LibWebView+RequestSever: Wire up a validate-DNSSEC setting option to RS

Author: https://github.com/alimpfard
Commit: 4b5664f867
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4709
Reviewed-by: https://github.com/ADKaster ✅

Libraries/LibWebView/Application.cpp

@@ -40,12 +40,12 @@ struct ApplicationSettingsObserver : public SettingsObserver {
                 Application::request_server_client().async_set_use_system_dns();
             },
             [](DNSOverTLS const& dns_over_tls) {
-                dbgln("Setting DNS server to {}:{} with TLS", dns_over_tls.server_address, dns_over_tls.port);
-                Application::request_server_client().async_set_dns_server(dns_over_tls.server_address, dns_over_tls.port, true);
+                dbgln("Setting DNS server to {}:{} with TLS ({} local dnssec)", dns_over_tls.server_address, dns_over_tls.port, dns_over_tls.validate_dnssec_locally ? "with" : "without");
+                Application::request_server_client().async_set_dns_server(dns_over_tls.server_address, dns_over_tls.port, true, dns_over_tls.validate_dnssec_locally);
             },
             [](DNSOverUDP const& dns_over_udp) {
-                dbgln("Setting DNS server to {}:{}", dns_over_udp.server_address, dns_over_udp.port);
-                Application::request_server_client().async_set_dns_server(dns_over_udp.server_address, dns_over_udp.port, false);
+                dbgln("Setting DNS server to {}:{} ({} local dnssec)", dns_over_udp.server_address, dns_over_udp.port, dns_over_udp.validate_dnssec_locally ? "with" : "without");
+                Application::request_server_client().async_set_dns_server(dns_over_udp.server_address, dns_over_udp.port, false, dns_over_udp.validate_dnssec_locally);
             });
     }
 };
@@ -110,6 +110,7 @@ ErrorOr<void> Application::initialize(Main::Arguments const& arguments)
     Optional<u16> dns_server_port;
     bool use_dns_over_tls = false;
     bool layout_test_mode = false;
+    bool validate_dnssec_locally = false;
     bool log_all_js_exceptions = false;
     bool disable_site_isolation = false;
     bool enable_idl_tracing = false;
@@ -171,6 +172,7 @@ ErrorOr<void> Application::initialize(Main::Arguments const& arguments)
     args_parser.add_option(dns_server_address, "Set the DNS server address", "dns-server", 0, "host|address");
     args_parser.add_option(dns_server_port, "Set the DNS server port", "dns-port", 0, "port (default: 53 or 853 if --dot)");
     args_parser.add_option(use_dns_over_tls, "Use DNS over TLS", "dot");
+    args_parser.add_option(validate_dnssec_locally, "Validate DNSSEC locally", "dnssec");
 
     args_parser.add_option(Core::ArgsParser::Option {
         .argument_mode = Core::ArgsParser::OptionArgumentMode::Required,
@@ -220,8 +222,8 @@ ErrorOr<void> Application::initialize(Main::Arguments const& arguments)
         .profile_helper_process = move(profile_process_type),
         .dns_settings = (dns_server_address.has_value()
                 ? Optional<DNSSettings> { use_dns_over_tls
-                          ? DNSSettings(DNSOverTLS(dns_server_address.release_value(), *dns_server_port))
-                          : DNSSettings(DNSOverUDP(dns_server_address.release_value(), *dns_server_port)) }
+                          ? DNSSettings(DNSOverTLS(dns_server_address.release_value(), *dns_server_port, validate_dnssec_locally))
+                          : DNSSettings(DNSOverUDP(dns_server_address.release_value(), *dns_server_port, validate_dnssec_locally)) }
                 : OptionalNone()),
         .devtools_port = devtools_port,
     };

