This is an automated email from the ASF dual-hosted git repository.
elsloo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git
commit de77c910495de54db109d7ff07298261072d0c75
Author: Jesse Rivas <jesse_ri...@comcast.com>
AuthorDate: Tue Feb 20 14:52:25 2018 -0700
Refactored jdnssec code in traffic_router_core
---
traffic_router/core/pom.xml | 7 +
.../traffic_router/core/dns/DNSKeyPairWrapper.java | 190 -------------------
.../traffic_router/core/dns/JDnsSecSigner.java | 68 -------
.../core/dns/keys/SigningTestDataGenerator.java | 175 ------------------
.../core/dns/keys/ZoneSignerTest.java | 203 ---------------------
traffic_router/pom.xml | 12 ++
6 files changed, 19 insertions(+), 636 deletions(-)
diff --git a/traffic_router/core/pom.xml b/traffic_router/core/pom.xml
index bf98ff6..f238004 100644
--- a/traffic_router/core/pom.xml
+++ b/traffic_router/core/pom.xml
@@ -211,6 +211,13 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.1.1</version>
+ <configuration>
+ <attachClasses>true</attachClasses>
+ </configuration>
+ </plugin>
</plugins>
</build>
diff --git
a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
deleted file mode 100644
index c393b88..0000000
---
a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
+++ /dev/null
@@ -1,190 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.core.dns;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Calendar;
-import java.util.Date;
-
-import javax.xml.bind.DatatypeConverter;
-
-import com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtils;
-import
com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtilsException;
-import com.fasterxml.jackson.databind.JsonNode;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.Master;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-import org.xbill.DNS.Type;
-
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-
-public class DNSKeyPairWrapper extends DnsKeyPair implements DnsSecKeyPair {
- private long ttl;
- private Date inception;
- private Date effective;
- private Date expiration;
- private String name;
-
- public DNSKeyPairWrapper(final JsonNode keyPair, final long defaultTTL)
throws JsonUtilsException, IOException {
- this.inception = new Date(1000L * JsonUtils.getLong(keyPair,
"inceptionDate"));
- this.effective = new Date(1000L * JsonUtils.getLong(keyPair,
"effectiveDate"));
- this.expiration = new Date(1000L * JsonUtils.getLong(keyPair,
"expirationDate"));
- this.ttl = JsonUtils.optLong(keyPair, "ttl", defaultTTL);
- this.name = JsonUtils.getString(keyPair, "name").toLowerCase();
-
- final byte[] privateKey =
DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "private"));
- final byte[] publicKey =
DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "public"));
-
- try (InputStream in = new ByteArrayInputStream(publicKey)) {
- final Master master = new Master(in, new Name(name),
ttl);
- setPrivateKeyString(new String(privateKey));
-
- Record record;
- while ((record = master.nextRecord()) != null) {
- if (record.getType() == Type.DNSKEY) {
- setDNSKEYRecord((DNSKEYRecord) record);
- break;
- }
- }
- }
- }
-
- @Override
- public long getTTL() {
- return ttl;
- }
-
- @Override
- public void setTTL(final long ttl) {
- this.ttl = ttl;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public void setName(final String name) {
- this.name = name;
- }
-
- @Override
- public Date getInception() {
- return inception;
- }
-
- @Override
- public void setInception(final Date inception) {
- this.inception = inception;
- }
-
- @Override
- public Date getEffective() {
- return effective;
- }
-
- @Override
- public void setEffective(final Date effective) {
- this.effective = effective;
- }
-
- @Override
- public Date getExpiration() {
- return expiration;
- }
-
- @Override
- public void setExpiration(final Date expiration) {
- this.expiration = expiration;
- }
-
- @Override
- public boolean isKeySigningKey() {
- return ((getDNSKEYRecord().getFlags() &
DNSKEYRecord.Flags.SEP_KEY) != 0);
- }
-
- @Override
- public boolean isExpired() {
- return getExpiration().before(Calendar.getInstance().getTime());
- }
-
- @Override
- public boolean isUsable() {
- final Date now = Calendar.getInstance().getTime();
- return getEffective().before(now);
