1 package org.cacert.gigi.dbObjects;
3 import java.io.IOException;
4 import java.io.InputStream;
6 import java.util.Arrays;
7 import java.util.Collections;
8 import java.util.HashSet;
9 import java.util.LinkedList;
10 import java.util.List;
11 import java.util.Properties;
14 import org.cacert.gigi.GigiApiException;
15 import org.cacert.gigi.database.GigiPreparedStatement;
16 import org.cacert.gigi.database.GigiResultSet;
17 import org.cacert.gigi.util.PublicSuffixes;
19 public class Domain implements IdCachable, Verifyable {
21 private CertificateOwner owner;
23 private String suffix;
27 private static final Set<String> IDNEnabledTLDs;
30 Properties CPS = new Properties();
31 try (InputStream resourceAsStream = Domain.class.getResourceAsStream("CPS.properties")) {
32 CPS.load(resourceAsStream);
33 IDNEnabledTLDs = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(CPS.getProperty("IDN-enabled").split(","))));
34 } catch (IOException e) {
39 private Domain(int id) {
40 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `memid`, `domain` FROM `domains` WHERE `id`=? AND `deleted` IS NULL")) {
43 GigiResultSet rs = ps.executeQuery();
45 throw new IllegalArgumentException("Invalid domain id " + id);
48 owner = CertificateOwner.getById(rs.getInt(1));
49 suffix = rs.getString(2);
53 public Domain(User actor, CertificateOwner owner, String suffix) throws GigiApiException {
54 suffix = suffix.toLowerCase();
55 synchronized (Domain.class) {
56 checkCertifyableDomain(suffix, actor.isInGroup(Group.CODESIGNING));
63 public static void checkCertifyableDomain(String s, boolean hasPunycodeRight) throws GigiApiException {
64 String[] parts = s.split("\\.", -1);
65 if (parts.length < 2) {
66 throw new GigiApiException("Domain does not contain '.'.");
68 for (int i = parts.length - 1; i >= 0; i--) {
69 if ( !isVaildDomainPart(parts[i], hasPunycodeRight)) {
70 throw new GigiApiException("Syntax error in Domain");
73 String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(s);
74 if ( !s.equals(publicSuffix)) {
75 throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix.");
77 if (("." + s).matches("(\\.[0-9]*)*")) {
78 // This is not reached because we currently have no TLD that is
79 // numbers only. But who knows..
80 // Better safe than sorry.
81 throw new GigiApiException("IP Addresses are not allowed");
83 checkPunycode(parts[0], s.substring(parts[0].length() + 1));
86 private static void checkPunycode(String label, String domainContext) throws GigiApiException {
87 if (label.charAt(2) != '-' || label.charAt(3) != '-') {
88 return; // is no punycode
90 if ( !IDNEnabledTLDs.contains(domainContext)) {
91 throw new GigiApiException("Punycode label could not be positively verified.");
93 if ( !label.startsWith("xn--")) {
94 throw new GigiApiException("Unknown ACE prefix.");
97 String unicode = IDN.toUnicode(label);
98 if (unicode.startsWith("xn--")) {
99 throw new GigiApiException("Punycode label could not be positively verified.");
101 } catch (IllegalArgumentException e) {
102 throw new GigiApiException("Punycode label could not be positively verified.");
106 public static boolean isVaildDomainPart(String s, boolean allowPunycode) {
107 if ( !s.matches("[a-z0-9-]+")) {
110 if (s.charAt(0) == '-' || s.charAt(s.length() - 1) == '-') {
113 if (s.length() > 63) {
116 boolean canBePunycode = s.length() >= 4 && s.charAt(2) == '-' && s.charAt(3) == '-';
117 if (canBePunycode && !allowPunycode) {
123 private static void checkInsert(String suffix) throws GigiApiException {
124 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT 1 FROM `domains` WHERE (`domain`=? OR (CONCAT('.', `domain`)=RIGHT(?,LENGTH(`domain`)+1) OR RIGHT(`domain`,LENGTH(?)+1)=CONCAT('.',?))) AND `deleted` IS NULL")) {
