diff --git a/java/google/registry/flows/ResourceFlowUtils.java b/java/google/registry/flows/ResourceFlowUtils.java index 82fc8c294..d43e1c76a 100644 --- a/java/google/registry/flows/ResourceFlowUtils.java +++ b/java/google/registry/flows/ResourceFlowUtils.java @@ -15,6 +15,7 @@ package google.registry.flows; import static com.google.common.base.Preconditions.checkState; +import static com.google.common.collect.Iterables.tryFind; import static com.google.common.collect.Sets.intersection; import static google.registry.model.EppResourceUtils.loadByForeignKey; import static google.registry.model.EppResourceUtils.queryDomainsUsingResource; @@ -50,7 +51,6 @@ import google.registry.model.contact.ContactResource; import google.registry.model.domain.DomainBase; import google.registry.model.domain.DomainResource; import google.registry.model.eppcommon.AuthInfo; -import google.registry.model.eppcommon.AuthInfo.BadAuthInfoException; import google.registry.model.eppcommon.StatusValue; import google.registry.model.eppcommon.Trid; import google.registry.model.index.ForeignKeyIndex; @@ -318,29 +318,67 @@ public final class ResourceFlowUtils { } } - /** Check that the given AuthInfo is either missing or else is valid for the given resource. */ - public static void verifyOptionalAuthInfoForResource( - Optional authInfo, EppResource resource) throws EppException { - if (authInfo.isPresent()) { - verifyAuthInfoForResource(authInfo.get(), resource); - } - } - - /** Check that the given AuthInfo is present and valid for a resource being transferred. */ - public static void verifyRequiredAuthInfoForResourceTransfer( - Optional authInfo, EppResource existingResource) throws EppException { + /** Check that the given AuthInfo is present for a resource being transferred. */ + public static void verifyAuthInfoPresentForResourceTransfer(Optional authInfo) + throws EppException { if (!authInfo.isPresent()) { throw new MissingTransferRequestAuthInfoException(); } - verifyOptionalAuthInfoForResource(authInfo, existingResource); } - /** Check that the given AuthInfo is valid for the given resource. */ - public static void verifyAuthInfoForResource(AuthInfo authInfo, EppResource resource) + /** Check that the given AuthInfo is either missing or else is valid for the given resource. */ + public static void verifyOptionalAuthInfo( + Optional authInfo, ContactResource contact) throws EppException { + if (authInfo.isPresent()) { + verifyAuthInfo(authInfo.get(), contact); + } + } + + /** Check that the given AuthInfo is either missing or else is valid for the given resource. */ + public static void verifyOptionalAuthInfo( + Optional authInfo, DomainBase domain) throws EppException { + if (authInfo.isPresent()) { + verifyAuthInfo(authInfo.get(), domain); + } + } + + /** Check that the given {@link AuthInfo} is valid for the given domain. */ + public static void verifyAuthInfo(AuthInfo authInfo, DomainBase domain) throws EppException { + final String authRepoId = authInfo.getPw().getRepoId(); + String authPassword = authInfo.getPw().getValue(); + if (authRepoId == null) { + // If no roid is specified, check the password against the domain's password. + String domainPassword = domain.getAuthInfo().getPw().getValue(); + if (!domainPassword.equals(authPassword)) { + throw new BadAuthInfoForResourceException(); + } + return; + } + // The roid should match one of the contacts. + Optional> foundContact = tryFind( + domain.getReferencedContacts(), + new Predicate>() { + @Override + public boolean apply(Key key) { + return key.getName().equals(authRepoId); + }}); + if (!foundContact.isPresent()) { + throw new BadAuthInfoForResourceException(); + } + // Check the authInfo against the contact. + verifyAuthInfo(authInfo, ofy().load().key(foundContact.get()).now()); + } + + /** Check that the given {@link AuthInfo} is valid for the given contact. */ + public static void verifyAuthInfo(AuthInfo authInfo, ContactResource contact) throws EppException { - try { - authInfo.verifyAuthorizedFor(resource); - } catch (BadAuthInfoException e) { + String authRepoId = authInfo.getPw().getRepoId(); + String authPassword = authInfo.getPw().getValue(); + String contactPassword = contact.getAuthInfo().getPw().getValue(); + if (!contactPassword.equals(authPassword) + // It's unnecessary to specify a repoId on a contact auth info, but if it's there validate + // it. The usual case of this is validating a domain's auth using this method. + || (authRepoId != null && !authRepoId.equals(contact.getRepoId()))) { throw new BadAuthInfoForResourceException(); } } diff --git a/java/google/registry/flows/contact/ContactDeleteFlow.java b/java/google/registry/flows/contact/ContactDeleteFlow.java index 13600b7f7..794177b7e 100644 --- a/java/google/registry/flows/contact/ContactDeleteFlow.java +++ b/java/google/registry/flows/contact/ContactDeleteFlow.java @@ -18,7 +18,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.failfastForAsyncDelete; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.model.eppoutput.Result.Code.SUCCESS_WITH_ACTION_PENDING; import static google.registry.model.ofy.ObjectifyService.ofy; @@ -92,7 +92,7 @@ public final class ContactDeleteFlow implements TransactionalFlow { failfastForAsyncDelete(targetId, now, ContactResource.class, GET_REFERENCED_CONTACTS); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); verifyNoDisallowedStatuses(existingContact, DISALLOWED_STATUSES); - verifyOptionalAuthInfoForResource(authInfo, existingContact); + verifyOptionalAuthInfo(authInfo, existingContact); if (!isSuperuser) { verifyResourceOwnership(clientId, existingContact); } diff --git a/java/google/registry/flows/contact/ContactInfoFlow.java b/java/google/registry/flows/contact/ContactInfoFlow.java index 194a5cc87..f7abe94d4 100644 --- a/java/google/registry/flows/contact/ContactInfoFlow.java +++ b/java/google/registry/flows/contact/ContactInfoFlow.java @@ -16,7 +16,7 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.model.EppResourceUtils.cloneResourceWithLinkedStatus; import com.google.common.base.Optional; @@ -58,7 +58,7 @@ public final class ContactInfoFlow implements Flow { extensionManager.validate(); // There are no legal extensions for this flow. validateClientIsLoggedIn(clientId); ContactResource contact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, contact); + verifyOptionalAuthInfo(authInfo, contact); if (!clientId.equals(contact.getCurrentSponsorClientId()) && !authInfo.isPresent()) { contact = contact.asBuilder().setAuthInfo(null).build(); } diff --git a/java/google/registry/flows/contact/ContactTransferApproveFlow.java b/java/google/registry/flows/contact/ContactTransferApproveFlow.java index 50002098c..106d69663 100644 --- a/java/google/registry/flows/contact/ContactTransferApproveFlow.java +++ b/java/google/registry/flows/contact/ContactTransferApproveFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.approvePendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage; import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse; @@ -78,7 +78,7 @@ public final class ContactTransferApproveFlow implements TransactionalFlow { validateClientIsLoggedIn(clientId); DateTime now = ofy().getTransactionTime(); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingContact); + verifyOptionalAuthInfo(authInfo, existingContact); TransferData transferData = existingContact.getTransferData(); if (transferData.getTransferStatus() != TransferStatus.PENDING) { throw new NotPendingTransferException(targetId); diff --git a/java/google/registry/flows/contact/ContactTransferCancelFlow.java b/java/google/registry/flows/contact/ContactTransferCancelFlow.java index 5e61789cc..5535eea70 100644 --- a/java/google/registry/flows/contact/ContactTransferCancelFlow.java +++ b/java/google/registry/flows/contact/ContactTransferCancelFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.contact.ContactFlowUtils.createLosingTransferPollMessage; import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse; import static google.registry.model.ofy.ObjectifyService.ofy; @@ -74,7 +74,7 @@ public final class ContactTransferCancelFlow implements TransactionalFlow { validateClientIsLoggedIn(clientId); DateTime now = ofy().getTransactionTime(); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingContact); + verifyOptionalAuthInfo(authInfo, existingContact); TransferData