org.xbill.DNS
Class TSIG

java.lang.Object
  extended byorg.xbill.DNS.TSIG

public class TSIG
extends Object

Transaction signature handling. This class generates and verifies TSIG records on messages, which provide transaction security.

Author:
Brian Wellington
See Also:
TSIGRecord

Nested Class Summary
static class TSIG.StreamVerifier
           
 
Field Summary
static short FUDGE
          The default fudge value for outgoing packets.
static Name HMAC
          The domain name representing the HMAC-MD5 algorithm (the only supported algorithm)
 
Constructor Summary
TSIG(Name name, byte[] key)
          Creates a new TSIG object, which can be used to sign or verify a message.
TSIG(String name, String key)
          Creates a new TSIG object, which can be used to sign or verify a message.
 
Method Summary
 void apply(Message m, byte error, TSIGRecord old)
          Generates a TSIG record with a specific error for a message and adds it to the message.
 void apply(Message m, TSIGRecord old)
          Generates a TSIG record for a message and adds it to the message
 void applyStream(Message m, TSIGRecord old, boolean first)
          Generates a TSIG record for a message and adds it to the message
 TSIGRecord generate(Message m, byte[] b, byte error, TSIGRecord old)
          Generates a TSIG record with a specific error for a message that has been rendered.
 int recordLength()
          Returns the maximum length of a TSIG record generated by this key.
 byte verify(Message m, byte[] b, int length, TSIGRecord old)
          Verifies a TSIG record on an incoming message.
 byte verify(Message m, byte[] b, TSIGRecord old)
          Verifies a TSIG record on an incoming message.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HMAC

public static final Name HMAC
The domain name representing the HMAC-MD5 algorithm (the only supported algorithm)


FUDGE

public static final short FUDGE
The default fudge value for outgoing packets. Can be overriden by the tsigfudge option.

See Also:
Constant Field Values
Constructor Detail

TSIG

public TSIG(Name name,
            byte[] key)
Creates a new TSIG object, which can be used to sign or verify a message.

Parameters:
name - The name of the shared key
key - The shared key's data

TSIG

public TSIG(String name,
            String key)
Creates a new TSIG object, which can be used to sign or verify a message.

Parameters:
name - The name of the shared key
key - The shared key's data, represented as either a base64 encoded string or (if the first character is ':') a hex encoded string
Throws:
IllegalArgumentException - The key name is an invalid name
IllegalArgumentException - The key data is improperly encoded
Method Detail

generate

public TSIGRecord generate(Message m,
                           byte[] b,
                           byte error,
                           TSIGRecord old)
Generates a TSIG record with a specific error for a message that has been rendered.

Parameters:
m - The message
b - The rendered message
error - The error
old - If this message is a response, the TSIG from the request
Returns:
The TSIG record to be added to the message

apply

public void apply(Message m,
                  byte error,
                  TSIGRecord old)
Generates a TSIG record with a specific error for a message and adds it to the message.

Parameters:
m - The message
error - The error
old - If this message is a response, the TSIG from the request

apply

public void apply(Message m,
                  TSIGRecord old)
Generates a TSIG record for a message and adds it to the message

Parameters:
m - The message
old - If this message is a response, the TSIG from the request

applyStream

public void applyStream(Message m,
                        TSIGRecord old,
                        boolean first)
Generates a TSIG record for a message and adds it to the message

Parameters:
m - The message
old - If this message is a response, the TSIG from the request

verify

public byte verify(Message m,
                   byte[] b,
                   int length,
                   TSIGRecord old)
Verifies a TSIG record on an incoming message. Since this is only called in the context where a TSIG is expected to be present, it is an error if one is not present.

Parameters:
m - The message
b - An array containing the message in unparsed form. This is necessary since TSIG signs the message in wire format, and we can't recreate the exact wire format (with the same name compression).
length - The length of the message in the array.
old - If this message is a response, the TSIG from the request
Returns:
The result of the verification (as an Rcode)
See Also:
Rcode

verify

public byte verify(Message m,
                   byte[] b,
                   TSIGRecord old)
Verifies a TSIG record on an incoming message. Since this is only called in the context where a TSIG is expected to be present, it is an error if one is not present.

Parameters:
m - The message
b - The message in unparsed form. This is necessary since TSIG signs the message in wire format, and we can't recreate the exact wire format (with the same name compression).
old - If this message is a response, the TSIG from the request
Returns:
The result of the verification (as an Rcode)
See Also:
Rcode

recordLength

public int recordLength()
Returns the maximum length of a TSIG record generated by this key.

See Also:
TSIGRecord