01: // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
02:
03: package org.xbill.DNS.security;
04:
05: import java.io.*;
06: import java.security.cert.*;
07: import org.xbill.DNS.*;
08:
09: /**
10: * Routines to convert between a DNS CERT record and a Java Certificate.
11: * @see CERTRecord
12: * @see java.security.cert.Certificate
13: *
14: * @author Brian Wellington
15: */
16:
17: public class CERTConverter {
18:
19: /** Converts a CERT record into a Certificate */
20: public static Certificate parseRecord(CERTRecord r) {
21: int type = r.getCertType();
22: byte[] data = r.getCert();
23: Certificate cert;
24: try {
25: switch (type) {
26: case CERTRecord.PKIX: {
27: CertificateFactory cf;
28: ByteArrayInputStream bs;
29:
30: cf = CertificateFactory.getInstance("X.509");
31: bs = new ByteArrayInputStream(data);
32: cert = cf.generateCertificate(bs);
33: break;
34: }
35: default:
36: return null;
37: }
38: return cert;
39: } catch (CertificateException e) {
40: if (Options.check("verboseexceptions"))
41: System.err.println("Cert parse exception:" + e);
42: return null;
43: }
44: }
45:
46: /** Builds a CERT record from a Certificate associated with a key also in DNS */
47: public static CERTRecord buildRecord(Name name, int dclass,
48: long ttl, Certificate cert, int tag, int alg) {
49: int type;
50: byte[] data;
51:
52: try {
53: if (cert instanceof X509Certificate) {
54: type = CERTRecord.PKIX;
55: data = cert.getEncoded();
56: } else
57: return null;
58:
59: return new CERTRecord(name, dclass, ttl, type, tag, alg,
60: data);
61: } catch (CertificateException e) {
62: if (Options.check("verboseexceptions"))
63: System.err.println("Cert build exception:" + e);
64: return null;
65: }
66: }
67:
68: /** Builds a CERT record from a Certificate */
69: public static CERTRecord buildRecord(Name name, int dclass,
70: long ttl, Certificate cert) {
71: return buildRecord(name, dclass, ttl, cert, 0, 0);
72: }
73:
74: }
|