001/* 002 * Copyright 2015-2024 the original author or authors 003 * 004 * This software is licensed under the Apache License, Version 2.0, 005 * the GNU Lesser General Public License version 2 or later ("LGPL") 006 * and the WTFPL. 007 * You may choose either license to govern your use of this software only 008 * upon the condition that you accept all of the terms of either 009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL. 010 */ 011package org.minidns.dnsname; 012 013import java.io.ByteArrayOutputStream; 014import java.io.DataInputStream; 015import java.io.IOException; 016import java.io.OutputStream; 017import java.io.Serializable; 018import java.nio.charset.StandardCharsets; 019import java.util.Arrays; 020import java.util.HashSet; 021import java.util.Locale; 022 023import org.minidns.dnslabel.DnsLabel; 024import org.minidns.idna.MiniDnsIdna; 025import org.minidns.util.SafeCharSequence; 026 027/** 028 * A DNS name, also called "domain name". A DNS name consists of multiple 'labels' (see {@link DnsLabel}) and is subject to certain restrictions (see 029 * for example <a href="https://tools.ietf.org/html/rfc3696#section-2">RFC 3696 § 2.</a>). 030 * <p> 031 * Instances of this class can be created by using {@link #from(String)}. 032 * </p> 033 * <p> 034 * This class holds three representations of a DNS name: ACE, raw ACE and IDN. ACE (ASCII Compatible Encoding), which 035 * can be accessed via {@link #ace}, represents mostly the data that got send over the wire. But since DNS names are 036 * case insensitive, the ACE value is normalized to lower case. You can use {@link #getRawAce()} to get the raw ACE data 037 * that was received, which possibly includes upper case characters. The IDN (Internationalized Domain Name), that is 038 * the DNS name as it should be shown to the user, can be retrieved using {@link #asIdn()}. 039 * </p> 040 * More information about Internationalized Domain Names can be found at: 041 * <ul> 042 * <li><a href="https://unicode.org/reports/tr46/">UTS #46 - Unicode IDNA Compatibility Processing</a> 043 * <li><a href="https://tools.ietf.org/html/rfc8753">RFC 8753 - Internationalized Domain Names for Applications (IDNA) Review for New Unicode Versions</a> 044 * </ul> 045 * 046 * @see <a href="https://tools.ietf.org/html/rfc3696">RFC 3696</a> 047 * @see DnsLabel 048 * @author Florian Schmaus 049 * 050 */ 051public final class DnsName extends SafeCharSequence implements Serializable, Comparable<DnsName> { 052 053 /** 054 * 055 */ 056 private static final long serialVersionUID = 1L; 057 058 /** 059 * @see <a href="https://www.ietf.org/rfc/rfc3490.txt">RFC 3490 § 3.1 1.</a> 060 */ 061 private static final String LABEL_SEP_REGEX = "[.\u3002\uFF0E\uFF61]"; 062 063 /** 064 * @see <a href="https://tools.ietf.org/html/rfc1035">RFC 1035 § 2.3.4.</a< 065 */ 066 static final int MAX_DNSNAME_LENGTH_IN_OCTETS = 255; 067 068 public static final int MAX_LABELS = 128; 069 070 public static final DnsName ROOT = new DnsName("."); 071 072 public static final DnsName IN_ADDR_ARPA = new DnsName("in-addr.arpa"); 073 074 public static final DnsName IP6_ARPA = new DnsName("ip6.arpa"); 075 076 /** 077 * Whether or not the DNS name is validated on construction. 078 */ 079 public static boolean VALIDATE = true; 080 081 /** 082 * The DNS name in ASCII Compatible Encoding (ACE). 083 */ 084 public final String ace; 085 086 /** 087 * The DNS name in raw format, i.e. as it was received from the remote server. This means that compared to 088 * {@link #ace}, this String may not be lower-cased. 089 */ 090 private final String rawAce; 091 092 private transient byte[] bytes; 093 094 private transient byte[] rawBytes; 095 096 private transient String idn; 097 098 private transient String domainpart; 099 100 private transient String hostpart; 101 102 /** 103 * The labels in <b>reverse</b> order. 