sipwise
/
jitsi
mirror of https://github.com/sipwise/jitsi.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Add panel for DNSSEC configuration to the DNS advanced config page

Browse Source
cusax-fix
Ingo Bauersachs 14 years ago
parent d931f8507e
commit 162621a027
6 changed files with 595 additions and 6 deletions
Show Stats Download Patch File Download Diff File

43
resources/languages/resources.properties
Unescape View File

@ -1340,7 +1340,9 @@ plugin.loggingutils.ARCHIVE_MESSAGE_OK=Archiving logs successful \n{0}
plugin.loggingutils.ARCHIVE_MESSAGE_NOTOK=Error archiving logs \n{0}
# dns config plugin
plugin.dnsconfig.TITLE=Parallel DNS
plugin.dnsconfig.TITLE=DNS
plugin.dnsconfig.DNSSEC=DNS Security (DNSSEC)
plugin.dnsconfig.PARALLEL_DNS=Parallel DNS
plugin.dnsconfig.border.TITLE=Backup resolver
plugin.dnsconfig.chkBackupDnsEnabled.text=Enable parallel DNS resolving
plugin.dnsconfig.lblBackupResolver.text=Hostname
@ -1350,6 +1352,45 @@ plugin.dnsconfig.lblRedemption.text=Back to primary resolver
plugin.dnsconfig.lblRedemption.description=<html>the number of prompt responses that the primary resolver needs to provide before we turn that backup off again</html>
plugin.dnsconfig.lblPatience.text=Start backup resolver after
plugin.dnsconfig.lblPatience.description=<html>number of ms to wait for a response from primary DNS before starting the backup resolver</html>
plugin.dnsconfig.dnssec.chkEnabled=Enable DNSSEC resolver
plugin.dnsconfig.dnssec.lblDefault=Default behavior
plugin.dnsconfig.dnssec.chkAbsolute=Treat all domain names as absolute
plugin.dnsconfig.dnssec.lblNameservers=Custom name servers
plugin.dnsconfig.dnssec.lblNameserversHint=<html>Multiple servers can be delimited with a comma, e.g. 149.20.64.20, 149.20.64.21 (OARC's Open DNSSEC Validating Resolver)</html>
plugin.dnsconfig.dnssec.DOMAIN_NAME=Domain
plugin.dnsconfig.dnssec.MODE=Behavior
plugin.dnsconfig.dnssec.ENABLE_FAILED=State changed failed
plugin.dnsconfig.dnssec.ENABLE_FAILED_MSG=Change of the DNSSEC enabled state has failed.
net.java.sip.communicator.util.dns.SecureResolveMode.IgnoreDnssec=Ignore
net.java.sip.communicator.util.dns.SecureResolveMode.SecureOnly=Required
net.java.sip.communicator.util.dns.SecureResolveMode.SecureOrUnsigned=Required for signed zones
net.java.sip.communicator.util.dns.SecureResolveMode.WarnIfBogus=Ask on bogus reply
net.java.sip.communicator.util.dns.SecureResolveMode.WarnIfBogusOrUnsigned=Ask on unsigned or bogus reply
util.dns.INSECURE_ANSWER_TITLE=DNSSEC failure
util.dns.INSECURE_ANSWER_MESSAGE=DNS answer for {0} is insecure.
util.dns.DNSSEC_ADVANCED_OPTIONS=Show advanced options
util.dns.DNSSEC_ADVANCED_REASON_BOGUS=<html>DNSSEC signed zone {0} returned invalid data.<br>{1}</html>
util.dns.DNSSEC_ADVANCED_REASON_UNSIGNED={0} query for {1} is unsigned.
net.java.sip.communicator.util.dns.ConfigurableDnssecResolver$DnssecDialogResult.Accept=Accept anyway
net.java.sip.communicator.util.dns.ConfigurableDnssecResolver$DnssecDialogResult.AlwaysAccept=Always accept
net.java.sip.communicator.util.dns.ConfigurableDnssecResolver$DnssecDialogResult.Deny=Deny
net.java.sip.communicator.util.dns.ConfigurableDnssecResolver$DnssecDialogResult.AlwaysDeny=Always deny
util.dns.DNSSEC_WARNING=<html><div width="600">{0} has tried to connect to the server at <b>{1}</b>, which is a \
domain that carries a strong protection called DNSSEC. The information that {0} has obtained \
from the DNS server is not in accordance with the information DNSSEC provides about this domain. \
<br><br>\
<b>This should not happen unless very serious mistakes were made at \
{1}, and it is a very strong indication that something is \
seriously wrong with the trustworthiness of your network connection.</b> \
<br><br>\
If you are on someone else''s internet connection (like a WiFi hotspot) \
or if there are special circumstances that make you distrust your \
regular internet provider, we strongly advise you to stop using it \
immediately and look for an alternative internet access point. When you \
are safely connected to another network, the problem should be resolved \
automatically. If this is not the case, contact your service provider to \
inform them about the issue. \
</div></html>
#plugin spellcheck
plugin.spellcheck.TITLE=Spelling and Grammar

