001/*
002 * Copyright 2015-2024 the original author or authors
003 *
004 * This software is licensed under the Apache License, Version 2.0,
005 * the GNU Lesser General Public License version 2 or later ("LGPL")
006 * and the WTFPL.
007 * You may choose either license to govern your use of this software only
008 * upon the condition that you accept all of the terms of either
009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL.
010 */
011package org.minidns.dnsname;
012
013import java.io.ByteArrayOutputStream;
014import java.io.DataInputStream;
015import java.io.IOException;
016import java.io.OutputStream;
017import java.io.Serializable;
018import java.nio.charset.StandardCharsets;
019import java.util.Arrays;
020import java.util.HashSet;
021import java.util.Locale;
022
023import org.minidns.dnslabel.DnsLabel;
024import org.minidns.idna.MiniDnsIdna;
025import org.minidns.util.SafeCharSequence;
026
027/**
028 * A DNS name, also called "domain name". A DNS name consists of multiple 'labels' (see {@link DnsLabel}) and is subject to certain restrictions (see
029 * for example <a href="https://tools.ietf.org/html/rfc3696#section-2">RFC 3696 § 2.</a>).
030 * <p>
031 * Instances of this class can be created by using {@link #from(String)}.
032 * </p>
033 * <p>
034 * This class holds three representations of a DNS name: ACE, raw ACE and IDN. ACE (ASCII Compatible Encoding), which
035 * can be accessed via {@link #ace}, represents mostly the data that got send over the wire. But since DNS names are
036 * case insensitive, the ACE value is normalized to lower case. You can use {@link #getRawAce()} to get the raw ACE data
037 * that was received, which possibly includes upper case characters. The IDN (Internationalized Domain Name), that is
038 * the DNS name as it should be shown to the user, can be retrieved using {@link #asIdn()}.
039 * </p>
040 * More information about Internationalized Domain Names can be found at:
041 * <ul>
042 * <li><a href="https://unicode.org/reports/tr46/">UTS #46 - Unicode IDNA Compatibility Processing</a>
043 * <li><a href="https://tools.ietf.org/html/rfc8753">RFC 8753 - Internationalized Domain Names for Applications (IDNA) Review for New Unicode Versions</a>
044 * </ul>
045 *
046 * @see <a href="https://tools.ietf.org/html/rfc3696">RFC 3696</a>
047 * @see DnsLabel
048 * @author Florian Schmaus
049 *
050 */
051public final class DnsName extends SafeCharSequence implements Serializable, Comparable<DnsName> {
052
053    /**
054     * 
055     */
056    private static final long serialVersionUID = 1L;
057
058    /**
059     * @see <a href="https://www.ietf.org/rfc/rfc3490.txt">RFC 3490 § 3.1 1.</a>
060     */
061    private static final String LABEL_SEP_REGEX = "[.\u3002\uFF0E\uFF61]";
062
063    /**
064     * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035 § 2.3.4.</a<
065     */
066    static final int MAX_DNSNAME_LENGTH_IN_OCTETS = 255;
067
068    public static final int MAX_LABELS = 128;
069
070    public static final DnsName ROOT = new DnsName(".");
071
072    public static final DnsName IN_ADDR_ARPA = new DnsName("in-addr.arpa");
073
074    public static final DnsName IP6_ARPA = new DnsName("ip6.arpa");
075
076    /**
077     * Whether or not the DNS name is validated on construction.
078     */
079    public static boolean VALIDATE = true;
080
081    /**
082     * The DNS name in ASCII Compatible Encoding (ACE).
083     */
084    public final String ace;
085
086    /**
087     * The DNS name in raw format, i.e. as it was received from the remote server. This means that compared to
088     * {@link #ace}, this String may not be lower-cased.
089     */
090    private final String rawAce;
091
092    private transient byte[] bytes;
093
094    private transient byte[] rawBytes;
095
096    private transient String idn;
097
098    private transient String domainpart;
099
100    private transient String hostpart;
101
102    /**
103     * The labels in <b>reverse</b> order.
