1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
use std::str::FromStr;
use http::{header, uri, Method, Request, Uri, Version};
use typed_headers::{
mime::Mime, Accept, ContentLength, ContentType, HeaderMapExt, Quality, QualityItem,
};
use trust_dns_proto::error::ProtoError;
use HttpsResult;
pub fn new(name_server_name: &str, message_len: usize) -> HttpsResult<Request<()>> {
let mut parts = uri::Parts::default();
parts.path_and_query = Some(uri::PathAndQuery::from_static(::DNS_QUERY_PATH));
parts.scheme = Some(uri::Scheme::HTTPS);
parts.authority = Some(
uri::Authority::from_str(&name_server_name)
.map_err(|e| ProtoError::from(format!("invalid authority: {}", e)))?,
);
let url =
Uri::from_parts(parts).map_err(|e| ProtoError::from(format!("uri parse error: {}", e)))?;
let accepts_dns = Mime::from_str(::MIME_APPLICATION_DNS).unwrap();
let content_type = ContentType(accepts_dns.clone());
let accept = Accept(vec![QualityItem::new(accepts_dns, Quality::from_u16(1000))]);
let mut request = Request::post(url)
.header(header::USER_AGENT, ::USER_AGENT)
.version(Version::HTTP_2)
.body(())
.map_err(|e| ProtoError::from(format!("h2 stream errored: {}", e)))?;
request.headers_mut().typed_insert(&content_type);
request.headers_mut().typed_insert(&accept);
if Method::POST == request.method() {
request
.headers_mut()
.typed_insert(&ContentLength(message_len as u64));
}
Ok(request)
}
pub fn verify<T>(name_server: &str, request: &Request<T>) -> HttpsResult<()> {
let uri = request.uri();
if uri.path() != ::DNS_QUERY_PATH {
return Err(format!("bad path: {}, expected: {}", uri.path(), ::DNS_QUERY_PATH).into());
}
if Some(&uri::Scheme::HTTPS) != uri.scheme_part() {
return Err("must be HTTPS scheme".into());
}
if let Some(authority) = uri.authority_part() {
if authority.host() != name_server {
return Err("incorrect authority".into());
}
} else {
return Err("no authority in HTTPS request".into());
}
let content_type: Option<ContentType> = request.headers().typed_get()?;
let accept: Option<Accept> = request.headers().typed_get()?;
if !content_type
.map(|c| (c.type_() == ::MIME_APPLICATION && c.subtype() == ::MIME_DNS_BINARY))
.unwrap_or(true)
{
return Err("unsupported content type".into());
}
let accept = accept.ok_or_else(|| "Accept is unspecified")?;
if !accept
.iter()
.any(|q| (q.item.type_() == ::MIME_APPLICATION && q.item.subtype() == ::MIME_DNS_BINARY))
{
return Err("does not accept content type".into());
}
if request.version() != Version::HTTP_2 {
return Err("only HTTP/2 supported".into());
}
debug!(
"verified request from: {}",
request
.headers()
.get(header::USER_AGENT)
.map(|h| h.to_str().unwrap_or("bad user agent"))
.unwrap_or("unknown user agent")
);
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_new_verify() {
let request = new("ns.example.com", 512).expect("error converting to http");
assert!(verify("ns.example.com", &request).is_ok());
}
}