104 */ 105 private transient DnsLabel[] labels; 106 107 private transient DnsLabel[] rawLabels; 108 109 private transient int hashCode; 110 111 private int size = -1; 112 113 private DnsName(String name) { 114 this(name, true); 115 } 116 117 private DnsName(String name, boolean inAce) { 118 if (name.isEmpty()) { 119 rawAce = ROOT.rawAce; 120 } else { 121 final int nameLength = name.length(); 122 final int nameLastPos = nameLength - 1; 123 124 // Strip potential trailing dot. N.B. that we require nameLength > 2, because we don't want to strip the one 125 // character string containing only a single dot to the empty string. 126 if (nameLength >= 2 && name.charAt(nameLastPos) == '.') { 127 name = name.subSequence(0, nameLastPos).toString(); 128 } 129 130 if (inAce) { 131 // Name is already in ACE format. 132 rawAce = name; 133 } else { 134 rawAce = MiniDnsIdna.toASCII(name); 135 } 136 } 137 138 ace = rawAce.toLowerCase(Locale.US); 139 140 if (!VALIDATE) { 141 return; 142 } 143 144 // Validate the DNS name. 145 validateMaxDnsnameLengthInOctets(); 146 } 147 148 private DnsName(DnsLabel[] rawLabels, boolean validateMaxDnsnameLength) { 149 this.rawLabels = rawLabels; 150 this.labels = new DnsLabel[rawLabels.length]; 151 152 int size = 0; 153 for (int i = 0; i < rawLabels.length; i++) { 154 size += rawLabels[i].length() + 1; 155 labels[i] = rawLabels[i].asLowercaseVariant(); 156 } 157 158 rawAce = labelsToString(rawLabels, size); 159 ace = labelsToString(labels, size); 160 161 // The following condition is deliberately designed that VALIDATE=false causes the validation to be skipped even 162 // if validateMaxDnsnameLength is set to true. There is no need to validate even if this constructor is called 163 // with validateMaxDnsnameLength set to true if VALIDATE is globally set to false. 164 if (!validateMaxDnsnameLength || !VALIDATE) { 165 return; 166 } 167 168 validateMaxDnsnameLengthInOctets(); 169 } 170 171 private static String labelsToString(DnsLabel[] labels, int stringLength) { 172 StringBuilder sb = new StringBuilder(stringLength); 173 for (int i = labels.length - 1; i >= 0; i--) { 174 sb.append(labels[i]).append('.'); 175 } 176 sb.setLength(sb.length() - 1); 177 return sb.toString(); 178 } 179 180 private void validateMaxDnsnameLengthInOctets() { 181 setBytesIfRequired(); 182 if (bytes.length > MAX_DNSNAME_LENGTH_IN_OCTETS) { 183 throw new InvalidDnsNameException.DNSNameTooLongException(ace, bytes); 184 } 185 } 186 187 public void writeToStream(OutputStream os) throws IOException { 188 setBytesIfRequired(); 189 os.write(bytes); 190 } 191 192 /** 193 * Serialize a domain name under IDN rules. 194 * 195 * @return The binary domain name representation. 196 */ 197 public byte[] getBytes() { 198 setBytesIfRequired(); 199 return bytes.clone(); 200 } 201 202 public byte[] getRawBytes() { 203 if (rawBytes == null) { 204 setLabelsIfRequired(); 205 rawBytes = toBytes(rawLabels); 206 } 207 208 return rawBytes.clone(); 209 } 210 211 private void setBytesIfRequired() { 212 if (bytes != null) 213 return; 214 215 setLabelsIfRequired(); 216 bytes = toBytes(labels); 217 } 218 219 private static byte[] toBytes(DnsLabel[] labels) { 220 ByteArrayOutputStream baos = new ByteArrayOutputStream(64); 221 for (int i = labels.length - 1; i >= 0; i--) { 222 labels[i].writeToBoas(baos); 223 } 224 225 baos.write(0); 226 227 assert baos.size() <= MAX_DNSNAME_LENGTH_IN_OCTETS; 228 229 return baos.toByteArray(); 230 } 231 232 private void setLabelsIfRequired() { 233 if (labels != null && rawLabels != null) return; 234 235 if (isRootLabel()) { 236 rawLabels = labels = new DnsLabel[0]; 237 return; 238 } 239 240 labels = getLabels(ace); 241 rawLabels = getLabels(rawAce); 242 } 243 244 private static DnsLabel[] getLabels(String ace) { 245 String[] labels = ace.split(LABEL_SEP_REGEX, MAX_LABELS); 246 247 // Reverse the labels, so that 'foo, example, org' becomes 'org, example, foo'. 