You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by dg...@apache.org on 2018/11/27 19:16:46 UTC
[trafficcontrol] branch 3.0.x updated: removed JDNSSEC from Traffic
Router
This is an automated email from the ASF dual-hosted git repository.
dgelinas pushed a commit to branch 3.0.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/3.0.x by this push:
new 22d30c3 removed JDNSSEC from Traffic Router
22d30c3 is described below
commit 22d30c30bf1a485a483623f866ee68c4ec089ff8
Author: ocket8888 <oc...@gmail.com>
AuthorDate: Mon Nov 19 07:35:53 2018 -0700
removed JDNSSEC from Traffic Router
---
traffic_router/build/build_rpm.sh | 22 ---
traffic_router/jdnssec/README.DNSSEC | 7 -
traffic_router/jdnssec/pom.xml | 53 ------
.../jdnssec/dns/keys/BindPrivateKeyFormatter.java | 55 ------
.../jdnssec/dns/keys/DNSKeyPairWrapper.java | 191 -------------------
.../jdnssec/dns/keys/JDnsSecSigner.java | 70 -------
.../jdnssec/dns/keys/Pkcs1Formatter.java | 65 -------
.../jdnssec/dns/keys/SigningTestDataGenerator.java | 176 ------------------
.../jdnssec/dns/keys/ZoneSignerTest.java | 205 ---------------------
traffic_router/pom.xml | 12 --
10 files changed, 856 deletions(-)
diff --git a/traffic_router/build/build_rpm.sh b/traffic_router/build/build_rpm.sh
index db9caf6..16be21e 100755
--- a/traffic_router/build/build_rpm.sh
+++ b/traffic_router/build/build_rpm.sh
@@ -31,31 +31,9 @@ function importFunctions() {
}
#----------------------------------------
-function installDnsSec {
- # download and integrate dnssec library
- local dnssecversion=0.12
- local dnssectools=jdnssec-tools
- local dnssec="$dnssectools-$dnssecversion"
- local dnssecurl=http://www.verisignlabs.com/dnssec-tools/packages/old-releases
-
- echo "Downloading $dnssec library..."
- curl -fo "$dnssec".tar.gz "$dnssecurl/$dnssec".tar.gz || \
- { echo "Could not download required $dnssec library: $?"; exit 1; }
- tar xzvf "$dnssec".tar.gz || \
- { echo "Could not extract required $dnssec library: $?"; exit 1; }
-
- (cd "$dnssec" && \
- mvn install::install-file -Dfile=./lib/jdnssec-tools.jar -DgroupId=jdnssec -Dpackaging=jar \
- -DartifactId=jdnssec-tools -Dversion="$dnssecversion" \
- ) || { echo "Could not install required $dnssec library: $?"; exit 1; } \
-}
-
-#----------------------------------------
function buildRpmTrafficRouter () {
echo "Building the rpm."
- installDnsSec
-
export STARTUP_SCRIPT_DIR="/lib/systemd/system"
export STARTUP_SCRIPT_LOC="../core/src/main/lib/systemd/system"
diff --git a/traffic_router/jdnssec/README.DNSSEC b/traffic_router/jdnssec/README.DNSSEC
deleted file mode 100644
index d24fb39..0000000
--- a/traffic_router/jdnssec/README.DNSSEC
+++ /dev/null
@@ -1,7 +0,0 @@
-This release includes test tools for DNSSEC using David Blacka's jdnssec-tools package. Download the binary distribution and install the jar into your local Maven repository.
-
- http://www.verisignlabs.com/jdnssec-tools/
-
- mvn install:install-file -Dfile=jdnssec-tools.jar -DgroupId=jdnssec -DartifactId=jdnssec-tools -Dversion={VERSION} -Dpackaging=jar
-
-To build the optional jdnssec module, use: mvn <goals> -DuseJdnssec=true
diff --git a/traffic_router/jdnssec/pom.xml b/traffic_router/jdnssec/pom.xml
deleted file mode 100644
index edf5dba..0000000
--- a/traffic_router/jdnssec/pom.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements. See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership. The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing,
-software distributed under the License is distributed on an
-"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, either express or implied. See the License for the
-specific language governing permissions and limitations
-under the License.
