You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficcontrol.apache.org by ne...@apache.org on 2016/12/06 21:13:50 UTC
[01/12] incubator-trafficcontrol git commit: [TC - 24] TR - added
apache license clause to Java files
Repository: incubator-trafficcontrol
Updated Branches:
refs/heads/master c0321a0e2 -> 249bd7504
[TC - 24] TR - added apache license clause to Java files
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/713b2ed0
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/713b2ed0
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/713b2ed0
Branch: refs/heads/master
Commit: 713b2ed09eeb2b1bec6b6a9ef92bc2c5a1a6c1a8
Parents: aeaf12d
Author: trevorackerman <tr...@gmail.com>
Authored: Tue Dec 6 09:29:24 2016 -0700
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.rat-excludes | 45 +++++++++++++++++++-
.../traffic_router/core/dns/DnsSecKeyPair.java | 15 +++++++
.../core/dns/DnsSecKeyPairImpl.java | 15 +++++++
.../traffic_router/core/dns/JDnsSecSigner.java | 15 +++++++
.../traffic_router/core/dns/RRSetsBuilder.java | 15 +++++++
.../traffic_router/core/dns/ZoneSigner.java | 15 +++++++
.../traffic_router/core/dns/ZoneSignerImpl.java | 15 +++++++
.../traffic_router/core/IsEqualCollection.java | 15 +++++++
.../core/dns/keys/BindPrivateKeyFormatter.java | 15 +++++++
.../core/dns/keys/Pkcs1Formatter.java | 15 +++++++
.../core/dns/keys/RRSetsBuilderTest.java | 15 +++++++
.../core/dns/keys/SigningData.java | 15 +++++++
.../core/dns/keys/SigningTestDataGenerator.java | 15 +++++++
.../core/dns/keys/ZoneSignerTest.java | 15 +++++++
.../core/dns/keys/ZoneTestRecords.java | 15 +++++++
.../core/loc/AbstractServiceUpdaterTest.java | 15 +++++++
.../traffic_router/secure/BindPrivateKey.java | 15 +++++++
.../secure/Pkcs1KeySpecDecoder.java | 15 +++++++
.../test/java/secure/BindPrivateKeyTest.java | 15 +++++++
19 files changed, 314 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/.rat-excludes
----------------------------------------------------------------------
diff --git a/.rat-excludes b/.rat-excludes
index 1d2c80f..4f60281 100644
--- a/.rat-excludes
+++ b/.rat-excludes
@@ -1 +1,44 @@
-./docs/*
+VERSION
+BUILD_NUMBER
+.*.md
+README.*
+.git.*
+.rat-excludes
+.keep
+docs
+vendor
+misc
+profile\..*
+profiles
+.*.json
+.*.cfg
+.*.conf
+.*.sql
+.*.js
+jquery.*
+jMenu.*
+traffic_ops/lib/Schema/Results
+.*.jsx
+\.classpath
+\.project
+etc
+.*.prop
+tomcat
+perl5
+.*.css
+.*.crt
+.*.key
+.bowerrc
+traffic_server
+checks
+.*.csv
+.*.svg
+.*.xml.test
+.*.config.dist
+CrStates
+.*.logrotate
+.jshintrc
+testFiles
+.*.txt
+.*.iml
+auto-zones
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
index a87001a..6fcb78d 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import org.xbill.DNS.DNSKEYRecord;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
index 043baba..1d052dd 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
index 9d69d24..cef5433 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import com.verisignlabs.dnssec.security.DnsKeyPair;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
index 35c5d5f..f325435 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import org.xbill.DNS.RRset;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
index baeff25..c2fa4d9 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import org.xbill.DNS.DNSKEYRecord;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
index 5f7fce6..b23e2a9 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import org.apache.log4j.Logger;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
index 533667b..380180c 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core;
import org.hamcrest.Description;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
index 4aa873e..e59b74a 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import sun.security.rsa.RSAPrivateCrtKeyImpl;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
index 8e39966..305b2c1 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import sun.security.rsa.RSAPrivateCrtKeyImpl;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
index 84f558d..6afb705 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import com.comcast.cdn.traffic_control.traffic_router.core.dns.RRSetsBuilder;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
index 7126444..9c435a1 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import org.xbill.DNS.DSRecord;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
index d3d6674..cace09c 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import com.verisignlabs.dnssec.security.DnsKeyPair;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
index 81b7380..0ec898d 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
index 8fd7708..e3535f6 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/loc/AbstractServiceUpdaterTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/loc/AbstractServiceUpdaterTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/loc/AbstractServiceUpdaterTest.java
index 2a0b53f..8a7c28d 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/loc/AbstractServiceUpdaterTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/loc/AbstractServiceUpdaterTest.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.core.loc;
import org.apache.wicket.ajax.json.JSONException;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
index 2e244ff..76a56b6 100644
--- a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.secure;
import org.apache.log4j.Logger;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
index 036f3cd..ab89471 100644
--- a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package com.comcast.cdn.traffic_control.traffic_router.secure;
import sun.security.util.DerInputStream;
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/713b2ed0/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java b/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
index e7c5043..9da5145 100644
--- a/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
+++ b/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
@@ -1,3 +1,18 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package secure;
import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
[12/12] incubator-trafficcontrol git commit: This closes #110
Posted by ne...@apache.org.
This closes #110
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/249bd750
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/249bd750
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/249bd750
Branch: refs/heads/master
Commit: 249bd7504eeb7cc43402126f3719017e2475ad33
Parents: 713b2ed
Author: Dave Neuman <ne...@apache.org>
Authored: Tue Dec 6 14:13:37 2016 -0700
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:37 2016 -0700
----------------------------------------------------------------------
----------------------------------------------------------------------
[11/12] incubator-trafficcontrol git commit: TR - can now opt to use
dns sec signing without jdnssec
Posted by ne...@apache.org.
TR - can now opt to use dns sec signing without jdnssec
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/693ced51
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/693ced51
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/693ced51
Branch: refs/heads/master
Commit: 693ced51ecb1a1a11baa5a78bf42449fa8a8e0a1
Parents: 8359e3d
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Thu Oct 27 15:58:00 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../traffic_router/secure/Pkcs.java | 65 --
.../traffic_router/secure/Pkcs1.java | 74 ---
.../traffic_router/secure/Pkcs8.java | 52 --
.../core/dns/DnsSecKeyPairImpl.java | 22 +-
.../traffic_router/core/dns/JDnsSecSigner.java | 5 +-
.../traffic_router/core/dns/RRSetsBuilder.java | 50 ++
.../core/dns/SignatureManager.java | 18 +-
.../traffic_router/core/dns/ZoneSignerImpl.java | 146 ++++-
.../traffic_router/core/IsEqualCollection.java | 57 ++
.../core/dns/keys/Pkcs1Converter.java | 50 ++
.../core/dns/keys/RRSetsBuilderTest.java | 43 ++
.../core/dns/keys/SigningData.java | 617 +++++++++++++++++++
.../core/dns/keys/SigningTestDataGenerator.java | 147 +++++
.../core/dns/keys/ZoneSignerTest.java | 188 ++++++
.../core/dns/keys/ZoneTestRecords.java | 128 ++++
traffic_router/shared/build/pmd/ruleset.xml | 1 -
traffic_router/shared/pom.xml | 5 +
.../traffic_router/secure/Pkcs.java | 84 +++
.../traffic_router/secure/Pkcs1.java | 89 +++
.../traffic_router/secure/Pkcs8.java | 54 ++
20 files changed, 1690 insertions(+), 205 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
----------------------------------------------------------------------
diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
deleted file mode 100644
index 7625dff..0000000
--- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.secure;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyFactory;
-import java.security.PrivateKey;
-import java.security.spec.KeySpec;
-
-@SuppressWarnings("PMD.AbstractNaming")
-public abstract class Pkcs {
- private final String data;
- private final PrivateKey privateKey;
- private KeySpec keySpec;
-
- public Pkcs(final String data) throws IOException, GeneralSecurityException {
- this.data = data;
- keySpec = toKeySpec(data);
- privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
- }
-
- public String getData() {
- return data;
- }
-
- public KeySpec getKeySpec() {
- return keySpec;
- }
-
- public void setKeySpec(final KeySpec keySpec) {
- this.keySpec = keySpec;
- }
-
- public PrivateKey getPrivateKey() {
- return privateKey;
- }
-
- public abstract String getHeader();
-
- public abstract String getFooter();
-
- private String stripHeaderAndFooter(final String data) {
- return data.replaceAll(getHeader(), "").replaceAll(getFooter(), "").replaceAll("\\s", "");
- }
-
- protected abstract KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException;
-
- private KeySpec toKeySpec(final String data) throws IOException, GeneralSecurityException {
- return decodeKeySpec(stripHeaderAndFooter(data));
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
----------------------------------------------------------------------
diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
deleted file mode 100644
index b652d92..0000000
--- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.secure;
-
-import sun.security.util.DerInputStream;
-import sun.security.util.DerValue;
-
-import java.io.IOException;
-import java.math.BigInteger;
-import java.security.GeneralSecurityException;
-import java.security.spec.KeySpec;
-import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
-import java.util.Base64;
-
-public class Pkcs1 extends Pkcs {
- static public final String HEADER = "-----BEGIN RSA PRIVATE KEY-----";
- static public final String FOOTER = "-----END RSA PRIVATE KEY-----";
- static final int SEQUENCE_LENGTH = 9;
-
- public Pkcs1(final String data) throws IOException, GeneralSecurityException {
- super(data);
- }
-
- @Override
- public String getHeader() {
- return HEADER;
- }
-
- @Override
- public String getFooter() {
- return FOOTER;
- }
-
- @Override
- protected KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException {
- final String pemData = data.replaceAll(HEADER, "").replaceAll(FOOTER, "").replaceAll("\\s", "");
-
- final DerInputStream derInputStream = new DerInputStream(Base64.getDecoder().decode(pemData));
- final DerValue[] derSequence = derInputStream.getSequence(0);
-
- // man 3 rsa
- // -- or --
- // http://linux.die.net/man/3/rsa
-
- if (derSequence.length < SEQUENCE_LENGTH) {
- throw new GeneralSecurityException("Invalid PKCS1 private key! Missing Private Key Data");
- }
-
- // We don't need the version data at derSequence[0]
- final BigInteger n = derSequence[1].getBigInteger();
- final BigInteger e = derSequence[2].getBigInteger();
- final BigInteger d = derSequence[3].getBigInteger();
- final BigInteger p = derSequence[4].getBigInteger();
- final BigInteger q = derSequence[5].getBigInteger();
- final BigInteger dmp1 = derSequence[6].getBigInteger();
- final BigInteger dmq1 = derSequence[7].getBigInteger();
- final BigInteger iqmp = derSequence[8].getBigInteger();
-
- return new RSAMultiPrimePrivateCrtKeySpec(n, e, d, p, q, dmp1, dmq1, iqmp, null);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
----------------------------------------------------------------------
diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
deleted file mode 100644
index b65a826..0000000
--- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package com.comcast.cdn.traffic_control.traffic_router.secure;
-
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.spec.KeySpec;
-import java.security.spec.PKCS8EncodedKeySpec;
-import java.util.Base64;
-
-public class Pkcs8 extends Pkcs {
- private final static org.apache.juli.logging.Log log = org.apache.juli.logging.LogFactory.getLog(Pkcs8.class);
- public static final String HEADER = "-----BEGIN PRIVATE KEY-----";
- public static final String FOOTER = "-----END PRIVATE KEY-----";
-
- public Pkcs8(final String data) throws IOException, GeneralSecurityException {
- super(data);
- }
-
- @Override
- public String getHeader() {
- return HEADER;
- }
-
- @Override
- public String getFooter() {
- return FOOTER;
- }
-
- @Override
- protected KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException {
- try {
- return new PKCS8EncodedKeySpec(Base64.getDecoder().decode((data.getBytes())));
- } catch (Exception e) {
- log.error("Failed to create PKCS8 Encoded Key Spec " + e.getClass().getCanonicalName() + ": " + e.getMessage(), e);
- }
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
index d0d2b90..d5c5f1d 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
@@ -1,8 +1,11 @@
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
+import org.apache.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;
import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
import org.xbill.DNS.Master;
import org.xbill.DNS.Name;
import org.xbill.DNS.Record;
@@ -12,21 +15,21 @@ import javax.xml.bind.DatatypeConverter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Calendar;
import java.util.Date;
public class DnsSecKeyPairImpl implements DnsSecKeyPair {
+ private static final Logger LOGGER = Logger.getLogger(DnsSecKeyPairImpl.class);
private long ttl;
private Date inception;
private Date effective;
private Date expiration;
private String name;
private DNSKEYRecord dnskeyRecord;
-// private String privateKeyString;
private PrivateKey privateKey;
- private PublicKey publicKey;
public DnsSecKeyPairImpl(final JSONObject keyPair, final long defaultTTL) throws JSONException, IOException {
this.inception = new Date(1000L * keyPair.getLong("inceptionDate"));
@@ -35,12 +38,16 @@ public class DnsSecKeyPairImpl implements DnsSecKeyPair {
this.ttl = keyPair.optLong("ttl", defaultTTL);
this.name = keyPair.getString("name");
-// final byte[] privateKey = DatatypeConverter.parseBase64Binary(keyPair.getString("private"));
+ try {
+ privateKey = new Pkcs1(keyPair.getString("private")).getPrivateKey();
+ } catch (GeneralSecurityException e) {
+ LOGGER.error("Failed to decode PKCS1 key from json data!: " + e.getMessage(), e);
+ }
+
final byte[] publicKey = DatatypeConverter.parseBase64Binary(keyPair.getString("public"));
try (InputStream in = new ByteArrayInputStream(publicKey)) {
final Master master = new Master(in, new Name(name), ttl);
-// this.privateKeyString = new String(privateKey);
Record record;
while ((record = master.nextRecord()) != null) {
@@ -145,7 +152,12 @@ public class DnsSecKeyPairImpl implements DnsSecKeyPair {
@Override
public PublicKey getPublic() {
- return publicKey;
+ try {
+ return dnskeyRecord.getPublicKey();
+ } catch (DNSSEC.DNSSECException e) {
+ LOGGER.error("Failed to extract public key from DNSKEY record for " + name + " : " + e.getMessage(), e);
+ }
+ return null;
}
@SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
index 457a7d1..9d69d24 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
@@ -3,6 +3,7 @@ package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import com.verisignlabs.dnssec.security.DnsKeyPair;
import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
import com.verisignlabs.dnssec.security.SignUtils;
+import org.apache.log4j.Logger;
import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DSRecord;
import org.xbill.DNS.Name;
@@ -15,10 +16,11 @@ import java.util.Date;
import java.util.List;
public class JDnsSecSigner implements ZoneSigner {
+ private static final Logger LOGGER = Logger.getLogger(JDnsSecSigner.class);
@Override
public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException {
-
+ LOGGER.info("Signing records, name for first record is " + records.get(0).getName());
final List<DnsKeyPair> kPairs = new ArrayList<>();
final List<DnsKeyPair> zPairs = new ArrayList<>();
@@ -45,6 +47,7 @@ public class JDnsSecSigner implements ZoneSigner {
@Override
public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) {
+ LOGGER.info("Calculating DS Records for " + dnskeyRecord.getName());
return SignUtils.calculateDSRecord(dnskeyRecord, DSRecord.SHA256_DIGEST_ID, ttl);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
new file mode 100644
index 0000000..35c5d5f
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/RRSetsBuilder.java
@@ -0,0 +1,50 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+import java.util.Comparator;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public class RRSetsBuilder {
+ final private Function<List<Record>, RRset> recordsToRRSet = (Function<List<Record>, RRset>) records -> {
+ final RRset rrSet = new RRset();
+ records.forEach(rrSet::addRR);
+ return rrSet;
+ };
+
+ private static String qualifer(final Record record) {
+ return String.format("%s %d %d %d", record.getName().toString(), record.getDClass(), record.getType(), record.getTTL());
+ }
+
+ final private Comparator<RRset> rrSetComparator = (rrSet1, rrSet2) -> {
+ int x = rrSet1.getName().compareTo(rrSet2.getName());
+
+ if (x != 0) {
+ return x;
+ }
+
+ x = rrSet1.getDClass() - rrSet2.getDClass();
+ if (x != 0) {
+ return x;
+ }
+
+ if (rrSet1.getType() == Type.SOA) {
+ return -1;
+ }
+
+ return rrSet1.getType() - rrSet2.getType();
+ };
+
+ public List<RRset> build(final List<Record> records) {
+ final Map<String, List<Record>> map = records.stream().sorted().collect(
+ Collectors.groupingBy(RRSetsBuilder::qualifer, Collectors.toList())
+ );
+
+ return map.values().stream().map(recordsToRRSet).sorted(rrSetComparator).collect(Collectors.toList());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
index bbd7cc1..2eaf043 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
@@ -441,12 +441,14 @@ public final class SignatureManager {
final List<Record> signedRecords;
- if (useJDnsSec) {
- signedRecords = new JDnsSecSigner().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
- } else {
- signedRecords = new ZoneSignerImpl().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+ ZoneSigner zoneSigner = new JDnsSecSigner();
+
+ if (!useJDnsSec) {
+ zoneSigner = new ZoneSignerImpl();
}
+ signedRecords = zoneSigner.signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+
zoneKey.setSignatureExpiration(signatureExpiration);
zoneKey.setKSKExpiration(kskExpiration);
zoneKey.setZSKExpiration(zskExpiration);
@@ -475,7 +477,13 @@ public final class SignatureManager {
final Long dsTtl = ZoneUtils.getLong(config.optJSONObject("ttls"), "DS", 60);
for (final DnsSecKeyPair kp : kskPairs) {
- final DSRecord dsRecord = new JDnsSecSigner().calculateDSRecord(kp.getDNSKEYRecord(), DSRecord.SHA256_DIGEST_ID, dsTtl);
+ ZoneSigner zoneSigner = new JDnsSecSigner();
+
+ if (!useJDnsSec) {
+ zoneSigner = new ZoneSignerImpl();
+ }
+
+ final DSRecord dsRecord = zoneSigner.calculateDSRecord(kp.getDNSKEYRecord(), DSRecord.SHA256_DIGEST_ID, dsTtl);
LOGGER.debug(name + ": adding DS record " + dsRecord);
records.add(dsRecord);
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
index 0f5bfc4..5f7fce6 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
@@ -1,24 +1,166 @@
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+import org.apache.log4j.Logger;
import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DNSSEC;
import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.NSECRecord;
import org.xbill.DNS.Name;
+import org.xbill.DNS.RRSIGRecord;
+import org.xbill.DNS.RRset;
import org.xbill.DNS.Record;
+import org.xbill.DNS.SOARecord;
+import org.xbill.DNS.Type;
import java.io.IOException;
import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import java.util.stream.StreamSupport;
+
+import static java.util.stream.Collectors.toList;
+import static org.xbill.DNS.DClass.IN;
public class ZoneSignerImpl implements ZoneSigner {
+ private final static Logger LOGGER = Logger.getLogger(ZoneSignerImpl.class);
+
+ private Stream<Record> toRRStream(final RRset rrSet) {
+ final Iterable<Record> iterable = () -> rrSet.rrs(false);
+ return StreamSupport.stream(iterable.spliterator(), false);
+ }
+
+ private Stream<Record> toRRSigStream(final RRset rrSset) {
+ final Iterable<Record> iterable = rrSset::sigs;
+ return StreamSupport.stream(iterable.spliterator(), false);
+ }
+
+ private RRset signRRset(final RRset rrSet, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs, final Date inception, final Date expiration) {
+ final List<RRSIGRecord> signatures = new ArrayList<>();
+ final List<DnsSecKeyPair> pairs = rrSet.getType() == Type.DNSKEY ? kskPairs : zskPairs;
+
+ pairs.forEach(pair -> {
+ final DNSKEYRecord dnskeyRecord = pair.getDNSKEYRecord();
+ final PrivateKey privateKey = pair.getPrivate();
+ try {
+ signatures.add(DNSSEC.sign(rrSet, dnskeyRecord, privateKey, inception, expiration));
+ } catch (Exception e) {
+ final String message = String.format("Failed to sign Resource Record Set for %s %d %d %d : %s",
+ dnskeyRecord.getName(), dnskeyRecord.getDClass(), dnskeyRecord.getType(), dnskeyRecord.getTTL(), e.getMessage());
+
+ LOGGER.error(message, e);
+ }
+ });
+
+ final RRset signedRRset = new RRset();
+
+ toRRStream(rrSet).forEach(signedRRset::addRR);
+ signatures.forEach(signedRRset::addRR);
+
+ return signedRRset;
+ }
+
+ private SOARecord findSoaRecord(final List<Record> records) {
+ final Optional<Record> soaRecordOptional = records.stream().filter(record -> record instanceof SOARecord).findFirst();
+ if (soaRecordOptional.isPresent()) {
+ return (SOARecord) soaRecordOptional.get();
+ }
+ return null;
+ }
+
+ private List<NSECRecord> createNsecRecords(final List<Record> records) {
+ final Map<Name, List<Record>> recordMap = records.stream().collect(Collectors.groupingBy(Record::getName));
+ final List<Name> names = recordMap.keySet().stream().sorted().collect(toList());
+
+ final Map<Name, Name> nextNameTuples = new HashMap<>();
+
+ for (int i = 0; i < names.size(); i++) {
+ final Name k = names.get(i);
+ final Name v = names.get((i + 1) % names.size());
+ nextNameTuples.put(k,v);
+ }
+
+ final SOARecord soaRecord = findSoaRecord(records);
+ if (soaRecord == null) {
+ LOGGER.warn("No SOA record found, this extremely likely to produce DNSSEC errors");
+ }
+
+ final long minimumSoaTtl = soaRecord != null ? soaRecord.getMinimum() : 0L;
+
+ final List<NSECRecord> nsecRecords = new ArrayList<>();
+ names.forEach(name -> {
+ final int[] mostTypes = recordMap.get(name).stream().mapToInt(Record::getType).toArray();
+ final int[] allTypes = new int[mostTypes.length + 2];
+ System.arraycopy(mostTypes, 0, allTypes, 0, mostTypes.length);
+ allTypes[mostTypes.length] = Type.NSEC;
+ allTypes[mostTypes.length + 1] = Type.RRSIG;
+ nsecRecords.add(new NSECRecord(name, IN, minimumSoaTtl, nextNameTuples.get(name), allTypes));
+ });
+
+ return nsecRecords;
+ }
+
+
@Override
public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException {
- return null;
+ LOGGER.info("Signing records, name for first record is " + records.get(0).getName());
+
+ final List<NSECRecord> nsecRecords = createNsecRecords(records);
+ records.addAll(nsecRecords);
+
+ Collections.sort(records, (record1, record2) -> {
+ if (record1.getType() != Type.SOA && record2.getType() != Type.SOA) {
+ return record1.compareTo(record2);
+ }
+
+ int x = record1.getName().compareTo(record2.getName());
+
+ if (x != 0) {
+ return x;
+ }
+
+ x = record1.getDClass() - record2.getDClass();
+
+ if (x != 0) {
+ return x;
+ }
+
+ if (record1.getType() != record2.getType()) {
+ return record1.getType() == Type.SOA ? -1 : 1;
+ }
+
+ return record1.compareTo(record2);
+ });
+
+ final List<RRset> rrSets = new RRSetsBuilder().build(records);
+
+ final List<RRset> signedRrSets = rrSets.stream()
+ .map(rRset -> signRRset(rRset, kskPairs, zskPairs, inception, expiration))
+ .sorted((rRset1, rRset2) -> rRset1.getName().compareTo(rRset2.getName()))
+ .collect(toList());
+
+ final List<Record> signedZoneRecords = new ArrayList<>();
+
+ signedRrSets.forEach(rrSet -> {
+ signedZoneRecords.addAll(toRRStream(rrSet).collect(toList()));
+ signedZoneRecords.addAll(toRRSigStream(rrSet).collect(toList()));
+ });
+
+ return signedZoneRecords;
}
@Override
public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) {
- return null;
+ LOGGER.info("Calculating DS Records for " + dnskeyRecord.getName());
+ return new DSRecord(dnskeyRecord.getName(), IN, ttl, digestId, dnskeyRecord);
}
+
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
new file mode 100644
index 0000000..533667b
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/IsEqualCollection.java
@@ -0,0 +1,57 @@
+package com.comcast.cdn.traffic_control.traffic_router.core;
+
+import org.hamcrest.Description;
+import org.hamcrest.Factory;
+import org.hamcrest.Matcher;
+import org.hamcrest.core.IsEqual;
+
+import java.util.Collection;
+
+public class IsEqualCollection<T> extends IsEqual<T> {
+ private final Object expectedValue;
+
+ private IsEqualCollection(T equalArg) {
+ super(equalArg);
+ expectedValue = equalArg;
+ }
+
+ private void describeItems(Description description, Object value) {
+ if (value instanceof Collection) {
+ Object[] items = ((Collection) value).toArray();
+
+ description.appendText("\n{");
+ for (Object item : items) {
+ description.appendText("\n\t");
+ description.appendText(item.toString());
+ }
+ description.appendText("\n}");
+ }
+ }
+
+ @Override
+ public void describeTo(Description description) {
+ if (expectedValue instanceof Collection) {
+ description.appendText("all of the following in order\n");
+ describeItems(description,expectedValue);
+ return;
+ }
+
+ super.describeTo(description);
+ }
+
+ @Override
+ public void describeMismatch(Object actualValue, Description mismatchDescription) {
+ if (actualValue instanceof Collection) {
+ mismatchDescription.appendText("had the items\n");
+ describeItems(mismatchDescription, actualValue);
+ return;
+ }
+
+ super.describeMismatch(actualValue, mismatchDescription);
+ }
+
+ @Factory
+ public static <T> Matcher<T> equalTo(T operand) {
+ return new IsEqualCollection<>(operand);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
new file mode 100644
index 0000000..681eeed
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
@@ -0,0 +1,50 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+import java.io.IOException;
+import java.security.interfaces.RSAPublicKey;
+
+public class Pkcs1Converter {
+
+ // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
+
+ public byte[] toBytes(RSAPrivateCrtKeyImpl key) throws IOException {
+ byte tag = 2;
+ DerValue[] outputSequence = new DerValue[] {
+ new DerValue(tag, new byte[]{0}),
+ new DerValue(tag, key.getModulus().toByteArray()),
+ new DerValue(tag, key.getPublicExponent().toByteArray()),
+ new DerValue(tag, key.getPrivateExponent().toByteArray()),
+ new DerValue(tag, key.getPrimeP().toByteArray()),
+ new DerValue(tag, key.getPrimeQ().toByteArray()),
+ new DerValue(tag, key.getPrimeExponentP().toByteArray()),
+ new DerValue(tag, key.getPrimeExponentQ().toByteArray()),
+ new DerValue(tag, key.getCrtCoefficient().toByteArray()),
+ };
+
+ DerOutputStream outputStream = new DerOutputStream();
+
+ outputStream.putSequence(outputSequence);
+ outputStream.flush();
+
+ return outputStream.toByteArray();
+ }
+
+ public byte[] toBytes(RSAPublicKey key) throws IOException {
+ byte tag = 2;
+ DerValue[] outputSequence = new DerValue[] {
+ new DerValue(tag, key.getModulus().toByteArray()),
+ new DerValue(tag, key.getPublicExponent().toByteArray())
+ };
+
+ DerOutputStream outputStream = new DerOutputStream();
+
+ outputStream.putSequence(outputSequence);
+ outputStream.flush();
+
+ return outputStream.toByteArray();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
new file mode 100644
index 0000000..84f558d
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/RRSetsBuilderTest.java
@@ -0,0 +1,43 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.RRSetsBuilder;
+import org.junit.Before;
+import org.junit.Test;
+import org.xbill.DNS.RRset;
+import org.xbill.DNS.Type;
+
+import java.util.List;
+import java.util.Optional;
+
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.notNullValue;
+
+public class RRSetsBuilderTest {
+ @Before
+ public void before() throws Exception {
+ ZoneTestRecords.generateZoneRecords(false);
+ }
+
+ RRset findRRSet(List<RRset> rRsets, String name, int type) {
+ Optional<RRset> option = rRsets.stream()
+ .filter(rRset -> name.equals(rRset.getName().toString()) && rRset.getType() == type)
+ .findFirst();
+
+ return option.isPresent() ? option.get() : null;
+ }
+
+ @Test
+ public void itGroupsResourceRecordsAccordingToRfc4034() throws Exception {
+ List<RRset> rRsets = new RRSetsBuilder().build(ZoneTestRecords.records);
+ assertThat(rRsets.size(), equalTo(8));
+ assertThat(findRRSet(rRsets, "mirror.www.example.com.", Type.CNAME), notNullValue());
+ assertThat(findRRSet(rRsets, "ftp.example.com.", Type.AAAA), notNullValue());
+ assertThat(findRRSet(rRsets, "ftp.example.com.", Type.A), notNullValue());
+ assertThat(findRRSet(rRsets, "www.example.com.", Type.A), notNullValue());
+ assertThat(findRRSet(rRsets, "example.com.", Type.NS), notNullValue());
+ assertThat(findRRSet(rRsets, "mirror.ftp.example.com.", Type.CNAME), notNullValue());
+ assertThat(findRRSet(rRsets, "www.example.com.", Type.AAAA), notNullValue());
+ assertThat(findRRSet(rRsets, "example.com.", Type.SOA), notNullValue());
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
new file mode 100644
index 0000000..ba7d8d8
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
@@ -0,0 +1,617 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
+
+import static java.util.stream.Collectors.toList;
+
+public class SigningData {
+ // If you want to update this data, change the contents of SigningTestDataGenerator.java,
+ // run its only test and then replace everything between here and the declaration of signedList
+ // All data below is based on PKCS#1 format, see https://tools.ietf.org/html/rfc3447#appendix-A.1.1
+
+ static String ksk1Public =
+ "MIIBCgKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOFoBMm" +
+ "eFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvKaITI" +
+ "Gi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv1XbL" +
+ "/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQAB"
+ ;
+
+ static String ksk1Private =
+ "MIIEpAIBAAKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOF" +
+ "oBMmeFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvK" +
+ "aITIGi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv" +
+ "1XbL/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQABAoIBAEbgZ8KBxcGwupWzwNaSKqRDj9epoO7k" +
+ "10wPCGVCwh6/k2t6aP6INYyMgGd/Ncx/6Z+o8tDBrCejsQiK+GOnU70jjgNE/l5vW4l/Joa203vZJX7gognsKvARBazCfwiwy/bh" +
+ "dpOnn00cPBBAWZPVvM2tKg71ofwjOgU32JjilCAyUqnOqjtMsBsfiEvlTQfo85bRGSxmgcPaOMvSK7C1ockd28H0TkVpVyik0qlu" +
+ "W8EFqbMg4UJp+wSaMpMuKlE9MuogpLf6ZwQzClVCKTd5vWIqT11ltZAVYsz+1Nok8DTLIEm4h1dVU4u8HKlGAF/djpxwxJ/La1iL" +
+ "wJYdV2mocAECgYEA+HV3PQDx3wScwbIX1HBtlMR54EHDnvenBbqSBY9RzPho1L8bq8vCSFz9e31jkgaRNQHSddeX7sxhIbnvuusI" +
+ "b9laQBm4SGKYf10ftc0apkt5oXQub+tlrsH5EGcspy/1jyg4Fw9PDdNQdOiqjfdylQYRFkvaWMrf07FCWbO85VECgYEAv79rkyfW" +
+ "TX0uLa68xzhK+TaABvUJ2miZQZ2QK3MJntoNn2VuC3jBooYCbMa0UkV3aOkIsiSjRZkNYBGAaMaC3nzLYvhhfblJWyjp6W2IidzV" +
+ "4jH+Rz1Rk699wBpfCL5/v7Dq1orU3doKW0S9pVJIKBXS2xVNAG+TkH7q0maDfFMCgYBy01bYCqe9uhP4MKZyt8LtDiCFU99kiG/Y" +
+ "ZfE2QJY9dFB+ghP3waN4bgF4IOrzgbV6Ge16KLk+05XQUG5KpHSxvHHJThms2mQ/+Hm/O5slX5xG0brkXpYPvfWtbwFkAvYpwxyp" +
+ "C5oteYulfCHWmpWJ6dPbyhKPFrN60mEns7mJAQKBgQCsTAwU8eH+RTKed/pHpUyxPQizt7G/4Od9b2Chuj/1zogZJ6JHip2sNXCu" +
+ "X6qelq8ixOs8b/GKU2oSXgednmrwEwELEJdByqGg2VW+m97pylciZrvPNck8xJ9hZBDrIYpXLFkIqT13kDpoIo+qoxIVeu66UByd" +
+ "/KSDXZgRsW4K4wKBgQDBIqcT36J1bCAKotYFtjVYjjgyYTAoG8qXBsOQTY48q/Bj1AsZQE97Cz67xzGGoPNi0qPNq1fgKgIZO8dk" +
+ "r1qE6xXBbiGeXzB5zZPzM7Mc88Z3OBXIiPZan4cMGJwNVxtBLPlX8TpQDy11/3YlENIfTnKM7UfQbA0mS5toRlwoog=="
+ ;
+
+
+ static String ksk2Public =
+ "MIIBCgKCAQEAnfIvyDGTXKrFOF4ER58wPTlSkb+AEdQDSJvIyZ8xflzgCFAobqjPGleKg4CSN7CSgu9FeweQFG9q06m5U42O8df6" +
+ "P8JmOviInLhdbOhUoRNxrAU6zIOvgHoB1NKm3ienoX/nn2xvO+LeiWwgjyNUpihRnxerLKuaMFB/t05cgtyhzzc0RPOu+qJrSxgM" +
+ "yjbGwM+b06pEUQitVmE9rjOjcgGuljDenASAv4IuEO4M5ZVJ+XJs/+ZFjIIoYRNuOUvzeLC/VwOuHzlvGmcWy2MBCbryeIBIuYRn" +
+ "mSw7reuD6OFk7Jc9OydhTnmqri+fGFSJuA6k1Ieu4fLgpWGRgVFUiQIDAQAB"
+ ;
+
+ static String ksk2Private =
+ "MIIEpAIBAAKCAQEAnfIvyDGTXKrFOF4ER58wPTlSkb+AEdQDSJvIyZ8xflzgCFAobqjPGleKg4CSN7CSgu9FeweQFG9q06m5U42O" +
+ "8df6P8JmOviInLhdbOhUoRNxrAU6zIOvgHoB1NKm3ienoX/nn2xvO+LeiWwgjyNUpihRnxerLKuaMFB/t05cgtyhzzc0RPOu+qJr" +
+ "SxgMyjbGwM+b06pEUQitVmE9rjOjcgGuljDenASAv4IuEO4M5ZVJ+XJs/+ZFjIIoYRNuOUvzeLC/VwOuHzlvGmcWy2MBCbryeIBI" +
+ "uYRnmSw7reuD6OFk7Jc9OydhTnmqri+fGFSJuA6k1Ieu4fLgpWGRgVFUiQIDAQABAoIBAQCQUTyLpZDKeVcfO/iZIMFJD9l8RwhU" +
+ "Qe6GJ6H9aDInDeG+ds+a3S/vF9H+ejogHHyimtJXqf9iTLPFly05RP05yWhlXdFfTLw2xtbGrjq1uziAP38MY762m8SUm63RC1bF" +
+ "4ELZjpDMnW1ND7loUJYGBI0f2taTSHDoeIVaDoXFIzLCEFXBHEJoA2nL4TijR6C6Dmgnukllyo2SGugO/yaHvdREoxw6U390HsoS" +
+ "+A25FzLSb8sPg84FO+ObqB1Zj71BQ3PJ+pIZP542UeSapRJMFmCvFUi9aUCOoJfPZB4/MPQNxAKYZLesYALvubdLlLDNEbEY2C8R" +
+ "NUv+C7iHXk0BAoGBAO9Oj6mxjo/huiAL7P3XoPg3MHvVDsFcO1LtSoQh9tvqcf3uYIH76qulx0wNTOGlhlJTMDrqq5hcXri3sTsA" +
+ "7nU1qFeMYyvQduJsstXYU5Hzu5OTPGEL/N6Ph9nrgfxfVSXExqCRsTsDLAVnJ+N+kFfNhZnkWMzjWmy+MLjowiaxAoGBAKj2uAJ6" +
+ "E/T8lN72TtsLyjXrNUgjDgtmMccC/UmTUgC+SgyPH62HgNh2XH0HhyOrfuXS7jN89LZvUwxhF+C8/77yrx7K80qNi39XL0lRWBst" +
+ "qVX2hQPfjm929Zs9/OJeVIuzse63THERr2k0isA84tzcPMQh1BBA3+1Gd2HhijFZAoGAdNJcLZHhL3oZO3W27sBp82I1x+3dcyVM" +
+ "TJJMUy6lbPwJQ9YvxKSvDbYzEXxYsLr2VJAJtmlC9XD6SKBb45rzzcIw+PQuoX/12VkJAH3HZjOeuU8iJZoNirR0tDxUy1faoEJs" +
+ "WIxnAZDt14FhJpxtaH+LHfIsK3E9fmJmNI5j4TECgYAA9i6D7Rfx/AII5tP6ES4ccnNCLtjknbdIz66LXahI0sxvF91xSmUkVkAe" +
+ "gg112YMGYdXzOxHVe/q4BlFxeQHnn0/51+Pcl8OkfOWLAEiFFxRwpc+J/xq7bazmLksjKrBGf0ZS+n4X4qbh7Wegwnf0E9jQsPSZ" +
+ "BxV/Lzh8uSDlOQKBgQDUQ4K3tmIyNRiRwoBsc703yRJau418wkGLmDJkHV9wqDdc558w6ywr6rPR34bhJJUKwzD3rOjzCYwbGf77" +
+ "1yUYqrv+R1pFJgqZE2OudiqAFYo749/oWtIC/+wn5cLUnXOGl3qndVoxQjOxoocjaalFZwJMFelX5z+9EQZXY+J9Zg=="
+ ;
+
+
+ static String zsk1Public =
+ "MIIBCgKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ7P2d" +
+ "s5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB0dqI" +
+ "0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwRT+HK" +
+ "pv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQAB"
+ ;
+
+ static String zsk1Private =
+ "MIIEowIBAAKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ" +
+ "7P2ds5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB" +
+ "0dqI0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwR" +
+ "T+HKpv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQABAoIBAD5r5hxVKyMSscVC0ZpmnEstV1KxUX3/" +
+ "AHuTl+N7AQnqn4PFH9aP+jc/ci/2Ae6Rh5m9uxZJPwIvJiH597C0IRnMTepVJnOZ8L85iSoGQ6x0Y776pXpiCoyTFkp8GkKJvMTJ" +
+ "oZUhCstrRfiLS+V2cstoh+AopbKHvu9Y1wNM5xnecNjUFH04YHIlsfi7J+sMdAOPE8DDX+13OCwzX0Xo6sE+amfkC9ZiAd8rJrDu" +
+ "2JNQEP0nZPzYkJDHnnYCLs5Io6Lpmp0i+eu1iXJpTsAuE0u3IswdkYjb9mFLQJ8LK5ir/hIKNBWw0s1rvedrxZ+YDLWz7Gl9H/EX" +
+ "oYVZFxArXGECgYEA9RawFyxVnCt7KzMPRNcujqjPUXYNSPjDbrgADHIEOTFR3FP17WCZTvh0gNZJErOiVT2/wzRxNm1jYxSTshr1" +
+ "9dzANQe4HabNs889BQvAZZDDe37PXc5OkLczLPJJXgL6Zm/YANAyag4ObqlJuDoCDQE2OZwPXg540O1AOxNUCIkCgYEAtyIS4hsA" +
+ "lVjYpBYChbN0wx78ZydVVADNtj3qrileGh5MOhGlBboXZjQN3O0lSkLBJKCmZtak6Z+K5qwO8fi1+QrmoQzWgXDxWRQYu9+ey0us" +
+ "8szVEOndk//nm1RWg0rwhY9xp9+E5g3XTn9nl3XA7Vw1y38quvBnLXnn7MMHk90CgYAWIqFuxltJCohKQ4dKgWC8E7T9t3rFr2n/" +
+ "MvEWLqoA/FpXWuHoOYQ/JKNpC3F4Fe9AYZ5TJAZhkwmZ5j7cpCC4vuJBJ9xSGUGUzs/FB+WthqCRI8fYwgxId7NQiOVlb0FsRQeu" +
+ "Mx+KgpB9IB7/W4XZ5NUf6N9ecFIrFHJro3hAeQKBgHFaSN/lIM5QSP//k54YPvyLUGW1Be7R9IKJ/pnAhzuZZ0tGIqPR1KvxKmeF" +
+ "7d/yQ8SdH4Jl93uXwg0XkMSbUl+NLMWgwaErPGgLtWeMeaiR9cHvoS4v43O5IS2W3Vm05/1zlUD4bDVNeehfmco5G6qPuch0tQky" +
+ "xlpyq2h0K1uNAoGBAKKrQQXchp9NS1YZb19NimrUPrPkOmc/Kw/EbS3IO+Z/rHTSPc2i4H28SdhmCP4ygE2szIv4bBARDmH4w7PC" +
+ "ClH0El81t36tHBakZHUNACMXsqXCeBYaSuz0tWs7LNjXsGoOeQ+GJkYuzGQaFsmn7KsCW3ahGpsF0bgLcbESbWz6"
+ ;
+
+
+ static String zsk2Public =
+ "MIIBCgKCAQEAsHViAEpAzWD0OAyXkk3SzazxQGKYRvCEh7ZUmBn6TWjefT+KqAEdcpbzoMoHM1lnxOyRHfEWbXWFulb+ecKElvwa" +
+ "VdqSglbPbj7u7vb5a/y1S6rNKY9jbEBlrKykqlKBDbTGTK+LSnN8736o8Dg/kp0OhYyutKSTg7AlPCjr5A2EKUSkM5xbUbuXpCbk" +
+ "3piO6YTtcUNA0gTzrsVEh3JcyFGALW/oWmk++d0mIOkUvVCFvAD8PcmqnjfR4MYkArwf5CkaBIMep7IIi5QwiyPuBkNJ9wJiIWFS" +
+ "NOvrIDWpB6i+8r6dhVxyVb3HjSWkUViXNOM0ZXU1RK9/2VYkpqmc7wIDAQAB"
+ ;
+
+ static String zsk2Private =
+ "MIIEpAIBAAKCAQEAsHViAEpAzWD0OAyXkk3SzazxQGKYRvCEh7ZUmBn6TWjefT+KqAEdcpbzoMoHM1lnxOyRHfEWbXWFulb+ecKE" +
+ "lvwaVdqSglbPbj7u7vb5a/y1S6rNKY9jbEBlrKykqlKBDbTGTK+LSnN8736o8Dg/kp0OhYyutKSTg7AlPCjr5A2EKUSkM5xbUbuX" +
+ "pCbk3piO6YTtcUNA0gTzrsVEh3JcyFGALW/oWmk++d0mIOkUvVCFvAD8PcmqnjfR4MYkArwf5CkaBIMep7IIi5QwiyPuBkNJ9wJi" +
+ "IWFSNOvrIDWpB6i+8r6dhVxyVb3HjSWkUViXNOM0ZXU1RK9/2VYkpqmc7wIDAQABAoIBADrvqcDRDB3MkSUbR5Cs/4iEh7tqctPW" +
+ "x10Qj+aRXqF2MkGA9I2yeaRpOIvujkMfTGJgZQOsH0KF6xlWrv358xD+uMkODLsNxZBb4q/bu2jO6bqRHJ8R7jIcvBjVPNZKYiIy" +
+ "y7yXMR23vvW6xzAciVctr8j5OOzKvx5PudADFu5+6aPaVdFLhnsXz7ZJsDfPwKbTs5T44viqoHVVa1JhZT9o4o3/Qy/zvvoQrzwn" +
+ "sjaGITxYM7ydwMwyIsiTg7iXK9lysJrmai3+DQpaolP4V2gJCibXGuWS936SqzQ3WXTUpVg9CuHWU61NsKbLk283ScL3bBmhdr0t" +
+ "S4P1WKZZAxkCgYEA9rPFWyYYg9VQIOIZD/dJXusUgRzDyn1uE7bA518Yhcxx7600/ZvyL6BxA8pGwtbwVZrkAOndnp+mjA2Afoys" +
+ "BpqFGlSGX5qwJIdLZtEVJh/j3hMTuTUz+KdFpuD2ZMKdVraHVwW170sd7QvmtWo3SBt8QYorGbQrJQrU0NOT8L0CgYEAtxvjNufp" +
+ "Dl17ay2ujiQFNXXnO06QF/00y8h3EH8uQWcAWNUSDRo9TB7kGgxbiQSCvSuEWDDyeXaz/x5RWZSTzpIEWDnpG9xLIHEmDnQTlVAg" +
+ "90n1rh57BJqAM2U3LWQ2JtYHZ6IOR2ZA3T9i88hB8HgP9SvyJHgJx3Ql+r6WLRsCgYEAxJOYlbm0XRATSjB/Ie68owqUixDdnjL2" +
+ "DHVaHsLyqmKvAvk0OUUS5QpmI0wBuG1Gkh/awDOZqTSzo/N6SNxUkup7VvC1Jeb/pgu8dE/0Fy3gB2uSEsknAWJgKMom60D72EWX" +
+ "cCsXvnZPgTwzeKkLJcTo7Nxo3ZFns5t+2mtM/c0CgYAXpIQr/Lm83xkmd5mIROJfSr/2imhUkJ8WiOXGvYUtcK08yxYvlum/QGXX" +
+ "by0KfgibgFjwQjGsuUT4deOvG14SWAwzkBanQER7BeESEK7Ooq/+/g+40bq0l3ZiLHl5ZO0RCqWeHfCWC3/okVyneX36HKaC04/K" +
+ "Ya1xkW+t9pnRbQKBgQCOJxUODmiQR8wmyXgNlSYFxVaajxhdecy5gVJnULroWVlt6+zAt0eTp3EKDoRcYq9JuvzZ9+Gd7SzczGZj" +
+ "VChUpjHVHRTxZ1YSUzisuVntGAn3xosZOM+ZZFa4n488bPrWxWU89U+2+LZP+3M6XFqGW/T1UGteII3EoXLOEwHZUg=="
+ ;
+
+
+ // example.com. 315360000 IN SOA ns1.example.com. admin.example.com. 2016091400 86400 3600 1814400 259200
+ static String postZoneRecord0 =
+ "B2V4YW1wbGUDY29tAAAGAAESzAMAADgDbnMxB2V4YW1wbGUDY29tAAVhZG1pbgdleGFtcGxlA2NvbQB4Kx0IAAFRgAAADhAAG6+A" +
+ "AAP0gA=="
+ ;
+
+ // example.com. 315360000 IN NS ns1.example.com.
