use of org.xbill.DNS.Name in project nhin-d by DirectProject.
the class DNSConnectionTest method testDNSSocketConnectionTCPWithProxyStore.
public void testDNSSocketConnectionTCPWithProxyStore() throws Exception {
DNSServerSettings settings = new DNSServerSettings();
settings.setPort(AvailablePortFinder.getNextAvailable(1024));
DNSServer server = new DNSServer(new ProxyDNSStore(), settings);
server.start();
// give the server a couple seconds to start
Thread.sleep(2000);
// turn on debug settings for the DNS client
Options.set("verbose", "true");
Lookup lu = new Lookup(new Name("google.com"), Type.A);
ExtendedResolver resolver = new ExtendedResolver(IPUtils.getDNSLocalIps());
resolver.setTCP(true);
resolver.setPort(settings.getPort());
// default retries is 3, limite to 2
lu.setResolver(resolver);
Record[] retRecords = lu.run();
assertNotNull(retRecords);
server.stop();
Thread.sleep(2000);
}
use of org.xbill.DNS.Name in project nhin-d by DirectProject.
the class RESTSmtpAgentConfigFunctional_Test method setUp.
/**
* Initialize the servers- LDAP and HTTP.
*/
@SuppressWarnings("unchecked")
@Override
public void setUp() throws Exception {
// check for Windows... it doens't like file://<drive>... turns it into FTP
File file = new File("./src/test/resources/bundles/testBundle.p7b");
if (file.getAbsolutePath().contains(":/"))
filePrefix = "file:///";
else
filePrefix = "file:///";
CertCacheFactory.getInstance().flushAll();
/*
* Setup the LDAP Server
*/
MutablePartitionConfiguration pcfg = new MutablePartitionConfiguration();
pcfg.setName("lookupTest");
pcfg.setSuffix("cn=lookupTest");
// Create some indices
Set<String> indexedAttrs = new HashSet<String>();
indexedAttrs.add("objectClass");
indexedAttrs.add("cn");
pcfg.setIndexedAttributes(indexedAttrs);
// Create a first entry associated to the partition
Attributes attrs = new BasicAttributes(true);
// First, the objectClass attribute
Attribute attr = new BasicAttribute("objectClass");
attr.add("top");
attrs.put(attr);
// Associate this entry to the partition
pcfg.setContextEntry(attrs);
// As we can create more than one partition, we must store
// each created partition in a Set before initialization
Set<MutablePartitionConfiguration> pcfgs = new HashSet<MutablePartitionConfiguration>();
pcfgs.add(pcfg);
//
//
//
// add the lookupTestPublic
//
//
pcfg = new MutablePartitionConfiguration();
pcfg.setName("lookupTestPublic");
pcfg.setSuffix("cn=lookupTestPublic");
// Create some indices
indexedAttrs = new HashSet<String>();
indexedAttrs.add("objectClass");
indexedAttrs.add("cn");
pcfg.setIndexedAttributes(indexedAttrs);
// Create a first entry associated to the partition
attrs = new BasicAttributes(true);
// First, the objectClass attribute
attr = new BasicAttribute("objectClass");
attr.add("top");
attrs.put(attr);
// Associate this entry to the partition
pcfg.setContextEntry(attrs);
// As we can create more than one partition, we must store
// each created partition in a Set before initialization
pcfgs.add(pcfg);
configuration.setContextPartitionConfigurations(pcfgs);
this.configuration.setWorkingDirectory(new File("LDAP-TEST"));
// add the private key schema
///
Set<AbstractBootstrapSchema> schemas = configuration.getBootstrapSchemas();
schemas.add(new PrivkeySchema());
configuration.setBootstrapSchemas(schemas);
super.setUp();
// import the ldif file
InputStream stream = TestUtils.class.getResourceAsStream("/ldifs/privCertsOnly.ldif");
if (stream == null)
throw new IOException("Failed to load ldif file");
importLdif(stream);
// setup the mock DNS SRV adapter
mockLookup = mock(Lookup.class);
LookupFactory.getFactory().addOverrideImplementation(mockLookup);
SRVRecord srvRecord = new SRVRecord(new Name("_ldap._tcp.example.com."), DClass.IN, 3600, 0, 1, port, new Name("localhost."));
when(mockLookup.run()).thenReturn(new Record[] { srvRecord });
// create the web service and proxy
ConfigServiceRunner.startConfigService();
proxy = new ConfigurationServiceProxy(ConfigServiceRunner.getConfigServiceURL());
certService = new DefaultCertificateService(ConfigServiceRunner.getRestAPIBaseURL(), HttpClientFactory.createHttpClient(), new OpenServiceSecurityManager());
}
use of org.xbill.DNS.Name in project nhin-d by DirectProject.
