SSL: accept wildcard domains matching

2018-07-05 16:02:58 +02:00 · 2018-07-05 16:02:58 +02:00 · 6f7a36a38e
parent 5117ee1e89
commit 6f7a36a38e
3 changed files with 25 additions and 2 deletions
--- a/app/services/ssl/parser.rb
+++ b/app/services/ssl/parser.rb
@ -33,8 +33,14 @@ module SSL
      raise
    end

-    def match_domain?(raw)
-      raw.match(/\b#{domain}\b/).present?
+    def match_domain?(raw, tested_domain = domain)
+      return true if raw.match(/\b#{tested_domain}\b/).present?
+      parts = tested_domain.split(".")
+
+      return false if parts.count <= 2
+
+      parts.shift
+      match_domain?(raw, parts.join("."))
    end

    def build_response(match)
--- a/test/fixtures/files/ssl/wildcard.domain.org.txt
+++ b/test/fixtures/files/ssl/wildcard.domain.org.txt
@ -0,0 +1 @@
+OK - Certificate 'domain.org' will expire on Sat 10 Jun 2028 09:14:18 AM GMT +0000.
--- a/test/services/ssl/parser_test.rb
+++ b/test/services/ssl/parser_test.rb
@ -31,7 +31,23 @@ module SSL
      assert_raises DomainNotMatchError do
        parser.parse(output)
      end
+    test "should accept responses for wildcard certificates" do
+      parser = Parser.new("ssl1.domain.org")
+      output = file_fixture("ssl/wildcard.domain.org.txt").read
+
+      response = parser.parse(output)
+
+      assert_equal Time.new(2028, 6, 10, 9, 14, 18, 0), response.expire_at
+      assert response.expire_at.utc?
+
+      parser = Parser.new("deep.ssl1.domain.org")
+      output = file_fixture("ssl/wildcard.domain.org.txt").read
+
+      response = parser.parse(output)
+
+      assert_equal Time.new(2028, 6, 10, 9, 14, 18, 0), response.expire_at
    end
+
    test "should raises InvalidResponseError when check response is not matched" do
      parser = Parser.new("ssl100.invalid.org")
      output = file_fixture("ssl/ssl100.invalid.org.txt").read
				`@ -0,0 +1 @@`
				`OK - Certificate 'domain.org' will expire on Sat 10 Jun 2028 09:14:18 AM GMT +0000.`