// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
package org.xbill.DNS;
import java.io.*;
import org.xbill.DNS.utils.*;
/**
* Certificate Record - Stores a certificate associated with a name. The
* certificate might also be associated with a KEYRecord.
* @see KEYRecord
*
* @author Brian Wellington
*/
public class CERTRecord extends Record {
public static class CertificateType {
/** Certificate type identifiers. See RFC 4398 for more detail. */
private CertificateType() {}
/** PKIX (X.509v3) */
public static final int PKIX = 1;
/** Simple Public Key Infrastructure */
public static final int SPKI = 2;
/** Pretty Good Privacy */
public static final int PGP = 3;
/** URL of an X.509 data object */
public static final int IPKIX = 4;
/** URL of an SPKI certificate */
public static final int ISPKI = 5;
/** Fingerprint and URL of an OpenPGP packet */
public static final int IPGP = 6;
/** Attribute Certificate */
public static final int ACPKIX = 7;
/** URL of an Attribute Certificate */
public static final int IACPKIX = 8;
/** Certificate format defined by URI */
public static final int URI = 253;
/** Certificate format defined by OID */
public static final int OID = 254;
private static Mnemonic types = new Mnemonic("Certificate type",
Mnemonic.CASE_UPPER);
static {
types.setMaximum(0xFFFF);
types.setNumericAllowed(true);
types.add(PKIX, "PKIX");
types.add(SPKI, "SPKI");
types.add(PGP, "PGP");
types.add(PKIX, "IPKIX");
types.add(SPKI, "ISPKI");
types.add(PGP, "IPGP");
types.add(PGP, "ACPKIX");
types.add(PGP, "IACPKIX");
types.add(URI, "URI");
types.add(OID, "OID");
}
/**
* Converts a certificate type into its textual representation
*/
public static String
string(int type) {
return types.getText(type);
}
/**
* Converts a textual representation of an certificate type into its
* numeric code. Integers in the range 0..65535 are also accepted.
* @param s The textual representation of the algorithm
* @return The algorithm code, or -1 on error.
*/
public static int
value(String s) {
return types.getValue(s);
}
}
/** PKIX (X.509v3) */
public static final int PKIX = CertificateType.PKIX;
/** Simple Public Key Infrastructure */
public static final int SPKI = CertificateType.SPKI;
/** Pretty Good Privacy */
public static final int PGP = CertificateType.PGP;
/** Certificate format defined by URI */
public static final int URI = CertificateType.URI;
/** Certificate format defined by IOD */
public static final int OID = CertificateType.OID;
private static final long serialVersionUID = 4763014646517016835L;
private int certType, keyTag;
private int alg;
private byte [] cert;
CERTRecord() {}
Record
getObject() {
return new CERTRecord();
}
/**
* Creates a CERT Record from the given data
* @param certType The type of certificate (see constants)
* @param keyTag The ID of the associated KEYRecord, if present
* @param alg The algorithm of the associated KEYRecord, if present
* @param cert Binary data representing the certificate
*/
public
CERTRecord(Name name, int dclass, long ttl, int certType, int keyTag,
int alg, byte [] cert)
{
super(name, Type.CERT, dclass, ttl);
this.certType = checkU16("certType", certType);
this.keyTag = checkU16("keyTag", keyTag);
this.alg = checkU8("alg", alg);
this.cert = cert;
}
void
rrFromWire(DNSInput in) throws IOException {
certType = in.readU16();
keyTag = in.readU16();
alg = in.readU8();
cert = in.readByteArray();
}
void
rdataFromString(Tokenizer st, Name origin) throws IOException {
String certTypeString = st.getString();
certType = CertificateType.value(certTypeString);
if (certType < 0)
throw st.exception("Invalid certificate type: " +
certTypeString);
keyTag = st.getUInt16();
String algString = st.getString();
alg = DNSSEC.Algorithm.value(algString);
if (alg < 0)
throw st.exception("Invalid algorithm: " + algString);
cert = st.getBase64();
}
/**
* Converts rdata to a String
*/
String
rrToString() {
StringBuffer sb = new StringBuffer();
sb.append (certType);
sb.append (" ");
sb.append (keyTag);
sb.append (" ");
sb.append (alg);
if (cert != null) {
if (Options.check("multiline")) {
sb.append(" (\n");
sb.append(base64.formatString(cert, 64, "\t", true));
} else {
sb.append(" ");
sb.append(base64.toString(cert));
}
}
return sb.toString();
}
/**
* Returns the type of certificate
*/
public int
getCertType() {
return certType;
}
/**
* Returns the ID of the associated KEYRecord, if present
*/
public int
getKeyTag() {
return keyTag;
}
/**
* Returns the algorithm of the associated KEYRecord, if present
*/
public int
getAlgorithm() {
return alg;
}
/**
* Returns the binary representation of the certificate
*/
public byte []
getCert() {
return cert;
}
void
rrToWire(DNSOutput out, Compression c, boolean canonical) {
out.writeU16(certType);
out.writeU16(keyTag);
out.writeU8(alg);
out.writeByteArray(cert);
}
}