zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-07-12 13:58:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

RST updates and fixes

Browse source
This commit is contained in:
Pinga 2025-05-12 11:20:23 +03:00
parent 2515b8c6df
commit 1c79be37a6
8 changed files with 231 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

34
epp/src/epp-create.php
View file

@ -88,7 +88,7 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet1) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1) ||
strlen($postalInfoIntStreet1) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
@ -99,7 +99,7 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet2) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2) ||
strlen($postalInfoIntStreet2) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
@ -110,7 +110,7 @@ function processContactCreate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet3) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3) ||
strlen($postalInfoIntStreet3) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
@ -690,8 +690,8 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
return;
}
if (strlen($noticeid) !== 27 || !ctype_alnum($noticeid)) {
sendEppError($conn, $db, 2306, 'Invalid noticeID format', $clTRID, $trans);
if (!validateTcnId($domainName, $noticeid, $launch_notAfter)) {
sendEppError($conn, $db, 2306, 'Invalid TMCH claims noticeID format', $clTRID, $trans);
}
} elseif ($launch_phase === 'landrush') {
// Continue
@ -824,6 +824,30 @@ function processDomainCreate($conn, $db, $xml, $clid, $database_type, $trans, $m
$certPem = "-----BEGIN CERTIFICATE-----\n" .
chunk_split($certBase64, 64, "\n") .
"-----END CERTIFICATE-----\n";
// Load the SMD certificate
$x509 = new \phpseclib3\File\X509();
$cert = $x509->loadX509($certPem);
$serial = strtoupper($cert['tbsCertificate']['serialNumber']->toHex()); // serial as hex
// Get latest CRL from DB
$stmt = $db->query("SELECT content FROM tmch_crl ORDER BY update_timestamp DESC LIMIT 1");
$crlDer = $stmt->fetchColumn();
$stmt->closeCursor();
// Load and parse the CRL
$crl = new \phpseclib3\File\X509();
$crlData = $crl->loadCRL($crlDer);
// Check revoked serials
$revoked = $crlData['tbsCertList']['revokedCertificates'] ?? [];
foreach ($revoked as $entry) {
$revokedSerial = strtoupper($entry['userCertificate']->toHex());
if ($revokedSerial === $serial) {
sendEppError($conn, $db, 2306, 'Error creating domain: SMD certificate has been revoked.', $clTRID, $trans);
return;
}
}
$notBefore = new \DateTime($xpath->evaluate('string(//smd:notBefore)'));
$notafter = new \DateTime($xpath->evaluate('string(//smd:notAfter)'));

6
epp/src/epp-update.php
View file

@ -188,7 +188,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet1) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet1) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet1) ||
strlen($postalInfoIntStreet1) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
@ -199,7 +199,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet2) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet2) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet2) ||
strlen($postalInfoIntStreet2) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);
@ -210,7 +210,7 @@ function processContactUpdate($conn, $db, $xml, $clid, $database_type, $trans) {
if ($postalInfoIntStreet3) {
if (
preg_match('/(^\-)|(^\,)|(^\.)|(\-\-)|(\,\,)|(\.\.)|(\-$)/', $postalInfoIntStreet3) ||
!preg_match('/^[a-zA-Z0-9\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3) ||
!preg_match('/^[a-zA-Z0-9\'\-\&\,\.\/\s]{5,}$/', $postalInfoIntStreet3) ||
strlen($postalInfoIntStreet3) > 255
) {
sendEppError($conn, $db, 2005, 'Invalid contact:street', $clTRID, $trans);

30
epp/src/helpers.php
View file

@ -1069,4 +1069,34 @@ function normalizeDatetime($input) {
$dt = DateTime::createFromFormat('Y-m-d\TH:i:s.v\Z', $input);
return $dt ? $dt->format('Y-m-d H:i:s.v') : null;
}
function validateTcnId(string $domain, string $noticeId, string $notAfterUtc): bool
{
// Ensure ID is at least 9 chars (8 for checksum + 1 for notice number)
if (strlen($noticeId) < 9) return false;
$tcnChecksum = substr($noticeId, 0, 8); // First 8 hex chars
$noticeNumber = substr($noticeId, 8); // Rest is TMDB Notice Identifier
// Validate numeric part
if (!ctype_digit($noticeNumber)) return false;
// Convert domain to ASCII and get leftmost label
$asciiDomain = idn_to_ascii($domain, IDNA_DEFAULT, INTL_IDNA_VARIANT_UTS46);
$leftmostLabel = explode('.', $asciiDomain)[0];
// Convert notAfter to Unix time
$notAfterTimestamp = strtotime($notAfterUtc);
if ($notAfterTimestamp === false) return false;
// Build the checksum input string
$input = $leftmostLabel . $notAfterTimestamp . $noticeNumber;
// Compute CRC32 as unsigned int, then format as 8-digit lowercase hex
$crc32 = hash('crc32b', $input);
$crc32Hex = str_pad(strtolower($crc32), 8, '0', STR_PAD_LEFT);
// Compare
return hash_equals($tcnChecksum, $crc32Hex);
}