--->
-
-<project xmlns="http://maven.apache.org/POM/4.0.0"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <parent>
- <artifactId>traffic_router</artifactId>
- <groupId>com.comcast.cdn.traffic_control.traffic_router</groupId>
- <version>3.0.0</version>
- </parent>
- <modelVersion>4.0.0</modelVersion>
-
- <artifactId>traffic_router_jdnssec</artifactId>
- <dependencies>
- <dependency>
- <groupId>com.comcast.cdn.traffic_control.traffic_router</groupId>
- <artifactId>traffic_router_core</artifactId>
- <version>${project.parent.version}</version>
- <classifier>classes</classifier>
- </dependency>
- <dependency>
- <groupId>com.comcast.cdn.traffic_control.traffic_router</groupId>
- <artifactId>traffic_router_shared</artifactId>
- <version>${project.parent.version}</version>
- </dependency>
- <dependency>
- <groupId>jdnssec</groupId>
- <artifactId>jdnssec-tools</artifactId>
- <version>0.12</version>
- </dependency>
- </dependencies>
-
-
-</project>
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/BindPrivateKeyFormatter.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/BindPrivateKeyFormatter.java
deleted file mode 100644
index 82c2356..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/BindPrivateKeyFormatter.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import sun.security.rsa.RSAPrivateCrtKeyImpl;
-
-import java.math.BigInteger;
-import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
-
-import static java.util.Base64.getEncoder;
-
-public class BindPrivateKeyFormatter {
- String encode(BigInteger bigInteger) {
- return new String(getEncoder().encode(bigInteger.toByteArray()));
- }
-
- public String format(RSAMultiPrimePrivateCrtKeySpec spec) {
- return "Private-key-format: v1.2\n" +
- "Algorithm: 5 (RSASHA1)\n" +
- "Modulus: " + encode(spec.getModulus()) + "\n" +
- "PublicExponent: " + encode(spec.getPublicExponent()) + "\n" +
- "PrivateExponent: " + encode(spec.getPrivateExponent()) + "\n" +
- "Prime1: " + encode(spec.getPrimeP()) + "\n" +
- "Prime2: " + encode(spec.getPrimeQ()) + "\n" +
- "Exponent1: " + encode(spec.getPrimeExponentP()) + "\n" +
- "Exponent2: " + encode(spec.getPrimeExponentQ())+ "\n" +
- "Coefficient: " + encode(spec.getCrtCoefficient())+ "\n";
- }
-
- public String format(RSAPrivateCrtKeyImpl key) {
- return "Private-key-format: v1.2\n" +
- "Algorithm: 5 (RSASHA1)\n" +
- "Modulus: " + encode(key.getModulus()) + "\n" +
- "PublicExponent: " + encode(key.getPublicExponent()) + "\n" +
- "PrivateExponent: " + encode(key.getPrivateExponent()) + "\n" +
- "Prime1: " + encode(key.getPrimeP()) + "\n" +
- "Prime2: " + encode(key.getPrimeQ()) + "\n" +
- "Exponent1: " + encode(key.getPrimeExponentP()) + "\n" +
- "Exponent2: " + encode(key.getPrimeExponentQ())+ "\n" +
- "Coefficient: " + encode(key.getCrtCoefficient())+ "\n";
- }
-}
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/DNSKeyPairWrapper.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/DNSKeyPairWrapper.java
deleted file mode 100644
index 5a86fe5..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/DNSKeyPairWrapper.java
+++ /dev/null
@@ -1,191 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Calendar;
-import java.util.Date;
-
-import javax.xml.bind.DatatypeConverter;
-
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
-import com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtils;
-import com.comcast.cdn.traffic_control.traffic_router.core.util.JsonUtilsException;
-import com.fasterxml.jackson.databind.JsonNode;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.Master;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-import org.xbill.DNS.Type;
-
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-
-public class DNSKeyPairWrapper extends DnsKeyPair implements DnsSecKeyPair {
- private long ttl;
- private Date inception;
- private Date effective;
- private Date expiration;
- private String name;
-
- public DNSKeyPairWrapper(final JsonNode keyPair, final long defaultTTL) throws JsonUtilsException, IOException {
- this.inception = new Date(1000L * JsonUtils.getLong(keyPair, "inceptionDate"));
- this.effective = new Date(1000L * JsonUtils.getLong(keyPair, "effectiveDate"));
