X-Git-Url: https://code.wpia.club/?p=gigi.git;a=blobdiff_plain;f=src%2Forg%2Fcacert%2Fgigi%2Futil%2FCAA.java;h=33e78e89627f74df25da8b9ac0cb80a8c9d7900c;hp=a95977e77c65b62a520b2617f75ac8732c08c595;hb=0206a8e18afd089c232defcebf5a6315a35a1541;hpb=4974563cbde29b9798b7015b1b01982702f3a3d3 diff --git a/src/org/cacert/gigi/util/CAA.java b/src/org/cacert/gigi/util/CAA.java index a95977e7..33e78e89 100644 --- a/src/org/cacert/gigi/util/CAA.java +++ b/src/org/cacert/gigi/util/CAA.java @@ -2,8 +2,10 @@ package org.cacert.gigi.util; import javax.naming.NamingException; +import org.cacert.gigi.GigiApiException; import org.cacert.gigi.dbObjects.CertificateOwner; import org.cacert.gigi.dbObjects.CertificateProfile; +import org.cacert.gigi.output.template.SprintfCommand; public class CAA { @@ -44,14 +46,14 @@ public class CAA { } } - public static boolean verifyDomainAccess(CertificateOwner owner, CertificateProfile p, String name) { + public static boolean verifyDomainAccess(CertificateOwner owner, CertificateProfile p, String name) throws GigiApiException { try { if (name.startsWith("*.")) { return verifyDomainAccess(owner, p, name.substring(2), true); } return verifyDomainAccess(owner, p, name, false); } catch (NamingException e) { - return false; + throw new GigiApiException(SprintfCommand.createSimple("Internal Name Server/Resolution Error: {0}", e.getMessage())); } } @@ -84,10 +86,14 @@ public class CAA { private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException { CAARecord[] caa = DNSUtil.getCAAEntries(name); + String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name); // TODO missing alias processing while (caa.length == 0 && name.contains(".")) { name = name.split("\\.", 2)[1]; caa = DNSUtil.getCAAEntries(name); + if (name.equals(publicSuffix)) { + return caa; + } } return caa; }