+ public Domain(User actor, CertificateOwner owner, String suffix) throws GigiApiException {
+ suffix = suffix.toLowerCase();
+ synchronized (Domain.class) {
+ checkCertifyableDomain(suffix, actor.isInGroup(Group.CODESIGNING));
+ this.owner = owner;
+ this.suffix = suffix;
+ insert();
+ }
+ }
+
+ public static void checkCertifyableDomain(String s, boolean hasPunycodeRight) throws GigiApiException {
+ String[] parts = s.split("\\.", -1);
+ if (parts.length < 2) {
+ throw new GigiApiException("Domain does not contain '.'.");
+ }
+ for (int i = parts.length - 1; i >= 0; i--) {
+ if ( !isVaildDomainPart(parts[i], hasPunycodeRight)) {
+ throw new GigiApiException("Syntax error in Domain");
+ }
+ }
+ String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(s);
+ if ( !s.equals(publicSuffix)) {
+ throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix.");
+ }
+ if (("." + s).matches("(\\.[0-9]*)*")) {
+ // This is not reached because we currently have no TLD that is
+ // numbers only. But who knows..
+ // Better safe than sorry.
+ throw new GigiApiException("IP Addresses are not allowed");
+ }
+ checkPunycode(parts[0], s.substring(parts[0].length() + 1));
+ }
+
+ private static void checkPunycode(String label, String domainContext) throws GigiApiException {
+ if (label.charAt(2) != '-' || label.charAt(3) != '-') {
+ return; // is no punycode
+ }
+ if ( !IDNEnabledTLDs.contains(domainContext)) {
+ throw new GigiApiException("Punycode label could not be positively verified.");
+ }
+ if ( !label.startsWith("xn--")) {
+ throw new GigiApiException("Unknown ACE prefix.");
+ }