src/org/xbill/DNS/SIG0.java - platform/external/smack - Git at Google

 // Copyright (c) 2001-2004 Brian Wellington (bwelling@xbill.org)

 package org.xbill.DNS;

 import java.security.PrivateKey;
 import java.util.Date;

 /**
  * Creates SIG(0) transaction signatures.
  *
  * @author Pasi Eronen
  * @author Brian Wellington
  */

 public class SIG0 {

 /**
  * The default validity period for outgoing SIG(0) signed messages.
  * Can be overriden by the sig0validity option.
  */
 private static final short VALIDITY = 300;

 private
 SIG0() { }

 /**
  * Sign a message with SIG(0). The DNS key and private key must refer to the
  * same underlying cryptographic key.
  * @param message The message to be signed
  * @param key The DNSKEY record to use as part of signing
  * @param privkey The PrivateKey to use when signing
  * @param previous If this message is a response, the SIG(0) from the query
  */
 public static void
 signMessage(Message message, KEYRecord key, PrivateKey privkey,
 	    SIGRecord previous) throws DNSSEC.DNSSECException
 {

 	int validity = Options.intValue("sig0validity");
 	if (validity < 0)
 		validity = VALIDITY;

 	long now = System.currentTimeMillis();
 	Date timeSigned = new Date(now);
 	Date timeExpires = new Date(now + validity * 1000);

 	SIGRecord sig =  DNSSEC.signMessage(message, previous, key, privkey,
 					    timeSigned, timeExpires);

 	message.addRecord(sig, Section.ADDITIONAL);
 }

 /**
  * Verify a message using SIG(0).
  * @param message The message to be signed
  * @param b An array containing the message in unparsed form.  This is
  * necessary since SIG(0) signs the message in wire format, and we can't
  * recreate the exact wire format (with the same name compression).
  * @param key The KEY record to verify the signature with.
  * @param previous If this message is a response, the SIG(0) from the query
  */
 public static void
 verifyMessage(Message message, byte [] b, KEYRecord key, SIGRecord previous)
 	throws DNSSEC.DNSSECException
 {
 	SIGRecord sig = null;
 	Record [] additional = message.getSectionArray(Section.ADDITIONAL);
 	for (int i = 0; i < additional.length; i++) {
 		if (additional[i].getType() != Type.SIG)
 			continue;
 		if (((SIGRecord) additional[i]).getTypeCovered() != 0)
 			continue;
 		sig = (SIGRecord) additional[i];
 		break;
 	}
 	DNSSEC.verifyMessage(message, b, sig, previous, key);
 }

 }
	// Copyright (c) 2001-2004 Brian Wellington (bwelling@xbill.org)

	package org.xbill.DNS;

	import java.security.PrivateKey;
	import java.util.Date;

	/**
	* Creates SIG(0) transaction signatures.
	*
	* @author Pasi Eronen
	* @author Brian Wellington
	*/

	public class SIG0 {

	/**
	* The default validity period for outgoing SIG(0) signed messages.
	* Can be overriden by the sig0validity option.
	*/
	private static final short VALIDITY = 300;

	private
	SIG0() { }

	/**
	* Sign a message with SIG(0). The DNS key and private key must refer to the
	* same underlying cryptographic key.
	* @param message The message to be signed
	* @param key The DNSKEY record to use as part of signing
	* @param privkey The PrivateKey to use when signing
	* @param previous If this message is a response, the SIG(0) from the query
	*/
	public static void
	signMessage(Message message, KEYRecord key, PrivateKey privkey,
	SIGRecord previous) throws DNSSEC.DNSSECException
	{

	int validity = Options.intValue("sig0validity");
	if (validity < 0)
	validity = VALIDITY;

	long now = System.currentTimeMillis();
	Date timeSigned = new Date(now);
	Date timeExpires = new Date(now + validity * 1000);

	SIGRecord sig = DNSSEC.signMessage(message, previous, key, privkey,
	timeSigned, timeExpires);

	message.addRecord(sig, Section.ADDITIONAL);
	}

	/**
	* Verify a message using SIG(0).
	* @param message The message to be signed
	* @param b An array containing the message in unparsed form. This is
	* necessary since SIG(0) signs the message in wire format, and we can't
	* recreate the exact wire format (with the same name compression).
	* @param key The KEY record to verify the signature with.
	* @param previous If this message is a response, the SIG(0) from the query
	*/
	public static void
	verifyMessage(Message message, byte [] b, KEYRecord key, SIGRecord previous)
	throws DNSSEC.DNSSECException
	{
	SIGRecord sig = null;
	Record [] additional = message.getSectionArray(Section.ADDITIONAL);
	for (int i = 0; i < additional.length; i++) {
	if (additional[i].getType() != Type.SIG)
	continue;
	if (((SIGRecord) additional[i]).getTypeCovered() != 0)
	continue;
	sig = (SIGRecord) additional[i];
	break;
	}
	DNSSEC.verifyMessage(message, b, sig, previous, key);
	}

	}