- }
-
- @Override
- public boolean isKeyCached(final long maxTTL) {
- return getExpiration().after(new
Date(System.currentTimeMillis() - (maxTTL * 1000)));
- }
-
- @Override
- public boolean isOlder(final DnsSecKeyPair other) {
- return getEffective().before(other.getEffective());
- }
-
- @Override
- public boolean isNewer(final DnsSecKeyPair other) {
- return getEffective().after(other.getEffective());
- }
-
- @Override
- @SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
- public boolean equals(final Object obj) {
- final DNSKeyPairWrapper okp = (DNSKeyPairWrapper) obj;
-
- if (!this.getDNSKEYRecord().equals(okp.getDNSKEYRecord())) {
- return false;
- } else if (!this.getPrivate().equals(okp.getPrivate())) {
- return false;
- } else if (!this.getPublic().equals(okp.getPublic())) {
- return false;
- } else if (!getEffective().equals(okp.getEffective())) {
- return false;
- } else if (!getExpiration().equals(okp.getExpiration())) {
- return false;
- } else if (!getInception().equals(okp.getInception())) {
- return false;
- } else if (!getName().equals(okp.getName())) {
- return false;
- } else if (getTTL() != okp.getTTL()) {
- return false;
- }
-
- return true;
- }
-
- @Override
- public String toString() {
- final StringBuilder sb = new StringBuilder();
- sb.append("name=").append(name)
- .append(" ttl=").append(getTTL())
- .append(" ksk=").append(isKeySigningKey())
- .append(" inception=\"");
- sb.append(getInception());
- sb.append("\" effective=\"");
- sb.append(getEffective());
- sb.append("\" expiration=\"");
- sb.append(getExpiration()).append('"');
-
- return sb.toString();
- }
-}
diff --git
a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
deleted file mode 100644
index cef5433..0000000
---
a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.core.dns;
-
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import com.verisignlabs.dnssec.security.SignUtils;
-import org.apache.log4j.Logger;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-
-public class JDnsSecSigner implements ZoneSigner {
- private static final Logger LOGGER =
Logger.getLogger(JDnsSecSigner.class);
- @Override
- public List<Record> signZone(final Name name, final List<Record>
records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
- final Date inception, final Date expiration, final boolean
fullySignKeySet, final int digestId) throws IOException,
GeneralSecurityException {
- LOGGER.info("Signing records, name for first record is " +
records.get(0).getName());
- final List<DnsKeyPair> kPairs = new ArrayList<>();
- final List<DnsKeyPair> zPairs = new ArrayList<>();
-
- for (final DnsSecKeyPair keyPair : kskPairs) {
- if (keyPair instanceof DnsKeyPair) {
- kPairs.add((DnsKeyPair) keyPair);
- } else {
- throw new IllegalArgumentException("kskPairs
contains non jdnssec object!");
- }
- }
-
- for (final DnsSecKeyPair keyPair : zskPairs) {
- if (keyPair instanceof DnsKeyPair) {
- zPairs.add((DnsKeyPair) keyPair);
- } else {
- throw new IllegalArgumentException("zskPairs
contains non jdnssec object!");
- }
- }
-
- final JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- return signer.signZone(name, records, kPairs, zPairs,
inception, expiration, fullySignKeySet, digestId);
- }
-
- @Override
- public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord,
final int digestId, final long ttl) {
- LOGGER.info("Calculating DS Records for " +
dnskeyRecord.getName());
- return SignUtils.calculateDSRecord(dnskeyRecord,
DSRecord.SHA256_DIGEST_ID, ttl);
- }
-}
diff --git
a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
deleted file mode 100644
index cace09c..0000000
---
a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
-
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import org.junit.Before;
-import org.junit.Test;
-import org.xbill.DNS.DClass;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-import org.xbill.DNS.Section;
-import sun.security.rsa.RSAPrivateCrtKeyImpl;
-
-import java.io.IOException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.List;
-
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.generateZoneRecords;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk1;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk2;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2;
