fix: CAA records on non-existing domains

Change-Id: Iad8984a5249595272203dbdf85590359683f1267

diff --git a/src/club/wpia/gigi/util/CAA.java b/src/club/wpia/gigi/util/CAA.java
index 7100b55708918777bd33f4fb83826ce467878ccd..df8b1f5f2fda6f0f9993ee085df363e7f76bcce5 100644 (file)
--- a/src/club/wpia/gigi/util/CAA.java
+++ b/src/club/wpia/gigi/util/CAA.java
@@ -87,6 +87,9 @@ public class CAA {
     private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException {
         CAARecord[] caa = DNSUtil.getCAAEntries(name);
         String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name);
+        if (name.equals(publicSuffix)) {
+            return caa;
+        }
         // TODO missing alias processing
         while (caa.length == 0 && name.contains(".")) {
             name = name.split("\\.", 2)[1];

diff --git a/src/club/wpia/gigi/util/DNSUtil.java b/src/club/wpia/gigi/util/DNSUtil.java
index 5bec99693d2c00fe8da3cc24b29ad985c47f3391..af664359b68bf71ed6cfe78f39be9e7a7e019176 100644 (file)
--- a/src/club/wpia/gigi/util/DNSUtil.java
+++ b/src/club/wpia/gigi/util/DNSUtil.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
 import java.util.Hashtable;
 
 import javax.naming.Context;
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
@@ -72,10 +73,15 @@ public class DNSUtil {
         Hashtable<String, String> env = new Hashtable<String, String>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
         InitialDirContext context = new InitialDirContext(env);
-
-        Attributes dnsLookup = context.getAttributes(domain, new String[] {
-                "257"
-        });
+        Attributes dnsLookup;
+        try {
+            dnsLookup = context.getAttributes(domain, new String[] {
+                    "257"
+            });
+        } catch (NameNotFoundException e) {
+            // We treat non-existing names as names without CAA-records
+            return new CAARecord[0];
+        }
         Attribute nsRecords = dnsLookup.get("257");
         if (nsRecords == null) {
             return new CAARecord[] {};

diff --git a/tests/club/wpia/gigi/util/TestCAAValidation.java b/tests/club/wpia/gigi/util/TestCAAValidation.java
index b1db8b602b88db8899ea1a9a3d39963ebef7f996..a762570025e470a8a3f7e31a2c2f6293c4ad75a4 100644 (file)
--- a/tests/club/wpia/gigi/util/TestCAAValidation.java
+++ b/tests/club/wpia/gigi/util/TestCAAValidation.java
@@ -16,15 +16,13 @@ import org.junit.runners.Parameterized.Parameters;
 
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.dbObjects.CertificateProfile;
 import club.wpia.gigi.dbObjects.Digest;
 import club.wpia.gigi.dbObjects.Domain;
 import club.wpia.gigi.dbObjects.Job;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.pages.account.certs.CertificateRequest;
 import club.wpia.gigi.testUtils.ClientTest;
-import club.wpia.gigi.util.AuthorizationContext;
-import club.wpia.gigi.util.CAA;
 
 @RunWith(Parameterized.class)
 public class TestCAAValidation extends ClientTest {
@@ -62,7 +60,7 @@ public class TestCAAValidation extends ClientTest {
 
     @Test
     public void testCAACert() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
-        Domain d = new Domain(u, u, domain);
+        Domain d = new Domain(u, u, PublicSuffixes.getInstance().getRegistrablePart(domain));
         verify(d);
         String csr = generatePEMCSR(generateKeypair(), "CN=test");
         CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);