Search in sources :

Example 11 with ExtendedResolver

use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.

the class DNSConnectionTest method testDNSSocketConnectionTCPWithProxyStore.

public void testDNSSocketConnectionTCPWithProxyStore() throws Exception {
    DNSServerSettings settings = new DNSServerSettings();
    settings.setPort(AvailablePortFinder.getNextAvailable(1024));
    DNSServer server = new DNSServer(new ProxyDNSStore(), settings);
    server.start();
    // give the server a couple seconds to start
    Thread.sleep(2000);
    // turn on debug settings for the DNS client
    Options.set("verbose", "true");
    Lookup lu = new Lookup(new Name("google.com"), Type.A);
    ExtendedResolver resolver = new ExtendedResolver(IPUtils.getDNSLocalIps());
    resolver.setTCP(true);
    resolver.setPort(settings.getPort());
    // default retries is 3, limite to 2
    lu.setResolver(resolver);
    Record[] retRecords = lu.run();
    assertNotNull(retRecords);
    server.stop();
    Thread.sleep(2000);
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) Lookup(org.xbill.DNS.Lookup) Record(org.xbill.DNS.Record) Name(org.xbill.DNS.Name)

Example 12 with ExtendedResolver

use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.

the class DNSCertificateStore method lookupDNS.

protected Collection<X509Certificate> lookupDNS(String name) {
    String domain;
    String lookupName = name.replace('@', '.');
    Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
    // get the domain of the address
    int index;
    if ((index = name.indexOf("@")) > -1)
        domain = name.substring(index + 1);
    else
        domain = name;
    try {
        // try the configured servers first
        Lookup lu = new Lookup(new Name(lookupName), Type.CERT);
        // default retries is 3, limite to 2
        lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
        lu.setSearchPath((String[]) null);
        Record[] retRecords = null;
        try {
            retRecords = lu.run();
        } catch (Exception e) {
            LOGGER.warn("Error using recusive DNS CERT lookup for name " + lookupName + "\r\nFalling back to looking up NS record for a targeted search", e);
        }
        if (retRecords == null || retRecords.length == 0) {
            Name tempDomain;
            // try to find the resource's name server records
            // the address may be an alias so check if there is a CNAME record
            lu = new Lookup(new Name(lookupName), Type.CNAME);
            lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
            lu.setSearchPath((String[]) null);
            retRecords = lu.run();
            if (retRecords != null && retRecords.length > 0) {
                CNAMERecord cnameRect = (CNAMERecord) retRecords[0];
                tempDomain = cnameRect.getTarget();
            } else
                // not a CNAME						
                tempDomain = new Name(domain);
            // look for a name server records
            while (tempDomain.labels() > 1) {
                lu = new Lookup(tempDomain, Type.NS);
                lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
                lu.setSearchPath((String[]) null);
                retRecords = lu.run();
                if (retRecords != null && retRecords.length > 0)
                    break;
                tempDomain = new Name(tempDomain.toString().substring((tempDomain.toString().indexOf(".") + 1)));
            }
            if (retRecords == null || retRecords.length == 0)
                // can't find a name server... bail
                return retVal;
            String[] remoteServers = new String[retRecords.length];
            for (int i = 0; i < remoteServers.length - 0; ++i) {
                remoteServers[i] = ((NSRecord) retRecords[i]).getTarget().toString();
            }
            // search the name servers for the cert
            lu = new Lookup(new Name(lookupName), Type.CERT);
            ExtendedResolver remoteResolver = createExResolver(remoteServers, 2, 3);
            if (remoteResolver.getResolvers().length > 0) {
                lu.setResolver(remoteResolver);
                lu.setSearchPath((String[]) null);
                // CLEAR THE CACHE!!!  We are seeing instances where an NXRRSET is cached because
                // a DNS provider is trying to handle a request that it should be delegating
                // The purpose of bypassing the DNS provider and going directly to the NS server
                // is to avoid issues like this
                /*
					 * Change of heart on clearing the DNS cache.  Covering up the NXRRSET hides potential issues
					 * with incorrect DNS configuration.  It is important that NXRRSET issues are discovered and corrected
					 * so all participants in the community participate in a consistent manner.
					 */
                //lu.setCache(new Cache(DClass.IN));
                retRecords = lu.run();
            } else {
                // null out NS records
                retRecords = null;
            }
        }
        if (retRecords != null) {
            retVal = new ArrayList<X509Certificate>();
            for (Record rec : retRecords) {
                if (rec instanceof CERTRecord) {
                    CERTRecord certRec = (CERTRecord) rec;
                    switch(certRec.getCertType()) {
                        case CERTRecord.PKIX:
                            {
                                Certificate certToAdd = convertPKIXRecordToCert(certRec);
                                if (// may not be an X509Cert
                                certToAdd != null && certToAdd instanceof X509Certificate)
                                    retVal.add((X509Certificate) certToAdd);
                                break;
                            }
                        case CERTRecord.URI:
                            {
                                Certificate certToAdd = convertIPKIXRecordToCert(certRec);
                                if (// may not be an X509Cert
                                certToAdd != null && certToAdd instanceof X509Certificate)
                                    retVal.add((X509Certificate) certToAdd);
                                break;
                            }
                        default:
                            {
                                LOGGER.warn("Unknown CERT type " + certRec.getCertType() + " encountered for lookup name" + lookupName);
                            }
                    }
                }
            }
        } else if (// if this is an email address, do the search again and the host level
        domain.length() < name.length())
            retVal = lookupDNS(domain);
    } catch (Exception e) {
        e.printStackTrace();
        throw new NHINDException("", e);
    }
    // add or update the local cert store
    if (retVal != null && retVal.size() > 0 && localStoreDelegate != null) {
        for (X509Certificate cert : retVal) {
            if (localStoreDelegate != null) {
                if (localStoreDelegate.contains(cert))
                    localStoreDelegate.update(cert);
                else
                    localStoreDelegate.add(cert);
            }
        }
        try {
            if (cache != null)
                cache.put(name, retVal);
        } catch (CacheException e) {
        /*
				 * TODO: handle exception
				 */
        }
    }
    return retVal;
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) CacheException(org.apache.jcs.access.exception.CacheException) ArrayList(java.util.ArrayList) NHINDException(org.nhindirect.stagent.NHINDException) X509Certificate(java.security.cert.X509Certificate) CacheException(org.apache.jcs.access.exception.CacheException) NHINDException(org.nhindirect.stagent.NHINDException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) MalformedURLException(java.net.MalformedURLException) UnknownHostException(java.net.UnknownHostException) Name(org.xbill.DNS.Name) CNAMERecord(org.xbill.DNS.CNAMERecord) CERTRecord(org.xbill.DNS.CERTRecord) Lookup(org.xbill.DNS.Lookup) CNAMERecord(org.xbill.DNS.CNAMERecord) CERTRecord(org.xbill.DNS.CERTRecord) NSRecord(org.xbill.DNS.NSRecord) Record(org.xbill.DNS.Record) NSRecord(org.xbill.DNS.NSRecord) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 13 with ExtendedResolver

