1 // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
2
3 package org.xbill.DNS;
4
5 import java.io.*;
6 import org.xbill.DNS.utils.*;
7
8 /**
9 * Certificate Record - Stores a certificate associated with a name. The
10 * certificate might also be associated with a KEYRecord.
11 * @see KEYRecord
12 *
13 * @author Brian Wellington
14 */
15
16 public class CERTRecord extends Record {
17
18 public static class CertificateType {
19 /** Certificate type identifiers. See RFC 4398 for more detail. */
20
CertificateType()21 private CertificateType() {}
22
23 /** PKIX (X.509v3) */
24 public static final int PKIX = 1;
25
26 /** Simple Public Key Infrastructure */
27 public static final int SPKI = 2;
28
29 /** Pretty Good Privacy */
30 public static final int PGP = 3;
31
32 /** URL of an X.509 data object */
33 public static final int IPKIX = 4;
34
35 /** URL of an SPKI certificate */
36 public static final int ISPKI = 5;
37
38 /** Fingerprint and URL of an OpenPGP packet */
39 public static final int IPGP = 6;
40
41 /** Attribute Certificate */
42 public static final int ACPKIX = 7;
43
44 /** URL of an Attribute Certificate */
45 public static final int IACPKIX = 8;
46
47 /** Certificate format defined by URI */
48 public static final int URI = 253;
49
50 /** Certificate format defined by OID */
51 public static final int OID = 254;
52
53 private static Mnemonic types = new Mnemonic("Certificate type",
54 Mnemonic.CASE_UPPER);
55
56 static {
57 types.setMaximum(0xFFFF);
58 types.setNumericAllowed(true);
59
types.add(PKIX, "PKIX")60 types.add(PKIX, "PKIX");
types.add(SPKI, "SPKI")61 types.add(SPKI, "SPKI");
types.add(PGP, "PGP")62 types.add(PGP, "PGP");
types.add(PKIX, "IPKIX")63 types.add(PKIX, "IPKIX");
types.add(SPKI, "ISPKI")64 types.add(SPKI, "ISPKI");
types.add(PGP, "IPGP")65 types.add(PGP, "IPGP");
types.add(PGP, "ACPKIX")66 types.add(PGP, "ACPKIX");
types.add(PGP, "IACPKIX")67 types.add(PGP, "IACPKIX");
types.add(URI, "URI")68 types.add(URI, "URI");
types.add(OID, "OID")69 types.add(OID, "OID");
70 }
71
72 /**
73 * Converts a certificate type into its textual representation
74 */
75 public static String
string(int type)76 string(int type) {
77 return types.getText(type);
78 }
79
80 /**
81 * Converts a textual representation of an certificate type into its
82 * numeric code. Integers in the range 0..65535 are also accepted.
83 * @param s The textual representation of the algorithm
84 * @return The algorithm code, or -1 on error.
85 */
86 public static int
value(String s)87 value(String s) {
88 return types.getValue(s);
89 }
90 }
91
92 /** PKIX (X.509v3) */
93 public static final int PKIX = CertificateType.PKIX;
94
95 /** Simple Public Key Infrastructure */
96 public static final int SPKI = CertificateType.SPKI;
97
98 /** Pretty Good Privacy */
99 public static final int PGP = CertificateType.PGP;
100
101 /** Certificate format defined by URI */
102 public static final int URI = CertificateType.URI;
103
104 /** Certificate format defined by IOD */
105 public static final int OID = CertificateType.OID;
106
107 private static final long serialVersionUID = 4763014646517016835L;
108
109 private int certType, keyTag;
110 private int alg;
111 private byte [] cert;
112
CERTRecord()113 CERTRecord() {}
114
115 Record
getObject()116 getObject() {
117 return new CERTRecord();
118 }
119
120 /**
121 * Creates a CERT Record from the given data
122 * @param certType The type of certificate (see constants)
123 * @param keyTag The ID of the associated KEYRecord, if present
124 * @param alg The algorithm of the associated KEYRecord, if present
125 * @param cert Binary data representing the certificate
126 */
127 public
CERTRecord(Name name, int dclass, long ttl, int certType, int keyTag, int alg, byte [] cert)128 CERTRecord(Name name, int dclass, long ttl, int certType, int keyTag,
129 int alg, byte [] cert)
130 {
131 super(name, Type.CERT, dclass, ttl);
132 this.certType = checkU16("certType", certType);
133 this.keyTag = checkU16("keyTag", keyTag);
134 this.alg = checkU8("alg", alg);
135 this.cert = cert;
136 }
137
138 void
rrFromWire(DNSInput in)139 rrFromWire(DNSInput in) throws IOException {
140 certType = in.readU16();
141 keyTag = in.readU16();
142 alg = in.readU8();
143 cert = in.readByteArray();
144 }
145
146 void
rdataFromString(Tokenizer st, Name origin)147 rdataFromString(Tokenizer st, Name origin) throws IOException {
148 String certTypeString = st.getString();
149 certType = CertificateType.value(certTypeString);
150 if (certType < 0)
151 throw st.exception("Invalid certificate type: " +
152 certTypeString);
153 keyTag = st.getUInt16();
154 String algString = st.getString();
155 alg = DNSSEC.Algorithm.value(algString);
156 if (alg < 0)
157 throw st.exception("Invalid algorithm: " + algString);
158 cert = st.getBase64();
159 }
160
161 /**
162 * Converts rdata to a String
163 */
164 String
rrToString()165 rrToString() {
166 StringBuffer sb = new StringBuffer();
167 sb.append (certType);
168 sb.append (" ");
169 sb.append (keyTag);
170 sb.append (" ");
171 sb.append (alg);
172 if (cert != null) {
173 if (Options.check("multiline")) {
174 sb.append(" (\n");
175 sb.append(base64.formatString(cert, 64, "\t", true));
176 } else {
177 sb.append(" ");
178 sb.append(base64.toString(cert));
179 }
180 }
181 return sb.toString();
182 }
183
184 /**
185 * Returns the type of certificate
186 */
187 public int
getCertType()188 getCertType() {
189 return certType;
190 }
191
192 /**
193 * Returns the ID of the associated KEYRecord, if present
194 */
195 public int
getKeyTag()196 getKeyTag() {
197 return keyTag;
198 }
199
200 /**
201 * Returns the algorithm of the associated KEYRecord, if present
202 */
203 public int
getAlgorithm()204 getAlgorithm() {
205 return alg;
206 }
207
208 /**
209 * Returns the binary representation of the certificate
210 */
211 public byte []
getCert()212 getCert() {
213 return cert;
214 }
215
216 void
rrToWire(DNSOutput out, Compression c, boolean canonical)217 rrToWire(DNSOutput out, Compression c, boolean canonical) {
218 out.writeU16(certType);
219 out.writeU16(keyTag);
220 out.writeU8(alg);
221 out.writeByteArray(cert);
222 }
223
224 }
225