public class TSIG
extends java.lang.Object
TSIGRecord
Modifier and Type | Class and Description |
---|---|
static class |
TSIG.StreamVerifier |
Modifier and Type | Field and Description |
---|---|
private Name |
alg |
private static java.util.Map<Name,java.lang.String> |
algMap |
private java.time.Clock |
clock |
static java.time.Duration |
FUDGE
The default fudge value for outgoing packets.
|
static Name |
GSS_TSIG
The domain name representing the gss-tsig algorithm.
|
static Name |
HMAC
Deprecated.
use
HMAC_MD5 |
static Name |
HMAC_MD5
The domain name representing the HMAC-MD5 algorithm.
|
static Name |
HMAC_SHA1
The domain name representing the HMAC-SHA1 algorithm.
|
static Name |
HMAC_SHA224
The domain name representing the HMAC-SHA224 algorithm.
|
static Name |
HMAC_SHA256
The domain name representing the HMAC-SHA256 algorithm.
|
static Name |
HMAC_SHA384
The domain name representing the HMAC-SHA384 algorithm.
|
static Name |
HMAC_SHA512
The domain name representing the HMAC-SHA512 algorithm.
|
private java.lang.String |
macAlgorithm |
private javax.crypto.SecretKey |
macKey |
private Name |
name |
private javax.crypto.Mac |
sharedHmac |
Constructor and Description |
---|
TSIG(javax.crypto.Mac mac,
Name name)
Deprecated.
Use one of the constructors that specifies an algorithm and key.
|
TSIG(Name name,
byte[] key)
Deprecated.
Use
TSIG(Name, Name, SecretKey) to explicitly specify an algorithm. |
TSIG(Name algorithm,
Name name,
byte[] keyBytes)
Creates a new TSIG key, which can be used to sign or verify a message.
|
TSIG(Name algorithm,
Name name,
javax.crypto.SecretKey key)
Creates a new TSIG key, which can be used to sign or verify a message.
|
TSIG(Name algorithm,
Name name,
javax.crypto.SecretKey key,
java.time.Clock clock)
Creates a new TSIG key, which can be used to sign or verify a message.
|
TSIG(Name algorithm,
Name name,
java.lang.String key)
Creates a new TSIG object, which can be used to sign or verify a message.
|
TSIG(Name algorithm,
java.lang.String name,
java.lang.String key)
Creates a new TSIG object, which can be used to sign or verify a message.
|
TSIG(java.lang.String name,
java.lang.String key)
Deprecated.
Use
TSIG(Name, String, String) to explicitly specify an algorithm. |
TSIG(java.lang.String algorithm,
java.lang.String name,
java.lang.String key)
Creates a new TSIG object, which can be used to sign or verify a message.
|
Modifier and Type | Method and Description |
---|---|
static Name |
algorithmToName(java.lang.String alg)
Convert an algorithm String to its equivalent Name.
|
void |
apply(Message m,
int error,
TSIGRecord old)
Generates a TSIG record with a specific error for a message and adds it to the message.
|
void |
apply(Message m,
int error,
TSIGRecord old,
boolean fullSignature)
Generates a TSIG record with a specific error for a message and adds it to the message.
|
void |
apply(Message m,
TSIGRecord old)
Generates a TSIG record for a message and adds it to the message
|
void |
apply(Message m,
TSIGRecord old,
boolean fullSignature)
Generates a TSIG record with a specific error for a message and adds it to the message.
|
void |
applyStream(Message m,
TSIGRecord old,
boolean fullSignature)
Deprecated.
|
static TSIG |
fromString(java.lang.String str)
Deprecated.
Use an explicit constructor
|
TSIGRecord |
generate(Message m,
byte[] b,
int error,
TSIGRecord old)
Generates a TSIG record with a specific error for a message that has been rendered.
|
TSIGRecord |
generate(Message m,
byte[] b,
int error,
TSIGRecord old,
boolean fullSignature)
Generates a TSIG record with a specific error for a message that has been rendered.
|
private static void |
hmacAddSignature(javax.crypto.Mac hmac,
TSIGRecord tsig) |
private javax.crypto.Mac |
initHmac() |
static java.lang.String |
nameToAlgorithm(Name name)
Deprecated.