- this.expiration = new Date(1000L * JsonUtils.getLong(keyPair, "expirationDate"));
- this.ttl = JsonUtils.optLong(keyPair, "ttl", defaultTTL);
- this.name = JsonUtils.getString(keyPair, "name").toLowerCase();
-
- final byte[] privateKey = DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "private"));
- final byte[] publicKey = DatatypeConverter.parseBase64Binary(JsonUtils.getString(keyPair, "public"));
-
- try (InputStream in = new ByteArrayInputStream(publicKey)) {
- final Master master = new Master(in, new Name(name), ttl);
- setPrivateKeyString(new String(privateKey));
-
- Record record;
- while ((record = master.nextRecord()) != null) {
- if (record.getType() == Type.DNSKEY) {
- setDNSKEYRecord((DNSKEYRecord) record);
- break;
- }
- }
- }
- }
-
- @Override
- public long getTTL() {
- return ttl;
- }
-
- @Override
- public void setTTL(final long ttl) {
- this.ttl = ttl;
- }
-
- @Override
- public String getName() {
- return name;
- }
-
- @Override
- public void setName(final String name) {
- this.name = name;
- }
-
- @Override
- public Date getInception() {
- return inception;
- }
-
- @Override
- public void setInception(final Date inception) {
- this.inception = inception;
- }
-
- @Override
- public Date getEffective() {
- return effective;
- }
-
- @Override
- public void setEffective(final Date effective) {
- this.effective = effective;
- }
-
- @Override
- public Date getExpiration() {
- return expiration;
- }
-
- @Override
- public void setExpiration(final Date expiration) {
- this.expiration = expiration;
- }
-
- @Override
- public boolean isKeySigningKey() {
- return ((getDNSKEYRecord().getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0);
- }
-
- @Override
- public boolean isExpired() {
- return getExpiration().before(Calendar.getInstance().getTime());
- }
-
- @Override
- public boolean isUsable() {
- final Date now = Calendar.getInstance().getTime();
- return getEffective().before(now);
- }
-
- @Override
- public boolean isKeyCached(final long maxTTL) {
- return getExpiration().after(new Date(System.currentTimeMillis() - (maxTTL * 1000)));
- }
-
- @Override
- public boolean isOlder(final DnsSecKeyPair other) {
- return getEffective().before(other.getEffective());
- }
-
- @Override
- public boolean isNewer(final DnsSecKeyPair other) {
- return getEffective().after(other.getEffective());
- }
-
- @Override
- @SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
- public boolean equals(final Object obj) {
- final DNSKeyPairWrapper okp = (DNSKeyPairWrapper) obj;
-
- if (!this.getDNSKEYRecord().equals(okp.getDNSKEYRecord())) {
- return false;
- } else if (!this.getPrivate().equals(okp.getPrivate())) {
- return false;
- } else if (!this.getPublic().equals(okp.getPublic())) {
- return false;
- } else if (!getEffective().equals(okp.getEffective())) {
- return false;
- } else if (!getExpiration().equals(okp.getExpiration())) {
- return false;
- } else if (!getInception().equals(okp.getInception())) {
- return false;
- } else if (!getName().equals(okp.getName())) {
- return false;
- } else if (getTTL() != okp.getTTL()) {
- return false;
- }
-
- return true;
- }
-
- @Override
- public String toString() {
- final StringBuilder sb = new StringBuilder();
- sb.append("name=").append(name)
- .append(" ttl=").append(getTTL())
- .append(" ksk=").append(isKeySigningKey())
- .append(" inception=\"");
- sb.append(getInception());
- sb.append("\" effective=\"");
- sb.append(getEffective());
- sb.append("\" expiration=\"");
- sb.append(getExpiration()).append('"');
-
- return sb.toString();
- }
-}
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/JDnsSecSigner.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/JDnsSecSigner.java
deleted file mode 100644
index 0f1d414..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/JDnsSecSigner.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSigner;
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import com.verisignlabs.dnssec.security.SignUtils;
-import org.apache.log4j.Logger;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-
-public class JDnsSecSigner implements ZoneSigner {
