final class DnsSecVerifier
extends java.lang.Object
Constructor and Description |
---|
DnsSecVerifier() |
Modifier and Type | Method and Description |
---|---|
private java.util.List<DNSKEYRecord> |
findKey(RRset dnskeyRrset,
RRSIGRecord signature)
Find the matching DNSKEY(s) to an RRSIG within a DNSKEY rrset.
|
JustifiedSecStatus |
verify(RRset rrset,
DNSKEYRecord dnskey,
java.time.Instant date)
Verify an RRset against a single DNSKEY.
|
JustifiedSecStatus |
verify(SRRset rrset,
RRset keyRrset,
java.time.Instant date)
Verifies an RRset.
|
private JustifiedSecStatus |
verifySignature(SRRset rrset,
RRSIGRecord sigrec,
RRset keyRrset,
java.time.Instant date)
Verify an RRset against a particular signature.
|
private java.util.List<DNSKEYRecord> findKey(RRset dnskeyRrset, RRSIGRecord signature)
dnskeyRrset
- The DNSKEY rrset to search.signature
- The RRSIG to match against.private JustifiedSecStatus verifySignature(SRRset rrset, RRSIGRecord sigrec, RRset keyRrset, java.time.Instant date)
rrset
- The RRset to verify.sigrec
- The signature record that signs the RRset.keyRrset
- The keys used to create the signature record.date
- The date against which to verify the signature.SecurityStatus.SECURE
if the signature verified, SecurityStatus.BOGUS
if it did not verify (for any reason), and SecurityStatus.UNCHECKED
if verification
could not be completed (usually because the public key was not available).public JustifiedSecStatus verify(SRRset rrset, RRset keyRrset, java.time.Instant date)
rrset
- The RRset to verify.keyRrset
- The keys to verify the signatures in the RRset to check.date
- The date against which to verify the rrset.public JustifiedSecStatus verify(RRset rrset, DNSKEYRecord dnskey, java.time.Instant date)
rrset
- The rrset to verify.dnskey
- The DNSKEY to verify with.date
- The date against which to verify the rrset.