+ static String postZoneRecord3 =
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA=="
+ ;
+
+ // example.com. 315360000 IN NS ns2.example.com.
+ static String postZoneRecord4 =
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA=="
+ ;
+
+ // example.com. 259200 IN NSEC ftp.example.com. NS SOA RRSIG NSEC
+ static String postZoneRecord7 =
+ "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD"
+ ;
+
+ // ftp.example.com. 1814400 IN A 12.34.56.78
+ static String postZoneRecord10 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg=="
+ ;
+
+ // ftp.example.com. 1814400 IN A 21.43.65.87
+ static String postZoneRecord11 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw=="
+ ;
+
+ // ftp.example.com. 259200 IN AAAA 2001:db8:0:0:12:34:56:78
+ static String postZoneRecord14 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA=="
+ ;
+
+ // ftp.example.com. 259200 IN AAAA 2001:db8:0:0:21:43:65:87
+ static String postZoneRecord15 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw=="
+ ;
+
+ // ftp.example.com. 259200 IN NSEC mirror.ftp.example.com. A AAAA RRSIG NSEC
+ static String postZoneRecord18 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM="
+ ;
+
+ // mirror.ftp.example.com. 315360000 IN CNAME ftp.example.com.
+ static String postZoneRecord21 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A"
+ ;
+
+ // mirror.ftp.example.com. 259200 IN NSEC www.example.com. CNAME RRSIG NSEC
+ static String postZoneRecord24 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM="
+ ;
+
+ // www.example.com. 1814400 IN A 11.22.33.44
+ static String postZoneRecord27 =
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA=="
+ ;
+
+ // www.example.com. 1814400 IN A 55.66.77.88
+ static String postZoneRecord28 =
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA=="
+ ;
+
+ // www.example.com. 259200 IN AAAA 2001:db8:0:0:4:3:2:1
+ static String postZoneRecord31 =
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ=="
+ ;
+
+ // www.example.com. 259200 IN AAAA 2001:db8:0:0:5:6:7:8
+ static String postZoneRecord32 =
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA=="
+ ;
+
+ // www.example.com. 259200 IN NSEC mirror.www.example.com. A AAAA RRSIG NSEC
+ static String postZoneRecord35 =
+ "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM="
+ ;
+
+ // mirror.www.example.com. 315360000 IN CNAME www.example.com.
+ static String postZoneRecord38 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A"
+ ;
+
+ // mirror.www.example.com. 259200 IN NSEC example.com. CNAME RRSIG NSEC
+ static String postZoneRecord41 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw=="
+ ;
+
+ // example.com. 315360000 IN SOA ns1.example.com. admin.example.com. 2016091400 86400 3600 1814400 259200
+ static String signedRecord0 =
+ "B2V4YW1wbGUDY29tAAAGAAESzAMAADgDbnMxB2V4YW1wbGUDY29tAAVhZG1pbgdleGFtcGxlA2NvbQB4Kx0IAAFRgAAADhAAG6+A" +
+ "AAP0gA=="
+ ;
+
+ // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 7086 example.com. BX1J0nMbxw3NpVgiwjkovZ36dAMAkUlpcxF23TzUNW8/tUdQ9wZhWiJ0TH1Z9xL9HoJRUtgIXMxwFtf/f0y865SQqtReelQXiZP6X0QqA/2QryeaMvoaVLGiAm9ZB1m+NuMqesZzzH0BVG8qJeTn1I6I9ZMGNJEnee70Uefo9Zv15fzm0MCE+JbiFnBQS2zXnuErOFtJ92ZkxVFG3LLiAG7w+M6c/h9yPBAM+zSHT9LPDzEGLInxCDK5g8hW8juxUxuK0+tvWFqApIzDGSyPFVlH4F43yxjwLX1poPlXcCSPionPrzkdJ//uPw5GOM3oQzC9dzr3VzSnHeLt57L7fg==
+ static String signedRecord1 =
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20ABX1J0nMbxw3NpVgiwjkovZ36dAMA" +
+ "kUlpcxF23TzUNW8/tUdQ9wZhWiJ0TH1Z9xL9HoJRUtgIXMxwFtf/f0y865SQqtReelQXiZP6X0QqA/2QryeaMvoaVLGiAm9ZB1m+" +
+ "NuMqesZzzH0BVG8qJeTn1I6I9ZMGNJEnee70Uefo9Zv15fzm0MCE+JbiFnBQS2zXnuErOFtJ92ZkxVFG3LLiAG7w+M6c/h9yPBAM" +
+ "+zSHT9LPDzEGLInxCDK5g8hW8juxUxuK0+tvWFqApIzDGSyPFVlH4F43yxjwLX1poPlXcCSPionPrzkdJ//uPw5GOM3oQzC9dzr3" +
+ "VzSnHeLt57L7fg=="
+ ;
+
+ // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 7086 example.com. N4kuOXr3rw3l+AeIrW478jP28B0GsW1UfJk4csI1L6uf2mMUiEQ6hAU6M1zZVBZke1I0IWmLdchTrwTK8YTtUKanMXS7ZJVjE9aAuhOUGR0KAovFibabVKblxG4a8EtAFkHVv0WIQlnqZpLwE8l4t6T04Ywb6YvvcJkZce9zqa5iaoRA35IgPa559JlNKevUUOoMFDfhBfBIHWGWMUVGGuNKUeKiVudWCY1KEHYqJRexbQ0tcAeG6j732r336SjyT6kmZeDmhE7bKIFmec8ZTLpTZ/biJJFNdW7Qcr8vB8Q4VE7aeKVNFONEZJvjIhDY0U/KB0pWrR73kdfK4XQu6g==
+ static String signedRecord2 =
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AN4kuOXr3rw3l+AeIrW478jP28B0G" +
+ "sW1UfJk4csI1L6uf2mMUiEQ6hAU6M1zZVBZke1I0IWmLdchTrwTK8YTtUKanMXS7ZJVjE9aAuhOUGR0KAovFibabVKblxG4a8EtA" +
+ "FkHVv0WIQlnqZpLwE8l4t6T04Ywb6YvvcJkZce9zqa5iaoRA35IgPa559JlNKevUUOoMFDfhBfBIHWGWMUVGGuNKUeKiVudWCY1K" +
+ "EHYqJRexbQ0tcAeG6j732r336SjyT6kmZeDmhE7bKIFmec8ZTLpTZ/biJJFNdW7Qcr8vB8Q4VE7aeKVNFONEZJvjIhDY0U/KB0pW" +
+ "rR73kdfK4XQu6g=="
+ ;
+
+ // example.com. 315360000 IN NS ns1.example.com.
+ static String signedRecord3 =
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA=="
+ ;
+
+ // example.com. 315360000 IN NS ns2.example.com.
+ static String signedRecord4 =
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA=="
+ ;
+
+ // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 7086 example.com. eAZV2uk3xvFFXPflnu5b91+5WcuaziXbBsG0kVdyHK/s8YSF6OxuIW9uOcKPYGNCZGgHcZ19Uhlv6Oyx3uRe7Gxd6gQFqjebzoCVT+c9xbsHYgt7UEpm2aLehWpcPN/ylaVCmLZo0QQ4l5eTySZDMhgSaGaQ0W4wYVLgGDsddnmS3kSXyJqBOMOQk+o7bgL8Qqfwm0mEr/pdBoNoZ7J2gy/2C9LKCygGON4u6nWOu9+k6FrBHKJrTLEmHBKvNzSWL4ndIo9Fsj2jfI3yMVnT0GrzAPv71n4B7YcLDDqTl7WbPYWNsmdHgFFULw5WC9/GJLdKJO08/+yCwrGdAXebcg==
+ static String signedRecord5 =
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AeAZV2uk3xvFFXPflnu5b91+5Wcua" +
+ "ziXbBsG0kVdyHK/s8YSF6OxuIW9uOcKPYGNCZGgHcZ19Uhlv6Oyx3uRe7Gxd6gQFqjebzoCVT+c9xbsHYgt7UEpm2aLehWpcPN/y" +
+ "laVCmLZo0QQ4l5eTySZDMhgSaGaQ0W4wYVLgGDsddnmS3kSXyJqBOMOQk+o7bgL8Qqfwm0mEr/pdBoNoZ7J2gy/2C9LKCygGON4u" +
+ "6nWOu9+k6FrBHKJrTLEmHBKvNzSWL4ndIo9Fsj2jfI3yMVnT0GrzAPv71n4B7YcLDDqTl7WbPYWNsmdHgFFULw5WC9/GJLdKJO08" +
+ "/+yCwrGdAXebcg=="
+ ;
+
+ // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 7086 example.com. eUG6LzU+nXarbQQaLaRFre3y3gJve3coKwEOPSIw6VqYKdaM47Gk2XscbkZwOxM/+lkeAlYWKg2Ih2dE6T08OP3qErCRLWWshkz7U3rNpZtTO71p6/lgUjKJ3LltoPc0Xdo4kNl4e/ehSeAiaG4TP7XOrDkTLv6Cits0Y79L0eNtkrJqchsMJIVHooQThl3L7mDlczJErw63ORikb1SxTTdlnOBrW3tm9cRw825nFmCr6KXogNUWSB6LYxChhZW+aJk0Vl3b7q0Ok/U31DTnzzWmB8z2dT7xa21t2hCcz9DIJRDvTt1VbP6Xo1OwxpqDIOE28hZEnIfNgR0EOV8BVA==
+ static String signedRecord6 =
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AeUG6LzU+nXarbQQaLaRFre3y3gJv" +
+ "e3coKwEOPSIw6VqYKdaM47Gk2XscbkZwOxM/+lkeAlYWKg2Ih2dE6T08OP3qErCRLWWshkz7U3rNpZtTO71p6/lgUjKJ3LltoPc0" +
+ "Xdo4kNl4e/ehSeAiaG4TP7XOrDkTLv6Cits0Y79L0eNtkrJqchsMJIVHooQThl3L7mDlczJErw63ORikb1SxTTdlnOBrW3tm9cRw" +
+ "825nFmCr6KXogNUWSB6LYxChhZW+aJk0Vl3b7q0Ok/U31DTnzzWmB8z2dT7xa21t2hCcz9DIJRDvTt1VbP6Xo1OwxpqDIOE28hZE" +
+ "nIfNgR0EOV8BVA=="
+ ;
+
+ // example.com. 259200 IN NSEC ftp.example.com. NS SOA RRSIG NSEC
+ static String signedRecord7 =
+ "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD"
+ ;
+
+ // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 7086 example.com. ZiLJHTbg5k3ciyVvQjhG7dWCce/vLxs+gKAZ1v1PKHk0Zm36qvkTyUNpVgL+kYnZcbQJO9wZ0TWnkG/X8GkH/aBcM3VncM6vnqgH0Wqa8LkH5I7O5cuVjtSxHD+NuMwTpb8T8hoCgBrd97QnlkMdhB8a2wKAESclrnueMbTmi7TLh2vzkD6fyEor96GxIvgulYJAi1VFgO8uDmW6Qa3YCclw6n6mOKjWu9HQH32vDw84apKDwb1En6QZikS9lHz3li764+lr2OsqBmw3MPTL7PNH0srgH2wjOFjYJrGKTYQNFcORP7ipMhELocGXoRrBnQ50u/JRCaA94u1AoDpPVA==
+ static String signedRecord8 =
+ "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AG64HZXhhbXBsZQNjb20AZiLJHTbg5k3ciyVvQjhG7dWCce/v" +
+ "Lxs+gKAZ1v1PKHk0Zm36qvkTyUNpVgL+kYnZcbQJO9wZ0TWnkG/X8GkH/aBcM3VncM6vnqgH0Wqa8LkH5I7O5cuVjtSxHD+NuMwT" +
+ "pb8T8hoCgBrd97QnlkMdhB8a2wKAESclrnueMbTmi7TLh2vzkD6fyEor96GxIvgulYJAi1VFgO8uDmW6Qa3YCclw6n6mOKjWu9HQ" +
+ "H32vDw84apKDwb1En6QZikS9lHz3li764+lr2OsqBmw3MPTL7PNH0srgH2wjOFjYJrGKTYQNFcORP7ipMhELocGXoRrBnQ50u/JR" +
+ "CaA94u1AoDpPVA=="
+ ;
+
+ // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 7086 example.com. H/u7uFuVNHXgGfcaOEqB+EjD3UM4IH7jkz4Ye5IpXSKrBWLsqL/GXRWQjjrVWpbHZP3wVlVn+lfKbaLyoCgzmc4okn7D1u+iKzBDLbXrBC/58msccP5PYhIrnHQRN9vp9ymfn4aawiYn/kPPe7zDxOgyN6tAzewxsvozMvEQGdEP7qlK4oADBGxjKjeNX27zKfN9+HuuSgtCKDvYCvLFOfrTIIdCKBYE0GZRnv5OH0Xyu4VPiV+mEQwjPK+Q2daExOEKtS9v3Y1nEIL0XDdByEbe8hGJOD3j8x+jQBYAYzOdhwA4U50dtxciTrlRJ7oIsWjc/+I6H+YQDHZD4nc3DA==
+ static String signedRecord9 =
+ "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AG64HZXhhbXBsZQNjb20AH/u7uFuVNHXgGfcaOEqB+EjD3UM4" +
+ "IH7jkz4Ye5IpXSKrBWLsqL/GXRWQjjrVWpbHZP3wVlVn+lfKbaLyoCgzmc4okn7D1u+iKzBDLbXrBC/58msccP5PYhIrnHQRN9vp" +
+ "9ymfn4aawiYn/kPPe7zDxOgyN6tAzewxsvozMvEQGdEP7qlK4oADBGxjKjeNX27zKfN9+HuuSgtCKDvYCvLFOfrTIIdCKBYE0GZR" +
+ "nv5OH0Xyu4VPiV+mEQwjPK+Q2daExOEKtS9v3Y1nEIL0XDdByEbe8hGJOD3j8x+jQBYAYzOdhwA4U50dtxciTrlRJ7oIsWjc/+I6" +
+ "H+YQDHZD4nc3DA=="
+ ;
+
+ // ftp.example.com. 1814400 IN A 12.34.56.78
+ static String signedRecord10 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg=="
+ ;
+
+ // ftp.example.com. 1814400 IN A 21.43.65.87
+ static String signedRecord11 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw=="
+ ;
+
+ // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. U4QtoC/Nvzafh7ZYJVaCVebNLTvBwqPnAVbwVh+zYVgx0TTjMv2Y7B7IZqFYLofZUhjDKnc97CgC1VueBLUaXAHn8eugq6Zedzdk0dgGoGBZlbvq4ZF1Hc95G2HmeR75Rg0++qMPxMkZzO4L0Y9aRNkPMN6gslnwU6CqF5f4+t8EPy+lqYf/0O978iGjbHndGI9Za6dE1T4eEVbn1Zc68QDm2Ac1tfbqXdlFknm4AzGRbUaEZoinn4ucwKJVw2w09OXpH5RqOOF/ooBzksRtbcg/oUSSkgNKbETl4Pdr1OuIuaDNRv1smyBJ/rwUVvfnrIsR57w3id447bYHkUjtLw==
+ static String signedRecord12 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAFOELaAvzb82n4e2WCVWglXm" +
+ "zS07wcKj5wFW8FYfs2FYMdE04zL9mOweyGahWC6H2VIYwyp3PewoAtVbngS1GlwB5/HroKumXnc3ZNHYBqBgWZW76uGRdR3PeRth" +
+ "5nke+UYNPvqjD8TJGczuC9GPWkTZDzDeoLJZ8FOgqheX+PrfBD8vpamH/9Dve/Iho2x53RiPWWunRNU+HhFW59WXOvEA5tgHNbX2" +
+ "6l3ZRZJ5uAMxkW1GhGaIp5+LnMCiVcNsNPTl6R+Uajjhf6KAc5LEbW3IP6FEkpIDSmxE5eD3a9TriLmgzUb9bJsgSf68FFb356yL" +
+ "Eee8N4neOO22B5FI7S8="
+ ;
+
+ // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. L7l1XUvguu5lYO6J+/XBM3ebg0wskaYXWetQ+uiUwJvUYPHN5CMlV6XO3wyzqMiNvUo9XvuI/rvXfjrw9kRIGdZK6ljTYxtA3bLpA02qoiPFq8Qqz6YRkl9MsQ6zeparJ0PLtKg0cyPMK0gzy0MIoBbxyQe8fOoR6RpAO0AY7BN+vhMKD27UcWhQSKSr3oq/q7e++BbLYMqAVjOaRrzJEFfXGipirl5Q/774+/X3xgwF5WwXunn4xsdJPVTgd0K+QvWajU8sfegGk8ynjocx5Xobi7bfkgQ1wRw4j87vYYoGb8qCQlhb5+Qqg5vbLYvzT8YWpyrHsRk9LVXnACM2aA==
+ static String signedRecord13 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAC+5dV1L4LruZWDuifv1wTN3" +
+ "m4NMLJGmF1nrUProlMCb1GDxzeQjJVelzt8Ms6jIjb1KPV77iP6713468PZESBnWSupY02MbQN2y6QNNqqIjxavEKs+mEZJfTLEO" +
+ "s3qWqydDy7SoNHMjzCtIM8tDCKAW8ckHvHzqEekaQDtAGOwTfr4TCg9u1HFoUEikq96Kv6u3vvgWy2DKgFYzmka8yRBX1xoqYq5e" +
+ "UP+++Pv198YMBeVsF7p5+MbHST1U4HdCvkL1mo1PLH3oBpPMp46HMeV6G4u235IENcEcOI/O72GKBm/KgkJYW+fkKoOb2y2L80/G" +
+ "Fqcqx7EZPS1V5wAjNmg="
+ ;
+
+ // ftp.example.com. 259200 IN AAAA 2001:db8:0:0:12:34:56:78
+ static String signedRecord14 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA=="
+ ;
+
+ // ftp.example.com. 259200 IN AAAA 2001:db8:0:0:21:43:65:87
+ static String signedRecord15 =
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw=="
+ ;
+
+ // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. Y8sB3n4mzinMFvPBnJFnl/IGlxrQZ+bHYIQoa7wSC+H1/j+en11LCDxujrI0VlTf6oI1OqieTj/ooo7jsYbHkyqbcdgkclfPzSh7NVOFzstuJFd53rn3BZZnoytma4e1uwaDGt7T9LyNplNnixq/TZMtK3B1Y54i2Ba1qvnsys5iOH4Scn5mRzqSAFEyDAc9kFvKBe8PTQ4r/S8nseBMYSx2NrRird5UIhTyN12QnEkK7LfllmAnx/Iph/CZw6WzxEo8HoOqOYKliD45I/awTT53Eo2sAm6d8EUgUX5qmPD2lxKMaMyk0vEBWTvFtpW3WS9lQ8OTMjxdC07pxjDDUw==
+ static String signedRecord16 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAGPLAd5+Js4pzBbzwZyRZ5fy" +
+ "Bpca0Gfmx2CEKGu8Egvh9f4/np9dSwg8bo6yNFZU3+qCNTqonk4/6KKO47GGx5Mqm3HYJHJXz80oezVThc7LbiRXed659wWWZ6Mr" +
+ "ZmuHtbsGgxre0/S8jaZTZ4sav02TLStwdWOeItgWtar57MrOYjh+EnJ+Zkc6kgBRMgwHPZBbygXvD00OK/0vJ7HgTGEsdja0Yq3e" +
+ "VCIU8jddkJxJCuy35ZZgJ8fyKYfwmcOls8RKPB6DqjmCpYg+OSP2sE0+dxKNrAJunfBFIFF+apjw9pcSjGjMpNLxAVk7xbaVt1kv" +
+ "ZUPDkzI8XQtO6cYww1M="
+ ;
+
+ // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. fzTqBDO1oUj6xd8Qv2AeQxJxAcriAZTucCEiiJl3Rb2f6hwNwomgFiOlyhXycD11SUmIB4Dl1BINuHk/2T+8OJ1KshHan7Gj/MYOPDL9KPuqCBjyCbEcOSOX7Fp0UgHPpiG22sjfsyiU8lIxE9TgAd0lsWrM3PM7Q9OgcgGMXpY/0/40fRAumYlWMTBwFDA9tGmlLPKqMIbm/top0dmK99762MYbsM9meTdKMuoHUA+IXG/Yj/8+rKN58Vfji0BaHdclHs7/GaQuxIkpHByzV/dgBRQzBqhWNhqZlexxrAY04vc8e/loT4BbBJyI6inTNVORSmbYrCguW0iGkI6v5A==
+ static String signedRecord17 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAH806gQztaFI+sXfEL9gHkMS" +
+ "cQHK4gGU7nAhIoiZd0W9n+ocDcKJoBYjpcoV8nA9dUlJiAeA5dQSDbh5P9k/vDidSrIR2p+xo/zGDjwy/Sj7qggY8gmxHDkjl+xa" +
+ "dFIBz6YhttrI37MolPJSMRPU4AHdJbFqzNzzO0PToHIBjF6WP9P+NH0QLpmJVjEwcBQwPbRppSzyqjCG5v7aKdHZivfe+tjGG7DP" +
+ "Znk3SjLqB1APiFxv2I//PqyjefFX44tAWh3XJR7O/xmkLsSJKRwcs1f3YAUUMwaoVjYamZXscawGNOL3PHv5aE+AWwSciOop0zVT" +
+ "kUpm2KwoLltIhpCOr+Q="
+ ;
+
+ // ftp.example.com. 259200 IN NSEC mirror.ftp.example.com. A AAAA RRSIG NSEC
+ static String signedRecord18 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM="
+ ;
+
+ // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. ATaCemEBP14GfLjbzSdbHPdKVuDCW2mdQZ7xN+8HDTYoxlcKbCI4iDfoBoBHEBjvXoJwQFRsdvhj+ZKWMlf+KZ4IjqR8phU9he8LHAIZHezp1TNDT5GNxodabrr3SbyicYrsvm9WXL7pB7yUkfaOsKDjYGux/8Z3jOSal6cKIjSegDxbDYuMIetN0wUBGg+cCUGquDMryde4dtgZSVPbeuLZupOBhjaN8Bn5IyCKzlQl42T7sUzBvAK+pQOrA86Xocs2kX8ynfAgSXkvMhxXi9F4S8crr4oj2ZvQJ1MipGSJqoC3XmV4ZnIm95MneAbgf6EtrpjUmip9KeQg4Vgjag==
+ static String signedRecord19 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAAE2gnphAT9eBny4280nWxz3" +
+ "SlbgwltpnUGe8TfvBw02KMZXCmwiOIg36AaARxAY716CcEBUbHb4Y/mSljJX/imeCI6kfKYVPYXvCxwCGR3s6dUzQ0+RjcaHWm66" +
+ "90m8onGK7L5vVly+6Qe8lJH2jrCg42Brsf/Gd4zkmpenCiI0noA8Ww2LjCHrTdMFARoPnAlBqrgzK8nXuHbYGUlT23ri2bqTgYY2" +
+ "jfAZ+SMgis5UJeNk+7FMwbwCvqUDqwPOl6HLNpF/Mp3wIEl5LzIcV4vReEvHK6+KI9mb0CdTIqRkiaqAt15leGZyJveTJ3gG4H+h" +
+ "La6Y1JoqfSnkIOFYI2o="
+ ;
+
+ // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. SkhTibv2hL9UnL+XDesn6CrEqvUeUJZfIiSgub5IICxV3yyWf7PVHC7bEp/oeQIK2xyOf9rCOL0qw4YAJa/XdzOdrWsi5FH+IXyDtb2Tp2d+VjOf6NxrbxlsDlzzaogb7WtgWQ69cZdiOazDlKNHbKr9hS2uF94PRPdyI0aSRflATQuN34IBZ3wu9r1aAwJJLKUPCu6y2im/sUyNTphF9ZqfvLPpPjJfaxK6gVCL/9PSQzST4NdBP8t1EJcQ1FggSvf0iCQcm2fOAYovQkB19TMBED5ay0LUN/Oxq9FDeZjq62QNdBw0S5QPFrNW+eaqQaJFW1IThZCG9uXSouI6NQ==
+ static String signedRecord20 =
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAEpIU4m79oS/VJy/lw3rJ+gq" +
+ "xKr1HlCWXyIkoLm+SCAsVd8sln+z1Rwu2xKf6HkCCtscjn/awji9KsOGACWv13czna1rIuRR/iF8g7W9k6dnflYzn+jca28ZbA5c" +
+ "82qIG+1rYFkOvXGXYjmsw5SjR2yq/YUtrhfeD0T3ciNGkkX5QE0Ljd+CAWd8Lva9WgMCSSylDwrustopv7FMjU6YRfWan7yz6T4y" +
+ "X2sSuoFQi//T0kM0k+DXQT/LdRCXENRYIEr39IgkHJtnzgGKL0JAdfUzARA+WstC1DfzsavRQ3mY6utkDXQcNEuUDxazVvnmqkGi" +
+ "RVtSE4WQhvbl0qLiOjU="
+ ;
+
+ // mirror.ftp.example.com. 315360000 IN CNAME ftp.example.com.
+ static String signedRecord21 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A"
+ ;
+
+ // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. cIKujjQiUKHv74J8I+1IZRw/94YXPPBBJmCjxGBgpYXKrmTLwdBq+IO7SnP2B+Z8oTajsbA8gufxdrsseatdkah25Mji0y7lA5AOYwd6CIftJZcpqWwwXdh2ogvXuOiKPP9wScAVK7exZ1hYYQkGic71oV6CmGEAWrqa51hxIRbVLTTCiezNW3meHnzhkunxopqLjsmuM5P0xP+12ZVKqHzNf8MR99HoL1tg4OnbPwTtlvBX3l4jxXq5M1fCZRzJg4tTLqREbPBsBKCZenA9D/mIWuNiqR2YLNNBQaXKbuqyA9e02Ui662Ab6gSNK6mLfz06auqzU3V0/Bbn2oGyjw==
+ static String signedRecord22 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQBwgq6ONCJQoe/v" +
+ "gnwj7UhlHD/3hhc88EEmYKPEYGClhcquZMvB0Gr4g7tKc/YH5nyhNqOxsDyC5/F2uyx5q12RqHbkyOLTLuUDkA5jB3oIh+0llymp" +
+ "bDBd2HaiC9e46Io8/3BJwBUrt7FnWFhhCQaJzvWhXoKYYQBauprnWHEhFtUtNMKJ7M1beZ4efOGS6fGimouOya4zk/TE/7XZlUqo" +
+ "fM1/wxH30egvW2Dg6ds/BO2W8FfeXiPFerkzV8JlHMmDi1MupERs8GwEoJl6cD0P+Yha42KpHZgs00FBpcpu6rID17TZSLrrYBvq" +
+ "BI0rqYt/PTpq6rNTdXT8FufagbKP"
+ ;
+
+ // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. JAyL9OaHa6F8uAn5gX2RMydADDaWcDc0xmOhP1DUAzgylhmpe7kLULer5Uiem3A7cjDgAunm1B9TflZFHTPLLaomGXgN4BR7Zmk2rjVED4ZvUan0e2UKvLMOmT1kNZ/gHmjGZu9ydEjdqKa1DAZupcagdF0YSuEtlIjDP+T9VQzG1WkVLcoD0wZbr6wfeOJOaHOMSRR10Z0kZ48k4ycqbxBDHEhQS26VUpbsAgHNtqaLPa1GR1+qR9iwmP7drhMeQNvXTfzYt+4gZ2rgR7DhYyncFfvp9jN6wKY/sS7zhJF7fnKyFTHnt22wkRl2YOEB4FvKNwjhNpSE5t/o+Q+IFw==
+ static String signedRecord23 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQAkDIv05odroXy4" +
+ "CfmBfZEzJ0AMNpZwNzTGY6E/UNQDODKWGal7uQtQt6vlSJ6bcDtyMOAC6ebUH1N+VkUdM8stqiYZeA3gFHtmaTauNUQPhm9RqfR7" +
+ "ZQq8sw6ZPWQ1n+AeaMZm73J0SN2oprUMBm6lxqB0XRhK4S2UiMM/5P1VDMbVaRUtygPTBluvrB944k5oc4xJFHXRnSRnjyTjJypv" +
+ "EEMcSFBLbpVSluwCAc22pos9rUZHX6pH2LCY/t2uEx5A29dN/Ni37iBnauBHsOFjKdwV++n2M3rApj+xLvOEkXt+crIVMee3bbCR" +
+ "GXZg4QHgW8o3COE2lITm3+j5D4gX"
+ ;
+
+ // mirror.ftp.example.com. 259200 IN NSEC www.example.com. CNAME RRSIG NSEC
+ static String signedRecord24 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM="
+ ;
+
+ // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. TDzexY2Ll8wYho+0KJdO40erisXwh89XmyFUOeXamYNNB3g0OxMeBcNh2+WIy5SoN4qaJQs4z4MddeGWBGkftmw4HH0GeIuTvDa1K2thYqwoRqjd2p4eL38Agj+2BBIle4nXqLoU+pgLsTtPSZCpJM05oRsU+pPobwewSKwXklhZmI+NnqmDIffDkcQFTn1VA8Su/9n25s0cSS2jd6mQOhhz0jZ5eGroVbSWzZf92oP+3NMb8iuRNKgjoaQkJ+XIqCJJVJPDcGDTEpixpbU05WfJtViYZ7QYujh2+zsJ16cXJGf7AH0a2HJH4MXuaRPmxAKeQ+5glQLmzvGIRHwlZQ==
+ static String signedRecord25 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQBMPN7FjYuXzBiG" +
+ "j7Qol07jR6uKxfCHz1ebIVQ55dqZg00HeDQ7Ex4Fw2Hb5YjLlKg3ipolCzjPgx114ZYEaR+2bDgcfQZ4i5O8NrUra2FirChGqN3a" +
+ "nh4vfwCCP7YEEiV7ideouhT6mAuxO09JkKkkzTmhGxT6k+hvB7BIrBeSWFmYj42eqYMh98ORxAVOfVUDxK7/2fbmzRxJLaN3qZA6" +
+ "GHPSNnl4auhVtJbNl/3ag/7c0xvyK5E0qCOhpCQn5cioIklUk8NwYNMSmLGltTTlZ8m1WJhntBi6OHb7OwnXpxckZ/sAfRrYckfg" +
+ "xe5pE+bEAp5D7mCVAubO8YhEfCVl"
+ ;
+
+ // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. j8sDbrrosoIR05x2+hWgzuenmA/DkNsDM9lA14LtlDqTfHh5VdngH7YRw11Jo752g2dxLB7SWz9tR4Lojx8EDOTpgmTy51kgsESP0nWCtmBIuW0L+6EYWr6VhnfTAqx8ssRkf/kj+YjP5HFGeRVMJRAAvdYcfh57MzUw6DmXtGAv1JuydjSRwvJffWZUxf+2x8lb0e9ntFwwxt/C39lM/ZhKwf+Tv4IWNbdarkXjFwrVnJvoSv7iqjPrgCOOAXTj/L8slh7cVIycohYFxRxBE79iXhp056WZ+P7ooQ8EiyPJSG5ihkiWuv5fwdRb2Lc4lZ7Y1OQS4YBrszLN+H9sWA==
+ static String signedRecord26 =
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCPywNuuuiyghHT" +
+ "nHb6FaDO56eYD8OQ2wMz2UDXgu2UOpN8eHlV2eAfthHDXUmjvnaDZ3EsHtJbP21HguiPHwQM5OmCZPLnWSCwRI/SdYK2YEi5bQv7" +
+ "oRhavpWGd9MCrHyyxGR/+SP5iM/kcUZ5FUwlEAC91hx+HnszNTDoOZe0YC/Um7J2NJHC8l99ZlTF/7bHyVvR72e0XDDG38Lf2Uz9" +
+ "mErB/5O/ghY1t1quReMXCtWcm+hK/uKqM+uAI44BdOP8vyyWHtxUjJyiFgXFHEETv2JeGnTnpZn4/uihDwSLI8lIbmKGSJa6/l/B" +
+ "1FvYtziVntjU5BLhgGuzMs34f2xY"
+ ;
+
+ // www.example.com. 1814400 IN A 11.22.33.44
+ static String signedRecord27 =
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA=="
+ ;
+
+ // www.example.com. 1814400 IN A 55.66.77.88
+ static String signedRecord28 =
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA=="
+ ;
+
+ // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. Kbin5k9XaVV3aBhbujpiNun9Xp7iFPwyKIrR/XCr+x+bytiubung6HO5HgUovJxeaF879msZ44xLXKRgRbesUs0hicVkhTuLDUfDiO0hsnb2mWguvD3iUdVwGaCiIuW/LimHyMYYSuhg8sTstt7Oyq8trX+Peq/QgL4pXqyryXh0FpZfJN+eRA7pQbuIxOVvEBGTbxZ6eCRvUeddaVeEYXBs4ygKO9TjZBYgzYvR5lU18dJw2SbIKoc8qKZpJmjDQT3XkTOYOmMHA6qdTfo6Pt94JRTeY7FEl9/bGmTWwKkTaKoQ9qwyMbiaon/Yked2Gmj0Uhi+kZ8JQJ8GFqnNgQ==
+ static String signedRecord29 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tACm4p+ZPV2lVd2gYW7o6Yjbp" +
+ "/V6e4hT8MiiK0f1wq/sfm8rYrm7p4OhzuR4FKLycXmhfO/ZrGeOMS1ykYEW3rFLNIYnFZIU7iw1Hw4jtIbJ29ploLrw94lHVcBmg" +
+ "oiLlvy4ph8jGGEroYPLE7LbezsqvLa1/j3qv0IC+KV6sq8l4dBaWXyTfnkQO6UG7iMTlbxARk28Wengkb1HnXWlXhGFwbOMoCjvU" +
+ "42QWIM2L0eZVNfHScNkmyCqHPKimaSZow0E915EzmDpjBwOqnU36Oj7feCUU3mOxRJff2xpk1sCpE2iqEPasMjG4mqJ/2JHndhpo" +
+ "9FIYvpGfCUCfBhapzYE="
+ ;
+
+ // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. qvdxa8R5kthCTYQATZm7fEqymLKAT/ED9aWi9ROX7g/DTjcpr+TrbBsNAbf7by2XYzHjWX02ySnGTaT8D0PXFiZSKQ8KHfJUD3jiF4FGnhjbV4gP1vJa2l7fxet7DRTx4OWgl4aJNw+lCU1yoKqs9Fe8ONcnuiD64aLFhfvOqQljlUt7GBfwH1h+IptVe4PtniOVltvOmiVkd0cCr+z0rd6vka8CRiGlEoelX/VwG2kJ7qDIP2rTyP+MwbXXT2iHzKk4bVhHoKdMF1AfoK8O3fMogCpEQcWLcDaGAn5m6PfKoecWQ/gkzfvRNm5xNUOBp1JbuOvduIIwseRzivcY5w==
+ static String signedRecord30 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAKr3cWvEeZLYQk2EAE2Zu3xK" +
+ "spiygE/xA/WlovUTl+4Pw043Ka/k62wbDQG3+28tl2Mx41l9Nskpxk2k/A9D1xYmUikPCh3yVA944heBRp4Y21eID9byWtpe38Xr" +
+ "ew0U8eDloJeGiTcPpQlNcqCqrPRXvDjXJ7og+uGixYX7zqkJY5VLexgX8B9YfiKbVXuD7Z4jlZbbzpolZHdHAq/s9K3er5GvAkYh" +
+ "pRKHpV/1cBtpCe6gyD9q08j/jMG1109oh8ypOG1YR6CnTBdQH6CvDt3zKIAqREHFi3A2hgJ+Zuj3yqHnFkP4JM370TZucTVDgadS" +
+ "W7jr3biCMLHkc4r3GOc="
+ ;
+
+ // www.example.com. 259200 IN AAAA 2001:db8:0:0:4:3:2:1
+ static String signedRecord31 =
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ=="
+ ;
+
+ // www.example.com. 259200 IN AAAA 2001:db8:0:0:5:6:7:8
+ static String signedRecord32 =
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA=="
+ ;
+
+ // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. aLr5r/LMx0N0oZiLIRza84S4gFtKt1741mwWSduq1YBSPMV/wqhmzRBI/CYyHQ0YeZgWkBjXdRaZmyacJCoz8E2U3ri7L+7cHnv29ad40Eg6Oy9nubP4mpH0QUT1uYDMlTnyaFh6/iKJV9uCHkzjzmaqcKKvjWlFnwrG1qT5ThDHvVmkjaOrwtaGq1YanvGsTUEM2C333nUbhDragAQ3B9Mtk93GxD1qmgzmhDt5xjrl6X+g1AcSB6c9ho/fvrSFgOME2g2ZH7h91GiNu1v7d4noqAkxlOGg/eQz71e2rSabL3j0tjHvh7phOWmX0kPJFotPjXueyH81Tv3nHgs9tA==
+ static String signedRecord33 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAGi6+a/yzMdDdKGYiyEc2vOE" +
+ "uIBbSrde+NZsFknbqtWAUjzFf8KoZs0QSPwmMh0NGHmYFpAY13UWmZsmnCQqM/BNlN64uy/u3B579vWneNBIOjsvZ7mz+JqR9EFE" +
+ "9bmAzJU58mhYev4iiVfbgh5M485mqnCir41pRZ8Kxtak+U4Qx71ZpI2jq8LWhqtWGp7xrE1BDNgt9951G4Q62oAENwfTLZPdxsQ9" +
+ "apoM5oQ7ecY65el/oNQHEgenPYaP3760hYDjBNoNmR+4fdRojbtb+3eJ6KgJMZThoP3kM+9Xtq0mmy949LYx74e6YTlpl9JDyRaL" +
+ "T417nsh/NU795x4LPbQ="
+ ;
+
+ // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. Qs6O4blUgwrjyO1hsW3lx7QNy6tDWZedSfcmdKMxlMIs9Sf2+r/gFaeKKRbGYBBmVku72lzkD/nQMOnK63lKQORdeugawatWNguiHlinK4bSBY8DQ7MH1FFzXHd643LYPtd4d2bZMILhcCd7twqhja+R4SJQq23ZpCZVvh4HpWsirKpyEmHZicaD5kpnIUA6Lvab7q3QhiS+6fg3vavFRnHDLDGebLzZvujeSBbfSTnoE4CaGsMJAaJUDVXW5kkL8tEn1Ynmn7sXDXhDQQX2WI1YXs2nNAkLu2Uf+VP54hPvhr5FfdCowJR3VLnAUWyVm59G2Bo4Fi27UH//UOOW/g==
+ static String signedRecord34 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAELOjuG5VIMK48jtYbFt5ce0" +
+ "DcurQ1mXnUn3JnSjMZTCLPUn9vq/4BWniikWxmAQZlZLu9pc5A/50DDpyut5SkDkXXroGsGrVjYLoh5YpyuG0gWPA0OzB9RRc1x3" +
+ "euNy2D7XeHdm2TCC4XAne7cKoY2vkeEiUKtt2aQmVb4eB6VrIqyqchJh2YnGg+ZKZyFAOi72m+6t0IYkvun4N72rxUZxwywxnmy8" +
+ "2b7o3kgW30k56BOAmhrDCQGiVA1V1uZJC/LRJ9WJ5p+7Fw14Q0EF9liNWF7NpzQJC7tlH/lT+eIT74a+RX3QqMCUd1S5wFFslZuf" +
+ "RtgaOBYtu1B//1Djlv4="
+ ;
+
+ // www.example.com. 259200 IN NSEC mirror.www.example.com. A AAAA RRSIG NSEC
+ static String signedRecord35 =
+ "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM="
+ ;
+
+ // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. cE3/VoGDAp5ZF9RUMWKjHOVgY47dfN9gMo9qhRssB8b2hzkbzpaMVcY7Mg3Pb/yDCoQ0MQoQNY92FcfEr/+nwruszEmGxA0Iu8EUcTd0hMsrSjslSCXEyBLUGgUYG37TsbzDyhQeUffZxHACDawmZ3ROTyJfEtRsZtjNLcCxq4zSMKIDvuqICZIqMtzTp9iaKC73/EjB7QUE2HfWJXJFyzDOqocwJP0nMyZ4HZyf6NmrqXVqSThAlzHYlG0qLbCHcztHY7u8MYayw9XeRKrCtPIvJ7T03CO5lvpFSpN4SMWCetHsTG63Unl2X93E7KvAYy/knm765++nFiDBLKFfEA==
+ static String signedRecord36 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAHBN/1aBgwKeWRfUVDFioxzl" +
+ "YGOO3XzfYDKPaoUbLAfG9oc5G86WjFXGOzINz2/8gwqENDEKEDWPdhXHxK//p8K7rMxJhsQNCLvBFHE3dITLK0o7JUglxMgS1BoF" +
+ "GBt+07G8w8oUHlH32cRwAg2sJmd0Tk8iXxLUbGbYzS3AsauM0jCiA77qiAmSKjLc06fYmigu9/xIwe0FBNh31iVyRcswzqqHMCT9" +
+ "JzMmeB2cn+jZq6l1akk4QJcx2JRtKi2wh3M7R2O7vDGGssPV3kSqwrTyLye09NwjuZb6RUqTeEjFgnrR7Exut1J5dl/dxOyrwGMv" +
+ "5J5u+ufvpxYgwSyhXxA="
+ ;
+
+ // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. qmeTK9aNcVAz6G7NoSMB/4ZXkG1Bv5WZLwGOhtJRlOCJ9XYcrQIlno3yJ7ujEgJJLVd+Sue3kxvclPEDBlKEJf7+iSMgitYXvonqmmW8CgCSzQPW6x/FKDCArsKVtnrO9ouZRE0INCY3ipoEJ2S31jcWg/IIV4zOQzah3wFQ/cbyFezOZauHEN7cPSzVebDxuHMALrbqZ8ynaPjzOXxrxjdxY6ZSQQe1u/Mcs0qo6iomzNRs2qfttE2FpeV/uFQGBwKroiu0XaEUoLvQdgQHPaNtvicW3quXer0RSe9daRRj959+s4TZvAwDZmgPlB3j7wX/uI7N2/u3jwCFFW1DPg==
+ static String signedRecord37 =
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAKpnkyvWjXFQM+huzaEjAf+G" +
+ "V5BtQb+VmS8BjobSUZTgifV2HK0CJZ6N8ie7oxICSS1Xfkrnt5Mb3JTxAwZShCX+/okjIIrWF76J6pplvAoAks0D1usfxSgwgK7C" +
+ "lbZ6zvaLmURNCDQmN4qaBCdkt9Y3FoPyCFeMzkM2od8BUP3G8hXszmWrhxDe3D0s1Xmw8bhzAC626mfMp2j48zl8a8Y3cWOmUkEH" +
+ "tbvzHLNKqOoqJszUbNqn7bRNhaXlf7hUBgcCq6IrtF2hFKC70HYEBz2jbb4nFt6rl3q9EUnvXWkUY/effrOE2bwMA2ZoD5Qd4+8F" +
+ "/7iOzdv7t48AhRVtQz4="
+ ;
+
+ // mirror.www.example.com. 315360000 IN CNAME www.example.com.
