001/*
002 * Copyright 2015-2020 the original author or authors
003 *
004 * This software is licensed under the Apache License, Version 2.0,
005 * the GNU Lesser General Public License version 2 or later ("LGPL")
006 * and the WTFPL.
007 * You may choose either license to govern your use of this software only
008 * upon the condition that you accept all of the terms of either
009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL.
010 */
011package org.minidns.record;
012
013import java.io.DataInputStream;
014import java.io.DataOutputStream;
015import java.io.IOException;
016import java.math.BigInteger;
017import java.util.Arrays;
018
019import org.minidns.constants.DnssecConstants.DigestAlgorithm;
020import org.minidns.constants.DnssecConstants.SignatureAlgorithm;
021
022/**
023 * DS (Delegation Signer) record payload.
024 *
025 * @see <a href="https://tools.ietf.org/html/rfc4034#section-5">RFC 4034 ยง 5</a>
026 */
027public abstract class DelegatingDnssecRR extends Data {
028
029    /**
030     * The key tag value of the DNSKEY RR that validates this signature.
031     */
032    public final int /* unsigned short */ keyTag;
033
034    /**
035     * The cryptographic algorithm used to create the signature. If MiniDNS
036     * isn't aware of the signature algorithm, then this field will be
037     * <code>null</code>.
038     * 
039     * @see #algorithmByte
040     */
041    public final SignatureAlgorithm algorithm;
042
043    /**
044     * The byte value of the cryptographic algorithm used to create the signature.
045     */
046    public final byte algorithmByte;
047
048    /**
049     * The algorithm used to construct the digest. If MiniDNS
050     * isn't aware of the digest algorithm, then this field will be
051     * <code>null</code>.
052     * 
053     * @see #digestTypeByte
054     */
055    public final DigestAlgorithm digestType;
056
057    /**
058     * The byte value of algorithm used to construct the digest.
059     */
060    public final byte digestTypeByte;
061
062    /**
063     * The digest build from a DNSKEY.
064     */
065    protected final byte[] digest;
066
067    protected static SharedData parseSharedData(DataInputStream dis, int length) throws IOException {
068        int keyTag = dis.readUnsignedShort();
069        byte algorithm = dis.readByte();
070        byte digestType = dis.readByte();
071        byte[] digest = new byte[length - 4];
072        if (dis.read(digest) != digest.length) throw new IOException();
073        return new SharedData(keyTag, algorithm, digestType, digest);
074    }
075
076    protected static final class SharedData {
077        protected final int keyTag;
078        protected final byte algorithm;
079        protected final byte digestType;
080        protected final byte[] digest;
081
082        private SharedData(int keyTag, byte algorithm, byte digestType, byte[] digest) {
083            this.keyTag = keyTag;
084            this.algorithm = algorithm;
085            this.digestType = digestType;
086            this.digest = digest;
087        }
088    }
089
090    protected DelegatingDnssecRR(int keyTag, SignatureAlgorithm algorithm, byte algorithmByte, DigestAlgorithm digestType, byte digestTypeByte, byte[] digest) {
091        this.keyTag = keyTag;
092
093        assert algorithmByte == (algorithm != null ? algorithm.number : algorithmByte);
094        this.algorithmByte = algorithmByte;
095        this.algorithm = algorithm != null ? algorithm : SignatureAlgorithm.forByte(algorithmByte);
096
097        assert digestTypeByte == (digestType != null ? digestType.value : digestTypeByte);
098        this.digestTypeByte = digestTypeByte;
099        this.digestType = digestType != null ? digestType : DigestAlgorithm.forByte(digestTypeByte);
100
101        assert digest != null;
102        this.digest = digest;
103    }
104
105    protected DelegatingDnssecRR(int keyTag, byte algorithm, byte digestType, byte[] digest) {
106        this(keyTag, null, algorithm, null, digestType, digest);
107    }
108
109    protected DelegatingDnssecRR(int keyTag, SignatureAlgorithm algorithm, DigestAlgorithm digestType, byte[] digest) {
110        this(keyTag, algorithm, algorithm.number, digestType, digestType.value, digest);
111    }
112
113    protected DelegatingDnssecRR(int keyTag, SignatureAlgorithm algorithm, byte digestType, byte[] digest) {
114        this(keyTag, algorithm, algorithm.number, null, digestType, digest);
115    }
116
117    @Override
118    public void serialize(DataOutputStream dos) throws IOException {
119        dos.writeShort(keyTag);
120        dos.writeByte(algorithmByte);
121        dos.writeByte(digestTypeByte);
122        dos.write(digest);
123    }
124
125    @Override
126    public String toString() {
127        StringBuilder sb = new StringBuilder()
128                .append(keyTag).append(' ')
129                .append(algorithm).append(' ')
130                .append(digestType).append(' ')
131                .append(new BigInteger(1, digest).toString(16).toUpperCase());
132        return sb.toString();
133    }
134
135    private transient BigInteger digestBigIntCache;
136
137    public BigInteger getDigestBigInteger() {
138        if (digestBigIntCache == null) {
139            digestBigIntCache = new BigInteger(1, digest);
140        }
141        return digestBigIntCache;
142    }
143
144    private transient String digestHexCache;
145
146    public String getDigestHex() {
147        if (digestHexCache == null) {
148            digestHexCache = getDigestBigInteger().toString(16).toUpperCase();
149        }
150        return digestHexCache;
151    }
152
153    public boolean digestEquals(byte[] otherDigest) {
154        return Arrays.equals(digest, otherDigest);
155    }
156}