This is an automated email from the ASF dual-hosted git repository. elsloo pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-trafficcontrol.git
commit de77c910495de54db109d7ff07298261072d0c75 Author: Jesse Rivas <jesse_ri...@comcast.com> AuthorDate: Tue Feb 20 14:52:25 2018 -0700 Refactored jdnssec code in traffic_router_core --- traffic_router/core/pom.xml | 7 + .../traffic_router/core/dns/DNSKeyPairWrapper.java | 190 ------------------- .../traffic_router/core/dns/JDnsSecSigner.java | 68 ------- .../core/dns/keys/SigningTestDataGenerator.java | 175 ------------------ .../core/dns/keys/ZoneSignerTest.java | 203 --------------------- traffic_router/pom.xml | 12 ++ 6 files changed, 19 insertions(+), 636 deletions(-) diff --git a/traffic_router/core/pom.xml b/traffic_router/core/pom.xml index bf98ff6..f238004 100644 --- a/traffic_router/core/pom.xml +++ b/traffic_router/core/pom.xml @@ -211,6 +211,13 @@ </execution> </executions> </plugin> + <plugin> + <artifactId>maven-war-plugin</artifactId> + <version>2.1.1</version> + <configuration> + <attachClasses>true</attachClasses> + </configuration> + </plugin> </plugins> </build> diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java deleted file mode 100644 index c393b88..0000000 --- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java +++ /dev/null @@ -1,190 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.comcast.cdn.traffic_control.traffic_router.core.dns; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Calendar; -import java.util.Date; - -import javax.xml.bind.DatatypeConverter; - -import com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtils; -import com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtilsException; -import com.fasterxml.jackson.databind.JsonNode; -import org.xbill.DNS.DNSKEYRecord; -import org.xbill.DNS.Master; -import org.xbill.DNS.Name; -import org.xbill.DNS.Record; -import org.xbill.DNS.Type; - -import com.verisignlabs.dnssec.security.DnsKeyPair; - -public class DNSKeyPairWrapper extends DnsKeyPair implements DnsSecKeyPair { - private long ttl; - private Date inception; - private Date effective; - private Date expiration; - private String name; - - public DNSKeyPairWrapper(final JsonNode keyPair, final long defaultTTL) throws JsonUtilsException, IOException { - this.inception = new Date(1000L * JsonUtils.getLong(keyPair, "inceptionDate")); - this.effective = new Date(1000L * JsonUtils.getLong(keyPair, "effectiveDate")); - this.expiration = new Date(1000L * JsonUtils.getLong(keyPair, "expirationDate")); - this.ttl = JsonUtils.optLong(keyPair, "ttl", defaultTTL); - this.name = JsonUtils.getString(keyPair, "name").toLowerCase(); - - final byte[] privateKey = DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "private")); - final byte[] publicKey = DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "public")); - - try (InputStream in = new ByteArrayInputStream(publicKey)) { - final Master master = new Master(in, new Name(name), ttl); - setPrivateKeyString(new String(privateKey)); - - Record record; - while ((record = master.nextRecord()) != null) { - if (record.getType() == Type.DNSKEY) { - setDNSKEYRecord((DNSKEYRecord) record); - break; - } - } - } - } - - @Override - public long getTTL() { - return ttl; - } - - @Override - public void setTTL(final long ttl) { - this.ttl = ttl; - } - - @Override - public String getName() { - return name; - } - - @Override - public void setName(final String name) { - this.name = name; - } - - @Override - public Date getInception() { - return inception; - } - - @Override - public void setInception(final Date inception) { - this.inception = inception; - } - - @Override - public Date getEffective() { - return effective; - } - - @Override - public void setEffective(final Date effective) { - this.effective = effective; - } - - @Override - public Date getExpiration() { - return expiration; - } - - @Override - public void setExpiration(final Date expiration) { - this.expiration = expiration; - } - - @Override - public boolean isKeySigningKey() { - return ((getDNSKEYRecord().getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0); - } - - @Override - public boolean isExpired() { - return getExpiration().before(Calendar.getInstance().getTime()); - } - - @Override - public boolean isUsable() { - final Date now = Calendar.getInstance().getTime(); - return getEffective().before(now); - } - - @Override - public boolean isKeyCached(final long