- private static final Logger LOGGER = Logger.getLogger(JDnsSecSigner.class);
- @Override
- public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
- final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException {
- LOGGER.info("Signing records, name for first record is " + records.get(0).getName());
- final List<DnsKeyPair> kPairs = new ArrayList<>();
- final List<DnsKeyPair> zPairs = new ArrayList<>();
-
- for (final DnsSecKeyPair keyPair : kskPairs) {
- if (keyPair instanceof DnsKeyPair) {
- kPairs.add((DnsKeyPair) keyPair);
- } else {
- throw new IllegalArgumentException("kskPairs contains non jdnssec object!");
- }
- }
-
- for (final DnsSecKeyPair keyPair : zskPairs) {
- if (keyPair instanceof DnsKeyPair) {
- zPairs.add((DnsKeyPair) keyPair);
- } else {
- throw new IllegalArgumentException("zskPairs contains non jdnssec object!");
- }
- }
-
- final JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- return signer.signZone(name, records, kPairs, zPairs, inception, expiration, fullySignKeySet, digestId);
- }
-
- @Override
- public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) {
- LOGGER.info("Calculating DS Records for " + dnskeyRecord.getName());
- return SignUtils.calculateDSRecord(dnskeyRecord, DSRecord.SHA256_DIGEST_ID, ttl);
- }
-}
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/Pkcs1Formatter.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/Pkcs1Formatter.java
deleted file mode 100644
index a9045de..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/Pkcs1Formatter.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import sun.security.rsa.RSAPrivateCrtKeyImpl;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-
-import java.io.IOException;
-import java.security.interfaces.RSAPublicKey;
-
-public class Pkcs1Formatter {
-
- // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
-
- public byte[] toBytes(RSAPrivateCrtKeyImpl key) throws IOException {
- byte tag = 2;
- DerValue[] outputSequence = new DerValue[] {
- new DerValue(tag, new byte[]{0}),
- new DerValue(tag, key.getModulus().toByteArray()),
- new DerValue(tag, key.getPublicExponent().toByteArray()),
- new DerValue(tag, key.getPrivateExponent().toByteArray()),
- new DerValue(tag, key.getPrimeP().toByteArray()),
- new DerValue(tag, key.getPrimeQ().toByteArray()),
- new DerValue(tag, key.getPrimeExponentP().toByteArray()),
- new DerValue(tag, key.getPrimeExponentQ().toByteArray()),
- new DerValue(tag, key.getCrtCoefficient().toByteArray()),
- };
-
- DerOutputStream outputStream = new DerOutputStream();
-
- outputStream.putSequence(outputSequence);
- outputStream.flush();
-
- return outputStream.toByteArray();
- }
-
- public byte[] toBytes(RSAPublicKey key) throws IOException {
- byte tag = 2;
- DerValue[] outputSequence = new DerValue[] {
- new DerValue(tag, key.getModulus().toByteArray()),
- new DerValue(tag, key.getPublicExponent().toByteArray())
- };
-
- DerOutputStream outputStream = new DerOutputStream();
-
- outputStream.putSequence(outputSequence);
- outputStream.flush();
-
- return outputStream.toByteArray();
- }
-}
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/SigningTestDataGenerator.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/SigningTestDataGenerator.java
deleted file mode 100644
index 5d515d2..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/SigningTestDataGenerator.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords;
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import org.junit.Before;
-import org.junit.Test;
-import org.xbill.DNS.DClass;
-import org.xbill.DNS.DNSKEYRecord;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Name;
-import org.xbill.DNS.Record;
-import org.xbill.DNS.Section;
-import sun.security.rsa.RSAPrivateCrtKeyImpl;
-
-import java.io.IOException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Base64;
-import java.util.List;
-
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.generateZoneRecords;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.keySigningKeyRecord;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.ksk1;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.ksk2;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.zoneSigningKeyRecord;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.zsk1;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.zsk2;
