X-Git-Url: https://code.wpia.club/?a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2FdbObjects%2FDomain.java;h=13ee9f350762832541ed8fdb71756f1a12f4f43a;hb=12c6327bdc31d1f1d50159de69641d878827dddf;hp=b481e76fe5868bb3c09a15616bdc2e6a22c95d4a;hpb=76e3ad5851967bea57005ec9858625d4a7071d7c;p=gigi.git diff --git a/src/org/cacert/gigi/dbObjects/Domain.java b/src/org/cacert/gigi/dbObjects/Domain.java index b481e76f..13ee9f35 100644 --- a/src/org/cacert/gigi/dbObjects/Domain.java +++ b/src/org/cacert/gigi/dbObjects/Domain.java @@ -1,31 +1,37 @@ package org.cacert.gigi.dbObjects; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; +import java.io.IOException; +import java.net.IDN; +import java.util.Arrays; import java.util.Collections; +import java.util.HashSet; import java.util.LinkedList; import java.util.List; +import java.util.Properties; +import java.util.Set; import org.cacert.gigi.GigiApiException; import org.cacert.gigi.database.DatabaseConnection; +import org.cacert.gigi.database.GigiPreparedStatement; +import org.cacert.gigi.database.GigiResultSet; import org.cacert.gigi.dbObjects.DomainPingConfiguration.PingType; +import org.cacert.gigi.util.PublicSuffixes; public class Domain implements IdCachable { public class DomainPingExecution { - String state; + private String state; - String type; + private String type; - String info; + private String info; - String result; + private String result; - DomainPingConfiguration config; + private DomainPingConfiguration config; - public DomainPingExecution(ResultSet rs) throws SQLException { + public DomainPingExecution(GigiResultSet rs) { state = rs.getString(1); type = rs.getString(2); info = rs.getString(3); @@ -61,11 +67,22 @@ public class Domain implements IdCachable { private int id; - private Domain(int id) throws SQLException { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, domain FROM `domains` WHERE id=? AND deleted IS NULL"); + private static final Set IDNEnabledTLDs; + static { + Properties CPS = new Properties(); + try { + CPS.load(Domain.class.getResourceAsStream("CPS.properties")); + IDNEnabledTLDs = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(CPS.getProperty("IDN-enabled").split(",")))); + } catch (IOException e) { + throw new Error(e); + } + } + + private Domain(int id) { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT memid, domain FROM `domains` WHERE id=? AND deleted IS NULL"); ps.setInt(1, id); - ResultSet rs = ps.executeQuery(); + GigiResultSet rs = ps.executeQuery(); if ( !rs.next()) { throw new IllegalArgumentException("Invalid domain id " + id); } @@ -76,25 +93,77 @@ public class Domain implements IdCachable { } public Domain(User owner, String suffix) throws GigiApiException { + checkCertifyableDomain(suffix, owner.isInGroup(Group.getByString("codesign"))); this.owner = owner; this.suffix = suffix; } - private static void checkInsert(String suffix) throws GigiApiException { + public static void checkCertifyableDomain(String s, boolean hasPunycodeRight) throws GigiApiException { + String[] parts = s.split("\\.", -1); + if (parts.length < 2) { + throw new GigiApiException("Domain does not contain '.'."); + } + for (int i = parts.length - 1; i >= 0; i--) { + if ( !isVaildDomainPart(parts[i], hasPunycodeRight)) { + throw new GigiApiException("Syntax error in Domain"); + } + } + String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(s); + if ( !s.equals(publicSuffix)) { + throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix."); + } + checkPunycode(parts[0], s.substring(parts[0].length() + 1)); + } + + private static void checkPunycode(String label, String domainContext) throws GigiApiException { + if (label.charAt(2) != '-' || label.charAt(3) != '-') { + return; // is no punycode + } + if ( !IDNEnabledTLDs.contains(domainContext)) { + throw new GigiApiException("Punycode label could not be positively verified."); + } + if ( !label.startsWith("xn--")) { + throw new GigiApiException("Unknown ACE prefix."); + } try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `domains` WHERE (domain=RIGHT(?,LENGTH(domain)) OR RIGHT(domain,LENGTH(?))