Type: New Feature
Affects Version/s: None
Fix Version/s: EJBCA 7.0.1
Sprint:EJBCA Team Bob - 2019 w6
The domain blacklist checker classes should be implemented. The DomainBlacklistExactMatchChecker class already exists but is just a stub, without implementation.
I suggest that we have three checkers that do the following:
- DomainBlacklistExactMatchChecker: Check if the domain name exists in the blacklist
- DomainBlacklistTopDomainChecker Removes subdomain one by one, and checks.
- DomainBlacklistComponentChecker: Split the domain into peices by "." and check if any piece is present in the blacklist
The methods return false if blocked by blacklist.
For example, with the blacklist ("bank", "paypal.com") and all of the above checkers we would have the following results:.
bank.com --> Blocked by ComponentChecker
test.bank.com --> Blocked by ComponentChecker
memorybank.com --> Allowed by all
paypal.com --> Blocked by - ExactMatchChecker and TopDomainChecker
login.paypal.com --> Blocked by TopDomainChecker
paypal.org --> Allowed by all
A unit test should be created also.