Initial commit of DoH client

lucasnetau · lucasnetau · commit 3cdb1fe1d23e · 2022-08-11T16:26:56.000+02:00
diff --git a/README.md b/README.md
@@ -1,2 +1,23 @@
-# reactphp-dns-over-https-client
-DNS over HTTPS executor for ReactPHP/dns
+# DNS over HTTPS client for ReactPHP
+
+Resolve DNS queries over HTTPS, provides secure DNS resolution over untrusted or shared networks (eg Serverless deployments) utilising standard HTTP queries.
+
+## Requirements
+
+The package is compatible with PHP 8.0+ and requires the [react/http](https://github.com/reactphp/http) library.
+
+## Installation
+
+You can add the library as project dependency using [Composer](https://getcomposer.org/):
+
+```sh
+composer require edgetelemetrics/reactphp-dns-over-https-client
+```
+
+## License
+
+MIT, see [LICENSE file](LICENSE).
+
+### Contributing
+
+Bug reports (and small patches) can be submitted via the [issue tracker](https://github.com/lucasnetau/reactphp-dns-over-https-client/issues). Forking the repository and submitting a Pull Request is preferred for substantial patches.
diff --git a/composer.json b/composer.json
@@ -0,0 +1,34 @@
+{
+  "name": "edgetelemetrics/reactphp-dns-over-https-client",
+  "description": "description",
+  "minimum-stability": "stable",
+  "license": "MIT",
+  "type": "library",
+  "authors": [
+    {
+      "name": "James Lucas",
+      "email": "james@lucas.net.au"
+    }
+  ],
+  "require": {
+    "php": "^8.0",
+    "react/http": "^1.6",
+    "react/dns": "*"
+  },
+  "require-dev": {
+    "phpunit/phpunit": "^9.5"
+  },
+  "suggest": {
+    "ext-sodium": "LibSodium Base64 URL Safe Encoding"
+  },
+  "autoload": {
+    "psr-4": {
+      "EdgeTelemetrics\\React\\Dns\\": "src/"
+    }
+  },
+  "autoload-dev": {
+    "psr-4": {
+      "EdgeTelemetrics\\React\\Dns\\Tests\\": "tests/"
+    }
+  }
+}
diff --git a/phpunit.xml.dist b/phpunit.xml.dist
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- PHPUnit configuration file with new format for PHPUnit 9.3+ -->
+<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+         bootstrap="vendor/autoload.php"
+         cacheResult="false"
+         colors="true"
+         convertDeprecationsToExceptions="true">
+    <testsuites>
+        <testsuite name="Library Test Suite">
+            <directory>tests/</directory>
+        </testsuite>
+    </testsuites>
+    <coverage>
+        <include>
+            <directory>src/</directory>
+        </include>
+    </coverage>
+</phpunit>
diff --git a/src/DohExecutor.php b/src/DohExecutor.php
@@ -0,0 +1,112 @@
+<?php declare(strict_types=1);
+
+namespace EdgeTelemetrics\React\Dns;
+
+use Psr\Http\Message\ResponseInterface;
+use React\Dns\Model\Message;
+use React\Dns\Protocol\BinaryDumper;
+use React\Dns\Protocol\Parser;
+use React\Dns\Query\ExecutorInterface;
+use React\Dns\Query\Query;
+use React\EventLoop\Loop;
+use React\EventLoop\LoopInterface;
+use React\Http\Browser;
+use React\Promise;
+use React\Socket\Connector;
+use RuntimeException;
+
+class DohExecutor implements ExecutorInterface {
+
+    private $nameserver;
+    private $loop;
+    private $parser;
+    private $dumper;
+
+    private $method;
+
+    private $browser;
+
+    const METHOD_GET = 'get';
+    const METHOD_POST = 'post';
+
+    /**
+     * @param string         $nameserver
+     * @param ?LoopInterface $loop
+     */
+    public function __construct($nameserver, $method, LoopInterface $loop = null)
+    {
+        if (!class_exists('\React\Http\Browser')) {
+            throw new RuntimeException('DNS over HTTPS support requires reactphp/http library'); //@codeCoverageIgnore
+        }
+
+        if (!str_contains($nameserver, '[') && \substr_count($nameserver, ':') >= 2 && !str_contains($nameserver, '://')) {
+            // several colons, but not enclosed in square brackets => enclose IPv6 address in square brackets
+            $nameserver = '[' . $nameserver . ']';
+        }
+
+        $parts = \parse_url((!str_contains($nameserver, '://') ? 'https://' : '') . $nameserver);
+        if (!isset($parts['scheme'], $parts['host']) || $parts['scheme'] !== 'https' || @\inet_pton(\trim($parts['host'], '[]')) === false) {
+            throw new \InvalidArgumentException('Invalid nameserver address given');
+        }
+
+        $method = \strtolower($method);
+        if (!in_array($method, [self::METHOD_GET, self::METHOD_POST], true)) {
+            throw new \InvalidArgumentException('Invalid HTTP request method given');
+        }
+
+        $this->nameserver = 'https://' . $parts['host'] . ':' . ($parts['port'] ?? 443 . '/dns-query');
+        $this->loop = $loop ?: Loop::get();
+        $this->parser = new Parser();
+        $this->dumper = new BinaryDumper();
+        $this->method = $method;
+        $this->browser = (new Browser(new Connector(['tcp_nodelay' => true,]), $this->loop));
+    }
+
+    public function query(Query $query)
+    {
+        $request = Message::createRequestForQuery($query);
+
+        $queryData = $this->dumper->toBinary($request);
+        $length = \strlen($queryData);
+
+        if ($length > 0xffff) {
+            return Promise\reject(new \RuntimeException(
+                'DNS query for ' . $query->describe() . ' failed: Query too large for HTTPS transport'