104     */
105    private transient DnsLabel[] labels;
106
107    private transient DnsLabel[] rawLabels;
108
109    private transient int hashCode;
110
111    private int size = -1;
112
113    private DnsName(String name) {
114        this(name, true);
115    }
116
117    private DnsName(String name, boolean inAce) {
118        if (name.isEmpty()) {
119            rawAce = ROOT.rawAce;
120        } else {
121            final int nameLength = name.length();
122            final int nameLastPos = nameLength - 1;
123
124            // Strip potential trailing dot. N.B. that we require nameLength > 2, because we don't want to strip the one
125            // character string containing only a single dot to the empty string.
126            if (nameLength >= 2 && name.charAt(nameLastPos) == '.') {
127                name = name.subSequence(0, nameLastPos).toString();
128            }
129
130            if (inAce) {
131                // Name is already in ACE format.
132                rawAce = name;
133            } else {
134                rawAce = MiniDnsIdna.toASCII(name);
135            }
136        }
137
138        ace = rawAce.toLowerCase(Locale.US);
139
140        if (!VALIDATE) {
141            return;
142        }
143
144        // Validate the DNS name.
145        validateMaxDnsnameLengthInOctets();
146    }
147
148    private DnsName(DnsLabel[] rawLabels, boolean validateMaxDnsnameLength) {
149        this.rawLabels = rawLabels;
150        this.labels = new DnsLabel[rawLabels.length];
151
152        int size = 0;
153        for (int i = 0; i < rawLabels.length; i++) {
154            size += rawLabels[i].length() + 1;
155            labels[i] = rawLabels[i].asLowercaseVariant();
156        }
157
158        rawAce = labelsToString(rawLabels, size);
159        ace    = labelsToString(labels,    size);
160
161        // The following condition is deliberately designed that VALIDATE=false causes the validation to be skipped even
162        // if validateMaxDnsnameLength is set to true. There is no need to validate even if this constructor is called
163        // with validateMaxDnsnameLength set to true if VALIDATE is globally set to false.
164        if (!validateMaxDnsnameLength || !VALIDATE) {
165            return;
166        }
167
168        validateMaxDnsnameLengthInOctets();
169    }
170
171    private static String labelsToString(DnsLabel[] labels, int stringLength) {
172        StringBuilder sb = new StringBuilder(stringLength);
173        for (int i = labels.length - 1; i >= 0; i--) {
174            sb.append(labels[i]).append('.');
175        }
176        sb.setLength(sb.length() - 1);
177        return sb.toString();
178    }
179
180    private void validateMaxDnsnameLengthInOctets() {
181        setBytesIfRequired();
182        if (bytes.length > MAX_DNSNAME_LENGTH_IN_OCTETS) {
183            throw new InvalidDnsNameException.DNSNameTooLongException(ace, bytes);
184        }
185    }
186
187    public void writeToStream(OutputStream os) throws IOException {
188        setBytesIfRequired();
189        os.write(bytes);
190    }
191
192    /**
193     * Serialize a domain name under IDN rules.
194     *
195     * @return The binary domain name representation.
196     */
197    public byte[] getBytes() {
198        setBytesIfRequired();
199        return bytes.clone();
200    }
201
202    public byte[] getRawBytes() {
203        if (rawBytes == null) {
204            setLabelsIfRequired();
205            rawBytes = toBytes(rawLabels);
206        }
207
208        return rawBytes.clone();
209    }
210
211    private void setBytesIfRequired() {
212        if (bytes != null)
213            return;
214
215        setLabelsIfRequired();
216        bytes = toBytes(labels);
217    }
218
219    private static byte[] toBytes(DnsLabel[] labels) {
220        ByteArrayOutputStream baos = new ByteArrayOutputStream(64);
221        for (int i = labels.length - 1; i >= 0; i--) {
222            labels[i].writeToBoas(baos);
223        }
224
225        baos.write(0);
226
227        assert baos.size() <= MAX_DNSNAME_LENGTH_IN_OCTETS;
228
229        return baos.toByteArray();
230    }
231
232    private void setLabelsIfRequired() {
233        if (labels != null && rawLabels != null) return;
234
235        if (isRootLabel()) {
236            rawLabels = labels = new DnsLabel[0];
237            return;
238        }
239
240        labels = getLabels(ace);
241        rawLabels = getLabels(rawAce);
242    }
243
244    private static DnsLabel[] getLabels(String ace) {
245        String[] labels = ace.split(LABEL_SEP_REGEX, MAX_LABELS);
246
247        // Reverse the labels, so that 'foo, example, org' becomes 'org, example, foo'.
