** + * Creates an TLSA Record from the given data + * @param certificateUsage The provided association that will be used to + * match the certificate presented in the TLS handshake. + * @param selector The part of the TLS certificate presented by the server + * that will be matched against the association data. + * @param matchingType How the certificate association is presented. + * @param certificateAssociationData The "certificate association data" to be + * matched. + */ +public +TLSARecord(Name name, int dclass, long ttl, + int certificateUsage, int selector, int matchingType, + byte [] certificateAssociationData) +{ + super(name, Type.TLSA, dclass, ttl); + this.certificateUsage = checkU8("certificateUsage", certificateUsage); + this.selector = checkU8("selector", selector); + this.matchingType = checkU8("matchingType", matchingType); + this.certificateAssociationData = checkByteArrayLength( + "certificateAssociationData", + certificateAssociationData, + 0xFFFF); +} + +void +rrFromWire(DNSInput in) throws IOException { + certificateUsage = in.readU8(); + selector = in.readU8(); + matchingType = in.readU8(); + certificateAssociationData = in.readByteArray(); +} + +void +rdataFromString(Tokenizer st, Name origin) throws IOException { + certificateUsage = st.getUInt8(); + selector = st.getUInt8(); + matchingType = st.getUInt8(); + certificateAssociationData = st.getHex(); +} + +/** Converts rdata to a String */ +String +rrToString() { + StringBuffer sb = new StringBuffer(); + sb.append(certificateUsage); + sb.append(" "); + sb.append(selector); + sb.append(" "); + sb.append(matchingType); + sb.append(" "); + sb.append(base16.toString(certificateAssociationData)); + + return sb.toString(); +} + +void +rrToWire(DNSOutput out, Compression c, boolean canonical) { + out.writeU8(certificateUsage); + out.writeU8(selector); + out.writeU8(matchingType); + out.writeByteArray(certificateAssociationData); +} + +/** Returns the certificate usage of the TLSA record */ +public int +getCertificateUsage() { + return certificateUsage; +} + +/** Returns the selector of the TLSA record */ +public int +getSelector() { + return selector; +} + +/** Returns the matching type of the TLSA record */ +public int +getMatchingType() { + return matchingType; +} + +/** Returns the certificate associate data of this TLSA record */ +public final byte [] +getCertificateAssociationData() { + return certificateAssociationData; +} + +} |