Daniel Gultsch created
src/main/java/eu/siacs/conversations/services/XmppConnectionService.java | 2
src/main/java/eu/siacs/conversations/utils/Resolver.java | 35
src/main/res/values/defaults.xml | 1
src/main/res/values/strings.xml | 2
src/main/res/xml/preferences.xml | 5
5 files changed, 33 insertions(+), 12 deletions(-)
@@ -986,7 +986,7 @@ public class XmppConnectionService extends Service {
public void onCreate() {
ExceptionHelper.init(getApplicationContext());
PRNGFixes.apply();
- Resolver.registerLookupMechanism(this);
+ Resolver.registerXmppConnectionService(this);
this.mRandom = new SecureRandom();
updateMemorizingTrustmanager();
final int maxMemory = (int) (Runtime.getRuntime().maxMemory() / 1024);
@@ -24,14 +24,23 @@ import de.measite.minidns.record.Data;
import de.measite.minidns.record.InternetAddressRR;
import de.measite.minidns.record.SRV;
import eu.siacs.conversations.Config;
+import eu.siacs.conversations.R;
+import eu.siacs.conversations.services.XmppConnectionService;
public class Resolver {
private static final String DIRECT_TLS_SERVICE = "_xmpps-client";
private static final String STARTTLS_SERICE = "_xmpp-client";
+ private static XmppConnectionService SERVICE = null;
- public static void registerLookupMechanism(Context context) {
+
+ public static void registerXmppConnectionService(XmppConnectionService service) {
+ Resolver.SERVICE = service;
+ registerLookupMechanism(service);
+ }
+
+ private static void registerLookupMechanism(Context context) {
DNSClient.addDnsServerLookupMechanism(new AndroidUsingLinkProperties(context));
}
@@ -48,7 +57,7 @@ public class Resolver {
Log.d(Config.LOGTAG,Resolver.class.getSimpleName()+": "+e.getMessage());
}
if (results.size() == 0) {
- results.addAll(resolveFallback(DNSName.from(domain)));
+ results.addAll(resolveFallback(DNSName.from(domain),true));
}
Collections.sort(results);
Log.d(Config.LOGTAG,Resolver.class.getSimpleName()+": "+results.toString());
@@ -80,7 +89,7 @@ public class Resolver {
}
List<Result> list = new ArrayList<>();
try {
- ResolverResult<D> results = resolveWithFallback(DNSName.from(srv.name.toString()),type, !authenticated);
+ ResolverResult<D> results = resolveWithFallback(DNSName.from(srv.name.toString()),type, authenticated);
for (D record : results.getAnswersOrEmptySet()) {
Result resolverResult = Result.fromRecord(srv, directTls);
resolverResult.authenticated = results.isAuthenticData() && authenticated;
@@ -93,18 +102,18 @@ public class Resolver {
return list;
}
- private static List<Result> resolveFallback(DNSName dnsName) {
+ private static List<Result> resolveFallback(DNSName dnsName, boolean withCnames) {
List<Result> results = new ArrayList<>();
try {
- for(A a : resolveWithFallback(dnsName,A.class,true).getAnswersOrEmptySet()) {
+ for(A a : resolveWithFallback(dnsName,A.class,false).getAnswersOrEmptySet()) {
results.add(Result.createDefault(dnsName,a.getInetAddress()));
}
- for(AAAA aaaa : resolveWithFallback(dnsName,AAAA.class,true).getAnswersOrEmptySet()) {
+ for(AAAA aaaa : resolveWithFallback(dnsName,AAAA.class,false).getAnswersOrEmptySet()) {
results.add(Result.createDefault(dnsName,aaaa.getInetAddress()));
}
if (results.size() == 0) {
- for (CNAME cname : resolveWithFallback(dnsName, CNAME.class, true).getAnswersOrEmptySet()) {
- results.addAll(resolveFallback(cname.name));
+ for (CNAME cname : resolveWithFallback(dnsName, CNAME.class, false).getAnswersOrEmptySet()) {
+ results.addAll(resolveFallback(cname.name, false));
}
}
} catch (IOException e) {
@@ -117,11 +126,11 @@ public class Resolver {
}
private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type) throws IOException {
- return resolveWithFallback(dnsName,type,false);
+ return resolveWithFallback(dnsName,type,validateHostname());
}
- private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type, boolean skipDnssec) throws IOException {
- if (skipDnssec) {
+ private static <D extends Data> ResolverResult<D> resolveWithFallback(DNSName dnsName, Class<D> type, boolean validateHostname) throws IOException {
+ if (!validateHostname) {
return ResolverApi.INSTANCE.resolve(dnsName, type);
}
try {
@@ -143,6 +152,10 @@ public class Resolver {
return ResolverApi.INSTANCE.resolve(dnsName, type);
}
+ private static boolean validateHostname() {
+ return SERVICE != null && SERVICE.getBooleanPreference("validate_hostname", R.bool.validate_hostname);
+ }
+
public static class Result implements Comparable<Result> {
private InetAddress ip;
private DNSName hostname;
@@ -40,4 +40,5 @@
<bool name="enable_foreground_service">false</bool>
<bool name="never_send">false</bool>
<bool name="return_to_previous">false</bool>
+ <bool name="validate_hostname">false</bool>
</resources>
@@ -756,4 +756,6 @@
<string name="pref_headsup_notifications_summary">Show Heads-up Notifications</string>
<string name="today">Today</string>
<string name="yesterday">Yesterday</string>
+ <string name="pref_validate_hostname">Validate hostname with DNSSEC</string>
+ <string name="pref_validate_hostname_summary">Server certificates that contain the validated hostname are considered verified</string>
</resources>
@@ -194,6 +194,11 @@
android:key="dont_trust_system_cas"
android:summary="@string/pref_dont_trust_system_cas_summary"
android:title="@string/pref_dont_trust_system_cas_title"/>
+ <CheckBoxPreference
+ android:defaultValue="@bool/validate_hostname"
+ android:key="validate_hostname"
+ android:summary="@string/pref_validate_hostname_summary"
+ android:title="@string/pref_validate_hostname"/>
<Preference
android:key="remove_trusted_certificates"
android:summary="@string/pref_remove_trusted_certificates_summary"