maxTTL) { - return getExpiration().after(new Date(System.currentTimeMillis() - (maxTTL * 1000))); - } - - @Override - public boolean isOlder(final DnsSecKeyPair other) { - return getEffective().before(other.getEffective()); - } - - @Override - public boolean isNewer(final DnsSecKeyPair other) { - return getEffective().after(other.getEffective()); - } - - @Override - @SuppressWarnings("PMD.OverrideBothEqualsAndHashcode") - public boolean equals(final Object obj) { - final DNSKeyPairWrapper okp = (DNSKeyPairWrapper) obj; - - if (!this.getDNSKEYRecord().equals(okp.getDNSKEYRecord())) { - return false; - } else if (!this.getPrivate().equals(okp.getPrivate())) { - return false; - } else if (!this.getPublic().equals(okp.getPublic())) { - return false; - } else if (!getEffective().equals(okp.getEffective())) { - return false; - } else if (!getExpiration().equals(okp.getExpiration())) { - return false; - } else if (!getInception().equals(okp.getInception())) { - return false; - } else if (!getName().equals(okp.getName())) { - return false; - } else if (getTTL() != okp.getTTL()) { - return false; - } - - return true; - } - - @Override - public String toString() { - final StringBuilder sb = new StringBuilder(); - sb.append("name=").append(name) - .append(" ttl=").append(getTTL()) - .append(" ksk=").append(isKeySigningKey()) - .append(" inception=\""); - sb.append(getInception()); - sb.append("\" effective=\""); - sb.append(getEffective()); - sb.append("\" expiration=\""); - sb.append(getExpiration()).append('"'); - - return sb.toString(); - } -} diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java deleted file mode 100644 index cef5433..0000000 --- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java +++ /dev/null @@ -1,68 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.comcast.cdn.traffic_control.traffic_router.core.dns; - -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import com.verisignlabs.dnssec.security.SignUtils; -import org.apache.log4j.Logger; -import org.xbill.DNS.DNSKEYRecord; -import org.xbill.DNS.DSRecord; -import org.xbill.DNS.Name; -import org.xbill.DNS.Record; - -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.util.ArrayList; -import java.util.Date; -import java.util.List; - -public class JDnsSecSigner implements ZoneSigner { - private static final Logger LOGGER = Logger.getLogger(JDnsSecSigner.class); - @Override - public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs, - final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException { - LOGGER.info("Signing records, name for first record is " + records.get(0).getName()); - final List<DnsKeyPair> kPairs = new ArrayList<>(); - final List<DnsKeyPair> zPairs = new ArrayList<>(); - - for (final DnsSecKeyPair keyPair : kskPairs) { - if (keyPair instanceof DnsKeyPair) { - kPairs.add((DnsKeyPair) keyPair); - } else { - throw new IllegalArgumentException("kskPairs contains non jdnssec object!"); - } - } - - for (final DnsSecKeyPair keyPair : zskPairs) { - if (keyPair instanceof DnsKeyPair) { - zPairs.add((DnsKeyPair) keyPair); - } else { - throw new IllegalArgumentException("zskPairs contains non jdnssec object!"); - } - } - - final JCEDnsSecSigner signer = new JCEDnsSecSigner(false); - - return signer.signZone(name, records, kPairs, zPairs, inception, expiration, fullySignKeySet, digestId); - } - - @Override - public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) { - LOGGER.info("Calculating DS Records for " + dnskeyRecord.getName()); - return SignUtils.calculateDSRecord(dnskeyRecord, DSRecord.SHA256_DIGEST_ID, ttl); - } -} diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java deleted file mode 100644 index cace09c..0000000 --- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java +++ /dev/null @@ -1,175 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys; - -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import org.junit.Before; -import org.junit.Test; -import org.xbill.DNS.DClass; -import org.xbill.DNS.DNSKEYRecord; -import org.xbill.DNS.DSRecord; -import org.xbill.DNS.Name; -import org.xbill.DNS.Record; -import org.xbill.DNS.Section; -import sun.security.rsa.RSAPrivateCrtKeyImpl; - -import java.io.IOException; -import java.security.Key; -import java.security.KeyPair; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Base64; -import