248 for (int i = 0; i < labels.length / 2; i++) { 249 String t = labels[i]; 250 int j = labels.length - i - 1; 251 labels[i] = labels[j]; 252 labels[j] = t; 253 } 254 255 try { 256 return DnsLabel.from(labels); 257 } catch (DnsLabel.LabelToLongException e) { 258 throw new InvalidDnsNameException.LabelTooLongException(ace, e.label); 259 } 260 } 261 262 /** 263 * Return the ACE (ASCII Compatible Encoding) version of this DNS name. Note 264 * that this method may return a String containing null bytes. Those Strings are 265 * notoriously difficult to handle from a security perspective. Therefore it is 266 * recommended to use {@link #toString()} instead, which will return a sanitized 267 * String. 268 * 269 * @return the ACE version of this DNS name. 270 * @since 1.1.0 271 */ 272 public String getAce() { 273 return ace; 274 } 275 276 /** 277 * Returns the raw ACE version of this DNS name. That is, the version as it was 278 * received over the wire. Most notably, this version may include uppercase 279 * letters. 280 * 281 * <b>Please refer to {@link #getAce()} for a discussion of the security 282 * implications when working with the ACE representation of a DNS name.</b> 283 * 284 * @return the raw ACE version of this DNS name. 285 * @see #getAce() 286 */ 287 public String getRawAce() { 288 return rawAce; 289 } 290 291 public String asIdn() { 292 if (idn != null) 293 return idn; 294 295 idn = MiniDnsIdna.toUnicode(ace); 296 return idn; 297 } 298 299 /** 300 * Domainpart in ACE representation. 301 * 302 * @return the domainpart in ACE representation. 303 */ 304 public String getDomainpart() { 305 setHostnameAndDomainpartIfRequired(); 306 return domainpart; 307 } 308 309 /** 310 * Hostpart in ACE representation. 311 * 312 * @return the hostpart in ACE representation. 313 */ 314 public String getHostpart() { 315 setHostnameAndDomainpartIfRequired(); 316 return hostpart; 317 } 318 319 public DnsLabel getHostpartLabel() { 320 setLabelsIfRequired(); 321 return labels[labels.length - 1]; 322 } 323 324 private void setHostnameAndDomainpartIfRequired() { 325 if (hostpart != null) return; 326 327 String[] parts = ace.split(LABEL_SEP_REGEX, 2); 328 hostpart = parts[0]; 329 if (parts.length > 1) { 330 domainpart = parts[1]; 331 } else { 332 domainpart = ""; 333 } 334 } 335 336 public int size() { 337 if (size < 0) { 338 if (isRootLabel()) { 339 size = 1; 340 } else { 341 size = ace.length() + 2; 342 } 343 } 344 return size; 345 } 346 347 private transient String safeToStringRepresentation; 348 349 @Override 350 public String toString() { 351 if (safeToStringRepresentation == null) { 352 setLabelsIfRequired(); 353 if (labels.length == 0) { 354 return "."; 355 } 356 357 StringBuilder sb = new StringBuilder(); 358 for (int i = labels.length - 1; i >= 0; i--) { 359 // Note that it is important that we append the result of DnsLabel.toString() to 360 // the StringBuilder. As only the result of toString() is the safe label 361 // representation. 362 String safeLabelRepresentation = labels[i].toString(); 363 sb.append(safeLabelRepresentation); 364 if (i != 0) { 365 sb.append('.'); 366 } 367 } 368 safeToStringRepresentation = sb.toString(); 369 } 370 371 return safeToStringRepresentation; 372 } 373 374 public static DnsName from(CharSequence name) { 375 return from(name.toString()); 376 } 377 378 public static DnsName from(String name) { 379 return new DnsName(name, false); 380 } 381 382 /** 383 * Create a DNS name by "concatenating" the child under the parent name. The child can also be seen as the "left" 384 * part of the resulting DNS name and the parent is the "right" part. 385 * <p> 386 * For example using "i.am.the.child" as child and "of.this.parent.example" as parent, will result in a DNS name: 387 * "i.am.the.child.of.this.parent.example". 