// Copyright (c) 1999-2004 Brian Wellington (bwelling@xbill.org)
package org.xbill.DNS;
import java.io.*;
import org.xbill.DNS.utils.*;
/**
* Transport Layer Security Authentication
*
* @author Brian Wellington
*/
public class TLSARecord extends Record {
private static final long serialVersionUID = 356494267028580169L;
public static class CertificateUsage {
private CertificateUsage() {}
public static final int CA_CONSTRAINT = 0;
public static final int SERVICE_CERTIFICATE_CONSTRAINT = 1;
public static final int TRUST_ANCHOR_ASSERTION = 2;
public static final int DOMAIN_ISSUED_CERTIFICATE = 3;
}
public static class Selector {
private Selector() {}
/**
* Full certificate; the Certificate binary structure defined in
* [RFC5280]
*/
public static final int FULL_CERTIFICATE = 0;
/**
* SubjectPublicKeyInfo; DER-encoded binary structure defined in
* [RFC5280]
*/
public static final int SUBJECT_PUBLIC_KEY_INFO = 1;
}
public static class MatchingType {
private MatchingType() {}
/** Exact match on selected content */
public static final int EXACT = 0;
/** SHA-256 hash of selected content [RFC6234] */
public static final int SHA256 = 1;
/** SHA-512 hash of selected content [RFC6234] */
public static final int SHA512 = 2;
}
private int certificateUsage;
private int selector;
private int matchingType;
private byte [] certificateAssociationData;
TLSARecord() {}
Record
getObject() {
return new TLSARecord();
}
/**
* Creates an TLSA Record from the given data
* @param certificateUsage The provided association that will be used to
* match the certificate presented in the TLS handshake.
* @param selector The part of the TLS certificate presented by the server
* that will be matched against the association data.
* @param matchingType How the certificate association is presented.
* @param certificateAssociationData The "certificate association data" to be
* matched.
*/
public
TLSARecord(Name name, int dclass, long ttl,
int certificateUsage, int selector, int matchingType,
byte [] certificateAssociationData)
{
super(name, Type.TLSA, dclass, ttl);
this.certificateUsage = checkU8("certificateUsage", certificateUsage);
this.selector = checkU8("selector", selector);
this.matchingType = checkU8("matchingType", matchingType);
this.certificateAssociationData = checkByteArrayLength(
"certificateAssociationData",
certificateAssociationData,
0xFFFF);
}
void
rrFromWire(DNSInput in) throws IOException {
certificateUsage = in.readU8();
selector = in.readU8();
matchingType = in.readU8();
certificateAssociationData = in.readByteArray();
}
void
rdataFromString(Tokenizer st, Name origin) throws IOException {
certificateUsage = st.getUInt8();
selector = st.getUInt8();
matchingType = st.getUInt8();
certificateAssociationData = st.getHex();
}
/** Converts rdata to a String */
String
rrToString() {
StringBuffer sb = new StringBuffer();
sb.append(certificateUsage);
sb.append(" ");
sb.append(selector);
sb.append(" ");
sb.append(matchingType);
sb.append(" ");
sb.append(base16.toString(certificateAssociationData));
return sb.toString();
}
void
rrToWire(DNSOutput out, Compression c, boolean canonical) {
out.writeU8(certificateUsage);
out.writeU8(selector);
out.writeU8(matchingType);
out.writeByteArray(certificateAssociationData);
}
/** Returns the certificate usage of the TLSA record */
public int
getCertificateUsage() {
return certificateUsage;
}
/** Returns the selector of the TLSA record */
public int
getSelector() {
return selector;
}
/** Returns the matching type of the TLSA record */
public int
getMatchingType() {
return matchingType;
}
/** Returns the certificate associate data of this TLSA record */
public final byte []
getCertificateAssociationData() {
return certificateAssociationData;
}
}