248        for (int i = 0; i < labels.length / 2; i++) {
249            String t = labels[i];
250            int j = labels.length - i - 1;
251            labels[i] = labels[j];
252            labels[j] = t;
253        }
254
255        try {
256            return DnsLabel.from(labels);
257        } catch (DnsLabel.LabelToLongException e) {
258            throw new InvalidDnsNameException.LabelTooLongException(ace, e.label);
259        }
260    }
261
262    /**
263     * Return the ACE (ASCII Compatible Encoding) version of this DNS name. Note
264     * that this method may return a String containing null bytes. Those Strings are
265     * notoriously difficult to handle from a security perspective. Therefore it is
266     * recommended to use {@link #toString()} instead, which will return a sanitized
267     * String.
268     *
269     * @return the ACE version of this DNS name.
270     * @since 1.1.0
271     */
272    public String getAce() {
273        return ace;
274    }
275
276    /**
277     * Returns the raw ACE version of this DNS name. That is, the version as it was
278     * received over the wire. Most notably, this version may include uppercase
279     * letters.
280     *
281     * <b>Please refer to {@link #getAce()} for a discussion of the security
282     * implications when working with the ACE representation of a DNS name.</b>
283     *
284     * @return the raw ACE version of this DNS name.
285     * @see #getAce()
286     */
287    public String getRawAce() {
288        return rawAce;
289    }
290
291    public String asIdn() {
292        if (idn != null)
293            return idn;
294
295        idn = MiniDnsIdna.toUnicode(ace);
296        return idn;
297    }
298
299    /**
300     * Domainpart in ACE representation.
301     *
302     * @return the domainpart in ACE representation.
303     */
304    public String getDomainpart() {
305        setHostnameAndDomainpartIfRequired();
306        return domainpart;
307    }
308
309    /**
310     * Hostpart in ACE representation.
311     *
312     * @return the hostpart in ACE representation.
313     */
314    public String getHostpart() {
315        setHostnameAndDomainpartIfRequired();
316        return hostpart;
317    }
318
319    public DnsLabel getHostpartLabel() {
320        setLabelsIfRequired();
321        return labels[labels.length - 1];
322    }
323
324    private void setHostnameAndDomainpartIfRequired() {
325        if (hostpart != null) return;
326
327        String[] parts = ace.split(LABEL_SEP_REGEX, 2);
328        hostpart = parts[0];
329        if (parts.length > 1) {
330            domainpart = parts[1];
331        } else {
332            domainpart = "";
333        }
334    }
335
336    public int size() {
337        if (size < 0) {
338            if (isRootLabel()) {
339                size = 1;
340            } else {
341                size = ace.length() + 2;
342            }
343        }
344        return size;
345    }
346
347    private transient String safeToStringRepresentation;
348
349    @Override
350    public String toString() {
351        if (safeToStringRepresentation == null) {
352            setLabelsIfRequired();
353            if (labels.length == 0) {
354                return ".";
355            }
356
357            StringBuilder sb = new StringBuilder();
358            for (int i = labels.length - 1; i >= 0; i--) {
359                // Note that it is important that we append the result of DnsLabel.toString() to
360                // the StringBuilder. As only the result of toString() is the safe label
361                // representation.
362                String safeLabelRepresentation = labels[i].toString();
363                sb.append(safeLabelRepresentation);
364                if (i != 0) {
365                    sb.append('.');
366                }
367            }
368            safeToStringRepresentation = sb.toString();
369        }
370
371        return safeToStringRepresentation;
372    }
373
374    public static DnsName from(CharSequence name) {
375        return from(name.toString());
376    }
377
378    public static DnsName from(String name) {
379        return new DnsName(name, false);
380    }
381
382    /**
383     * Create a DNS name by "concatenating" the child under the parent name. The child can also be seen as the "left"
384     * part of the resulting DNS name and the parent is the "right" part.
385     * <p>
386     * For example using "i.am.the.child" as child and "of.this.parent.example" as parent, will result in a DNS name:
387     * "i.am.the.child.of.this.parent.example".