388 * </p> 389 * 390 * @param child the child DNS name. 391 * @param parent the parent DNS name. 392 * @return the resulting of DNS name. 393 */ 394 public static DnsName from(DnsName child, DnsName parent) { 395 child.setLabelsIfRequired(); 396 parent.setLabelsIfRequired(); 397 398 DnsLabel[] rawLabels = new DnsLabel[child.rawLabels.length + parent.rawLabels.length]; 399 System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length); 400 System.arraycopy(child.rawLabels, 0, rawLabels, parent.rawLabels.length, child.rawLabels.length); 401 return new DnsName(rawLabels, true); 402 } 403 404 public static DnsName from(CharSequence child, DnsName parent) { 405 DnsLabel childLabel = DnsLabel.from(child.toString()); 406 return DnsName.from(childLabel, parent); 407 } 408 409 public static DnsName from(DnsLabel child, DnsName parent) { 410 parent.setLabelsIfRequired(); 411 412 DnsLabel[] rawLabels = new DnsLabel[parent.rawLabels.length + 1]; 413 System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length); 414 rawLabels[parent.rawLabels.length] = child; 415 return new DnsName(rawLabels, true); 416 } 417 418 public static DnsName from(DnsLabel grandchild, DnsLabel child, DnsName parent) { 419 parent.setBytesIfRequired(); 420 421 DnsLabel[] rawLabels = new DnsLabel[parent.rawLabels.length + 2]; 422 System.arraycopy(parent.rawLabels, 0, rawLabels, 0, parent.rawLabels.length); 423 rawLabels[parent.rawLabels.length] = child; 424 rawLabels[parent.rawLabels.length + 1] = grandchild; 425 return new DnsName(rawLabels, true); 426 } 427 428 public static DnsName from(DnsName... nameComponents) { 429 int labelCount = 0; 430 for (DnsName component : nameComponents) { 431 component.setLabelsIfRequired(); 432 labelCount += component.rawLabels.length; 433 } 434 435 DnsLabel[] rawLabels = new DnsLabel[labelCount]; 436 int destLabelPos = 0; 437 for (int i = nameComponents.length - 1; i >= 0; i--) { 438 DnsName component = nameComponents[i]; 439 System.arraycopy(component.rawLabels, 0, rawLabels, destLabelPos, component.rawLabels.length); 440 destLabelPos += component.rawLabels.length; 441 } 442 443 return new DnsName(rawLabels, true); 444 } 445 446 public static DnsName from(String[] parts) { 447 DnsLabel[] rawLabels = DnsLabel.from(parts); 448 449 return new DnsName(rawLabels, true); 450 } 451 452 /** 453 * Parse a domain name starting at the current offset and moving the input 454 * stream pointer past this domain name (even if cross references occure). 455 * 456 * @param dis The input stream. 457 * @param data The raw data (for cross references). 458 * @return The domain name string. 459 * @throws IOException Should never happen. 460 */ 461 public static DnsName parse(DataInputStream dis, byte[] data) 462 throws IOException { 463 int c = dis.readUnsignedByte(); 464 if ((c & 0xc0) == 0xc0) { 465 c = ((c & 0x3f) << 8) + dis.readUnsignedByte(); 466 HashSet<Integer> jumps = new HashSet<Integer>(); 467 jumps.add(c); 468 return parse(data, c, jumps); 469 } 470 if (c == 0) { 471 return DnsName.ROOT; 472 } 473 byte[] b = new byte[c]; 474 dis.readFully(b); 475 476 String childLabelString = new String(b, StandardCharsets.US_ASCII); 477 DnsName child = new DnsName(childLabelString); 478 479 DnsName parent = parse(dis, data); 480 return DnsName.from(child, parent); 481 } 482 483 /** 484 * Parse a domain name starting at the given offset. 485 * 486 * @param data The raw data. 487 * @param offset The offset. 488 * @param jumps The list of jumps (by now). 489 * @return The parsed domain name. 490 * @throws IllegalStateException on cycles. 