+ static String signedRecord38 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A"
+ ;
+
+ // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. exhZD2NsH4+Wl5oqmAGVL9qia+H09E5vYlMFNE0mNITxKOko/PGOTwqZ8RWxX1HxogazTRFLxwe2hUN/pZ5z7uB74YW0i9gDKaekvqsuV2Y9GfB+eygYDMjF2zPVBBEGyPe0+wUtN6aOaJrIxGQcQR9qzSXSvL6s15o8/LpmanP5EAn7H5Re9Tbb266Bg0vcDRjQtkqaGHhglxHul3OyO3VFjor+pzXTFMy8ZgzbvaZzkvF3ZGVwuP3j8q+Yd8gyZk9mn6SrYgh0xB0c+JpPfBBMaaQgZMVxIeVWsCDkG6cSAPskYmV1E10wQL/OyO39oYRuFggjD9oLMwaLCsyLEw==
+ static String signedRecord39 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQB7GFkPY2wfj5aX" +
+ "miqYAZUv2qJr4fT0Tm9iUwU0TSY0hPEo6Sj88Y5PCpnxFbFfUfGiBrNNEUvHB7aFQ3+lnnPu4HvhhbSL2AMpp6S+qy5XZj0Z8H57" +
+ "KBgMyMXbM9UEEQbI97T7BS03po5omsjEZBxBH2rNJdK8vqzXmjz8umZqc/kQCfsflF71NtvbroGDS9wNGNC2SpoYeGCXEe6Xc7I7" +
+ "dUWOiv6nNdMUzLxmDNu9pnOS8XdkZXC4/ePyr5h3yDJmT2afpKtiCHTEHRz4mk98EExppCBkxXEh5VawIOQbpxIA+yRiZXUTXTBA" +
+ "v87I7f2hhG4WCCMP2gszBosKzIsT"
+ ;
+
+ // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. gZyxIHqTEteEA0Eg0svk3Ykyl/kQd8+N0oiua9sy6GCHT0onwZ3FYzFDyBq7W3nJVTPPGy2+VtDB1ZTNT7oXXTp1g5AFOoXC252lOggpFB0QVS0eLd3KW6Rz8/uPHGLE16xUaVSOW1oRt2xrcGZSFpkg0Fe/VkV2XpKN369wf9zJIuQ9nVQ8UBMadetB3gf17xkA4cyb6T/ckxtQev2G7zyN351VAJjQ4rUS9+UYfPEtXdKtbfVwPZw3p+WLWNtt4c3OcgNVOxkwOvHrlATXCi/P2bGcAQ5njy4hQP7faYwtsbZKjyKDfVgFwerFPisBVC3rflQSvoTrsHEA0+pWYw==
+ static String signedRecord40 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCBnLEgepMS14QD" +
+ "QSDSy+TdiTKX+RB3z43SiK5r2zLoYIdPSifBncVjMUPIGrtbeclVM88bLb5W0MHVlM1PuhddOnWDkAU6hcLbnaU6CCkUHRBVLR4t" +
+ "3cpbpHPz+48cYsTXrFRpVI5bWhG3bGtwZlIWmSDQV79WRXZeko3fr3B/3Mki5D2dVDxQExp160HeB/XvGQDhzJvpP9yTG1B6/Ybv" +
+ "PI3fnVUAmNDitRL35Rh88S1d0q1t9XA9nDen5YtY223hzc5yA1U7GTA68euUBNcKL8/ZsZwBDmePLiFA/t9pjC2xtkqPIoN9WAXB" +
+ "6sU+KwFULet+VBK+hOuwcQDT6lZj"
+ ;
+
+ // mirror.www.example.com. 259200 IN NSEC example.com. CNAME RRSIG NSEC
+ static String signedRecord41 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw=="
+ ;
+
+ // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. FJuXbcTQLDjZHx6+PdtsWJf6mBYAAAZVTbSnbUfPczO3S5uIyfw7JYYop8DhcKt2L9Rrpt54MYvDnB/nX54gNdkjnhyRrXMQKXi2GFIjZ7HBuvIrBbDC6RAyastrbFc8QYKRkdDlvrvWZVhhkBCK2AczvwcRUtq2qlOGvBjmkOOm0PaikFqGVVyBcco/l7wGOn4l3Ntt3hm6+oO6dx4SnKE6nlD534AnTIWPC8dhy0FDgrWrbaV1KGnO6hd3ig6dYc4cK0Y7Gwn7rpHW/Kvz0wAPPDHQPFJ/8rlmse/u2+OT3ceDKyO8qYMZqmGLpPDhRvH+xQlzOg9fuH8ovfnGGQ==
+ static String signedRecord42 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQAUm5dtxNAsONkf" +
+ "Hr4922xYl/qYFgAABlVNtKdtR89zM7dLm4jJ/DslhiinwOFwq3Yv1Gum3ngxi8OcH+dfniA12SOeHJGtcxApeLYYUiNnscG68isF" +
+ "sMLpEDJqy2tsVzxBgpGR0OW+u9ZlWGGQEIrYBzO/BxFS2raqU4a8GOaQ46bQ9qKQWoZVXIFxyj+XvAY6fiXc223eGbr6g7p3HhKc" +
+ "oTqeUPnfgCdMhY8Lx2HLQUOCtattpXUoac7qF3eKDp1hzhwrRjsbCfuukdb8q/PTAA88MdA8Un/yuWax7+7b45Pdx4MrI7ypgxmq" +
+ "YYuk8OFG8f7FCXM6D1+4fyi9+cYZ"
+ ;
+
+ // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. juolOEekkCQNFcatcICnWE6QCUdEUevSNfvtZBkS+7ZzQytQ0SlbqZDaUHT6DX46RGkRTicM62xHFIr8v0/EuAgJRMoVWJAxwC4Z8ODDmSrMkvFAOAu8dUhFoPSmbiaUCFioT26UwXGw74y74AJt91n1ewEu1AtEWVA+K4J43kjLCapdX+nCqToyxinecHt8Kn1x2vr5ql+EcGHmq7bvocQxHm30fS/yEt1MPD8LvNAFNO+exeLP0WIKZt+RWgMTHQjuV64iAZjgqFNVKvpptkSjturcVAAWYipAy2YBW5Io/RPwgwvhinh164BJfTIa8LX9bg0O41pyAyoNDXLvOg==
+ static String signedRecord43 =
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCO6iU4R6SQJA0V" +
+ "xq1wgKdYTpAJR0RR69I1++1kGRL7tnNDK1DRKVupkNpQdPoNfjpEaRFOJwzrbEcUivy/T8S4CAlEyhVYkDHALhnw4MOZKsyS8UA4" +
+ "C7x1SEWg9KZuJpQIWKhPbpTBcbDvjLvgAm33WfV7AS7UC0RZUD4rgnjeSMsJql1f6cKpOjLGKd5we3wqfXHa+vmqX4RwYeartu+h" +
+ "xDEebfR9L/IS3Uw8Pwu80AU0757F4s/RYgpm35FaAxMdCO5XriIBmOCoU1Uq+mm2RKO26txUABZiKkDLZgFbkij9E/CDC+GKeHXr" +
+ "gEl9Mhrwtf1uDQ7jWnIDKg0Ncu86"
+ ;
+
+ // example.com. 1234000 IN DS 15637 5 2 66CB3389BD6CF3462881AF506BE452DB6AD63D6FADC303BDB0B0629859DA8482
+ static String dsRecord0 =
+ "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ9FQUCZsszib1s80Yoga9Qa+RS22rWPW+twwO9sLBimFnahII="
+ ;
+
+ // example.com. 1234000 IN DS 15637 5 2 66CB3389BD6CF3462881AF506BE452DB6AD63D6FADC303BDB0B0629859DA8482
+ static String dsRecord1 =
+ "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ9FQUCZsszib1s80Yoga9Qa+RS22rWPW+twwO9sLBimFnahII="
+ ;
+
+ // example.com. 31556952 IN DNSKEY 256 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ7P2ds5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB0dqI0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwRT+HKpv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQAB
+// keytag 7086
+ static String zoneDnsKeyRecord =
+ "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MglJTglETlNLRVkJMjU2IDMgNSBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1J" +
+ "SUJDZ0tDQVFFQXIxUFcrQVFJSHlLd3dISzAyTmhCNzlpSG0vSTR3bXdDY1NscGNCQUdNclQ3Sk5hd0MrOWdLRTVQR1Q5czhYVHRF" +
+ "T1plVlhqby9JQjFjOE1sM3N4SjdQMmRzNXNHc0ovNE0zVzM2VytuamhKZVh1TDJsakliUXByQXMwSVJiZzVTUDY3M3ltWlI5bm8z" +
+ "ZmdYR29IOENpR25OVnoybDA1UzJ4dE1ZNVdTYVZiWW05cnZiVHIyMDZFcUIwZHFJMENMVTk4TzU3ZnZmTXBhQmFXdTNVWTd4ZFFz" +
+ "aFZzUURadHB5U0RPbmtmZFR0eFFmTTdVVm14c0RGdHkwQ29ab3RDaHFlK0ZsdW5uVXQrb2RrMEw3cFFyRkRVKzFUbXdSVCtIS3B2" +
+ "NktZSi81a21BM1hJUXIrS0hZMFU2OWsrR25EcXhZMFF3bXlGMU1tT3djOVdZeGh6RUpSUUlEQVFBQg=="
+ ;
+
+ // example.com. 315569520 IN DNSKEY 257 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOFoBMmeFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvKaITIGi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv1XbL/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQAB
+// keytag 7086
+ static String keyDnsKeyRecord =
+ "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MjAJSU4JRE5TS0VZCTI1NyAzIDUgTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFN" +
+ "SUlCQ2dLQ0FRRUF1aGxzQW1Vc0E5ZERyUngwOG1rSnYzMUFtNENVbWFqQ3pJbG1SNm5CL0JRMDlGT1M5cWlUUDdGZEZsQmg3TnZM" +
+ "ejUyNld4OTUzQTladWJrZUJFT0ZvQk1tZUZGcFk1WkJrVmNqZ1owbWwyNmVjUGNsMmhMcjhOeHkyVnNJcGVmc3R2S3VmbGNyTlIr" +
+ "YURtZDhSTUIvdFBGNVpXbUhFeGJmbUNSb2luUDlaeUVYckxISnNvanlmcXZLYUlUSUdpMVpkeFgyOFRoSlBHK0JmNkZ5cmdXZkFt" +
+ "Q0RrUUtwYXloUUtJbTBqa2MwM1hGc25Ob05iemZsY3NjSUt2UU5YcFhaNWhuNVVCOVgwVkdYcDZTRTZFbk5VMkptMkpzdjFYYkwv" +
+ "RS9HNm9IeWZpb0plNFk0bUhjUmJuLzhpbEQvS2Q5UlpXYm9YQkVsRlptNGpsbWVZOFNWUXdJREFRQUI="
+ ;
+
+ static List<Record> signedList;
+ static List<Record> postZoneList;
+ static List<Record> dsRecordList = new ArrayList<>();
+
+ public static List<String> getStringsNamedLike(String name, Class clazz) {
+ return Arrays.asList(clazz.getDeclaredFields()).stream()
+ .filter(field -> field.getName().contains(name))
+ .map(field -> {
+ try {
+ return field.get(null).toString();
+ }
+ catch (Exception e) {
+ System.out.println("Failed getting static field " + name + " for class " + clazz);
+ e.printStackTrace();
+ }
+ return null;
+ })
+ .collect(toList());
+ }
+
+ static Record toRecord(String record) {
+ try {
+ return Record.fromWire(Base64.getDecoder().decode(record.getBytes()), Section.ANSWER);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ public static void recreateData() throws Exception {
+ List<String> encodedRecords = getStringsNamedLike("signedRecord", SigningData.class);
+
+ signedList = encodedRecords.stream().map(SigningData::toRecord).collect(toList());
+
+ encodedRecords = getStringsNamedLike("postZoneRecord", SigningData.class);
+
+ postZoneList = encodedRecords.stream().map(SigningData::toRecord).collect(toList());
+
+ dsRecordList.clear();
+ dsRecordList.add(SigningData.toRecord(dsRecord0));
+ dsRecordList.add(SigningData.toRecord(dsRecord1));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
new file mode 100644
index 0000000..b72da8a
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
@@ -0,0 +1,147 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import com.verisignlabs.dnssec.security.DnsKeyPair;
+import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
+import org.junit.Before;
+import org.junit.Test;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Section;
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+
+import java.io.IOException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.generateZoneRecords;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk1;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk2;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2;
+import static java.util.Base64.getEncoder;
+import static java.util.stream.Collectors.toList;
+import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
+
+public class SigningTestDataGenerator {
+
+ void dumpKeyPair(String varPrefix, KeyPair keyPair) throws IOException {
+ dumpKey(String.format("%sPublic", varPrefix), keyPair.getPublic());
+ dumpKey(String.format("%sPrivate", varPrefix), keyPair.getPrivate());
+ }
+
+ void dumpKey(String varName, Key key) throws IOException {
+
+ byte[] base64Encoded;
+ if (key instanceof RSAPrivateCrtKeyImpl) {
+ base64Encoded = getEncoder().encode(new Pkcs1Converter().toBytes((RSAPrivateCrtKeyImpl) key));
+ } else if (key instanceof RSAPublicKey) {
+ base64Encoded = getEncoder().encode(new Pkcs1Converter().toBytes((RSAPublicKey) key));
+ } else {
+ base64Encoded = getEncoder().encode(key.getEncoded());
+ }
+
+ System.out.println(makeBase64StringVar(varName, new String(base64Encoded)));
+ }
+
+ String makeBase64StringVar(String varName, String base64String) {
+ int length = 100;
+ int beginIndex = 0;
+ int endIndex = length;
+ StringBuilder stringBuilder = new StringBuilder("static String " + varName + " =\n");
+ while (beginIndex < base64String.length()) {
+ if (endIndex > base64String.length()) {
+ endIndex = base64String.length();
+ }
+ stringBuilder.append(String.format("\t\"%s\"", base64String.substring(beginIndex, endIndex)));
+ beginIndex = endIndex;
+ if (beginIndex < base64String.length()) {
+ stringBuilder.append(" +");
+ }
+ stringBuilder.append("\n");
+ endIndex += length;
+ }
+ stringBuilder.append("\t;\n");
+ return stringBuilder.toString();
+ }
+
+ @Before
+ public void before() throws Exception {
+ generateZoneRecords(true);
+ Name origin = new Name("example.com.");
+
+ dumpKeyPair("ksk1", ksk1);
+ System.out.println();
+
+ dumpKeyPair("ksk2", ksk2);
+ System.out.println();
+
+ dumpKeyPair("zsk1", zsk1);
+ System.out.println();
+
+ dumpKeyPair("zsk2", zsk2);
+ System.out.println();
+
+ JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
+
+ List<DnsKeyPair> kskPairs = new ArrayList<>(Arrays.asList(
+ new DnsKeyPair(keySigningKeyRecord, ksk1.getPrivate()),
+ new DnsKeyPair(keySigningKeyRecord, ksk2.getPrivate())
+ ));
+
+ List<DnsKeyPair> zskPairs = new ArrayList<>(Arrays.asList(
+ new DnsKeyPair(zoneSigningKeyRecord, zsk1.getPrivate()),
+ new DnsKeyPair(zoneSigningKeyRecord, zsk2.getPrivate())
+ ));
+
+ List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records, kskPairs, zskPairs,
+ ZoneTestRecords.sep_1_2016, ZoneTestRecords.sep_1_2026, true, SHA256_DIGEST_ID);
+
+ ZoneTestRecords.records.forEach(rec -> {
+ System.out.println("// " + rec);
+ // Doesn't really matter that 'ANSWER' is totally correct, just don't use question
+ String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
+ String varName = String.format("postZoneRecord%d", signedRecords.indexOf(rec));
+ System.out.println(makeBase64StringVar(varName, base64String));
+ });
+
+ signedRecords.forEach(rec -> {
+ System.out.println("// " + rec);
+ // Doesn't really matter that 'ANSWER' is totally correct, just don't use question
+ String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
+ String varName = String.format("signedRecord%d", signedRecords.indexOf(rec));
+ System.out.println(makeBase64StringVar(varName, base64String));
+ });
+
+ List<DSRecord> dsRecords = kskPairs.stream()
+ .map(pair -> new DSRecord(origin, DClass.IN, 1234000L, SHA256_DIGEST_ID, pair.getDNSKEYRecord()))
+ .collect(toList());
+
+ dsRecords.forEach(rec -> {
+ System.out.println("// " + rec);
+ String base64String = new String(getEncoder().encode(rec.toWire(Section.ANSWER)));
+ String varName = String.format("dsRecord%d", dsRecords.indexOf(rec));
+ System.out.println(makeBase64StringVar(varName, base64String));
+ });
+
+ System.out.println("// " + zoneSigningKeyRecord);
+ System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
+ System.out.println(makeBase64StringVar("zoneDnsKeyRecord", new String(getEncoder().encode(zoneSigningKeyRecord.toString().getBytes()))));
+
+ System.out.println("// " + keySigningKeyRecord);
+ System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
+ System.out.println(makeBase64StringVar("keyDnsKeyRecord", new String(getEncoder().encode(keySigningKeyRecord.toString().getBytes()))));
+ }
+
+ @Test
+ public void test() {
+ System.out.println("ok");
+ }
+}
[09/12] incubator-trafficcontrol git commit: TR put in feature toggle
for turning off jdnssec
Posted by ne...@apache.org.
TR put in feature toggle for turning off jdnssec
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/40cd6a8e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/40cd6a8e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/40cd6a8e
Branch: refs/heads/master
Commit: 40cd6a8ede49cbad4d42a352e22f4e6733b8e16f
Parents: 4266376
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Thu Oct 27 12:14:54 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../traffic_router/core/dns/DnsSecKeyPair.java | 6 +
.../core/dns/DnsSecKeyPairImpl.java | 191 +++++++++++++++++++
.../core/dns/SignatureManager.java | 18 +-
.../traffic_router/core/dns/ZoneSignerImpl.java | 24 +++
4 files changed, 237 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/40cd6a8e/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
index 915adae..a87001a 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
@@ -2,6 +2,8 @@ package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import org.xbill.DNS.DNSKEYRecord;
+import java.security.PrivateKey;
+import java.security.PublicKey;
import java.util.Date;
public interface DnsSecKeyPair {
@@ -37,6 +39,10 @@ public interface DnsSecKeyPair {
boolean isNewer(DnsSecKeyPair other);
+ PrivateKey getPrivate();
+
+ PublicKey getPublic();
+
DNSKEYRecord getDNSKEYRecord();
@Override
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/40cd6a8e/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
new file mode 100644
index 0000000..d0d2b90
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
@@ -0,0 +1,191 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.Master;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.Type;
+
+import javax.xml.bind.DatatypeConverter;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Calendar;
+import java.util.Date;
+
+public class DnsSecKeyPairImpl implements DnsSecKeyPair {
+ private long ttl;
+ private Date inception;
+ private Date effective;
+ private Date expiration;
+ private String name;
+ private DNSKEYRecord dnskeyRecord;
+// private String privateKeyString;
+ private PrivateKey privateKey;
+ private PublicKey publicKey;
+
+ public DnsSecKeyPairImpl(final JSONObject keyPair, final long defaultTTL) throws JSONException, IOException {
+ this.inception = new Date(1000L * keyPair.getLong("inceptionDate"));
+ this.effective = new Date(1000L * keyPair.getLong("effectiveDate"));
+ this.expiration = new Date(1000L * keyPair.getLong("expirationDate"));
+ this.ttl = keyPair.optLong("ttl", defaultTTL);
+ this.name = keyPair.getString("name");
+
+// final byte[] privateKey = DatatypeConverter.parseBase64Binary(keyPair.getString("private"));
+ final byte[] publicKey = DatatypeConverter.parseBase64Binary(keyPair.getString("public"));
+
+ try (InputStream in = new ByteArrayInputStream(publicKey)) {
+ final Master master = new Master(in, new Name(name), ttl);
+// this.privateKeyString = new String(privateKey);
+
+ Record record;
+ while ((record = master.nextRecord()) != null) {
+ if (record.getType() == Type.DNSKEY) {
+ this.dnskeyRecord = (DNSKEYRecord) record;
+ break;
+ }
+ }
+ }
+ }
+
+ @Override
+ public long getTTL() {
+ return ttl;
+ }
+
+ @Override
+ public void setTTL(final long ttl) {
+ this.ttl = ttl;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public void setName(final String name) {
+ this.name = name;
+ }
+
+ @Override
+ public Date getInception() {
+ return inception;
+ }
+
+ @Override
+ public void setInception(final Date inception) {
+ this.inception = inception;
+ }
+
+ @Override
+ public Date getEffective() {
+ return effective;
+ }
+
+ @Override
+ public void setEffective(final Date effective) {
+ this.effective = effective;
+ }
+
+ @Override
+ public Date getExpiration() {
+ return expiration;
+ }
+
+ @Override
+ public void setExpiration(final Date expiration) {
+ this.expiration = expiration;
+ }
+
+ @Override
+ public boolean isKeySigningKey() {
+ return ((getDNSKEYRecord().getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0);
+ }
+
+ @Override
+ public boolean isExpired() {
+ return getExpiration().before(Calendar.getInstance().getTime());
+ }
+
+ @Override
+ public boolean isUsable() {
+ final Date now = Calendar.getInstance().getTime();
+ return getEffective().before(now);
+ }
+
+ @Override
+ public boolean isKeyCached(final long maxTTL) {
+ return getExpiration().after(new Date(System.currentTimeMillis() - (maxTTL * 1000)));
+ }
+
+ @Override
+ public boolean isOlder(final DnsSecKeyPair other) {
+ return getEffective().before(other.getEffective());
+ }
+
+ @Override
+ public boolean isNewer(final DnsSecKeyPair other) {
+ return getEffective().after(other.getEffective());
+ }
+
+ @Override
+ public DNSKEYRecord getDNSKEYRecord() {
+ return dnskeyRecord;
+ }
+
+ @Override
+ public PrivateKey getPrivate() {
+ return privateKey;
+ }
+
+ @Override
+ public PublicKey getPublic() {
+ return publicKey;
+ }
+
+ @SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
+ public boolean equals(final Object obj) {
+ final DnsSecKeyPairImpl okp = (DnsSecKeyPairImpl) obj;
+
+ if (!this.getDNSKEYRecord().equals(okp.getDNSKEYRecord())) {
+ return false;
+ } else if (!this.getPrivate().equals(okp.getPrivate())) {
+ return false;
+ } else if (!this.getPublic().equals(okp.getPublic())) {
+ return false;
+ } else if (!getEffective().equals(okp.getEffective())) {
+ return false;
+ } else if (!getExpiration().equals(okp.getExpiration())) {
+ return false;
+ } else if (!getInception().equals(okp.getInception())) {
+ return false;
+ } else if (!getName().equals(okp.getName())) {
+ return false;
+ } else if (getTTL() != okp.getTTL()) {
+ return false;
+ }
+
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ final StringBuilder sb = new StringBuilder();
+ sb.append("name=").append(name)
+ .append(" ttl=").append(getTTL())
+ .append(" ksk=").append(isKeySigningKey())
+ .append(" inception=\"");
+ sb.append(getInception());
+ sb.append("\" effective=\"");
+ sb.append(getEffective());
+ sb.append("\" expiration=\"");
+ sb.append(getExpiration()).append('"');
+
+ return sb.toString();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/40cd6a8e/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
index c191914..bbd7cc1 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
@@ -54,6 +54,7 @@ public final class SignatureManager {
private Map<String, List<DnsSecKeyPair>> keyMap;
private static ProtectedFetcher fetcher = null;
private ZoneManager zoneManager;
+ private boolean useJDnsSec = true;
public SignatureManager(final ZoneManager zoneManager, final CacheRegister cacheRegister, final TrafficOpsUtils trafficOpsUtils) {
this.setCacheRegister(cacheRegister);
@@ -74,6 +75,7 @@ public final class SignatureManager {
if (config.optBoolean("dnssec.enabled")) {
setDnssecEnabled(true);
+ this.useJDnsSec = config.optBoolean("usejdnssec", true);
setExpiredKeyAllowed(config.optBoolean("dnssec.allow.expired.keys", true)); // allowing this by default is the safest option
setExpirationMultiplier(config.optInt("signaturemanager.expiration.multiplier", 5)); // signature validity is maxTTL * this
final ScheduledExecutorService me = Executors.newScheduledThreadPool(1);
@@ -124,7 +126,12 @@ public final class SignatureManager {
for (int i = 0; i < keyPairs.length(); i++) {
try {
final JSONObject keyPair = keyPairs.getJSONObject(i);
- final DnsSecKeyPair dkpw = new DNSKeyPairWrapper(keyPair, defaultTTL);
+ final DnsSecKeyPair dkpw;
+ if (useJDnsSec) {
+ dkpw = new DNSKeyPairWrapper(keyPair, defaultTTL);
+ } else {
+ dkpw = new DnsSecKeyPairImpl(keyPair, defaultTTL);
+ }
if (!newKeyMap.containsKey(dkpw.getName())) {
newKeyMap.put(dkpw.getName(), new ArrayList<>());
@@ -432,7 +439,14 @@ public final class SignatureManager {
LOGGER.info("Signing zone " + name + " with start " + start.getTime() + " and expiration " + signatureExpiration.getTime());
- final List<Record> signedRecords = new JDnsSecSigner().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+ final List<Record> signedRecords;
+
+ if (useJDnsSec) {
+ signedRecords = new JDnsSecSigner().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+ } else {
+ signedRecords = new ZoneSignerImpl().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+ }
+
zoneKey.setSignatureExpiration(signatureExpiration);
zoneKey.setKSKExpiration(kskExpiration);
zoneKey.setZSKExpiration(zskExpiration);
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/40cd6a8e/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
new file mode 100644
index 0000000..0f5bfc4
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSignerImpl.java
@@ -0,0 +1,24 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Date;
+import java.util.List;
+
+public class ZoneSignerImpl implements ZoneSigner {
+ @Override
+ public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
+ final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException {
+ return null;
+ }
+
+ @Override
+ public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) {
+ return null;
+ }
+}
[07/12] incubator-trafficcontrol git commit: TR cleanup test
dependencies in pom files
Posted by ne...@apache.org.
TR cleanup test dependencies in pom files
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/8359e3d2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/8359e3d2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/8359e3d2
Branch: refs/heads/master
Commit: 8359e3d2155cd5de43be083ff81e48bbf8720919
Parents: 9577523
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Tue Oct 11 11:39:03 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
traffic_router/connector/pom.xml | 18 ++------
traffic_router/core/pom.xml | 75 ++++++++++-----------------------
traffic_router/geolocation/pom.xml | 16 +++++--
traffic_router/neustar/pom.xml | 37 ----------------
traffic_router/pom.xml | 33 +++++++++++++++
traffic_router/shared/pom.xml | 25 ++++-------
6 files changed, 80 insertions(+), 124 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/connector/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/connector/pom.xml b/traffic_router/connector/pom.xml
index 3878e3e..2dd5f83 100644
--- a/traffic_router/connector/pom.xml
+++ b/traffic_router/connector/pom.xml
@@ -99,32 +99,22 @@
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
- <version>1.3</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>1.10.19</version>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
- <version>1.6.4</version>
- <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
- <version>1.6.4</version>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.12</version>
- <scope>test</scope>
</dependency>
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/core/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/core/pom.xml b/traffic_router/core/pom.xml
index cfb97c2..e3d8788 100644
--- a/traffic_router/core/pom.xml
+++ b/traffic_router/core/pom.xml
@@ -280,11 +280,7 @@
<artifactId>guava</artifactId>
<version>18.0</version>
</dependency>
- <dependency>
- <groupId>com.google.guava</groupId>
- <artifactId>guava</artifactId>
- <version>18.0</version>
- </dependency>
+
<dependency>
<groupId>org.springframework</groupId>
@@ -338,54 +334,6 @@
</exclusion>
</exclusions>
</dependency>
-
-
- <dependency>
- <groupId>org.hamcrest</groupId>
- <artifactId>hamcrest-all</artifactId>
- <version>${hamcrest.version}</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <version>1.10.19</version>
- <exclusions>
- <exclusion>
- <groupId>org.hamcrest</groupId>
- <artifactId>hamcrest-core</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito</artifactId>
- <version>1.6.2</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- <version>1.6.2</version>
- <scope>test</scope>
- </dependency>
-
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- <exclusions>
- <exclusion>
- <groupId> org.hamcrest</groupId>
- <artifactId>hamcrest-core</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
@@ -417,6 +365,27 @@
<version>${project.parent.version}</version>
<scope>test</scope>
</dependency>
+
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-all</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
</dependencies>
<profiles>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/geolocation/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/geolocation/pom.xml b/traffic_router/geolocation/pom.xml
index 3e95cf1..94186a2 100644
--- a/traffic_router/geolocation/pom.xml
+++ b/traffic_router/geolocation/pom.xml
@@ -39,14 +39,22 @@ under the License.
<dependency>
<groupId>org.hamcrest</groupId>
<artifactId>hamcrest-all</artifactId>
- <version>${hamcrest.version}</version>
- <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
</dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/neustar/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/neustar/pom.xml b/traffic_router/neustar/pom.xml
index 48a5326..5b720af 100644
--- a/traffic_router/neustar/pom.xml
+++ b/traffic_router/neustar/pom.xml
@@ -80,43 +80,6 @@ under the License.
<artifactId>commons-compress</artifactId>
<version>${commons-compress.version}</version>
</dependency>
-
- <dependency>
- <groupId>org.hamcrest</groupId>
- <artifactId>hamcrest-all</artifactId>
- <version>${hamcrest.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>1.10.19</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.springframework</groupId>
- <artifactId>spring-test</artifactId>
- <version>${spring.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- <version>1.6.4</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito</artifactId>
- <version>1.6.2</version>
- <scope>test</scope>
- </dependency>
</dependencies>
<build>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/pom.xml b/traffic_router/pom.xml
index 1148c49..f6eaf19 100644
--- a/traffic_router/pom.xml
+++ b/traffic_router/pom.xml
@@ -74,6 +74,39 @@
</plugins>
</build>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-all</artifactId>
+ <version>1.3</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-api-mockito</artifactId>
+ <version>1.6.4</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
+ <version>1.10.19</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.powermock</groupId>
+ <artifactId>powermock-module-junit4</artifactId>
+ <version>1.6.4</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <version>4.12</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
<profiles>
<profile>
<id>rpm-build</id>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/8359e3d2/traffic_router/shared/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/shared/pom.xml b/traffic_router/shared/pom.xml
index 329038c..b7c7b23 100644
--- a/traffic_router/shared/pom.xml
+++ b/traffic_router/shared/pom.xml
@@ -63,37 +63,30 @@ under the License.
<artifactId>jackson-annotations</artifactId>
<version>2.4.0</version>
</dependency>
-
<dependency>
- <groupId>org.hamcrest</groupId>
- <artifactId>hamcrest-all</artifactId>
- <version>${hamcrest.version}</version>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.4.3</version>
</dependency>
<dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-all</artifactId>
- <version>1.10.19</version>
+ <groupId>org.hamcrest</groupId>
+ <artifactId>hamcrest-all</artifactId>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-api-mockito</artifactId>
- <version>1.6.4</version>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-all</artifactId>
</dependency>
<dependency>
<groupId>org.powermock</groupId>
<artifactId>powermock-module-junit4</artifactId>
- <version>1.6.4</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>${junit.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- <version>2.4.3</version>
</dependency>
</dependencies>
[05/12] incubator-trafficcontrol git commit: TR - add dns delivery
service to test CrConfig.json
Posted by ne...@apache.org.
TR - add dns delivery service to test CrConfig.json
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/9577523f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/9577523f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/9577523f
Branch: refs/heads/master
Commit: 9577523fb07efb894699fc6ea465f28c2ac64f50
Parents: 40cd6a8
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Mon Oct 24 10:55:57 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../src/test/resources/publish/CrConfig.json | 50 ++++++++++++++++++--
1 file changed, 47 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/9577523f/traffic_router/core/src/test/resources/publish/CrConfig.json
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/resources/publish/CrConfig.json b/traffic_router/core/src/test/resources/publish/CrConfig.json
index 129f667..03af8da 100644
--- a/traffic_router/core/src/test/resources/publish/CrConfig.json
+++ b/traffic_router/core/src/test/resources/publish/CrConfig.json
@@ -15,7 +15,8 @@
"interfaceName": "bond0",
"deliveryServices": {
"https-only-test": ["edge-cache-001.https-only-test.thecdn.example.com"],
- "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"]
+ "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"],
+ "dns-test": ["edge-cache-001.dns-test.thecdn.example.com"]
}
},
"edge-cache-001": {
@@ -33,7 +34,8 @@
"interfaceName": "bond0",
"deliveryServices": {
"https-only-test": ["edge-cache-001.https-only-test.thecdn.example.com"],
- "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"]
+ "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"],
+ "dns-test": ["edge-cache-001.dns-test.thecdn.example.com"]
}
},
"edge-cache-002": {
@@ -51,7 +53,8 @@
"interfaceName": "bond0",
"deliveryServices": {
"https-only-test": ["edge-cache-002.https-only-test.thecdn.example.com"],
- "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"]
+ "http-only-test": ["edge-cache-001.http-only-test.thecdn.example.com"],
+ "dns-test": ["edge-cache-001.dns-test.thecdn.example.com"]
}
},
"edge-cache-010": {
@@ -1008,6 +1011,47 @@
"refresh": "28800"
},
"geolocationProvider": "maxmindGeolocationService"
+ },
+ "dns-test": {
+ "sslEnabled": "false",
+ "bypassDestination": {
+ "DNS": {
+ "ttl": "30",
+ "cname": "www.example.com"
+ }
+ },
+ "domains": [
+ "dns-test.thecdn.example.com"
+ ],
+ "coverageZoneOnly": "false",
+ "matchsets": [{
+ "protocol": "DNS",
+ "matchlist": [{
+ "regex": ".*\\.dns-test\\..*",
+ "match-type": "HOST"
+ }]
+ }],
+ "ttls": {
+ "AAAA": "30",
+ "SOA": "7200",
+ "A": "30",
+ "NS": "3600"
+ },
+ "missLocation": {
+ "long": "-87.627778",
+ "lat": "41.881944"
+ },
+ "soa": {
+ "expire": "604800",
+ "minimum": "30",
+ "admin": "admin@thecdn.example.com",
+ "retry": "7200",
+ "refresh": "28800"
+ },
+ "geolocationProvider": "maxmindGeolocationService",
+ "ttl": "30",
+ "maxDnsIpsForLocation": "2",
+ "ip6RoutingEnabled": "false"
}
},
"stats": {
[04/12] incubator-trafficcontrol git commit: TR now interprets
dnsseckeys.json as Bind Private Key format
Posted by ne...@apache.org.
TR now interprets dnsseckeys.json as Bind Private Key format
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/aeaf12d3
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/aeaf12d3
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/aeaf12d3
Branch: refs/heads/master
Commit: aeaf12d3ab165ecdde3ca076ca2a6ca7d7df2ff5
Parents: 159e3e4
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Thu Nov 3 15:58:44 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../secure/PrivateKeyDecoder.java | 2 +-
.../core/dns/DnsSecKeyPairImpl.java | 14 +-
.../core/dns/SignatureManager.java | 1 +
.../core/dns/keys/BindPrivateKeyFormatter.java | 41 ++
.../core/dns/keys/Pkcs1Converter.java | 50 --
.../core/dns/keys/Pkcs1Formatter.java | 50 ++
.../core/dns/keys/SigningData.java | 724 +++++++++----------
.../core/dns/keys/SigningTestDataGenerator.java | 31 +-
.../core/dns/keys/ZoneSignerTest.java | 53 +-
.../core/dns/keys/ZoneTestRecords.java | 12 +-
.../traffic_router/secure/BindPrivateKey.java | 63 ++
.../traffic_router/secure/Pkcs1.java | 49 +-
.../secure/Pkcs1KeySpecDecoder.java | 54 ++
.../test/java/secure/BindPrivateKeyTest.java | 85 +++
14 files changed, 699 insertions(+), 530 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/PrivateKeyDecoder.java
----------------------------------------------------------------------
diff --git a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/PrivateKeyDecoder.java b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/PrivateKeyDecoder.java
index 3792d85..9177569 100644
--- a/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/PrivateKeyDecoder.java
+++ b/traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/PrivateKeyDecoder.java
@@ -23,6 +23,6 @@ import java.util.Base64;
public class PrivateKeyDecoder {
public PrivateKey decode(final String data) throws IOException, GeneralSecurityException {
final String decodedData = new String(Base64.getMimeDecoder().decode(data.getBytes()));
- return decodedData.contains(Pkcs1.HEADER) ? new Pkcs1(decodedData).getPrivateKey() : new Pkcs8(decodedData).getPrivateKey();
+ return decodedData.contains(Pkcs1KeySpecDecoder.HEADER) ? new Pkcs1(decodedData).getPrivateKey() : new Pkcs8(decodedData).getPrivateKey();
}
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
index d5c5f1d..043baba 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPairImpl.java
@@ -1,6 +1,6 @@
package com.comcast.cdn.traffic_control.traffic_router.core.dns;
-import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
+import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
import org.apache.log4j.Logger;
import org.json.JSONException;
import org.json.JSONObject;
@@ -11,16 +11,17 @@ import org.xbill.DNS.Name;
import org.xbill.DNS.Record;
import org.xbill.DNS.Type;
-import javax.xml.bind.DatatypeConverter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
+import java.util.Base64.Decoder;
import java.util.Calendar;
import java.util.Date;
+import static java.util.Base64.getMimeDecoder;
+
public class DnsSecKeyPairImpl implements DnsSecKeyPair {
private static final Logger LOGGER = Logger.getLogger(DnsSecKeyPairImpl.class);
private long ttl;
@@ -38,13 +39,14 @@ public class DnsSecKeyPairImpl implements DnsSecKeyPair {
this.ttl = keyPair.optLong("ttl", defaultTTL);
this.name = keyPair.getString("name");
+ final Decoder mimeDecoder = getMimeDecoder();
try {
- privateKey = new Pkcs1(keyPair.getString("private")).getPrivateKey();
- } catch (GeneralSecurityException e) {
+ privateKey = new BindPrivateKey().decode(new String(mimeDecoder.decode(keyPair.getString("private"))));
+ } catch (Exception e) {
LOGGER.error("Failed to decode PKCS1 key from json data!: " + e.getMessage(), e);
}
- final byte[] publicKey = DatatypeConverter.parseBase64Binary(keyPair.getString("public"));
+ final byte[] publicKey = mimeDecoder.decode(keyPair.getString("public"));
try (InputStream in = new ByteArrayInputStream(publicKey)) {
final Master master = new Master(in, new Name(name), ttl);
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
index 4120de0..55a0b0c 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
@@ -197,6 +197,7 @@ public final class SignatureManager {
}
if (!matched) {
+ LOGGER.info("Found new or changed key for " + newKeyPair.getName());
return true; // has a new key because we didn't find a match
}
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
new file mode 100644
index 0000000..4aa873e
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/BindPrivateKeyFormatter.java
@@ -0,0 +1,41 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+
+import java.math.BigInteger;
+import java.security.interfaces.RSAMultiPrimePrivateCrtKey;
+import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
+
+import static java.util.Base64.getEncoder;
+
+public class BindPrivateKeyFormatter {
+ String encode(BigInteger bigInteger) {
+ return new String(getEncoder().encode(bigInteger.toByteArray()));
+ }
+
+ public String format(RSAMultiPrimePrivateCrtKeySpec spec) {
+ return "Private-key-format: v1.2\n" +
+ "Algorithm: 5 (RSASHA1)\n" +
+ "Modulus: " + encode(spec.getModulus()) + "\n" +
+ "PublicExponent: " + encode(spec.getPublicExponent()) + "\n" +
+ "PrivateExponent: " + encode(spec.getPrivateExponent()) + "\n" +
+ "Prime1: " + encode(spec.getPrimeP()) + "\n" +
+ "Prime2: " + encode(spec.getPrimeQ()) + "\n" +
+ "Exponent1: " + encode(spec.getPrimeExponentP()) + "\n" +
+ "Exponent2: " + encode(spec.getPrimeExponentQ())+ "\n" +
+ "Coefficient: " + encode(spec.getCrtCoefficient())+ "\n";
+ }
+
+ public String format(RSAPrivateCrtKeyImpl key) {
+ return "Private-key-format: v1.2\n" +
+ "Algorithm: 5 (RSASHA1)\n" +
+ "Modulus: " + encode(key.getModulus()) + "\n" +
+ "PublicExponent: " + encode(key.getPublicExponent()) + "\n" +
+ "PrivateExponent: " + encode(key.getPrivateExponent()) + "\n" +
+ "Prime1: " + encode(key.getPrimeP()) + "\n" +
+ "Prime2: " + encode(key.getPrimeQ()) + "\n" +
+ "Exponent1: " + encode(key.getPrimeExponentP()) + "\n" +
+ "Exponent2: " + encode(key.getPrimeExponentQ())+ "\n" +
+ "Coefficient: " + encode(key.getCrtCoefficient())+ "\n";
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
deleted file mode 100644
index 681eeed..0000000
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Converter.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
-
-import sun.security.rsa.RSAPrivateCrtKeyImpl;
-import sun.security.util.DerOutputStream;
-import sun.security.util.DerValue;
-
-import java.io.IOException;
-import java.security.interfaces.RSAPublicKey;
-
-public class Pkcs1Converter {
-
- // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
-
- public byte[] toBytes(RSAPrivateCrtKeyImpl key) throws IOException {
- byte tag = 2;
- DerValue[] outputSequence = new DerValue[] {
- new DerValue(tag, new byte[]{0}),
- new DerValue(tag, key.getModulus().toByteArray()),
- new DerValue(tag, key.getPublicExponent().toByteArray()),
- new DerValue(tag, key.getPrivateExponent().toByteArray()),
- new DerValue(tag, key.getPrimeP().toByteArray()),
- new DerValue(tag, key.getPrimeQ().toByteArray()),
- new DerValue(tag, key.getPrimeExponentP().toByteArray()),
- new DerValue(tag, key.getPrimeExponentQ().toByteArray()),
- new DerValue(tag, key.getCrtCoefficient().toByteArray()),
- };
-
- DerOutputStream outputStream = new DerOutputStream();
-
- outputStream.putSequence(outputSequence);
- outputStream.flush();
-
- return outputStream.toByteArray();
- }
-
- public byte[] toBytes(RSAPublicKey key) throws IOException {
- byte tag = 2;
- DerValue[] outputSequence = new DerValue[] {
- new DerValue(tag, key.getModulus().toByteArray()),
- new DerValue(tag, key.getPublicExponent().toByteArray())
- };
-
- DerOutputStream outputStream = new DerOutputStream();
-
- outputStream.putSequence(outputSequence);
- outputStream.flush();
-
- return outputStream.toByteArray();
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
new file mode 100644
index 0000000..8e39966
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/Pkcs1Formatter.java
@@ -0,0 +1,50 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+import sun.security.util.DerOutputStream;
+import sun.security.util.DerValue;
+
+import java.io.IOException;
+import java.security.interfaces.RSAPublicKey;
+
+public class Pkcs1Formatter {
+
+ // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
+
+ public byte[] toBytes(RSAPrivateCrtKeyImpl key) throws IOException {
+ byte tag = 2;
+ DerValue[] outputSequence = new DerValue[] {
+ new DerValue(tag, new byte[]{0}),
+ new DerValue(tag, key.getModulus().toByteArray()),
+ new DerValue(tag, key.getPublicExponent().toByteArray()),
+ new DerValue(tag, key.getPrivateExponent().toByteArray()),
+ new DerValue(tag, key.getPrimeP().toByteArray()),
+ new DerValue(tag, key.getPrimeQ().toByteArray()),
+ new DerValue(tag, key.getPrimeExponentP().toByteArray()),
+ new DerValue(tag, key.getPrimeExponentQ().toByteArray()),
+ new DerValue(tag, key.getCrtCoefficient().toByteArray()),
+ };
+
+ DerOutputStream outputStream = new DerOutputStream();
+
+ outputStream.putSequence(outputSequence);
+ outputStream.flush();
+
+ return outputStream.toByteArray();
+ }
+
+ public byte[] toBytes(RSAPublicKey key) throws IOException {
+ byte tag = 2;
+ DerValue[] outputSequence = new DerValue[] {
+ new DerValue(tag, key.getModulus().toByteArray()),
+ new DerValue(tag, key.getPublicExponent().toByteArray())
+ };
+
+ DerOutputStream outputStream = new DerOutputStream();
+
+ outputStream.putSequence(outputSequence);
+ outputStream.flush();
+
+ return outputStream.toByteArray();
+ }
+}
[08/12] incubator-trafficcontrol git commit: TR now tracks when it
checks and finds new dnssec keys from TO
Posted by ne...@apache.org.