-import static java.util.Base64.getEncoder;
-import static java.util.Base64.getMimeEncoder;
-import static java.util.stream.Collectors.toList;
-import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
-
-public class SigningTestDataGenerator {
- private Base64.Encoder encoder = getMimeEncoder(76, new byte[]{'\n'});
-
- byte[] encode(byte[] data) {
- return new String(encoder.encode(getEncoder().encode(data))).replaceAll("\n", "\\\\n").getBytes();
- }
-
- String encodeDnsKeyRecord(DNSKEYRecord dnskeyRecord) {
- return new String(getMimeEncoder(76, new byte[]{'\n'}).encode(dnskeyRecord.toString().getBytes())).replaceAll("\n", "\\\\n");
- }
-
- void dumpKeyPair(String varPrefix, KeyPair keyPair) throws IOException {
- dumpKey(String.format("%sPublic", varPrefix), keyPair.getPublic());
- dumpKey(String.format("%sPrivate", varPrefix), keyPair.getPrivate());
- }
-
- void dumpKey(String varName, Key key) throws IOException {
-
- byte[] base64Encoded;
- if (key instanceof RSAPrivateCrtKeyImpl) {
- String s = new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) key);
- base64Encoded = new String(encoder.encode(s.getBytes())).replaceAll("\n", "\\\\n").getBytes();
- } else if (key instanceof RSAPublicKey) {
- base64Encoded = getEncoder().encode(new Pkcs1Formatter().toBytes((RSAPublicKey) key));
- } else {
- base64Encoded = encode(encode(key.getEncoded()));
- }
-
- System.out.println(makeBase64StringVar(varName, new String(base64Encoded)));
- }
-
- String makeBase64StringVar(String varName, String base64String) {
- int length = 100;
- int beginIndex = 0;
- int endIndex = length;
- StringBuilder stringBuilder = new StringBuilder("static String " + varName + " =\n");
- while (beginIndex < base64String.length()) {
- if (endIndex > base64String.length()) {
- endIndex = base64String.length();
- }
- stringBuilder.append(String.format("\t\"%s\"", base64String.substring(beginIndex, endIndex)));
- beginIndex = endIndex;
- if (beginIndex < base64String.length()) {
- stringBuilder.append(" +");
- }
- stringBuilder.append("\n");
- endIndex += length;
- }
- stringBuilder.append("\t;\n");
- return stringBuilder.toString();
- }
-
- @Before
- public void before() throws Exception {
- generateZoneRecords(true);
- Name origin = new Name("example.com.");
-
- dumpKeyPair("ksk1", ksk1);
- System.out.println();
-
- dumpKeyPair("ksk2", ksk2);
- System.out.println();
-
- dumpKeyPair("zsk1", zsk1);
- System.out.println();
-
- dumpKeyPair("zsk2", zsk2);
- System.out.println();
-
- JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- List<DnsKeyPair> kskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk1.getPrivate())),
- new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk2.getPrivate()))
- ));
-
- List<DnsKeyPair> zskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk1.getPrivate())),
- new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk2.getPrivate()))
- ));
-
- List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records, kskPairs, zskPairs,
- ZoneTestRecords.sep_1_2016, ZoneTestRecords.sep_1_2026, true, SHA256_DIGEST_ID);
-
- ZoneTestRecords.records.forEach(rec -> {
- System.out.println("// " + rec);
- // Doesn't really matter that 'ANSWER' is totally correct, just don't use question
- String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("postZoneRecord%d", signedRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName, base64String));
- });
-
- signedRecords.forEach(rec -> {
- System.out.println("// " + rec);
- // Doesn't really matter that 'ANSWER' is totally correct, just don't use question
- String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("signedRecord%d", signedRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName, base64String));
- });
-
- List<DSRecord> dsRecords = kskPairs.stream()
- .map(pair -> new DSRecord(origin, DClass.IN, 1234000L, SHA256_DIGEST_ID, pair.getDNSKEYRecord()))
- .collect(toList());
-
- dsRecords.forEach(rec -> {