=?) AND deleted IS NULL"); - ps.setString(1, suffix); - ps.setString(2, suffix); - ps.setString(3, suffix); - ResultSet rs = ps.executeQuery(); - boolean existed = rs.next(); - rs.close(); - if (existed) { - throw new GigiApiException("Domain could not be inserted. Domain is already valid."); + String unicode = IDN.toUnicode(label); + if (unicode.startsWith("xn--")) { + throw new GigiApiException("Punycode label could not be positively verified."); } - } catch (SQLException e) { - throw new GigiApiException(e); + } catch (IllegalArgumentException e) { + throw new GigiApiException("Punycode label could not be positively verified."); + } + } + + public static boolean isVaildDomainPart(String s, boolean allowPunycode) { + if ( !s.matches("[a-z0-9-]+")) { + return false; + } + if (s.charAt(0) == '-' || s.charAt(s.length() - 1) == '-') { + return false; + } + if (s.length() > 63) { + return false; + } + boolean canBePunycode = s.length() >= 4 && s.charAt(2) == '-' && s.charAt(3) == '-'; + if (canBePunycode && !allowPunycode) { + return false; + } + return true; + } + + private static void checkInsert(String suffix) throws GigiApiException { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT 1 FROM `domains` WHERE (domain=? OR (CONCAT('.', domain)=RIGHT(?,LENGTH(domain)+1) OR RIGHT(domain,LENGTH(?)+1)=CONCAT('.',?))) AND deleted IS NULL"); + ps.setString(1, suffix); + ps.setString(2, suffix); + ps.setString(3, suffix); + ps.setString(4, suffix); + GigiResultSet rs = ps.executeQuery(); + boolean existed = rs.next(); + rs.close(); + if (existed) { + throw new GigiApiException("Domain could not be inserted. Domain is already valid."); } } @@ -104,16 +173,12 @@ public class Domain implements IdCachable { } synchronized (Domain.class) { checkInsert(suffix); - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `domains` SET memid=?, domain=?"); - ps.setInt(1, owner.getId()); - ps.setString(2, suffix); - ps.execute(); - id = DatabaseConnection.lastInsertId(ps); - myCache.put(this); - } catch (SQLException e) { - throw new GigiApiException(e); - } + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO `domains` SET memid=?, domain=?"); + ps.setInt(1, owner.getId()); + ps.setString(2, suffix); + ps.execute(); + id = ps.lastInsertId(); + myCache.put(this); } } @@ -121,19 +186,16 @@ public class Domain implements IdCachable { if (id == 0) { throw new GigiApiException("not inserted."); } - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `domains` SET deleted=CURRENT_TIMESTAMP WHERE id=?"); - ps.setInt(1, id); - ps.execute(); - } catch (SQLException e) { - throw new GigiApiException(e); - } + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE `domains` SET deleted=CURRENT_TIMESTAMP WHERE id=?"); + ps.setInt(1, id); + ps.execute(); } public User getOwner() { return owner; } + @Override public int getId() { return id; } @@ -147,90 +209,63 @@ public class Domain implements IdCachable { public List getConfiguredPings() throws GigiApiException { LinkedList configs = this.configs; if (configs == null) { - try { - configs = new LinkedList<>(); - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM pingconfig WHERE domainid=?"); - ps.setInt(1, id); - ResultSet rs = ps.executeQuery(); - while (rs.next()) { - configs.add(DomainPingConfiguration.getById(rs.getInt(1))); - } - rs.close(); - this.configs = configs; - } catch (SQLException e) { - throw new GigiApiException(e); + configs = new LinkedList<>(); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT id FROM pingconfig WHERE