33
src/net/java/sip/communicator/plugin/dnsconfig/DnsConfigActivator.java
Unescape View File

@ -1,7 +1,16 @@
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package net.java.sip.communicator.plugin.dnsconfig;
import java.util.*;
import net.java.sip.communicator.service.fileaccess.*;
import net.java.sip.communicator.service.gui.*;
import net.java.sip.communicator.util.*;
import org.osgi.framework.*;
@ -14,6 +23,8 @@ public class DnsConfigActivator
implements BundleActivator
{
static BundleContext bundleContext;
private static FileAccessService fileAccessService;
private ServiceRegistration configForm;
/**
* Starts this bundle.
@ -28,10 +39,10 @@ public void start(BundleContext bc)
properties.put(ConfigurationForm.FORM_TYPE,
ConfigurationForm.ADVANCED_TYPE);
bc.registerService(
configForm = bc.registerService(
ConfigurationForm.class.getName(),
new LazyConfigurationForm(
DnsConfigPanel.class.getName(),
DnsContainerPanel.class.getName(),
getClass().getClassLoader(),
"plugin.dnsconfig.ICON",
"plugin.dnsconfig.TITLE",
@ -47,5 +58,23 @@ public void start(BundleContext bc)
public void stop(BundleContext bc)
throws Exception
{
configForm.unregister();
}
/**
* Returns the <tt>FileAccessService</tt> obtained from the bundle context.
*
* @return the <tt>FileAccessService</tt> obtained from the bundle context
*/
public static FileAccessService getFileAccessService()
{
if (fileAccessService == null)
{
fileAccessService
= ServiceUtils.getService(
bundleContext,
FileAccessService.class);
}
return fileAccessService;
}
}

54
src/net/java/sip/communicator/plugin/dnsconfig/DnsContainerPanel.java
Unescape View File

@ -0,0 +1,54 @@
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package net.java.sip.communicator.plugin.dnsconfig;
import org.osgi.framework.*;
import net.java.sip.communicator.service.resources.*;
import net.java.sip.communicator.util.*;
import net.java.sip.communicator.util.swing.*;
/**
* Container for all DNS configuration panels.
*
* @author Ingo Bauersachs
*/
public class DnsContainerPanel
extends SIPCommTabbedPane
{
//service references
private ResourceManagementService R;
//panels
private ParallelDnsPanel parallelDnsPanel;
private DnssecPanel dnssecPanel;
/**
* Creates a new instance of this class. Loads all panels.
*/
public DnsContainerPanel()
{
initServices();
parallelDnsPanel = new ParallelDnsPanel();
addTab(R.getI18NString("plugin.dnsconfig.PARALLEL_DNS"),
parallelDnsPanel);
dnssecPanel = new DnssecPanel(parallelDnsPanel);
addTab(R.getI18NString("plugin.dnsconfig.DNSSEC"),
dnssecPanel);
}
/**
* Loads all service references
*/
private void initServices()
{
BundleContext bc = DnsConfigActivator.bundleContext;
R = ServiceUtils.getService(bc, ResourceManagementService.class);
}
}

