Add wildcard match to acme domains

2018-03-27 10:18:03 -04:00 · 2018-03-27 10:18:03 -04:00 · f1a05ab73c
commit f1a05ab73c
parent 4c85a41bfb
7 changed files with 219 additions and 34 deletions
--- a/types/domain_test.go
+++ b/types/domain_test.go
@ -88,3 +88,95 @@ func TestDomain_Set(t *testing.T) {
 		})
 	}
 }
+
+func TestMatchDomain(t *testing.T) {
+	testCases := []struct {
+		desc       string
+		certDomain string
+		domain     string
+		expected   bool
+	}{
+		{
+			desc:       "exact match",
+			certDomain: "traefik.wtf",
+			domain:     "traefik.wtf",
+			expected:   true,
+		},
+		{
+			desc:       "wildcard and root domain",
+			certDomain: "*.traefik.wtf",
+			domain:     "traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "wildcard and sub domain",
+			certDomain: "*.traefik.wtf",
+			domain:     "sub.traefik.wtf",
+			expected:   true,
+		},
+		{
+			desc:       "wildcard and sub sub domain",
+			certDomain: "*.traefik.wtf",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "double wildcard and sub sub domain",
+			certDomain: "*.*.traefik.wtf",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   true,
+		},
+		{
+			desc:       "sub sub domain and invalid wildcard",
+			certDomain: "sub.*.traefik.wtf",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "sub sub domain and valid wildcard",
+			certDomain: "*.sub.traefik.wtf",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   true,
+		},
+		{
+			desc:       "dot replaced by a cahr",
+			certDomain: "sub.sub.traefik.wtf",
+			domain:     "sub.sub.traefikiwtf",
+			expected:   false,
+		},
+		{
+			desc:       "*",
+			certDomain: "*",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "?",
+			certDomain: "?",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "...................",
+			certDomain: "...................",
+			domain:     "sub.sub.traefik.wtf",
+			expected:   false,
+		},
+		{
+			desc:       "wildcard and *",
+			certDomain: "*.traefik.wtf",
+			domain:     "*.*.traefik.wtf",
+			expected:   false,
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			domains := MatchDomain(test.domain, test.certDomain)
+			assert.Equal(t, test.expected, domains)
+		})
+	}
+}
--- a/types/domains.go
+++ b/types/domains.go
@ -65,3 +65,24 @@ func (ds *Domains) String() string { return fmt.Sprintf("%+v", *ds) }
 func (ds *Domains) SetValue(val interface{}) {
 	*ds = val.([]Domain)
 }
+
+// MatchDomain return true if a domain match the cert domain
+func MatchDomain(domain string, certDomain string) bool {
+	if domain == certDomain {
+		return true
+	}
+
+	for len(certDomain) > 0 && certDomain[len(certDomain)-1] == '.' {
+		certDomain = certDomain[:len(certDomain)-1]
+	}
+
+	labels := strings.Split(domain, ".")
+	for i := range labels {
+		labels[i] = "*"
+		candidate := strings.Join(labels, ".")
+		if certDomain == candidate {
+			return true
+		}
+	}
+	return false
+}