388     * </p>
389     *
390     * @param child the child DNS name.
391     * @param parent the parent DNS name.
392     * @return the resulting of DNS name.
393     */
394    public static DnsName from(DnsName child, DnsName parent) {
395        child.setLabelsIfRequired();
396        parent.setLabelsIfRequired();
397
398        DnsLabel[] rawLabels = new DnsLabel[child.rawLabels.length + parent.rawLabels.length];
399        System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length);
400        System.arraycopy(child.rawLabels, 0, rawLabels, parent.rawLabels.length, child.rawLabels.length);
401        return new DnsName(rawLabels, true);
402    }
403
404    public static DnsName from(CharSequence child, DnsName parent) {
405        DnsLabel childLabel = DnsLabel.from(child.toString());
406        return DnsName.from(childLabel, parent);
407    }
408
409    public static DnsName from(DnsLabel child, DnsName parent) {
410        parent.setLabelsIfRequired();
411
412        DnsLabel[] rawLabels = new DnsLabel[parent.rawLabels.length + 1];
413        System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length);
414        rawLabels[parent.rawLabels.length] = child;
415        return new DnsName(rawLabels, true);
416    }
417
418    public static DnsName from(DnsLabel grandchild, DnsLabel child, DnsName parent) {
419        parent.setBytesIfRequired();
420
421        DnsLabel[] rawLabels = new DnsLabel[parent.rawLabels.length + 2];
422        System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length);
423        rawLabels[parent.rawLabels.length] = child;
424        rawLabels[parent.rawLabels.length + 1] = grandchild;
425        return new DnsName(rawLabels, true);
426    }
427
428    public static DnsName from(DnsName... nameComponents) {
429        int labelCount = 0;
430        for (DnsName component : nameComponents) {
431            component.setLabelsIfRequired();
432            labelCount += component.rawLabels.length;
433        }
434
435        DnsLabel[] rawLabels = new DnsLabel[labelCount];
436        int destLabelPos = 0;
437        for (int i = nameComponents.length - 1; i >= 0; i--) {
438            DnsName component = nameComponents[i];
439            System.arraycopy(component.rawLabels, 0, rawLabels, destLabelPos, component.rawLabels.length);
440            destLabelPos += component.rawLabels.length;
441        }
442
443        return new DnsName(rawLabels, true);
444    }
445
446    public static DnsName from(String[] parts) {
447        DnsLabel[] rawLabels = DnsLabel.from(parts);
448
449        return new DnsName(rawLabels, true);
450    }
451
452    /**
453     * Parse a domain name starting at the current offset and moving the input
454     * stream pointer past this domain name (even if cross references occure).
455     *
456     * @param dis  The input stream.
457     * @param data The raw data (for cross references).
458     * @return The domain name string.
459     * @throws IOException Should never happen.
460     */
461    public static DnsName parse(DataInputStream dis, byte[] data)
462            throws IOException {
463        int c = dis.readUnsignedByte();
464        if ((c & 0xc0) == 0xc0) {
465            c = ((c & 0x3f) << 8) + dis.readUnsignedByte();
466            HashSet<Integer> jumps = new HashSet<Integer>();
467            jumps.add(c);
468            return parse(data, c, jumps);
469        }
470        if (c == 0) {
471            return DnsName.ROOT;
472        }
473        byte[] b = new byte[c];
474        dis.readFully(b);
475
476        String childLabelString = new String(b, StandardCharsets.US_ASCII);
477        DnsName child = new DnsName(childLabelString);
478
479        DnsName parent = parse(dis, data);
480        return DnsName.from(child, parent);
481    }
482
483    /**
484     * Parse a domain name starting at the given offset.
485     *
486     * @param data   The raw data.
487     * @param offset The offset.
488     * @param jumps  The list of jumps (by now).
489     * @return The parsed domain name.
490     * @throws IllegalStateException on cycles.
