修复通配符域名多级子域名判定错误

dromara · Jul 5, 2024 · a7e36c9 · a7e36c9
1 parent 6630c8c
commit a7e36c9
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 8 deletions.
diff --git a/domain_admin/utils/domain_util.py b/domain_admin/utils/domain_util.py
@@ -225,6 +225,10 @@ def encode_hostname(hostname):
 def verify_cert_common_name(common_name, domain):
     """
     验证证书
+    https://www.cnblogs.com/weifeng1463/p/12719027.html
+
+    所有品牌的通配符证书 SSL只能支持域名本身及下一级的所有子域名，而不是无限级支持子域名。
+
     :param common_name:
     :param domain:
     :return:
@@ -233,14 +237,35 @@ def verify_cert_common_name(common_name, domain):
 
     if '*' in common_name:
         # 通配符 SSL 证书
-        common_name_root_domain = get_root_domain(common_name)
-        root_domain = get_root_domain(domain)
-        return common_name_root_domain == root_domain
+        common_name_root_domain = get_domain_parent(common_name)
+        root_domain = get_domain_parent(domain)
+        return common_name_root_domain == root_domain \
+               or common_name_root_domain == domain
     else:
         # 普通证书
         return common_name == domain
 
 
+def get_domain_parent(domain):
+    """
+    获取父级域名
+    :param domain:
+    :return:
+    eg:
+    www.chinafruitime.com => chinafruitime.com
+    blog.www.chinafruitime.com => www.chinafruitime.com
+    """
+    if not domain:
+        return ''
+
+    first_dot_index = domain.find('.')
+
+    if first_dot_index < 0:
+        return ''
+
+    return domain[first_dot_index + 1:]
+
+
 if __name__ == '__main__':
     # print(get_root_domain("*.juejin.cn"))
     print(get_subdomain("chinafruitime.com"))
diff --git a/domain_admin/utils/icp_util/icp_api/uomg_icp_api.py b/domain_admin/utils/icp_util/icp_api/uomg_icp_api.py
@@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : uomg_icp_api.py
+@Date    : 2024-07-04
+"""
+import requests
+
+from domain_admin.utils.icp_util.icp_item import ICPItem
+
+
+def get_icp_from_uomg(domain):
+    """
+    https://api.uomg.com/doc-icp.html#api
+    https://github.com/mouday/domain-admin/issues/112
+    {
+        "code": 1,
+        "domain": "baidu.com",
+        "icp": "京ICP证030173号"
+    }
+
+    {
+        "code": 1,
+        "domain": "baidu1.com",
+        "icp": "未备案"
+    }
+    """
+    url = 'https://api.uomg.com/api/icp'
+
+    data = {
+        "domain": domain
+    }
+
+    # 发送GET请求
+    response = requests.get(url, params=data)
+    print(response.text)
+    res = response.json()
+    if res.get('icp') == '未备案':
+        raise Exception('未备案')
+
+    data = res
+
+    item = ICPItem()
+    item.name = data.get('')
+    item.icp = data.get('icp')
+
+    return item
+
+
+if __name__ == '__main__':
+    print(get_icp_from_uomg('baidu.com').to_dict())
diff --git a/domain_admin/utils/icp_util/icp_api/vvhan_icp_api.py b/domain_admin/utils/icp_util/icp_api/vvhan_icp_api.py
@@ -50,3 +50,7 @@ def get_icp_from_vvhan(domain):
     item.icp = info.get('icp', '')
 
     return item
+
+
+if __name__ == '__main__':
+    print(get_icp_from_vvhan('qq.com'))
diff --git a/domain_admin/utils/icp_util/icp_main.py b/domain_admin/utils/icp_util/icp_main.py
@@ -6,7 +6,7 @@
 from __future__ import print_function, unicode_literals, absolute_import, division
 
 from domain_admin.utils import json_util
-from domain_admin.utils.icp_util.icp_api import uutool_icp_api
+from domain_admin.utils.icp_util.icp_api import uutool_icp_api, uomg_icp_api
 
 
 def get_icp(domain):
@@ -17,12 +17,10 @@ def get_icp(domain):
     :param domain:
     :return: ICPItem
     """
-    # item = ICPItem()
-    # return item.to_dict()
     # 第三方接口
-    return uutool_icp_api.get_icp_from_uutool(domain)
+    return uomg_icp_api.get_icp_from_uomg(domain)
 
 
 if __name__ == '__main__':
     # print(json_util.json_encode(get_icp('baidu.com'), indent=2, ensure_ascii=False))
-    print(json_util.json_encode(get_icp('baidu.com'), indent=2, ensure_ascii=False))
+    print(json_util.json_encode(get_icp('qq.com'), indent=2, ensure_ascii=False))
diff --git a/tests/utils/domain_util_test.py b/tests/utils/domain_util_test.py
@@ -68,3 +68,18 @@ def test_encode_hostname(self):
         assert domain_util.encode_hostname('baidu.中国') == 'baidu.xn--fiqs8s'
 
         assert domain_util.encode_hostname('百度.中国') == 'xn--wxtr44c.xn--fiqs8s'
+
+    def test_verify_cert_common_name(self):
+        assert domain_util.verify_cert_common_name('chinafruitime.com', 'chinafruitime.com') is True
+        assert domain_util.verify_cert_common_name('*.chinafruitime.com', 'chinafruitime.com') is True
+        assert domain_util.verify_cert_common_name('*.chinafruitime.com', 'www.chinafruitime.com') is True
+        assert domain_util.verify_cert_common_name('*.chinafruitime.com', 'blog.www.chinafruitime.com') is False
+        assert domain_util.verify_cert_common_name('xxx.com', 'yyy.com') is False
+
+    def test_get_domain_parent(self):
+        assert domain_util.get_domain_parent('www.chinafruitime.com') == 'chinafruitime.com'
+        assert domain_util.get_domain_parent('blog.www.chinafruitime.com') == 'www.chinafruitime.com'
+        assert domain_util.get_domain_parent('ok.www.chinafruitime.com') == 'www.chinafruitime.com'
+        assert domain_util.get_domain_parent('*.www.chinafruitime.com') == 'www.chinafruitime.com'
+        assert domain_util.get_domain_parent('www') == ''
+        assert domain_util.get_domain_parent('') == ''