001: // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
002:
003: package org.xbill.DNS;
004:
005: import java.io.*;
006: import java.util.*;
007:
008: /**
009: * Key - contains a cryptographic public key. The data can be converted
010: * to objects implementing java.security.interfaces.PublicKey
011: * @see DNSSEC
012: *
013: * @author Brian Wellington
014: */
015:
016: public class KEYRecord extends KEYBase {
017:
018: public static class Protocol {
019: /**
020: * KEY protocol identifiers.
021: */
022:
023: private Protocol() {
024: }
025:
026: /** No defined protocol. */
027: public static final int NONE = 0;
028:
029: /** Transaction Level Security */
030: public static final int TLS = 1;
031:
032: /** Email */
033: public static final int EMAIL = 2;
034:
035: /** DNSSEC */
036: public static final int DNSSEC = 3;
037:
038: /** IPSEC Control */
039: public static final int IPSEC = 4;
040:
041: /** Any protocol */
042: public static final int ANY = 255;
043:
044: private static Mnemonic protocols = new Mnemonic(
045: "KEY protocol", Mnemonic.CASE_UPPER);
046:
047: static {
048: protocols.setMaximum(0xFF);
049: protocols.setNumericAllowed(true);
050:
051: protocols.add(NONE, "NONE");
052: protocols.add(TLS, "TLS");
053: protocols.add(EMAIL, "EMAIL");
054: protocols.add(DNSSEC, "DNSSEC");
055: protocols.add(IPSEC, "IPSEC");
056: protocols.add(ANY, "ANY");
057: }
058:
059: /**
060: * Converts an KEY protocol value into its textual representation
061: */
062: public static String string(int type) {
063: return protocols.getText(type);
064: }
065:
066: /**
067: * Converts a textual representation of a KEY protocol into its
068: * numeric code. Integers in the range 0..255 are also accepted.
069: * @param s The textual representation of the protocol
070: * @return The protocol code, or -1 on error.
071: */
072: public static int value(String s) {
073: return protocols.getValue(s);
074: }
075: }
076:
077: public static class Flags {
078: /**
079: * KEY flags identifiers.
080: */
081:
082: private Flags() {
083: }
084:
085: /** KEY cannot be used for confidentiality */
086: public static final int NOCONF = 0x4000;
087:
088: /** KEY cannot be used for authentication */
089: public static final int NOAUTH = 0x8000;
090:
091: /** No key present */
092: public static final int NOKEY = 0xC000;
093:
094: /** Bitmask of the use fields */
095: public static final int USE_MASK = 0xC000;
096:
097: /** Flag 2 (unused) */
098: public static final int FLAG2 = 0x2000;
099:
100: /** Flags extension */
101: public static final int EXTEND = 0x1000;
102:
103: /** Flag 4 (unused) */
104: public static final int FLAG4 = 0x0800;
105:
106: /** Flag 5 (unused) */
107: public static final int FLAG5 = 0x0400;
108:
109: /** Key is owned by a user. */
110: public static final int USER = 0x0000;
111:
112: /** Key is owned by a zone. */
113: public static final int ZONE = 0x0100;
114:
115: /** Key is owned by a host. */
116: public static final int HOST = 0x0200;
117:
118: /** Key owner type 3 (reserved). */
119: public static final int NTYP3 = 0x0300;
120:
121: /** Key owner bitmask. */
122: public static final int OWNER_MASK = 0x0300;
123:
124: /** Flag 8 (unused) */
125: public static final int FLAG8 = 0x0080;
126:
127: /** Flag 9 (unused) */
128: public static final int FLAG9 = 0x0040;
129:
130: /** Flag 10 (unused) */
131: public static final int FLAG10 = 0x0020;
132:
133: /** Flag 11 (unused) */
134: public static final int FLAG11 = 0x0010;
135:
136: /** Signatory value 0 */
137: public static final int SIG0 = 0;
138:
139: /** Signatory value 1 */
140: public static final int SIG1 = 1;
141:
142: /** Signatory value 2 */
143: public static final int SIG2 = 2;
144:
145: /** Signatory value 3 */
146: public static final int SIG3 = 3;
147:
148: /** Signatory value 4 */
149: public static final int SIG4 = 4;
150:
151: /** Signatory value 5 */
152: public static final int SIG5 = 5;
153:
154: /** Signatory value 6 */
155: public static final int SIG6 = 6;
156:
157: /** Signatory value 7 */
158: public static final int SIG7 = 7;
159:
160: /** Signatory value 8 */
161: public static final int SIG8 = 8;
162:
163: /** Signatory value 9 */
164: public static final int SIG9 = 9;
165:
166: /** Signatory value 10 */
167: public static final int SIG10 = 10;
168:
169: /** Signatory value 11 */
170: public static final int SIG11 = 11;
171:
172: /** Signatory value 12 */
173: public static final int SIG12 = 12;
174:
175: /** Signatory value 13 */
176: public static final int SIG13 = 13;
177:
178: /** Signatory value 14 */
179: public static final int SIG14 = 14;