TR now tracks when it checks and finds new dnssec keys from TO
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/159e3e44
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/159e3e44
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/159e3e44
Branch: refs/heads/master
Commit: 159e3e4458eb9a583683458c3d8c15b0317f4edf
Parents: 693ced5
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Tue Nov 1 12:29:30 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../traffic_router/core/dns/SignatureManager.java | 8 +++++++-
.../traffic_router/core/dns/ZoneManager.java | 9 +++++----
.../traffic_router/core/router/TrafficRouter.java | 5 +++--
.../traffic_router/core/router/TrafficRouterManager.java | 2 +-
.../traffic_router/core/dns/ZoneManagerUnitTest.java | 5 +++--
5 files changed, 19 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/159e3e44/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
index 2eaf043..4120de0 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
@@ -29,6 +29,7 @@ import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
+import com.comcast.cdn.traffic_control.traffic_router.core.router.TrafficRouterManager;
import org.apache.log4j.Logger;
import org.json.JSONArray;
import org.json.JSONException;
@@ -55,8 +56,10 @@ public final class SignatureManager {
private static ProtectedFetcher fetcher = null;
private ZoneManager zoneManager;
private boolean useJDnsSec = true;
+ private final TrafficRouterManager trafficRouterManager;
- public SignatureManager(final ZoneManager zoneManager, final CacheRegister cacheRegister, final TrafficOpsUtils trafficOpsUtils) {
+ public SignatureManager(final ZoneManager zoneManager, final CacheRegister cacheRegister, final TrafficOpsUtils trafficOpsUtils, final TrafficRouterManager trafficRouterManager) {
+ this.trafficRouterManager = trafficRouterManager;
this.setCacheRegister(cacheRegister);
this.setTrafficOpsUtils(trafficOpsUtils);
this.setZoneManager(zoneManager);
@@ -107,6 +110,8 @@ public final class SignatureManager {
return new Runnable() {
public void run() {
try {
+ trafficRouterManager.trackEvent("lastDnsSecKeysCheck");
+
final Map<String, List<DnsSecKeyPair>> newKeyMap = new HashMap<String, List<DnsSecKeyPair>>();
final JSONObject keyPairData = fetchKeyPairData(cacheRegister);
@@ -159,6 +164,7 @@ public final class SignatureManager {
} else if (hasNewKeys(keyMap, newKeyMap)) {
// incoming key map has new keys
LOGGER.debug("Found new keys in incoming keyMap; rebuilding zone caches");
+ trafficRouterManager.trackEvent("newDnsSecKeysFound");
keyMap = newKeyMap;
getZoneManager().rebuildZoneCache();
} // no need to overwrite the keymap if they're the same, so no else leg
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/159e3e44/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManager.java
index e6d8452..504375c 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManager.java
@@ -38,6 +38,7 @@ import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
+import com.comcast.cdn.traffic_control.traffic_router.core.router.TrafficRouterManager;
import org.apache.commons.io.IOUtils;
import org.apache.log4j.Logger;
import org.json.JSONArray;
@@ -103,9 +104,9 @@ public class ZoneManager extends Resolver {
DYNAMIC, STATIC
}
- public ZoneManager(final TrafficRouter tr, final StatTracker statTracker, final TrafficOpsUtils trafficOpsUtils) throws IOException {
+ public ZoneManager(final TrafficRouter tr, final StatTracker statTracker, final TrafficOpsUtils trafficOpsUtils, final TrafficRouterManager trafficRouterManager) throws IOException {
initTopLevelDomain(tr.getCacheRegister());
- initSignatureManager(tr.getCacheRegister(), trafficOpsUtils);
+ initSignatureManager(tr.getCacheRegister(), trafficOpsUtils, trafficRouterManager);
initZoneCache(tr);
this.trafficRouter = tr;
this.statTracker = statTracker;
@@ -132,8 +133,8 @@ public class ZoneManager extends Resolver {
setTopLevelDomain(new Name(tld));
}
- private void initSignatureManager(final CacheRegister cacheRegister, final TrafficOpsUtils trafficOpsUtils) {
- final SignatureManager sm = new SignatureManager(this, cacheRegister, trafficOpsUtils);
+ private void initSignatureManager(final CacheRegister cacheRegister, final TrafficOpsUtils trafficOpsUtils, final TrafficRouterManager trafficRouterManager) {
+ final SignatureManager sm = new SignatureManager(this, cacheRegister, trafficOpsUtils, trafficRouterManager);
ZoneManager.signatureManager = sm;
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/159e3e44/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouter.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouter.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouter.java
index e3cfd90..021fd48 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouter.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouter.java
@@ -90,13 +90,14 @@ public class TrafficRouter {
final GeolocationService geolocationService6,
final StatTracker statTracker,
final TrafficOpsUtils trafficOpsUtils,
- final FederationRegistry federationRegistry) throws IOException, JSONException {
+ final FederationRegistry federationRegistry,
+ final TrafficRouterManager trafficRouterManager) throws IOException, JSONException {
this.cacheRegister = cr;
this.geolocationService = geolocationService;
this.geolocationService6 = geolocationService6;
this.federationRegistry = federationRegistry;
this.consistentDNSRouting = cr.getConfig().optBoolean("consistent.dns.routing", false); // previous/default behavior
- this.zoneManager = new ZoneManager(this, statTracker, trafficOpsUtils);
+ this.zoneManager = new ZoneManager(this, statTracker, trafficOpsUtils, trafficRouterManager);
}
public ZoneManager getZoneManager() {
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/159e3e44/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouterManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouterManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouterManager.java
index be930dd..e8930d0 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouterManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/router/TrafficRouterManager.java
@@ -99,7 +99,7 @@ public class TrafficRouterManager implements ApplicationListener<ContextRefreshe
return;
}
- final TrafficRouter tr = new TrafficRouter(cacheRegister, geolocationService, geolocationService6, statTracker, trafficOpsUtils, federationRegistry);
+ final TrafficRouter tr = new TrafficRouter(cacheRegister, geolocationService, geolocationService6, statTracker, trafficOpsUtils, federationRegistry, this);
tr.setSteeringRegistry(steeringRegistry);
synchronized(this) {
if (state != null) {
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/159e3e44/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManagerUnitTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManagerUnitTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManagerUnitTest.java
index 9183180..1c77313 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManagerUnitTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneManagerUnitTest.java
@@ -18,6 +18,7 @@ package com.comcast.cdn.traffic_control.traffic_router.core.dns;
import com.comcast.cdn.traffic_control.traffic_router.core.cache.CacheRegister;
import com.comcast.cdn.traffic_control.traffic_router.core.router.StatTracker;
import com.comcast.cdn.traffic_control.traffic_router.core.router.StatTracker.Track.ResultType;
+import com.comcast.cdn.traffic_control.traffic_router.core.router.TrafficRouterManager;
import com.comcast.cdn.traffic_control.traffic_router.core.util.TrafficOpsUtils;
import com.comcast.cdn.traffic_control.traffic_router.core.router.TrafficRouter;
import org.junit.Before;
@@ -56,9 +57,9 @@ public class ZoneManagerUnitTest {
PowerMockito.doNothing().when(ZoneManager.class, "initZoneCache", trafficRouter);
SignatureManager signatureManager = PowerMockito.mock(SignatureManager.class);
- whenNew(SignatureManager.class).withArguments(any(ZoneManager.class), any(CacheRegister.class), any(TrafficOpsUtils.class)).thenReturn(signatureManager);
+ whenNew(SignatureManager.class).withArguments(any(ZoneManager.class), any(CacheRegister.class), any(TrafficOpsUtils.class), any(TrafficRouterManager.class)).thenReturn(signatureManager);
- zoneManager = spy(new ZoneManager(trafficRouter, new StatTracker(), null));
+ zoneManager = spy(new ZoneManager(trafficRouter, new StatTracker(), null, mock(TrafficRouterManager.class)));
}
@Test
[02/12] incubator-trafficcontrol git commit: TR now interprets
dnsseckeys.json as Bind Private Key format
Posted by ne...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
index e847991..81b7380 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
@@ -6,7 +6,6 @@ import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPairImpl;
import com.comcast.cdn.traffic_control.traffic_router.core.dns.JDnsSecSigner;
import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSignerImpl;
-import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
import com.verisignlabs.dnssec.security.DnsKeyPair;
import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
import com.verisignlabs.dnssec.security.SignUtils;
@@ -17,21 +16,17 @@ import org.xbill.DNS.DSRecord;
import org.xbill.DNS.Record;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
import java.util.stream.Stream;
import static com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection.equalTo;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord;
-import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk1;
-import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk2;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.origin;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2016;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2026;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord;
-import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1;
-import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2;
import static java.util.Arrays.asList;
+import static java.util.Base64.getMimeDecoder;
import static java.util.stream.Collectors.toList;
import static org.junit.Assert.assertThat;
import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
@@ -48,26 +43,30 @@ public class ZoneSignerTest {
private JSONObject zsk2Json;
private final long dsTtl = 1234000L;
+ private String decodePrivateKeyString(String encodedString) {
+ return new String(getMimeDecoder().decode(encodedString.getBytes()));
+ }
@Before
public void before() throws Exception {
ZoneTestRecords.generateZoneRecords(false);
SigningData.recreateData();
- kskPair1 = new DnsKeyPair(keySigningKeyRecord, ksk1.getPrivate());
- kskPair2 = new DnsKeyPair(keySigningKeyRecord, ksk2.getPrivate());
- zskPair1 = new DnsKeyPair(zoneSigningKeyRecord, zsk1.getPrivate());
- zskPair2 = new DnsKeyPair(zoneSigningKeyRecord, zsk2.getPrivate());
+ kskPair1 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk1Private));
+ kskPair2 = new DnsKeyPair(keySigningKeyRecord, decodePrivateKeyString(SigningData.ksk2Private));
+ zskPair1 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk1Private));
+ zskPair2 = new DnsKeyPair(zoneSigningKeyRecord, decodePrivateKeyString(SigningData.zsk2Private));
// Data like we would fetch from traffic ops api for dnsseckeys.json
- ksk1Json = new JSONObject("{" +
- "'inceptionDate':1475280000," +
- "'effectiveDate': 1475280000," +
- "'expirationDate': 1790812800," +
- "'ttl': 3600," +
- "'name':'example.com.'," +
- "'private': '" + SigningData.ksk1Private + "'," +
- "'public': '" + SigningData.keyDnsKeyRecord + "'" +
- "}");
+ String s = "{" +
+ "\n\t'inceptionDate':1475280000," +
+ "\n\t'effectiveDate': 1475280000," +
+ "\n\t'expirationDate': 1790812800," +
+ "\n\t'ttl': 3600," +
+ "\n\t'name':'example.com.'," +
+ "\n\t'private': '" + SigningData.ksk1Private.replaceAll("\n", "\\\\n") + "'," +
+ "\n\t'public': '" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "'" +
+ "\n}";
+ ksk1Json = new JSONObject(s);
ksk2Json = new JSONObject("{" +
@@ -76,8 +75,8 @@ public class ZoneSignerTest {
"'expirationDate': 1790812800," +
"'ttl': 3600," +
"'name':'example.com.'," +
- "'private': '" + SigningData.ksk2Private + "'," +
- "'public': '" + SigningData.keyDnsKeyRecord + "'" +
+ "'private': '" + SigningData.ksk2Private.replaceAll("\n", "\\\\n") + "'," +
+ "'public': '" + SigningData.keyDnsKeyRecord.replaceAll("\n", "\\\\n") + "'" +
"}");
zsk1Json = new JSONObject("{" +
@@ -86,8 +85,8 @@ public class ZoneSignerTest {
"'expirationDate': 1790812800," +
"'ttl': 31556952," +
"'name':'example.com.'," +
- "'private': '" + SigningData.zsk1Private + "'," +
- "'public': '" + SigningData.zoneDnsKeyRecord + "'" +
+ "'private': '" + SigningData.zsk1Private.replaceAll("\n", "\\\\n") + "'," +
+ "'public': '" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "'" +
"}");
zsk2Json = new JSONObject("{" +
@@ -96,8 +95,8 @@ public class ZoneSignerTest {
"'expirationDate': 1790812800," +
"'ttl': 315569520," +
"'name':'example.com.'," +
- "'private': '" + SigningData.zsk2Private + "'," +
- "'public': '" + SigningData.zoneDnsKeyRecord + "'" +
+ "'private': '" + SigningData.zsk2Private.replaceAll("\n", "\\\\n") + "'," +
+ "'public': '" + SigningData.zoneDnsKeyRecord.replaceAll("\n", "\\\\n") + "'" +
"}");
}
@@ -118,24 +117,20 @@ public class ZoneSignerTest {
@Test
public void itReturnsSameResults() throws Exception {
DNSKeyPairWrapper ksk1Wrapper = new DNSKeyPairWrapper(ksk1Json, 1234);
- ksk1Wrapper.setPrivate(new Pkcs1(SigningData.ksk1Private).getPrivateKey());
assertThat(ksk1Wrapper.getDNSKEYRecord(), equalTo(kskPair1.getDNSKEYRecord()));
DNSKeyPairWrapper ksk2Wrapper = new DNSKeyPairWrapper(ksk2Json, 1234);
- ksk2Wrapper.setPrivate(new Pkcs1(SigningData.ksk2Private).getPrivateKey());
assertThat(ksk2Wrapper.getDNSKEYRecord(), equalTo(kskPair2.getDNSKEYRecord()));
List<DnsSecKeyPair> kskWrapperPairs = new ArrayList<>(asList(ksk1Wrapper, ksk2Wrapper));
DNSKeyPairWrapper zsk1Wrapper = new DNSKeyPairWrapper(zsk1Json, 1234);
- zsk1Wrapper.setPrivate(new Pkcs1(SigningData.zsk1Private).getPrivateKey());
assertThat(zsk1Wrapper.getDNSKEYRecord(), equalTo(zskPair1.getDNSKEYRecord()));
DNSKeyPairWrapper zsk2Wrapper = new DNSKeyPairWrapper(zsk2Json, 1234);
- zsk2Wrapper.setPrivate(new Pkcs1(SigningData.zsk2Private).getPrivateKey());
assertThat(zsk2Wrapper.getDNSKEYRecord(), equalTo(zskPair2.getDNSKEYRecord()));
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
index 6ddf554..8fd7708 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
@@ -1,6 +1,7 @@
package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
-import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
+import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
+import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1KeySpecDecoder;
import org.xbill.DNS.AAAARecord;
import org.xbill.DNS.ARecord;
import org.xbill.DNS.CNAMERecord;
@@ -13,6 +14,7 @@ import org.xbill.DNS.SOARecord;
import java.net.Inet6Address;
import java.net.InetAddress;
+import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
@@ -24,6 +26,7 @@ import java.util.Arrays;
import java.util.Date;
import java.util.List;
+import static java.util.Base64.getMimeDecoder;
import static org.xbill.DNS.DNSKEYRecord.Flags.SEP_KEY;
import static org.xbill.DNS.DNSKEYRecord.Flags.ZONE_KEY;
import static org.xbill.DNS.DNSKEYRecord.Protocol.DNSSEC;
@@ -57,11 +60,8 @@ public class ZoneTestRecords {
}
private static KeyPair recreateKeyPair(String publicKey, String privateKey) throws Exception {
- Pkcs1 pkcs1 = new Pkcs1(privateKey, publicKey);
-
- PrivateKey privateKeyCopy = pkcs1.getPrivateKey();
- PublicKey publicKeyCopy = pkcs1.getPublicKey();
-
+ PrivateKey privateKeyCopy = new BindPrivateKey().decode(new String(getMimeDecoder().decode(privateKey)));
+ PublicKey publicKeyCopy = KeyFactory.getInstance("RSA").generatePublic(new Pkcs1KeySpecDecoder().decode(publicKey));
return new KeyPair(publicKeyCopy, privateKeyCopy);
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
new file mode 100644
index 0000000..2e244ff
--- /dev/null
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/BindPrivateKey.java
@@ -0,0 +1,63 @@
+package com.comcast.cdn.traffic_control.traffic_router.secure;
+
+import org.apache.log4j.Logger;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.spec.RSAPrivateCrtKeySpec;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static java.util.Base64.getDecoder;
+
+public class BindPrivateKey {
+ private static final Logger LOGGER = Logger.getLogger(BindPrivateKey.class);
+
+ private BigInteger decodeBigInt(final String s) {
+ return new BigInteger(1, getDecoder().decode(s.getBytes()));
+ }
+
+ private Map<String, BigInteger> decodeBigIntegers(final String s) {
+
+ final List<String> bigIntKeys = Arrays.asList(
+ "Modulus", "PublicExponent", "PrivateExponent", "Prime1", "Prime2", "Exponent1", "Exponent2", "Coefficient"
+ );
+
+ final Map<String, BigInteger> bigIntegerMap = new HashMap<>();
+
+ for (final String line : s.split("\n")) {
+ final String[] tokens = line.split(": ");
+
+ if (bigIntKeys.stream().filter(k -> k.equals(tokens[0])).findFirst().isPresent()) {
+ bigIntegerMap.put(tokens[0], decodeBigInt(tokens[1]));
+ }
+ }
+
+ return bigIntegerMap;
+ }
+
+ public PrivateKey decode(final String data) {
+ final Map<String, BigInteger> map = decodeBigIntegers(data);
+ final BigInteger modulus = map.get("Modulus");
+ final BigInteger publicExponent = map.get("PublicExponent");
+ final BigInteger privateExponent = map.get("PrivateExponent");
+ final BigInteger prime1 = map.get("Prime1");
+ final BigInteger prime2 = map.get("Prime2");
+ final BigInteger exp1 = map.get("Exponent1");
+ final BigInteger exp2 = map.get("Exponent2");
+ final BigInteger coeff = map.get("Coefficient");
+
+ final RSAPrivateCrtKeySpec keySpec = new RSAPrivateCrtKeySpec(modulus,publicExponent,privateExponent,prime1,prime2,exp1,exp2,coeff);
+
+ try {
+ return KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+ } catch (Exception e) {
+ LOGGER.error("Failed to decode Bind Private Key data: " + e.getMessage(), e);
+ }
+
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
index ea50705..f871007 100644
--- a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
@@ -15,26 +15,14 @@
package com.comcast.cdn.traffic_control.traffic_router.secure;
-import sun.security.util.DerInputStream;
-import sun.security.util.DerValue;
-
import java.io.IOException;
-import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.spec.KeySpec;
-import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
-import java.security.spec.RSAPublicKeySpec;
-import java.util.Base64;
-
-public class Pkcs1 extends Pkcs {
- // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
-
- static public final String HEADER = "-----BEGIN RSA PRIVATE KEY-----";
- static public final String FOOTER = "-----END RSA PRIVATE KEY-----";
- static final int PRIVATE_SEQUENCE_LENGTH = 9;
- static final int PUBLIC_SEQUENCE_LENGTH = 2;
+import static com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1KeySpecDecoder.FOOTER;
+import static com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1KeySpecDecoder.HEADER;
+public class Pkcs1 extends Pkcs {
public Pkcs1(final String data) throws IOException, GeneralSecurityException {
super(data);
}
@@ -55,35 +43,6 @@ public class Pkcs1 extends Pkcs {
@Override
protected KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException {
- final String pemData = data.replaceAll(HEADER, "").replaceAll(FOOTER, "").replaceAll("\\s", "");
-
- final DerInputStream derInputStream = new DerInputStream(Base64.getDecoder().decode(pemData));
- final DerValue[] derSequence = derInputStream.getSequence(0);
-
- if (derSequence.length != PUBLIC_SEQUENCE_LENGTH && derSequence.length != PRIVATE_SEQUENCE_LENGTH) {
- throw new GeneralSecurityException("Invalid PKCS1 key! Missing Key Data, incorrect number of DER values for either public or private key");
- }
-
- if (derSequence.length == PUBLIC_SEQUENCE_LENGTH) {
- final BigInteger n = derSequence[0].getBigInteger();
- final BigInteger e = derSequence[1].getBigInteger();
- return new RSAPublicKeySpec(n,e);
- }
-
- // man 3 rsa
- // -- or --
- // http://linux.die.net/man/3/rsa
-
- // We don't need the version data at derSequence[0]
- final BigInteger n = derSequence[1].getBigInteger();
- final BigInteger e = derSequence[2].getBigInteger();
- final BigInteger d = derSequence[3].getBigInteger();
- final BigInteger p = derSequence[4].getBigInteger();
- final BigInteger q = derSequence[5].getBigInteger();
- final BigInteger dmp1 = derSequence[6].getBigInteger();
- final BigInteger dmq1 = derSequence[7].getBigInteger();
- final BigInteger iqmp = derSequence[8].getBigInteger();
-
- return new RSAMultiPrimePrivateCrtKeySpec(n, e, d, p, q, dmp1, dmq1, iqmp, null);
+ return new Pkcs1KeySpecDecoder().decode(data);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
new file mode 100644
index 0000000..036f3cd
--- /dev/null
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1KeySpecDecoder.java
@@ -0,0 +1,54 @@
+package com.comcast.cdn.traffic_control.traffic_router.secure;
+
+import sun.security.util.DerInputStream;
+import sun.security.util.DerValue;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Base64;
+
+public class Pkcs1KeySpecDecoder {
+ // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
+
+ static public final String HEADER = "-----BEGIN RSA PRIVATE KEY-----";
+ static public final String FOOTER = "-----END RSA PRIVATE KEY-----";
+ static final int PRIVATE_SEQUENCE_LENGTH = 9;
+ static final int PUBLIC_SEQUENCE_LENGTH = 2;
+
+ public KeySpec decode(final String data) throws IOException, GeneralSecurityException {
+ final String pemData = data.replaceAll(HEADER, "").replaceAll(FOOTER, "").replaceAll("\\s", "");
+
+ final DerInputStream derInputStream = new DerInputStream(Base64.getDecoder().decode(pemData));
+ final DerValue[] derSequence = derInputStream.getSequence(0);
+
+ if (derSequence.length != PUBLIC_SEQUENCE_LENGTH && derSequence.length != PRIVATE_SEQUENCE_LENGTH) {
+ throw new GeneralSecurityException("Invalid PKCS1 key! Missing Key Data, incorrect number of DER values for either public or private key");
+ }
+
+ if (derSequence.length == PUBLIC_SEQUENCE_LENGTH) {
+ final BigInteger n = derSequence[0].getBigInteger();
+ final BigInteger e = derSequence[1].getBigInteger();
+ return new RSAPublicKeySpec(n,e);
+ }
+
+ // man 3 rsa
+ // -- or --
+ // http://linux.die.net/man/3/rsa
+
+ // We don't need the version data at derSequence[0]
+ final BigInteger n = derSequence[1].getBigInteger();
+ final BigInteger e = derSequence[2].getBigInteger();
+ final BigInteger d = derSequence[3].getBigInteger();
+ final BigInteger p = derSequence[4].getBigInteger();
+ final BigInteger q = derSequence[5].getBigInteger();
+ final BigInteger dmp1 = derSequence[6].getBigInteger();
+ final BigInteger dmq1 = derSequence[7].getBigInteger();
+ final BigInteger iqmp = derSequence[8].getBigInteger();
+
+ return new RSAMultiPrimePrivateCrtKeySpec(n, e, d, p, q, dmp1, dmq1, iqmp, null);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java b/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
new file mode 100644
index 0000000..e7c5043
--- /dev/null
+++ b/traffic_router/shared/src/test/java/secure/BindPrivateKeyTest.java
@@ -0,0 +1,85 @@
+package secure;
+
+import com.comcast.cdn.traffic_control.traffic_router.secure.BindPrivateKey;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.api.mockito.PowerMockito;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.powermock.modules.junit4.PowerMockRunner;
+import sun.security.rsa.RSAPrivateCrtKeyImpl;
+
+import java.math.BigInteger;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.spec.RSAPrivateCrtKeySpec;
+
+import static java.util.Base64.getEncoder;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.equalTo;
+import static org.mockito.Mockito.mock;
+import static org.powermock.api.mockito.PowerMockito.doReturn;
+import static org.powermock.api.mockito.PowerMockito.when;
+import static org.powermock.api.mockito.PowerMockito.whenNew;
+
+@RunWith(PowerMockRunner.class)
+@PrepareForTest(BindPrivateKey.class)
+public class BindPrivateKeyTest {
+ private String privateKeyString;
+ private PrivateKey privateKey;
+
+ String encode(BigInteger bigInteger) {
+ return new String(getEncoder().encode(bigInteger.toByteArray()));
+ }
+
+ @Before
+ public void before() throws Exception {
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+ keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG","SUN"));
+ KeyPair keyPair = keyPairGenerator.generateKeyPair();
+
+ RSAPrivateCrtKeyImpl privateCrtKey = (RSAPrivateCrtKeyImpl) keyPair.getPrivate();
+
+ privateKeyString = "Private-key-format: v1.2\n" +
+ "Algorithm: 5 (RSASHA1)\n" +
+ "Modulus: " + encode(privateCrtKey.getModulus()) + "\n" +
+ "PublicExponent: " + encode(privateCrtKey.getPublicExponent()) + "\n" +
+ "PrivateExponent: " + encode(privateCrtKey.getPrivateExponent()) + "\n" +
+ "Prime1: " + encode(privateCrtKey.getPrimeP()) + "\n" +
+ "Prime2: " + encode(privateCrtKey.getPrimeQ()) + "\n" +
+ "Exponent1: " + encode(privateCrtKey.getPrimeExponentP()) + "\n" +
+ "Exponent2: " + encode(privateCrtKey.getPrimeExponentQ())+ "\n" +
+ "Coefficient: " + encode(privateCrtKey.getCrtCoefficient())+ "\n";
+
+ privateKey = mock(PrivateKey.class);
+ KeyFactory keyFactory = PowerMockito.mock(KeyFactory.class);
+
+ PowerMockito.mockStatic(KeyFactory.class);
+ when(KeyFactory.getInstance("RSA")).thenReturn(keyFactory);
+
+ RSAPrivateCrtKeySpec spec = mock(RSAPrivateCrtKeySpec.class);
+
+ whenNew(RSAPrivateCrtKeySpec.class)
+ .withArguments(
+ privateCrtKey.getModulus(),
+ privateCrtKey.getPublicExponent(),
+ privateCrtKey.getPrivateExponent(),
+ privateCrtKey.getPrimeP(),
+ privateCrtKey.getPrimeQ(),
+ privateCrtKey.getPrimeExponentP(),
+ privateCrtKey.getPrimeExponentQ(),
+ privateCrtKey.getCrtCoefficient())
+ .thenReturn(spec);
+
+ doReturn(privateKey).when(keyFactory).generatePrivate(spec);
+ }
+
+ @Test
+ public void itDecodesPrivateKeyString() {
+ PrivateKey key = new BindPrivateKey().decode(privateKeyString);
+ assertThat(key, equalTo(privateKey));
+ }
+}
[03/12] incubator-trafficcontrol git commit: TR now interprets
dnsseckeys.json as Bind Private Key format
Posted by ne...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
index ba7d8d8..7126444 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningData.java
@@ -17,561 +17,518 @@ public class SigningData {
// All data below is based on PKCS#1 format, see https://tools.ietf.org/html/rfc3447#appendix-A.1.1
static String ksk1Public =
- "MIIBCgKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOFoBMm" +
- "eFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvKaITI" +
- "Gi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv1XbL" +