Returns java algorithm name, will be made private in 4.0
|
int |
recordLength()
Returns the maximum length of a TSIG record generated by this key.
|
private static boolean |
verify(byte[] expected,
byte[] signature)
Verifies the data (computes the secure hash and compares it to the input)
|
byte |
verify(Message m,
byte[] b,
int length,
TSIGRecord old)
Deprecated.
|
int |
verify(Message m,
byte[] messageBytes,
TSIGRecord requestTSIG)
Verifies a TSIG record on an incoming message.
|
int |
verify(Message m,
byte[] messageBytes,
TSIGRecord requestTSIG,
boolean fullSignature)
Verifies a TSIG record on an incoming message.
|
private static void |
writeTsigTime(java.time.Instant instant,
DNSOutput out) |
private static void |
writeTsigTimersVariables(java.time.Instant instant,
java.time.Duration fudge,
DNSOutput out) |
public static final Name GSS_TSIG
public static final Name HMAC_MD5
@Deprecated public static final Name HMAC
HMAC_MD5
public static final Name HMAC_SHA1
public static final Name HMAC_SHA224
public static final Name HMAC_SHA256
public static final Name HMAC_SHA384
public static final Name HMAC_SHA512
private static final java.util.Map<Name,java.lang.String> algMap
public static final java.time.Duration FUDGE
private final Name alg
private final java.time.Clock clock
private final Name name
private final javax.crypto.SecretKey macKey
private final java.lang.String macAlgorithm
private final javax.crypto.Mac sharedHmac
public TSIG(Name algorithm, Name name, java.lang.String key)
name
- The name of the shared key.key
- The shared key's data represented as a base64 encoded string.java.lang.IllegalArgumentException
- The key name is an invalid namejava.lang.IllegalArgumentException
- The key data is improperly encodedjava.lang.NullPointerException
- key is nullpublic TSIG(Name algorithm, Name name, byte[] keyBytes)
algorithm
- The algorithm of the shared key.name
- The name of the shared key.keyBytes
- The shared key's data.public TSIG(Name algorithm, Name name, javax.crypto.SecretKey key)
algorithm
- The algorithm of the shared key.name
- The name of the shared key.key
- The shared key.public TSIG(Name algorithm, Name name, javax.crypto.SecretKey key, java.time.Clock clock)
algorithm
- The algorithm of the shared key.name
- The name of the shared key.key
- The shared key.@Deprecated public TSIG(javax.crypto.Mac mac, Name name)
mac
- The JCE HMAC objectname
- The name of the key@Deprecated public TSIG(Name name, byte[] key)
TSIG(Name, Name, SecretKey)
to explicitly specify an algorithm.HMAC_MD5
algorithm, which can be used to sign or
verify a message.name
- The name of the shared key.key
- The shared key's data.public TSIG(Name algorithm, java.lang.String name, java.lang.String key)
name
- The name of the shared key.key
- The shared key's data represented as a base64 encoded string.java.lang.IllegalArgumentException
- The key name is an invalid namejava.lang.IllegalArgumentException
- The key data is improperly encodedpublic TSIG(java.lang.String algorithm, java.lang.String name, java.lang.String key)
algorithm
- The RFC8945 algorithm name of the shared key. The legal values are:
name
- The name of the shared key.key
- The shared key's data represented as a base64 encoded string.java.lang.IllegalArgumentException
- The key name is an invalid namejava.lang.IllegalArgumentException
- The key data is improperly encoded@Deprecated public TSIG(java.lang.String name, java.lang.String key)
TSIG(Name, String, String)
to explicitly specify an algorithm.HMAC_MD5
algorithm, which can be used to sign or
verify a message.name
- The name of the shared keykey
- The shared key's data, represented as a base64 encoded string.java.lang.IllegalArgumentException
- The key name is an invalid namejava.lang.IllegalArgumentException
- The key data is improperly encodedpublic static Name algorithmToName(java.lang.String alg)
alg
- String containing name of algorithm.java.lang.IllegalArgumentException
- The algorithm is null or invalid.@Deprecated public static java.lang.String nameToAlgorithm(Name name)
name
- Name objectprivate static boolean verify(byte[] expected, byte[] signature)
expected
- The expected (locally calculated) signaturesignature
- The signature to compare againstprivate javax.crypto.Mac initHmac()
