]> WPIA git - gigi.git/blobdiff - tests/org/cacert/gigi/DomainVerification.java
projects / gigi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
ADD: more advanced domain name verification (public suffix, punycode)
[gigi.git] / tests / org / cacert / gigi / DomainVerification.java
diff --git a/tests/org/cacert/gigi/DomainVerification.java b/tests/org/cacert/gigi/DomainVerification.java
new file mode 100644 (file)
index 0000000..bc6f5fd
--- /dev/null
+++ b/tests/org/cacert/gigi/DomainVerification.java
@@ -0,0 +1,76 @@
+package org.cacert.gigi;
+
+import static org.junit.Assert.*;
+
+import org.cacert.gigi.dbObjects.Domain;
+import org.junit.Test;
+
+public class DomainVerification {
+
+    @Test
+    public void testDomainPart() {
+        assertTrue(Domain.isVaildDomainPart("cacert", false));
+        assertTrue(Domain.isVaildDomainPart("de", false));
+        assertTrue(Domain.isVaildDomainPart("ha2-a", false));
+        assertTrue(Domain.isVaildDomainPart("ha2--a", false));
+        assertTrue(Domain.isVaildDomainPart("h--a", false));
+        assertFalse(Domain.isVaildDomainPart("xn--bla", false));
+        assertFalse(Domain.isVaildDomainPart("-xnbla", false));
+        assertFalse(Domain.isVaildDomainPart("xnbla-", false));
+        assertFalse(Domain.isVaildDomainPart("", false));
+        assertTrue(Domain.isVaildDomainPart("2xnbla", false));
+        assertTrue(Domain.isVaildDomainPart("xnbla2", false));
+        assertTrue(Domain.isVaildDomainPart("123", false));
+        assertTrue(Domain.isVaildDomainPart("abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy1234567890123", false));
+        assertFalse(Domain.isVaildDomainPart("abcdefghijklmnopqrstuvwxyabcdefghijklmnopqrstuvwxy12345678901234", false));
+    }
+
+    @Test
+    public void testDomainCertifyable() {
+        isCertifyableDomain(true, "cacert.org", false);
+        isCertifyableDomain(true, "cacert.de", false);
+        isCertifyableDomain(true, "cacert.org", false);
+        isCertifyableDomain(true, "cacert.org", false);
+        isCertifyableDomain(true, "1234.org", false);
+        isCertifyableDomain(false, "a.cacert.org", true);
+        isCertifyableDomain(false, "gigi.local", true);
+        isCertifyableDomain(false, "org", true);
+        isCertifyableDomain(false, "'a.org", true);
+        isCertifyableDomain(false, ".org", true);
+        isCertifyableDomain(false, ".org.", true);
+        // non-real-punycode
+        isCertifyableDomain(true, "xna-ae.de", false);
+        isCertifyableDomain(true, "xn-aae.de", false);
+
+        // illegal punycode:
+        // illegal ace prefix
+        isCertifyableDomain(false, "aa--b.com", true);
+        isCertifyableDomain(false, "xm--ae-a.de", true);
+
+        // illegal punycode content
+        isCertifyableDomain(false, "xn--ae-a.com", true);
+        isCertifyableDomain(false, "xn--ae.de", true);
+        isCertifyableDomain(false, "xn--ae-a.org", true);
+        isCertifyableDomain(false, "xn--ae-a.de", true);
+        // valid punycode requires permission
+        isCertifyableDomain(true, "xn--4ca0bs.de", true);
+        isCertifyableDomain(false, "xn--4ca0bs.de", false);
+        isCertifyableDomain(true, "xn--a-zfa9cya.de", true);
+        isCertifyableDomain(false, "xn--a-zfa9cya.de", false);
+
+        // valid punycode does not help under .com
+        isCertifyableDomain(false, "xn--a-zfa9cya.com", true);
+        isCertifyableDomain(true, "zfa9cya.com", true);
+
+    }
+
+    private void isCertifyableDomain(boolean b, String string, boolean puny) {
+        try {
+            Domain.checkCertifyableDomain(string, puny);
+            assertTrue(b);
+        } catch (GigiApiException e) {
+            assertFalse(e.getMessage(), b);
+        }
+    }
+
+}
WPIA Certificate Web Issuance Platform