- "/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQAB"
- ;
+ "MIIBCgKCAQEA3YoFGF+61eZRLUAA1kQLUreud4rMQw9jabHY9R7zXZIEFfhIPh760MtY2DhxrqktXIcwexHP8IGwSLXB2bdMcA+d" +
+ "ml84vFJkbvTYKSdwyy6CW1Q1Rruyygj0IlciHUGNNKgwigVL9SsPfVqEn8/3ROgWe9QZDu6s8LyuacH7xukzrX4Ad+KRiI/LLVBm" +
+ "6rJkNoQ3uweyCu6sCQWynvajKDRM37JDLxdUc+gLrDswLn2gROIwjugKEN6ay5/GPbaH4CcIbGuwaZ42LX+vqWJt1cLPMzOpP2GG" +
+ "q5GB4Ai8q8Q5oeyWzKalHjmRdokdDlrv2de64i1kK+S1BMLK5Z7bPQIDAQAB";
static String ksk1Private =
- "MIIEpAIBAAKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOF" +
- "oBMmeFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvK" +
- "aITIGi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv" +
- "1XbL/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQABAoIBAEbgZ8KBxcGwupWzwNaSKqRDj9epoO7k" +
- "10wPCGVCwh6/k2t6aP6INYyMgGd/Ncx/6Z+o8tDBrCejsQiK+GOnU70jjgNE/l5vW4l/Joa203vZJX7gognsKvARBazCfwiwy/bh" +
- "dpOnn00cPBBAWZPVvM2tKg71ofwjOgU32JjilCAyUqnOqjtMsBsfiEvlTQfo85bRGSxmgcPaOMvSK7C1ockd28H0TkVpVyik0qlu" +
- "W8EFqbMg4UJp+wSaMpMuKlE9MuogpLf6ZwQzClVCKTd5vWIqT11ltZAVYsz+1Nok8DTLIEm4h1dVU4u8HKlGAF/djpxwxJ/La1iL" +
- "wJYdV2mocAECgYEA+HV3PQDx3wScwbIX1HBtlMR54EHDnvenBbqSBY9RzPho1L8bq8vCSFz9e31jkgaRNQHSddeX7sxhIbnvuusI" +
- "b9laQBm4SGKYf10ftc0apkt5oXQub+tlrsH5EGcspy/1jyg4Fw9PDdNQdOiqjfdylQYRFkvaWMrf07FCWbO85VECgYEAv79rkyfW" +
- "TX0uLa68xzhK+TaABvUJ2miZQZ2QK3MJntoNn2VuC3jBooYCbMa0UkV3aOkIsiSjRZkNYBGAaMaC3nzLYvhhfblJWyjp6W2IidzV" +
- "4jH+Rz1Rk699wBpfCL5/v7Dq1orU3doKW0S9pVJIKBXS2xVNAG+TkH7q0maDfFMCgYBy01bYCqe9uhP4MKZyt8LtDiCFU99kiG/Y" +
- "ZfE2QJY9dFB+ghP3waN4bgF4IOrzgbV6Ge16KLk+05XQUG5KpHSxvHHJThms2mQ/+Hm/O5slX5xG0brkXpYPvfWtbwFkAvYpwxyp" +
- "C5oteYulfCHWmpWJ6dPbyhKPFrN60mEns7mJAQKBgQCsTAwU8eH+RTKed/pHpUyxPQizt7G/4Od9b2Chuj/1zogZJ6JHip2sNXCu" +
- "X6qelq8ixOs8b/GKU2oSXgednmrwEwELEJdByqGg2VW+m97pylciZrvPNck8xJ9hZBDrIYpXLFkIqT13kDpoIo+qoxIVeu66UByd" +
- "/KSDXZgRsW4K4wKBgQDBIqcT36J1bCAKotYFtjVYjjgyYTAoG8qXBsOQTY48q/Bj1AsZQE97Cz67xzGGoPNi0qPNq1fgKgIZO8dk" +
- "r1qE6xXBbiGeXzB5zZPzM7Mc88Z3OBXIiPZan4cMGJwNVxtBLPlX8TpQDy11/3YlENIfTnKM7UfQbA0mS5toRlwoog=="
- ;
+ "UHJpdmF0ZS1rZXktZm9ybWF0OiB2MS4yCkFsZ29yaXRobTogNSAoUlNBU0hBMSkKTW9kdWx1czog\nQU4yS0JSaGZ1dFhtVVMxQU" +
+ "FOWkVDMUszcm5lS3pFTVBZMm14MlBVZTgxMlNCQlg0U0Q0ZSt0RExX\nTmc0Y2E2cExWeUhNSHNSei9DQnNFaTF3ZG0zVEhBUG5a" +
+ "cGZPTHhTWkc3MDJDa25jTXN1Z2x0VU5V\nYTdzc29JOUNKWEloMUJqVFNvTUlvRlMvVXJEMzFhaEovUDkwVG9GbnZVR1E3dXJQQz" +
+ "hybW5CKzhi\ncE02MStBSGZpa1lpUHl5MVFadXF5WkRhRU43c0hzZ3J1ckFrRnNwNzJveWcwVE4reVF5OFhWSFBv\nQzZ3N01DNT" +
+ "lvRVRpTUk3b0NoRGVtc3VmeGoyMmgrQW5DR3hyc0dtZU5pMS9yNmxpYmRYQ3p6TXpx\nVDloaHF1UmdlQUl2S3ZFT2FIc2xzeW1w" +
+ "UjQ1a1hhSkhRNWE3OW5YdXVJdFpDdmt0UVRDeXVXZTJ6\nMD0KUHVibGljRXhwb25lbnQ6IEFRQUIKUHJpdmF0ZUV4cG9uZW50Oi" +
+ "BBSXNsWkh2aHJNMHF3elBq\ncm1MbURDS2hRaEROZWV4bzN1MEZDcHN6SEhKYUF2ejFuQktBak5MVjFmREF5dzZFTGZ5ZTRPRjcx" +
+ "\nNXBkS3FjUW1qZ3YrKytxcnpmRnRUSDdvaDlhNCtZOVlvZ0xwMDdMdmthMkg5N3I3c01lN1V0bzM5\nTUNETEswRHZobldteEdq" +
+ "V1IvVC9UVXZVSjdmbDIxcGFQekxxMDRiUGFLV1J1Ti9SYWdsMVFoVnRQ\nWjRRcUFxZ0hkMzNJUDlNd2RsWmRPd0VIZDZhNHpFMk" +
+ "1pcFNWK281N21CbXRjZW10dVZPYmJmMXRG\nTkJCdDI2RERSQkVTZ3E5UEdzb0xGUlBTSU1JdFVtOGdJUzBJVUdGOWhOTCtlUmE1" +
+ "aXplb0kwbkRU\nUVFmWEpRbmIyTXVaTVFEb0RoaHdmdVZJd2ZFRHh2ZTFvb21mMENZTnJVPQpQcmltZTE6IEFQcisv\nMTZMaUov" +
+ "TUVVQXQxVUVKSG9KYWk4TGdrRVFuRE5TS3RVeE5BV2hrSy9FTXZxNUxlbGlRMk9qZmFD\nRXlGQU9ZVVUvQWJJK3J5WEVvOExmK2" +
+ "1mTjRXejkzc1o5elJpSklSWDlRVnhYODhpOG56VUI5SUlL\nMVJHMks2K3VoYzFSQjJ4KzNXOFpXa2o4Y3pZS0RDb3JSdkI4SHhU" +
+ "bDM4cGNQanNDQ3IvdWIKUHJp\nbWUyOiBBT0gwcndheDZXYitrYVJ1NTlqdy9BRzhSMEg1aGNpenYrWTZNWHNMZVpVcXdaNDh3SD" +
+ "dh\nakFlYzYrUFBVei9rNTlXWTE2bmErU0p1MzBSVEIzeTR6ZzdSa3JlYWdZb1dhOW5oaTRncWdraDFy\nWjcrcFNjTXpTaHNoaE" +
+ "tENWJDcmkyVWJ1c1AySU1tMG13b0UyZDczc0lkSFVBYkVnOHlrL3NVL1gz\ncWhMWTRICkV4cG9uZW50MTogQUpGRi9qQ091bWtq" +
+ "QitrSm5pQ2lVcEpJTGhTQlBYNzB5eXhKakYy\nNVJGTlRoMHRoZ1F3SWk2dXZTcHlla2ZxRXJhalhCRmtRbXNVZFBON09QMlYvYT" +
+ "BQTUthUTJkd3cv\nQUJ6Zmo3bjhtaXNUMkdrS3RIWGE5bkl3MElaR25mNG4yRVN3U1UrMkpOeExSeUpZWFdwb3hqVks1\nNE5lVC" +
+ "96UFBBM0s1Mmp0TzBaNQpFeHBvbmVudDI6IGFZV3BqNGphcFh6UmEyZFg0eHAzdGgvRmIy\nd21MRnExamNFemhuRVBjTGdzLzhj" +
+ "RFpycU5scWlVQ1NtemlTMVBqNUwzZEoyTXA2WDdvcDdiNmtV\nc0JnT2RieDA2emRBMndlUHhFOEEyWTd5QlByVlJUM0ZOQmtuWU" +
+ "95Rlp6UzN2eFdJejBIeExSNmVP\nbUJrMzNrYnlLOXNENW9VendBaDE2b3Z6L1FMMGtWVT0KQ29lZmZpY2llbnQ6IERra0NKVDBn" +
+ "NFpT\nRUlpcEpHWEtUZFJpYzcxWXloYld5anp6NC8vN0xmUGo1ZDg4ZDk4OGg0MlNUdnNlbTVBTDk3RS9i\nbUVvRThHSkR6MkRs" +
+ "NXRSdC9adU43bTN0SE5DWXVFelVrSkJnZUJ0S2xycC9haGFDWE91U1k5K1lE\nM3pYZjRCaGFWcEhBRG1IT25QUHlXVnZOV1FYTU" +
+ "ZYLzZOT2I2ME0rbktDemI0az0K";
static String ksk2Public =
- "MIIBCgKCAQEAnfIvyDGTXKrFOF4ER58wPTlSkb+AEdQDSJvIyZ8xflzgCFAobqjPGleKg4CSN7CSgu9FeweQFG9q06m5U42O8df6" +
- "P8JmOviInLhdbOhUoRNxrAU6zIOvgHoB1NKm3ienoX/nn2xvO+LeiWwgjyNUpihRnxerLKuaMFB/t05cgtyhzzc0RPOu+qJrSxgM" +
- "yjbGwM+b06pEUQitVmE9rjOjcgGuljDenASAv4IuEO4M5ZVJ+XJs/+ZFjIIoYRNuOUvzeLC/VwOuHzlvGmcWy2MBCbryeIBIuYRn" +
- "mSw7reuD6OFk7Jc9OydhTnmqri+fGFSJuA6k1Ieu4fLgpWGRgVFUiQIDAQAB"
- ;
+ "MIIBCgKCAQEAmIGQ+fK6fHT/bWKfaptKJGh/TLM42vOlf33ERRYbts4LLk3BygimBXLgI5oBDet724kuTitrrEDkVxMWHjW6TAjI" +
+ "7NPfi2/CAnj1MjnQwztxG9lzKLCi5laSS6ORDGbZdo6kIZ/enXzTav3SQy1dcB6H9uJBO2ZPkTndPyC9AdxpseZBfVKKsPhL6KSw" +
+ "RqFu/OfYlguM4tpSxRVYdz1Kl6xLFiYyY/hYtc13EG5veDYSU1zqfj+aO/p3GyraD38gWuoSWTvOwlUtwWtPw8UBei3dtoH9BBgQ" +
+ "qzcONKaMbR8zzTU61/vuYTjt7HfK4IThOTNRt2ZtXbZuZlJX2avsxQIDAQAB";
static String ksk2Private =
- "MIIEpAIBAAKCAQEAnfIvyDGTXKrFOF4ER58wPTlSkb+AEdQDSJvIyZ8xflzgCFAobqjPGleKg4CSN7CSgu9FeweQFG9q06m5U42O" +
- "8df6P8JmOviInLhdbOhUoRNxrAU6zIOvgHoB1NKm3ienoX/nn2xvO+LeiWwgjyNUpihRnxerLKuaMFB/t05cgtyhzzc0RPOu+qJr" +
- "SxgMyjbGwM+b06pEUQitVmE9rjOjcgGuljDenASAv4IuEO4M5ZVJ+XJs/+ZFjIIoYRNuOUvzeLC/VwOuHzlvGmcWy2MBCbryeIBI" +
- "uYRnmSw7reuD6OFk7Jc9OydhTnmqri+fGFSJuA6k1Ieu4fLgpWGRgVFUiQIDAQABAoIBAQCQUTyLpZDKeVcfO/iZIMFJD9l8RwhU" +
- "Qe6GJ6H9aDInDeG+ds+a3S/vF9H+ejogHHyimtJXqf9iTLPFly05RP05yWhlXdFfTLw2xtbGrjq1uziAP38MY762m8SUm63RC1bF" +
- "4ELZjpDMnW1ND7loUJYGBI0f2taTSHDoeIVaDoXFIzLCEFXBHEJoA2nL4TijR6C6Dmgnukllyo2SGugO/yaHvdREoxw6U390HsoS" +
- "+A25FzLSb8sPg84FO+ObqB1Zj71BQ3PJ+pIZP542UeSapRJMFmCvFUi9aUCOoJfPZB4/MPQNxAKYZLesYALvubdLlLDNEbEY2C8R" +
- "NUv+C7iHXk0BAoGBAO9Oj6mxjo/huiAL7P3XoPg3MHvVDsFcO1LtSoQh9tvqcf3uYIH76qulx0wNTOGlhlJTMDrqq5hcXri3sTsA" +
- "7nU1qFeMYyvQduJsstXYU5Hzu5OTPGEL/N6Ph9nrgfxfVSXExqCRsTsDLAVnJ+N+kFfNhZnkWMzjWmy+MLjowiaxAoGBAKj2uAJ6" +
- "E/T8lN72TtsLyjXrNUgjDgtmMccC/UmTUgC+SgyPH62HgNh2XH0HhyOrfuXS7jN89LZvUwxhF+C8/77yrx7K80qNi39XL0lRWBst" +
- "qVX2hQPfjm929Zs9/OJeVIuzse63THERr2k0isA84tzcPMQh1BBA3+1Gd2HhijFZAoGAdNJcLZHhL3oZO3W27sBp82I1x+3dcyVM" +
- "TJJMUy6lbPwJQ9YvxKSvDbYzEXxYsLr2VJAJtmlC9XD6SKBb45rzzcIw+PQuoX/12VkJAH3HZjOeuU8iJZoNirR0tDxUy1faoEJs" +
- "WIxnAZDt14FhJpxtaH+LHfIsK3E9fmJmNI5j4TECgYAA9i6D7Rfx/AII5tP6ES4ccnNCLtjknbdIz66LXahI0sxvF91xSmUkVkAe" +
- "gg112YMGYdXzOxHVe/q4BlFxeQHnn0/51+Pcl8OkfOWLAEiFFxRwpc+J/xq7bazmLksjKrBGf0ZS+n4X4qbh7Wegwnf0E9jQsPSZ" +
- "BxV/Lzh8uSDlOQKBgQDUQ4K3tmIyNRiRwoBsc703yRJau418wkGLmDJkHV9wqDdc558w6ywr6rPR34bhJJUKwzD3rOjzCYwbGf77" +
- "1yUYqrv+R1pFJgqZE2OudiqAFYo749/oWtIC/+wn5cLUnXOGl3qndVoxQjOxoocjaalFZwJMFelX5z+9EQZXY+J9Zg=="
- ;
+ "UHJpdmF0ZS1rZXktZm9ybWF0OiB2MS4yCkFsZ29yaXRobTogNSAoUlNBU0hBMSkKTW9kdWx1czog\nQUppQmtQbnl1bngwLzIxaW" +
+ "4ycWJTaVJvZjB5ek9OcnpwWDk5eEVVV0c3Yk9DeTVOd2NvSXBnVnk0\nQ09hQVEzcmU5dUpMazRyYTZ4QTVGY1RGaDQxdWt3SXlP" +
+ "elQzNHR2d2dKNDlUSTUwTU03Y1J2WmN5\naXdvdVpXa2t1amtReG0yWGFPcENHZjNwMTgwMnI5MGtNdFhYQWVoL2JpUVR0bVQ1RT" +
+ "UzVDhndlFI\nY2FiSG1RWDFTaXJENFMraWtzRWFoYnZ6bjJKWUxqT0xhVXNVVldIYzlTcGVzU3hZbU1tUDRXTFhO\nZHhCdWIzZz" +
+ "JFbE5jNm40L21qdjZkeHNxMmc5L0lGcnFFbGs3enNKVkxjRnJUOFBGQVhvdDNiYUIv\nUVFZRUtzM0RqU21qRzBmTTgwMU90Zjc3" +
+ "bUU0N2V4M3l1Q0U0VGt6VWJkbWJWMjJibVpTVjltcjdN\nVT0KUHVibGljRXhwb25lbnQ6IEFRQUIKUHJpdmF0ZUV4cG9uZW50Oi" +
+ "BlRWQzK0NvZ09waHIrL0dV\nbVpmd1dkYXd6K1ZxS2dXUHVZV1BqbzFwUGp3elJVbStWWUdNcnk5eTU2Rkd3NXUrQzkrZHpia2hL" +
+ "\nckhqWldtQVFFTlBzemdhZis1Nm1KYUVCVDh3NDNRRjJuUy9PSisvMjQrMGFzWk1pNnR0Y3NLTE1K\nNC9oT1Y1eGV2MU1xVU5l" +
+ "RDRITzY1WXZiYWtqQnlkRklUMm9odEg5bmFQMzhPQ21obGt3UTMvZjJ3\nQ2RxcGs0VFVIcXNndkt0UjhnUmpsRytHTUNKNnJBb3" +
+ "FwdDZLK3VpSmhjaFZLTVdmSUVIdk81bjdH\nN090VHpMYXJydVFjbFdPZDcyMXM2azh6bjFtZFZDSno5dHg2WTBEVU4vOC81T2dt" +
+ "TlVYdWJCcWlR\nMHZYU29tdnpCVDBYb21CQXVRWFcrNmV1VWJkVmFuVUVRaGZ5OWQyNFE9PQpQcmltZTE6IEFOT0Rk\nRUJhNVRF" +
+ "SmlkUS9wNmFGUndIRER0NGNyR1BTc0kzdGR1RjVrQjYzVkRQVm9acDNtUUcrNm5wOWc5\nbVFkOG1QTGpNaXhJbk1IT1kraGpJeE" +
+ "84WWlVSk83UHo3OUc2LytPd1N2d3NnWU1wVTd6Y0N5Z1V3\nSGR1U2xtSlE4Y3lHUzk1V1ZaOW9CSGdyOVV0VkF6MlBaMS9WY2NT" +
+ "MmMzV0l2RnBVekpZWWIKUHJp\nbWUyOiBBTGlVK0tFa01MdlRlbG4weE1QWkpHZGlOcG9JeEFkODhySjRMb0E5S0hvQU9nb0RIV1" +
+ "ZR\nYjdZN1kyS0tLb1BONWxYTS84Uk5iU0ZDRnl4Vy9CbXMrVklYVU5teG4yTlF3UXl2L0VrYnNrNHRq\neHVnemdoS1hFazhMWG" +
+ "NJaENVSVZOUzBTWHJWSXZ4Z0ZOeVR5U2dlM3hVQjBZcUVEdTVpM2lhQ3hY\nR2tPd2FmCkV4cG9uZW50MTogZFErSTFHRTUvWFRJ" +
+ "K2xZc2hDVzVFY21SdmUzaW52Q3BWRE43bXZo\nN2dmUjJ2cVZhWmpJUTFYMkRLajJ6TGtNZGVNa3NpWktSY2E0c3hHVVFRbEVyUX" +
+ "RJVkJGNGFkOUwv\nY3R6aWJ3cVRZOGk0bmcxV0ozTGp5bDlMTnVwTFVxZE9GT1BROE5HYWczWWcyWFl3Vk9Ra281K2FQ\nU3BuWF" +
+ "JZM0ZETDViYU83L2NjPQpFeHBvbmVudDI6IGJ2aVpOZ0FWRUlkSEV0Z1dpQXgvVjJ4em1V\nM1YxUTZvdHVXTVIycjliOE85SVJI" +
+ "WVZYWHpnNkxXMElKeXB3VmVDbzJSNDRvTkp5YWQyZmw5M1Uz\naUl4bURjUzNadnBMcFRXQnNrK09ENG41L2dFUEFPcm5DSEFHQz" +
+ "hBSjl0K24zWGwzNW8xQ0tsU0tL\neUVaTmRNS0NxaFdLemZVeEtON2w0azlTdDB6ZWM4OD0KQ29lZmZpY2llbnQ6IEFNMlhjUitM" +
+ "ZEJF\nZmFrdURweGoxa0Q1R0hlaHk5c2VvMFZlM0k5cG0vSHQ5djRZOVh1VTM1T205R1VvaTBwa1k0cU1n\nMHo4K0JhSVFpeDE1" +
+ "VFNkOHlNVmZPWDd6MWxaai80WUVRT2lQQkZjVlpJWmtlZGtnNktYdmp3bzlK\ncWdvTUh5MHZyTW1MbExNUTRyL2VTbDBzbExsZm" +
+ "ZhbFlnaG1CQnJxTmtXYWZLQzcK";
static String zsk1Public =
- "MIIBCgKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ7P2d" +
- "s5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB0dqI" +
- "0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwRT+HK" +
- "pv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQAB"
- ;
+ "MIIBCgKCAQEAwmmLY619r5TppHD+ZLEmGKHeGX/Q/k7+39dcjaBPsF0kc6XF3LHza0/Yz5ye433wiPNwXL+7TI1FnMG2APqyLqMq" +
+ "+B+b0yAIgZH1DTBLQjEsYqAesKgiIkXFsRQagebi8xb37UIL3FdcPBsbmPem9q0qnC5/FTnXHkSCAf2lZ2tYnG1aKpyVmyxNOXvC" +
+ "1/EdmGbjKhv+k3xvj39LWgJJrxvUxOeN0AYIKo2Nf1HeRyvwsAJtfi1NzOV++F1P7GPKAqLZGXzxe5zKnytNBnMhRMU3JekXCurj" +
+ "vWqu6yBMvtnTz++K5PIG+L+sUztaqE9BbTOe37isP+HIHAkOdmXMVQIDAQAB";
static String zsk1Private =
- "MIIEowIBAAKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ" +
- "7P2ds5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB" +
- "0dqI0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwR" +
- "T+HKpv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQABAoIBAD5r5hxVKyMSscVC0ZpmnEstV1KxUX3/" +
- "AHuTl+N7AQnqn4PFH9aP+jc/ci/2Ae6Rh5m9uxZJPwIvJiH597C0IRnMTepVJnOZ8L85iSoGQ6x0Y776pXpiCoyTFkp8GkKJvMTJ" +
- "oZUhCstrRfiLS+V2cstoh+AopbKHvu9Y1wNM5xnecNjUFH04YHIlsfi7J+sMdAOPE8DDX+13OCwzX0Xo6sE+amfkC9ZiAd8rJrDu" +
- "2JNQEP0nZPzYkJDHnnYCLs5Io6Lpmp0i+eu1iXJpTsAuE0u3IswdkYjb9mFLQJ8LK5ir/hIKNBWw0s1rvedrxZ+YDLWz7Gl9H/EX" +
- "oYVZFxArXGECgYEA9RawFyxVnCt7KzMPRNcujqjPUXYNSPjDbrgADHIEOTFR3FP17WCZTvh0gNZJErOiVT2/wzRxNm1jYxSTshr1" +
- "9dzANQe4HabNs889BQvAZZDDe37PXc5OkLczLPJJXgL6Zm/YANAyag4ObqlJuDoCDQE2OZwPXg540O1AOxNUCIkCgYEAtyIS4hsA" +
- "lVjYpBYChbN0wx78ZydVVADNtj3qrileGh5MOhGlBboXZjQN3O0lSkLBJKCmZtak6Z+K5qwO8fi1+QrmoQzWgXDxWRQYu9+ey0us" +
- "8szVEOndk//nm1RWg0rwhY9xp9+E5g3XTn9nl3XA7Vw1y38quvBnLXnn7MMHk90CgYAWIqFuxltJCohKQ4dKgWC8E7T9t3rFr2n/" +
- "MvEWLqoA/FpXWuHoOYQ/JKNpC3F4Fe9AYZ5TJAZhkwmZ5j7cpCC4vuJBJ9xSGUGUzs/FB+WthqCRI8fYwgxId7NQiOVlb0FsRQeu" +
- "Mx+KgpB9IB7/W4XZ5NUf6N9ecFIrFHJro3hAeQKBgHFaSN/lIM5QSP//k54YPvyLUGW1Be7R9IKJ/pnAhzuZZ0tGIqPR1KvxKmeF" +
- "7d/yQ8SdH4Jl93uXwg0XkMSbUl+NLMWgwaErPGgLtWeMeaiR9cHvoS4v43O5IS2W3Vm05/1zlUD4bDVNeehfmco5G6qPuch0tQky" +
- "xlpyq2h0K1uNAoGBAKKrQQXchp9NS1YZb19NimrUPrPkOmc/Kw/EbS3IO+Z/rHTSPc2i4H28SdhmCP4ygE2szIv4bBARDmH4w7PC" +
- "ClH0El81t36tHBakZHUNACMXsqXCeBYaSuz0tWs7LNjXsGoOeQ+GJkYuzGQaFsmn7KsCW3ahGpsF0bgLcbESbWz6"
- ;
+ "UHJpdmF0ZS1rZXktZm9ybWF0OiB2MS4yCkFsZ29yaXRobTogNSAoUlNBU0hBMSkKTW9kdWx1czog\nQU1KcGkyT3RmYStVNmFSdy" +
+ "9tU3hKaGloM2hsLzBQNU8vdC9YWEkyZ1Q3QmRKSE9seGR5eDgydFAy\nTStjbnVOOThJanpjRnkvdTB5TlJaekJ0Z0Q2c2k2akt2" +
+ "Z2ZtOU1nQ0lHUjlRMHdTMEl4TEdLZ0hy\nQ29JaUpGeGJFVUdvSG00dk1XOSsxQ0M5eFhYRHdiRzVqM3B2YXRLcHd1ZnhVNTF4NU" +
+ "VnZ0g5cFdk\ncldKeHRXaXFjbFpzc1RUbDd3dGZ4SFpobTR5b2IvcE44YjQ5L1Mxb0NTYThiMU1UbmpkQUdDQ3FO\nalg5UjNrY3" +
+ "I4TEFDYlg0dFRjemxmdmhkVCt4anlnS2kyUmw4OFh1Y3lwOHJUUVp6SVVURk55WHBG\nd3JxNDcxcXJ1c2dUTDdaMDgvdml1VHlC" +
+ "dmkvckZNN1dxaFBRVzB6bnQrNHJEL2h5QndKRG5abHpG\nVT0KUHVibGljRXhwb25lbnQ6IEFRQUIKUHJpdmF0ZUV4cG9uZW50Oi" +
+ "BjYSt1cDFkb3pDaFVpS2ph\nMnA4TkhCSnNBcFZQN2FiY1BLRi9xZ0k1RjNVZ1A5Q002QVhYeHNVbWtDR1NlSTNJL3d6OGhBQksw" +
+ "\ndlU1NC9VVExYZHNnd0UvdTJFZ2lsR05KOWZtYVJQNHJuaDY4Q0dhVU12QlNqRnE3YVpINmZiT2VF\nRFNNcGdRdjRVR2xzOXpU" +
+ "L3hpVXBYbytQUG50TTNpRWYwVjJYd3VJVThKdUdHMndwblBZbjY5SDdM\nM3BEb0Q1cFoyNWJYOThkT3hJYUIrTjNRUlRPeVFtRX" +
+ "ZJVURVemNGYWJWdWR6L1kwZ1NwQnFLdExi\ndW1WR0xSb3pNTXc3MTV6a3dEUlBtdkJwSTVsQXIxWGxoUmpLczdYQVhDWU5YUjBY" +
+ "ZXAyTVk5THZN\nbi9sZXpISC91RTIzM1lxSkhjd0Z2RjZ4ZFV4bFpqZGYvVWEvN2NNY1E9PQpQcmltZTE6IEFQMUxF\nYzM0TXNx" +
+ "M2RoVUNocWtidWp4bTlqcWMvQVR5TXkwQjFqN1Vrb2tDM0JRQTZ0eis3d2NSOUlUbGo1\nNmZqV3MyQWZpdm1VeElkc2xUQWt2aD" +
+ "V4Qng3MlVCNC9RYlNsL1JtczFTY05RU0ZsSnpoRmNXVGFl\nVkRiS1VUckRld002eWp6cWVyWElyYlVET3FmYmcxaWRBZVYyRko3" +
+ "RWFPYjJPZlhMQ2J2UmoKUHJp\nbWUyOiBBTVI5WlN3alZ2RW1YT1lQLyswbFNwSTB3Nk92NkdhWDh6cmdSQzhFTzNVYWRHZzJFN2" +
+ "dI\nOWpIdDNBeGllKzRnY0FSZXFiaEFqcENYbFd3ZjQ0ejhQK0ZUTUF0WUhrU2tiaEpIODJMUXZmSjk2\nUFRPTGNtSS81czBaYm" +
+ "dTbU05TkpRemhiSEhDbVZCNXlkOFRTLzBHWTRKWENuUzJuWXNLT2MxcHdC\nNTlYTTNuCkV4cG9uZW50MTogQU5SRWR4VlBiUEZw" +
+ "c2pHRlBtaTE3ZXIwdG1FRWNrZUsyY3hiLzdv\nRDF4R3ZMZFF0dUtXZmw1MHJOT215b0J0a3h0VVVHNjdYS2ZjOXV4Nll6Qkhmcl" +
+ "E2aERPaHZIeVBS\nUXhEdHpYZElJWG4zOW5EK2tlZVJyMTVEa1lrWXRLR1E2Ni9OQUM4MkQxRGdoOXlKMVBJcUZnNHJB\nQXFacm" +
+ "x2RENLU01weURuUktqVgpFeHBvbmVudDI6IExtOXorWHBna1p6L1YxOXduQnEwQk5selly\ndXZzSTg0YkRHVDY0aVVoSmc3Nm1U" +
+ "ZFJDQ2RqaThvVWNUMGhOSWxwdUs0T1ZNSVhpTjBySmpjcmZU\ndkk5RUZDYWxKZmU5ZUUvUHRFTzFEOW9yTEF3KzJ3bW9kL2cvai" +
+ "toeHJBSks2cnRDWFVFc3M4RmZY\nM1dBeUZSbnRhbUFubUcyUHpjd2MzTzZnK0pPbjJ3RT0KQ29lZmZpY2llbnQ6IFBsa1pORVc3" +
+ "MEh1\nbWxzRG9UdUZJMlVNMUdlSUg5ZWhZRFZTbXlmalY1djVBUEtLbmdEMkVCTFNhRVhQQWlmRnNQSVZB\nVlNDeUxRSkYvRUpY" +
+ "cS9FUEhPL2s2QnJSS0pxUmU5QXlMblZOVjQ3dE5pcFRMNkNKMlNkMW9EeFQ0\na1lpN0dUL2J5Q2h2bDNyUkNTRThFZkhOQ1hsNz" +
+ "E1YU9OR21zbGFLeVhiTHVmYz0K";
static String zsk2Public =
- "MIIBCgKCAQEAsHViAEpAzWD0OAyXkk3SzazxQGKYRvCEh7ZUmBn6TWjefT+KqAEdcpbzoMoHM1lnxOyRHfEWbXWFulb+ecKElvwa" +
- "VdqSglbPbj7u7vb5a/y1S6rNKY9jbEBlrKykqlKBDbTGTK+LSnN8736o8Dg/kp0OhYyutKSTg7AlPCjr5A2EKUSkM5xbUbuXpCbk" +
- "3piO6YTtcUNA0gTzrsVEh3JcyFGALW/oWmk++d0mIOkUvVCFvAD8PcmqnjfR4MYkArwf5CkaBIMep7IIi5QwiyPuBkNJ9wJiIWFS" +
- "NOvrIDWpB6i+8r6dhVxyVb3HjSWkUViXNOM0ZXU1RK9/2VYkpqmc7wIDAQAB"
- ;
+ "MIIBCgKCAQEAnpzLRo0+qphsOPSebb0ZUsKtyg+gvGtMnZ4gw3QHH54lVSkEathGS4bEUFlqJ1pQ9oGX4jjxj2P6hjwmHCi0w+9N" +
+ "c5BqCzKwmYuMj1PeYZk5/cKY5nihBuzVP2aS2g+olC1dyrgn/ZxcQkJZqQuDVH9d6HyziVwwMp1+CIGbkAHUVWjo4dKOOI/1v0bh" +
+ "bejYXdwUoO33fRRlyVLMUv4uyT3aapnOdlTTjnDkwbuy2vNc570CwD63lqeYHJup/GkhZgDewA+YU57kf1Yva/1DQqRVyiZH3sSS" +
+ "BWsJAD+DNAL/hahCqyerviIf3Mas7WCQfrZU/oJKBfT0+eya8RCC5QIDAQAB";
static String zsk2Private =
- "MIIEpAIBAAKCAQEAsHViAEpAzWD0OAyXkk3SzazxQGKYRvCEh7ZUmBn6TWjefT+KqAEdcpbzoMoHM1lnxOyRHfEWbXWFulb+ecKE" +
- "lvwaVdqSglbPbj7u7vb5a/y1S6rNKY9jbEBlrKykqlKBDbTGTK+LSnN8736o8Dg/kp0OhYyutKSTg7AlPCjr5A2EKUSkM5xbUbuX" +
- "pCbk3piO6YTtcUNA0gTzrsVEh3JcyFGALW/oWmk++d0mIOkUvVCFvAD8PcmqnjfR4MYkArwf5CkaBIMep7IIi5QwiyPuBkNJ9wJi" +
- "IWFSNOvrIDWpB6i+8r6dhVxyVb3HjSWkUViXNOM0ZXU1RK9/2VYkpqmc7wIDAQABAoIBADrvqcDRDB3MkSUbR5Cs/4iEh7tqctPW" +
- "x10Qj+aRXqF2MkGA9I2yeaRpOIvujkMfTGJgZQOsH0KF6xlWrv358xD+uMkODLsNxZBb4q/bu2jO6bqRHJ8R7jIcvBjVPNZKYiIy" +
- "y7yXMR23vvW6xzAciVctr8j5OOzKvx5PudADFu5+6aPaVdFLhnsXz7ZJsDfPwKbTs5T44viqoHVVa1JhZT9o4o3/Qy/zvvoQrzwn" +
- "sjaGITxYM7ydwMwyIsiTg7iXK9lysJrmai3+DQpaolP4V2gJCibXGuWS936SqzQ3WXTUpVg9CuHWU61NsKbLk283ScL3bBmhdr0t" +
- "S4P1WKZZAxkCgYEA9rPFWyYYg9VQIOIZD/dJXusUgRzDyn1uE7bA518Yhcxx7600/ZvyL6BxA8pGwtbwVZrkAOndnp+mjA2Afoys" +
- "BpqFGlSGX5qwJIdLZtEVJh/j3hMTuTUz+KdFpuD2ZMKdVraHVwW170sd7QvmtWo3SBt8QYorGbQrJQrU0NOT8L0CgYEAtxvjNufp" +
- "Dl17ay2ujiQFNXXnO06QF/00y8h3EH8uQWcAWNUSDRo9TB7kGgxbiQSCvSuEWDDyeXaz/x5RWZSTzpIEWDnpG9xLIHEmDnQTlVAg" +
- "90n1rh57BJqAM2U3LWQ2JtYHZ6IOR2ZA3T9i88hB8HgP9SvyJHgJx3Ql+r6WLRsCgYEAxJOYlbm0XRATSjB/Ie68owqUixDdnjL2" +
- "DHVaHsLyqmKvAvk0OUUS5QpmI0wBuG1Gkh/awDOZqTSzo/N6SNxUkup7VvC1Jeb/pgu8dE/0Fy3gB2uSEsknAWJgKMom60D72EWX" +
- "cCsXvnZPgTwzeKkLJcTo7Nxo3ZFns5t+2mtM/c0CgYAXpIQr/Lm83xkmd5mIROJfSr/2imhUkJ8WiOXGvYUtcK08yxYvlum/QGXX" +
- "by0KfgibgFjwQjGsuUT4deOvG14SWAwzkBanQER7BeESEK7Ooq/+/g+40bq0l3ZiLHl5ZO0RCqWeHfCWC3/okVyneX36HKaC04/K" +
- "Ya1xkW+t9pnRbQKBgQCOJxUODmiQR8wmyXgNlSYFxVaajxhdecy5gVJnULroWVlt6+zAt0eTp3EKDoRcYq9JuvzZ9+Gd7SzczGZj" +
- "VChUpjHVHRTxZ1YSUzisuVntGAn3xosZOM+ZZFa4n488bPrWxWU89U+2+LZP+3M6XFqGW/T1UGteII3EoXLOEwHZUg=="
- ;
+ "UHJpdmF0ZS1rZXktZm9ybWF0OiB2MS4yCkFsZ29yaXRobTogNSAoUlNBU0hBMSkKTW9kdWx1czog\nQUo2Y3kwYU5QcXFZYkRqMG" +
+ "5tMjlHVkxDcmNvUG9MeHJUSjJlSU1OMEJ4K2VKVlVwQkdyWVJrdUd4\nRkJaYWlkYVVQYUJsK0k0OFk5aitvWThKaHdvdE1QdlRY" +
+ "T1FhZ3N5c0ptTGpJOVQzbUdaT2YzQ21P\nWjRvUWJzMVQ5bWt0b1BxSlF0WGNxNEovMmNYRUpDV2FrTGcxUi9YZWg4czRsY01ES2" +
+ "RmZ2lCbTVB\nQjFGVm82T0hTamppUDliOUc0VzNvMkYzY0ZLRHQ5MzBVWmNsU3pGTCtMc2s5Mm1xWnpuWlUwNDV3\nNU1HN3N0cn" +
+ "pYT2U5QXNBK3Q1YW5tQnlicWZ4cElXWUEzc0FQbUZPZTVIOVdMMnY5UTBLa1Zjb21S\nOTdFa2dWckNRQS9nelFDLzRXb1Fxc25x" +
+ "NzRpSDl6R3JPMWdrSDYyVlA2Q1NnWDA5UG5zbXZFUWd1\nVT0KUHVibGljRXhwb25lbnQ6IEFRQUIKUHJpdmF0ZUV4cG9uZW50Oi" +
+ "BBSTdMNW81YjkwRXEvTFBD\nTnlmaENQMWpXNGNBenRzVFZ1VElTZ0x0WU1Sc1ludnE4NWtsb1JPNS90Ky93RHd4cVpaa1VkTlBK" +
+ "\nTnJOVGV5d0ZqZGZ4bTVuOFRqTG1Vei9rOUtJdWtFSFpyeERjTnd1NSswR1NTS3M4Y2VrbHkxT3o1\neW53enNRMUtBVXQxTEgz" +
+ "V1M5Z3J6OTloT3F3UkEzT1FVNG1SRWJibXdVYnJKaldNQisxTE5ZVjY1\nVzY1RWdrbEc0dHdnU0V2T0VIOVhQczdFdEhDaUh1Rn" +
+ "JhT2J6RkR5OXNmdkZjRGw1ZkVPRDJsNm9q\nL3FHM0dzQUlEVE5Vd1dFamltaXJ5SllnblJyQVVBdWdRdE5MR1JaNndFQ3I3dnZj" +
+ "aFk5QnAzQStu\nZWVFQ0V6T1lhZWJ0cDQ4MkdkOGV5alkyd0xBUUVJbTFNdDJDOTh4K3JrPQpQcmltZTE6IEFNd3hI\na1BIVnAv" +
+ "cXN0QnNiRmZCTkR2Z0JCMnVGa2dDbDc4elNrMklnSWE5UzZHblBud3ozeCthblZ2SlE5\nQ2s1cEZZMlBqbWFIMWNjLzE4NWtuT2" +
+ "hkakFUWjI5SlVtZ1g3WkhHN1dpOGFVMVM4RWZ0ZFAwMjFt\nSnZ5TXJsWFBwUFB4UTBITG5DQTZLenF2dkd0aWNqb0lLY1IzaGhF" +
+ "Q2tzWXdnWGdsWVphcnYKUHJp\nbWUyOiBBTWJiSiszbXNGc3VvTjNCaEhTb04vTkVXN1N1dDg3VktmYkpEMVhmTitRTjZHbUF5K1" +
+ "Rx\ncDllOHNKUnMvTnlJdVlCZHN3aHU2N09LM3MvOGtzNmoxL2NLKzJTMTNZbUFIeFhOcllWVjZLQ0c5\nc09zci84SEthTHhFSz" +
+ "dLQ1oyQWtPNDVKYnpscjQ2cVdnZVAxVXdUSnpVbzFkYUdGei9rTGJxSUQ2\nMlRrdjlyCkV4cG9uZW50MTogY3hveEZFWDI5N2ht" +
+ "U2dVRVljZGdPV3hEQmJRUGpWSWcxa0FFWDRa\nVjVSNHAxeHNlcHdiYWZNYzhjdlFXVFRQWFlSRnpaWU1FWGI1VENBNXpCaUhyND" +
+ "A0cnNvSmYxWXdZ\neC9oM2owRWw5Rm9CdFFDNkQ1d1VWZm5IQy8xU2h2OXdTRThKNGV1SDZDS284OVNhRG9iWjhrWU9r\nNmgvVT" +
+ "YxREJGbHVpTmdTbjNNPQpFeHBvbmVudDI6IEFLM0J0NDBmNHY5NXFlUzdBSE15dmRqWjVV\ndm0wd051cllGUFJCQWp3T0dMNllX" +
+ "dW5mckRzNjlGMkFHSmpoVmhmcjJVb2loL1M0TVJtQW1peCtD\nNXQ2N01zTWZhUmQ2c3pmeXVRSzNlV0N0VVl2Q3R4d2NQaWlrdm" +
+ "ZRVk4wc01HSVIyWFg4dEQ0M2ZF\na0hCRkZQcXBUYndjbDJVZ3U5WC9HcG4vNDdzbTFPNUwKQ29lZmZpY2llbnQ6IEFKaDZhMlhj" +
+ "WDQv\nTGk2a1NXT3JVTUI3UGlkd0loL0JDanozdUI5VTFUb3FJeG1YalRTVGd6alBSTk9YM25ybW9ucU04\ndjFha01uU2JEdWR3" +
+ "ak50V2xtQURFakNTZGhTa0NKdFNybit6UGFCTGRzdnIxQUFqVTU3WkdoVmht\nWnRXZjNscGp5aHdoWVN5c0lMckNTSFlZT0thSW" +
+ "50S1MwUlRCdkVkdTVjdHZqSGEK";
// example.com. 315360000 IN SOA ns1.example.com. admin.example.com. 2016091400 86400 3600 1814400 259200
static String postZoneRecord0 =
"B2V4YW1wbGUDY29tAAAGAAESzAMAADgDbnMxB2V4YW1wbGUDY29tAAVhZG1pbgdleGFtcGxlA2NvbQB4Kx0IAAFRgAAADhAAG6+A" +
- "AAP0gA=="
- ;
+ "AAP0gA==";
// example.com. 315360000 IN NS ns1.example.com.
static String postZoneRecord3 =
- "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA=="
- ;
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA==";
// example.com. 315360000 IN NS ns2.example.com.
static String postZoneRecord4 =
- "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA=="
- ;
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA==";
// example.com. 259200 IN NSEC ftp.example.com. NS SOA RRSIG NSEC
static String postZoneRecord7 =
- "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD"
- ;
+ "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD";
// ftp.example.com. 1814400 IN A 12.34.56.78
static String postZoneRecord10 =
- "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg==";
// ftp.example.com. 1814400 IN A 21.43.65.87
static String postZoneRecord11 =
- "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw==";
// ftp.example.com. 259200 IN AAAA 2001:db8:0:0:12:34:56:78
static String postZoneRecord14 =
- "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA==";
// ftp.example.com. 259200 IN AAAA 2001:db8:0:0:21:43:65:87
static String postZoneRecord15 =
- "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw==";
// ftp.example.com. 259200 IN NSEC mirror.ftp.example.com. A AAAA RRSIG NSEC
static String postZoneRecord18 =
- "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM=";
// mirror.ftp.example.com. 315360000 IN CNAME ftp.example.com.
static String postZoneRecord21 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A"
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A";
// mirror.ftp.example.com. 259200 IN NSEC www.example.com. CNAME RRSIG NSEC
static String postZoneRecord24 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM="
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM=";
// www.example.com. 1814400 IN A 11.22.33.44
static String postZoneRecord27 =
- "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA==";
// www.example.com. 1814400 IN A 55.66.77.88
static String postZoneRecord28 =
- "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA==";
// www.example.com. 259200 IN AAAA 2001:db8:0:0:4:3:2:1
static String postZoneRecord31 =
- "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ==";
// www.example.com. 259200 IN AAAA 2001:db8:0:0:5:6:7:8
static String postZoneRecord32 =
- "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA==";
// www.example.com. 259200 IN NSEC mirror.www.example.com. A AAAA RRSIG NSEC
static String postZoneRecord35 =
- "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM=";
// mirror.www.example.com. 315360000 IN CNAME www.example.com.
static String postZoneRecord38 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A"
- ;
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A";
// mirror.www.example.com. 259200 IN NSEC example.com. CNAME RRSIG NSEC
static String postZoneRecord41 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw=="
- ;
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw==";
// example.com. 315360000 IN SOA ns1.example.com. admin.example.com. 2016091400 86400 3600 1814400 259200
static String signedRecord0 =
"B2V4YW1wbGUDY29tAAAGAAESzAMAADgDbnMxB2V4YW1wbGUDY29tAAVhZG1pbgdleGFtcGxlA2NvbQB4Kx0IAAFRgAAADhAAG6+A" +
- "AAP0gA=="
- ;
+ "AAP0gA==";
- // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 7086 example.com. BX1J0nMbxw3NpVgiwjkovZ36dAMAkUlpcxF23TzUNW8/tUdQ9wZhWiJ0TH1Z9xL9HoJRUtgIXMxwFtf/f0y865SQqtReelQXiZP6X0QqA/2QryeaMvoaVLGiAm9ZB1m+NuMqesZzzH0BVG8qJeTn1I6I9ZMGNJEnee70Uefo9Zv15fzm0MCE+JbiFnBQS2zXnuErOFtJ92ZkxVFG3LLiAG7w+M6c/h9yPBAM+zSHT9LPDzEGLInxCDK5g8hW8juxUxuK0+tvWFqApIzDGSyPFVlH4F43yxjwLX1poPlXcCSPionPrzkdJ//uPw5GOM3oQzC9dzr3VzSnHeLt57L7fg==
+ // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 6474 example.com. vrvPy8op49QQEo1yNF0XSTq/JW8Tq1pC5OzbxcSVL4ll/1Ag6HjVUGDiqiAOUh0q1UjY2oXsSiyGAs9YnZVHk463+LWa2lmsx+qu/SC2iF6gfRdxPNYfu0tIwGvBae7j9tn5nAE0WyRrvcbxgA6P1P/Teb71zQugy0VLqt7CV83PyWO8mp7Y/TyQMaOpvNYUVLmcIgQPvTivFp46LJzFrdufJN2jHVDxCOmbCxXiZMtB7XF2tTruYkiM538gfj2O3Lwkuuv2HN9ZnE337W4LwH/d8fX6l2U/QZJ8PPdfmiq4Ka7RGW5IV8AxMeUvYuJ0QtB3W8WKVBvZZzpes3Zg9A==
static String signedRecord1 =
- "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20ABX1J0nMbxw3NpVgiwjkovZ36dAMA" +
- "kUlpcxF23TzUNW8/tUdQ9wZhWiJ0TH1Z9xL9HoJRUtgIXMxwFtf/f0y865SQqtReelQXiZP6X0QqA/2QryeaMvoaVLGiAm9ZB1m+" +
- "NuMqesZzzH0BVG8qJeTn1I6I9ZMGNJEnee70Uefo9Zv15fzm0MCE+JbiFnBQS2zXnuErOFtJ92ZkxVFG3LLiAG7w+M6c/h9yPBAM" +
- "+zSHT9LPDzEGLInxCDK5g8hW8juxUxuK0+tvWFqApIzDGSyPFVlH4F43yxjwLX1poPlXcCSPionPrzkdJ//uPw5GOM3oQzC9dzr3" +
- "VzSnHeLt57L7fg=="
- ;
-
- // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 7086 example.com. N4kuOXr3rw3l+AeIrW478jP28B0GsW1UfJk4csI1L6uf2mMUiEQ6hAU6M1zZVBZke1I0IWmLdchTrwTK8YTtUKanMXS7ZJVjE9aAuhOUGR0KAovFibabVKblxG4a8EtAFkHVv0WIQlnqZpLwE8l4t6T04Ywb6YvvcJkZce9zqa5iaoRA35IgPa559JlNKevUUOoMFDfhBfBIHWGWMUVGGuNKUeKiVudWCY1KEHYqJRexbQ0tcAeG6j732r336SjyT6kmZeDmhE7bKIFmec8ZTLpTZ/biJJFNdW7Qcr8vB8Q4VE7aeKVNFONEZJvjIhDY0U/KB0pWrR73kdfK4XQu6g==
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AGUoHZXhhbXBsZQNjb20AvrvPy8op49QQEo1yNF0XSTq/JW8T" +
+ "q1pC5OzbxcSVL4ll/1Ag6HjVUGDiqiAOUh0q1UjY2oXsSiyGAs9YnZVHk463+LWa2lmsx+qu/SC2iF6gfRdxPNYfu0tIwGvBae7j" +
+ "9tn5nAE0WyRrvcbxgA6P1P/Teb71zQugy0VLqt7CV83PyWO8mp7Y/TyQMaOpvNYUVLmcIgQPvTivFp46LJzFrdufJN2jHVDxCOmb" +
+ "CxXiZMtB7XF2tTruYkiM538gfj2O3Lwkuuv2HN9ZnE337W4LwH/d8fX6l2U/QZJ8PPdfmiq4Ka7RGW5IV8AxMeUvYuJ0QtB3W8WK" +
+ "VBvZZzpes3Zg9A==";
+
+ // example.com. 315360000 IN RRSIG SOA 5 2 315360000 20260901000000 20160901000000 6474 example.com. Jq6K1TzlHdHcGVLYvFFqy7HtNDFSj16MTNRnYZbOPfc3nS5dioyNTJK2Ioq5W6D5EDJZeD30ojPvtsICcuVlZi5derw+XreNHdzT5IaziIMuYCMtjpcQfRLQW6JjMNcjrOaRzMV619ZDlvW/pi+Eo7jutKxVycHu1tmjN26k+eVx9oZmMWE7QkidBzJ85/+fRMcAS+y7t7OQwmrB2K/X0xv6GRw6/9rW5TaB7ALhBCq/Dd0EmwzX5qCZ6/BvCqCxLlYYDBvQV4h72UmwzESY4GHaSDRX4AkQWYK1F9JIdtZmft4hZLnK0lN6//5uslXXIMqCsigACgmk33Z/7a0YQA==
static String signedRecord2 =
- "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AN4kuOXr3rw3l+AeIrW478jP28B0G" +
- "sW1UfJk4csI1L6uf2mMUiEQ6hAU6M1zZVBZke1I0IWmLdchTrwTK8YTtUKanMXS7ZJVjE9aAuhOUGR0KAovFibabVKblxG4a8EtA" +
- "FkHVv0WIQlnqZpLwE8l4t6T04Ywb6YvvcJkZce9zqa5iaoRA35IgPa559JlNKevUUOoMFDfhBfBIHWGWMUVGGuNKUeKiVudWCY1K" +
- "EHYqJRexbQ0tcAeG6j732r336SjyT6kmZeDmhE7bKIFmec8ZTLpTZ/biJJFNdW7Qcr8vB8Q4VE7aeKVNFONEZJvjIhDY0U/KB0pW" +
- "rR73kdfK4XQu6g=="
- ;
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8ABgUCEswDAGqWFYBXx2+AGUoHZXhhbXBsZQNjb20AJq6K1TzlHdHcGVLYvFFqy7HtNDFS" +
+ "j16MTNRnYZbOPfc3nS5dioyNTJK2Ioq5W6D5EDJZeD30ojPvtsICcuVlZi5derw+XreNHdzT5IaziIMuYCMtjpcQfRLQW6JjMNcj" +
+ "rOaRzMV619ZDlvW/pi+Eo7jutKxVycHu1tmjN26k+eVx9oZmMWE7QkidBzJ85/+fRMcAS+y7t7OQwmrB2K/X0xv6GRw6/9rW5TaB" +
+ "7ALhBCq/Dd0EmwzX5qCZ6/BvCqCxLlYYDBvQV4h72UmwzESY4GHaSDRX4AkQWYK1F9JIdtZmft4hZLnK0lN6//5uslXXIMqCsigA" +
+ "Cgmk33Z/7a0YQA==";
// example.com. 315360000 IN NS ns1.example.com.
static String signedRecord3 =
- "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA=="
- ;
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMxB2V4YW1wbGUDY29tAA==";
// example.com. 315360000 IN NS ns2.example.com.