491 */ 492 private static DnsName parse(byte[] data, int offset, HashSet<Integer> jumps) 493 throws IllegalStateException { 494 int c = data[offset] & 0xff; 495 if ((c & 0xc0) == 0xc0) { 496 c = ((c & 0x3f) << 8) + (data[offset + 1] & 0xff); 497 if (jumps.contains(c)) { 498 throw new IllegalStateException("Cyclic offsets detected."); 499 } 500 jumps.add(c); 501 return parse(data, c, jumps); 502 } 503 if (c == 0) { 504 return DnsName.ROOT; 505 } 506 507 String childLabelString = new String(data, offset + 1, c, StandardCharsets.US_ASCII); 508 DnsName child = new DnsName(childLabelString); 509 510 DnsName parent = parse(data, offset + 1 + c, jumps); 511 return DnsName.from(child, parent); 512 } 513 514 @Override 515 public int compareTo(DnsName other) { 516 return ace.compareTo(other.ace); 517 } 518 519 @Override 520 public boolean equals(Object other) { 521 if (other == null) return false; 522 523 if (other instanceof DnsName) { 524 DnsName otherDnsName = (DnsName) other; 525 setBytesIfRequired(); 526 otherDnsName.setBytesIfRequired(); 527 return Arrays.equals(bytes, otherDnsName.bytes); 528 } 529 530 return false; 531 } 532 533 @Override 534 public int hashCode() { 535 if (hashCode == 0 && !isRootLabel()) { 536 setBytesIfRequired(); 537 hashCode = Arrays.hashCode(bytes); 538 } 539 return hashCode; 540 } 541 542 public boolean isDirectChildOf(DnsName parent) { 543 setLabelsIfRequired(); 544 parent.setLabelsIfRequired(); 545 int parentLabelsCount = parent.labels.length; 546 547 if (labels.length - 1 != parentLabelsCount) 548 return false; 549 550 for (int i = 0; i < parent.labels.length; i++) { 551 if (!labels[i].equals(parent.labels[i])) 552 return false; 553 } 554 555 return true; 556 } 557 558 public boolean isChildOf(DnsName parent) { 559 setLabelsIfRequired(); 560 parent.setLabelsIfRequired(); 561 562 if (labels.length < parent.labels.length) 563 return false; 564 565 for (int i = 0; i < parent.labels.length; i++) { 566 if (!labels[i].equals(parent.labels[i])) 567 return false; 568 } 569 570 return true; 571 } 572 573 public int getLabelCount() { 574 setLabelsIfRequired(); 575 return labels.length; 576 } 577 578 /** 579 * Get a copy of the labels of this DNS name. The resulting array will contain the labels in reverse order, that is, 580 * the top-level domain will be at res[0]. 581 * 582 * @return an array of the labels in reverse order. 583 */ 584 public DnsLabel[] getLabels() { 585 setLabelsIfRequired(); 586 return labels.clone(); 587 } 588 589 590 public DnsLabel getLabel(int labelNum) { 591 setLabelsIfRequired(); 592 return labels[labelNum]; 593 } 594 595 /** 596 * Get a copy of the raw labels of this DNS name. The resulting array will contain the labels in reverse order, that is, 597 * the top-level domain will be at res[0]. 598 * 599 * @return an array of the raw labels in reverse order. 600 */ 601 public DnsLabel[] getRawLabels() { 602 setLabelsIfRequired(); 603 return rawLabels.clone(); 604 } 605 606 public DnsName stripToLabels(int labelCount) { 607 setLabelsIfRequired(); 608 609 if (labelCount > labels.length) { 610 throw new IllegalArgumentException(); 611 } 612 613 if (labelCount == labels.length) { 614 return this; 615 } 616 617 if (labelCount == 0) { 618 return ROOT; 619 } 620 621 DnsLabel[] stripedLabels = Arrays.copyOfRange(rawLabels, 0, labelCount); 622 623 return new DnsName(stripedLabels, false); 624 } 625 626 /** 627 * Return the parent of this DNS label. Will return the root label if this label itself is the root label (because there is no parent of root). 628 * <p> 629 * For example: 630 * </p> 631 * <ul> 632 * <li><code>"foo.bar.org".getParent() == "bar.org"</code></li> 633 * <li><code> ".".getParent() == "."</code></li> 634 * </ul> 635 * @return the parent of this DNS label. 636 */ 637 public DnsName getParent() { 638 if (isRootLabel()) return ROOT; 639 return stripToLabels(getLabelCount() - 1); 640 } 641 642 public boolean isRootLabel() { 643 return ace.isEmpty() || ace.equals("."); 644 } 645}