| // Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org) |
| |
| package org.xbill.DNS; |
| |
| import java.io.*; |
| import org.xbill.DNS.utils.*; |
| |
| /** |
| * Transport Layer Security Authentication |
| * |
| * @author Brian Wellington |
| */ |
| |
| public class TLSARecord extends Record { |
| |
| private static final long serialVersionUID = 356494267028580169L; |
| |
| public static class CertificateUsage { |
| private CertificateUsage() {} |
| |
| public static final int CA_CONSTRAINT = 0; |
| public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1; |
| public static final int TRUST_ANCHOR_ASSERTION = 2; |
| public static final int DOMAIN_ISSUED_CERTIFICATE = 3; |
| } |
| |
| public static class Selector { |
| private Selector() {} |
| |
| /** |
| * Full certificate; the Certificate binary structure defined in |
| * [RFC5280] |
| */ |
| public static final int FULL_CERTIFICATE = 0; |
| |
| /** |
| * SubjectPublicKeyInfo; DER-encoded binary structure defined in |
| * [RFC5280] |
| */ |
| public static final int SUBJECT_PUBLIC_KEY_INFO = 1; |
| } |
| |
| public static class MatchingType { |
| private MatchingType() {} |
| |
| /** Exact match on selected content */ |
| public static final int EXACT = 0; |
| |
| /** SHA-256 hash of selected content [RFC6234] */ |
| public static final int SHA256 = 1; |
| |
| /** SHA-512 hash of selected content [RFC6234] */ |
| public static final int SHA512 = 2; |
| } |
| |
| private int certificateUsage; |
| private int selector; |
| private int matchingType; |
| private byte [] certificateAssociationData; |
| |
| TLSARecord() {} |
| |
| Record |
| getObject() { |
| return new TLSARecord(); |
| } |
| |
| /** |
| * Creates an TLSA Record from the given data |
| * @param certificateUsage The provided association that will be used to |
| * match the certificate presented in the TLS handshake. |
| * @param selector The part of the TLS certificate presented by the server |
| * that will be matched against the association data. |
| * @param matchingType How the certificate association is presented. |
| * @param certificateAssociationData The "certificate association data" to be |
| * matched. |
| */ |
| public |
| TLSARecord(Name name, int dclass, long ttl, |
| int certificateUsage, int selector, int matchingType, |
| byte [] certificateAssociationData) |
| { |
| super(name, Type.TLSA, dclass, ttl); |
| this.certificateUsage = checkU8("certificateUsage", certificateUsage); |
| this.selector = checkU8("selector", selector); |
| this.matchingType = checkU8("matchingType", matchingType); |
| this.certificateAssociationData = checkByteArrayLength( |
| "certificateAssociationData", |
| certificateAssociationData, |
| 0xFFFF); |
| } |
| |
| void |
| rrFromWire(DNSInput in) throws IOException { |
| certificateUsage = in.readU8(); |
| selector = in.readU8(); |
| matchingType = in.readU8(); |
| certificateAssociationData = in.readByteArray(); |
| } |
| |
| void |
| rdataFromString(Tokenizer st, Name origin) throws IOException { |
| certificateUsage = st.getUInt8(); |
| selector = st.getUInt8(); |
| matchingType = st.getUInt8(); |
| certificateAssociationData = st.getHex(); |
| } |
| |
| /** Converts rdata to a String */ |
| String |
| rrToString() { |
| StringBuffer sb = new StringBuffer(); |
| sb.append(certificateUsage); |
| sb.append(" "); |
| sb.append(selector); |
| sb.append(" "); |
| sb.append(matchingType); |
| sb.append(" "); |
| sb.append(base16.toString(certificateAssociationData)); |
| |
| return sb.toString(); |
| } |
| |
| void |
| rrToWire(DNSOutput out, Compression c, boolean canonical) { |
| out.writeU8(certificateUsage); |
| out.writeU8(selector); |
| out.writeU8(matchingType); |
| out.writeByteArray(certificateAssociationData); |
| } |
| |
| /** Returns the certificate usage of the TLSA record */ |
| public int |
| getCertificateUsage() { |
| return certificateUsage; |
| } |
| |
| /** Returns the selector of the TLSA record */ |
| public int |
| getSelector() { |
| return selector; |
| } |
| |
| /** Returns the matching type of the TLSA record */ |
| public int |
| getMatchingType() { |
| return matchingType; |
| } |
| |
| /** Returns the certificate associate data of this TLSA record */ |
| public final byte [] |
| getCertificateAssociationData() { |
| return certificateAssociationData; |
| } |
| |
| } |