001: // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
002:
003: package org.xbill.DNS;
004:
005: import java.io.*;
006: import org.xbill.DNS.utils.*;
007:
008: /**
009: * Certificate Record - Stores a certificate associated with a name. The
010: * certificate might also be associated with a KEYRecord.
011: * @see KEYRecord
012: *
013: * @author Brian Wellington
014: */
015:
016: public class CERTRecord extends Record {
017:
018: public static class CertificateType {
019: /** Certificate type identifiers. See RFC 4398 for more detail. */
020:
021: private CertificateType() {
022: }
023:
024: /** PKIX (X.509v3) */
025: public static final int PKIX = 1;
026:
027: /** Simple Public Key Infrastructure */
028: public static final int SPKI = 2;
029:
030: /** Pretty Good Privacy */
031: public static final int PGP = 3;
032:
033: /** URL of an X.509 data object */
034: public static final int IPKIX = 4;
035:
036: /** URL of an SPKI certificate */
037: public static final int ISPKI = 5;
038:
039: /** Fingerprint and URL of an OpenPGP packet */
040: public static final int IPGP = 6;
041:
042: /** Attribute Certificate */
043: public static final int ACPKIX = 7;
044:
045: /** URL of an Attribute Certificate */
046: public static final int IACPKIX = 8;
047:
048: /** Certificate format defined by URI */
049: public static final int URI = 253;
050:
051: /** Certificate format defined by OID */
052: public static final int OID = 254;
053:
054: private static Mnemonic types = new Mnemonic(
055: "Certificate type", Mnemonic.CASE_UPPER);
056:
057: static {
058: types.setMaximum(0xFFFF);
059: types.setNumericAllowed(true);
060:
061: types.add(PKIX, "PKIX");
062: types.add(SPKI, "SPKI");
063: types.add(PGP, "PGP");
064: types.add(PKIX, "IPKIX");
065: types.add(SPKI, "ISPKI");
066: types.add(PGP, "IPGP");
067: types.add(PGP, "ACPKIX");
068: types.add(PGP, "IACPKIX");
069: types.add(URI, "URI");
070: types.add(OID, "OID");
071: }
072:
073: /**
074: * Converts a certificate type into its textual representation
075: */
076: public static String string(int type) {
077: return types.getText(type);
078: }
079:
080: /**
081: * Converts a textual representation of an certificate type into its
082: * numeric code. Integers in the range 0..65535 are also accepted.
083: * @param s The textual representation of the algorithm
084: * @return The algorithm code, or -1 on error.
085: */
086: public static int value(String s) {
087: return types.getValue(s);
088: }
089: }
090:
091: /** PKIX (X.509v3) */
092: public static final int PKIX = CertificateType.PKIX;
093:
094: /** Simple Public Key Infrastructure */
095: public static final int SPKI = CertificateType.SPKI;
096:
097: /** Pretty Good Privacy */
098: public static final int PGP = CertificateType.PGP;
099:
100: /** Certificate format defined by URI */
101: public static final int URI = CertificateType.URI;
102:
103: /** Certificate format defined by IOD */
104: public static final int OID = CertificateType.OID;
105:
106: private int certType, keyTag;
107: private int alg;
108: private byte[] cert;
109:
110: CERTRecord() {
111: }
112:
113: Record getObject() {
114: return new CERTRecord();
115: }
116:
117: /**
118: * Creates a CERT Record from the given data
119: * @param certType The type of certificate (see constants)
120: * @param keyTag The ID of the associated KEYRecord, if present
121: * @param alg The algorithm of the associated KEYRecord, if present
122: * @param cert Binary data representing the certificate
123: */
124: public CERTRecord(Name name, int dclass, long ttl, int certType,
125: int keyTag, int alg, byte[] cert) {
126: super (name, Type.CERT, dclass, ttl);
127: this .certType = checkU16("certType", certType);
128: this .keyTag = checkU16("keyTag", keyTag);
129: this .alg = checkU8("alg", alg);
130: this .cert = cert;
131: }
132:
133: void rrFromWire(DNSInput in) throws IOException {
134: certType = in.readU16();
135: keyTag = in.readU16();
136: alg = in.readU8();
137: cert = in.readByteArray();
138: }
139:
140: void rdataFromString(Tokenizer st, Name origin) throws IOException {
141: String certTypeString = st.getString();
142: certType = CertificateType.value(certTypeString);
143: if (certType < 0)
144: throw st.exception("Invalid certificate type: "
145: + certTypeString);
146: keyTag = st.getUInt16();
147: String algString = st.getString();
148: alg = DNSSEC.Algorithm.value(algString);
149: if (alg < 0)
150: throw st.exception("Invalid algorithm: " + algString);
151: cert = st.getBase64();
152: }
153:
154: /**
155: * Converts rdata to a String
156: */
157: String rrToString() {
158: StringBuffer sb = new StringBuffer();
159: sb.append(certType);
160: sb.append(" ");
161: sb.append(keyTag);
162: sb.append(" ");
163: sb.append(alg);
164: if (cert != null) {
165: if (Options.check("multiline")) {
166: sb.append(" (\n");
167: sb.append(base64.formatString(cert, 64, "\t", true));
168: } else {
169: sb.append(" ");
170: sb.append(base64.toString(cert));
171: }
172: }
173: return sb.toString();
174: }
175:
176: /**
177: * Returns the type of certificate
178: */
179: public int getCertType() {
180: return certType;
181: }
182:
183: /**
184: * Returns the ID of the associated KEYRecord, if present
185: */
186: public int getKeyTag() {
187: return keyTag;
188: }
189:
190: /**
191: * Returns the algorithm of the associated KEYRecord, if present
192: */
193: public int getAlgorithm() {
194: return alg;
195: }
196:
197: /**
198: * Returns the binary representation of the certificate
199: */
200: public byte[] getCert() {
201: return cert;
202: }
203:
204: void rrToWire(DNSOutput out, Compression c, boolean canonical) {
205: out.writeU16(certType);
206: out.writeU16(keyTag);
207: out.writeU8(alg);
208: out.writeByteArray(cert);
209: }
210:
211: }
|