• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2001-2004 Brian Wellington (bwelling@xbill.org)
2 
3 package org.xbill.DNS;
4 
5 import java.security.PrivateKey;
6 import java.util.Date;
7 
8 /**
9  * Creates SIG(0) transaction signatures.
10  *
11  * @author Pasi Eronen
12  * @author Brian Wellington
13  */
14 
15 public class SIG0 {
16 
17 /**
18  * The default validity period for outgoing SIG(0) signed messages.
19  * Can be overriden by the sig0validity option.
20  */
21 private static final short VALIDITY = 300;
22 
23 private
SIG0()24 SIG0() { }
25 
26 /**
27  * Sign a message with SIG(0). The DNS key and private key must refer to the
28  * same underlying cryptographic key.
29  * @param message The message to be signed
30  * @param key The DNSKEY record to use as part of signing
31  * @param privkey The PrivateKey to use when signing
32  * @param previous If this message is a response, the SIG(0) from the query
33  */
34 public static void
signMessage(Message message, KEYRecord key, PrivateKey privkey, SIGRecord previous)35 signMessage(Message message, KEYRecord key, PrivateKey privkey,
36 	    SIGRecord previous) throws DNSSEC.DNSSECException
37 {
38 
39 	int validity = Options.intValue("sig0validity");
40 	if (validity < 0)
41 		validity = VALIDITY;
42 
43 	long now = System.currentTimeMillis();
44 	Date timeSigned = new Date(now);
45 	Date timeExpires = new Date(now + validity * 1000);
46 
47 	SIGRecord sig =  DNSSEC.signMessage(message, previous, key, privkey,
48 					    timeSigned, timeExpires);
49 
50 	message.addRecord(sig, Section.ADDITIONAL);
51 }
52 
53 /**
54  * Verify a message using SIG(0).
55  * @param message The message to be signed
56  * @param b An array containing the message in unparsed form.  This is
57  * necessary since SIG(0) signs the message in wire format, and we can't
58  * recreate the exact wire format (with the same name compression).
59  * @param key The KEY record to verify the signature with.
60  * @param previous If this message is a response, the SIG(0) from the query
61  */
62 public static void
verifyMessage(Message message, byte [] b, KEYRecord key, SIGRecord previous)63 verifyMessage(Message message, byte [] b, KEYRecord key, SIGRecord previous)
64 	throws DNSSEC.DNSSECException
65 {
66 	SIGRecord sig = null;
67 	Record [] additional = message.getSectionArray(Section.ADDITIONAL);
68 	for (int i = 0; i < additional.length; i++) {
69 		if (additional[i].getType() != Type.SIG)
70 			continue;
71 		if (((SIGRecord) additional[i]).getTypeCovered() != 0)
72 			continue;
73 		sig = (SIGRecord) additional[i];
74 		break;
75 	}
76 	DNSSEC.verifyMessage(message, b, sig, previous, key);
77 }
78 
79 }
80