312
src/net/java/sip/communicator/plugin/dnsconfig/DnssecPanel.java
Unescape View File

@ -0,0 +1,312 @@
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package net.java.sip.communicator.plugin.dnsconfig;
import java.awt.*;
import java.awt.event.*;
import java.io.File;
import javax.swing.*;
import javax.swing.plaf.basic.*;
import javax.swing.table.*;
import org.osgi.framework.*;
import net.java.sip.communicator.impl.gui.customcontrols.ErrorDialog;
import net.java.sip.communicator.service.configuration.*;
import net.java.sip.communicator.service.resources.*;
import net.java.sip.communicator.util.*;
import net.java.sip.communicator.util.dns.*;
import net.java.sip.communicator.util.swing.*;
/**
* Configuration of the DNSSEC validating resolver.
*
* @author Ingo Bauersachs
*/
public class DnssecPanel
extends TransparentPanel implements ActionListener, FocusListener
{
private final static Logger logger = Logger.getLogger(DnssecPanel.class);
//UI Controls
private JComboBox cboDefault;
private JCheckBox chkEnabled;
private JCheckBox chkAbsolute;
private JTable tblDomains;
private JTextField txtNameservers;
//service references
private ResourceManagementService R;
private ConfigurationService config;
private TableModel data = new DnssecTableModel();
private final ParallelDnsPanel parallelDnsPanel;
/**
* Create a new instance of this class.
* @param parallelDnsPanel the panel configuring the parallel resolver
*/
public DnssecPanel(ParallelDnsPanel parallelDnsPanel)
{
this.parallelDnsPanel = parallelDnsPanel;
initServices();
initComponents();
loadData();
updateState();
chkAbsolute.addActionListener(this);
chkEnabled.addActionListener(this);
cboDefault.addActionListener(this);
txtNameservers.addFocusListener(this);
}
/**
* Loads all service references
*/
private void initServices()
{
BundleContext bc = DnsConfigActivator.bundleContext;
R = ServiceUtils.getService(bc, ResourceManagementService.class);
config = ServiceUtils.getService(bc, ConfigurationService.class);
}
/**
* Create the UI components
*/
private void initComponents()
{
setLayout(new BorderLayout(0, 10));
setBorder(BorderFactory.createEmptyBorder(10, 5, 0, 0));
JPanel pnlCommon = new TransparentPanel(new GridBagLayout());
pnlCommon.setAlignmentX(LEFT_ALIGNMENT);
GridBagConstraints cl = new GridBagConstraints();
GridBagConstraints cr = new GridBagConstraints();
cl.gridy = cr.gridy = 0;
cl.anchor = cr.anchor = GridBagConstraints.LINE_START;
cl.gridx = 0;
cl.weightx = 0;
cl.insets = new Insets(0, 0, 0, 10);
cr.gridx = 1;
cr.fill = GridBagConstraints.HORIZONTAL;
cr.gridwidth = GridBagConstraints.REMAINDER;
cr.weightx = 1;
add(pnlCommon, BorderLayout.NORTH);
//always use absolute names
