use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.
the class DNSConnectionTest method testDNSSocketConnectionTCPWithProxyStore.
public void testDNSSocketConnectionTCPWithProxyStore() throws Exception {
DNSServerSettings settings = new DNSServerSettings();
settings.setPort(AvailablePortFinder.getNextAvailable(1024));
DNSServer server = new DNSServer(new ProxyDNSStore(), settings);
server.start();
// give the server a couple seconds to start
Thread.sleep(2000);
// turn on debug settings for the DNS client
Options.set("verbose", "true");
Lookup lu = new Lookup(new Name("google.com"), Type.A);
ExtendedResolver resolver = new ExtendedResolver(IPUtils.getDNSLocalIps());
resolver.setTCP(true);
resolver.setPort(settings.getPort());
// default retries is 3, limite to 2
lu.setResolver(resolver);
Record[] retRecords = lu.run();
assertNotNull(retRecords);
server.stop();
Thread.sleep(2000);
}
use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.
the class DNSCertificateStore method lookupDNS.
protected Collection<X509Certificate> lookupDNS(String name) {
String domain;
String lookupName = name.replace('@', '.');
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
// get the domain of the address
int index;
if ((index = name.indexOf("@")) > -1)
domain = name.substring(index + 1);
else
domain = name;
try {
// try the configured servers first
Lookup lu = new Lookup(new Name(lookupName), Type.CERT);
// default retries is 3, limite to 2
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
Record[] retRecords = null;
try {
retRecords = lu.run();
} catch (Exception e) {
LOGGER.warn("Error using recusive DNS CERT lookup for name " + lookupName + "\r\nFalling back to looking up NS record for a targeted search", e);
}
if (retRecords == null || retRecords.length == 0) {
Name tempDomain;
// try to find the resource's name server records
// the address may be an alias so check if there is a CNAME record
lu = new Lookup(new Name(lookupName), Type.CNAME);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0) {
CNAMERecord cnameRect = (CNAMERecord) retRecords[0];
tempDomain = cnameRect.getTarget();
} else
// not a CNAME
tempDomain = new Name(domain);
// look for a name server records
while (tempDomain.labels() > 1) {
lu = new Lookup(tempDomain, Type.NS);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0)
break;
tempDomain = new Name(tempDomain.toString().substring((tempDomain.toString().indexOf(".") + 1)));
}
if (retRecords == null || retRecords.length == 0)
// can't find a name server... bail
return retVal;
String[] remoteServers = new String[retRecords.length];
for (int i = 0; i < remoteServers.length - 0; ++i) {
remoteServers[i] = ((NSRecord) retRecords[i]).getTarget().toString();
}
// search the name servers for the cert
lu = new Lookup(new Name(lookupName), Type.CERT);
ExtendedResolver remoteResolver = createExResolver(remoteServers, 2, 3);
if (remoteResolver.getResolvers().length > 0) {
lu.setResolver(remoteResolver);
lu.setSearchPath((String[]) null);
// CLEAR THE CACHE!!! We are seeing instances where an NXRRSET is cached because
// a DNS provider is trying to handle a request that it should be delegating
// The purpose of bypassing the DNS provider and going directly to the NS server
// is to avoid issues like this
/*
* Change of heart on clearing the DNS cache. Covering up the NXRRSET hides potential issues
* with incorrect DNS configuration. It is important that NXRRSET issues are discovered and corrected
* so all participants in the community participate in a consistent manner.
*/
//lu.setCache(new Cache(DClass.IN));
retRecords = lu.run();
} else {
// null out NS records
retRecords = null;
}
}
if (retRecords != null) {
retVal = new ArrayList<X509Certificate>();
for (Record rec : retRecords) {
if (rec instanceof CERTRecord) {
CERTRecord certRec = (CERTRecord) rec;
switch(certRec.getCertType()) {
case CERTRecord.PKIX:
{
Certificate certToAdd = convertPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
case CERTRecord.URI:
{
Certificate certToAdd = convertIPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
default:
{
LOGGER.warn("Unknown CERT type " + certRec.getCertType() + " encountered for lookup name" + lookupName);
}
}
}
}
} else if (// if this is an email address, do the search again and the host level
domain.length() < name.length())
retVal = lookupDNS(domain);
} catch (Exception e) {
e.printStackTrace();
throw new NHINDException("", e);
}
// add or update the local cert store
if (retVal != null && retVal.size() > 0 && localStoreDelegate != null) {
for (X509Certificate cert : retVal) {
if (localStoreDelegate != null) {
if (localStoreDelegate.contains(cert))
localStoreDelegate.update(cert);
else
localStoreDelegate.add(cert);
}
}
try {
if (cache != null)
cache.put(name, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
}
return retVal;
}
use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.
the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certNotInRRRecord_assertNoCertificate.
public void testLookupDNS_certNotInRRRecord_assertNoCertificate() throws Exception {
final ExtendedResolver resolver = mock(ExtendedResolver.class);
when(resolver.send((Message) any())).thenAnswer(getPKIXAnswer(null));
final DNSCertificateStore store = new DNSCertificateStore() {
protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
return resolver;
}
};
Collection<X509Certificate> certs = store.lookupDNS("somedomain2.com");
assertNotNull(certs);
assertTrue(certs.isEmpty());
}
use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.
the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certInRRRecord_assertCertificate.
public void testLookupDNS_certInRRRecord_assertCertificate() throws Exception {
final X509Certificate cert = (X509Certificate) TestUtils.loadCertificate("certCheckA.der");
final ExtendedResolver resolver = mock(ExtendedResolver.class);
when(resolver.send((Message) any())).thenAnswer(getPKIXAnswer(cert.getEncoded()));
final DNSCertificateStore store = new DNSCertificateStore() {
protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
return resolver;
}
};
Collection<X509Certificate> certs = store.lookupDNS("somedomain.com");
assertNotNull(certs);
assertEquals(1, certs.size());
assertEquals(cert, certs.iterator().next());
}
use of org.xbill.DNS.ExtendedResolver in project nhin-d by DirectProject.
the class DNSCertificateStore_lookupDNSTest method testLookupDNS_certInIPKIXRecord_assertCertificate.
public void testLookupDNS_certInIPKIXRecord_assertCertificate() throws Exception {
final Certificate cert = TestUtils.loadCertificate("gm2552.der");
final File certFile = new File("./src/test/resources/certs/gm2552.der");
final String url = filePrefix + certFile.getAbsolutePath();
final ExtendedResolver resolver = mock(ExtendedResolver.class);
when(resolver.send((Message) any())).thenAnswer(getIPKIXAnswer(url));
final DNSCertificateStore store = new DNSCertificateStore() {
protected ExtendedResolver createExResolver(String[] servers, int retries, int timeout) {
return resolver;
}
};
Collection<X509Certificate> certs = store.lookupDNS("somedomain3.com");
assertNotNull(certs);
assertEquals(1, certs.size());
assertEquals(cert, certs.iterator().next());
}
Aggregations