001/* 002 * Copyright 2015-2020 the original author or authors 003 * 004 * This software is licensed under the Apache License, Version 2.0, 005 * the GNU Lesser General Public License version 2 or later ("LGPL") 006 * and the WTFPL. 007 * You may choose either license to govern your use of this software only 008 * upon the condition that you accept all of the terms of either 009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL. 010 */ 011package org.minidns.dnssec.algorithms; 012 013import org.minidns.constants.DnssecConstants.DigestAlgorithm; 014import org.minidns.constants.DnssecConstants.SignatureAlgorithm; 015import org.minidns.dnssec.DnssecValidatorInitializationException; 016import org.minidns.dnssec.DigestCalculator; 017import org.minidns.dnssec.SignatureVerifier; 018import org.minidns.record.NSEC3.HashAlgorithm; 019 020import java.security.NoSuchAlgorithmException; 021import java.util.HashMap; 022import java.util.Map; 023import java.util.logging.Level; 024import java.util.logging.Logger; 025 026public final class AlgorithmMap { 027 private Logger LOGGER = Logger.getLogger(AlgorithmMap.class.getName()); 028 029 public static final AlgorithmMap INSTANCE = new AlgorithmMap(); 030 031 private final Map<DigestAlgorithm, DigestCalculator> dsDigestMap = new HashMap<>(); 032 private final Map<SignatureAlgorithm, SignatureVerifier> signatureMap = new HashMap<>(); 033 private final Map<HashAlgorithm, DigestCalculator> nsecDigestMap = new HashMap<>(); 034 035 @SuppressWarnings("deprecation") 036 private AlgorithmMap() { 037 try { 038 dsDigestMap.put(DigestAlgorithm.SHA1, new JavaSecDigestCalculator("SHA-1")); 039 nsecDigestMap.put(HashAlgorithm.SHA1, new JavaSecDigestCalculator("SHA-1")); 040 } catch (NoSuchAlgorithmException e) { 041 // SHA-1 is MANDATORY 042 throw new DnssecValidatorInitializationException("SHA-1 is mandatory", e); 043 } 044 try { 045 dsDigestMap.put(DigestAlgorithm.SHA256, new JavaSecDigestCalculator("SHA-256")); 046 } catch (NoSuchAlgorithmException e) { 047 // SHA-256 is MANDATORY 048 throw new DnssecValidatorInitializationException("SHA-256 is mandatory", e); 049 } 050 051 try { 052 signatureMap.put(SignatureAlgorithm.RSAMD5, new RsaSignatureVerifier("MD5withRSA")); 053 } catch (NoSuchAlgorithmException e) { 054 // RSA/MD5 is DEPRECATED 055 LOGGER.log(Level.FINER, "Platform does not support RSA/MD5", e); 056 } 057 try { 058 DsaSignatureVerifier sha1withDSA = new DsaSignatureVerifier("SHA1withDSA"); 059 signatureMap.put(SignatureAlgorithm.DSA, sha1withDSA); 060 signatureMap.put(SignatureAlgorithm.DSA_NSEC3_SHA1, sha1withDSA); 061 } catch (NoSuchAlgorithmException e) { 062 // DSA/SHA-1 is OPTIONAL 063 LOGGER.log(Level.FINE, "Platform does not support DSA/SHA-1", e); 064 } 065 try { 066 RsaSignatureVerifier sha1withRSA = new RsaSignatureVerifier("SHA1withRSA"); 067 signatureMap.put(SignatureAlgorithm.RSASHA1, sha1withRSA); 068 signatureMap.put(SignatureAlgorithm.RSASHA1_NSEC3_SHA1, sha1withRSA); 069 } catch (NoSuchAlgorithmException e) { 070 throw new DnssecValidatorInitializationException("Platform does not support RSA/SHA-1", e); 071 } 072 try { 073 signatureMap.put(SignatureAlgorithm.RSASHA256, new RsaSignatureVerifier("SHA256withRSA")); 074 } catch (NoSuchAlgorithmException e) { 075 // RSA/SHA-256 is RECOMMENDED 076 LOGGER.log(Level.INFO, "Platform does not support RSA/SHA-256", e); 077 } 078 try { 079 signatureMap.put(SignatureAlgorithm.RSASHA512, new RsaSignatureVerifier("SHA512withRSA")); 080 } catch (NoSuchAlgorithmException e) { 081 // RSA/SHA-512 is RECOMMENDED 082 LOGGER.log(Level.INFO, "Platform does not support RSA/SHA-512", e); 083 } 084 try { 085 signatureMap.put(SignatureAlgorithm.ECC_GOST, new EcgostSignatureVerifier()); 086 } catch (NoSuchAlgorithmException e) { 087 // GOST R 34.10-2001 is OPTIONAL 088 LOGGER.log(Level.FINE, "Platform does not support GOST R 34.10-2001", e); 089 } 090 try { 091 signatureMap.put(SignatureAlgorithm.ECDSAP256SHA256, new EcdsaSignatureVerifier.P256SHA256()); 092 } catch (NoSuchAlgorithmException e) { 093 // ECDSA/SHA-256 is RECOMMENDED 094 LOGGER.log(Level.INFO, "Platform does not support ECDSA/SHA-256", e); 095 } 096 try { 097 signatureMap.put(SignatureAlgorithm.ECDSAP384SHA384, new EcdsaSignatureVerifier.P384SHA284()); 098 } catch (NoSuchAlgorithmException e) { 099 // ECDSA/SHA-384 is RECOMMENDED 100 LOGGER.log(Level.INFO, "Platform does not support ECDSA/SHA-384", e); 101 } 102 } 103 104 public DigestCalculator getDsDigestCalculator(DigestAlgorithm algorithm) { 105 return dsDigestMap.get(algorithm); 106 } 107 108 public SignatureVerifier getSignatureVerifier(SignatureAlgorithm algorithm) { 109 return signatureMap.get(algorithm); 110 } 111 112 public DigestCalculator getNsecDigestCalculator(HashAlgorithm algorithm) { 113 return nsecDigestMap.get(algorithm); 114 } 115}