chkAbsolute = new SIPCommCheckBox(
R.getI18NString("plugin.dnsconfig.dnssec.chkAbsolute"));
cl.gridwidth = 2;
pnlCommon.add(chkAbsolute, cl);
cl.gridwidth = 1;
//dnssec enable/disable
cl.gridy = ++cr.gridy;
chkEnabled = new SIPCommCheckBox(
R.getI18NString("plugin.dnsconfig.dnssec.chkEnabled"));
cl.gridwidth = 2;
pnlCommon.add(chkEnabled, cl);
cl.gridwidth = 1;
//custom nameservers
cl.gridy = ++cr.gridy;
JLabel lblNameserver = new JLabel(
R.getI18NString("plugin.dnsconfig.dnssec.lblNameservers"));
pnlCommon.add(lblNameserver, cl);
txtNameservers = new JTextField();
pnlCommon.add(txtNameservers, cr);
cl.gridy = ++cr.gridy;
JLabel lblNameserversHint = new JLabel(
R.getI18NString("plugin.dnsconfig.dnssec.lblNameserversHint"));
pnlCommon.add(lblNameserversHint, cr);
//default dnssec handling
cl.gridy = ++cr.gridy;
JLabel lblDefault = new JLabel(
R.getI18NString("plugin.dnsconfig.dnssec.lblDefault"));
pnlCommon.add(lblDefault, cl);
cboDefault = new JComboBox(SecureResolveMode.values());
cboDefault.setRenderer(getResolveModeRenderer());
pnlCommon.add(cboDefault, cr);
//domain list table
tblDomains = new JTable(data);
tblDomains.setSelectionMode(ListSelectionModel.SINGLE_SELECTION);
tblDomains.setRowHeight(20);
tblDomains.getColumnModel().getColumn(1).setCellRenderer(
new DefaultTableCellRenderer()
{
@Override
protected void setValue(Object value)
{
if (value instanceof SecureResolveMode)
setText(R.getI18NString(SecureResolveMode.class
.getName()
+ "."
+ ((SecureResolveMode) value).name()));
else
super.setValue(value);
}
}
);
JComboBox cboTblModeEditor = new JComboBox(SecureResolveMode.values());
cboTblModeEditor.setRenderer(getResolveModeRenderer());
tblDomains.getColumnModel().getColumn(1).setCellEditor(
new DefaultCellEditor(cboTblModeEditor));
add(new JScrollPane(tblDomains), BorderLayout.CENTER);
}
/**
* Reads the configured properties or their defaults into the UI controls.
*/
private void loadData()
{
cboDefault.setSelectedItem(Enum.valueOf(SecureResolveMode.class,
config.getString(
ConfigurableDnssecResolver.PNAME_DNSSEC_VALIDATION_MODE,
SecureResolveMode.WarnIfBogus.name())
)
);
chkEnabled.setSelected(config.getBoolean(
DnsUtilActivator.PNAME_DNSSEC_RESOLVER_ENABLED,
DnsUtilActivator.PDEFAULT_DNSSEC_RESOLVER_ENABLED
));
chkAbsolute.setSelected(config.getBoolean(
NetworkUtils.PNAME_DNS_ALWAYS_ABSOLUTE,
NetworkUtils.PDEFAULT_DNS_ALWAYS_ABSOLUTE
));
txtNameservers.setText(
config.getString(DnsUtilActivator.PNAME_DNSSEC_NAMESERVERS));
}
/**
* Action has occurred in the config form.
* @param e the action event
*/
public void actionPerformed(ActionEvent e)
{
if(e.getSource() == cboDefault)
{
if(cboDefault.getSelectedItem() == null)
return;