- System.out.println("// " + rec);
- String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
- String varName = String.format("dsRecord%d", dsRecords.indexOf(rec));
- System.out.println(makeBase64StringVar(varName, base64String));
- });
-
- System.out.println("// " + zoneSigningKeyRecord);
- System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("zoneDnsKeyRecord", encodeDnsKeyRecord(zoneSigningKeyRecord)));
-
- System.out.println("// " + keySigningKeyRecord);
- System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("keyDnsKeyRecord", encodeDnsKeyRecord(keySigningKeyRecord)));
- }
-
- @Test
- public void test() {
- System.out.println("ok");
- }
-}
diff --git a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/ZoneSignerTest.java b/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/ZoneSignerTest.java
deleted file mode 100644
index 15a0cdc..0000000
--- a/traffic_router/jdnssec/src/test/java/com/comcast/cdn/traffic_control/traffic_router/jdnssec/dns/keys/ZoneSignerTest.java
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.jdnssec.dns.keys;
-
-import com.comcast.cdn.traffic_control.traffic_router.shared.IsEqualCollection;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPairImpl;
-import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSignerImpl;
-import com.comcast.cdn.traffic_control.traffic_router.shared.SigningData;
-import com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import com.verisignlabs.dnssec.security.SignUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.xbill.DNS.DSRecord;
-import org.xbill.DNS.Record;
-import com.comcast.cdn.traffic_control.traffic_router.shared.SigningData;
-import com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.stream.Stream;
-
-import static com.comcast.cdn.traffic_control.traffic_router.shared.IsEqualCollection.equalTo;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.keySigningKeyRecord;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.origin;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.sep_1_2016;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.sep_1_2026;
-import static com.comcast.cdn.traffic_control.traffic_router.shared.ZoneTestRecords.zoneSigningKeyRecord;
-import static java.util.Arrays.asList;
-import static java.util.Base64.getMimeDecoder;
-import static java.util.stream.Collectors.toList;
-import static org.junit.Assert.assertThat;
-import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
-
-public class ZoneSignerTest {
-
- private DnsKeyPair kskPair1;
- private DnsKeyPair kskPair2;
- private DnsKeyPair zskPair1;
- private DnsKeyPair zskPair2;
- private JsonNode ksk1Json;
- private JsonNode ksk2Json;
- private JsonNode zsk1Json;
- private JsonNode zsk2Json;
- private final long dsTtl = 1234000L;
-
- private String decodePrivateKeyString(String encodedString) {
- return new String(getMimeDecoder().decode(encodedString.getBytes()));
- }
- @Before
- public void before() throws Exception {
- ZoneTestRecords.generateZoneRecords(false);
- SigningData.recreateData();
-
- final ObjectMapper mapper = new ObjectMapper();
-
- kskPair1 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk1Private));
- kskPair2 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk2Private));
- zskPair1 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk1Private));
- zskPair2 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk2Private));
-
- // Data like we would fetch from traffic ops api for dnsseckeys.json
- String s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 3600," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" + SigningData.ksk1Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- ksk1Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 3600," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" + SigningData.ksk2Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- ksk2Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 31556952," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" + SigningData.zsk1Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- zsk1Json = mapper.readTree(s);
-
- s = "{" +
- "\n\t\"inceptionDate\":1475280000," +