the class DNSCertificateStore method lookupDNS.
protected Collection<X509Certificate> lookupDNS(String name) {
String domain;
String lookupName = name.replace('@', '.');
Collection<X509Certificate> retVal = new ArrayList<X509Certificate>();
// get the domain of the address
int index;
if ((index = name.indexOf("@")) > -1)
domain = name.substring(index + 1);
else
domain = name;
try {
// try the configured servers first
Lookup lu = new Lookup(new Name(lookupName), Type.CERT);
// default retries is 3, limite to 2
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
Record[] retRecords = null;
try {
retRecords = lu.run();
} catch (Exception e) {
LOGGER.warn("Error using recusive DNS CERT lookup for name " + lookupName + "\r\nFalling back to looking up NS record for a targeted search", e);
}
if (retRecords == null || retRecords.length == 0) {
Name tempDomain;
// try to find the resource's name server records
// the address may be an alias so check if there is a CNAME record
lu = new Lookup(new Name(lookupName), Type.CNAME);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0) {
CNAMERecord cnameRect = (CNAMERecord) retRecords[0];
tempDomain = cnameRect.getTarget();
} else
// not a CNAME
tempDomain = new Name(domain);
// look for a name server records
while (tempDomain.labels() > 1) {
lu = new Lookup(tempDomain, Type.NS);
lu.setResolver(createExResolver(servers.toArray(new String[servers.size()]), retries, timeout));
lu.setSearchPath((String[]) null);
retRecords = lu.run();
if (retRecords != null && retRecords.length > 0)
break;
tempDomain = new Name(tempDomain.toString().substring((tempDomain.toString().indexOf(".") + 1)));
}
if (retRecords == null || retRecords.length == 0)
// can't find a name server... bail
return retVal;
String[] remoteServers = new String[retRecords.length];
for (int i = 0; i < remoteServers.length - 0; ++i) {
remoteServers[i] = ((NSRecord) retRecords[i]).getTarget().toString();
}
// search the name servers for the cert
lu = new Lookup(new Name(lookupName), Type.CERT);
ExtendedResolver remoteResolver = createExResolver(remoteServers, 2, 3);
if (remoteResolver.getResolvers().length > 0) {
lu.setResolver(remoteResolver);
lu.setSearchPath((String[]) null);
// CLEAR THE CACHE!!! We are seeing instances where an NXRRSET is cached because
// a DNS provider is trying to handle a request that it should be delegating
// The purpose of bypassing the DNS provider and going directly to the NS server
// is to avoid issues like this
/*
* Change of heart on clearing the DNS cache. Covering up the NXRRSET hides potential issues
* with incorrect DNS configuration. It is important that NXRRSET issues are discovered and corrected
* so all participants in the community participate in a consistent manner.
*/
//lu.setCache(new Cache(DClass.IN));
retRecords = lu.run();
} else {
// null out NS records
retRecords = null;
}
}
if (retRecords != null) {
retVal = new ArrayList<X509Certificate>();
for (Record rec : retRecords) {
if (rec instanceof CERTRecord) {
CERTRecord certRec = (CERTRecord) rec;
switch(certRec.getCertType()) {
case CERTRecord.PKIX:
{
Certificate certToAdd = convertPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
case CERTRecord.URI:
{
Certificate certToAdd = convertIPKIXRecordToCert(certRec);
if (// may not be an X509Cert
certToAdd != null && certToAdd instanceof X509Certificate)
retVal.add((X509Certificate) certToAdd);
break;
}
default:
{
LOGGER.warn("Unknown CERT type " + certRec.getCertType() + " encountered for lookup name" + lookupName);
}
}
}
}
} else if (// if this is an email address, do the search again and the host level
domain.length() < name.length())
retVal = lookupDNS(domain);
} catch (Exception e) {
e.printStackTrace();
throw new NHINDException("", e);
}
// add or update the local cert store
if (retVal != null && retVal.size() > 0 && localStoreDelegate != null) {
for (X509Certificate cert : retVal) {
if (localStoreDelegate != null) {
if (localStoreDelegate.contains(cert))
localStoreDelegate.update(cert);
else
localStoreDelegate.add(cert);
}
}
try {
if (cache != null)
cache.put(name, retVal);
} catch (CacheException e) {
/*
* TODO: handle exception
*/
}
}
return retVal;
}
use of org.xbill.DNS.Name in project nhin-d by DirectProject.