SecureResolveMode oldMode = Enum.valueOf(SecureResolveMode.class,
config.getString(
ConfigurableDnssecResolver.PNAME_DNSSEC_VALIDATION_MODE,
SecureResolveMode.WarnIfBogus.name())
);
config.setProperty(
ConfigurableDnssecResolver.PNAME_DNSSEC_VALIDATION_MODE,
((SecureResolveMode)cboDefault.getSelectedItem()).name());
//update all values that had the default to the new default
for(int i = 0; i < tblDomains.getModel().getRowCount(); i++)
{
SecureResolveMode m = (SecureResolveMode)data.getValueAt(i, 1);
if(m == oldMode)
data.setValueAt(cboDefault.getSelectedItem(), i, 1);
}
tblDomains.repaint();
return;
}
if(e.getSource() == chkEnabled)
{
File f;
try
{
f = DnsConfigActivator.getFileAccessService()
.getPrivatePersistentFile(".usednsjava");
if(chkEnabled.isSelected())
{
if(!f.createNewFile() && !f.exists())
chkEnabled.setSelected(UnboundApi.isAvailable());
}
else
{
if(!f.delete() && f.exists())
chkEnabled.setSelected(true);
}
config.setProperty(
DnsUtilActivator.PNAME_DNSSEC_RESOLVER_ENABLED,
chkEnabled.isSelected());
}
catch (Exception ex)
{
logger.error("failed to enable DNSSEC", ex);
ErrorDialog ed = new ErrorDialog(
null,
R.getI18NString("plugin.dnsconfig.dnssec.ENABLE_FAILED"),
R.getI18NString("plugin.dnsconfig.dnssec.ENABLE_FAILED_MSG"),
ex);
ed.showDialog();
}
updateState();
}
if(e.getSource() == chkAbsolute)
{
config.setProperty(
NetworkUtils.PNAME_DNS_ALWAYS_ABSOLUTE,
chkAbsolute.isSelected());
updateState();
}
}
/**
* Updates the form behavior when the resolver is enabled or disabled.
*/
private void updateState()
{
cboDefault.setEnabled(chkEnabled.isSelected());
txtNameservers.setEnabled(chkEnabled.isSelected());
tblDomains.setEnabled(chkEnabled.isSelected());
parallelDnsPanel.updateDnssecState();
}
/**
* Creates a ComboBox renderer for the resolve mode column. The non-edit
* text is based on the selected value of the row for which the renderer is
* created.
*
* @return ComboBox render for the SecureResolveMode enum.
*/
private BasicComboBoxRenderer getResolveModeRenderer()
{
return new BasicComboBoxRenderer()
{
@Override
public Component getListCellRendererComponent(JList list,
Object value, int index, boolean isSelected,
boolean cellHasFocus)
{
Component c =
super.getListCellRendererComponent(list, value, index,
isSelected, cellHasFocus);
setText(R.getI18NString(SecureResolveMode.class.getName() + "."
+ value));
return c;
}
};
}
/**
* A text field has lost the focus in the config form.
* @param e the action event
*/
public void focusLost(FocusEvent e)
{
if(e.getSource() == txtNameservers)
{
config.setProperty(
DnsUtilActivator.PNAME_DNSSEC_NAMESERVERS,
txtNameservers.getText());
}
}
public void focusGained(FocusEvent e)
{}
}