180:
181: /** Signatory value 15 */
182: public static final int SIG15 = 15;
183:
184: private static Mnemonic flags = new Mnemonic("KEY flags",
185: Mnemonic.CASE_UPPER);
186:
187: static {
188: flags.setMaximum(0xFFFF);
189: flags.setNumericAllowed(false);
190:
191: flags.add(NOCONF, "NOCONF");
192: flags.add(NOAUTH, "NOAUTH");
193: flags.add(NOKEY, "NOKEY");
194: flags.add(FLAG2, "FLAG2");
195: flags.add(EXTEND, "EXTEND");
196: flags.add(FLAG4, "FLAG4");
197: flags.add(FLAG5, "FLAG5");
198: flags.add(USER, "USER");
199: flags.add(ZONE, "ZONE");
200: flags.add(HOST, "HOST");
201: flags.add(NTYP3, "NTYP3");
202: flags.add(FLAG8, "FLAG8");
203: flags.add(FLAG9, "FLAG9");
204: flags.add(FLAG10, "FLAG10");
205: flags.add(FLAG11, "FLAG11");
206: flags.add(SIG0, "SIG0");
207: flags.add(SIG1, "SIG1");
208: flags.add(SIG2, "SIG2");
209: flags.add(SIG3, "SIG3");
210: flags.add(SIG4, "SIG4");
211: flags.add(SIG5, "SIG5");
212: flags.add(SIG6, "SIG6");
213: flags.add(SIG7, "SIG7");
214: flags.add(SIG8, "SIG8");
215: flags.add(SIG9, "SIG9");
216: flags.add(SIG10, "SIG10");
217: flags.add(SIG11, "SIG11");
218: flags.add(SIG12, "SIG12");
219: flags.add(SIG13, "SIG13");
220: flags.add(SIG14, "SIG14");
221: flags.add(SIG15, "SIG15");
222: }
223:
224: /**
225: * Converts a textual representation of KEY flags into its
226: * numeric code. Integers in the range 0..65535 are also accepted.
227: * @param s The textual representation of the protocol
228: * @return The protocol code, or -1 on error.
229: */
230: public static int value(String s) {
231: int value;
232: try {
233: value = Integer.parseInt(s);
234: if (value >= 0 && value <= 0xFFFF) {
235: return value;
236: }
237: return -1;
238: } catch (NumberFormatException e) {
239: }
240: StringTokenizer st = new StringTokenizer(s, "|");
241: value = 0;
242: while (st.hasMoreTokens()) {
243: int val = flags.getValue(st.nextToken());
244: if (val < 0) {
245: return -1;
246: }
247: value |= val;
248: }
249: return value;
250: }
251: }
252:
253: /* flags */
254: /** This key cannot be used for confidentiality (encryption) */
255: public static final int FLAG_NOCONF = Flags.NOCONF;
256:
257: /** This key cannot be used for authentication */
258: public static final int FLAG_NOAUTH = Flags.NOAUTH;
259:
260: /** This key cannot be used for authentication or confidentiality */
261: public static final int FLAG_NOKEY = Flags.NOKEY;
262:
263: /** A zone key */
264: public static final int OWNER_ZONE = Flags.ZONE;
265:
266: /** A host/end entity key */
267: public static final int OWNER_HOST = Flags.HOST;
268:
269: /** A user key */
270: public static final int OWNER_USER = Flags.USER;
271:
272: /* protocols */
273: /** Key was created for use with transaction level security */
274: public static final int PROTOCOL_TLS = Protocol.TLS;
275:
276: /** Key was created for use with email */
277: public static final int PROTOCOL_EMAIL = Protocol.EMAIL;
278:
279: /** Key was created for use with DNSSEC */
280: public static final int PROTOCOL_DNSSEC = Protocol.DNSSEC;
281:
282: /** Key was created for use with IPSEC */
283: public static final int PROTOCOL_IPSEC = Protocol.IPSEC;
284:
285: /** Key was created for use with any protocol */
286: public static final int PROTOCOL_ANY = Protocol.ANY;
287:
288: KEYRecord() {
289: }
290:
291: Record getObject() {
292: return new KEYRecord();
293: }
294:
295: /**
296: * Creates a KEY Record from the given data
297: * @param flags Flags describing the key's properties
298: * @param proto The protocol that the key was created for
299: * @param alg The key's algorithm
300: * @param key Binary data representing the key
301: */
302: public KEYRecord(Name name, int dclass, long ttl, int flags,
303: int proto, int alg, byte[] key) {
304: super (name, Type.KEY, dclass, ttl, flags, proto, alg, key);
305: }
306:
307: void rdataFromString(Tokenizer st, Name origin) throws IOException {
308: String flagString = st.getIdentifier();
309: flags = Flags.value(flagString);
310: if (flags < 0)
311: throw st.exception("Invalid flags: " + flagString);
312: String protoString = st.getIdentifier();
313: proto = Protocol.value(protoString);
314: if (proto < 0)
315: throw st.exception("Invalid protocol: " + protoString);
316: String algString = st.getIdentifier();
317: alg = DNSSEC.Algorithm.value(algString);
318: if (alg < 0)
319: throw st.exception("Invalid algorithm: " + algString);
320: /* If this is a null KEY, there's no key data */
321: if ((flags & Flags.USE_MASK) == Flags.NOKEY)
322: key = null;
323: else
324: key = st.getBase64();
325: }
326:
327: }
|