domainid=?"); + ps.setInt(1, id); + GigiResultSet rs = ps.executeQuery(); + while (rs.next()) { + configs.add(DomainPingConfiguration.getById(rs.getInt(1))); } + rs.close(); + this.configs = configs; } return Collections.unmodifiableList(configs); } - public void addPing(PingType ssl, String config) throws GigiApiException { - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO pingconfig SET domainid=?, type=?, info=?"); - ps.setInt(1, id); - ps.setString(2, ssl.toString().toLowerCase()); - ps.setString(3, config); - ps.execute(); - configs = null; - } catch (SQLException e) { - throw new GigiApiException(e); - } + public void addPing(PingType type, String config) throws GigiApiException { + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("INSERT INTO pingconfig SET domainid=?, type=?, info=?"); + ps.setInt(1, id); + ps.setString(2, type.toString().toLowerCase()); + ps.setString(3, config); + ps.execute(); + configs = null; } public void verify(String hash) throws GigiApiException { - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE domainPinglog SET state='success' WHERE challenge=? AND configId IN (SELECT id FROM pingconfig WHERE domainId=?)"); - ps.setString(1, hash); - ps.setInt(2, id); - ps.executeUpdate(); - } catch (SQLException e) { - throw new GigiApiException(e); - } + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("UPDATE domainPinglog SET state='success' WHERE challenge=? AND configId IN (SELECT id FROM pingconfig WHERE domainId=?)"); + ps.setString(1, hash); + ps.setInt(2, id); + ps.executeUpdate(); } public boolean isVerified() { - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT 1 FROM domainPinglog INNER JOIN pingconfig ON pingconfig.id=domainPinglog.configId WHERE domainid=? AND state='success'"); - ps.setInt(1, id); - ResultSet rs = ps.executeQuery(); - return rs.next(); - } catch (SQLException e) { - e.printStackTrace(); - } - return false; + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT 1 FROM domainPinglog INNER JOIN pingconfig ON pingconfig.id=domainPinglog.configId WHERE domainid=? AND state='success'"); + ps.setInt(1, id); + GigiResultSet rs = ps.executeQuery(); + return rs.next(); } public DomainPingExecution[] getPings() throws GigiApiException { - try { - PreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT state, type, info, result, configId FROM domainPinglog INNER JOIN pingconfig ON pingconfig.id=domainPinglog.configid WHERE pingconfig.domainid=? ORDER BY `when` DESC;"); - ps.setInt(1, id); - ResultSet rs = ps.executeQuery(); - rs.last(); - DomainPingExecution[] contents = new DomainPingExecution[rs.getRow()]; - rs.beforeFirst(); - for (int i = 0; i < contents.length && rs.next(); i++) { - contents[i] = new DomainPingExecution(rs); - } - return contents; - } catch (SQLException e) { - throw new GigiApiException(e); + GigiPreparedStatement ps = DatabaseConnection.getInstance().prepare("SELECT state, type, info, result, configId FROM domainPinglog INNER JOIN pingconfig ON pingconfig.id=domainPinglog.configid WHERE pingconfig.domainid=? ORDER BY `when` DESC;"); + ps.setInt(1, id); + GigiResultSet rs = ps.executeQuery(); + rs.last(); + DomainPingExecution[] contents = new DomainPingExecution[rs.getRow()]; + rs.beforeFirst(); + for (int i = 0; i < contents.length && rs.next(); i++) { + contents[i] = new DomainPingExecution(rs); } + return contents; } private static ObjectCache myCache = new ObjectCache<>(); - public static Domain getById(int id) throws IllegalArgumentException { + public static synchronized Domain getById(int id) throws IllegalArgumentException { Domain em = myCache.get(id); if (em == null) { - try { - synchronized (Domain.class) { - myCache.put(em = new Domain(id)); - } - } catch (SQLException e1) { - throw new IllegalArgumentException(e1); - } + myCache.put(em = new Domain(id)); } return em; }