use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.

the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certNotInRRRecord_assertNoCertificate.

public void testLookupDNS_certNotInRRRecord_assertNoCertificate() throws Exception {
    final ExtendedResolver resolver = mock(ExtendedResolver.class);
    when(resolver.send((Message) any())).thenAnswer(getPKIXAnswer(null));
    final DNSCertificateStore store = new DNSCertificateStore() {

        protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
            return resolver;
        }
    };
    Collection<X509Certificate> certs = store.lookupDNS("somedomain2.com");
    assertNotNull(certs);
    assertTrue(certs.isEmpty());
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) X509Certificate(java.security.cert.X509Certificate)

Example 14 with ExtendedResolver

use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.

the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certInRRRecord_assertCertificate.

public void testLookupDNS_certInRRRecord_assertCertificate() throws Exception {
    final X509Certificate cert = (X509Certificate) TestUtils.loadCertificate("certCheckA.der");
    final ExtendedResolver resolver = mock(ExtendedResolver.class);
    when(resolver.send((Message) any())).thenAnswer(getPKIXAnswer(cert.getEncoded()));
    final DNSCertificateStore store = new DNSCertificateStore() {

        protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
            return resolver;
        }
    };
    Collection<X509Certificate> certs = store.lookupDNS("somedomain.com");
    assertNotNull(certs);
    assertEquals(1, certs.size());
    assertEquals(cert, certs.iterator().next());
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) X509Certificate(java.security.cert.X509Certificate)

Example 15 with ExtendedResolver

use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.

the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certInIPKIXRecord_assertCertificate.

public void testLookupDNS_certInIPKIXRecord_assertCertificate() throws Exception {
    final Certificate cert = TestUtils.loadCertificate("gm2552.der");
    final File certFile = new File("./src/test/resources/certs/gm2552.der");
    final String url = filePrefix + certFile.getAbsolutePath();
    final ExtendedResolver resolver = mock(ExtendedResolver.class);
    when(resolver.send((Message) any())).thenAnswer(getIPKIXAnswer(url));
    final DNSCertificateStore store = new DNSCertificateStore() {

        protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
            return resolver;
        }
    };
    Collection<X509Certificate> certs = store.lookupDNS("somedomain3.com");
    assertNotNull(certs);
    assertEquals(1, certs.size());
    assertEquals(cert, certs.iterator().next());
}
Also used : ExtendedResolver(org.xbill.DNS.ExtendedResolver) File(java.io.File) X509Certificate(java.security.cert.X509Certificate) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Aggregations

ExtendedResolver (org.xbill.DNS.ExtendedResolver)16 UnknownHostException (java.net.UnknownHostException)8 Name (org.xbill.DNS.Name)6 Record (org.xbill.DNS.Record)6 Lookup (org.xbill.DNS.Lookup)5 X509Certificate (java.security.cert.X509Certificate)4 Resolver (org.xbill.DNS.Resolver)3 Certificate (java.security.cert.Certificate)2 Message (org.xbill.DNS.Message)2 SimpleResolver (org.xbill.DNS.SimpleResolver)2 TextParseException (org.xbill.DNS.TextParseException)2 File (java.io.File)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InetAddress (java.net.InetAddress)1 MalformedURLException (java.net.MalformedURLException)1 ArrayList (java.util.ArrayList)1 Converter (org.apache.camel.Converter)1 CacheException (org.apache.jcs.access.exception.CacheException)1 CollectionProperty (org.apache.jmeter.testelement.property.CollectionProperty)1