001/*
002 * Copyright 2015-2020 the original author or authors
003 *
004 * This software is licensed under the Apache License, Version 2.0,
005 * the GNU Lesser General Public License version 2 or later ("LGPL")
006 * and the WTFPL.
007 * You may choose either license to govern your use of this software only
008 * upon the condition that you accept all of the terms of either
009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL.
010 */
011package org.minidns.dnssec.algorithms;
012
013import org.minidns.constants.DnssecConstants.DigestAlgorithm;
014import org.minidns.constants.DnssecConstants.SignatureAlgorithm;
015import org.minidns.dnssec.DnssecValidatorInitializationException;
016import org.minidns.dnssec.DigestCalculator;
017import org.minidns.dnssec.SignatureVerifier;
018import org.minidns.record.NSEC3.HashAlgorithm;
019
020import java.security.NoSuchAlgorithmException;
021import java.util.HashMap;
022import java.util.Map;
023import java.util.logging.Level;
024import java.util.logging.Logger;
025
026public final class AlgorithmMap {
027    private Logger LOGGER = Logger.getLogger(AlgorithmMap.class.getName());
028
029    public static final AlgorithmMap INSTANCE = new AlgorithmMap();
030
031    private final Map<DigestAlgorithm, DigestCalculator> dsDigestMap = new HashMap<>();
032    private final Map<SignatureAlgorithm, SignatureVerifier> signatureMap = new HashMap<>();
033    private final Map<HashAlgorithm, DigestCalculator> nsecDigestMap = new HashMap<>();
034
035    @SuppressWarnings("deprecation")
036    private AlgorithmMap() {
037        try {
038            dsDigestMap.put(DigestAlgorithm.SHA1, new JavaSecDigestCalculator("SHA-1"));
039            nsecDigestMap.put(HashAlgorithm.SHA1, new JavaSecDigestCalculator("SHA-1"));
040        } catch (NoSuchAlgorithmException e) {
041            // SHA-1 is MANDATORY
042            throw new DnssecValidatorInitializationException("SHA-1 is mandatory", e);
043        }
044        try {
045            dsDigestMap.put(DigestAlgorithm.SHA256, new JavaSecDigestCalculator("SHA-256"));
046        } catch (NoSuchAlgorithmException e) {
047            // SHA-256 is MANDATORY
048            throw new DnssecValidatorInitializationException("SHA-256 is mandatory", e);
049        }
050
051        try {
052            signatureMap.put(SignatureAlgorithm.RSAMD5, new RsaSignatureVerifier("MD5withRSA"));
053        } catch (NoSuchAlgorithmException e) {
054            // RSA/MD5 is DEPRECATED
055            LOGGER.log(Level.FINER, "Platform does not support RSA/MD5", e);
056        }
057        try {
058            DsaSignatureVerifier sha1withDSA = new DsaSignatureVerifier("SHA1withDSA");
059            signatureMap.put(SignatureAlgorithm.DSA, sha1withDSA);
060            signatureMap.put(SignatureAlgorithm.DSA_NSEC3_SHA1, sha1withDSA);
061        } catch (NoSuchAlgorithmException e) {
062            // DSA/SHA-1 is OPTIONAL
063            LOGGER.log(Level.FINE, "Platform does not support DSA/SHA-1", e);
064        }
065        try {
066            RsaSignatureVerifier sha1withRSA = new RsaSignatureVerifier("SHA1withRSA");
067            signatureMap.put(SignatureAlgorithm.RSASHA1, sha1withRSA);
068            signatureMap.put(SignatureAlgorithm.RSASHA1_NSEC3_SHA1, sha1withRSA);
069        } catch (NoSuchAlgorithmException e) {
070            throw new DnssecValidatorInitializationException("Platform does not support RSA/SHA-1", e);
071        }
072        try {
073            signatureMap.put(SignatureAlgorithm.RSASHA256, new RsaSignatureVerifier("SHA256withRSA"));
074        } catch (NoSuchAlgorithmException e) {
075            // RSA/SHA-256 is RECOMMENDED
076            LOGGER.log(Level.INFO, "Platform does not support RSA/SHA-256", e);
077        }
078        try {
079            signatureMap.put(SignatureAlgorithm.RSASHA512, new RsaSignatureVerifier("SHA512withRSA"));
080        } catch (NoSuchAlgorithmException e) {
081            // RSA/SHA-512 is RECOMMENDED
082            LOGGER.log(Level.INFO, "Platform does not support RSA/SHA-512", e);
083        }
084        try {
085            signatureMap.put(SignatureAlgorithm.ECC_GOST, new EcgostSignatureVerifier());
086        } catch (NoSuchAlgorithmException e) {
087            // GOST R 34.10-2001 is OPTIONAL
088            LOGGER.log(Level.FINE, "Platform does not support GOST R 34.10-2001", e);
089        }
090        try {
091            signatureMap.put(SignatureAlgorithm.ECDSAP256SHA256, new EcdsaSignatureVerifier.P256SHA256());
092        } catch (NoSuchAlgorithmException e) {
093            // ECDSA/SHA-256 is RECOMMENDED
094            LOGGER.log(Level.INFO, "Platform does not support ECDSA/SHA-256", e);
095        }
096        try {
097            signatureMap.put(SignatureAlgorithm.ECDSAP384SHA384, new EcdsaSignatureVerifier.P384SHA284());
098        } catch (NoSuchAlgorithmException e) {
099            // ECDSA/SHA-384 is RECOMMENDED
100            LOGGER.log(Level.INFO, "Platform does not support ECDSA/SHA-384", e);
101        }
102    }
103
104    public DigestCalculator getDsDigestCalculator(DigestAlgorithm algorithm) {
105        return dsDigestMap.get(algorithm);
106    }
107
108    public SignatureVerifier getSignatureVerifier(SignatureAlgorithm algorithm) {
109        return signatureMap.get(algorithm);
110    }
111
112    public DigestCalculator getNsecDigestCalculator(HashAlgorithm algorithm) {
113        return nsecDigestMap.get(algorithm);
114    }
115}