- public Domain(User owner, String suffix) throws GigiApiException {
- checkCertifyableDomain(suffix, owner.isInGroup(Group.CODESIGNING));
- this.owner = owner;
- this.suffix = suffix;
-
- }
-
- public static void checkCertifyableDomain(String s, boolean hasPunycodeRight) throws GigiApiException {
- String[] parts = s.split("\\.", -1);
- if (parts.length < 2) {
- throw new GigiApiException("Domain does not contain '.'.");
- }
- for (int i = parts.length - 1; i >= 0; i--) {
- if ( !isVaildDomainPart(parts[i], hasPunycodeRight)) {
- throw new GigiApiException("Syntax error in Domain");
- }
- }
- String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(s);
- if ( !s.equals(publicSuffix)) {
- throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix.");
- }
- checkPunycode(parts[0], s.substring(parts[0].length() + 1));
- }
-
- private static void checkPunycode(String label, String domainContext) throws GigiApiException {
- if (label.charAt(2) != '-' || label.charAt(3) != '-') {
- return; // is no punycode
- }
- if ( !IDNEnabledTLDs.contains(domainContext)) {
- throw new GigiApiException("Punycode label could not be positively verified.");
- }
- if ( !label.startsWith("xn--")) {
- throw new GigiApiException("Unknown ACE prefix.");
- }
- try {
- String unicode = IDN.toUnicode(label);
- if (unicode.startsWith("xn--")) {
- throw new GigiApiException("Punycode label could not be positively verified.");
- }
- } catch (IllegalArgumentException e) {
- throw new GigiApiException("Punycode label could not be positively verified.");
- }
- }
-
- public static boolean isVaildDomainPart(String s, boolean allowPunycode) {
- if ( !s.matches("[a-z0-9-]+")) {
- return false;
- }
- if (s.charAt(0) == '-' || s.charAt(s.length() - 1) == '-') {
- return false;
- }
- if (s.length() > 63) {
- return false;
- }
- boolean canBePunycode = s.length() >= 4 && s.charAt(2) == '-' && s.charAt(3) == '-';
- if (canBePunycode && !allowPunycode) {
- return false;
+ public Domain(User actor, CertificateOwner owner, String suffix) throws GigiApiException {
+ suffix = suffix.toLowerCase();
+ synchronized (Domain.class) {
+ DomainAssessment.checkCertifiableDomain(suffix, actor.isInGroup(Group.CODESIGNING), true);
+ this.owner = owner;
+ this.suffix = suffix;
+ insert();