From 4e1d0fb8c8fbe7bca8133dc89d7eeef21edb5063 Mon Sep 17 00:00:00 2001
From: Max Lambrecht <maxlambrecht@gmail.com>
Date: Mon, 22 Jun 2020 16:28:52 -0300
Subject: [PATCH] Fix trust domain host validation.

Signed-off-by: Max Lambrecht <maxlambrecht@gmail.com>
---
 .../src/main/java/io/spiffe/spiffeid/TrustDomain.java  | 10 +++++-----
 .../test/java/io/spiffe/spiffeid/TrustDomainTest.java  |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/java-spiffe-core/src/main/java/io/spiffe/spiffeid/TrustDomain.java b/java-spiffe-core/src/main/java/io/spiffe/spiffeid/TrustDomain.java
index 469d55b..8ac8993 100644
--- a/java-spiffe-core/src/main/java/io/spiffe/spiffeid/TrustDomain.java
+++ b/java-spiffe-core/src/main/java/io/spiffe/spiffeid/TrustDomain.java
@@ -15,7 +15,7 @@ import java.net.URISyntaxException;
 @Value
 public class TrustDomain {
 
-    public static final int TRUST_DOMAIN_MAX_LENGTH = 255;
+    public static final int HOST_MAX_LENGTH = 255;
     String name;
 
     private TrustDomain(final String trustDomain) {
@@ -72,6 +72,10 @@ public class TrustDomain {
         if (StringUtils.isBlank(host)) {
             throw new IllegalArgumentException("Trust domain cannot be empty");
         }
+
+        if (host.length() > HOST_MAX_LENGTH) {
+            throw new IllegalArgumentException("Trust Domain: too long, maximum is 255 bytes");
+        }
     }
 
     private static void validateUri(final URI uri) {
@@ -84,10 +88,6 @@ public class TrustDomain {
         if (port != -1) {
             throw new IllegalArgumentException("Trust Domain: port is not allowed");
         }
-
-        if (uri.toString().length() > TRUST_DOMAIN_MAX_LENGTH) {
-            throw new IllegalArgumentException("Trust Domain: too long, maximum is 255 bytes");
-        }
     }
 
     private static String normalize(String s) {
diff --git a/java-spiffe-core/src/test/java/io/spiffe/spiffeid/TrustDomainTest.java b/java-spiffe-core/src/test/java/io/spiffe/spiffeid/TrustDomainTest.java
index 9ba083f..5f3abba 100644
--- a/java-spiffe-core/src/test/java/io/spiffe/spiffeid/TrustDomainTest.java
+++ b/java-spiffe-core/src/test/java/io/spiffe/spiffeid/TrustDomainTest.java
@@ -40,7 +40,7 @@ public class TrustDomainTest {
     }
     @Test
     void testFromMaxLength() {
-        final String longString = getLongString(246); // 246 = 255(max) - 9('spiffe://' bytes)
+        final String longString = getLongString(255);
         TrustDomain trustDomain = TrustDomain.of(longString);
         assertEquals(longString, trustDomain.toString());
     }