the class LDAPPublicCertUtil_createLDAPUrl_Test method testCreateLDAPUrl_singleSRVRecord.
public void testCreateLDAPUrl_singleSRVRecord() throws Exception {
LdapPublicCertUtilImpl impl = new LdapPublicCertUtilImpl();
SRVRecord rec = new SRVRecord(new Name("test.com."), DClass.IN, 3600, 0, 1, 339, new Name("ldap.test.com."));
String url = impl.createLDAPUrl(new Record[] { rec });
String[] urls = url.split(" ");
assertEquals(1, urls.length);
assertTrue(urls[0].startsWith("ldap://ldap.test.com"));
}
use of org.xbill.DNS.Name in project nhin-d by DirectProject.
the class LdapCertificateStoreTest method setUp.
/**
* Initialize the server.
*/
@SuppressWarnings("unchecked")
@Override
public void setUp() throws Exception {
MutablePartitionConfiguration pcfg = new MutablePartitionConfiguration();
pcfg.setName("lookupTest");
pcfg.setSuffix("cn=lookupTest");
// Create some indices
Set<String> indexedAttrs = new HashSet<String>();
indexedAttrs.add("objectClass");
indexedAttrs.add("cn");
pcfg.setIndexedAttributes(indexedAttrs);
// Create a first entry associated to the partition
Attributes attrs = new BasicAttributes(true);
// First, the objectClass attribute
Attribute attr = new BasicAttribute("objectClass");
attr.add("top");
attrs.put(attr);
// Associate this entry to the partition
pcfg.setContextEntry(attrs);
// As we can create more than one partition, we must store
// each created partition in a Set before initialization
Set<MutablePartitionConfiguration> pcfgs = new HashSet<MutablePartitionConfiguration>();
pcfgs.add(pcfg);
// Create the public LDAP partition
pcfg = new MutablePartitionConfiguration();
pcfg.setName("lookupTestPublic");
pcfg.setSuffix("cn=lookupTestPublic");
// Create some indices
indexedAttrs = new HashSet<String>();
indexedAttrs.add("objectClass");
indexedAttrs.add("cn");
pcfg.setIndexedAttributes(indexedAttrs);
// Create a first entry associated to the partition
attrs = new BasicAttributes(true);
// First, the objectClass attribute
attr = new BasicAttribute("objectClass");
attr.add("top");
attrs.put(attr);
// Associate this entry to the partition
pcfg.setContextEntry(attrs);
// As we can create more than one partition, we must store
// each created partition in a Set before initialization
pcfgs.add(pcfg);
configuration.setContextPartitionConfigurations(pcfgs);
this.configuration.setWorkingDirectory(new File("LDAP-TEST"));
/*MutableAuthenticatorConfiguration authConfig = new MutableAuthenticatorConfiguration();
this.configuration.setAuthenticatorConfigurations(arg0)
*/
// add the private key schema
///
Set<AbstractBootstrapSchema> schemas = configuration.getBootstrapSchemas();
schemas.add(new PrivkeySchema());
configuration.setBootstrapSchemas(schemas);
super.setUp();
// import the ldif file
InputStream stream = LDAPResearchTest.class.getClassLoader().getResourceAsStream("ldifs/privCertsOnly.ldif");
if (stream == null)
throw new IOException("Failed to load ldif file");
importLdif(stream);
mockLookup = mock(Lookup.class);
LookupFactory.getFactory().addOverrideImplementation(mockLookup);
SRVRecord srvRecord = new SRVRecord(new Name("_ldap._tcp.example.com."), DClass.IN, 3600, 0, 1, port, new Name("localhost."));
when(mockLookup.run()).thenReturn(new Record[] { srvRecord });
CertCacheFactory.getInstance().flushAll();
}
Aggregations