From: Felix Dörre <felix@dogcraft.de>
Date: Mon, 27 Feb 2017 20:03:12 +0000 (+0100)
Subject: fix: CAA records on non-existing domains
X-Git-Url: https://code.wpia.club/?p=gigi.git;a=commitdiff_plain;h=2e29aaa24f73b7ce63b1927470cdf8242cebb129

fix: CAA records on non-existing domains

Change-Id: Iad8984a5249595272203dbdf85590359683f1267
---

diff --git a/src/club/wpia/gigi/util/CAA.java b/src/club/wpia/gigi/util/CAA.java
index 7100b557..df8b1f5f 100644
--- a/src/club/wpia/gigi/util/CAA.java
+++ b/src/club/wpia/gigi/util/CAA.java
@@ -87,6 +87,9 @@ public class CAA {
     private static CAARecord[] getEffectiveCAARecords(String name) throws NamingException {
         CAARecord[] caa = DNSUtil.getCAAEntries(name);
         String publicSuffix = PublicSuffixes.getInstance().getRegistrablePart(name);
+        if (name.equals(publicSuffix)) {
+            return caa;
+        }
         // TODO missing alias processing
         while (caa.length == 0 && name.contains(".")) {
             name = name.split("\\.", 2)[1];
diff --git a/src/club/wpia/gigi/util/DNSUtil.java b/src/club/wpia/gigi/util/DNSUtil.java
index 5bec9969..af664359 100644
--- a/src/club/wpia/gigi/util/DNSUtil.java
+++ b/src/club/wpia/gigi/util/DNSUtil.java
@@ -4,6 +4,7 @@ import java.util.Arrays;
 import java.util.Hashtable;
 
 import javax.naming.Context;
+import javax.naming.NameNotFoundException;
 import javax.naming.NamingException;
 import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
@@ -72,10 +73,15 @@ public class DNSUtil {
         Hashtable<String, String> env = new Hashtable<String, String>();
         env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.dns.DnsContextFactory");
         InitialDirContext context = new InitialDirContext(env);
-
-        Attributes dnsLookup = context.getAttributes(domain, new String[] {
-                "257"
-        });
+        Attributes dnsLookup;
+        try {
+            dnsLookup = context.getAttributes(domain, new String[] {
+                    "257"
+            });
+        } catch (NameNotFoundException e) {
+            // We treat non-existing names as names without CAA-records
+            return new CAARecord[0];
+        }
         Attribute nsRecords = dnsLookup.get("257");
         if (nsRecords == null) {
             return new CAARecord[] {};
diff --git a/tests/club/wpia/gigi/util/TestCAAValidation.java b/tests/club/wpia/gigi/util/TestCAAValidation.java
index b1db8b60..a7625700 100644
--- a/tests/club/wpia/gigi/util/TestCAAValidation.java
+++ b/tests/club/wpia/gigi/util/TestCAAValidation.java
@@ -16,15 +16,13 @@ import org.junit.runners.Parameterized.Parameters;
 
 import club.wpia.gigi.GigiApiException;
 import club.wpia.gigi.dbObjects.Certificate;
+import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.dbObjects.CertificateProfile;
 import club.wpia.gigi.dbObjects.Digest;
 import club.wpia.gigi.dbObjects.Domain;
 import club.wpia.gigi.dbObjects.Job;
-import club.wpia.gigi.dbObjects.Certificate.CertificateStatus;
 import club.wpia.gigi.pages.account.certs.CertificateRequest;
 import club.wpia.gigi.testUtils.ClientTest;
-import club.wpia.gigi.util.AuthorizationContext;
-import club.wpia.gigi.util.CAA;
 
 @RunWith(Parameterized.class)
 public class TestCAAValidation extends ClientTest {
@@ -62,7 +60,7 @@ public class TestCAAValidation extends ClientTest {
 
     @Test
     public void testCAACert() throws GeneralSecurityException, IOException, GigiApiException, InterruptedException {
-        Domain d = new Domain(u, u, domain);
+        Domain d = new Domain(u, u, PublicSuffixes.getInstance().getRegistrablePart(domain));
         verify(d);
         String csr = generatePEMCSR(generateKeypair(), "CN=test");
         CertificateRequest cr = new CertificateRequest(new AuthorizationContext(u, u), csr);