mirror of
https://github.com/getnamingo/registry.git
synced 2025-07-21 01:55:59 +02:00
RST updates and fixes
This commit is contained in:
Pinga
parent
2515b8c6df
commit
1c79be37a6
8 changed files with 231 additions and 49 deletions
|
|
@ -142,9 +142,9 @@ class DomainsController extends Controller
|
|||
$contactAdmin = $data['contactAdmin'] ?? null;
|
||||
$contactTech = $data['contactTech'] ?? null;
|
||||
$contactBilling = $data['contactBilling'] ?? null;
|
||||
|
||||
|
||||
$phaseType = $data['phaseType'] ?? 'none';
|
||||
$phaseName = $data['phaseName'] ?? null;
|
||||
$phaseName = isset($data['phaseName']) && trim($data['phaseName']) !== '' ? $data['phaseName'] : null;
|
||||
|
||||
$token = $data['token'] ?? null;
|
||||
|
||||
|
|
@ -169,17 +169,19 @@ class DomainsController extends Controller
|
|||
$smdFile = $uploadedFiles['smd'] ?? null;
|
||||
$smd = null;
|
||||
|
||||
if ($smdFile && $smdFile->getError() === UPLOAD_ERR_OK) {
|
||||
$smd = $smdFile->getStream()->getContents();
|
||||
$smd_filename = $smdFile->getClientFilename();
|
||||
|
||||
if (pathinfo($smd_filename, PATHINFO_EXTENSION) !== 'smd') {
|
||||
$this->container->get('flash')->addMessage('error', 'Only .smd files are allowed');
|
||||
if ($phaseType === 'sunrise' || $phaseType === 'landrush') {
|
||||
if ($smdFile && $smdFile->getError() === UPLOAD_ERR_OK) {
|
||||
$smd = $smdFile->getStream()->getContents();
|
||||
$smd_filename = $smdFile->getClientFilename();
|
||||
|
||||
if (pathinfo($smd_filename, PATHINFO_EXTENSION) !== 'smd') {
|
||||
$this->container->get('flash')->addMessage('error', 'Only .smd files are allowed');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'SMD file upload failed');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', 'SMD file upload failed');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
|
||||
if ($invalid_domain) {
|
||||
|
|
@ -230,6 +232,10 @@ class DomainsController extends Controller
|
|||
[$tld_id, $currentDate, $currentDate]
|
||||
);
|
||||
|
||||
$noticeid = null;
|
||||
$notafter = null;
|
||||
$accepted = null;
|
||||
|
||||
// Check if the phase requires application submission
|
||||
if ($phase_details && $phase_details === 'Application') {
|
||||
$this->container->get('flash')->addMessage('error', 'Domain registration is not allowed for this TLD. You must submit a new application instead.');
|
||||
|
|
@ -255,7 +261,7 @@ class DomainsController extends Controller
|
|||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($phaseType === 'claims') {
|
||||
if (!isset($data['noticeid']) || $data['noticeid'] === '' ||
|
||||
!isset($data['notafter']) || $data['notafter'] === '' ||
|
||||
|
|
@ -267,12 +273,32 @@ class DomainsController extends Controller
|
|||
$noticeid = $data['noticeid'];
|
||||
$notafter = $data['notafter'];
|
||||
$accepted = $data['accepted'];
|
||||
} else {
|
||||
$noticeid = null;
|
||||
$notafter = null;
|
||||
$accepted = null;
|
||||
|
||||
// Validate that acceptedDate is before notAfter
|
||||
try {
|
||||
$acceptedDate = DateTime::createFromFormat('Y-m-d\TH:i:s.u\Z', $data['accepted']);
|
||||
$notAfterDate = DateTime::createFromFormat('Y-m-d\TH:i:s.u\Z', $data['notafter']);
|
||||
|
||||
if (!$acceptedDate || !$notAfterDate) {
|
||||
$this->container->get('flash')->addMessage('error', "Invalid date format");
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
|
||||
if ($acceptedDate >= $notAfterDate) {
|
||||
$this->container->get('flash')->addMessage('error', "Invalid dates: acceptedDate must be before notAfter");
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
} catch (Exception $e) {
|
||||
$this->container->get('flash')->addMessage('error', "Invalid date format");
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
|
||||
if (!validateTcnId($domainName, $noticeid, $data['notafter'])) {
|
||||
$this->container->get('flash')->addMessage('error', "Invalid TMCH claims noticeID format");
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if ($phaseType === 'sunrise') {
|
||||
if ($smd !== null && $smd !== '') {
|
||||
// Extract the BASE64 encoded part
|
||||
|
|
@ -301,6 +327,28 @@ class DomainsController extends Controller
|
|||
$certPem = "-----BEGIN CERTIFICATE-----\n" .
|
||||
chunk_split($certBase64, 64, "\n") .
|
||||
"-----END CERTIFICATE-----\n";
|
||||
|
||||
// Load the SMD certificate
|
||||
$x509 = new \phpseclib3\File\X509();
|
||||
$cert = $x509->loadX509($certPem);
|
||||
$serial = strtoupper($cert['tbsCertificate']['serialNumber']->toHex()); // serial as hex
|
||||
|
||||
// Get latest CRL from DB
|
||||
$crlDer = $db->selectValue('SELECT content FROM tmch_crl ORDER BY update_timestamp DESC LIMIT 1');
|
||||
|
||||
// Load and parse the CRL
|
||||
$crl = new \phpseclib3\File\X509();
|
||||
$crlData = $crl->loadCRL($crlDer);
|
||||
|
||||
// Check revoked serials
|
||||
$revoked = $crlData['tbsCertList']['revokedCertificates'] ?? [];
|
||||
foreach ($revoked as $entry) {
|
||||
$revokedSerial = strtoupper($entry['userCertificate']->toHex());
|
||||
if ($revokedSerial === $serial) {
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: SMD certificate has been revoked');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
||||
$notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)'));
|
||||
$notafter = new \DateTime($xpath->evaluate('string(//smd:notAfter)'));
|
||||
|
|
@ -312,14 +360,14 @@ class DomainsController extends Controller
|
|||
}
|
||||
|
||||
if (!in_array($label, $labels)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: SMD file is not valid for the domain name being registered.');
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: SMD file is not valid for the domain name being registered');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
|
||||
// Check if current date and time is between notBefore and notAfter
|
||||
$now = new \DateTime();
|
||||
if (!($now >= $notBefore && $now <= $notafter)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: Current time is outside the valid range in the SMD.');
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: Current time is outside the valid range in the SMD');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
|
||||
|
|
@ -339,11 +387,11 @@ class DomainsController extends Controller
|
|||
$accepted = (new \DateTime())->format('Y-m-d H:i:s.v');
|
||||
|
||||
if (!$dsig->verify($key, $signatureNode)) {
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: The XML signature of the SMD file is not valid.');
|
||||
$this->container->get('flash')->addMessage('error', 'Error creating domain: The XML signature of the SMD file is not valid');
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
} else {
|
||||
$this->container->get('flash')->addMessage('error', "Error creating domain: SMD upload is required in the 'sunrise' phase.");
|
||||
$this->container->get('flash')->addMessage('error', "Error creating domain: SMD upload is required in the 'sunrise' phase");
|
||||
return $response->withHeader('Location', '/domain/create')->withStatus(302);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue