private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException {
CAARecord[] caa = DNSUtil.getCAAEntries(name);
String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name);
+ if (name.equals(publicSuffix)) {
+ return caa;
+ }
// TODO missing alias processing
while (caa.length == 0 && name.contains(".")) {
name = name.split("\\.", 2)[1];
import java.util.Hashtable;
import javax.naming.Context;
+import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
InitialDirContext context = new InitialDirContext(env);
-
- Attributes dnsLookup = context.getAttributes(domain, new String[] {
- "257"
- });
+ Attributes dnsLookup;
+ try {
+ dnsLookup = context.getAttributes(domain, new String[] {
+ "257"
+ });
+ } catch (NameNotFoundException e) {
+ // We treat non-existing names as names without CAA-records
+ return new CAARecord[0];
+ }
Attribute nsRecords = dnsLookup.get("257");
if (nsRecords == null) {
return new CAARecord[] {};
import club.wpia.gigi.GigiApiException;
import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
import club.wpia.gigi.dbObjects.CertificateProfile;
import club.wpia.gigi.dbObjects.Digest;
import club.wpia.gigi.dbObjects.Domain;
import club.wpia.gigi.dbObjects.Job;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
import club.wpia.gigi.pages.account.certs.CertificateRequest;
import club.wpia.gigi.testUtils.ClientTest;
-import club.wpia.gigi.util.AuthorizationContext;
-import club.wpia.gigi.util.CAA;
@RunWith(Parameterized.class)
public class TestCAAValidation extends ClientTest {
@Test
public void testCAACert() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
- Domain d = new Domain(u, u, domain);
+ Domain d = new Domain(u, u, PublicSuffixes.getInstance().getRegistrablePart(domain));
verify(d);
String csr = generatePEMCSR(generateKeypair(), "CN=test");
CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);