]> WPIA git - gigi.git/commitdiff
projects / gigi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: 2232d7b)
add: additional check for ip-addresses as domains
authorFelix Dörre <felix@dogcraft.de>
Tue, 23 Feb 2016 20:34:19 +0000 (21:34 +0100)
committerFelix Dörre <felix@dogcraft.de>
Thu, 7 Apr 2016 11:52:05 +0000 (13:52 +0200)
src/org/cacert/gigi/dbObjects/Domain.java patch | blob | history
tests/org/cacert/gigi/DomainVerification.java patch | blob | history

diff --git a/src/org/cacert/gigi/dbObjects/Domain.java b/src/org/cacert/gigi/dbObjects/Domain.java
index e5d66a93f08f0ca5ea31638b0fd9951aae7122a5..19594d7d3678d95ef94f6250231f7a76cd28cd0d 100644 (file)
--- a/src/org/cacert/gigi/dbObjects/Domain.java
+++ b/src/org/cacert/gigi/dbObjects/Domain.java
@@ -73,6 +73,12 @@ public class Domain implements IdCachable, Verifyable {
         if ( !s.equals(publicSuffix)) {
             throw new GigiApiException("You may only register a domain with exactly one lable before the public suffix.");
         }
+        if (("." + s).matches("(.[0-9]*)*")) {
+            // This is not reached because we currently have no TLD that is
+            // numbers only. But who knows..
+            // Better safe than sorry.
+            throw new GigiApiException("IP Addresses are not allowed");
+        }
         checkPunycode(parts[0], s.substring(parts[0].length() + 1));
     }
 
diff --git a/tests/org/cacert/gigi/DomainVerification.java b/tests/org/cacert/gigi/DomainVerification.java
index bc6f5fdbcd12fa4bc9341122c8ed3cc2cfed4c3f..cd31f8ef097b4e290b377b5887cf1259ab567826 100644 (file)
--- a/tests/org/cacert/gigi/DomainVerification.java
+++ b/tests/org/cacert/gigi/DomainVerification.java
@@ -62,6 +62,11 @@ public class DomainVerification {
         isCertifyableDomain(false, "xn--a-zfa9cya.com", true);
         isCertifyableDomain(true, "zfa9cya.com", true);
 
+        isCertifyableDomain(false, "127.0.0.1", false);
+        isCertifyableDomain(false, "::1", false);
+        isCertifyableDomain(false, "127.0.0.1", true);
+        isCertifyableDomain(false, "::1", true);
+
     }
 
     private void isCertifyableDomain(boolean b, String string, boolean puny) {
WPIA Certificate Web Issuance Platform