static String signedRecord4 =
- "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA=="
- ;
+ "B2V4YW1wbGUDY29tAAACAAESzAMAABEDbnMyB2V4YW1wbGUDY29tAA==";
- // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 7086 example.com. eAZV2uk3xvFFXPflnu5b91+5WcuaziXbBsG0kVdyHK/s8YSF6OxuIW9uOcKPYGNCZGgHcZ19Uhlv6Oyx3uRe7Gxd6gQFqjebzoCVT+c9xbsHYgt7UEpm2aLehWpcPN/ylaVCmLZo0QQ4l5eTySZDMhgSaGaQ0W4wYVLgGDsddnmS3kSXyJqBOMOQk+o7bgL8Qqfwm0mEr/pdBoNoZ7J2gy/2C9LKCygGON4u6nWOu9+k6FrBHKJrTLEmHBKvNzSWL4ndIo9Fsj2jfI3yMVnT0GrzAPv71n4B7YcLDDqTl7WbPYWNsmdHgFFULw5WC9/GJLdKJO08/+yCwrGdAXebcg==
+ // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 6474 example.com. Lr9yv4E/qJ+hdR4kQ53xsoDvr2xCLBOkdyfvZ8KkOjOMo8a0PM0+nfFQ6eMv2WxSVtGjzH6GfCkzhyGvvg2/nw7Y6/J0ioltMA4arwYzOXyeX6J3KSLaH/hI+5Gt8mbUCcaUmUddwvGqCVIPPsv/XkfCf4loRgL+pvQdaKnv2jmxHQy7UqIrDbpsZHuTTyqPOexSzxCWP9HwyybbEzSCijpsB6YS8bHTUNe2thZCqf9BVZo7wDgSOrQycpnnoY1klleM7EKDRJbMohFx0HyECWQUScNv42/AIoeup4uSyhnuEnPNkpkQJQuLcFjh//P9M/PW5DslP6P4BzvuCghqFA==
static String signedRecord5 =
- "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AeAZV2uk3xvFFXPflnu5b91+5Wcua" +
- "ziXbBsG0kVdyHK/s8YSF6OxuIW9uOcKPYGNCZGgHcZ19Uhlv6Oyx3uRe7Gxd6gQFqjebzoCVT+c9xbsHYgt7UEpm2aLehWpcPN/y" +
- "laVCmLZo0QQ4l5eTySZDMhgSaGaQ0W4wYVLgGDsddnmS3kSXyJqBOMOQk+o7bgL8Qqfwm0mEr/pdBoNoZ7J2gy/2C9LKCygGON4u" +
- "6nWOu9+k6FrBHKJrTLEmHBKvNzSWL4ndIo9Fsj2jfI3yMVnT0GrzAPv71n4B7YcLDDqTl7WbPYWNsmdHgFFULw5WC9/GJLdKJO08" +
- "/+yCwrGdAXebcg=="
- ;
-
- // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 7086 example.com. eUG6LzU+nXarbQQaLaRFre3y3gJve3coKwEOPSIw6VqYKdaM47Gk2XscbkZwOxM/+lkeAlYWKg2Ih2dE6T08OP3qErCRLWWshkz7U3rNpZtTO71p6/lgUjKJ3LltoPc0Xdo4kNl4e/ehSeAiaG4TP7XOrDkTLv6Cits0Y79L0eNtkrJqchsMJIVHooQThl3L7mDlczJErw63ORikb1SxTTdlnOBrW3tm9cRw825nFmCr6KXogNUWSB6LYxChhZW+aJk0Vl3b7q0Ok/U31DTnzzWmB8z2dT7xa21t2hCcz9DIJRDvTt1VbP6Xo1OwxpqDIOE28hZEnIfNgR0EOV8BVA==
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AGUoHZXhhbXBsZQNjb20ALr9yv4E/qJ+hdR4kQ53xsoDvr2xC" +
+ "LBOkdyfvZ8KkOjOMo8a0PM0+nfFQ6eMv2WxSVtGjzH6GfCkzhyGvvg2/nw7Y6/J0ioltMA4arwYzOXyeX6J3KSLaH/hI+5Gt8mbU" +
+ "CcaUmUddwvGqCVIPPsv/XkfCf4loRgL+pvQdaKnv2jmxHQy7UqIrDbpsZHuTTyqPOexSzxCWP9HwyybbEzSCijpsB6YS8bHTUNe2" +
+ "thZCqf9BVZo7wDgSOrQycpnnoY1klleM7EKDRJbMohFx0HyECWQUScNv42/AIoeup4uSyhnuEnPNkpkQJQuLcFjh//P9M/PW5Dsl" +
+ "P6P4BzvuCghqFA==";
+
+ // example.com. 315360000 IN RRSIG NS 5 2 315360000 20260901000000 20160901000000 6474 example.com. KnaXKKNvZyBnqK0SEaEtaxiBZTQkp2VqxAlzPi5SbxP4XkUQ393HWjWFfKIPUXNDKK5sTUorq6JbU2AsaN86sFbPGWpcs708vMuwKHa29u/5WGM5dakYTZaPInsKPPuoJI0++OlDuinpuyN9as1o2Gx59K6F8fkJexpQjoR2LzfLHfyEOUEPiUZUh+a5zhaII+ARxLqBHDXqafLtPFRfNc9Lajc0dmeD8h7UtrzJ0n4FcIo1vxC/YpuijsZVyEuuLc8dmG6K4CiCxb6ywuh9S0i8BJ0+1MNj6xmkOA6Hp2vYh9QjsH+6oAwTtqoet/zLY4uY4SrGTcrQAY/qYk8rCQ==
static String signedRecord6 =
- "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AG64HZXhhbXBsZQNjb20AeUG6LzU+nXarbQQaLaRFre3y3gJv" +
- "e3coKwEOPSIw6VqYKdaM47Gk2XscbkZwOxM/+lkeAlYWKg2Ih2dE6T08OP3qErCRLWWshkz7U3rNpZtTO71p6/lgUjKJ3LltoPc0" +
- "Xdo4kNl4e/ehSeAiaG4TP7XOrDkTLv6Cits0Y79L0eNtkrJqchsMJIVHooQThl3L7mDlczJErw63ORikb1SxTTdlnOBrW3tm9cRw" +
- "825nFmCr6KXogNUWSB6LYxChhZW+aJk0Vl3b7q0Ok/U31DTnzzWmB8z2dT7xa21t2hCcz9DIJRDvTt1VbP6Xo1OwxpqDIOE28hZE" +
- "nIfNgR0EOV8BVA=="
- ;
+ "B2V4YW1wbGUDY29tAAAuAAESzAMAAR8AAgUCEswDAGqWFYBXx2+AGUoHZXhhbXBsZQNjb20AKnaXKKNvZyBnqK0SEaEtaxiBZTQk" +
+ "p2VqxAlzPi5SbxP4XkUQ393HWjWFfKIPUXNDKK5sTUorq6JbU2AsaN86sFbPGWpcs708vMuwKHa29u/5WGM5dakYTZaPInsKPPuo" +
+ "JI0++OlDuinpuyN9as1o2Gx59K6F8fkJexpQjoR2LzfLHfyEOUEPiUZUh+a5zhaII+ARxLqBHDXqafLtPFRfNc9Lajc0dmeD8h7U" +
+ "trzJ0n4FcIo1vxC/YpuijsZVyEuuLc8dmG6K4CiCxb6ywuh9S0i8BJ0+1MNj6xmkOA6Hp2vYh9QjsH+6oAwTtqoet/zLY4uY4SrG" +
+ "TcrQAY/qYk8rCQ==";
// example.com. 259200 IN NSEC ftp.example.com. NS SOA RRSIG NSEC
static String signedRecord7 =
- "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD"
- ;
+ "B2V4YW1wbGUDY29tAAAvAAEAA/SAABkDZnRwB2V4YW1wbGUDY29tAAAGIgAAAAAD";
- // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 7086 example.com. ZiLJHTbg5k3ciyVvQjhG7dWCce/vLxs+gKAZ1v1PKHk0Zm36qvkTyUNpVgL+kYnZcbQJO9wZ0TWnkG/X8GkH/aBcM3VncM6vnqgH0Wqa8LkH5I7O5cuVjtSxHD+NuMwTpb8T8hoCgBrd97QnlkMdhB8a2wKAESclrnueMbTmi7TLh2vzkD6fyEor96GxIvgulYJAi1VFgO8uDmW6Qa3YCclw6n6mOKjWu9HQH32vDw84apKDwb1En6QZikS9lHz3li764+lr2OsqBmw3MPTL7PNH0srgH2wjOFjYJrGKTYQNFcORP7ipMhELocGXoRrBnQ50u/JRCaA94u1AoDpPVA==
+ // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 6474 example.com. n8fPwn1nTUZbplCGeIEJpar7YGWOlcX2oG0boRhV4d+kaV31p/Wct0YZ15TteNNwAcPT55ZEQmj/EZTpvhYgPpTEI8jOKsO9/65HTanaTUtf/ZI8v5yc1Liip0jL9xI9KZRSxq35TaWidmSJwY3ZyiYSJoVEBNS/HxEz84lRvAQxniX2hrTywql8xFaRuaASgKOwAbC+vThs2A5BXyDDuISKJ304c01M86QIYTkuF9g2F6LuBHyvFKfv+hRc9mHj0IdwCuFYiyhnESI84B4fvcliAixJwTnZvmPD8duXNp1D/AtwDUfEHQEGhFHBvGLRNgRBl8RtmXdHxvkxp7cDNg==
static String signedRecord8 =
- "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AG64HZXhhbXBsZQNjb20AZiLJHTbg5k3ciyVvQjhG7dWCce/v" +
- "Lxs+gKAZ1v1PKHk0Zm36qvkTyUNpVgL+kYnZcbQJO9wZ0TWnkG/X8GkH/aBcM3VncM6vnqgH0Wqa8LkH5I7O5cuVjtSxHD+NuMwT" +
- "pb8T8hoCgBrd97QnlkMdhB8a2wKAESclrnueMbTmi7TLh2vzkD6fyEor96GxIvgulYJAi1VFgO8uDmW6Qa3YCclw6n6mOKjWu9HQ" +
- "H32vDw84apKDwb1En6QZikS9lHz3li764+lr2OsqBmw3MPTL7PNH0srgH2wjOFjYJrGKTYQNFcORP7ipMhELocGXoRrBnQ50u/JR" +
- "CaA94u1AoDpPVA=="
- ;
-
- // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 7086 example.com. H/u7uFuVNHXgGfcaOEqB+EjD3UM4IH7jkz4Ye5IpXSKrBWLsqL/GXRWQjjrVWpbHZP3wVlVn+lfKbaLyoCgzmc4okn7D1u+iKzBDLbXrBC/58msccP5PYhIrnHQRN9vp9ymfn4aawiYn/kPPe7zDxOgyN6tAzewxsvozMvEQGdEP7qlK4oADBGxjKjeNX27zKfN9+HuuSgtCKDvYCvLFOfrTIIdCKBYE0GZRnv5OH0Xyu4VPiV+mEQwjPK+Q2daExOEKtS9v3Y1nEIL0XDdByEbe8hGJOD3j8x+jQBYAYzOdhwA4U50dtxciTrlRJ7oIsWjc/+I6H+YQDHZD4nc3DA==
+ "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AGUoHZXhhbXBsZQNjb20An8fPwn1nTUZbplCGeIEJpar7YGWO" +
+ "lcX2oG0boRhV4d+kaV31p/Wct0YZ15TteNNwAcPT55ZEQmj/EZTpvhYgPpTEI8jOKsO9/65HTanaTUtf/ZI8v5yc1Liip0jL9xI9" +
+ "KZRSxq35TaWidmSJwY3ZyiYSJoVEBNS/HxEz84lRvAQxniX2hrTywql8xFaRuaASgKOwAbC+vThs2A5BXyDDuISKJ304c01M86QI" +
+ "YTkuF9g2F6LuBHyvFKfv+hRc9mHj0IdwCuFYiyhnESI84B4fvcliAixJwTnZvmPD8duXNp1D/AtwDUfEHQEGhFHBvGLRNgRBl8Rt" +
+ "mXdHxvkxp7cDNg==";
+
+ // example.com. 259200 IN RRSIG NSEC 5 2 259200 20260901000000 20160901000000 6474 example.com. IljoV9qJLnF/5KKc+L94AP1DM6P6hwkFVgL3ajsi539astW6+4LP1NN+ZgRr+47DQ2WmE1UI4uDjGCzFCJ9Kxqa2fUA8HVV+8N+OK+jnm3fMRGjgZ8puzO6h5Qm1nuXMGpXafV2hNL06e/7wqabMW3YUlRcdnwWu2d8qJ/EPcltQ7jxsaz4OlOI3w5jOSdQK6stCiqsQkytRzblqb2Jx49PGezCBZyHiH93wOUYfXQ+aM6fyLil7ya+uZiQfFvN/mPYyNvsSA2v4HUojRYkHEynuMtI99iSaBzP0UNRIhok3Hm7JI/LMpFNZ+y1Jb3/f+LLs77GiuymxieOM3u1lAg==
static String signedRecord9 =
- "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AG64HZXhhbXBsZQNjb20AH/u7uFuVNHXgGfcaOEqB+EjD3UM4" +
- "IH7jkz4Ye5IpXSKrBWLsqL/GXRWQjjrVWpbHZP3wVlVn+lfKbaLyoCgzmc4okn7D1u+iKzBDLbXrBC/58msccP5PYhIrnHQRN9vp" +
- "9ymfn4aawiYn/kPPe7zDxOgyN6tAzewxsvozMvEQGdEP7qlK4oADBGxjKjeNX27zKfN9+HuuSgtCKDvYCvLFOfrTIIdCKBYE0GZR" +
- "nv5OH0Xyu4VPiV+mEQwjPK+Q2daExOEKtS9v3Y1nEIL0XDdByEbe8hGJOD3j8x+jQBYAYzOdhwA4U50dtxciTrlRJ7oIsWjc/+I6" +
- "H+YQDHZD4nc3DA=="
- ;
+ "B2V4YW1wbGUDY29tAAAuAAEAA/SAAR8ALwUCAAP0gGqWFYBXx2+AGUoHZXhhbXBsZQNjb20AIljoV9qJLnF/5KKc+L94AP1DM6P6" +
+ "hwkFVgL3ajsi539astW6+4LP1NN+ZgRr+47DQ2WmE1UI4uDjGCzFCJ9Kxqa2fUA8HVV+8N+OK+jnm3fMRGjgZ8puzO6h5Qm1nuXM" +
+ "GpXafV2hNL06e/7wqabMW3YUlRcdnwWu2d8qJ/EPcltQ7jxsaz4OlOI3w5jOSdQK6stCiqsQkytRzblqb2Jx49PGezCBZyHiH93w" +
+ "OUYfXQ+aM6fyLil7ya+uZiQfFvN/mPYyNvsSA2v4HUojRYkHEynuMtI99iSaBzP0UNRIhok3Hm7JI/LMpFNZ+y1Jb3/f+LLs77Gi" +
+ "uymxieOM3u1lAg==";
// ftp.example.com. 1814400 IN A 12.34.56.78
static String signedRecord10 =
- "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEDCI4Tg==";
// ftp.example.com. 1814400 IN A 21.43.65.87
static String signedRecord11 =
- "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAAQABABuvgAAEFStBVw==";
- // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. U4QtoC/Nvzafh7ZYJVaCVebNLTvBwqPnAVbwVh+zYVgx0TTjMv2Y7B7IZqFYLofZUhjDKnc97CgC1VueBLUaXAHn8eugq6Zedzdk0dgGoGBZlbvq4ZF1Hc95G2HmeR75Rg0++qMPxMkZzO4L0Y9aRNkPMN6gslnwU6CqF5f4+t8EPy+lqYf/0O978iGjbHndGI9Za6dE1T4eEVbn1Zc68QDm2Ac1tfbqXdlFknm4AzGRbUaEZoinn4ucwKJVw2w09OXpH5RqOOF/ooBzksRtbcg/oUSSkgNKbETl4Pdr1OuIuaDNRv1smyBJ/rwUVvfnrIsR57w3id447bYHkUjtLw==
+ // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 6474 example.com. g8a5SWatp3mo7OPWuRFak6+00GmdGMxyTTG3CWSm9MOYoG0wmin9ckRL2ATUz7JFXDbAWanBIJnl2Rja0LUsz6ed5dxpC1Isgc81HrYYYEQST4AHgREhNK0yggwStS//W8g3i4wn+HiHQBn4DGdARI23CDyDfheIctvNHq7MeTmpLflcOJ+7vL5+WY53AeLTAD7fIxn3B+8XkMn3xOu9fa44ZwxsR+VTYYlDSUZMOytFltihyIQKiwoBlHvLMhN/HFP+3BZWiTLpPfkAuRQOPUy80ZLjDrbiHfGsykvY4E3EAo4fsA5b0cIFbEfHg6N9pyT08AFTuw1Sm3j6VaFybA==
static String signedRecord12 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAFOELaAvzb82n4e2WCVWglXm" +
- "zS07wcKj5wFW8FYfs2FYMdE04zL9mOweyGahWC6H2VIYwyp3PewoAtVbngS1GlwB5/HroKumXnc3ZNHYBqBgWZW76uGRdR3PeRth" +
- "5nke+UYNPvqjD8TJGczuC9GPWkTZDzDeoLJZ8FOgqheX+PrfBD8vpamH/9Dve/Iho2x53RiPWWunRNU+HhFW59WXOvEA5tgHNbX2" +
- "6l3ZRZJ5uAMxkW1GhGaIp5+LnMCiVcNsNPTl6R+Uajjhf6KAc5LEbW3IP6FEkpIDSmxE5eD3a9TriLmgzUb9bJsgSf68FFb356yL" +
- "Eee8N4neOO22B5FI7S8="
- ;
-
- // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. L7l1XUvguu5lYO6J+/XBM3ebg0wskaYXWetQ+uiUwJvUYPHN5CMlV6XO3wyzqMiNvUo9XvuI/rvXfjrw9kRIGdZK6ljTYxtA3bLpA02qoiPFq8Qqz6YRkl9MsQ6zeparJ0PLtKg0cyPMK0gzy0MIoBbxyQe8fOoR6RpAO0AY7BN+vhMKD27UcWhQSKSr3oq/q7e++BbLYMqAVjOaRrzJEFfXGipirl5Q/774+/X3xgwF5WwXunn4xsdJPVTgd0K+QvWajU8sfegGk8ynjocx5Xobi7bfkgQ1wRw4j87vYYoGb8qCQlhb5+Qqg5vbLYvzT8YWpyrHsRk9LVXnACM2aA==
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBlKB2V4YW1wbGUDY29tAIPGuUlmrad5qOzj1rkRWpOv" +
+ "tNBpnRjMck0xtwlkpvTDmKBtMJop/XJES9gE1M+yRVw2wFmpwSCZ5dkY2tC1LM+nneXcaQtSLIHPNR62GGBEEk+AB4ERITStMoIM" +
+ "ErUv/1vIN4uMJ/h4h0AZ+AxnQESNtwg8g34XiHLbzR6uzHk5qS35XDifu7y+flmOdwHi0wA+3yMZ9wfvF5DJ98TrvX2uOGcMbEfl" +
+ "U2GJQ0lGTDsrRZbYociECosKAZR7yzITfxxT/twWVoky6T35ALkUDj1MvNGS4w624h3xrMpL2OBNxAKOH7AOW9HCBWxHx4Ojfack" +
+ "9PABU7sNUpt4+lWhcmw=";
+
+ // ftp.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 6474 example.com. NASz/JsauFs58UXeqkCO1HrTIoQ0alsqk8zhgURyq+3BfooBP7QZr67rJSXLe/mH+DOM2987F/OdSmWZZcpFp+hUqY2SRIDhj3hH6727jZ36m/w0viBlnvXk4eTQ4/FlgDWEUmJDLMCXBhz024pN18hNdlm4qu6Zzc5zMiwiisUZbIBJsg1vpjqbXKTTLc4LmhFEmwAaoOupi2tfWA7yJOKbTJd9XXtzzk7TuZrN6fbVawI2agNfQ8zsCTTMTENhCPjPFGCEtLqsTtbDB0KdFYRPss63uo48/6JT/rkaOlbB6Co3AhFnJUGsvKNALIVHiAxUtGr3xyM+lBpyPQCcPg==
static String signedRecord13 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAC+5dV1L4LruZWDuifv1wTN3" +
- "m4NMLJGmF1nrUProlMCb1GDxzeQjJVelzt8Ms6jIjb1KPV77iP6713468PZESBnWSupY02MbQN2y6QNNqqIjxavEKs+mEZJfTLEO" +
- "s3qWqydDy7SoNHMjzCtIM8tDCKAW8ckHvHzqEekaQDtAGOwTfr4TCg9u1HFoUEikq96Kv6u3vvgWy2DKgFYzmka8yRBX1xoqYq5e" +
- "UP+++Pv198YMBeVsF7p5+MbHST1U4HdCvkL1mo1PLH3oBpPMp46HMeV6G4u235IENcEcOI/O72GKBm/KgkJYW+fkKoOb2y2L80/G" +
- "Fqcqx7EZPS1V5wAjNmg="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBlKB2V4YW1wbGUDY29tADQEs/ybGrhbOfFF3qpAjtR6" +
+ "0yKENGpbKpPM4YFEcqvtwX6KAT+0Ga+u6yUly3v5h/gzjNvfOxfznUplmWXKRafoVKmNkkSA4Y94R+u9u42d+pv8NL4gZZ715OHk" +
+ "0OPxZYA1hFJiQyzAlwYc9NuKTdfITXZZuKrumc3OczIsIorFGWyASbINb6Y6m1yk0y3OC5oRRJsAGqDrqYtrX1gO8iTim0yXfV17" +
+ "c85O07mazen21WsCNmoDX0PM7Ak0zExDYQj4zxRghLS6rE7WwwdCnRWET7LOt7qOPP+iU/65GjpWwegqNwIRZyVBrLyjQCyFR4gM" +
+ "VLRq98cjPpQacj0AnD4=";
// ftp.example.com. 259200 IN AAAA 2001:db8:0:0:12:34:56:78
static String signedRecord14 =
- "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAEgA0AFYAeA==";
// ftp.example.com. 259200 IN AAAA 2001:db8:0:0:21:43:65:87
static String signedRecord15 =
- "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw=="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAAIQBDAGUAhw==";
- // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. Y8sB3n4mzinMFvPBnJFnl/IGlxrQZ+bHYIQoa7wSC+H1/j+en11LCDxujrI0VlTf6oI1OqieTj/ooo7jsYbHkyqbcdgkclfPzSh7NVOFzstuJFd53rn3BZZnoytma4e1uwaDGt7T9LyNplNnixq/TZMtK3B1Y54i2Ba1qvnsys5iOH4Scn5mRzqSAFEyDAc9kFvKBe8PTQ4r/S8nseBMYSx2NrRird5UIhTyN12QnEkK7LfllmAnx/Iph/CZw6WzxEo8HoOqOYKliD45I/awTT53Eo2sAm6d8EUgUX5qmPD2lxKMaMyk0vEBWTvFtpW3WS9lQ8OTMjxdC07pxjDDUw==
+ // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 6474 example.com. f8U+ezGFXpEWGNKwv4Ev3Qn++xgLf3N8+/Knq30mlezQqoQ/70BIEhCfDJyz9Jn0+RlDPWuXCA3l28j1fE4Xo/S3x08kgwTlwjG2s2bXim1wTu9bMPrSlkkr9oFd6IOdd2j6peV36FYvGwceVuyxYJZXDfV084mgRVa38fTOkIv8ET+iLj2F4RaEtriieC5hdJOK8h1Elwn4GtwkfGR+T9+T99H4xPifNERFxkYxwlZDEIC+nIBox8LEBkHfzk67ADFzdIzit++/TenfkaLa9r7C18p91RWaFKUlmybndfWvUKxTOf1xMA95V3RVSUjr53kcr0A+bMb3tTFIDCfRpg==
static String signedRecord16 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAGPLAd5+Js4pzBbzwZyRZ5fy" +
- "Bpca0Gfmx2CEKGu8Egvh9f4/np9dSwg8bo6yNFZU3+qCNTqonk4/6KKO47GGx5Mqm3HYJHJXz80oezVThc7LbiRXed659wWWZ6Mr" +
- "ZmuHtbsGgxre0/S8jaZTZ4sav02TLStwdWOeItgWtar57MrOYjh+EnJ+Zkc6kgBRMgwHPZBbygXvD00OK/0vJ7HgTGEsdja0Yq3e" +
- "VCIU8jddkJxJCuy35ZZgJ8fyKYfwmcOls8RKPB6DqjmCpYg+OSP2sE0+dxKNrAJunfBFIFF+apjw9pcSjGjMpNLxAVk7xbaVt1kv" +
- "ZUPDkzI8XQtO6cYww1M="
- ;
-
- // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. fzTqBDO1oUj6xd8Qv2AeQxJxAcriAZTucCEiiJl3Rb2f6hwNwomgFiOlyhXycD11SUmIB4Dl1BINuHk/2T+8OJ1KshHan7Gj/MYOPDL9KPuqCBjyCbEcOSOX7Fp0UgHPpiG22sjfsyiU8lIxE9TgAd0lsWrM3PM7Q9OgcgGMXpY/0/40fRAumYlWMTBwFDA9tGmlLPKqMIbm/top0dmK99762MYbsM9meTdKMuoHUA+IXG/Yj/8+rKN58Vfji0BaHdclHs7/GaQuxIkpHByzV/dgBRQzBqhWNhqZlexxrAY04vc8e/loT4BbBJyI6inTNVORSmbYrCguW0iGkI6v5A==
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAH/FPnsxhV6RFhjSsL+BL90J" +
+ "/vsYC39zfPvyp6t9JpXs0KqEP+9ASBIQnwycs/SZ9PkZQz1rlwgN5dvI9XxOF6P0t8dPJIME5cIxtrNm14ptcE7vWzD60pZJK/aB" +
+ "XeiDnXdo+qXld+hWLxsHHlbssWCWVw31dPOJoEVWt/H0zpCL/BE/oi49heEWhLa4onguYXSTivIdRJcJ+BrcJHxkfk/fk/fR+MT4" +
+ "nzRERcZGMcJWQxCAvpyAaMfCxAZB385OuwAxc3SM4rfvv03p35Gi2va+wtfKfdUVmhSlJZsm53X1r1CsUzn9cTAPeVd0VUlI6+d5" +
+ "HK9APmzG97UxSAwn0aY=";
+
+ // ftp.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 6474 example.com. BoFTaMFxP8anR7Hmsrqh00kMiDTAvpgxDQUuqlewhtvmc3xCmw5H7vzcs+O4wF2kqFfCit3OcVNJx9/7ec9eSal2rw9krs/8tX3S1PCzqThgOspFbzyYqP5fPBxF7klwVHlrpXYbDjFPSW6W3mxOt60tIWg0QQltqOkmqOtvRJ61Mw2RMvzpL6XZvsFmA2FmB06XZuIwnGMXCcwdgnhpFRMB2BKkZ9zn4dvxsBDWBjTaYyYbdo/DMXn217mgN2RBWD0GzhwYYHVWM2ExHJS8ese7G+TJ1LQzBneLajCDPOJMzhZ0w7xfYQZl94TI6ugZ7us9v55r1dx9lmXJTwb9gA==
static String signedRecord17 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAH806gQztaFI+sXfEL9gHkMS" +
- "cQHK4gGU7nAhIoiZd0W9n+ocDcKJoBYjpcoV8nA9dUlJiAeA5dQSDbh5P9k/vDidSrIR2p+xo/zGDjwy/Sj7qggY8gmxHDkjl+xa" +
- "dFIBz6YhttrI37MolPJSMRPU4AHdJbFqzNzzO0PToHIBjF6WP9P+NH0QLpmJVjEwcBQwPbRppSzyqjCG5v7aKdHZivfe+tjGG7DP" +
- "Znk3SjLqB1APiFxv2I//PqyjefFX44tAWh3XJR7O/xmkLsSJKRwcs1f3YAUUMwaoVjYamZXscawGNOL3PHv5aE+AWwSciOop0zVT" +
- "kUpm2KwoLltIhpCOr+Q="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAAaBU2jBcT/Gp0ex5rK6odNJ" +
+ "DIg0wL6YMQ0FLqpXsIbb5nN8QpsOR+783LPjuMBdpKhXwordznFTScff+3nPXkmpdq8PZK7P/LV90tTws6k4YDrKRW88mKj+Xzwc" +
+ "Re5JcFR5a6V2Gw4xT0lult5sTretLSFoNEEJbajpJqjrb0SetTMNkTL86S+l2b7BZgNhZgdOl2biMJxjFwnMHYJ4aRUTAdgSpGfc" +
+ "5+Hb8bAQ1gY02mMmG3aPwzF59te5oDdkQVg9Bs4cGGB1VjNhMRyUvHrHuxvkydS0MwZ3i2owgzziTM4WdMO8X2EGZfeEyOroGe7r" +
+ "Pb+ea9XcfZZlyU8G/YA=";
// ftp.example.com. 259200 IN NSEC mirror.ftp.example.com. A AAAA RRSIG NSEC
static String signedRecord18 =
- "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAZAAAAIAAM=";
- // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. ATaCemEBP14GfLjbzSdbHPdKVuDCW2mdQZ7xN+8HDTYoxlcKbCI4iDfoBoBHEBjvXoJwQFRsdvhj+ZKWMlf+KZ4IjqR8phU9he8LHAIZHezp1TNDT5GNxodabrr3SbyicYrsvm9WXL7pB7yUkfaOsKDjYGux/8Z3jOSal6cKIjSegDxbDYuMIetN0wUBGg+cCUGquDMryde4dtgZSVPbeuLZupOBhjaN8Bn5IyCKzlQl42T7sUzBvAK+pQOrA86Xocs2kX8ynfAgSXkvMhxXi9F4S8crr4oj2ZvQJ1MipGSJqoC3XmV4ZnIm95MneAbgf6EtrpjUmip9KeQg4Vgjag==
+ // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 6474 example.com. msrJLwp81vHog8sBAL6IfERCnn1X09PZuCGl8mvA1yzQWTdKJ4++zs0GrLYMFO4gDP9yblYXH012FO/4Nuw6Ge2nJVMyaWuJvpvYLlPDhfJOm+A9G48xsQ/sacfSrwPEtSFhjWSI6i8vfjdaZj5XE64i3J294aG6KtILLj2ss/LkaArZKkAYUl18Dsgb6f0ycj2gscGKB1Fi9mMvHiuEt1njz4VzEI+ci7s08qAjyvYWm+BBmPiVzS2x2qUqoYm/qlOuYeJG8/ob/Zc13feWKzff9UVYXlW54hOw2Ye76vIUKD+rxflobsd26uMp+zMRavwszj+FZqTWBi0ZRswxiw==
static String signedRecord19 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAAE2gnphAT9eBny4280nWxz3" +
- "SlbgwltpnUGe8TfvBw02KMZXCmwiOIg36AaARxAY716CcEBUbHb4Y/mSljJX/imeCI6kfKYVPYXvCxwCGR3s6dUzQ0+RjcaHWm66" +
- "90m8onGK7L5vVly+6Qe8lJH2jrCg42Brsf/Gd4zkmpenCiI0noA8Ww2LjCHrTdMFARoPnAlBqrgzK8nXuHbYGUlT23ri2bqTgYY2" +
- "jfAZ+SMgis5UJeNk+7FMwbwCvqUDqwPOl6HLNpF/Mp3wIEl5LzIcV4vReEvHK6+KI9mb0CdTIqRkiaqAt15leGZyJveTJ3gG4H+h" +
- "La6Y1JoqfSnkIOFYI2o="
- ;
-
- // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. SkhTibv2hL9UnL+XDesn6CrEqvUeUJZfIiSgub5IICxV3yyWf7PVHC7bEp/oeQIK2xyOf9rCOL0qw4YAJa/XdzOdrWsi5FH+IXyDtb2Tp2d+VjOf6NxrbxlsDlzzaogb7WtgWQ69cZdiOazDlKNHbKr9hS2uF94PRPdyI0aSRflATQuN34IBZ3wu9r1aAwJJLKUPCu6y2im/sUyNTphF9ZqfvLPpPjJfaxK6gVCL/9PSQzST4NdBP8t1EJcQ1FggSvf0iCQcm2fOAYovQkB19TMBED5ay0LUN/Oxq9FDeZjq62QNdBw0S5QPFrNW+eaqQaJFW1IThZCG9uXSouI6NQ==
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAJrKyS8KfNbx6IPLAQC+iHxE" +
+ "Qp59V9PT2bghpfJrwNcs0Fk3SiePvs7NBqy2DBTuIAz/cm5WFx9NdhTv+DbsOhntpyVTMmlrib6b2C5Tw4XyTpvgPRuPMbEP7GnH" +
+ "0q8DxLUhYY1kiOovL343WmY+VxOuItydveGhuirSCy49rLPy5GgK2SpAGFJdfA7IG+n9MnI9oLHBigdRYvZjLx4rhLdZ48+FcxCP" +
+ "nIu7NPKgI8r2FpvgQZj4lc0tsdqlKqGJv6pTrmHiRvP6G/2XNd33lis33/VFWF5VueITsNmHu+ryFCg/q8X5aG7HdurjKfszEWr8" +
+ "LM4/hWak1gYtGUbMMYs=";
+
+ // ftp.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 6474 example.com. YJvqwYp3OzD8MZPzI/Wex+Q6fYJO6hBFYxElwf2pU2A9cYkpWCjRiKKRXKiTNVCICgVOs5fpniU6qb0QDu260+s+Ck6ObFpd3rJlu5ltSrX6wC6EkPZGuTdJq7e81CfvQNF20kHSuW/qeZqYvCqlrAJyHUD0Z59P14zgphjy2K9/Z2CP9S3xcStaimen073dzUDx8YbWi1Yx/NAYUJC0eL0p2a7k7UEwD2IYXNmL43TX0vVfRqzxoGP6AkuZZnwdX4RFoxw2oeQxFlW2Y/lF2u1Lq2+jzD6azftcOnInsGdDc3hr8JclC+nSPsHlddKy8TTdcTzJOCyXIglvoQLN6Q==
static String signedRecord20 =
- "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAEpIU4m79oS/VJy/lw3rJ+gq" +
- "xKr1HlCWXyIkoLm+SCAsVd8sln+z1Rwu2xKf6HkCCtscjn/awji9KsOGACWv13czna1rIuRR/iF8g7W9k6dnflYzn+jca28ZbA5c" +
- "82qIG+1rYFkOvXGXYjmsw5SjR2yq/YUtrhfeD0T3ciNGkkX5QE0Ljd+CAWd8Lva9WgMCSSylDwrustopv7FMjU6YRfWan7yz6T4y" +
- "X2sSuoFQi//T0kM0k+DXQT/LdRCXENRYIEr39IgkHJtnzgGKL0JAdfUzARA+WstC1DfzsavRQ3mY6utkDXQcNEuUDxazVvnmqkGi" +
- "RVtSE4WQhvbl0qLiOjU="
- ;
+ "A2Z0cAdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAGCb6sGKdzsw/DGT8yP1nsfk" +
+ "On2CTuoQRWMRJcH9qVNgPXGJKVgo0YiikVyokzVQiAoFTrOX6Z4lOqm9EA7tutPrPgpOjmxaXd6yZbuZbUq1+sAuhJD2Rrk3Sau3" +
+ "vNQn70DRdtJB0rlv6nmamLwqpawCch1A9GefT9eM4KYY8tivf2dgj/Ut8XErWopnp9O93c1A8fGG1otWMfzQGFCQtHi9Kdmu5O1B" +
+ "MA9iGFzZi+N019L1X0as8aBj+gJLmWZ8HV+ERaMcNqHkMRZVtmP5RdrtS6tvo8w+ms37XDpyJ7BnQ3N4a/CXJQvp0j7B5XXSsvE0" +
+ "3XE8yTgslyIJb6ECzek=";
// mirror.ftp.example.com. 315360000 IN CNAME ftp.example.com.
static String signedRecord21 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A"
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAAUAARLMAwAAEQNmdHAHZXhhbXBsZQNjb20A";
- // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. cIKujjQiUKHv74J8I+1IZRw/94YXPPBBJmCjxGBgpYXKrmTLwdBq+IO7SnP2B+Z8oTajsbA8gufxdrsseatdkah25Mji0y7lA5AOYwd6CIftJZcpqWwwXdh2ogvXuOiKPP9wScAVK7exZ1hYYQkGic71oV6CmGEAWrqa51hxIRbVLTTCiezNW3meHnzhkunxopqLjsmuM5P0xP+12ZVKqHzNf8MR99HoL1tg4OnbPwTtlvBX3l4jxXq5M1fCZRzJg4tTLqREbPBsBKCZenA9D/mIWuNiqR2YLNNBQaXKbuqyA9e02Ui662Ab6gSNK6mLfz06auqzU3V0/Bbn2oGyjw==
+ // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 6474 example.com. YLcsX6mSQT1TMAOfWeFjGPUnQ8ZH4sy+FqGRkVkDLT5ic0rwpyQPSH4mbddUSHbHaw6RsQyiuLno8BRh3+UAChB07S8CbGaqJeFmdQdMyXx3CiRo7nowSI99cvnxMVwKzIlddNC6H5G9xD/rhflMplwNhkudsx9jDGjoxmB4YL/12wkaWW7QpgmnPrAagc78b96MntLU/JmBhKvg4JNR2Ke0rRGFWa9xEsGpkk8Ld7bJvbL2KDfiSiZWE9QxgkuxSPt4AGuAnFYwWDXUEXWAK/siioJg0mpDUmum9rHion8my8uekDb3t/YMo4drm3wxm/zwes+gQsSntLPYLv+WKQ==
static String signedRecord22 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQBwgq6ONCJQoe/v" +
- "gnwj7UhlHD/3hhc88EEmYKPEYGClhcquZMvB0Gr4g7tKc/YH5nyhNqOxsDyC5/F2uyx5q12RqHbkyOLTLuUDkA5jB3oIh+0llymp" +
- "bDBd2HaiC9e46Io8/3BJwBUrt7FnWFhhCQaJzvWhXoKYYQBauprnWHEhFtUtNMKJ7M1beZ4efOGS6fGimouOya4zk/TE/7XZlUqo" +
- "fM1/wxH30egvW2Dg6ds/BO2W8FfeXiPFerkzV8JlHMmDi1MupERs8GwEoJl6cD0P+Yha42KpHZgs00FBpcpu6rID17TZSLrrYBvq" +
- "BI0rqYt/PTpq6rNTdXT8FufagbKP"
- ;
-
- // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. JAyL9OaHa6F8uAn5gX2RMydADDaWcDc0xmOhP1DUAzgylhmpe7kLULer5Uiem3A7cjDgAunm1B9TflZFHTPLLaomGXgN4BR7Zmk2rjVED4ZvUan0e2UKvLMOmT1kNZ/gHmjGZu9ydEjdqKa1DAZupcagdF0YSuEtlIjDP+T9VQzG1WkVLcoD0wZbr6wfeOJOaHOMSRR10Z0kZ48k4ycqbxBDHEhQS26VUpbsAgHNtqaLPa1GR1+qR9iwmP7drhMeQNvXTfzYt+4gZ2rgR7DhYyncFfvp9jN6wKY/sS7zhJF7fnKyFTHnt22wkRl2YOEB4FvKNwjhNpSE5t/o+Q+IFw==
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AZSgdleGFtcGxlA2NvbQBgtyxfqZJBPVMw" +
+ "A59Z4WMY9SdDxkfizL4WoZGRWQMtPmJzSvCnJA9IfiZt11RIdsdrDpGxDKK4uejwFGHf5QAKEHTtLwJsZqol4WZ1B0zJfHcKJGju" +
+ "ejBIj31y+fExXArMiV100Lofkb3EP+uF+UymXA2GS52zH2MMaOjGYHhgv/XbCRpZbtCmCac+sBqBzvxv3oye0tT8mYGEq+Dgk1HY" +
+ "p7StEYVZr3ESwamSTwt3tsm9svYoN+JKJlYT1DGCS7FI+3gAa4CcVjBYNdQRdYAr+yKKgmDSakNSa6b2seKifybLy56QNve39gyj" +
+ "h2ubfDGb/PB6z6BCxKe0s9gu/5Yp";
+
+ // mirror.ftp.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 6474 example.com. YAb4EZEKJyIbMZIYnF0OfT8YQZ/OUxdwsmdf2BYNNXXYG+6g2flouabw5qBAtAUrarBhpzfNUS7yTeUmhj+v+PeUWNAvv3/tkw4DNGebr9jQthQKD30Htu45zmRSUkZLjM66nw0VDH7Q3x6oHhBsjaBOJqyUgHrKn/2UhmQX55d4105/u6GLlSNw4nZdtIw6DaeLcmi+XH4771G9HuOaKjyEFraAcGOjEDjsrWIAREMHWcFZRtGEnRzSt9q+jcqfzfjFu4pXiT5UC3tB+jftzHcuAUKa5CVFKSAynRNiMg6jMUpyZB2V9QRmFPyXsTfbWB0g0i9s3wrR4q+l857yRg==
static String signedRecord23 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQAkDIv05odroXy4" +
- "CfmBfZEzJ0AMNpZwNzTGY6E/UNQDODKWGal7uQtQt6vlSJ6bcDtyMOAC6ebUH1N+VkUdM8stqiYZeA3gFHtmaTauNUQPhm9RqfR7" +
- "ZQq8sw6ZPWQ1n+AeaMZm73J0SN2oprUMBm6lxqB0XRhK4S2UiMM/5P1VDMbVaRUtygPTBluvrB944k5oc4xJFHXRnSRnjyTjJypv" +
- "EEMcSFBLbpVSluwCAc22pos9rUZHX6pH2LCY/t2uEx5A29dN/Ni37iBnauBHsOFjKdwV++n2M3rApj+xLvOEkXt+crIVMee3bbCR" +
- "GXZg4QHgW8o3COE2lITm3+j5D4gX"
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AZSgdleGFtcGxlA2NvbQBgBvgRkQonIhsx" +
+ "khicXQ59PxhBn85TF3CyZ1/YFg01ddgb7qDZ+Wi5pvDmoEC0BStqsGGnN81RLvJN5SaGP6/495RY0C+/f+2TDgM0Z5uv2NC2FAoP" +
+ "fQe27jnOZFJSRkuMzrqfDRUMftDfHqgeEGyNoE4mrJSAesqf/ZSGZBfnl3jXTn+7oYuVI3Didl20jDoNp4tyaL5cfjvvUb0e45oq" +
+ "PIQWtoBwY6MQOOytYgBEQwdZwVlG0YSdHNK32r6Nyp/N+MW7ileJPlQLe0H6N+3Mdy4BQprkJUUpIDKdE2IyDqMxSnJkHZX1BGYU" +
+ "/JexN9tYHSDSL2zfCtHir6XznvJG";
// mirror.ftp.example.com. 259200 IN NSEC www.example.com. CNAME RRSIG NSEC
static String signedRecord24 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM="
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC8AAQAD9IAAGQN3d3cHZXhhbXBsZQNjb20AAAYEAAAAAAM=";
- // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. TDzexY2Ll8wYho+0KJdO40erisXwh89XmyFUOeXamYNNB3g0OxMeBcNh2+WIy5SoN4qaJQs4z4MddeGWBGkftmw4HH0GeIuTvDa1K2thYqwoRqjd2p4eL38Agj+2BBIle4nXqLoU+pgLsTtPSZCpJM05oRsU+pPobwewSKwXklhZmI+NnqmDIffDkcQFTn1VA8Su/9n25s0cSS2jd6mQOhhz0jZ5eGroVbSWzZf92oP+3NMb8iuRNKgjoaQkJ+XIqCJJVJPDcGDTEpixpbU05WfJtViYZ7QYujh2+zsJ16cXJGf7AH0a2HJH4MXuaRPmxAKeQ+5glQLmzvGIRHwlZQ==
+ // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 6474 example.com. rI1VRmPZ1FdkUk1dJZvy04pEXnmf1Q4zWuzq225MEBrSTefZC37Y7cgO+YiMJGo5q52rHAjmm15addDjkJ35o7OYeqRAR+3dleDN7CzSVRjdH+TV5PR4w9gTz0fj8CM8/cXD+OD6nFvnaCtVi8ujgsKDTTazda1zhVWoHk5Y5o+T/bzCE0WBE7uWjKZ17YfzAXcBMOuXTYNTiEujZNzO8WoYPIXW8F0A5K5UuMSW6pofeEevSAF5Qbb/BwFn7HBRMMHfvBnHnEv+WOWwaBjXfxtyEVv1pCDz2h4xwLV6lbmNIP7V2tqNjIFy5HbBIJK+NMSgC0I5lJEupdt379oMjQ==
static String signedRecord25 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQBMPN7FjYuXzBiG" +
- "j7Qol07jR6uKxfCHz1ebIVQ55dqZg00HeDQ7Ex4Fw2Hb5YjLlKg3ipolCzjPgx114ZYEaR+2bDgcfQZ4i5O8NrUra2FirChGqN3a" +
- "nh4vfwCCP7YEEiV7ideouhT6mAuxO09JkKkkzTmhGxT6k+hvB7BIrBeSWFmYj42eqYMh98ORxAVOfVUDxK7/2fbmzRxJLaN3qZA6" +
- "GHPSNnl4auhVtJbNl/3ag/7c0xvyK5E0qCOhpCQn5cioIklUk8NwYNMSmLGltTTlZ8m1WJhntBi6OHb7OwnXpxckZ/sAfRrYckfg" +
- "xe5pE+bEAp5D7mCVAubO8YhEfCVl"
- ;
-
- // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. j8sDbrrosoIR05x2+hWgzuenmA/DkNsDM9lA14LtlDqTfHh5VdngH7YRw11Jo752g2dxLB7SWz9tR4Lojx8EDOTpgmTy51kgsESP0nWCtmBIuW0L+6EYWr6VhnfTAqx8ssRkf/kj+YjP5HFGeRVMJRAAvdYcfh57MzUw6DmXtGAv1JuydjSRwvJffWZUxf+2x8lb0e9ntFwwxt/C39lM/ZhKwf+Tv4IWNbdarkXjFwrVnJvoSv7iqjPrgCOOAXTj/L8slh7cVIycohYFxRxBE79iXhp056WZ+P7ooQ8EiyPJSG5ihkiWuv5fwdRb2Lc4lZ7Y1OQS4YBrszLN+H9sWA==
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AZSgdleGFtcGxlA2NvbQCsjVVGY9nUV2RS" +
+ "TV0lm/LTikReeZ/VDjNa7OrbbkwQGtJN59kLftjtyA75iIwkajmrnascCOabXlp10OOQnfmjs5h6pEBH7d2V4M3sLNJVGN0f5NXk" +
+ "9HjD2BPPR+PwIzz9xcP44PqcW+doK1WLy6OCwoNNNrN1rXOFVageTljmj5P9vMITRYETu5aMpnXth/MBdwEw65dNg1OIS6Nk3M7x" +
+ "ahg8hdbwXQDkrlS4xJbqmh94R69IAXlBtv8HAWfscFEwwd+8GcecS/5Y5bBoGNd/G3IRW/WkIPPaHjHAtXqVuY0g/tXa2o2MgXLk" +
+ "dsEgkr40xKALQjmUkS6l23fv2gyN";
+
+ // mirror.ftp.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 6474 example.com. Yon05mDtr1XD3hF0LraqjfmzxRini+1hfKH/UQ+TWgCbz9TylxZXWEZqgeOnfd7kblOBfSCY5kFbulAZr38y6zG+R024+odEeeqHgr4pBkYg3HO/5MBeHP8OV8WXmyiH5jFRYKfJYhbWXI84T+af/NuZhIbLLLXaJ/T8lZVDg8KZldQEsGZqltfLr0sbvsjNipqZMXf1a9kx/w9xTECg4k7CudHD02wZHUNn7Da9yJix9WwQndx0MGRRhUadXMH/MuKsX/gJUFX+o4ZNqQ4SwRwVav+XTFPpziGpAkO3U7iJ22vmc5t904tFQOvo4IRzns0c7yGmKZPi98LjjUICdA==
static String signedRecord26 =
- "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCPywNuuuiyghHT" +
- "nHb6FaDO56eYD8OQ2wMz2UDXgu2UOpN8eHlV2eAfthHDXUmjvnaDZ3EsHtJbP21HguiPHwQM5OmCZPLnWSCwRI/SdYK2YEi5bQv7" +
- "oRhavpWGd9MCrHyyxGR/+SP5iM/kcUZ5FUwlEAC91hx+HnszNTDoOZe0YC/Um7J2NJHC8l99ZlTF/7bHyVvR72e0XDDG38Lf2Uz9" +
- "mErB/5O/ghY1t1quReMXCtWcm+hK/uKqM+uAI44BdOP8vyyWHtxUjJyiFgXFHEETv2JeGnTnpZn4/uihDwSLI8lIbmKGSJa6/l/B" +
- "1FvYtziVntjU5BLhgGuzMs34f2xY"
- ;
+ "Bm1pcnJvcgNmdHAHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AZSgdleGFtcGxlA2NvbQBiifTmYO2vVcPe" +
+ "EXQutqqN+bPFGKeL7WF8of9RD5NaAJvP1PKXFldYRmqB46d93uRuU4F9IJjmQVu6UBmvfzLrMb5HTbj6h0R56oeCvikGRiDcc7/k" +
+ "wF4c/w5XxZebKIfmMVFgp8liFtZcjzhP5p/825mEhssstdon9PyVlUODwpmV1ASwZmqW18uvSxu+yM2Kmpkxd/Vr2TH/D3FMQKDi" +
+ "TsK50cPTbBkdQ2fsNr3ImLH1bBCd3HQwZFGFRp1cwf8y4qxf+AlQVf6jhk2pDhLBHBVq/5dMU+nOIakCQ7dTuInba+Zzm33Ti0VA" +
+ "6+jghHOezRzvIaYpk+L3wuONQgJ0";
// www.example.com. 1814400 IN A 11.22.33.44
static String signedRecord27 =
- "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAECxYhLA==";
// www.example.com. 1814400 IN A 55.66.77.88
static String signedRecord28 =
- "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAAQABABuvgAAEN0JNWA==";
- // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. Kbin5k9XaVV3aBhbujpiNun9Xp7iFPwyKIrR/XCr+x+bytiubung6HO5HgUovJxeaF879msZ44xLXKRgRbesUs0hicVkhTuLDUfDiO0hsnb2mWguvD3iUdVwGaCiIuW/LimHyMYYSuhg8sTstt7Oyq8trX+Peq/QgL4pXqyryXh0FpZfJN+eRA7pQbuIxOVvEBGTbxZ6eCRvUeddaVeEYXBs4ygKO9TjZBYgzYvR5lU18dJw2SbIKoc8qKZpJmjDQT3XkTOYOmMHA6qdTfo6Pt94JRTeY7FEl9/bGmTWwKkTaKoQ9qwyMbiaon/Yked2Gmj0Uhi+kZ8JQJ8GFqnNgQ==
+ // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 6474 example.com. oCtkZqgJQS8JrLFgX1iJeIk1KZTiDeNPrYnkEccg449wzBlvg52JJZ3xUcMUkalbEO4YVe/icgzCUtxVmYPGmTWu5MGw8uTP/tth8miRNrBetBjXy4OUrFfZL491wFo6QPCr4qtdz1RkD1V6I5dTxgzMelSWkw6vNC5EMlVj2k5KwvEZwl7EFEjJUm22z47TZC/FEnSCTU0zrgBGEkfifTrvu57swZy7pYnqHvRTnrKiURykyuIAZGPaCm6+EOZ9Y2iEkAbD62ZB/kV8yWd1FOmmI9jd17C03yHRpEcbsG1wLAKcJ47Ura1Y2gz7TLE83hezwz2w9ckHHiFC6igoQA==
static String signedRecord29 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tACm4p+ZPV2lVd2gYW7o6Yjbp" +
- "/V6e4hT8MiiK0f1wq/sfm8rYrm7p4OhzuR4FKLycXmhfO/ZrGeOMS1ykYEW3rFLNIYnFZIU7iw1Hw4jtIbJ29ploLrw94lHVcBmg" +
- "oiLlvy4ph8jGGEroYPLE7LbezsqvLa1/j3qv0IC+KV6sq8l4dBaWXyTfnkQO6UG7iMTlbxARk28Wengkb1HnXWlXhGFwbOMoCjvU" +
- "42QWIM2L0eZVNfHScNkmyCqHPKimaSZow0E915EzmDpjBwOqnU36Oj7feCUU3mOxRJff2xpk1sCpE2iqEPasMjG4mqJ/2JHndhpo" +
- "9FIYvpGfCUCfBhapzYE="
- ;
-
- // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 7086 example.com. qvdxa8R5kthCTYQATZm7fEqymLKAT/ED9aWi9ROX7g/DTjcpr+TrbBsNAbf7by2XYzHjWX02ySnGTaT8D0PXFiZSKQ8KHfJUD3jiF4FGnhjbV4gP1vJa2l7fxet7DRTx4OWgl4aJNw+lCU1yoKqs9Fe8ONcnuiD64aLFhfvOqQljlUt7GBfwH1h+IptVe4PtniOVltvOmiVkd0cCr+z0rd6vka8CRiGlEoelX/VwG2kJ7qDIP2rTyP+MwbXXT2iHzKk4bVhHoKdMF1AfoK8O3fMogCpEQcWLcDaGAn5m6PfKoecWQ/gkzfvRNm5xNUOBp1JbuOvduIIwseRzivcY5w==
+ "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBlKB2V4YW1wbGUDY29tAKArZGaoCUEvCayxYF9YiXiJ" +
+ "NSmU4g3jT62J5BHHIOOPcMwZb4OdiSWd8VHDFJGpWxDuGFXv4nIMwlLcVZmDxpk1ruTBsPLkz/7bYfJokTawXrQY18uDlKxX2S+P" +
+ "dcBaOkDwq+KrXc9UZA9VeiOXU8YMzHpUlpMOrzQuRDJVY9pOSsLxGcJexBRIyVJtts+O02QvxRJ0gk1NM64ARhJH4n0677ue7MGc" +
+ "u6WJ6h70U56yolEcpMriAGRj2gpuvhDmfWNohJAGw+tmQf5FfMlndRTppiPY3dewtN8h0aRHG7BtcCwCnCeO1K2tWNoM+0yxPN4X" +
+ "s8M9sPXJBx4hQuooKEA=";
+
+ // www.example.com. 1814400 IN RRSIG A 5 3 1814400 20260901000000 20160901000000 6474 example.com. XWenkJEdbtBExhv9ZIh1fl6QCMznz2fxilWreIUXakUTrvr8xalZmC8GEwt/6ILO0GoI7jJzgtZt4Q95vKh0z8jPX3Xpr3o4pCZ18f0cj/JAWNZlaBuzlYJqy6mqiMLJRnaWdtR29TpNL8foDoeM3TDc9ZtbexaxKste9lEEVEVCE0HIT5JgMfJdCiXm3Na61mAf5lK8G+/iqnwBPrqEWjXEDX682vuczx/NzrlR+9cfG3EsiGmAjA6EzYdMc54kw1W1YeAKH8GwB++Z5E6Hm1+jlO8Tn0I37gT6BXtLJ7DYW8B395Yxo8gNNsiFC6zkVf1JXQx888bf76zasLLATA==
static String signedRecord30 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBuuB2V4YW1wbGUDY29tAKr3cWvEeZLYQk2EAE2Zu3xK" +
- "spiygE/xA/WlovUTl+4Pw043Ka/k62wbDQG3+28tl2Mx41l9Nskpxk2k/A9D1xYmUikPCh3yVA944heBRp4Y21eID9byWtpe38Xr" +
- "ew0U8eDloJeGiTcPpQlNcqCqrPRXvDjXJ7og+uGixYX7zqkJY5VLexgX8B9YfiKbVXuD7Z4jlZbbzpolZHdHAq/s9K3er5GvAkYh" +
- "pRKHpV/1cBtpCe6gyD9q08j/jMG1109oh8ypOG1YR6CnTBdQH6CvDt3zKIAqREHFi3A2hgJ+Zuj3yqHnFkP4JM370TZucTVDgadS" +
- "W7jr3biCMLHkc4r3GOc="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAALgABABuvgAEfAAEFAwAbr4BqlhWAV8dvgBlKB2V4YW1wbGUDY29tAF1np5CRHW7QRMYb/WSIdX5e" +
+ "kAjM589n8YpVq3iFF2pFE676/MWpWZgvBhMLf+iCztBqCO4yc4LWbeEPebyodM/Iz1916a96OKQmdfH9HI/yQFjWZWgbs5WCasup" +
+ "qojCyUZ2lnbUdvU6TS/H6A6HjN0w3PWbW3sWsSrLXvZRBFRFQhNByE+SYDHyXQol5tzWutZgH+ZSvBvv4qp8AT66hFo1xA1+vNr7" +
+ "nM8fzc65UfvXHxtxLIhpgIwOhM2HTHOeJMNVtWHgCh/BsAfvmeROh5tfo5TvE59CN+4E+gV7Syew2FvAd/eWMaPIDTbIhQus5FX9" +
+ "SV0MfPPG3++s2rCywEw=";
// www.example.com. 259200 IN AAAA 2001:db8:0:0:4:3:2:1
static String signedRecord31 =
- "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABAADAAIAAQ==";
// www.example.com. 259200 IN AAAA 2001:db8:0:0:5:6:7:8
static String signedRecord32 =
- "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA=="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAAHAABAAP0gAAQIAENuAAAAAAABQAGAAcACA==";
- // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. aLr5r/LMx0N0oZiLIRza84S4gFtKt1741mwWSduq1YBSPMV/wqhmzRBI/CYyHQ0YeZgWkBjXdRaZmyacJCoz8E2U3ri7L+7cHnv29ad40Eg6Oy9nubP4mpH0QUT1uYDMlTnyaFh6/iKJV9uCHkzjzmaqcKKvjWlFnwrG1qT5ThDHvVmkjaOrwtaGq1YanvGsTUEM2C333nUbhDragAQ3B9Mtk93GxD1qmgzmhDt5xjrl6X+g1AcSB6c9ho/fvrSFgOME2g2ZH7h91GiNu1v7d4noqAkxlOGg/eQz71e2rSabL3j0tjHvh7phOWmX0kPJFotPjXueyH81Tv3nHgs9tA==
+ // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 6474 example.com. DT5mdWFXBmM8JhD++OKNZJ8ZpYpV9GM01TamrTgWNbRSEVqhVo6Nyc0ltVBmf+JYVEoiHXupBDuf9PrzCKG48pSSjw/Na1+PBEQGIjOp1xD12Q+0pZdlLcACqOVQqQSm6y3b+OnttLbvG6aYhOAaKB/mHU2oqx8ysSafZgSg2/EoM9tqjXxeKe91Ogd2SWOFyhmYtyuDtSTCslqtMIOyULtdenSL/yl1IeAgXPXLdvZrQd956sJjjM+EHkBrsHX1JDQ5B8BXJv5rcy81NcL70cS/6QRNbD+2fA9Nsf+pP9kcCvM9I+PpQAtyvpEpzAahe5vTgfzY1PhZ1AgZyBfXCg==