java.util.List; - -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.generateZoneRecords; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk1; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk2; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2; -import static java.util.Base64.getEncoder; -import static java.util.Base64.getMimeEncoder; -import static java.util.stream.Collectors.toList; -import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID; - -public class SigningTestDataGenerator { - private Base64.Encoder encoder = getMimeEncoder(76, new byte[]{'\n'}); - - byte[] encode(byte[] data) { - return new String(encoder.encode(getEncoder().encode(data))).replaceAll("\n", "\\\\n").getBytes(); - } - - String encodeDnsKeyRecord(DNSKEYRecord dnskeyRecord) { - return new String(getMimeEncoder(76, new byte[]{'\n'}).encode(dnskeyRecord.toString().getBytes())).replaceAll("\n", "\\\\n"); - } - - void dumpKeyPair(String varPrefix, KeyPair keyPair) throws IOException { - dumpKey(String.format("%sPublic", varPrefix), keyPair.getPublic()); - dumpKey(String.format("%sPrivate", varPrefix), keyPair.getPrivate()); - } - - void dumpKey(String varName, Key key) throws IOException { - - byte[] base64Encoded; - if (key instanceof RSAPrivateCrtKeyImpl) { - String s = new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) key); - base64Encoded = new String(encoder.encode(s.getBytes())).replaceAll("\n", "\\\\n").getBytes(); - } else if (key instanceof RSAPublicKey) { - base64Encoded = getEncoder().encode(new Pkcs1Formatter().toBytes((RSAPublicKey) key)); - } else { - base64Encoded = encode(encode(key.getEncoded())); - } - - System.out.println(makeBase64StringVar(varName, new String(base64Encoded))); - } - - String makeBase64StringVar(String varName, String base64String) { - int length = 100; - int beginIndex = 0; - int endIndex = length; - StringBuilder stringBuilder = new StringBuilder("static String " + varName + " =\n"); - while (beginIndex < base64String.length()) { - if (endIndex > base64String.length()) { - endIndex = base64String.length(); - } - stringBuilder.append(String.format("\t\"%s\"", base64String.substring(beginIndex, endIndex))); - beginIndex = endIndex; - if (beginIndex < base64String.length()) { - stringBuilder.append(" +"); - } - stringBuilder.append("\n"); - endIndex += length; - } - stringBuilder.append("\t;\n"); - return stringBuilder.toString(); - } - - @Before - public void before() throws Exception { - generateZoneRecords(true); - Name origin = new Name("example.com."); - - dumpKeyPair("ksk1", ksk1); - System.out.println(); - - dumpKeyPair("ksk2", ksk2); - System.out.println(); - - dumpKeyPair("zsk1", zsk1); - System.out.println(); - - dumpKeyPair("zsk2", zsk2); - System.out.println(); - - JCEDnsSecSigner signer = new JCEDnsSecSigner(false); - - List<DnsKeyPair> kskPairs = new ArrayList<>(Arrays.asList( - new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk1.getPrivate())), - new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk2.getPrivate())) - )); - - List<DnsKeyPair> zskPairs = new ArrayList<>(Arrays.asList( - new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk1.getPrivate())), - new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk2.getPrivate())) - )); - - List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records, kskPairs, zskPairs, - ZoneTestRecords.sep_1_2016, ZoneTestRecords.sep_1_2026, true, SHA256_DIGEST_ID); - - ZoneTestRecords.records.forEach(rec -> { - System.out.println("// " + rec); - // Doesn't really matter that 'ANSWER' is totally correct, just don't use question - String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER))); - String varName = String.format("postZoneRecord%d", signedRecords.indexOf(rec)); - System.out.println(makeBase64StringVar(varName, base64String)); - }); - - signedRecords.forEach(rec -> { - System.out.println("// " + rec); - // Doesn't really matter that 'ANSWER' is totally correct, just don't use question - String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER))); - String varName = String.format("signedRecord%d", signedRecords.indexOf(rec)); - System.out.println(makeBase64StringVar(varName, base64String)); - }); - - List<DSRecord> dsRecords = kskPairs.stream() - .map(pair -> new DSRecord(origin, DClass.IN, 1234000L, SHA256_DIGEST_ID, pair.getDNSKEYRecord())) - .collect(toList()); - - dsRecords.forEach(rec -> { - System.out.println("// " + rec); - String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER))); - String varName = String.format("dsRecord%d", dsRecords.indexOf(rec)); - System.out.println(makeBase64StringVar(varName, base64String)); - }); - - System.out.println("// " + zoneSigningKeyRecord); - System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint()); - System.out.println(makeBase64StringVar("zoneDnsKeyRecord", encodeDnsKeyRecord(zoneSigningKeyRecord))); - - System.out.println("// " + keySigningKeyRecord); - System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint()); - System.out.println(makeBase64StringVar("keyDnsKeyRecord", encodeDnsKeyRecord(keySigningKeyRecord))); - } - - @Test - public void test() { - System.out.println("ok"); - } -} diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java deleted file mode 100644 index c1c3149..0000000 --- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java +++ /dev/null @@ -1,203 +0,0 @@ -/* - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys; - -import com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection; -import com.comcast.cdn.traffic_control.traffic_router.core.dns.DNSKeyPairWrapper; -import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair; -import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPairImpl; -import com.comcast.cdn.traffic_control.traffic_router.core.dns.JDnsSecSigner; -import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSignerImpl; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.verisignlabs.dnssec.security.DnsKeyPair; -import com.verisignlabs.dnssec.security.JCEDnsSecSigner; -import com.verisignlabs.dnssec.security.SignUtils; -import org.junit.Before; -import org.junit.Test; -import org.xbill.DNS.DSRecord; -import org.xbill.DNS.Record; - -import java.util.ArrayList; -import java.util.List; -import java.util.stream.Stream; - -import static com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection.equalTo; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.origin; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2016; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2026; -import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord; -import static java.util.Arrays.asList; -import static java.util.Base64.getMimeDecoder; -import static java.util.stream.Collectors.toList; -import static org.junit.Assert.assertThat; -import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID; - -public class ZoneSignerTest { - - private DnsKeyPair kskPair1; - private DnsKeyPair kskPair2; - private DnsKeyPair zskPair1; - private DnsKeyPair zskPair2; - private JsonNode ksk1Json; - private JsonNode ksk2Json; - private JsonNode zsk1Json; - private JsonNode zsk2Json; - private final long dsTtl = 1234000L; - - private String decodePrivateKeyString(String encodedString) { - return new String(getMimeDecoder().decode(encodedString.getBytes())); - } - @Before - public void before() throws Exception { - ZoneTestRecords.generateZoneRecords(false); - SigningData.recreateData(); - - final ObjectMapper mapper = new ObjectMapper(); - - kskPair1 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk1Private)); - kskPair2 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk2Private)); - zskPair1 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk1Private)); - zskPair2 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk2Private)); - - // Data like we would fetch from traffic ops api for dnsseckeys.json - String s = "{" + - "\n\t\"inceptionDate\":1475280000," + - "\n\t\"effectiveDate\": 1475280000," + - "\n\t\"expirationDate\": 1790812800," + - "\n\t\"ttl\": 3600," + - "\n\t\"name\":\"example.com.\"," + - "\n\t\"private\": \"" + SigningData.ksk1Private.replaceAll("\n", "\\\\n") + "\"," + - "\n\t\"public\": \"" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" + - "\n}"; - ksk1Json = mapper.readTree(s); - - s = "{" + - "\n\t\"inceptionDate\":1475280000," + - "\n\t\"effectiveDate\": 1475280000," + - "\n\t\"expirationDate\": 1790812800," + - "\n\t\"ttl\": 3600," + - "\n\t\"name\":\"example.com.\"," + - "\n\t\"private\": \"" + SigningData.ksk2Private.replaceAll("\n", "\\\\n") + "\"," + - "\n\t\"public\": \"" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" + - "\n}"; - ksk2Json = mapper.readTree(s); - - s = "{" + - "\n\t\"inceptionDate\":1475280000," + - "\n\t\"effectiveDate\": 1475280000," + - "\n\t\"expirationDate\": 1790812800," + - "\n\t\"ttl\": 31556952," + - "\n\t\"name\":\"example.com.\"," + - "\n\t\"private\": \"" + SigningData.zsk1Private.replaceAll("\n", "\\\\n") + "\"," + - "\n\t\"public\": \"" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" + - "\n}"; - zsk1Json = mapper.readTree(s); - - s = "{" + - "\n\t\"inceptionDate\":1475280000," + - "\n\t\"effectiveDate\": 1475280000," + - "\n\t\"expirationDate\": 1790812800," + - "\n\t\"ttl\": 315569520," + - "\n\t\"name\":\"example.com.\"," + - "\n\t\"private\": \"" + SigningData.zsk2Private.replaceAll("\n", "\\\\n") + "\"," + - "\n\t\"public\": \"" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" + - "\n}"; - zsk2Json = mapper.readTree(s); - } - - @Test - public void itCanReproduceResultsDirectlyFromJdnsSec() throws Exception { - List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2)); - List<DnsKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2)); - - JCEDnsSecSigner signer = new JCEDnsSecSigner(false); - - final List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records, - kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID); - - assertThat(signedRecords, equalTo(SigningData.signedList)); - assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList)); - } - - @Test - public void itReturnsSameResults() throws Exception { - DNSKeyPairWrapper ksk1Wrapper = new DNSKeyPairWrapper(ksk1Json, 1234); - - assertThat(ksk1Wrapper.getDNSKEYRecord(), equalTo(kskPair1.getDNSKEYRecord())); - - DNSKeyPairWrapper ksk2Wrapper = new DNSKeyPairWrapper(ksk2Json, 1234); - - assertThat(ksk2Wrapper.getDNSKEYRecord(), equalTo(kskPair2.getDNSKEYRecord())); - - List<DnsSecKeyPair> kskWrapperPairs = new ArrayList<>(asList(ksk1Wrapper, ksk2Wrapper)); - - DNSKeyPairWrapper zsk1Wrapper = new DNSKeyPairWrapper(zsk1Json, 1234); - - assertThat(zsk1Wrapper.getDNSKEYRecord(), equalTo(zskPair1.getDNSKEYRecord())); - - DNSKeyPairWrapper zsk2Wrapper = new DNSKeyPairWrapper(zsk2Json, 1234); - - assertThat(zsk2Wrapper.getDNSKEYRecord(), equalTo(zskPair2.getDNSKEYRecord())); - - List<DnsSecKeyPair> zskWrapperPairs = new ArrayList<>(asList(zsk1Wrapper, zsk2Wrapper)); - - final List<Record> signedRecords2 = new JDnsSecSigner().signZone(origin, ZoneTestRecords.records, - kskWrapperPairs, zskWrapperPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID); - - assertThat(signedRecords2, equalTo(SigningData.signedList)); - assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList)); - } - - @Test - public void itReturnsTheSameResultsWithoutJDnsSec() throws Exception { - DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234); - DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234); - DnsSecKeyPair zskPair1 = new DnsSecKeyPairImpl(zsk1Json, 1234); - DnsSecKeyPair zskPair2 = new DnsSecKeyPairImpl(zsk2Json, 1234); - - List<DnsSecKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2)); - List<DnsSecKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2)); - - final List<Record> signedRecords = new ZoneSignerImpl().signZone(origin, ZoneTestRecords.records, - kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID); - - assertThat("Signed records not equal", signedRecords, equalTo(SigningData.signedList)); - assertThat("Post Zone Records not equal", ZoneTestRecords.records, equalTo(SigningData.postZoneList)); - } - - @Test - public void itCanReproduceDSRecordsFromJdnsSec() throws Exception { - List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2)); - List<DSRecord> dsRecords = kskPairs.stream() - .map(dnsKeyPair -> SignUtils.calculateDSRecord(dnsKeyPair.getDNSKEYRecord(), SHA256_DIGEST_ID, dsTtl)) - .collect(toList()); - - assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList)); - } - - @Test - public void itReturnsSameDSRecords() throws Exception { - DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234); - DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234); - - List<DSRecord> dsRecords = Stream.of(kskPair1, kskPair2) - .map(dnsSecKeyPair -> new ZoneSignerImpl().calculateDSRecord(kskPair1.getDNSKEYRecord(), SHA256_DIGEST_ID, 54321L)) - .collect(toList()); - assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList)); - } -} diff --git a/traffic_router/pom.xml b/traffic_router/pom.xml index 7c3ab10..d74afea 100644 --- a/traffic_router/pom.xml +++ b/traffic_router/pom.xml @@ -124,5 +124,17 @@ <module>neustar</module> </modules> </profile> + <profile> + <id>jdnssec</id> + <modules> + <module>jdnssec</module> + </modules> + <activation> + <property> + <name>useJdnssec</name> + <value>true</value> + </property> + </activation> + </profile> </profiles> </project> -- To stop receiving notification emails like this one, please contact els...@apache.org.