491     */
492    private static DnsName parse(byte[] data, int offset, HashSet<Integer> jumps)
493            throws IllegalStateException {
494        int c = data[offset] & 0xff;
495        if ((c & 0xc0) == 0xc0) {
496            c = ((c & 0x3f) << 8) + (data[offset + 1] & 0xff);
497            if (jumps.contains(c)) {
498                throw new IllegalStateException("Cyclic offsets detected.");
499            }
500            jumps.add(c);
501            return parse(data, c, jumps);
502        }
503        if (c == 0) {
504            return DnsName.ROOT;
505        }
506
507        String childLabelString = new String(data, offset + 1, c, StandardCharsets.US_ASCII);
508        DnsName child = new DnsName(childLabelString);
509
510        DnsName parent = parse(data, offset + 1 + c, jumps);
511        return DnsName.from(child, parent);
512    }
513
514    @Override
515    public int compareTo(DnsName other) {
516        return ace.compareTo(other.ace);
517    }
518
519    @Override
520    public boolean equals(Object other) {
521        if (other == null) return false;
522
523        if (other instanceof DnsName) {
524            DnsName otherDnsName = (DnsName) other;
525            setBytesIfRequired();
526            otherDnsName.setBytesIfRequired();
527            return Arrays.equals(bytes, otherDnsName.bytes);
528        }
529
530        return false;
531    }
532
533    @Override
534    public int hashCode() {
535        if (hashCode == 0 && !isRootLabel()) {
536            setBytesIfRequired();
537            hashCode = Arrays.hashCode(bytes);
538        }
539        return hashCode;
540    }
541
542    public boolean isDirectChildOf(DnsName parent) {
543        setLabelsIfRequired();
544        parent.setLabelsIfRequired();
545        int parentLabelsCount = parent.labels.length;
546
547        if (labels.length - 1 != parentLabelsCount)
548            return false;
549
550        for (int i = 0; i < parent.labels.length; i++) {
551            if (!labels[i].equals(parent.labels[i]))
552                return false;
553        }
554
555        return true;
556    }
557
558    public boolean isChildOf(DnsName parent) {
559        setLabelsIfRequired();
560        parent.setLabelsIfRequired();
561
562        if (labels.length < parent.labels.length)
563            return false;
564
565        for (int i = 0; i < parent.labels.length; i++) {
566            if (!labels[i].equals(parent.labels[i]))
567                return false;
568        }
569
570        return true;
571    }
572
573    public int getLabelCount() {
574        setLabelsIfRequired();
575        return labels.length;
576    }
577
578    /**
579     * Get a copy of the labels of this DNS name. The resulting array will contain the labels in reverse order, that is,
580     * the top-level domain will be at res[0].
581     *
582     * @return an array of the labels in reverse order.
583     */
584    public DnsLabel[] getLabels() {
585        setLabelsIfRequired();
586        return labels.clone();
587    }
588
589
590    public DnsLabel getLabel(int labelNum) {
591        setLabelsIfRequired();
592        return labels[labelNum];
593    }
594
595    /**
596     * Get a copy of the raw labels of this DNS name. The resulting array will contain the labels in reverse order, that is,
597     * the top-level domain will be at res[0].
598     *
599     * @return an array of the raw labels in reverse order.
600     */
601    public DnsLabel[] getRawLabels() {
602        setLabelsIfRequired();
603        return rawLabels.clone();
604    }
605
606    public DnsName stripToLabels(int labelCount) {
607        setLabelsIfRequired();
608
609        if (labelCount > labels.length) {
610            throw new IllegalArgumentException();
611        }
612
613        if (labelCount == labels.length) {
614            return this;
615        }
616
617        if (labelCount == 0) {
618            return ROOT;
619        }
620
621        DnsLabel[] stripedLabels = Arrays.copyOfRange(rawLabels, 0, labelCount);
622
623        return new DnsName(stripedLabels, false);
624    }
625
626    /**
627     * Return the parent of this DNS label. Will return the root label if this label itself is the root label (because there is no parent of root).
628     * <p>
629     * For example:
630     * </p>
631     * <ul>
632     *  <li><code>"foo.bar.org".getParent() == "bar.org"</code></li>
633     *  <li><code> ".".getParent() == "."</code></li>
634     * </ul>
635     * @return the parent of this DNS label.
636     */
637    public DnsName getParent() {
638        if (isRootLabel()) return ROOT;
639        return stripToLabels(getLabelCount() - 1);
640    }
641
642    public boolean isRootLabel() {
643        return ace.isEmpty() || ace.equals(".");
644    }
645}