@Deprecated public static TSIG fromString(java.lang.String str)
str
- The TSIG key, in the form name:secret, name/secret, alg:name:secret, or
alg/name/secret. If no algorithm is specified, the default of HMAC_MD5
is used.java.lang.IllegalArgumentException
- The string does not contain both a name and secret.java.lang.IllegalArgumentException
- The key name is an invalid namejava.lang.IllegalArgumentException
- The key data is improperly encodedpublic TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old)
m
- The messageb
- The rendered messageerror
- The errorold
- If this message is a response, the TSIG from the requestpublic TSIGRecord generate(Message m, byte[] b, int error, TSIGRecord old, boolean fullSignature)
m
- The messageb
- The rendered messageerror
- The errorold
- If this message is a response, the TSIG from the requestfullSignature
- true
if this TSIGRecord
is the to be added to the first of
many messages in a TCP connection and all TSIG variables (rfc2845, 3.4.2.) should be
included in the signature. false
for subsequent messages with reduced TSIG
variables set (rfc2845, 4.4.).public void apply(Message m, TSIGRecord old)
m
- The messageold
- If this message is a response, the TSIG from the requestpublic void apply(Message m, int error, TSIGRecord old)
m
- The messageerror
- The errorold
- If this message is a response, the TSIG from the requestpublic void apply(Message m, TSIGRecord old, boolean fullSignature)
m
- The messageold
- If this message is a response, the TSIG from the requestfullSignature
- true
if this message is the first of many in a TCP connection and
all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. false
for
subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).public void apply(Message m, int error, TSIGRecord old, boolean fullSignature)
m
- The messageerror
- The errorold
- If this message is a response, the TSIG from the requestfullSignature
- true
if this message is the first of many in a TCP connection and
all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. false
for
subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).@Deprecated public void applyStream(Message m, TSIGRecord old, boolean fullSignature)
apply(Message, TSIGRecord, boolean)
m
- The messageold
- If this message is a response, the TSIG from the requestfullSignature
- true
if this message is the first of many in a TCP connection and
all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. false
for
subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).@Deprecated public byte verify(Message m, byte[] b, int length, TSIGRecord old)
verify(Message, byte[], TSIGRecord)
m
- The messageb
- An array containing the message in unparsed form. This is necessary since TSIG signs
the message in wire format, and we can't recreate the exact wire format (with the same name
compression).length
- unusedold
- If this message is a response, the TSIG from the requestRcode
public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG)
m
- The message to verifymessageBytes
- An array containing the message in unparsed form. This is necessary since
TSIG signs the message in wire format, and we can't recreate the exact wire format (with
the same name compression).requestTSIG
- If this message is a response, the TSIG from the requestRcode
public int verify(Message m, byte[] messageBytes, TSIGRecord requestTSIG, boolean fullSignature)
m
- The message to verifymessageBytes
- An array containing the message in unparsed form. This is necessary since
TSIG signs the message in wire format, and we can't recreate the exact wire format (with
the same name compression).requestTSIG
- If this message is a response, the TSIG from the requestfullSignature
- true
if this message is the first of many in a TCP connection and
all TSIG variables (rfc2845, 3.4.2.) should be included in the signature. false
for
subsequent messages with reduced TSIG variables set (rfc2845, 4.4.).Rcode
public int recordLength()
TSIGRecord
private static void hmacAddSignature(javax.crypto.Mac hmac, TSIGRecord tsig)
private static void writeTsigTimersVariables(java.time.Instant instant, java.time.Duration fudge, DNSOutput out)
private static void writeTsigTime(java.time.Instant instant, DNSOutput out)