All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.xbill.DNS.CERTRecord Maven / Gradle / Ivy

The newest version!
// Copyright (c) 1999-2004 Brian Wellington ([email protected])

package org.xbill.DNS;

import java.io.*;
import org.xbill.DNS.utils.*;

/**
 * Certificate Record  - Stores a certificate associated with a name.  The
 * certificate might also be associated with a KEYRecord.
 * @see KEYRecord
 *
 * @author Brian Wellington
 */

public class CERTRecord extends Record {

public static class CertificateType {
	/** Certificate type identifiers.  See RFC 4398 for more detail. */

	private CertificateType() {}

	/** PKIX (X.509v3) */
	public static final int PKIX = 1;

	/** Simple Public Key Infrastructure */
	public static final int SPKI = 2;

	/** Pretty Good Privacy */
	public static final int PGP = 3;

	/** URL of an X.509 data object */
	public static final int IPKIX = 4;

	/** URL of an SPKI certificate */
	public static final int ISPKI = 5;

	/** Fingerprint and URL of an OpenPGP packet */
	public static final int IPGP = 6;

	/** Attribute Certificate */
	public static final int ACPKIX = 7;

	/** URL of an Attribute Certificate */
	public static final int IACPKIX = 8;

	/** Certificate format defined by URI */
	public static final int URI = 253;

	/** Certificate format defined by OID */
	public static final int OID = 254;

	private static Mnemonic types = new Mnemonic("Certificate type",
						     Mnemonic.CASE_UPPER);

	static {
		types.setMaximum(0xFFFF);
		types.setNumericAllowed(true);

		types.add(PKIX, "PKIX");
		types.add(SPKI, "SPKI");
		types.add(PGP, "PGP");
		types.add(PKIX, "IPKIX");
		types.add(SPKI, "ISPKI");
		types.add(PGP, "IPGP");
		types.add(PGP, "ACPKIX");
		types.add(PGP, "IACPKIX");
		types.add(URI, "URI");
		types.add(OID, "OID");
	}

	/**
	 * Converts a certificate type into its textual representation
	 */
	public static String
	string(int type) {
		return types.getText(type);
	}

	/**
	 * Converts a textual representation of an certificate type into its
	 * numeric code.  Integers in the range 0..65535 are also accepted.
	 * @param s The textual representation of the algorithm
	 * @return The algorithm code, or -1 on error.
	 */
	public static int
	value(String s) {
		return types.getValue(s);
	}
}

/** PKIX (X.509v3) */
public static final int PKIX = CertificateType.PKIX;

/** Simple Public Key Infrastructure  */
public static final int SPKI = CertificateType.SPKI;

/** Pretty Good Privacy */
public static final int PGP = CertificateType.PGP;

/** Certificate format defined by URI */
public static final int URI = CertificateType.URI;

/** Certificate format defined by IOD */
public static final int OID = CertificateType.OID;

private static final long serialVersionUID = 4763014646517016835L;

private int certType, keyTag;
private int alg;
private byte [] cert;

CERTRecord() {}

Record
getObject() {
	return new CERTRecord();
}

/**
 * Creates a CERT Record from the given data
 * @param certType The type of certificate (see constants)
 * @param keyTag The ID of the associated KEYRecord, if present
 * @param alg The algorithm of the associated KEYRecord, if present
 * @param cert Binary data representing the certificate
 */
public
CERTRecord(Name name, int dclass, long ttl, int certType, int keyTag,
	   int alg, byte []  cert)
{
	super(name, Type.CERT, dclass, ttl);
	this.certType = checkU16("certType", certType);
	this.keyTag = checkU16("keyTag", keyTag);
	this.alg = checkU8("alg", alg);
	this.cert = cert;
}

void
rrFromWire(DNSInput in) throws IOException {
	certType = in.readU16();
	keyTag = in.readU16();
	alg = in.readU8();
	cert = in.readByteArray();
}

void
rdataFromString(Tokenizer st, Name origin) throws IOException {
	String certTypeString = st.getString();
	certType = CertificateType.value(certTypeString);
	if (certType < 0)
		throw st.exception("Invalid certificate type: " +
				   certTypeString);
	keyTag = st.getUInt16();
	String algString = st.getString();
	alg = DNSSEC.Algorithm.value(algString);
	if (alg < 0)
		throw st.exception("Invalid algorithm: " + algString);
	cert = st.getBase64();
}

/**
 * Converts rdata to a String
 */
String
rrToString() {
	StringBuffer sb = new StringBuffer();
	sb.append (certType);
	sb.append (" ");
	sb.append (keyTag);
	sb.append (" ");
	sb.append (alg);
	if (cert != null) {
		if (Options.check("multiline")) {
			sb.append(" (\n");
			sb.append(base64.formatString(cert, 64, "\t", true));
		} else {
			sb.append(" ");
			sb.append(base64.toString(cert));
		}
	}
	return sb.toString();
}

/**
 * Returns the type of certificate
 */
public int
getCertType() {
	return certType;
}

/**
 * Returns the ID of the associated KEYRecord, if present
 */
public int
getKeyTag() {
	return keyTag;
}

/**
 * Returns the algorithm of the associated KEYRecord, if present
 */
public int
getAlgorithm() {
	return alg;
}

/**
 * Returns the binary representation of the certificate
 */
public byte []
getCert() {
	return cert;
}

void
rrToWire(DNSOutput out, Compression c, boolean canonical) {
	out.writeU16(certType);
	out.writeU16(keyTag);
	out.writeU8(alg);
	out.writeByteArray(cert);
}

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy