fix: CAA records on non-existing domains
authorFelix Dörre <felix@dogcraft.de>
Mon, 27 Feb 2017 20:03:12 +0000 (21:03 +0100)
committerFelix Dörre <felix@dogcraft.de>
Mon, 27 Feb 2017 20:43:45 +0000 (21:43 +0100)
Change-Id: Iad8984a5249595272203dbdf85590359683f1267

src/club/wpia/gigi/util/CAA.java
src/club/wpia/gigi/util/DNSUtil.java
tests/club/wpia/gigi/util/TestCAAValidation.java

index 7100b55..df8b1f5 100644 (file)
@@ -87,6 +87,9 @@ public class CAA {
     private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException {
         CAARecord[] caa = DNSUtil.getCAAEntries(name);
         String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name);
+        if (name.equals(publicSuffix)) {
+            return caa;
+        }
         // TODO missing alias processing
         while (caa.length == 0 && name.contains(".")) {
             name = name.split("\\.", 2)[1];
index 5bec996..af66435 100644 (file)
@@ -4,6 +4,7 @@ import java.util.Arrays;
 import java.util.Hashtable;
 
 import javax.naming.Context;
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
@@ -72,10 +73,15 @@ public class DNSUtil {
         Hashtable<String, String> env = new Hashtable<String, String>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
         InitialDirContext context = new InitialDirContext(env);
-
-        Attributes dnsLookup = context.getAttributes(domain, new String[] {
-                "257"
-        });
+        Attributes dnsLookup;
+        try {
+            dnsLookup = context.getAttributes(domain, new String[] {
+                    "257"
+            });
+        } catch (NameNotFoundException e) {
+            // We treat non-existing names as names without CAA-records
+            return new CAARecord[0];
+        }
         Attribute nsRecords = dnsLookup.get("257");
         if (nsRecords == null) {
             return new CAARecord[] {};
index b1db8b6..a762570 100644 (file)
@@ -16,15 +16,13 @@ import org.junit.runners.Parameterized.Parameters;
 
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.dbObjects.CertificateProfile;
 import club.wpia.gigi.dbObjects.Digest;
 import club.wpia.gigi.dbObjects.Domain;
 import club.wpia.gigi.dbObjects.Job;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.pages.account.certs.CertificateRequest;
 import club.wpia.gigi.testUtils.ClientTest;
-import club.wpia.gigi.util.AuthorizationContext;
-import club.wpia.gigi.util.CAA;
 
 @RunWith(Parameterized.class)
 public class TestCAAValidation extends ClientTest {
@@ -62,7 +60,7 @@ public class TestCAAValidation extends ClientTest {
 
     @Test
     public void testCAACert() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
-        Domain d = new Domain(u, u, domain);
+        Domain d = new Domain(u, u, PublicSuffixes.getInstance().getRegistrablePart(domain));
         verify(d);
         String csr = generatePEMCSR(generateKeypair(), "CN=test");
         CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);