1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 * 19 */ 20 21 package org.apache.directory.server.dns.io.encoder; 22 23 24 /** 25 * 2. The CERT Resource Record 26 * 27 * The CERT resource record (RR) has the structure given below. Its RR 28 * type code is 37. 29 * 30 * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 31 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 32 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 33 * | type | key tag | 34 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 35 * | algorithm | / 36 * +---------------+ certificate or CRL / 37 * / / 38 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| 39 * 40 * The type field is the certificate type as define in section 2.1 41 * below. 42 * 43 * The algorithm field has the same meaning as the algorithm field in 44 * KEY and SIG RRs [RFC 2535] except that a zero algorithm field 45 * indicates the algorithm is unknown to a secure DNS, which may simply 46 * be the result of the algorithm not having been standardized for 47 * secure DNS. 48 * 49 * The key tag field is the 16 bit value computed for the key embedded 50 * in the certificate as specified in the DNSSEC Standard [RFC 2535]. 51 * This field is used as an efficiency measure to pick which CERT RRs 52 * may be applicable to a particular key. The key tag can be calculated 53 * for the key in question and then only CERT RRs with the same key tag 54 * need be examined. However, the key must always be transformed to the 55 * format it would have as the public key portion of a KEY RR before the 56 * key tag is computed. This is only possible if the key is applicable 57 * to an algorithm (and limits such as key size limits) defined for DNS 58 * security. If it is not, the algorithm field MUST BE zero and the tag 59 * field is meaningless and SHOULD BE zero. 60 * 61 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> 62 */ 63 public class CertificateRecordEncoder 64 { 65 }