- "\n\t\"effectiveDate\": 1475280000," +
- "\n\t\"expirationDate\": 1790812800," +
- "\n\t\"ttl\": 315569520," +
- "\n\t\"name\":\"example.com.\"," +
- "\n\t\"private\": \"" + SigningData.zsk2Private.replaceAll("\n", "\\\\n") + "\"," +
- "\n\t\"public\": \"" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "\"" +
- "\n}";
- zsk2Json = mapper.readTree(s);
- }
-
- @Test
- public void itCanReproduceResultsDirectlyFromJdnsSec() throws Exception {
- List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
- List<DnsKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2));
-
- JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
-
- final List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records,
- kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
-
- assertThat(signedRecords, equalTo(SigningData.signedList));
- assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itReturnsSameResults() throws Exception {
- DNSKeyPairWrapper ksk1Wrapper = new DNSKeyPairWrapper(ksk1Json, 1234);
-
- assertThat(ksk1Wrapper.getDNSKEYRecord(), equalTo(kskPair1.getDNSKEYRecord()));
-
- DNSKeyPairWrapper ksk2Wrapper = new DNSKeyPairWrapper(ksk2Json, 1234);
-
- assertThat(ksk2Wrapper.getDNSKEYRecord(), equalTo(kskPair2.getDNSKEYRecord()));
-
- List<DnsSecKeyPair> kskWrapperPairs = new ArrayList<>(asList(ksk1Wrapper, ksk2Wrapper));
-
- DNSKeyPairWrapper zsk1Wrapper = new DNSKeyPairWrapper(zsk1Json, 1234);
-
- assertThat(zsk1Wrapper.getDNSKEYRecord(), equalTo(zskPair1.getDNSKEYRecord()));
-
- DNSKeyPairWrapper zsk2Wrapper = new DNSKeyPairWrapper(zsk2Json, 1234);
-
- assertThat(zsk2Wrapper.getDNSKEYRecord(), equalTo(zskPair2.getDNSKEYRecord()));
-
- List<DnsSecKeyPair> zskWrapperPairs = new ArrayList<>(asList(zsk1Wrapper, zsk2Wrapper));
-
- final List<Record> signedRecords2 = new JDnsSecSigner().signZone(origin, ZoneTestRecords.records,
- kskWrapperPairs, zskWrapperPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
-
- assertThat(signedRecords2, equalTo(SigningData.signedList));
- assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itReturnsTheSameResultsWithoutJDnsSec() throws Exception {
- DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
- DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
- DnsSecKeyPair zskPair1 = new DnsSecKeyPairImpl(zsk1Json, 1234);
- DnsSecKeyPair zskPair2 = new DnsSecKeyPairImpl(zsk2Json, 1234);
-
- List<DnsSecKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
- List<DnsSecKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2));
-
- final List<Record> signedRecords = new ZoneSignerImpl().signZone(origin, ZoneTestRecords.records,
- kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
-
- assertThat("Signed records not equal", signedRecords, equalTo(SigningData.signedList));
- assertThat("Post Zone Records not equal", ZoneTestRecords.records, equalTo(SigningData.postZoneList));
- }
-
- @Test
- public void itCanReproduceDSRecordsFromJdnsSec() throws Exception {
- List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
- List<DSRecord> dsRecords = kskPairs.stream()
- .map(dnsKeyPair -> SignUtils.calculateDSRecord(dnsKeyPair.getDNSKEYRecord(), SHA256_DIGEST_ID, dsTtl))
- .collect(toList());
-
- assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList));
- }
-
- @Test
- public void itReturnsSameDSRecords() throws Exception {
- DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
- DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
-
- List<DSRecord> dsRecords = Stream.of(kskPair1, kskPair2)
- .map(dnsSecKeyPair -> new ZoneSignerImpl().calculateDSRecord(kskPair1.getDNSKEYRecord(), SHA256_DIGEST_ID, 54321L))
- .collect(toList());
- assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList));
- }
-}
diff --git a/traffic_router/pom.xml b/traffic_router/pom.xml
index e78e477..0457740 100644
--- a/traffic_router/pom.xml
+++ b/traffic_router/pom.xml
@@ -124,17 +124,5 @@
<module>neustar</module>
</modules>
</profile>
- <profile>
- <id>jdnssec</id>
- <modules>
- <module>jdnssec</module>
- </modules>
- <activation>
- <property>
- <name>useJdnssec</name>
- <value>true</value>
- </property>
- </activation>
- </profile>
</profiles>
</project>