+            ));
+        }
+
+        if ($this->method === self::METHOD_GET) {
+            $requestUrl = $this->nameserver . '?' . http_build_query(['dns' => $this->urlsafeBase64($queryData)]);
+            $request = $this->browser->get($requestUrl);
+        } else {
+            $requestUrl = $this->nameserver;
+            $request = $this->browser->post($requestUrl, [
+                'accept' => 'application/dns-message',
+                'content-type' => 'application/dns-message'
+            ], $queryData);
+        }
+
+        return $request->then(function (ResponseInterface $response) {
+            $response = $this->parser->parseMessage((string)$response->getBody());
+            return Promise\resolve($response);
+        }, function (\Exception $e) use ($query) {
+            return Promise\reject(new \RuntimeException(
+                'DNS query for ' . $query->describe() . ' failed: ' . $e->getMessage()
+            ));
+        });
+    }
+
+    /**
+     * @param string $data
+     * @return string
+     */
+    private function urlsafeBase64(string $data) : string {
+        // @codeCoverageIgnoreStart
+        if (function_exists('sodium_bin2base64')) {
+            return sodium_bin2base64($data, SODIUM_BASE64_VARIANT_URLSAFE_NO_PADDING);
+        } else {
+            return rtrim( strtr( base64_encode( $data ), '+/', '-_'), '=');
+        }
+        //@codeCoverageIgnoreEnd
+    }
+}
diff --git a/tests/FunctionalTests.php b/tests/FunctionalTests.php
@@ -0,0 +1,108 @@
+<?php declare(strict_types=1);
+
+namespace EdgeTelemetrics\React\Dns\Tests;
+
+use EdgeTelemetrics\React\Dns\DohExecutor;
+use PHPUnit\Framework\TestCase;
+use React\Dns\Model\Message;
+use React\Dns\Query\Query;
+use React\EventLoop\Loop;
+
+/**
+ * Functional Tests
+ */
+class FunctionalTests extends TestCase
+{
+    public function testResolveGoogleViaPostResolves()
+    {
+        $executor = new DohExecutor('https://1.1.1.1/dns-query', DohExecutor::METHOD_POST);
+        $query = new Query('one.one.one.one', Message::TYPE_A, Message::CLASS_IN);
+        $promise = $executor->query($query);
+
+        $answer = null;
+        $promise->then(function ($message) use (&$answer) {
+            $answer = $message;
+        });
+
+        Loop::run();
+
+        $this->assertNotNull($answer);
+        $this->assertEquals(Message::RCODE_OK, $answer->rcode);
+    }
+
+    public function testResolveGoogleViaGetResolves()
+    {
+        $executor = new DohExecutor('https://1.1.1.1/dns-query', DohExecutor::METHOD_GET);
+        $query = new Query('one.one.one.one', Message::TYPE_A, Message::CLASS_IN);
+        $promise = $executor->query($query);
+
+        $answer = null;
+        $promise->then(function ($message) use (&$answer) {
+            $answer = $message;
+        });
+
+        Loop::run();
+
+        $this->assertNotNull($answer);
+        $this->assertEquals(Message::RCODE_OK, $answer->rcode);
+    }
+
+    public function testResolveInvalidRejects()
+    {
+        $executor = new DohExecutor('https://1.1.1.1/dns-query', DohExecutor::METHOD_POST);
+        $query = new Query('example.invalid', Message::TYPE_A, Message::CLASS_IN);
+        $promise = $executor->query($query);
+
+        $answer = null;
+        $promise->then(function ($message) use (&$answer) {
+            $answer = $message;
+        });
+
+        Loop::run();
+
+        $this->assertNotNull($answer);
+        $this->assertEquals(Message::RCODE_NAME_ERROR, $answer->rcode);
+    }
+
+    public function testResolveToInvalidServerRejects()
+    {
+        $executor = new DohExecutor('https://127.0.0.1:0/dns-query', DohExecutor::METHOD_POST);
+        $query = new Query('google.com', Message::TYPE_A, Message::CLASS_IN);
+        $promise = $executor->query($query);
+
+        $exception = null;
+        $promise->then(null, function ($reason) use (&$exception) {
+            $exception = $reason;
+        });
+
+        Loop::run();
+
+        $this->assertNotNull($exception);
+        $this->assertInstanceOf(\RuntimeException::class, $exception);
+        $this->assertStringStartsWith('DNS query for ' . $query->name . ' (A) failed: ', $exception->getMessage());
+    }
+
+    public function testQueryRejectsIfMessageExceedsMaximumMessageSize()
+    {
+        $executor = $executor = new DohExecutor('https://127.0.0.1:0/dns-query', DohExecutor::METHOD_POST);
+
+        $query = new Query('google.' . str_repeat('.com', 60000), Message::TYPE_A, Message::CLASS_IN);
+        $promise = $executor->query($query);
+
+        $exception = null;
+        $promise->then(null, function ($reason) use (&$exception) {
+            $exception = $reason;
+        });
+
+        /** @var \RuntimeException $exception */
+        $this->assertInstanceOf('RuntimeException', $exception);
+        $this->assertStringStartsWith('DNS query for '. $query->name . ' (A) failed: Query too large for HTTPS transport', $exception->getMessage());
+    }
+
+    public function testResolveViaInvalidHttpMethodThrows()
+    {
+        $this->expectException(\InvalidArgumentException::class);
+
+        new DohExecutor('https://1.1.1.1/dns-query', 'put');
+    }
+}
