add enforce_le_validity function

2026-06-08 16:22:18 -04:00 · 2016-09-16 16:08:51 -07:00 · 2016-09-16 16:08:51 -07:00 · f2e0afc96c
commit f2e0afc96c
parent 72ca219097
2 changed files with 53 additions and 0 deletions
--- a/certbot/tests/util_test.py
+++ b/certbot/tests/util_test.py
@ -330,6 +330,31 @@ class AddDeprecatedArgumentTest(unittest.TestCase):
        self.assertTrue("--old-option" not in stdout.getvalue())


+class EnforceLeValidity(unittest.TestCase):
+    """Test enforce_le_validity."""
+    def _call(self, domain):
+        from certbot.util import enforce_le_validity
+        return enforce_le_validity(domain)
+
+    def test_sanity(self):
+        self.assertRaises(errors.ConfigurationError, self._call, u"..")
+
+    def test_invalid_chars(self):
+        self.assertRaises(
+            errors.ConfigurationError, self._call, u"hello_world.example.com")
+
+    def test_leading_hyphen(self):
+        self.assertRaises(
+            errors.ConfigurationError, self._call, u"-a.example.com")
+
+    def test_trailing_hyphen(self):
+        self.assertRaises(
+            errors.ConfigurationError, self._call, u"a-.example.com")
+
+    def test_valid_domain(self):
+        self.assertEqual(self._call(u"example.com"), u"example.com")
+
+
 class EnforceDomainSanityTest(unittest.TestCase):
    """Test enforce_domain_sanity."""

--- a/certbot/util.py
+++ b/certbot/util.py
@ -390,6 +390,34 @@ def add_deprecated_argument(add_argument, argument_name, nargs):
                 help=argparse.SUPPRESS, nargs=nargs)


+def enforce_le_validity(domain):
+    """Checks that Let's Encrypt will consider domain to be valid.
+
+    :param str domain: FQDN to check
+    :type domain: `str` or `unicode`
+    :returns: The domain cast to `str`, with ASCII-only contents
+    :rtype: str
+    :raises ConfigurationError: for invalid domains and cases where Let's
+                                Encrypt currently will not issue certificates
+
+    """
+    domain = enforce_domain_sanity(domain)
+    if not re.match("^[A-Za-z0-9.-]*$", domain):
+        raise errors.ConfigurationError(
+            "{0} contains an invalid character. "
+            "Valid characters are A-Z, a-z, 0-9, ., and -.".format(domain))
+    for label in domain.split("."):
+        if label.startswith("-"):
+            raise errors.ConfigurationError(
+                'label "{0}" in domain "{1}" cannot start with "-"'.format(
+                    label, domain))
+        if label.endswith("-"):
+            raise errors.ConfigurationError(
+                'label "{0}" in domain "{1}" cannot end with "-"'.format(
+                    label, domain))
+    return domain
+
+
 def enforce_domain_sanity(domain):
    """Method which validates domain value and errors out if
    the requirements are not met.