PC Professionell 2007 April

home *** CD-ROM | disk | FTP | other *** search

/ PC Professionell 2007 April / PCpro_2007_04.ISO / files / dsl / jNetTool.exe / org / xbill / DNS / TSIG.class (.txt) < prev next >

Wrap

Java Class File | 2005-06-05 | 6.8 KB | 254 lines

package org.xbill.DNS; import java.util.Date; import org.xbill.DNS.utils.base16; import org.xbill.DNS.utils.base64; import org.xbill.DNS.utils.hmacSigner; public class TSIG { public static final Name HMAC = Name.fromConstantString("HMAC-MD5.SIG-ALG.REG.INT."); public static final short FUDGE = 300; private Name name; private Name alg; private byte[] key; static { if (Options.check("verbosehmac")) { hmacSigner.verbose = true; } } public TSIG(Name name, byte[] key) { this.name = name; this.alg = HMAC; this.key = key; } public TSIG(String name, String key) { byte[] keyArray; if (key.length() > 1 && key.charAt(0) == ':') { keyArray = base16.fromString(key.substring(1)); } else { keyArray = base64.fromString(key); } if (keyArray == null) { throw new IllegalArgumentException("Invalid TSIG key string"); } else { Name keyname; try { keyname = Name.fromString(name, Name.root); } catch (TextParseException var6) { throw new IllegalArgumentException("Invalid TSIG key name"); } this.name = keyname; this.alg = HMAC; this.key = keyArray; } } public TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old) { Date timeSigned; if (error != 18) { timeSigned = new Date(); } else { timeSigned = old.getTimeSigned(); } hmacSigner h = null; if (error == 0 || error == 18) { h = new hmacSigner(this.key); } int fudge = Options.intValue("tsigfudge"); if (fudge < 0 || fudge > 32767) { fudge = 300; } if (old != null) { DNSOutput out = new DNSOutput(); out.writeU16(old.getSignature().length); if (h != null) { h.addData(out.toByteArray()); h.addData(old.getSignature()); } } if (h != null) { h.addData(b); } DNSOutput out = new DNSOutput(); this.name.toWireCanonical(out); out.writeU16(255); out.writeU32(0L); this.alg.toWireCanonical(out); long time = timeSigned.getTime() / 1000L; int timeHigh = (int)(time >> 32); long timeLow = time & 4294967295L; out.writeU16(timeHigh); out.writeU32(timeLow); out.writeU16(fudge); out.writeU16(error); out.writeU16(0); if (h != null) { h.addData(out.toByteArray()); } byte[] signature; if (h != null) { signature = h.sign(); } else { signature = new byte[0]; } byte[] other = (byte[])null; if (error == 18) { out = new DNSOutput(); time = (new Date()).getTime() / 1000L; timeHigh = (int)(time >> 32); timeLow = time & 4294967295L; out.writeU16(timeHigh); out.writeU32(timeLow); other = out.toByteArray(); } return new TSIGRecord(this.name, 255, 0L, this.alg, timeSigned, fudge, signature, m.getHeader().getID(), error, other); } public void apply(Message m, int error, TSIGRecord old) { Record r = this.generate(m, m.toWire(), error, old); m.addRecord(r, 3); m.tsigState = 3; } public void apply(Message m, TSIGRecord old) { this.apply(m, 0, old); } public void applyStream(Message m, TSIGRecord old, boolean first) { if (first) { this.apply(m, old); } else { Date timeSigned = new Date(); hmacSigner h = new hmacSigner(this.key); int fudge = Options.intValue("tsigfudge"); if (fudge < 0 || fudge > 32767) { fudge = 300; } DNSOutput out = new DNSOutput(); out.writeU16(old.getSignature().length); h.addData(out.toByteArray()); h.addData(old.getSignature()); h.addData(m.toWire()); out = new DNSOutput(); long time = timeSigned.getTime() / 1000L; int timeHigh = (int)(time >> 32); long timeLow = time & 4294967295L; out.writeU16(timeHigh); out.writeU32(timeLow); out.writeU16(fudge); h.addData(out.toByteArray()); byte[] signature = h.sign(); byte[] other = (byte[])null; Record r = new TSIGRecord(this.name, 255, 0L, this.alg, timeSigned, fudge, signature, m.getHeader().getID(), 0, other); m.addRecord(r, 3); m.tsigState = 3; } } public byte verify(Message m, byte[] b, int length, TSIGRecord old) { TSIGRecord tsig = m.getTSIG(); hmacSigner h = new hmacSigner(this.key); if (tsig == null) { return 1; } else if (tsig.getName().equals(this.name) && tsig.getAlgorithm().equals(this.alg)) { long now = System.currentTimeMillis(); long then = tsig.getTimeSigned().getTime(); long fudge = (long)tsig.getFudge(); if (Math.abs(now - then) > fudge * 1000L) { if (Options.check("verbose")) { System.err.println("BADTIME failure"); } return 18; } else { if (old != null && tsig.getError() != 17 && tsig.getError() != 16) { DNSOutput out = new DNSOutput(); out.writeU16(old.getSignature().length); h.addData(out.toByteArray()); h.addData(old.getSignature()); } m.getHeader().decCount(3); byte[] header = m.getHeader().toWire(); m.getHeader().incCount(3); h.addData(header); int len = m.tsigstart - header.length; h.addData(b, header.length, len); DNSOutput out = new DNSOutput(); tsig.getName().toWireCanonical(out); out.writeU16(tsig.dclass); out.writeU32(tsig.ttl); tsig.getAlgorithm().toWireCanonical(out); long time = tsig.getTimeSigned().getTime() / 1000L; int timeHigh = (int)(time >> 32); long timeLow = time & 4294967295L; out.writeU16(timeHigh); out.writeU32(timeLow); out.writeU16(tsig.getFudge()); out.writeU16(tsig.getError()); if (tsig.getOther() != null) { out.writeU16(tsig.getOther().length); out.writeByteArray(tsig.getOther()); } else { out.writeU16(0); } h.addData(out.toByteArray()); if (h.verify(tsig.getSignature())) { return 0; } else { if (Options.check("verbose")) { System.err.println("BADSIG failure"); } return 16; } } } else { if (Options.check("verbose")) { System.err.println("BADKEY failure"); } return 17; } } public int verify(Message m, byte[] b, TSIGRecord old) { return this.verify(m, b, b.length, old); } public int recordLength() { return this.name.length() + 10 + HMAC.length() + 8 + 18 + 4 + 8; } // $FF: synthetic method static byte[] access$0(TSIG var0) { return var0.key; } // $FF: synthetic method static Name access$1(TSIG var0) { return var0.name; } // $FF: synthetic method static Name access$2(TSIG var0) { return var0.alg; } }