-import static java.util.Base64.getEncoder;
-import static java.util.Base64.getMimeEncoder;
-import static java.util.stream.Collectors.toList;
-import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
-
-public class SigningTestDataGenerator {
- private Base64.Encoder encoder = getMimeEncoder(76, new byte[]{'\n'});
-
- byte[] encode(byte[] data) {
- return new
String(encoder.encode(getEncoder().encode(data))).replaceAll("\n",
"\\\\n").getBytes();
- }
-
- String encodeDnsKeyRecord(DNSKEYRecord dnskeyRecord) {
- return new String(getMimeEncoder(76, new
byte[]{'\n'}).encode(dnskeyRecord.toString().getBytes())).replaceAll("\n",
"\\\\n");
- }
-
- void dumpKeyPair(String varPrefix, KeyPair keyPair) throws IOException {
- dumpKey(String.format("%sPublic", varPrefix),
keyPair.getPublic());
- dumpKey(String.format("%sPrivate", varPrefix),
keyPair.getPrivate());
- }
-
- void dumpKey(String varName, Key key) throws IOException {
-
- byte[] base64Encoded;
- if (key instanceof RSAPrivateCrtKeyImpl) {
- String s = new
BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) key);
- base64Encoded = new
String(encoder.encode(s.getBytes())).replaceAll("\n", "\\\\n").getBytes();
- } else if (key instanceof RSAPublicKey) {
- base64Encoded = getEncoder().encode(new
Pkcs1Formatter().toBytes((RSAPublicKey) key));
- } else {
- base64Encoded = encode(encode(key.getEncoded()));
- }
-
- System.out.println(makeBase64StringVar(varName, new
String(base64Encoded)));
- }
-
- String makeBase64StringVar(String varName, String base64String) {
- int length = 100;
- int beginIndex = 0;
- int endIndex = length;
- StringBuilder stringBuilder = new StringBuilder("static String
" + varName + " =\n");
- while (beginIndex < base64String.length()) {
- if (endIndex > base64String.length()) {
- endIndex = base64String.length();
- }
- stringBuilder.append(String.format("\t\"%s\"",
base64String.substring(beginIndex, endIndex)));
- beginIndex = endIndex;
- if (beginIndex < base64String.length()) {
- stringBuilder.append(" +");
- }
- stringBuilder.append("\n");
- endIndex += length;
- }
- stringBuilder.append("\t;\n");
- return stringBuilder.toString();
- }
-
- @Before
- public void before() throws Exception {
- generateZoneRecords(true);
- Name origin = new Name("example.com.");
-
- dumpKeyPair("ksk1", ksk1);
- System.out.println();
-
- dumpKeyPair("ksk2", ksk2);
- System.out.println();
-
- dumpKeyPair("zsk1", zsk1);
- System.out.println();
-
- dumpKeyPair("zsk2", zsk2);
- System.out.println();
-
- JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- List<DnsKeyPair> kskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(keySigningKeyRecord, new
BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk1.getPrivate())),
- new DnsKeyPair(keySigningKeyRecord, new
BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk2.getPrivate()))
- ));
-
- List<DnsKeyPair> zskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(zoneSigningKeyRecord, new
BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk1.getPrivate())),
- new DnsKeyPair(zoneSigningKeyRecord, new
BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk2.getPrivate()))
- ));
-
- List<Record> signedRecords = signer.signZone(origin,
ZoneTestRecords.records, kskPairs, zskPairs,
- ZoneTestRecords.sep_1_2016, ZoneTestRecords.sep_1_2026,
true, SHA256_DIGEST_ID);
-
- ZoneTestRecords.records.forEach(rec -> {
- System.out.println("// " + rec);
- // Doesn't really matter that 'ANSWER' is totally
correct, just don't use question
- String base64String = new
String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("postZoneRecord%d",
signedRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName,
base64String));
- });
-
- signedRecords.forEach(rec -> {
- System.out.println("// " + rec);
- // Doesn't really matter that 'ANSWER' is totally
correct, just don't use question
- String base64String = new
String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("signedRecord%d",
signedRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName,
base64String));
- });
-
- List<DSRecord> dsRecords = kskPairs.stream()
- .map(pair -> new DSRecord(origin, DClass.IN, 1234000L,
