A few improvements to EPP

2025-08-22 17:10:48 +02:00 · 2025-08-03 17:34:34 +03:00 · 2025-08-03 17:34:34 +03:00 · 2f86a543ff
commit 2f86a543ff
parent 14ab775dca
2 changed files with 60 additions and 15 deletions
--- a/docs/gtld.md
+++ b/docs/gtld.md
@ -359,7 +359,7 @@ php icann_mosapi.php

 ## 11. ICANN RST

-### 11.1. EPP Server Startup Options
+### 11.1. EPP Server Startup

 Two launch variants are available:

@ -393,3 +393,49 @@ Two launch variants are available:
  After this, your server will be running the RST-compatible implementation under the default name.

 Both versions share the same logic and configuration. Choose based on your integration requirements.
+
+### 11.2. EPP Server Configuration
+
+#### 11.2.1. Modify `/opt/registry/epp/extensions.json`
+
+Ensure the following EPP extensions are **disabled** (i.e., `"enabled": false`) or **enabled** where noted:
+
+```json
+{
+  "urn:ietf:params:xml:ns:epp:loginSec-1.0": {
+    "enabled": false
+  },
+  "urn:ietf:params:xml:ns:epp:unhandled-namespaces-1.0": {
+    "enabled": false
+  },
+  "urn:ietf:params:xml:ns:epp:secure-authinfo-transfer-1.0": {
+    "enabled": false
+  },
+  ...
+  "urn:ietf:params:xml:ns:mark-1.0": {
+    "enabled": false
+  },
+  "https://namingo.org/epp/funds-1.0": {
+    "enabled": false
+  },
+  "https://namingo.org/epp/identica-1.0": {
+    "enabled": false
+  }
+}
+```
+
+#### 11.2.2. Modify `/opt/registry/epp/config.php`
+
+Ensure the following configuration options are present and set to `true`. If the keys do not exist, add them:
+
+```php
+<?php
+...
+    // Enforce TLS client certificate validation
+    'mandatory_client_ssl' => true,
+
+    // Disable the 60-day inter-registrar transfer lock
+    'disable_60days' => true,
+
+];
+```
--- a/epp/src/helpers.php
+++ b/epp/src/helpers.php
@ -1128,18 +1128,17 @@ function validateTcnId(string $domain, string $noticeId, string $notAfterUtc): b
    return hash_equals($tcnChecksum, $crc32Hex);
 }

-function extractDomainFromHost(string $hostname, array $tlds): ?string {
-    $hostname = strtolower($hostname);
-    foreach ($tlds as $tld) {
-        $tld = ltrim(strtolower($tld), '.'); // remove dot if present
-        if (str_ends_with($hostname, '.' . $tld)) {
-            $labels = explode('.', $hostname);
-            $tld_parts = explode('.', $tld);
-            $domain_parts = array_slice($labels, -count($tld_parts) - 1); // 1 label before TLD
-            if (count($domain_parts) === count($tld_parts) + 1) {
-                return implode('.', $domain_parts);
-            }
-        }
+function extractDomainFromHost(string $hostname): ?string {
+    // normalize: lowercase, trim any leading/trailing dots or spaces
+    $hostname = strtolower(trim($hostname, " .\t\n\r\0\x0B"));
+    $labels   = explode('.', $hostname);
+    
+    // need at least two labels (e.g. foo.com)
+    if (count($labels) < 2) {
+        return null;
    }
-    return null;
+    
+    // take the last two labels and join them
+    $last = array_slice($labels, -2);
+    return implode('.', $last);
 }