132
src/net/java/sip/communicator/plugin/dnsconfig/DnssecTableModel.java
Unescape View File

@ -0,0 +1,132 @@
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package net.java.sip.communicator.plugin.dnsconfig;
import java.awt.*;
import java.util.*;
import java.util.List;
import javax.swing.table.*;
import net.java.sip.communicator.service.configuration.*;
import net.java.sip.communicator.service.resources.*;
import net.java.sip.communicator.util.*;
import net.java.sip.communicator.util.dns.*;
import org.osgi.framework.*;
/**
* TableModel for selectively managing DNSSEC behavior for zones ever requested
* by Jitsi.
*
* @author Ingo Bauersachs
*/
public class DnssecTableModel
extends DefaultTableModel
{
private List<String> data = new LinkedList<String>();
private ResourceManagementService R;
private ConfigurationService config;
/**
* Creates a new instance of this class. Reads all zones from the
* configuration store.
*/
public DnssecTableModel()
{
BundleContext bc = DnsConfigActivator.bundleContext;
R = ServiceUtils.getService(bc, ResourceManagementService.class);
config = ServiceUtils.getService(bc, ConfigurationService.class);
data = config.getPropertyNamesByPrefix(
ConfigurableDnssecResolver.PNAME_BASE_DNSSEC_PIN, false);
Collections.sort(data);
if(data == null)
data = new ArrayList<String>(0);
}
/**
* {@inheritDoc}
*/
public int getRowCount()
{
if(data == null)
return 0;
return data.size();
}
/**
* {@inheritDoc}
*/
public int getColumnCount()
{
return 2;
}
/**
* {@inheritDoc}
*/
public String getColumnName(int columnIndex)
{
switch(columnIndex)
{
case 0:
return R.getI18NString("plugin.dnsconfig.dnssec.DOMAIN_NAME");
case 1:
return R.getI18NString("plugin.dnsconfig.dnssec.MODE");
}
return null;
}
/**
* {@inheritDoc}
*/
public Class<?> getColumnClass(int columnIndex)
{
if(columnIndex < 1)
return String.class;
return Component.class;
}
/**
* {@inheritDoc}
*/
public boolean isCellEditable(int rowIndex, int columnIndex)
{
return columnIndex == 1;
}
/**
* {@inheritDoc}
*/
public Object getValueAt(int rowIndex, int columnIndex)
{
switch(columnIndex)
{
case 0:
return data.get(rowIndex).substring(
ConfigurableDnssecResolver.PNAME_BASE_DNSSEC_PIN.length()+1)
.split("\\.")[0].replaceAll("__", ".");
case 1:
return SecureResolveMode.valueOf(
config.getString(data.get(rowIndex)));
}
return null;
}
/**
* {@inheritDoc}
*/
public void setValueAt(Object aValue, int rowIndex, int columnIndex)
{
if(aValue == null)
return;
config.setProperty(
data.get(rowIndex),
((SecureResolveMode)aValue).name()
);
}
}

27
src/net/java/sip/communicator/plugin/dnsconfig/DnsConfigPanel.java → src/net/java/sip/communicator/plugin/dnsconfig/ParallelDnsPanel.java
Unescape View File

@ -1,3 +1,9 @@
/*
* Jitsi, the OpenSource Java VoIP and Instant Messaging client.
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package net.java.sip.communicator.plugin.dnsconfig;
import java.awt.*;
@ -15,6 +21,7 @@
import net.java.sip.communicator.service.configuration.*;
import net.java.sip.communicator.service.resources.*;
import net.java.sip.communicator.util.*;
import net.java.sip.communicator.util.dns.*;
import net.java.sip.communicator.util.swing.*;
import static net.java.sip.communicator.util.NetworkUtils.*;
@ -26,7 +33,7 @@
*
* @author Ingo Bauersachs
*/
public class DnsConfigPanel
public class ParallelDnsPanel
extends TransparentPanel
implements ActionListener,
ChangeListener,
@ -54,7 +61,7 @@ public class DnsConfigPanel
/**
* Creates a new instance of this class and prepares the UI
*/
public DnsConfigPanel()
public ParallelDnsPanel()
{
initServices();
initComponents();
@ -165,7 +172,6 @@ private void initComponents()
JLabel descriptionLabel = new JLabel(label);
descriptionLabel.setToolTipText(label);
descriptionLabel.setForeground(Color.GRAY);
Font f = descriptionLabel.getFont().deriveFont(8);
descriptionLabel.setFont(descriptionLabel.getFont().deriveFont(11f));
cr.gridy = 4;
mainPanel.add(descriptionLabel, cr);
@ -185,6 +191,21 @@ private void initComponents()
}
/**
* Update the UI based on whether DNSSEC is enabled. If DNSSEC is enabled,
* the parallel resolver is automatically disabled.
*/
public void updateDnssecState()
{
boolean isDnssec = configService.getBoolean(
DnsUtilActivator.PNAME_DNSSEC_RESOLVER_ENABLED,
DnsUtilActivator.PDEFAULT_DNSSEC_RESOLVER_ENABLED);
if(isDnssec)
chkBackupDnsEnabled.setSelected(false);
chkBackupDnsEnabled.setEnabled(!isDnssec);
updateButtonsState();
}
/**
* Enables or disables all buttons.
*/
Write Preview
Loading…
Cancel
Save