SHA256_DIGEST_ID, pair.getDNSKEYRecord()))
- .collect(toList());
-
- dsRecords.forEach(rec -> {
- System.out.println("// " + rec);
- String base64String = new
String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("dsRecord%d",
dsRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName,
base64String));
- });
-
- System.out.println("// " + zoneSigningKeyRecord);
- System.out.println("// keytag " +
zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("zoneDnsKeyRecord",
encodeDnsKeyRecord(zoneSigningKeyRecord)));
-
- System.out.println("// " + keySigningKeyRecord);
- System.out.println("// keytag " +
zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("keyDnsKeyRecord",
encodeDnsKeyRecord(keySigningKeyRecord)));
- }
-
- @Test
- public void test() {
- System.out.println("ok");
- }
-}
diff --git
a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
deleted file mode 100644
index c1c3149..0000000
---
a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
-
-import com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection;
-import
com.comcast.cdn.traffic_control.traffic_router.core.dns.DNSKeyPairWrapper;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
-import
com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPairImpl;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.JDnsSecSigner;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSignerImpl;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import com.verisignlabs.dnssec.security.SignUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Record;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.stream.Stream;
-
-import static
com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection.equalTo;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.origin;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2016;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2026;
-import static
com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord;
-import static java.util.Arrays.asList;
-import static java.util.Base64.getMimeDecoder;
-import static java.util.stream.Collectors.toList;
-import static org.junit.Assert.assertThat;
-import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
-
-public class ZoneSignerTest {
-
- private DnsKeyPair kskPair1;
- private DnsKeyPair kskPair2;
- private DnsKeyPair zskPair1;
- private DnsKeyPair zskPair2;
- private JsonNode ksk1Json;
- private JsonNode ksk2Json;
- private JsonNode zsk1Json;
- private JsonNode zsk2Json;
- private final long dsTtl = 1234000L;
-
- private String decodePrivateKeyString(String encodedString) {
- return new
String(getMimeDecoder().decode(encodedString.getBytes()));
- }
- @Before
- public void before() throws Exception {
- ZoneTestRecords.generateZoneRecords(false);
- SigningData.recreateData();
-
- final ObjectMapper mapper = new ObjectMapper();
-
- kskPair1 = new DnsKeyPair(keySigningKeyRecord,
decodePrivateKeyString(SigningData.ksk1Private));
- kskPair2 = new DnsKeyPair(keySigningKeyRecord,
decodePrivateKeyString(SigningData.ksk2Private));
- zskPair1 = new DnsKeyPair(zoneSigningKeyRecord,
decodePrivateKeyString(SigningData.zsk1Private));
- zskPair2 = new DnsKeyPair(zoneSigningKeyRecord,
decodePrivateKeyString(SigningData.zsk2Private));
-
- // Data like we would fetch from traffic ops api for
dnsseckeys.json
- String s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 3600," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" +
SigningData.ksk1Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" +
SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- ksk1Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 3600," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" +
SigningData.ksk2Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" +
SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- ksk2Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 31556952," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" +
SigningData.zsk1Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" +
SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- zsk1Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 315569520," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" +