static String signedRecord33 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAGi6+a/yzMdDdKGYiyEc2vOE" +
- "uIBbSrde+NZsFknbqtWAUjzFf8KoZs0QSPwmMh0NGHmYFpAY13UWmZsmnCQqM/BNlN64uy/u3B579vWneNBIOjsvZ7mz+JqR9EFE" +
- "9bmAzJU58mhYev4iiVfbgh5M485mqnCir41pRZ8Kxtak+U4Qx71ZpI2jq8LWhqtWGp7xrE1BDNgt9951G4Q62oAENwfTLZPdxsQ9" +
- "apoM5oQ7ecY65el/oNQHEgenPYaP3760hYDjBNoNmR+4fdRojbtb+3eJ6KgJMZThoP3kM+9Xtq0mmy949LYx74e6YTlpl9JDyRaL" +
- "T417nsh/NU795x4LPbQ="
- ;
-
- // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 7086 example.com. Qs6O4blUgwrjyO1hsW3lx7QNy6tDWZedSfcmdKMxlMIs9Sf2+r/gFaeKKRbGYBBmVku72lzkD/nQMOnK63lKQORdeugawatWNguiHlinK4bSBY8DQ7MH1FFzXHd643LYPtd4d2bZMILhcCd7twqhja+R4SJQq23ZpCZVvh4HpWsirKpyEmHZicaD5kpnIUA6Lvab7q3QhiS+6fg3vavFRnHDLDGebLzZvujeSBbfSTnoE4CaGsMJAaJUDVXW5kkL8tEn1Ynmn7sXDXhDQQX2WI1YXs2nNAkLu2Uf+VP54hPvhr5FfdCowJR3VLnAUWyVm59G2Bo4Fi27UH//UOOW/g==
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAA0+ZnVhVwZjPCYQ/vjijWSf" +
+ "GaWKVfRjNNU2pq04FjW0UhFaoVaOjcnNJbVQZn/iWFRKIh17qQQ7n/T68wihuPKUko8PzWtfjwREBiIzqdcQ9dkPtKWXZS3AAqjl" +
+ "UKkEpust2/jp7bS27xummITgGigf5h1NqKsfMrEmn2YEoNvxKDPbao18XinvdToHdkljhcoZmLcrg7UkwrJarTCDslC7XXp0i/8p" +
+ "dSHgIFz1y3b2a0HfeerCY4zPhB5Aa7B19SQ0OQfAVyb+a3MvNTXC+9HEv+kETWw/tnwPTbH/qT/ZHArzPSPj6UALcr6RKcwGoXub" +
+ "04H82NT4WdQIGcgX1wo=";
+
+ // www.example.com. 259200 IN RRSIG AAAA 5 3 259200 20260901000000 20160901000000 6474 example.com. bPWvm3b9qCraSp2EeLOuQvRSbfIRbfgn78GmonI2XrWzkOFsEiiMd1486SLyy+OXV7Ja4tgDRS4MMkFFMbvluRpOc5f2oKcZkkSAXArMNL3A2uXWvAWgOlWpykr3a6eg/DhgsSORDQi8W3Pbt9tPDH7WLROTUNaY15cRExfCDfd/ghiHDOvLu90iXqaz4hZT3kg7eBokp3dtp3B3CJrrPjhDiHyDFBaMGQ7SRK9T7o3Nbu5ueoUiRtWbyHG/s7bUECTZPoFSZrnZoO5Z2eyE4pYTwZgqdd4nKkFJktzQ5oWGZBMC4gBiyNtUqv0DgrMdBzYSLIChVATgBPgCc6cmiw==
static String signedRecord34 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAELOjuG5VIMK48jtYbFt5ce0" +
- "DcurQ1mXnUn3JnSjMZTCLPUn9vq/4BWniikWxmAQZlZLu9pc5A/50DDpyut5SkDkXXroGsGrVjYLoh5YpyuG0gWPA0OzB9RRc1x3" +
- "euNy2D7XeHdm2TCC4XAne7cKoY2vkeEiUKtt2aQmVb4eB6VrIqyqchJh2YnGg+ZKZyFAOi72m+6t0IYkvun4N72rxUZxwywxnmy8" +
- "2b7o3kgW30k56BOAmhrDCQGiVA1V1uZJC/LRJ9WJ5p+7Fw14Q0EF9liNWF7NpzQJC7tlH/lT+eIT74a+RX3QqMCUd1S5wFFslZuf" +
- "RtgaOBYtu1B//1Djlv4="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfABwFAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAGz1r5t2/agq2kqdhHizrkL0" +
+ "Um3yEW34J+/BpqJyNl61s5DhbBIojHdePOki8svjl1eyWuLYA0UuDDJBRTG75bkaTnOX9qCnGZJEgFwKzDS9wNrl1rwFoDpVqcpK" +
+ "92unoPw4YLEjkQ0IvFtz27fbTwx+1i0Tk1DWmNeXERMXwg33f4IYhwzry7vdIl6ms+IWU95IO3gaJKd3badwdwia6z44Q4h8gxQW" +
+ "jBkO0kSvU+6NzW7ubnqFIkbVm8hxv7O21BAk2T6BUma52aDuWdnshOKWE8GYKnXeJypBSZLc0OaFhmQTAuIAYsjbVKr9A4KzHQc2" +
+ "EiyAoVQE4AT4AnOnJos=";
// www.example.com. 259200 IN NSEC mirror.www.example.com. A AAAA RRSIG NSEC
static String signedRecord35 =
- "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAALwABAAP0gAAgBm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAZAAAAIAAM=";
- // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. cE3/VoGDAp5ZF9RUMWKjHOVgY47dfN9gMo9qhRssB8b2hzkbzpaMVcY7Mg3Pb/yDCoQ0MQoQNY92FcfEr/+nwruszEmGxA0Iu8EUcTd0hMsrSjslSCXEyBLUGgUYG37TsbzDyhQeUffZxHACDawmZ3ROTyJfEtRsZtjNLcCxq4zSMKIDvuqICZIqMtzTp9iaKC73/EjB7QUE2HfWJXJFyzDOqocwJP0nMyZ4HZyf6NmrqXVqSThAlzHYlG0qLbCHcztHY7u8MYayw9XeRKrCtPIvJ7T03CO5lvpFSpN4SMWCetHsTG63Unl2X93E7KvAYy/knm765++nFiDBLKFfEA==
+ // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 6474 example.com. qM3kyaRERBmX21C60OVcsh11901F95doEXyr+vYTPEHt9/ebBoKWyEu6pSSnyC8gUWHGXF7quvr/MM1g7Blx/P07UIXCTc6Uu7N02HtsI1OZqjA7AsyKxOZdgdpZ044sH0e4F3Xi0VuUIpzSIA7PN07CTWCtDqnZnVs76HQDcmGJblpVRhz2QBUeBmyO7jqXMbxNC/R7if/tEccFfxIACWaptdbcCiJlmuZTexKq7INjX/rQOnk18A4CvGC4IruJ8W4AF/UP6D3EGZ+xTcyLAVfpCAM5xc0wGdQlvrigPd7LEBqqqgI2FnWQr5aDVKniNilZ/XXx07BQlfp5eHHOcQ==
static String signedRecord36 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAHBN/1aBgwKeWRfUVDFioxzl" +
- "YGOO3XzfYDKPaoUbLAfG9oc5G86WjFXGOzINz2/8gwqENDEKEDWPdhXHxK//p8K7rMxJhsQNCLvBFHE3dITLK0o7JUglxMgS1BoF" +
- "GBt+07G8w8oUHlH32cRwAg2sJmd0Tk8iXxLUbGbYzS3AsauM0jCiA77qiAmSKjLc06fYmigu9/xIwe0FBNh31iVyRcswzqqHMCT9" +
- "JzMmeB2cn+jZq6l1akk4QJcx2JRtKi2wh3M7R2O7vDGGssPV3kSqwrTyLye09NwjuZb6RUqTeEjFgnrR7Exut1J5dl/dxOyrwGMv" +
- "5J5u+ufvpxYgwSyhXxA="
- ;
-
- // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 7086 example.com. qmeTK9aNcVAz6G7NoSMB/4ZXkG1Bv5WZLwGOhtJRlOCJ9XYcrQIlno3yJ7ujEgJJLVd+Sue3kxvclPEDBlKEJf7+iSMgitYXvonqmmW8CgCSzQPW6x/FKDCArsKVtnrO9ouZRE0INCY3ipoEJ2S31jcWg/IIV4zOQzah3wFQ/cbyFezOZauHEN7cPSzVebDxuHMALrbqZ8ynaPjzOXxrxjdxY6ZSQQe1u/Mcs0qo6iomzNRs2qfttE2FpeV/uFQGBwKroiu0XaEUoLvQdgQHPaNtvicW3quXer0RSe9daRRj959+s4TZvAwDZmgPlB3j7wX/uI7N2/u3jwCFFW1DPg==
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAKjN5MmkREQZl9tQutDlXLId" +
+ "dfdNRfeXaBF8q/r2EzxB7ff3mwaClshLuqUkp8gvIFFhxlxe6rr6/zDNYOwZcfz9O1CFwk3OlLuzdNh7bCNTmaowOwLMisTmXYHa" +
+ "WdOOLB9HuBd14tFblCKc0iAOzzdOwk1grQ6p2Z1bO+h0A3JhiW5aVUYc9kAVHgZsju46lzG8TQv0e4n/7RHHBX8SAAlmqbXW3Aoi" +
+ "ZZrmU3sSquyDY1/60Dp5NfAOArxguCK7ifFuABf1D+g9xBmfsU3MiwFX6QgDOcXNMBnUJb64oD3eyxAaqqoCNhZ1kK+Wg1Sp4jYp" +
+ "Wf118dOwUJX6eXhxznE=";
+
+ // www.example.com. 259200 IN RRSIG NSEC 5 3 259200 20260901000000 20160901000000 6474 example.com. AyKSsP17VJavRLIvZoH9mfZUa+sInVm42E0avzPXW8TVhWETrdwJyU1RVMEx9S5zhyOcFCg7Givw3L0NchTdsbgQSA8JXQov0gkhdO2rOmFL2rvMgdqrBViLDQ1lHxXi0TeHr9pxUPNjYHk3wwmxdJek4vAPd+SIw/C1inHrE44vPUvUAAIjwhrPBU2QkuHg7VRtFqnICaz6+XXPVDf1UgkghTi7OCEZFdontAovo561Znn6fccBtb5PUV9GQJdT19Wc7VnB/t5pVJy1aI9+XS8h4Jvh9rjYiOchIROTmGdttGqw/40vDy3L+3Zg8opX1tW+GfsFETbyzyxAmW+ohA==
static String signedRecord37 =
- "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBuuB2V4YW1wbGUDY29tAKpnkyvWjXFQM+huzaEjAf+G" +
- "V5BtQb+VmS8BjobSUZTgifV2HK0CJZ6N8ie7oxICSS1Xfkrnt5Mb3JTxAwZShCX+/okjIIrWF76J6pplvAoAks0D1usfxSgwgK7C" +
- "lbZ6zvaLmURNCDQmN4qaBCdkt9Y3FoPyCFeMzkM2od8BUP3G8hXszmWrhxDe3D0s1Xmw8bhzAC626mfMp2j48zl8a8Y3cWOmUkEH" +
- "tbvzHLNKqOoqJszUbNqn7bRNhaXlf7hUBgcCq6IrtF2hFKC70HYEBz2jbb4nFt6rl3q9EUnvXWkUY/effrOE2bwMA2ZoD5Qd4+8F" +
- "/7iOzdv7t48AhRVtQz4="
- ;
+ "A3d3dwdleGFtcGxlA2NvbQAALgABAAP0gAEfAC8FAwAD9IBqlhWAV8dvgBlKB2V4YW1wbGUDY29tAAMikrD9e1SWr0SyL2aB/Zn2" +
+ "VGvrCJ1ZuNhNGr8z11vE1YVhE63cCclNUVTBMfUuc4cjnBQoOxor8Ny9DXIU3bG4EEgPCV0KL9IJIXTtqzphS9q7zIHaqwVYiw0N" +
+ "ZR8V4tE3h6/acVDzY2B5N8MJsXSXpOLwD3fkiMPwtYpx6xOOLz1L1AACI8IazwVNkJLh4O1UbRapyAms+vl1z1Q39VIJIIU4uzgh" +
+ "GRXaJ7QKL6OetWZ5+n3HAbW+T1FfRkCXU9fVnO1Zwf7eaVSctWiPfl0vIeCb4fa42IjnISETk5hnbbRqsP+NLw8ty/t2YPKKV9bV" +
+ "vhn7BRE28s8sQJlvqIQ=";
// mirror.www.example.com. 315360000 IN CNAME www.example.com.
static String signedRecord38 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A"
- ;
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAAUAARLMAwAAEQN3d3cHZXhhbXBsZQNjb20A";
- // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. exhZD2NsH4+Wl5oqmAGVL9qia+H09E5vYlMFNE0mNITxKOko/PGOTwqZ8RWxX1HxogazTRFLxwe2hUN/pZ5z7uB74YW0i9gDKaekvqsuV2Y9GfB+eygYDMjF2zPVBBEGyPe0+wUtN6aOaJrIxGQcQR9qzSXSvL6s15o8/LpmanP5EAn7H5Re9Tbb266Bg0vcDRjQtkqaGHhglxHul3OyO3VFjor+pzXTFMy8ZgzbvaZzkvF3ZGVwuP3j8q+Yd8gyZk9mn6SrYgh0xB0c+JpPfBBMaaQgZMVxIeVWsCDkG6cSAPskYmV1E10wQL/OyO39oYRuFggjD9oLMwaLCsyLEw==
+ // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 6474 example.com. Dz6E+egQkyFtS6nV+xRcluB9xfA4IDiywNjz7oRWCqXq8+dG2POmaIU39SB3vFXRtyhIB3wvB37mhVdaxrIGcq844H5P63nMQ1sxQy/T+3Ewk1UIt3tbqnk9MzXaDeAnZK1K6/loR7QdoeUMFDigH01SvneB6UsMq17he6s6KJ0ff8sSfXRE04Z7lsdwTKHMLRQplYkAqXUlvCZkrtfub1riGZXj4klB131bmmu8GiKBaY9OySIltE7iypN2pEIxzqmjvkB0P4rF+FIX4vNSmyclAqXmZS66kmI5JI0ehMiKbkchabwcaOKuZP+6FQNOHWtiG/GDFOjzM0gByfwc9A==
static String signedRecord39 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQB7GFkPY2wfj5aX" +
- "miqYAZUv2qJr4fT0Tm9iUwU0TSY0hPEo6Sj88Y5PCpnxFbFfUfGiBrNNEUvHB7aFQ3+lnnPu4HvhhbSL2AMpp6S+qy5XZj0Z8H57" +
- "KBgMyMXbM9UEEQbI97T7BS03po5omsjEZBxBH2rNJdK8vqzXmjz8umZqc/kQCfsflF71NtvbroGDS9wNGNC2SpoYeGCXEe6Xc7I7" +
- "dUWOiv6nNdMUzLxmDNu9pnOS8XdkZXC4/ePyr5h3yDJmT2afpKtiCHTEHRz4mk98EExppCBkxXEh5VawIOQbpxIA+yRiZXUTXTBA" +
- "v87I7f2hhG4WCCMP2gszBosKzIsT"
- ;
-
- // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 7086 example.com. gZyxIHqTEteEA0Eg0svk3Ykyl/kQd8+N0oiua9sy6GCHT0onwZ3FYzFDyBq7W3nJVTPPGy2+VtDB1ZTNT7oXXTp1g5AFOoXC252lOggpFB0QVS0eLd3KW6Rz8/uPHGLE16xUaVSOW1oRt2xrcGZSFpkg0Fe/VkV2XpKN369wf9zJIuQ9nVQ8UBMadetB3gf17xkA4cyb6T/ckxtQev2G7zyN351VAJjQ4rUS9+UYfPEtXdKtbfVwPZw3p+WLWNtt4c3OcgNVOxkwOvHrlATXCi/P2bGcAQ5njy4hQP7faYwtsbZKjyKDfVgFwerFPisBVC3rflQSvoTrsHEA0+pWYw==
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AZSgdleGFtcGxlA2NvbQAPPoT56BCTIW1L" +
+ "qdX7FFyW4H3F8DggOLLA2PPuhFYKperz50bY86ZohTf1IHe8VdG3KEgHfC8HfuaFV1rGsgZyrzjgfk/recxDWzFDL9P7cTCTVQi3" +
+ "e1uqeT0zNdoN4CdkrUrr+WhHtB2h5QwUOKAfTVK+d4HpSwyrXuF7qzoonR9/yxJ9dETThnuWx3BMocwtFCmViQCpdSW8JmSu1+5v" +
+ "WuIZlePiSUHXfVuaa7waIoFpj07JIiW0TuLKk3akQjHOqaO+QHQ/isX4Uhfi81KbJyUCpeZlLrqSYjkkjR6EyIpuRyFpvBxo4q5k" +
+ "/7oVA04da2Ib8YMU6PMzSAHJ/Bz0";
+
+ // mirror.www.example.com. 315360000 IN RRSIG CNAME 5 4 315360000 20260901000000 20160901000000 6474 example.com. BR6S7/ewqnu1Tusw5CcTuRg6yShim2H5HA3kU/+buzcwUzzLiUZbAczS6u7DputYCmxZyjFvO2dB03cfuTKwgXow2BiNIUHlyCFdIvakKZiqqfoIetwIsu8j2C1cflNI9WAQsINsRBluOZqqBoeSU6f/IEdUUOadej4c4L9TOe9Fpwq696zXwgImCCBip2ohk+m23bQSAs35n5F3Z2EgNGXHPy2DaDKlPPpRv0uDSPP9xNNq9/l71ole6LmxuWnSnPTYg6/CMtYcTlWcmd5zb6fdUVZ6rKs4p/ei6tgrNqljOR8pH6ab9trhHVKyl8ADb3dqp7HabmO95HKYIGgp7A==
static String signedRecord40 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCBnLEgepMS14QD" +
- "QSDSy+TdiTKX+RB3z43SiK5r2zLoYIdPSifBncVjMUPIGrtbeclVM88bLb5W0MHVlM1PuhddOnWDkAU6hcLbnaU6CCkUHRBVLR4t" +
- "3cpbpHPz+48cYsTXrFRpVI5bWhG3bGtwZlIWmSDQV79WRXZeko3fr3B/3Mki5D2dVDxQExp160HeB/XvGQDhzJvpP9yTG1B6/Ybv" +
- "PI3fnVUAmNDitRL35Rh88S1d0q1t9XA9nDen5YtY223hzc5yA1U7GTA68euUBNcKL8/ZsZwBDmePLiFA/t9pjC2xtkqPIoN9WAXB" +
- "6sU+KwFULet+VBK+hOuwcQDT6lZj"
- ;
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AARLMAwABHwAFBQQSzAMAapYVgFfHb4AZSgdleGFtcGxlA2NvbQAFHpLv97Cqe7VO" +
+ "6zDkJxO5GDrJKGKbYfkcDeRT/5u7NzBTPMuJRlsBzNLq7sOm61gKbFnKMW87Z0HTdx+5MrCBejDYGI0hQeXIIV0i9qQpmKqp+gh6" +
+ "3Aiy7yPYLVx+U0j1YBCwg2xEGW45mqoGh5JTp/8gR1RQ5p16Phzgv1M570WnCrr3rNfCAiYIIGKnaiGT6bbdtBICzfmfkXdnYSA0" +
+ "Zcc/LYNoMqU8+lG/S4NI8/3E02r3+XvWiV7oubG5adKc9NiDr8Iy1hxOVZyZ3nNvp91RVnqsqzin96Lq2Cs2qWM5Hykfppv22uEd" +
+ "UrKXwANvd2qnsdpuY73kcpggaCns";
// mirror.www.example.com. 259200 IN NSEC example.com. CNAME RRSIG NSEC
static String signedRecord41 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw=="
- ;
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC8AAQAD9IAAFQdleGFtcGxlA2NvbQAABgQAAAAAAw==";
- // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. FJuXbcTQLDjZHx6+PdtsWJf6mBYAAAZVTbSnbUfPczO3S5uIyfw7JYYop8DhcKt2L9Rrpt54MYvDnB/nX54gNdkjnhyRrXMQKXi2GFIjZ7HBuvIrBbDC6RAyastrbFc8QYKRkdDlvrvWZVhhkBCK2AczvwcRUtq2qlOGvBjmkOOm0PaikFqGVVyBcco/l7wGOn4l3Ntt3hm6+oO6dx4SnKE6nlD534AnTIWPC8dhy0FDgrWrbaV1KGnO6hd3ig6dYc4cK0Y7Gwn7rpHW/Kvz0wAPPDHQPFJ/8rlmse/u2+OT3ceDKyO8qYMZqmGLpPDhRvH+xQlzOg9fuH8ovfnGGQ==
+ // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 6474 example.com. jed/RTkOLnTry5pS0M0+1xun+dKq2IS7A4uzA4eYhRoF+Eibt8Oe8uOXsQTk0pN5wg8leTc+O/FZxggnrlVdVW6Q1KuVoEy6gX9kRZ2vatL0n+u6lbtiFVm8b3p57L4TdE0OsJHWuQZF7ABFRLyqyHV2FQvxLHHdoFjXupLrbeEroLzcytOcT1UZQi3WRZ5b6yq0INOMmxbPIqXRZoRFPvb5pDD+9LRYLrmgiKeaUDQ7c0eYFs182eJ0BMTdJChfa2Ixry3WtLuNd24UxsIqOl0Lle/YBR/wXW1ziCZBbAau0JmgzgrgJN1TBTMI4rm+/1Q+mrHP6U5Jy3S8syMY/w==
static String signedRecord42 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQAUm5dtxNAsONkf" +
- "Hr4922xYl/qYFgAABlVNtKdtR89zM7dLm4jJ/DslhiinwOFwq3Yv1Gum3ngxi8OcH+dfniA12SOeHJGtcxApeLYYUiNnscG68isF" +
- "sMLpEDJqy2tsVzxBgpGR0OW+u9ZlWGGQEIrYBzO/BxFS2raqU4a8GOaQ46bQ9qKQWoZVXIFxyj+XvAY6fiXc223eGbr6g7p3HhKc" +
- "oTqeUPnfgCdMhY8Lx2HLQUOCtattpXUoac7qF3eKDp1hzhwrRjsbCfuukdb8q/PTAA88MdA8Un/yuWax7+7b45Pdx4MrI7ypgxmq" +
- "YYuk8OFG8f7FCXM6D1+4fyi9+cYZ"
- ;
-
- // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 7086 example.com. juolOEekkCQNFcatcICnWE6QCUdEUevSNfvtZBkS+7ZzQytQ0SlbqZDaUHT6DX46RGkRTicM62xHFIr8v0/EuAgJRMoVWJAxwC4Z8ODDmSrMkvFAOAu8dUhFoPSmbiaUCFioT26UwXGw74y74AJt91n1ewEu1AtEWVA+K4J43kjLCapdX+nCqToyxinecHt8Kn1x2vr5ql+EcGHmq7bvocQxHm30fS/yEt1MPD8LvNAFNO+exeLP0WIKZt+RWgMTHQjuV64iAZjgqFNVKvpptkSjturcVAAWYipAy2YBW5Io/RPwgwvhinh164BJfTIa8LX9bg0O41pyAyoNDXLvOg==
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AZSgdleGFtcGxlA2NvbQCN539FOQ4udOvL" +
+ "mlLQzT7XG6f50qrYhLsDi7MDh5iFGgX4SJu3w57y45exBOTSk3nCDyV5Nz478VnGCCeuVV1VbpDUq5WgTLqBf2RFna9q0vSf67qV" +
+ "u2IVWbxvennsvhN0TQ6wkda5BkXsAEVEvKrIdXYVC/Escd2gWNe6kutt4SugvNzK05xPVRlCLdZFnlvrKrQg04ybFs8ipdFmhEU+" +
+ "9vmkMP70tFguuaCIp5pQNDtzR5gWzXzZ4nQExN0kKF9rYjGvLda0u413bhTGwio6XQuV79gFH/BdbXOIJkFsBq7QmaDOCuAk3VMF" +
+ "Mwjiub7/VD6asc/pTknLdLyzIxj/";
+
+ // mirror.www.example.com. 259200 IN RRSIG NSEC 5 4 259200 20260901000000 20160901000000 6474 example.com. CAaJfIGFzXL0hF4dGPlZcYKIc2PaLzrR2C+U0BmX15/lnIhFwpSHToGc222RD1qI/LOQ+j9fILhNQVtCF6H0SmdIFcBherNRt3e8DG02bkuJGzUxmDGXTrAfw6xB5GOkvG8n44Ga6uh6PGALVjtytuXVRWnq3Um2spZNSmySEEuePR2ZHuh3Sh6fyrzyabWfMT9X/c3nR4QZbU8ucpRQ6vxV429S6eAeRKuaeXxB+bBTaafiHkluR1S2PoD35FQvE4qMx3LAPccsJ1apYovm4RtpL/K8Z6l44BJdTZFaaJIYb/LBwp2NUngK8+tUDreyu5QqVwsZ/7eWqGFPSn8/8A==
static String signedRecord43 =
- "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AbrgdleGFtcGxlA2NvbQCO6iU4R6SQJA0V" +
- "xq1wgKdYTpAJR0RR69I1++1kGRL7tnNDK1DRKVupkNpQdPoNfjpEaRFOJwzrbEcUivy/T8S4CAlEyhVYkDHALhnw4MOZKsyS8UA4" +
- "C7x1SEWg9KZuJpQIWKhPbpTBcbDvjLvgAm33WfV7AS7UC0RZUD4rgnjeSMsJql1f6cKpOjLGKd5we3wqfXHa+vmqX4RwYeartu+h" +
- "xDEebfR9L/IS3Uw8Pwu80AU0757F4s/RYgpm35FaAxMdCO5XriIBmOCoU1Uq+mm2RKO26txUABZiKkDLZgFbkij9E/CDC+GKeHXr" +
- "gEl9Mhrwtf1uDQ7jWnIDKg0Ncu86"
- ;
-
- // example.com. 1234000 IN DS 15637 5 2 66CB3389BD6CF3462881AF506BE452DB6AD63D6FADC303BDB0B0629859DA8482
+ "Bm1pcnJvcgN3d3cHZXhhbXBsZQNjb20AAC4AAQAD9IABHwAvBQQAA/SAapYVgFfHb4AZSgdleGFtcGxlA2NvbQAIBol8gYXNcvSE" +
+ "Xh0Y+VlxgohzY9ovOtHYL5TQGZfXn+WciEXClIdOgZzbbZEPWoj8s5D6P18guE1BW0IXofRKZ0gVwGF6s1G3d7wMbTZuS4kbNTGY" +
+ "MZdOsB/DrEHkY6S8byfjgZrq6Ho8YAtWO3K25dVFaerdSbaylk1KbJIQS549HZke6HdKHp/KvPJptZ8xP1f9zedHhBltTy5ylFDq" +
+ "/FXjb1Lp4B5Eq5p5fEH5sFNpp+IeSW5HVLY+gPfkVC8TiozHcsA9xywnVqlii+bhG2kv8rxnqXjgEl1NkVpokhhv8sHCnY1SeArz" +
+ "61QOt7K7lCpXCxn/t5aoYU9Kfz/w";
+
+ // example.com. 1234000 IN DS 14612 5 2 37C24F64B82C58B513FA334DD5CEBF0BB732AAF3CA237B432CC88C17CE760385
static String dsRecord0 =
- "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ9FQUCZsszib1s80Yoga9Qa+RS22rWPW+twwO9sLBimFnahII="
- ;
+ "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ5FAUCN8JPZLgsWLUT+jNN1c6/C7cyqvPKI3tDLMiMF852A4U=";
- // example.com. 1234000 IN DS 15637 5 2 66CB3389BD6CF3462881AF506BE452DB6AD63D6FADC303BDB0B0629859DA8482
+ // example.com. 1234000 IN DS 14612 5 2 37C24F64B82C58B513FA334DD5CEBF0BB732AAF3CA237B432CC88C17CE760385
static String dsRecord1 =
- "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ9FQUCZsszib1s80Yoga9Qa+RS22rWPW+twwO9sLBimFnahII="
- ;
+ "B2V4YW1wbGUDY29tAAArAAEAEtRQACQ5FAUCN8JPZLgsWLUT+jNN1c6/C7cyqvPKI3tDLMiMF852A4U=";
- // example.com. 31556952 IN DNSKEY 256 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1PW+AQIHyKwwHK02NhB79iHm/I4wmwCcSlpcBAGMrT7JNawC+9gKE5PGT9s8XTtEOZeVXjo/IB1c8Ml3sxJ7P2ds5sGsJ/4M3W36W+njhJeXuL2ljIbQprAs0IRbg5SP673ymZR9no3fgXGoH8CiGnNVz2l05S2xtMY5WSaVbYm9rvbTr206EqB0dqI0CLU98O57fvfMpaBaWu3UY7xdQshVsQDZtpySDOnkfdTtxQfM7UVmxsDFty0CoZotChqe+FlunnUt+odk0L7pQrFDU+1TmwRT+HKpv6KYJ/5kmA3XIQr+KHY0U69k+GnDqxY0QwmyF1MmOwc9WYxhzEJRQIDAQAB
-// keytag 7086
+ // example.com. 31556952 IN DNSKEY 256 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmmLY619r5TppHD+ZLEmGKHeGX/Q/k7+39dcjaBPsF0kc6XF3LHza0/Yz5ye433wiPNwXL+7TI1FnMG2APqyLqMq+B+b0yAIgZH1DTBLQjEsYqAesKgiIkXFsRQagebi8xb37UIL3FdcPBsbmPem9q0qnC5/FTnXHkSCAf2lZ2tYnG1aKpyVmyxNOXvC1/EdmGbjKhv+k3xvj39LWgJJrxvUxOeN0AYIKo2Nf1HeRyvwsAJtfi1NzOV++F1P7GPKAqLZGXzxe5zKnytNBnMhRMU3JekXCurjvWqu6yBMvtnTz++K5PIG+L+sUztaqE9BbTOe37isP+HIHAkOdmXMVQIDAQAB
+// keytag 6474
static String zoneDnsKeyRecord =
- "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MglJTglETlNLRVkJMjU2IDMgNSBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1J" +
- "SUJDZ0tDQVFFQXIxUFcrQVFJSHlLd3dISzAyTmhCNzlpSG0vSTR3bXdDY1NscGNCQUdNclQ3Sk5hd0MrOWdLRTVQR1Q5czhYVHRF" +
- "T1plVlhqby9JQjFjOE1sM3N4SjdQMmRzNXNHc0ovNE0zVzM2VytuamhKZVh1TDJsakliUXByQXMwSVJiZzVTUDY3M3ltWlI5bm8z" +
- "ZmdYR29IOENpR25OVnoybDA1UzJ4dE1ZNVdTYVZiWW05cnZiVHIyMDZFcUIwZHFJMENMVTk4TzU3ZnZmTXBhQmFXdTNVWTd4ZFFz" +
- "aFZzUURadHB5U0RPbmtmZFR0eFFmTTdVVm14c0RGdHkwQ29ab3RDaHFlK0ZsdW5uVXQrb2RrMEw3cFFyRkRVKzFUbXdSVCtIS3B2" +
- "NktZSi81a21BM1hJUXIrS0hZMFU2OWsrR25EcXhZMFF3bXlGMU1tT3djOVdZeGh6RUpSUUlEQVFBQg=="
- ;
-
- // example.com. 315569520 IN DNSKEY 257 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuhlsAmUsA9dDrRx08mkJv31Am4CUmajCzIlmR6nB/BQ09FOS9qiTP7FdFlBh7NvLz526Wx953A9ZubkeBEOFoBMmeFFpY5ZBkVcjgZ0ml26ecPcl2hLr8Nxy2VsIpefstvKuflcrNR+aDmd8RMB/tPF5ZWmHExbfmCRoinP9ZyEXrLHJsojyfqvKaITIGi1ZdxX28ThJPG+Bf6FyrgWfAmCDkQKpayhQKIm0jkc03XFsnNoNbzflcscIKvQNXpXZ5hn5UB9X0VGXp6SE6EnNU2Jm2Jsv1XbL/E/G6oHyfioJe4Y4mHcRbn/8ilD/Kd9RZWboXBElFZm4jlmeY8SVQwIDAQAB
-// keytag 7086
+ "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MglJTglETlNLRVkJMjU2IDMgNSBNSUlCSWpBTkJna3Foa2lH\nOXcwQkFRRUZBQU9DQVE4QU" +
+ "1JSUJDZ0tDQVFFQXdtbUxZNjE5cjVUcHBIRCtaTEVtR0tIZUdYL1Ev\nazcrMzlkY2phQlBzRjBrYzZYRjNMSHphMC9ZejV5ZTQz" +
+ "M3dpUE53WEwrN1RJMUZuTUcyQVBxeUxx\nTXErQitiMHlBSWdaSDFEVEJMUWpFc1lxQWVzS2dpSWtYRnNSUWFnZWJpOHhiMzdVSU" +
+ "wzRmRjUEJz\nYm1QZW05cTBxbkM1L0ZUblhIa1NDQWYybFoydFluRzFhS3B5Vm15eE5PWHZDMS9FZG1HYmpLaHYr\nazN4dmozOU" +
+ "xXZ0pKcnh2VXhPZU4wQVlJS28yTmYxSGVSeXZ3c0FKdGZpMU56T1YrK0YxUDdHUEtB\ncUxaR1h6eGU1ektueXROQm5NaFJNVTNK" +
+ "ZWtYQ3VyanZXcXU2eUJNdnRuVHorK0s1UElHK0wrc1V6\ndGFxRTlCYlRPZTM3aXNQK0hJSEFrT2RtWE1WUUlEQVFBQg==";
+
+ // example.com. 315569520 IN DNSKEY 257 3 5 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3YoFGF+61eZRLUAA1kQLUreud4rMQw9jabHY9R7zXZIEFfhIPh760MtY2DhxrqktXIcwexHP8IGwSLXB2bdMcA+dml84vFJkbvTYKSdwyy6CW1Q1Rruyygj0IlciHUGNNKgwigVL9SsPfVqEn8/3ROgWe9QZDu6s8LyuacH7xukzrX4Ad+KRiI/LLVBm6rJkNoQ3uweyCu6sCQWynvajKDRM37JDLxdUc+gLrDswLn2gROIwjugKEN6ay5/GPbaH4CcIbGuwaZ42LX+vqWJt1cLPMzOpP2GGq5GB4Ai8q8Q5oeyWzKalHjmRdokdDlrv2de64i1kK+S1BMLK5Z7bPQIDAQAB
+// keytag 6474
static String keyDnsKeyRecord =
- "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MjAJSU4JRE5TS0VZCTI1NyAzIDUgTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFN" +
- "SUlCQ2dLQ0FRRUF1aGxzQW1Vc0E5ZERyUngwOG1rSnYzMUFtNENVbWFqQ3pJbG1SNm5CL0JRMDlGT1M5cWlUUDdGZEZsQmg3TnZM" +
- "ejUyNld4OTUzQTladWJrZUJFT0ZvQk1tZUZGcFk1WkJrVmNqZ1owbWwyNmVjUGNsMmhMcjhOeHkyVnNJcGVmc3R2S3VmbGNyTlIr" +
- "YURtZDhSTUIvdFBGNVpXbUhFeGJmbUNSb2luUDlaeUVYckxISnNvanlmcXZLYUlUSUdpMVpkeFgyOFRoSlBHK0JmNkZ5cmdXZkFt" +
- "Q0RrUUtwYXloUUtJbTBqa2MwM1hGc25Ob05iemZsY3NjSUt2UU5YcFhaNWhuNVVCOVgwVkdYcDZTRTZFbk5VMkptMkpzdjFYYkwv" +
- "RS9HNm9IeWZpb0plNFk0bUhjUmJuLzhpbEQvS2Q5UlpXYm9YQkVsRlptNGpsbWVZOFNWUXdJREFRQUI="
- ;
-
+ "ZXhhbXBsZS5jb20uCQkzMTU1Njk1MjAJSU4JRE5TS0VZCTI1NyAzIDUgTUlJQklqQU5CZ2txaGtp\nRzl3MEJBUUVGQUFPQ0FROE" +
+ "FNSUlCQ2dLQ0FRRUEzWW9GR0YrNjFlWlJMVUFBMWtRTFVyZXVkNHJN\nUXc5amFiSFk5Ujd6WFpJRUZmaElQaDc2ME10WTJEaHhy" +
+ "cWt0WEljd2V4SFA4SUd3U0xYQjJiZE1j\nQStkbWw4NHZGSmtidlRZS1Nkd3l5NkNXMVExUnJ1eXlnajBJbGNpSFVHTk5LZ3dpZ1" +
+ "ZMOVNzUGZW\ncUVuOC8zUk9nV2U5UVpEdTZzOEx5dWFjSDd4dWt6clg0QWQrS1JpSS9MTFZCbTZySmtOb1EzdXdl\neUN1NnNDUV" +
+ "d5bnZhaktEUk0zN0pETHhkVWMrZ0xyRHN3TG4yZ1JPSXdqdWdLRU42YXk1L0dQYmFI\nNENjSWJHdXdhWjQyTFgrdnFXSnQxY0xQ" +
+ "TXpPcFAyR0dxNUdCNEFpOHE4UTVvZXlXekthbEhqbVJk\nb2tkRGxydjJkZTY0aTFrSytTMUJNTEs1WjdiUFFJREFRQUI=";
static List<Record> signedList;
static List<Record> postZoneList;
static List<Record> dsRecordList = new ArrayList<>();
@@ -582,8 +539,7 @@ public class SigningData {
.map(field -> {
try {
return field.get(null).toString();
- }
- catch (Exception e) {
+ } catch (Exception e) {
System.out.println("Failed getting static field " + name + " for class " + clazz);
e.printStackTrace();
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/aeaf12d3/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
index b72da8a..d3d6674 100644
--- a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/SigningTestDataGenerator.java
@@ -5,6 +5,7 @@ import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
import org.junit.Before;
import org.junit.Test;
import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
import org.xbill.DNS.DSRecord;
import org.xbill.DNS.Name;
import org.xbill.DNS.Record;
@@ -17,6 +18,7 @@ import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Base64;
import java.util.List;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.generateZoneRecords;
@@ -27,10 +29,20 @@ import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneT
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1;
import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2;
import static java.util.Base64.getEncoder;
+import static java.util.Base64.getMimeEncoder;
import static java.util.stream.Collectors.toList;
import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
public class SigningTestDataGenerator {
+ private Base64.Encoder encoder = getMimeEncoder(76, new byte[]{'\n'});
+
+ byte[] encode(byte[] data) {
+ return new String(encoder.encode(getEncoder().encode(data))).replaceAll("\n", "\\\\n").getBytes();
+ }
+
+ String encodeDnsKeyRecord(DNSKEYRecord dnskeyRecord) {
+ return new String(getMimeEncoder(76, new byte[]{'\n'}).encode(dnskeyRecord.toString().getBytes())).replaceAll("\n", "\\\\n");
+ }
void dumpKeyPair(String varPrefix, KeyPair keyPair) throws IOException {
dumpKey(String.format("%sPublic", varPrefix), keyPair.getPublic());
@@ -41,11 +53,12 @@ public class SigningTestDataGenerator {
byte[] base64Encoded;
if (key instanceof RSAPrivateCrtKeyImpl) {
- base64Encoded = getEncoder().encode(new Pkcs1Converter().toBytes((RSAPrivateCrtKeyImpl) key));
+ String s = new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) key);
+ base64Encoded = new String(encoder.encode(s.getBytes())).replaceAll("\n", "\\\\n").getBytes();
} else if (key instanceof RSAPublicKey) {
- base64Encoded = getEncoder().encode(new Pkcs1Converter().toBytes((RSAPublicKey) key));
+ base64Encoded = getEncoder().encode(new Pkcs1Formatter().toBytes((RSAPublicKey) key));
} else {
- base64Encoded = getEncoder().encode(key.getEncoded());
+ base64Encoded = encode(encode(key.getEncoded()));
}
System.out.println(makeBase64StringVar(varName, new String(base64Encoded)));
@@ -92,13 +105,13 @@ public class SigningTestDataGenerator {
JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
List<DnsKeyPair> kskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(keySigningKeyRecord, ksk1.getPrivate()),
- new DnsKeyPair(keySigningKeyRecord, ksk2.getPrivate())
+ new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk1.getPrivate())),
+ new DnsKeyPair(keySigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) ksk2.getPrivate()))
));
List<DnsKeyPair> zskPairs = new ArrayList<>(Arrays.asList(
- new DnsKeyPair(zoneSigningKeyRecord, zsk1.getPrivate()),
- new DnsKeyPair(zoneSigningKeyRecord, zsk2.getPrivate())
+ new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk1.getPrivate())),
+ new DnsKeyPair(zoneSigningKeyRecord, new BindPrivateKeyFormatter().format((RSAPrivateCrtKeyImpl) zsk2.getPrivate()))
));
List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records, kskPairs, zskPairs,
@@ -133,11 +146,11 @@ public class SigningTestDataGenerator {
System.out.println("// " + zoneSigningKeyRecord);
System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("zoneDnsKeyRecord", new String(getEncoder().encode(zoneSigningKeyRecord.toString().getBytes()))));
+ System.out.println(makeBase64StringVar("zoneDnsKeyRecord", encodeDnsKeyRecord(zoneSigningKeyRecord)));
System.out.println("// " + keySigningKeyRecord);
System.out.println("// keytag " + zoneSigningKeyRecord.getFootprint());
- System.out.println(makeBase64StringVar("keyDnsKeyRecord", new String(getEncoder().encode(keySigningKeyRecord.toString().getBytes()))));
+ System.out.println(makeBase64StringVar("keyDnsKeyRecord", encodeDnsKeyRecord(keySigningKeyRecord)));
}
@Test
[10/12] incubator-trafficcontrol git commit: TR - can now opt to use
dns sec signing without jdnssec
Posted by ne...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
new file mode 100644
index 0000000..e847991
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneSignerTest.java
@@ -0,0 +1,188 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection;
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.DNSKeyPairWrapper;
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPair;
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.DnsSecKeyPairImpl;
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.JDnsSecSigner;
+import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneSignerImpl;
+import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
+import com.verisignlabs.dnssec.security.DnsKeyPair;
+import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
+import com.verisignlabs.dnssec.security.SignUtils;
+import org.json.JSONObject;
+import org.junit.Before;
+import org.junit.Test;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Record;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Stream;
+
+import static com.comcast.cdn.traffic_control.traffic_router.core.IsEqualCollection.equalTo;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.keySigningKeyRecord;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk1;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.ksk2;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.origin;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2016;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.sep_1_2026;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zoneSigningKeyRecord;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk1;
+import static com.comcast.cdn.traffic_control.traffic_router.core.dns.keys.ZoneTestRecords.zsk2;
+import static java.util.Arrays.asList;
+import static java.util.stream.Collectors.toList;
+import static org.junit.Assert.assertThat;
+import static org.xbill.DNS.DSRecord.SHA256_DIGEST_ID;
+
+public class ZoneSignerTest {
+
+ private DnsKeyPair kskPair1;
+ private DnsKeyPair kskPair2;
+ private DnsKeyPair zskPair1;
+ private DnsKeyPair zskPair2;
+ private JSONObject ksk1Json;
+ private JSONObject ksk2Json;
+ private JSONObject zsk1Json;
+ private JSONObject zsk2Json;
+ private final long dsTtl = 1234000L;
+
+ @Before
+ public void before() throws Exception {
+ ZoneTestRecords.generateZoneRecords(false);
+ SigningData.recreateData();
+
+ kskPair1 = new DnsKeyPair(keySigningKeyRecord, ksk1.getPrivate());
+ kskPair2 = new DnsKeyPair(keySigningKeyRecord, ksk2.getPrivate());
+ zskPair1 = new DnsKeyPair(zoneSigningKeyRecord, zsk1.getPrivate());
+ zskPair2 = new DnsKeyPair(zoneSigningKeyRecord, zsk2.getPrivate());
+
+ // Data like we would fetch from traffic ops api for dnsseckeys.json
+ ksk1Json = new JSONObject("{" +
+ "'inceptionDate':1475280000," +
+ "'effectiveDate': 1475280000," +
+ "'expirationDate': 1790812800," +
+ "'ttl': 3600," +
+ "'name':'example.com.'," +
+ "'private': '" + SigningData.ksk1Private + "'," +
+ "'public': '" + SigningData.keyDnsKeyRecord + "'" +
+ "}");
+
+
+ ksk2Json = new JSONObject("{" +
+ "'inceptionDate':1475280000," +
+ "'effectiveDate': 1475280000," +
+ "'expirationDate': 1790812800," +
+ "'ttl': 3600," +
+ "'name':'example.com.'," +
+ "'private': '" + SigningData.ksk2Private + "'," +
+ "'public': '" + SigningData.keyDnsKeyRecord + "'" +
+ "}");
+
+ zsk1Json = new JSONObject("{" +
+ "'inceptionDate':1475280000," +
+ "'effectiveDate': 1475280000," +
+ "'expirationDate': 1790812800," +
+ "'ttl': 31556952," +
+ "'name':'example.com.'," +
+ "'private': '" + SigningData.zsk1Private + "'," +
+ "'public': '" + SigningData.zoneDnsKeyRecord + "'" +
+ "}");
+
+ zsk2Json = new JSONObject("{" +
+ "'inceptionDate':1475280000," +
+ "'effectiveDate': 1475280000," +
+ "'expirationDate': 1790812800," +
+ "'ttl': 315569520," +
+ "'name':'example.com.'," +
+ "'private': '" + SigningData.zsk2Private + "'," +
+ "'public': '" + SigningData.zoneDnsKeyRecord + "'" +
+ "}");
+ }
+
+ @Test
+ public void itCanReproduceResultsDirectlyFromJdnsSec() throws Exception {
+ List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
+ List<DnsKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2));
+
+ JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
+
+ final List<Record> signedRecords = signer.signZone(origin, ZoneTestRecords.records,
+ kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
+
+ assertThat(signedRecords, equalTo(SigningData.signedList));
+ assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList));
+ }
+
+ @Test
+ public void itReturnsSameResults() throws Exception {
+ DNSKeyPairWrapper ksk1Wrapper = new DNSKeyPairWrapper(ksk1Json, 1234);
+ ksk1Wrapper.setPrivate(new Pkcs1(SigningData.ksk1Private).getPrivateKey());
+
+ assertThat(ksk1Wrapper.getDNSKEYRecord(), equalTo(kskPair1.getDNSKEYRecord()));
+
+ DNSKeyPairWrapper ksk2Wrapper = new DNSKeyPairWrapper(ksk2Json, 1234);
+ ksk2Wrapper.setPrivate(new Pkcs1(SigningData.ksk2Private).getPrivateKey());
+
+ assertThat(ksk2Wrapper.getDNSKEYRecord(), equalTo(kskPair2.getDNSKEYRecord()));
+
+ List<DnsSecKeyPair> kskWrapperPairs = new ArrayList<>(asList(ksk1Wrapper, ksk2Wrapper));
+
+ DNSKeyPairWrapper zsk1Wrapper = new DNSKeyPairWrapper(zsk1Json, 1234);
+ zsk1Wrapper.setPrivate(new Pkcs1(SigningData.zsk1Private).getPrivateKey());
+
+ assertThat(zsk1Wrapper.getDNSKEYRecord(), equalTo(zskPair1.getDNSKEYRecord()));
+
+ DNSKeyPairWrapper zsk2Wrapper = new DNSKeyPairWrapper(zsk2Json, 1234);
+ zsk2Wrapper.setPrivate(new Pkcs1(SigningData.zsk2Private).getPrivateKey());
+
+ assertThat(zsk2Wrapper.getDNSKEYRecord(), equalTo(zskPair2.getDNSKEYRecord()));
+
+ List<DnsSecKeyPair> zskWrapperPairs = new ArrayList<>(asList(zsk1Wrapper, zsk2Wrapper));
+
+ final List<Record> signedRecords2 = new JDnsSecSigner().signZone(origin, ZoneTestRecords.records,
+ kskWrapperPairs, zskWrapperPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
+
+ assertThat(signedRecords2, equalTo(SigningData.signedList));
+ assertThat(ZoneTestRecords.records, equalTo(SigningData.postZoneList));
+ }
+
+ @Test
+ public void itReturnsTheSameResultsWithoutJDnsSec() throws Exception {
+ DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
+ DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
+ DnsSecKeyPair zskPair1 = new DnsSecKeyPairImpl(zsk1Json, 1234);
+ DnsSecKeyPair zskPair2 = new DnsSecKeyPairImpl(zsk2Json, 1234);
+
+ List<DnsSecKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
+ List<DnsSecKeyPair> zskPairs = new ArrayList<>(asList(zskPair1, zskPair2));
+
+ final List<Record> signedRecords = new ZoneSignerImpl().signZone(origin, ZoneTestRecords.records,
+ kskPairs, zskPairs, sep_1_2016, sep_1_2026, true, SHA256_DIGEST_ID);
+
+ assertThat("Signed records not equal", signedRecords, equalTo(SigningData.signedList));
+ assertThat("Post Zone Records not equal", ZoneTestRecords.records, equalTo(SigningData.postZoneList));
+ }
+
+ @Test
+ public void itCanReproduceDSRecordsFromJdnsSec() throws Exception {
+ List<DnsKeyPair> kskPairs = new ArrayList<>(asList(kskPair1, kskPair2));
