made DNSEC hostname validation opt-in

author: Christian Schneppe <christian@pix-art.de> 2017-08-01 11:53:00 +0200
committer: Christian Schneppe <christian@pix-art.de> 2017-08-01 11:53:00 +0200
commit: c32590697cea9cc8b7bdd586e5f4791bdec4fef5 (patch)
tree: e118bc4aad6b4609ffa14f6ad378bfe90a3fd814 /src/main/java/de/pixart/messenger/utils
parent: 8cf22e633d4fdff7714b72ff0ff0eea3ea919868 (diff)
1 files changed, 24 insertions, 11 deletions
diff --git a/src/main/java/de/pixart/messenger/utils/Resolver.java b/src/main/java/de/pixart/messenger/utils/Resolver.java
index 29b55d592..d6572aed6 100644
--- a/src/main/java/de/pixart/messenger/utils/Resolver.java
+++ b/src/main/java/de/pixart/messenger/utils/Resolver.java
@@ -24,13 +24,22 @@ import de.measite.minidns.record.Data;
 import de.measite.minidns.record.InternetAddressRR;
 import de.measite.minidns.record.SRV;
 import de.pixart.messenger.Config;
+import de.pixart.messenger.R;
+import de.pixart.messenger.services.XmppConnectionService;
 
 public class Resolver {
 
     private static final String DIRECT_TLS_SERVICE = "_xmpps-client";
     private static final String STARTTLS_SERICE = "_xmpp-client";
 
-    public static void registerLookupMechanism(Context context) {
+    private static XmppConnectionService SERVICE = null;
+
+    public static void registerXmppConnectionService(XmppConnectionService service) {
+        Resolver.SERVICE = service;
+        registerLookupMechanism(service);
+    }
+
+    private static void registerLookupMechanism(Context context) {
         DNSClient.addDnsServerLookupMechanism(new AndroidUsingLinkProperties(context));
     }
 
@@ -47,7 +56,7 @@ public class Resolver {
             Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": " + e.getMessage());
         }
         if (results.size() == 0) {
-            results.addAll(resolveFallback(DNSName.from(domain)));
+            results.addAll(resolveFallback(DNSName.from(domain), true));
         }
         Collections.sort(results);
         Log.d(Config.LOGTAG, Resolver.class.getSimpleName() + ": " + results.toString());
@@ -79,7 +88,7 @@ public class Resolver {
         }
         List<Result> list = new ArrayList<>();
         try {
-            ResolverResult<D> results = resolveWithFallback(DNSName.from(srv.name.toString()), type, !authenticated);
+            ResolverResult<D> results = resolveWithFallback(DNSName.from(srv.name.toString()), type, authenticated);
             for (D record : results.getAnswersOrEmptySet()) {
                 Result resolverResult = Result.fromRecord(srv, directTls);
                 resolverResult.authenticated = results.isAuthenticData() && authenticated;
@@ -92,18 +101,18 @@ public class Resolver {
         return list;
     }
 
-    private static List<Result> resolveFallback(DNSName dnsName) {
+    private static List<Result> resolveFallback(DNSName dnsName, boolean withCnames) {
         List<Result> results = new ArrayList<>();
         try {
-            for (A a : resolveWithFallback(dnsName, A.class, true).getAnswersOrEmptySet()) {
+            for (A a : resolveWithFallback(dnsName, A.class, false).getAnswersOrEmptySet()) {
                 results.add(Result.createDefault(dnsName, a.getInetAddress()));
             }
-            for (AAAA aaaa : resolveWithFallback(dnsName, AAAA.class, true).getAnswersOrEmptySet()) {
+            for (AAAA aaaa : resolveWithFallback(dnsName, AAAA.class, false).getAnswersOrEmptySet()) {
                 results.add(Result.createDefault(dnsName, aaaa.getInetAddress()));
             }
             if (results.size() == 0) {
-                for (CNAME cname : resolveWithFallback(dnsName, CNAME.class, true).getAnswersOrEmptySet()) {
-                    results.addAll(resolveFallback(cname.name));
+                for (CNAME cname : resolveWithFallback(dnsName, CNAME.class, false).getAnswersOrEmptySet()) {
+                    results.addAll(resolveFallback(cname.name, false));
                 }
             }
         } catch (IOException e) {
@@ -116,11 +125,11 @@ public class Resolver {
     }
 
     private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type) throws IOException {
-        return resolveWithFallback(dnsName, type, false);
+        return resolveWithFallback(dnsName, type, validateHostname());
     }
 
-    private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type, boolean skipDnssec) throws IOException {
-        if (skipDnssec) {
+    private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type, boolean validateHostname) throws IOException {
+        if (!validateHostname) {
             return ResolverApi.INSTANCE.resolve(dnsName, type);
         }
         try {
@@ -142,6 +151,10 @@ public class Resolver {
         return ResolverApi.INSTANCE.resolve(dnsName, type);
     }
 
+    private static boolean validateHostname() {
+        return SERVICE != null && SERVICE.getBooleanPreference("validate_hostname", R.bool.validate_hostname);
+    }
+
     public static class Result implements Comparable<Result> {
         private InetAddress ip;
         private DNSName hostname;
author	Christian Schneppe <christian@pix-art.de>	2017-08-01 11:53:00 +0200
committer	Christian Schneppe <christian@pix-art.de>	2017-08-01 11:53:00 +0200
commit	c32590697cea9cc8b7bdd586e5f4791bdec4fef5 (patch)
tree	e118bc4aad6b4609ffa14f6ad378bfe90a3fd814 /src/main/java/de/pixart/messenger/utils
parent	8cf22e633d4fdff7714b72ff0ff0eea3ea919868 (diff)