SigningData.zsk2Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" +
SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- zsk2Json = mapper.readTree(s);
- }
-
- @Test
- public void itCanReproduceResultsDirectlyFromJdnsSec() throws Exception
{
- List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1,
kskPair2));
- List<DnsKeyPair> zskPairs = new ArrayList<>(asList(zskPair1,
zskPair2));
-
- JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- final List<Record> signedRecords = signer.signZone(origin,
ZoneTestRecords.records,
- kskPairs, zskPairs, sep_1_2016, sep_1_2026, true,
SHA256_DIGEST_ID);
-
- assertThat(signedRecords, equalTo(SigningData.signedList));
- assertThat(ZoneTestRecords.records,
equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itReturnsSameResults() throws Exception {
- DNSKeyPairWrapper ksk1Wrapper = new DNSKeyPairWrapper(ksk1Json,
1234);
-
- assertThat(ksk1Wrapper.getDNSKEYRecord(),
equalTo(kskPair1.getDNSKEYRecord()));
-
- DNSKeyPairWrapper ksk2Wrapper = new DNSKeyPairWrapper(ksk2Json,
1234);
-
- assertThat(ksk2Wrapper.getDNSKEYRecord(),
equalTo(kskPair2.getDNSKEYRecord()));
-
- List<DnsSecKeyPair> kskWrapperPairs = new
ArrayList<>(asList(ksk1Wrapper, ksk2Wrapper));
-
- DNSKeyPairWrapper zsk1Wrapper = new DNSKeyPairWrapper(zsk1Json,
1234);
-
- assertThat(zsk1Wrapper.getDNSKEYRecord(),
equalTo(zskPair1.getDNSKEYRecord()));
-
- DNSKeyPairWrapper zsk2Wrapper = new DNSKeyPairWrapper(zsk2Json,
1234);
-
- assertThat(zsk2Wrapper.getDNSKEYRecord(),
equalTo(zskPair2.getDNSKEYRecord()));
-
- List<DnsSecKeyPair> zskWrapperPairs = new
ArrayList<>(asList(zsk1Wrapper, zsk2Wrapper));
-
- final List<Record> signedRecords2 = new
JDnsSecSigner().signZone(origin, ZoneTestRecords.records,
- kskWrapperPairs, zskWrapperPairs, sep_1_2016,
sep_1_2026, true, SHA256_DIGEST_ID);
-
- assertThat(signedRecords2, equalTo(SigningData.signedList));
- assertThat(ZoneTestRecords.records,
equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itReturnsTheSameResultsWithoutJDnsSec() throws Exception {
- DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
- DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
- DnsSecKeyPair zskPair1 = new DnsSecKeyPairImpl(zsk1Json, 1234);
- DnsSecKeyPair zskPair2 = new DnsSecKeyPairImpl(zsk2Json, 1234);
-
- List<DnsSecKeyPair> kskPairs = new ArrayList<>(asList(kskPair1,
kskPair2));
- List<DnsSecKeyPair> zskPairs = new ArrayList<>(asList(zskPair1,
zskPair2));
-
- final List<Record> signedRecords = new
ZoneSignerImpl().signZone(origin, ZoneTestRecords.records,
- kskPairs, zskPairs, sep_1_2016, sep_1_2026, true,
SHA256_DIGEST_ID);
-
- assertThat("Signed records not equal", signedRecords,
equalTo(SigningData.signedList));
- assertThat("Post Zone Records not equal",
ZoneTestRecords.records, equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itCanReproduceDSRecordsFromJdnsSec() throws Exception {
- List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1,
kskPair2));
- List<DSRecord> dsRecords = kskPairs.stream()
- .map(dnsKeyPair ->
SignUtils.calculateDSRecord(dnsKeyPair.getDNSKEYRecord(), SHA256_DIGEST_ID,
dsTtl))
- .collect(toList());
-
- assertThat(dsRecords,
IsEqualCollection.equalTo(SigningData.dsRecordList));
- }
-
- @Test
- public void itReturnsSameDSRecords() throws Exception {
- DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
- DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
-
- List<DSRecord> dsRecords = Stream.of(kskPair1, kskPair2)
- .map(dnsSecKeyPair -> new
ZoneSignerImpl().calculateDSRecord(kskPair1.getDNSKEYRecord(),
SHA256_DIGEST_ID, 54321L))
- .collect(toList());
- assertThat(dsRecords,
IsEqualCollection.equalTo(SigningData.dsRecordList));
- }
-}
diff --git a/traffic_router/pom.xml b/traffic_router/pom.xml
index 7c3ab10..d74afea 100644
--- a/traffic_router/pom.xml
+++ b/traffic_router/pom.xml
@@ -124,5 +124,17 @@
<module>neustar</module>
</modules>
</profile>
+ <profile>
+ <id>jdnssec</id>
+ <modules>
+ <module>jdnssec</module>
+ </modules>
+ <activation>
+ <property>
+ <name>useJdnssec</name>
+ <value>true</value>
+ </property>
+ </activation>
+ </profile>
</profiles>
</project>
--
To stop receiving notification emails like this one, please contact
els...@apache.org.
