A few improvements to EPP

This commit is contained in:
Pinga 2025-08-03 17:34:34 +03:00
parent 14ab775dca
commit 2f86a543ff
2 changed files with 60 additions and 15 deletions

View file

@ -359,7 +359,7 @@ php icann_mosapi.php
## 11. ICANN RST ## 11. ICANN RST
### 11.1. EPP Server Startup Options ### 11.1. EPP Server Startup
Two launch variants are available: Two launch variants are available:
@ -392,4 +392,50 @@ Two launch variants are available:
After this, your server will be running the RST-compatible implementation under the default name. After this, your server will be running the RST-compatible implementation under the default name.
Both versions share the same logic and configuration. Choose based on your integration requirements. Both versions share the same logic and configuration. Choose based on your integration requirements.
### 11.2. EPP Server Configuration
#### 11.2.1. Modify `/opt/registry/epp/extensions.json`
Ensure the following EPP extensions are **disabled** (i.e., `"enabled": false`) or **enabled** where noted:
```json
{
"urn:ietf:params:xml:ns:epp:loginSec-1.0": {
"enabled": false
},
"urn:ietf:params:xml:ns:epp:unhandled-namespaces-1.0": {
"enabled": false
},
"urn:ietf:params:xml:ns:epp:secure-authinfo-transfer-1.0": {
"enabled": false
},
...
"urn:ietf:params:xml:ns:mark-1.0": {
"enabled": false
},
"https://namingo.org/epp/funds-1.0": {
"enabled": false
},
"https://namingo.org/epp/identica-1.0": {
"enabled": false
}
}
```
#### 11.2.2. Modify `/opt/registry/epp/config.php`
Ensure the following configuration options are present and set to `true`. If the keys do not exist, add them:
```php
<?php
...
// Enforce TLS client certificate validation
'mandatory_client_ssl' => true,
// Disable the 60-day inter-registrar transfer lock
'disable_60days' => true,
];
```

View file

@ -1128,18 +1128,17 @@ function validateTcnId(string $domain, string $noticeId, string $notAfterUtc): b
return hash_equals($tcnChecksum, $crc32Hex); return hash_equals($tcnChecksum, $crc32Hex);
} }
function extractDomainFromHost(string $hostname, array $tlds): ?string { function extractDomainFromHost(string $hostname): ?string {
$hostname = strtolower($hostname); // normalize: lowercase, trim any leading/trailing dots or spaces
foreach ($tlds as $tld) { $hostname = strtolower(trim($hostname, " .\t\n\r\0\x0B"));
$tld = ltrim(strtolower($tld), '.'); // remove dot if present $labels = explode('.', $hostname);
if (str_ends_with($hostname, '.' . $tld)) {
$labels = explode('.', $hostname); // need at least two labels (e.g. foo.com)
$tld_parts = explode('.', $tld); if (count($labels) < 2) {
$domain_parts = array_slice($labels, -count($tld_parts) - 1); // 1 label before TLD return null;
if (count($domain_parts) === count($tld_parts) + 1) {
return implode('.', $domain_parts);
}
}
} }
return null;
// take the last two labels and join them
$last = array_slice($labels, -2);
return implode('.', $last);
} }