125 ps.setString(1, suffix);
126 ps.setString(2, suffix);
127 ps.setString(3, suffix);
128 ps.setString(4, suffix);
129 GigiResultSet rs = ps.executeQuery();
130 boolean existed = rs.next();
133 throw new GigiApiException("Domain could not be inserted. Domain is already known to the system.");
138 private void insert() throws GigiApiException {
140 throw new GigiApiException("already inserted.");
143 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `domains` SET memid=?, domain=?")) {
144 ps.setInt(1, owner.getId());
145 ps.setString(2, suffix);
147 id = ps.lastInsertId();
152 public void delete() throws GigiApiException {
154 throw new GigiApiException("not inserted.");
156 try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `domains` SET `deleted`=CURRENT_TIMESTAMP WHERE `id`=?")) {
162 public CertificateOwner getOwner() {
171 public String getSuffix() {
175 private LinkedList<DomainPingConfiguration> configs = null;
177 public List<DomainPingConfiguration> getConfiguredPings() throws GigiApiException {
178 LinkedList<DomainPingConfiguration> configs = this.configs;
179 if (configs == null) {
180 configs = new LinkedList<>();
181 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT id FROM pingconfig WHERE domainid=? AND `deleted` IS NULL")) {
183 GigiResultSet rs = ps.executeQuery();
185 configs.add(DomainPingConfiguration.getById(rs.getInt(1)));
188 this.configs = configs;
191 return Collections.unmodifiableList(configs);
194 public void addPing(DomainPingType type, String config) throws GigiApiException {
195 try (GigiPreparedStatement ps = new GigiPreparedStatement("INSERT INTO `pingconfig` SET `domainid`=?, `type`=?::`pingType`, `info`=?")) {
197 ps.setString(2, type.toString().toLowerCase());
198 ps.setString(3, config);
204 public void clearPings() throws GigiApiException {
205 try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `pingconfig` SET `deleted`=CURRENT_TIMESTAMP WHERE `deleted` is NULL AND `domainid`=?")) {
212 public synchronized void verify(String hash) throws GigiApiException {
213 try (GigiPreparedStatement ps = new GigiPreparedStatement("UPDATE `domainPinglog` SET `state`='success' WHERE `challenge`=? AND `state`='open' AND `configId` IN (SELECT `id` FROM `pingconfig` WHERE `domainid`=? AND `type`='email')")) {
214 ps.setString(1, hash);
220 public boolean isVerified() {
221 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT 1 FROM `domainPinglog` INNER JOIN `pingconfig` ON `pingconfig`.`id`=`domainPinglog`.`configId` WHERE `domainid`=? AND `state`='success'")) {
223 GigiResultSet rs = ps.executeQuery();
228 public DomainPingExecution[] getPings() throws GigiApiException {
229 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `state`, `type`, `info`, `result`, `configId`, `when` FROM `domainPinglog` INNER JOIN `pingconfig` ON `pingconfig`.`id`=`domainPinglog`.`configId` WHERE `pingconfig`.`domainid`=? ORDER BY `when` DESC;", true)) {
231 GigiResultSet rs = ps.executeQuery();
233 DomainPingExecution[] contents = new DomainPingExecution[rs.getRow()];
235 for (int i = 0; i < contents.length && rs.next(); i++) {
236 contents[i] = new DomainPingExecution(rs);
243 private static final ObjectCache<Domain> myCache = new ObjectCache<>();
245 public static synchronized Domain getById(int id) throws IllegalArgumentException {
246 Domain em = myCache.get(id);
248 myCache.put(em = new Domain(id));
253 public static Domain searchUserIdByDomain(String domain) {
254 try (GigiPreparedStatement ps = new GigiPreparedStatement("SELECT `id` FROM `domains` WHERE `domain` = ?")) {
255 ps.setString(1, domain);
256 GigiResultSet res = ps.executeQuery();
258 return getById(res.getInt(1));