Libraries/LibWebView/HelperProcess.cpp

@@ -220,12 +220,12 @@ ErrorOr<NonnullRefPtr<Requests::RequestClient>> launch_request_server_process()
     WebView::Application::settings().dns_settings().visit(
         [](WebView::SystemDNS) {},
         [&](WebView::DNSOverTLS const& dns_over_tls) {
-            dbgln("Setting DNS server to {}:{} with TLS", dns_over_tls.server_address, dns_over_tls.port);
-            client->async_set_dns_server(dns_over_tls.server_address, dns_over_tls.port, true);
+            dbgln("Setting DNS server to {}:{} with TLS ({} local dnssec)", dns_over_tls.server_address, dns_over_tls.port, dns_over_tls.validate_dnssec_locally ? "with" : "without");
+            client->async_set_dns_server(dns_over_tls.server_address, dns_over_tls.port, true, dns_over_tls.validate_dnssec_locally);
         },
         [&](WebView::DNSOverUDP const& dns_over_udp) {
-            dbgln("Setting DNS server to {}:{}", dns_over_udp.server_address, dns_over_udp.port);
-            client->async_set_dns_server(dns_over_udp.server_address, dns_over_udp.port, false);
+            dbgln("Setting DNS server to {}:{} ({} local dnssec)", dns_over_udp.server_address, dns_over_udp.port, dns_over_udp.validate_dnssec_locally ? "with" : "without");
+            client->async_set_dns_server(dns_over_udp.server_address, dns_over_udp.port, false, dns_over_udp.validate_dnssec_locally);
         });
 
     return client;

Libraries/LibWebView/Options.h

@@ -56,10 +56,12 @@ struct SystemDNS { };
 struct DNSOverTLS {
     ByteString server_address;
     u16 port;
+    bool validate_dnssec_locally;
 };
 struct DNSOverUDP {
     ByteString server_address;
     u16 port;
+    bool validate_dnssec_locally;
 };
 
 using DNSSettings = Variant<SystemDNS, DNSOverTLS, DNSOverUDP>;

Libraries/LibWebView/Settings.cpp

@@ -209,7 +209,7 @@ JsonValue Settings::serialize_json() const
 
     settings.set(do_not_track_key, m_do_not_track == DoNotTrack::Yes);
 
-    // dnsSettings :: { mode: "system" } | { mode: "custom", server: string, port: u16, type: "udp" | "tls", forciblyEnabled: bool }
+    // dnsSettings :: { mode: "system" } | { mode: "custom", server: string, port: u16, type: "udp" | "tls", forciblyEnabled: bool, dnssec: bool }
     JsonObject dns_settings;
     m_dns_settings.visit(
         [&](SystemDNS) {
@@ -220,6 +220,7 @@ JsonValue Settings::serialize_json() const
             dns_settings.set("server"sv, dot.server_address.view());
             dns_settings.set("port"sv, dot.port);
             dns_settings.set("type"sv, "tls"sv);
+            dns_settings.set("dnssec"sv, dot.validate_dnssec_locally);
             dns_settings.set("forciblyEnabled"sv, m_dns_override_by_command_line);
         },
         [&](DNSOverUDP const& dns) {
@@ -227,6 +228,7 @@ JsonValue Settings::serialize_json() const
             dns_settings.set("server"sv, dns.server_address.view());
             dns_settings.set("port"sv, dns.port);
             dns_settings.set("type"sv, "udp"sv);
+            dns_settings.set("dnssec"sv, dns.validate_dnssec_locally);
             dns_settings.set("forciblyEnabled"sv, m_dns_override_by_command_line);
         });
     settings.set(dns_settings_key, move(dns_settings));
@@ -441,12 +443,13 @@ DNSSettings Settings::parse_dns_settings(JsonValue const& dns_settings)
             auto server = dns_settings_object.get_string("server"sv);
             auto port = dns_settings_object.get_u16("port"sv);
             auto type = dns_settings_object.get_string("type"sv);
+            auto validate_dnssec_locally = dns_settings_object.get_bool("dnssec"sv);
 
             if (server.has_value() && port.has_value() && type.has_value()) {
                 if (*type == "tls"sv)
-                    return DNSOverTLS { .server_address = server->to_byte_string(), .port = *port };
+                    return DNSOverTLS { .server_address = server->to_byte_string(), .port = *port, .validate_dnssec_locally = validate_dnssec_locally.value_or(false) };
                 if (*type == "udp"sv)
-                    return DNSOverUDP { .server_address = server->to_byte_string(), .port = *port };
+                    return DNSOverUDP { .server_address = server->to_byte_string(), .port = *port, .validate_dnssec_locally = validate_dnssec_locally.value_or(false) };
             }
         }
     }