1d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org) 2d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 3d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpackage org.xbill.DNS; 4d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 5d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenimport java.io.*; 6d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenimport org.xbill.DNS.utils.*; 7d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 8d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** 9d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Transport Layer Security Authentication 10d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * 11d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @author Brian Wellington 12d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 13d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 14d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic class TLSARecord extends Record { 15d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 16d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenprivate static final long serialVersionUID = 356494267028580169L; 17d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 18d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic static class CertificateUsage { 19d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen private CertificateUsage() {} 20d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 21d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int CA_CONSTRAINT = 0; 22d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1; 23d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int TRUST_ANCHOR_ASSERTION = 2; 24d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int DOMAIN_ISSUED_CERTIFICATE = 3; 25d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 26d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 27d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic static class Selector { 28d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen private Selector() {} 29d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 30d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen /** 31d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Full certificate; the Certificate binary structure defined in 32d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * [RFC5280] 33d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 34d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int FULL_CERTIFICATE = 0; 35d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 36d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen /** 37d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * SubjectPublicKeyInfo; DER-encoded binary structure defined in 38d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * [RFC5280] 39d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 40d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int SUBJECT_PUBLIC_KEY_INFO = 1; 41d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 42d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 43d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic static class MatchingType { 44d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen private MatchingType() {} 45d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 46d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen /** Exact match on selected content */ 47d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int EXACT = 0; 48d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 49d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen /** SHA-256 hash of selected content [RFC6234] */ 50d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int SHA256 = 1; 51d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 52d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen /** SHA-512 hash of selected content [RFC6234] */ 53d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen public static final int SHA512 = 2; 54d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 55d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 56d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenprivate int certificateUsage; 57d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenprivate int selector; 58d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenprivate int matchingType; 59d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenprivate byte [] certificateAssociationData; 60d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 61d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenTLSARecord() {} 62d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 63d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenRecord 64d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChengetObject() { 65d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return new TLSARecord(); 66d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 67d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 68d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** 69d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * Creates an TLSA Record from the given data 70d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @param certificateUsage The provided association that will be used to 71d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * match the certificate presented in the TLS handshake. 72d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @param selector The part of the TLS certificate presented by the server 73d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * that will be matched against the association data. 74d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @param matchingType How the certificate association is presented. 75d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * @param certificateAssociationData The "certificate association data" to be 76d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen * matched. 77d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen */ 78d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic 79d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenTLSARecord(Name name, int dclass, long ttl, 80d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen int certificateUsage, int selector, int matchingType, 81d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen byte [] certificateAssociationData) 82d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen{ 83d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen super(name, Type.TLSA, dclass, ttl); 84d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen this.certificateUsage = checkU8("certificateUsage", certificateUsage); 85d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen this.selector = checkU8("selector", selector); 86d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen this.matchingType = checkU8("matchingType", matchingType); 87d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen this.certificateAssociationData = checkByteArrayLength( 88d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen "certificateAssociationData", 89d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen certificateAssociationData, 90d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 0xFFFF); 91d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 92d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 93d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenvoid 94d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenrrFromWire(DNSInput in) throws IOException { 95d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen certificateUsage = in.readU8(); 96d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen selector = in.readU8(); 97d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen matchingType = in.readU8(); 98d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen certificateAssociationData = in.readByteArray(); 99d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 100d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 101d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenvoid 102d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenrdataFromString(Tokenizer st, Name origin) throws IOException { 103d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen certificateUsage = st.getUInt8(); 104d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen selector = st.getUInt8(); 105d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen matchingType = st.getUInt8(); 106d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen certificateAssociationData = st.getHex(); 107d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 108d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 109d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** Converts rdata to a String */ 110d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenString 111d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenrrToString() { 112d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen StringBuffer sb = new StringBuffer(); 113d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(certificateUsage); 114d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(" "); 115d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(selector); 116d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(" "); 117d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(matchingType); 118d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(" "); 119d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen sb.append(base16.toString(certificateAssociationData)); 120d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 121d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return sb.toString(); 122d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 123d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 124d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenvoid 125d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChenrrToWire(DNSOutput out, Compression c, boolean canonical) { 126d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen out.writeU8(certificateUsage); 127d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen out.writeU8(selector); 128d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen out.writeU8(matchingType); 129d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen out.writeByteArray(certificateAssociationData); 130d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 131d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 132d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** Returns the certificate usage of the TLSA record */ 133d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic int 134d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChengetCertificateUsage() { 135d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return certificateUsage; 136d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 137d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 138d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** Returns the selector of the TLSA record */ 139d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic int 140d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChengetSelector() { 141d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return selector; 142d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 143d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 144d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** Returns the matching type of the TLSA record */ 145d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic int 146d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChengetMatchingType() { 147d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return matchingType; 148d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 149d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 150d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen/** Returns the certificate associate data of this TLSA record */ 151d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chenpublic final byte [] 152d7955ce24d294fb2014c59d11fca184471056f44Shuyi ChengetCertificateAssociationData() { 153d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen return certificateAssociationData; 154d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 155d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen 156d7955ce24d294fb2014c59d11fca184471056f44Shuyi Chen} 157