+ List<DSRecord> dsRecords = kskPairs.stream()
+ .map(dnsKeyPair -> SignUtils.calculateDSRecord(dnsKeyPair.getDNSKEYRecord(), SHA256_DIGEST_ID, dsTtl))
+ .collect(toList());
+
+ assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList));
+ }
+
+ @Test
+ public void itReturnsSameDSRecords() throws Exception {
+ DnsSecKeyPair kskPair1 = new DnsSecKeyPairImpl(ksk1Json, 1234);
+ DnsSecKeyPair kskPair2 = new DnsSecKeyPairImpl(ksk2Json, 1234);
+
+ List<DSRecord> dsRecords = Stream.of(kskPair1, kskPair2)
+ .map(dnsSecKeyPair -> new ZoneSignerImpl().calculateDSRecord(kskPair1.getDNSKEYRecord(), SHA256_DIGEST_ID, 54321L))
+ .collect(toList());
+ assertThat(dsRecords, IsEqualCollection.equalTo(SigningData.dsRecordList));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
new file mode 100644
index 0000000..6ddf554
--- /dev/null
+++ b/traffic_router/core/src/test/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/keys/ZoneTestRecords.java
@@ -0,0 +1,128 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns.keys;
+
+import com.comcast.cdn.traffic_control.traffic_router.secure.Pkcs1;
+import org.xbill.DNS.AAAARecord;
+import org.xbill.DNS.ARecord;
+import org.xbill.DNS.CNAMERecord;
+import org.xbill.DNS.DClass;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.NSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+import org.xbill.DNS.SOARecord;
+
+import java.net.Inet6Address;
+import java.net.InetAddress;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.time.Duration;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import static org.xbill.DNS.DNSKEYRecord.Flags.SEP_KEY;
+import static org.xbill.DNS.DNSKEYRecord.Flags.ZONE_KEY;
+import static org.xbill.DNS.DNSKEYRecord.Protocol.DNSSEC;
+import static org.xbill.DNS.DNSSEC.Algorithm.RSASHA1;
+
+public class ZoneTestRecords {
+ static List<Record> records;
+
+ static Date start;
+ static Date expiration;
+ static Name origin;
+ static Date sep_1_2016 = new Date(1472688000000L);
+ static Date sep_1_2026 = new Date(1788220800000L);
+ static DNSKEYRecord zoneSigningKeyRecord;
+ static DNSKEYRecord keySigningKeyRecord;
+
+ static KeyPair ksk1;
+ static KeyPair zsk1;
+ static KeyPair ksk2;
+ static KeyPair zsk2;
+
+ static List<KeyPair> generateKeyPairs() throws Exception {
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+ keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG","SUN"));
+ List<KeyPair> keyPairs = new ArrayList<>();
+ keyPairs.add(keyPairGenerator.generateKeyPair());
+ keyPairs.add(keyPairGenerator.generateKeyPair());
+ keyPairs.add(keyPairGenerator.generateKeyPair());
+ keyPairs.add(keyPairGenerator.generateKeyPair());
+ return keyPairs;
+ }
+
+ private static KeyPair recreateKeyPair(String publicKey, String privateKey) throws Exception {
+ Pkcs1 pkcs1 = new Pkcs1(privateKey, publicKey);
+
+ PrivateKey privateKeyCopy = pkcs1.getPrivateKey();
+ PublicKey publicKeyCopy = pkcs1.getPublicKey();
+
+ return new KeyPair(publicKeyCopy, privateKeyCopy);
+ }
+
+ static List<Record> generateZoneRecords(boolean makeNewKeyPairs) throws Exception {
+ start = new Date(System.currentTimeMillis() - (24 * 3600 * 1000));
+ expiration = new Date(System.currentTimeMillis() + (7 * 24 * 3600 * 1000));
+
+ origin = new Name("example.com.");
+
+ Duration tenYears = Duration.ofDays(3650);
+ Duration oneDay = Duration.ofDays(1);
+ Duration threeDays = Duration.ofDays(3);
+ Duration threeWeeks = Duration.ofDays(21);
+
+ long oneHour = 3600;
+ Name nameServer1 = new Name("ns1.example.com.");
+ Name nameServer2 = new Name("ns2.example.com.");
+
+ Name adminEmail = new Name("admin.example.com.");
+
+ Name webServer = new Name("www.example.com.");
+ Name ftpServer = new Name("ftp.example.com.");
+
+ Name webMirror = new Name("mirror.www.example.com.");
+ Name ftpMirror = new Name("mirror.ftp.example.com.");
+
+ records = new ArrayList<>(Arrays.asList(
+ new AAAARecord(webServer, DClass.IN, threeDays.getSeconds(), Inet6Address.getByName("2001:db8::5:6:7:8")),
+ new AAAARecord(ftpServer, DClass.IN, threeDays.getSeconds(), Inet6Address.getByName("2001:db8::12:34:56:78")),
+ new NSRecord(origin, DClass.IN, tenYears.getSeconds(), nameServer1),
+ new NSRecord(origin, DClass.IN, tenYears.getSeconds(), nameServer2),
+ new ARecord(webServer, DClass.IN, threeWeeks.getSeconds(), InetAddress.getByAddress(new byte[] {11, 22, 33, 44})),
+ new ARecord(webServer, DClass.IN, threeWeeks.getSeconds(), InetAddress.getByAddress(new byte[] {55, 66, 77, 88})),
+ new ARecord(ftpServer, DClass.IN, threeWeeks.getSeconds(), InetAddress.getByAddress(new byte[] {12, 34, 56, 78})),
+ new ARecord(ftpServer, DClass.IN, threeWeeks.getSeconds(), InetAddress.getByAddress(new byte[] {21, 43, 65, 87})),
+ new AAAARecord(webServer, DClass.IN, threeDays.getSeconds(), Inet6Address.getByName("2001:db8::4:3:2:1")),
+ new SOARecord(origin, DClass.IN, tenYears.getSeconds(), nameServer1,
+ adminEmail, 2016091400L, oneDay.getSeconds(), oneHour, threeWeeks.getSeconds(), threeDays.getSeconds()),
+ new AAAARecord(ftpServer, DClass.IN, threeDays.getSeconds(), Inet6Address.getByName("2001:db8::21:43:65:87")),
+ new CNAMERecord(webMirror, DClass.IN, tenYears.getSeconds(), webServer),
+ new CNAMERecord(ftpMirror, DClass.IN, tenYears.getSeconds(), ftpServer)
+ ));
+
+ if (makeNewKeyPairs) {
+ List<KeyPair> keyPairs = generateKeyPairs();
+ ksk1 = keyPairs.get(0);
+ zsk1 = keyPairs.get(1);
+ ksk2 = keyPairs.get(2);
+ zsk2 = keyPairs.get(3);
+ } else {
+ ksk1 = recreateKeyPair(SigningData.ksk1Public, SigningData.ksk1Private);
+ zsk1 = recreateKeyPair(SigningData.zsk1Public, SigningData.zsk1Private);
+ ksk2 = recreateKeyPair(SigningData.ksk2Public, SigningData.ksk2Private);
+ zsk2 = recreateKeyPair(SigningData.zsk2Public, SigningData.zsk2Private);
+ }
+
+ zoneSigningKeyRecord = new DNSKEYRecord(origin, DClass.IN, 31556952L,
+ ZONE_KEY, DNSSEC, RSASHA1, zsk1.getPublic().getEncoded());
+
+ keySigningKeyRecord = new DNSKEYRecord(origin, DClass.IN, 315569520L,
+ ZONE_KEY | SEP_KEY, DNSSEC, RSASHA1, ksk1.getPublic().getEncoded());
+ return records;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/shared/build/pmd/ruleset.xml
----------------------------------------------------------------------
diff --git a/traffic_router/shared/build/pmd/ruleset.xml b/traffic_router/shared/build/pmd/ruleset.xml
index dcbc791..807dc0f 100644
--- a/traffic_router/shared/build/pmd/ruleset.xml
+++ b/traffic_router/shared/build/pmd/ruleset.xml
@@ -80,7 +80,6 @@
<rule ref="rulesets/java/codesize.xml/NcssTypeCount" />
<rule ref="rulesets/java/codesize.xml/NcssConstructorCount" />
- <rule ref="rulesets/java/controversial.xml/DontImportSun" />
<rule ref="rulesets/java/controversial.xml/SuspiciousOctalEscape" />
<rule ref="rulesets/java/controversial.xml/AvoidUsingNativeCode" />
<rule ref="rulesets/java/controversial.xml/AvoidAccessibilityAlteration" />
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/shared/pom.xml
----------------------------------------------------------------------
diff --git a/traffic_router/shared/pom.xml b/traffic_router/shared/pom.xml
index b7c7b23..2d27390 100644
--- a/traffic_router/shared/pom.xml
+++ b/traffic_router/shared/pom.xml
@@ -59,6 +59,11 @@ under the License.
<dependencies>
<dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+ <dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.4.0</version>
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
new file mode 100644
index 0000000..e69e039
--- /dev/null
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs.java
@@ -0,0 +1,84 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.comcast.cdn.traffic_control.traffic_router.secure;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.KeyFactory;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.spec.KeySpec;
+
+@SuppressWarnings("PMD.AbstractNaming")
+public abstract class Pkcs {
+ private final String data;
+ private final PrivateKey privateKey;
+ private PublicKey publicKey;
+ private KeySpec keySpec;
+ private KeySpec publicKeySpec;
+
+ public Pkcs(final String data) throws IOException, GeneralSecurityException {
+ this.data = data;
+ keySpec = toKeySpec(data);
+ privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+ }
+
+ public Pkcs(final String privateData, final String publicData) throws IOException, GeneralSecurityException {
+ this.data = privateData;
+ keySpec = toKeySpec(data);
+ privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec);
+ publicKeySpec = toKeySpec(publicData);
+ publicKey = KeyFactory.getInstance("RSA").generatePublic(publicKeySpec);
+ }
+
+ public String getData() {
+ return data;
+ }
+
+ public KeySpec getKeySpec() {
+ return keySpec;
+ }
+
+ public KeySpec getPublicKeySpec() {
+ return publicKeySpec;
+ }
+
+ public void setKeySpec(final KeySpec keySpec) {
+ this.keySpec = keySpec;
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ public PublicKey getPublicKey() {
+ return publicKey;
+ }
+
+ public abstract String getHeader();
+
+ public abstract String getFooter();
+
+ private String stripHeaderAndFooter(final String data) {
+ return data.replaceAll(getHeader(), "").replaceAll(getFooter(), "").replaceAll("\\s", "");
+ }
+
+ protected abstract KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException;
+
+ private KeySpec toKeySpec(final String data) throws IOException, GeneralSecurityException {
+ return decodeKeySpec(stripHeaderAndFooter(data));
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
new file mode 100644
index 0000000..ea50705
--- /dev/null
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs1.java
@@ -0,0 +1,89 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.comcast.cdn.traffic_control.traffic_router.secure;
+
+import sun.security.util.DerInputStream;
+import sun.security.util.DerValue;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+import java.security.spec.RSAMultiPrimePrivateCrtKeySpec;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.Base64;
+
+public class Pkcs1 extends Pkcs {
+
+ // https://tools.ietf.org/html/rfc3447#appendix-A.1.1
+
+ static public final String HEADER = "-----BEGIN RSA PRIVATE KEY-----";
+ static public final String FOOTER = "-----END RSA PRIVATE KEY-----";
+ static final int PRIVATE_SEQUENCE_LENGTH = 9;
+ static final int PUBLIC_SEQUENCE_LENGTH = 2;
+
+ public Pkcs1(final String data) throws IOException, GeneralSecurityException {
+ super(data);
+ }
+
+ public Pkcs1(final String privateData, final String publicData) throws IOException, GeneralSecurityException {
+ super(privateData,publicData);
+ }
+
+ @Override
+ public String getHeader() {
+ return HEADER;
+ }
+
+ @Override
+ public String getFooter() {
+ return FOOTER;
+ }
+
+ @Override
+ protected KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException {
+ final String pemData = data.replaceAll(HEADER, "").replaceAll(FOOTER, "").replaceAll("\\s", "");
+
+ final DerInputStream derInputStream = new DerInputStream(Base64.getDecoder().decode(pemData));
+ final DerValue[] derSequence = derInputStream.getSequence(0);
+
+ if (derSequence.length != PUBLIC_SEQUENCE_LENGTH && derSequence.length != PRIVATE_SEQUENCE_LENGTH) {
+ throw new GeneralSecurityException("Invalid PKCS1 key! Missing Key Data, incorrect number of DER values for either public or private key");
+ }
+
+ if (derSequence.length == PUBLIC_SEQUENCE_LENGTH) {
+ final BigInteger n = derSequence[0].getBigInteger();
+ final BigInteger e = derSequence[1].getBigInteger();
+ return new RSAPublicKeySpec(n,e);
+ }
+
+ // man 3 rsa
+ // -- or --
+ // http://linux.die.net/man/3/rsa
+
+ // We don't need the version data at derSequence[0]
+ final BigInteger n = derSequence[1].getBigInteger();
+ final BigInteger e = derSequence[2].getBigInteger();
+ final BigInteger d = derSequence[3].getBigInteger();
+ final BigInteger p = derSequence[4].getBigInteger();
+ final BigInteger q = derSequence[5].getBigInteger();
+ final BigInteger dmp1 = derSequence[6].getBigInteger();
+ final BigInteger dmq1 = derSequence[7].getBigInteger();
+ final BigInteger iqmp = derSequence[8].getBigInteger();
+
+ return new RSAMultiPrimePrivateCrtKeySpec(n, e, d, p, q, dmp1, dmq1, iqmp, null);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/693ced51/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
----------------------------------------------------------------------
diff --git a/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
new file mode 100644
index 0000000..5a2f764
--- /dev/null
+++ b/traffic_router/shared/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/Pkcs8.java
@@ -0,0 +1,54 @@
+/*
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.comcast.cdn.traffic_control.traffic_router.secure;
+
+import org.apache.log4j.Logger;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.Base64;
+
+public class Pkcs8 extends Pkcs {
+ private static final Logger LOGGER = Logger.getLogger(Pkcs8.class);
+ public static final String HEADER = "-----BEGIN PRIVATE KEY-----";
+ public static final String FOOTER = "-----END PRIVATE KEY-----";
+
+ public Pkcs8(final String data) throws IOException, GeneralSecurityException {
+ super(data);
+ }
+
+ @Override
+ public String getHeader() {
+ return HEADER;
+ }
+
+ @Override
+ public String getFooter() {
+ return FOOTER;
+ }
+
+ @Override
+ protected KeySpec decodeKeySpec(final String data) throws IOException, GeneralSecurityException {
+ try {
+ return new PKCS8EncodedKeySpec(Base64.getDecoder().decode((data.getBytes())));
+ } catch (Exception e) {
+ LOGGER.error("Failed to create PKCS8 Encoded Key Spec " + e.getClass().getCanonicalName() + ": " + e.getMessage(), e);
+ }
+ return null;
+ }
+}
[06/12] incubator-trafficcontrol git commit: TR extract interfaces
from jdnssec
Posted by ne...@apache.org.
TR extract interfaces from jdnssec
Project: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/commit/42663763
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/tree/42663763
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/diff/42663763
Branch: refs/heads/master
Commit: 4266376355e2fc22d40b0b2ca9d17256de0b04c4
Parents: c0321a0
Author: Trevor Ackerman <tr...@gmail.com>
Authored: Thu Oct 27 11:21:55 2016 -0600
Committer: Dave Neuman <ne...@apache.org>
Committed: Tue Dec 6 14:13:05 2016 -0700
----------------------------------------------------------------------
.../core/dns/DNSKeyPairWrapper.java | 22 +++++-
.../traffic_router/core/dns/DnsSecKeyPair.java | 48 +++++++++++++
.../traffic_router/core/dns/JDnsSecSigner.java | 50 +++++++++++++
.../core/dns/SignatureManager.java | 74 +++++++++-----------
.../traffic_router/core/dns/ZoneSigner.java | 17 +++++
5 files changed, 169 insertions(+), 42 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/42663763/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
index 379061f..b717b09 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DNSKeyPairWrapper.java
@@ -33,7 +33,7 @@ import org.xbill.DNS.Type;
import com.verisignlabs.dnssec.security.DnsKeyPair;
-public class DNSKeyPairWrapper extends DnsKeyPair {
+public class DNSKeyPairWrapper extends DnsKeyPair implements DnsSecKeyPair {
private long ttl;
private Date inception;
private Date effective;
@@ -64,68 +64,84 @@ public class DNSKeyPairWrapper extends DnsKeyPair {
}
}
+ @Override
public long getTTL() {
return ttl;
}
+ @Override
public void setTTL(final long ttl) {
this.ttl = ttl;
}
+ @Override
public String getName() {
return name;
}
+ @Override
public void setName(final String name) {
this.name = name;
}
+ @Override
public Date getInception() {
return inception;
}
+ @Override
public void setInception(final Date inception) {
this.inception = inception;
}
+ @Override
public Date getEffective() {
return effective;
}
+ @Override
public void setEffective(final Date effective) {
this.effective = effective;
}
+ @Override
public Date getExpiration() {
return expiration;
}
+ @Override
public void setExpiration(final Date expiration) {
this.expiration = expiration;
}
+ @Override
public boolean isKeySigningKey() {
return ((getDNSKEYRecord().getFlags() & DNSKEYRecord.Flags.SEP_KEY) != 0);
}
+ @Override
public boolean isExpired() {
return getExpiration().before(Calendar.getInstance().getTime());
}
+ @Override
public boolean isUsable() {
final Date now = Calendar.getInstance().getTime();
return getEffective().before(now);
}
+ @Override
public boolean isKeyCached(final long maxTTL) {
return getExpiration().after(new Date(System.currentTimeMillis() - (maxTTL * 1000)));
}
- public boolean isOlder(final DNSKeyPairWrapper other) {
+ @Override
+ public boolean isOlder(final DnsSecKeyPair other) {
return getEffective().before(other.getEffective());
}
- public boolean isNewer(final DNSKeyPairWrapper other) {
+ @Override
+ public boolean isNewer(final DnsSecKeyPair other) {
return getEffective().after(other.getEffective());
}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/42663763/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
new file mode 100644
index 0000000..915adae
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/DnsSecKeyPair.java
@@ -0,0 +1,48 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import org.xbill.DNS.DNSKEYRecord;
+
+import java.util.Date;
+
+public interface DnsSecKeyPair {
+ long getTTL();
+
+ void setTTL(long ttl);
+
+ String getName();
+
+ void setName(String name);
+
+ Date getInception();
+
+ void setInception(Date inception);
+
+ Date getEffective();
+
+ void setEffective(Date effective);
+
+ Date getExpiration();
+
+ void setExpiration(Date expiration);
+
+ boolean isKeySigningKey();
+
+ boolean isExpired();
+
+ boolean isUsable();
+
+ boolean isKeyCached(long maxTTL);
+
+ boolean isOlder(DnsSecKeyPair other);
+
+ boolean isNewer(DnsSecKeyPair other);
+
+ DNSKEYRecord getDNSKEYRecord();
+
+ @Override
+ @SuppressWarnings("PMD.OverrideBothEqualsAndHashcode")
+ boolean equals(Object obj);
+
+ @Override
+ String toString();
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/42663763/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
new file mode 100644
index 0000000..457a7d1
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/JDnsSecSigner.java
@@ -0,0 +1,50 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import com.verisignlabs.dnssec.security.DnsKeyPair;
+import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
+import com.verisignlabs.dnssec.security.SignUtils;
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+public class JDnsSecSigner implements ZoneSigner {
+ @Override
+ public List<Record> signZone(final Name name, final List<Record> records, final List<DnsSecKeyPair> kskPairs, final List<DnsSecKeyPair> zskPairs,
+ final Date inception, final Date expiration, final boolean fullySignKeySet, final int digestId) throws IOException, GeneralSecurityException {
+
+ final List<DnsKeyPair> kPairs = new ArrayList<>();
+ final List<DnsKeyPair> zPairs = new ArrayList<>();
+
+ for (final DnsSecKeyPair keyPair : kskPairs) {
+ if (keyPair instanceof DnsKeyPair) {
+ kPairs.add((DnsKeyPair) keyPair);
+ } else {
+ throw new IllegalArgumentException("kskPairs contains non jdnssec object!");
+ }
+ }
+
+ for (final DnsSecKeyPair keyPair : zskPairs) {
+ if (keyPair instanceof DnsKeyPair) {
+ zPairs.add((DnsKeyPair) keyPair);
+ } else {
+ throw new IllegalArgumentException("zskPairs contains non jdnssec object!");
+ }
+ }
+
+ final JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
+
+ return signer.signZone(name, records, kPairs, zPairs, inception, expiration, fullySignKeySet, digestId);
+ }
+
+ @Override
+ public DSRecord calculateDSRecord(final DNSKEYRecord dnskeyRecord, final int digestId, final long ttl) {
+ return SignUtils.calculateDSRecord(dnskeyRecord, DSRecord.SHA256_DIGEST_ID, ttl);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/42663763/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
index 7ee3b33..c191914 100644
--- a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/SignatureManager.java
@@ -41,9 +41,6 @@ import com.comcast.cdn.traffic_control.traffic_router.core.cache.CacheRegister;
import com.comcast.cdn.traffic_control.traffic_router.core.dns.ZoneManager.ZoneCacheType;
import com.comcast.cdn.traffic_control.traffic_router.core.util.TrafficOpsUtils;
import com.comcast.cdn.traffic_control.traffic_router.core.util.ProtectedFetcher;
-import com.verisignlabs.dnssec.security.DnsKeyPair;
-import com.verisignlabs.dnssec.security.JCEDnsSecSigner;
-import com.verisignlabs.dnssec.security.SignUtils;
public final class SignatureManager {
@@ -54,7 +51,7 @@ public final class SignatureManager {
private TrafficOpsUtils trafficOpsUtils;
private boolean dnssecEnabled = false;
private boolean expiredKeyAllowed = true;
- private Map<String, List<DNSKeyPairWrapper>> keyMap;
+ private Map<String, List<DnsSecKeyPair>> keyMap;
private static ProtectedFetcher fetcher = null;
private ZoneManager zoneManager;
@@ -108,7 +105,7 @@ public final class SignatureManager {
return new Runnable() {
public void run() {
try {
- final Map<String, List<DNSKeyPairWrapper>> newKeyMap = new HashMap<String, List<DNSKeyPairWrapper>>();
+ final Map<String, List<DnsSecKeyPair>> newKeyMap = new HashMap<String, List<DnsSecKeyPair>>();
final JSONObject keyPairData = fetchKeyPairData(cacheRegister);
if (keyPairData != null) {
@@ -127,13 +124,13 @@ public final class SignatureManager {
for (int i = 0; i < keyPairs.length(); i++) {
try {
final JSONObject keyPair = keyPairs.getJSONObject(i);
- final DNSKeyPairWrapper dkpw = new DNSKeyPairWrapper(keyPair, defaultTTL);
+ final DnsSecKeyPair dkpw = new DNSKeyPairWrapper(keyPair, defaultTTL);
if (!newKeyMap.containsKey(dkpw.getName())) {
- newKeyMap.put(dkpw.getName(), new ArrayList<DNSKeyPairWrapper>());
+ newKeyMap.put(dkpw.getName(), new ArrayList<>());
}
- final List<DNSKeyPairWrapper> keyList = newKeyMap.get(dkpw.getName());
+ final List<DnsSecKeyPair> keyList = newKeyMap.get(dkpw.getName());
keyList.add(dkpw);
newKeyMap.put(dkpw.getName(), keyList);
@@ -170,16 +167,16 @@ public final class SignatureManager {
};
}
- private boolean hasNewKeys(final Map<String, List<DNSKeyPairWrapper>> keyMap, final Map<String, List<DNSKeyPairWrapper>> newKeyMap) {
+ private boolean hasNewKeys(final Map<String, List<DnsSecKeyPair>> keyMap, final Map<String, List<DnsSecKeyPair>> newKeyMap) {
for (final String key : newKeyMap.keySet()) {
if (!keyMap.containsKey(key)) {
return true;
}
- for (final DNSKeyPairWrapper newKeyPair : newKeyMap.get(key)) {
+ for (final DnsSecKeyPair newKeyPair : newKeyMap.get(key)) {
boolean matched = false;
- for (final DNSKeyPairWrapper keyPair : keyMap.get(key)) {
+ for (final DnsSecKeyPair keyPair : keyMap.get(key)) {
if (newKeyPair.equals(keyPair)) {
matched = true;
break;
@@ -241,15 +238,15 @@ public final class SignatureManager {
return keyPairs;
}
- private List<DNSKeyPairWrapper> getZoneSigningKSKPair(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ private List<DnsSecKeyPair> getZoneSigningKSKPair(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
return getZoneSigningKeyPair(name, true, maxTTL);
}
- private List<DNSKeyPairWrapper> getZoneSigningZSKPair(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ private List<DnsSecKeyPair> getZoneSigningZSKPair(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
return getZoneSigningKeyPair(name, false, maxTTL);
}
- private List<DNSKeyPairWrapper> getZoneSigningKeyPair(final Name name, final boolean wantKsk, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ private List<DnsSecKeyPair> getZoneSigningKeyPair(final Name name, final boolean wantKsk, final long maxTTL) throws IOException, NoSuchAlgorithmException {
/*
* This method returns a list, but we will identify the correct key with which to sign the zone.
* We select one key (we call this method twice, for zsk and ksks respectively)
@@ -260,28 +257,27 @@ public final class SignatureManager {
return getKeyPairs(name, wantKsk, true, maxTTL);
}
- private List<DNSKeyPairWrapper> getKSKPairs(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ private List<DnsSecKeyPair> getKSKPairs(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
return getKeyPairs(name, true, false, maxTTL);
}
- private List<DNSKeyPairWrapper> getZSKPairs(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ private List<DnsSecKeyPair> getZSKPairs(final Name name, final long maxTTL) throws IOException, NoSuchAlgorithmException {
return getKeyPairs(name, false, false, maxTTL);
}
@SuppressWarnings({"PMD.CyclomaticComplexity", "PMD.NPathComplexity"})
- private List<DNSKeyPairWrapper> getKeyPairs(final Name name, final boolean wantKsk, final boolean wantSigningKey, final long maxTTL) throws IOException, NoSuchAlgorithmException {
- final List<DNSKeyPairWrapper> keyPairs = keyMap.get(name.toString());
- DNSKeyPairWrapper signingKey = null;
+ private List<DnsSecKeyPair> getKeyPairs(final Name name, final boolean wantKsk, final boolean wantSigningKey, final long maxTTL) throws IOException, NoSuchAlgorithmException {
+ final List<DnsSecKeyPair> keyPairs = keyMap.get(name.toString());
+ DnsSecKeyPair signingKey = null;
if (keyPairs == null) {
return null;
}
- final List<DNSKeyPairWrapper> keys = new ArrayList<DNSKeyPairWrapper>();
+ final List<DnsSecKeyPair> keys = new ArrayList<DnsSecKeyPair>();
- for (final DNSKeyPairWrapper kpw : keyPairs) {
- final DnsKeyPair kp = (DnsKeyPair) kpw;
- final Name kn = kp.getDNSKEYRecord().getName();
+ for (final DnsSecKeyPair kpw : keyPairs) {
+ final Name kn = kpw.getDNSKEYRecord().getName();
final boolean isKsk = kpw.isKeySigningKey();
if (kn.equals(name)) {
@@ -334,11 +330,11 @@ public final class SignatureManager {
return keys;
}
- private Calendar calculateKeyExpiration(final List<DNSKeyPairWrapper> keyPairs) {
+ private Calendar calculateKeyExpiration(final List<DnsSecKeyPair> keyPairs) {
final Calendar expiration = Calendar.getInstance();
Date earliest = null;
- for (final DNSKeyPairWrapper keyPair : keyPairs) {
+ for (final DnsSecKeyPair keyPair : keyPairs) {
if (earliest == null) {
earliest = keyPair.getExpiration();
} else if (keyPair.getExpiration().before(earliest)) {
@@ -419,16 +415,15 @@ public final class SignatureManager {
@SuppressWarnings("unchecked")
protected List<Record> signZone(final Name name, final List<Record> records, final SignedZoneKey zoneKey) throws IOException, GeneralSecurityException {
final long maxTTL = ZoneUtils.getMaximumTTL(records);
- final List<? extends DnsKeyPair> kskPairs = getZoneSigningKSKPair(name, maxTTL);
- final List<? extends DnsKeyPair> zskPairs = getZoneSigningZSKPair(name, maxTTL);
+ final List<DnsSecKeyPair> kskPairs = getZoneSigningKSKPair(name, maxTTL);
+ final List<DnsSecKeyPair> zskPairs = getZoneSigningZSKPair(name, maxTTL);
// TODO: do we really need to fully sign the apex keyset? should the digest be config driven?
if (kskPairs != null && zskPairs != null) {
if (!kskPairs.isEmpty() && !zskPairs.isEmpty()) {
final Calendar signatureExpiration = calculateSignatureExpiration(zoneKey.getTimestamp(), records);
- final Calendar kskExpiration = calculateKeyExpiration((List<DNSKeyPairWrapper>) kskPairs);
- final Calendar zskExpiration = calculateKeyExpiration((List<DNSKeyPairWrapper>) zskPairs);
- final JCEDnsSecSigner signer = new JCEDnsSecSigner(false);
+ final Calendar kskExpiration = calculateKeyExpiration(kskPairs);
+ final Calendar zskExpiration = calculateKeyExpiration(zskPairs);
final long now = System.currentTimeMillis();
final Calendar start = Calendar.getInstance();
@@ -436,7 +431,8 @@ public final class SignatureManager {
start.add(Calendar.HOUR, -1);
LOGGER.info("Signing zone " + name + " with start " + start.getTime() + " and expiration " + signatureExpiration.getTime());
- final List<Record> signedRecords = signer.signZone(name, records, (List<DnsKeyPair>) kskPairs, (List<DnsKeyPair>) zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
+
+ final List<Record> signedRecords = new JDnsSecSigner().signZone(name, records, kskPairs, zskPairs, start.getTime(), signatureExpiration.getTime(), true, DSRecord.SHA256_DIGEST_ID);
zoneKey.setSignatureExpiration(signatureExpiration);
zoneKey.setKSKExpiration(kskExpiration);
zoneKey.setZSKExpiration(zskExpiration);
@@ -457,15 +453,15 @@ public final class SignatureManager {
if (isDnssecEnabled() && name.subdomain(ZoneManager.getTopLevelDomain())) {
final JSONObject config = getCacheRegister().getConfig();
- final List<DNSKeyPairWrapper> kskPairs = getKSKPairs(name, maxTTL);
- final List<DNSKeyPairWrapper> zskPairs = getZSKPairs(name, maxTTL);
+ final List<DnsSecKeyPair> kskPairs = getKSKPairs(name, maxTTL);
+ final List<DnsSecKeyPair> zskPairs = getZSKPairs(name, maxTTL);
if (kskPairs != null && zskPairs != null && !kskPairs.isEmpty() && !zskPairs.isEmpty()) {
// these records go into the CDN TLD, so don't use the DS' TTLs; use the CDN's.
final Long dsTtl = ZoneUtils.getLong(config.optJSONObject("ttls"), "DS", 60);
- for (final DnsKeyPair kp : kskPairs) {
- final DSRecord dsRecord = SignUtils.calculateDSRecord(kp.getDNSKEYRecord(), DSRecord.SHA256_DIGEST_ID, dsTtl);
+ for (final DnsSecKeyPair kp : kskPairs) {
+ final DSRecord dsRecord = new JDnsSecSigner().calculateDSRecord(kp.getDNSKEYRecord(), DSRecord.SHA256_DIGEST_ID, dsTtl);
LOGGER.debug(name + ": adding DS record " + dsRecord);
records.add(dsRecord);
}
@@ -479,16 +475,16 @@ public final class SignatureManager {
final List<Record> list = new ArrayList<Record>();
if (isDnssecEnabled() && name.subdomain(ZoneManager.getTopLevelDomain())) {
- final List<DNSKeyPairWrapper> kskPairs = getKSKPairs(name, maxTTL);
- final List<DNSKeyPairWrapper> zskPairs = getZSKPairs(name, maxTTL);
+ final List<DnsSecKeyPair> kskPairs = getKSKPairs(name, maxTTL);
+ final List<DnsSecKeyPair> zskPairs = getZSKPairs(name, maxTTL);
if (kskPairs != null && zskPairs != null && !kskPairs.isEmpty() && !zskPairs.isEmpty()) {
- for (final DnsKeyPair kp : kskPairs) {
+ for (final DnsSecKeyPair kp : kskPairs) {
LOGGER.debug(name + ": DNSKEY record " + kp.getDNSKEYRecord());
list.add(kp.getDNSKEYRecord());
}
- for (final DnsKeyPair kp : zskPairs) {
+ for (final DnsSecKeyPair kp : zskPairs) {
// TODO: make adding zsk to parent zone configurable?
LOGGER.debug(name + ": DNSKEY record " + kp.getDNSKEYRecord());
list.add(kp.getDNSKEYRecord());
http://git-wip-us.apache.org/repos/asf/incubator-trafficcontrol/blob/42663763/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
----------------------------------------------------------------------
diff --git a/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
new file mode 100644
index 0000000..baeff25
--- /dev/null
+++ b/traffic_router/core/src/main/java/com/comcast/cdn/traffic_control/traffic_router/core/dns/ZoneSigner.java
@@ -0,0 +1,17 @@
+package com.comcast.cdn.traffic_control.traffic_router.core.dns;
+
+import org.xbill.DNS.DNSKEYRecord;
+import org.xbill.DNS.DSRecord;
+import org.xbill.DNS.Name;
+import org.xbill.DNS.Record;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Date;
+import java.util.List;
+
+public interface ZoneSigner {
+ List<Record> signZone(Name name, List<Record> records, List<DnsSecKeyPair> kskPairs, List<DnsSecKeyPair> zskPairs,
+ Date inception, Date expiration, boolean fullySignKeySet, int digestId) throws IOException, GeneralSecurityException;
+ DSRecord calculateDSRecord(DNSKEYRecord dnskeyRecord, int digestId, long ttl);
+}