public class DNSSEC extends Object
DNSSEC provides authentication for DNS information.
RRSIGRecord
,
DNSKEYRecord
,
RRset
Modifier and Type | Class and Description |
---|---|
static class |
DNSSEC.Algorithm
Domain Name System Security (DNSSEC) Algorithm Numbers.
|
static class |
DNSSEC.Digest
DNSSEC Delegation Signer (DS) Resource Record (RR) Type Digest Algorithms.
|
static class |
DNSSEC.DNSSECException
A DNSSEC exception.
|
static class |
DNSSEC.IncompatibleKeyException
The key data provided is inconsistent.
|
static class |
DNSSEC.KeyMismatchException
A DNSSEC verification failed because fields in the DNSKEY and RRSIG records do not match.
|
static class |
DNSSEC.MalformedKeyException
The cryptographic data in a DNSSEC key is malformed.
|
static class |
DNSSEC.NoSignatureException
No signature was found.
|
static class |
DNSSEC.SignatureExpiredException
A DNSSEC verification failed because the signature has expired.
|
static class |
DNSSEC.SignatureNotYetValidException
A DNSSEC verification failed because the signature has not yet become valid.
|
static class |
DNSSEC.SignatureVerificationException
A DNSSEC verification failed because the cryptographic signature verification failed.
|
static class |
DNSSEC.UnsupportedAlgorithmException
An algorithm is unsupported by this DNSSEC implementation.
|
Modifier and Type | Method and Description |
---|---|
static String |
algString(int alg)
Convert an algorithm number to the corresponding JCA string.
|
static byte[] |
digestMessage(SIGRecord sig,
Message msg,
byte[] previous)
Creates a byte array containing the concatenation of the fields of the SIG(0) record and the
message to be signed.
|
static byte[] |
digestRRset(RRSIGRecord rrsig,
RRset rrset)
Creates a byte array containing the concatenation of the fields of the SIG record and the
RRsets to be signed/verified.
|
static RRSIGRecord |
sign(RRset rrset,
DNSKEYRecord key,
PrivateKey privkey,
Date inception,
Date expiration)
Deprecated.
|
static RRSIGRecord |
sign(RRset rrset,
DNSKEYRecord key,
PrivateKey privkey,
Date inception,
Date expiration,
String provider)
Deprecated.
|
static RRSIGRecord |
sign(RRset rrset,
DNSKEYRecord key,
PrivateKey privkey,
Instant inception,
Instant expiration)
Generate a DNSSEC signature.
|
static RRSIGRecord |
sign(RRset rrset,
DNSKEYRecord key,
PrivateKey privkey,
Instant inception,
Instant expiration,
String provider)
Generate a DNSSEC signature.
|
static void |
verify(RRset rrset,
RRSIGRecord rrsig,
DNSKEYRecord key)
Verify a DNSSEC signature.
|
static void |
verify(RRset rrset,
RRSIGRecord rrsig,
DNSKEYRecord key,
Date date)
Deprecated.
|
static void |
verify(RRset rrset,
RRSIGRecord rrsig,
DNSKEYRecord key,
Instant date)
Verify a DNSSEC signature.
|
public static byte[] digestRRset(RRSIGRecord rrsig, RRset rrset)
rrsig
- The RRSIG record used to sign/verify the rrset.rrset
- The data to be signed/verified.public static byte[] digestMessage(SIGRecord sig, Message msg, byte[] previous)
sig
- The SIG record used to sign the rrset.msg
- The message to be signed.previous
- If this is a response, the signature from the query.public static String algString(int alg) throws DNSSEC.UnsupportedAlgorithmException
alg
- The algorithm number.DNSSEC.UnsupportedAlgorithmException
- The algorithm is unknown.public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key) throws DNSSEC.DNSSECException
rrset
- The data to be verified.rrsig
- The RRSIG record containing the signature.key
- The DNSKEY record to verify the signature with.DNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.KeyMismatchException
- The key and signature do not matchDNSSEC.SignatureExpiredException
- The signature has expiredDNSSEC.SignatureNotYetValidException
- The signature is not yet validDNSSEC.SignatureVerificationException
- The signature does not verify.DNSSEC.DNSSECException
- Some other error occurred.@Deprecated public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Date date) throws DNSSEC.DNSSECException
verify(RRset, RRSIGRecord, DNSKEYRecord, Instant)
rrset
- The data to be verified.rrsig
- The RRSIG record containing the signature.key
- The DNSKEY record to verify the signature with.date
- The date against which the signature is verified.DNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.KeyMismatchException
- The key and signature do not matchDNSSEC.SignatureExpiredException
- The signature has expiredDNSSEC.SignatureNotYetValidException
- The signature is not yet validDNSSEC.SignatureVerificationException
- The signature does not verify.DNSSEC.DNSSECException
- Some other error occurred.public static void verify(RRset rrset, RRSIGRecord rrsig, DNSKEYRecord key, Instant date) throws DNSSEC.DNSSECException
rrset
- The data to be verified.rrsig
- The RRSIG record containing the signature.key
- The DNSKEY record to verify the signature with.date
- The date against which the signature is verified.DNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.KeyMismatchException
- The key and signature do not matchDNSSEC.SignatureExpiredException
- The signature has expiredDNSSEC.SignatureNotYetValidException
- The signature is not yet validDNSSEC.SignatureVerificationException
- The signature does not verify.DNSSEC.DNSSECException
- Some other error occurred.@Deprecated public static RRSIGRecord sign(RRset rrset, DNSKEYRecord key, PrivateKey privkey, Date inception, Date expiration) throws DNSSEC.DNSSECException
sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant)
rrset
- The data to be signedkey
- The DNSKEY record to use as part of signingprivkey
- The PrivateKey to use when signinginception
- The time at which the signatures should become validexpiration
- The time at which the signatures should expireDNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.DNSSECException
- Some other error occurred.@Deprecated public static RRSIGRecord sign(RRset rrset, DNSKEYRecord key, PrivateKey privkey, Date inception, Date expiration, String provider) throws DNSSEC.DNSSECException
sign(RRset, DNSKEYRecord, PrivateKey, Instant, Instant, String)
rrset
- The data to be signedkey
- The DNSKEY record to use as part of signingprivkey
- The PrivateKey to use when signinginception
- The time at which the signatures should become validexpiration
- The time at which the signatures should expireDNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.DNSSECException
- Some other error occurred.public static RRSIGRecord sign(RRset rrset, DNSKEYRecord key, PrivateKey privkey, Instant inception, Instant expiration) throws DNSSEC.DNSSECException
rrset
- The data to be signedkey
- The DNSKEY record to use as part of signingprivkey
- The PrivateKey to use when signinginception
- The time at which the signatures should become validexpiration
- The time at which the signatures should expireDNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.DNSSECException
- Some other error occurred.public static RRSIGRecord sign(RRset rrset, DNSKEYRecord key, PrivateKey privkey, Instant inception, Instant expiration, String provider) throws DNSSEC.DNSSECException
rrset
- The data to be signedkey
- The DNSKEY record to use as part of signingprivkey
- The PrivateKey to use when signinginception
- The time at which the signatures should become validexpiration
- The time at which the signatures should expireprovider
- The name of the JCA provider. If non-null, it will be passed to JCA
getInstance() methods.DNSSEC.UnsupportedAlgorithmException
- The algorithm is unknownDNSSEC.MalformedKeyException
- The key is malformedDNSSEC.DNSSECException
- Some other error occurred.Copyright © 2022 dnsjava.org. All rights reserved.