Fall back to {vaultId}.kms.{region}.oraclecloud.com for the OCI crypt…

…o endpoint if the oci.oraclecloud.com domain doesn't exist

jsign-core/src/main/java/net/jsign/jca/OracleCloudSigningService.java

@@ -18,6 +18,8 @@
 
 import java.io.IOException;
 import java.net.HttpURLConnection;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
@@ -174,7 +176,21 @@ String getKeyEndpoint(String keyId) {
         String region = matcher.group(1);
         String vaultId = matcher.group(2);
 
-        return "https://" + vaultId + "-crypto.kms." + region + ".oci.oraclecloud.com";
+        String hostname = vaultId + "-crypto.kms." + region + ".oci.oraclecloud.com";
+        if (isUnknownHost(hostname)) {
+            hostname = vaultId + "-crypto.kms." + region + ".oraclecloud.com";
+        }
+
+        return "https://" + hostname;
+    }
+
+    boolean isUnknownHost(String hostname) {
+        try {
+            InetAddress.getByName(hostname);
+            return false;
+        } catch (UnknownHostException uhe) {
+            return true;
+        }
     }
 
     /**

jsign-core/src/test/java/net/jsign/jca/OracleCloudSigningServiceTest.java

@@ -116,6 +116,15 @@ public void testGetKeyEndpointWithInvalidKey() throws Exception {
         }
     }
 
+    @Test
+    public void testIsUnknownHost() throws Exception {
+        OracleCloudCredentials credentials = getCredentials();
+        OracleCloudSigningService service = new OracleCloudSigningService(credentials, alias -> null);
+
+        assertFalse(service.isUnknownHost("google.com"));
+        assertTrue(service.isUnknownHost("google.jsign"));
+    }
+
     @Test
     public void testGetAliases() throws Exception {
         onRequest()