Example 56 with DNSMessage
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClient method queryDnssec.
public DNSSECMessage queryDnssec(Question q) throws IOException {
DNSMessage dnsMessage = super.query(q);
DNSSECMessage dnssecMessage = performVerification(q, dnsMessage);
return dnssecMessage;
}
Also used :
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Example 57 with DNSMessage
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClient method queryDnssec.
public DNSSECMessage queryDnssec(CharSequence name, TYPE type) throws IOException {
Question q = new Question(name, type, CLASS.IN);
DNSMessage dnsMessage = super.query(q);
DNSSECMessage dnssecMessage = performVerification(q, dnsMessage);
return dnssecMessage;
}
Also used :
Question(org.minidns.dnsmessage.Question)
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Example 58 with DNSMessage
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DaneVerifier method verifyCertificateChain.
/**
* Verifies a certificate chain to be valid when used with the given connection details using DANE.
*
* @param chain A certificate chain that should be verified using DANE.
* @param hostName The DNS name of the host this certificate chain belongs to.
* @param port The port number that was used to reach the server providing the certificate chain in question.
* @return Whether the DANE verification is the only requirement according to the TLSA record.
* If this method returns {@code false}, additional PKIX validation is required.
* @throws CertificateException if the certificate chain provided differs from the one enforced using DANE.
*/
public boolean verifyCertificateChain(X509Certificate[] chain, String hostName, int port) throws CertificateException {
DNSName req = DNSName.from("_" + port + "._tcp." + hostName);
DNSMessage res;
try {
res = client.query(req, Record.TYPE.TLSA);
} catch (IOException e) {
throw new RuntimeException(e);
}
if (!res.authenticData) {
String msg = "Got TLSA response from DNS server, but was not signed properly.";
if (res instanceof DNSSECMessage) {
msg += " Reasons:";
for (UnverifiedReason reason : ((DNSSECMessage) res).getUnverifiedReasons()) {
msg += " " + reason;
}
}
LOGGER.info(msg);
return false;
}
List<DaneCertificateException.CertificateMismatch> certificateMismatchExceptions = new LinkedList<>();
boolean verified = false;
for (Record<? extends Data> record : res.answerSection) {
if (record.type == Record.TYPE.TLSA && record.name.equals(req)) {
TLSA tlsa = (TLSA) record.payloadData;
try {
verified |= checkCertificateMatches(chain[0], tlsa, hostName);
} catch (DaneCertificateException.CertificateMismatch certificateMismatchException) {
// Record the mismatch and only throw an exception if no
// TLSA RR is able to verify the cert. This allows for TLSA
// certificate rollover.
certificateMismatchExceptions.add(certificateMismatchException);
}
if (verified)
break;
}
}
if (!verified && !certificateMismatchExceptions.isEmpty()) {
throw new DaneCertificateException.MultipleCertificateMismatchExceptions(certificateMismatchExceptions);
}
return verified;
}
Also used :
TLSA(org.minidns.record.TLSA)
IOException(java.io.IOException)
DNSName(org.minidns.dnsname.DNSName)
LinkedList(java.util.LinkedList)
UnverifiedReason(org.minidns.dnssec.UnverifiedReason)
DNSSECMessage(org.minidns.dnssec.DNSSECMessage)
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Example 59 with DNSMessage
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class NetworkDataSource method queryUdp.
protected DNSMessage queryUdp(DNSMessage message, InetAddress address, int port) throws IOException {
// TODO Use a try-with-resource statement here once miniDNS minimum
// required Android API level is >= 19
DatagramSocket socket = null;
DatagramPacket packet = message.asDatagram(address, port);
byte[] buffer = new byte[udpPayloadSize];
try {
socket = createDatagramSocket();
socket.setSoTimeout(timeout);
socket.send(packet);
packet = new DatagramPacket(buffer, buffer.length);
socket.receive(packet);
DNSMessage dnsMessage = new DNSMessage(packet.getData());
if (dnsMessage.id != message.id) {
throw new MiniDNSException.IdMismatch(message, dnsMessage);
}
return dnsMessage;
} finally {
if (socket != null) {
socket.close();
}
}
}
Also used :
DatagramSocket(java.net.DatagramSocket)
DatagramPacket(java.net.DatagramPacket)
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Example 60 with DNSMessage
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class NetworkDataSourceWithAccounting method queryUdp.
@Override
protected DNSMessage queryUdp(DNSMessage message, InetAddress address, int port) throws IOException {
DNSMessage response;
try {
response = super.queryUdp(message, address, port);
} catch (IOException e) {
failedUdpQueries.incrementAndGet();
throw e;
}
successfulUdpQueries.incrementAndGet();
udpResponseSize.addAndGet(response.toArray().length);
return response;
}
Also used :
IOException(java.io.IOException)
DNSMessage(org.minidns.dnsmessage.DNSMessage)
Aggregations
DNSMessage (org.minidns.dnsmessage.DNSMessage)67
Test (org.junit.Test)35
Data (org.minidns.record.Data)16
Record (org.minidns.record.Record)16
IOException (java.io.IOException)15
Question (org.minidns.dnsmessage.Question)14
InetAddress (java.net.InetAddress)6
LRUCache (org.minidns.cache.LRUCache)6
ArrayList (java.util.ArrayList)5
DNSClient (org.minidns.DNSClient)5
LinkedList (java.util.LinkedList)4
EDNS (org.minidns.edns.EDNS)4
RRSIG (org.minidns.record.RRSIG)4
Date (java.util.Date)3
Level (java.util.logging.Level)3
InternalMiniDnsFuture (org.minidns.MiniDnsFuture.InternalMiniDnsFuture)3
DNSName (org.minidns.dnsname.DNSName)3
DNSKEY (org.minidns.record.DNSKEY)3
DatagramSocket (java.net.DatagramSocket)2
CopyOnWriteArrayList (java.util.concurrent.CopyOnWriteArrayList)2