transferData = existingContact.getTransferData(); if (transferData.getTransferStatus() != TransferStatus.PENDING) { throw new NotPendingTransferException(targetId); diff --git a/java/google/registry/flows/contact/ContactTransferQueryFlow.java b/java/google/registry/flows/contact/ContactTransferQueryFlow.java index 5bcd0ad19..08c7825eb 100644 --- a/java/google/registry/flows/contact/ContactTransferQueryFlow.java +++ b/java/google/registry/flows/contact/ContactTransferQueryFlow.java @@ -16,7 +16,7 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse; import com.google.common.base.Optional; @@ -64,7 +64,7 @@ public final class ContactTransferQueryFlow implements Flow { validateClientIsLoggedIn(clientId); ContactResource contact = loadAndVerifyExistence(ContactResource.class, targetId, clock.nowUtc()); - verifyOptionalAuthInfoForResource(authInfo, contact); + verifyOptionalAuthInfo(authInfo, contact); // Most of the fields on the transfer response are required, so there's no way to return valid // XML if the object has never been transferred (and hence the fields aren't populated). if (contact.getTransferData().getTransferStatus() == null) { diff --git a/java/google/registry/flows/contact/ContactTransferRejectFlow.java b/java/google/registry/flows/contact/ContactTransferRejectFlow.java index 53efcac06..9b700c3ec 100644 --- a/java/google/registry/flows/contact/ContactTransferRejectFlow.java +++ b/java/google/registry/flows/contact/ContactTransferRejectFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage; import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse; @@ -72,7 +72,7 @@ public final class ContactTransferRejectFlow implements TransactionalFlow { validateClientIsLoggedIn(clientId); DateTime now = ofy().getTransactionTime(); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingContact); + verifyOptionalAuthInfo(authInfo, existingContact); TransferData transferData = existingContact.getTransferData(); if (transferData.getTransferStatus() != TransferStatus.PENDING) { throw new NotPendingTransferException(targetId); diff --git a/java/google/registry/flows/contact/ContactTransferRequestFlow.java b/java/google/registry/flows/contact/ContactTransferRequestFlow.java index 1975d2509..2ff2ed511 100644 --- a/java/google/registry/flows/contact/ContactTransferRequestFlow.java +++ b/java/google/registry/flows/contact/ContactTransferRequestFlow.java @@ -16,8 +16,9 @@ package google.registry.flows.contact; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; +import static google.registry.flows.ResourceFlowUtils.verifyAuthInfo; +import static google.registry.flows.ResourceFlowUtils.verifyAuthInfoPresentForResourceTransfer; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyRequiredAuthInfoForResourceTransfer; import static google.registry.flows.contact.ContactFlowUtils.createGainingTransferPollMessage; import static google.registry.flows.contact.ContactFlowUtils.createLosingTransferPollMessage; import static google.registry.flows.contact.ContactFlowUtils.createTransferResponse; @@ -88,7 +89,8 @@ public final class ContactTransferRequestFlow implements TransactionalFlow { validateClientIsLoggedIn(gainingClientId); DateTime now = ofy().getTransactionTime(); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyRequiredAuthInfoForResourceTransfer(authInfo, existingContact); + verifyAuthInfoPresentForResourceTransfer(authInfo); + verifyAuthInfo(authInfo.get(), existingContact); // Verify that the resource does not already have a pending transfer. if (TransferStatus.PENDING.equals(existingContact.getTransferData().getTransferStatus())) { throw new AlreadyPendingTransferException(targetId); diff --git a/java/google/registry/flows/contact/ContactUpdateFlow.java b/java/google/registry/flows/contact/ContactUpdateFlow.java index 21ebcec76..9a96cfdd6 100644 --- a/java/google/registry/flows/contact/ContactUpdateFlow.java +++ b/java/google/registry/flows/contact/ContactUpdateFlow.java @@ -20,7 +20,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.contact.ContactFlowUtils.validateAsciiPostalInfo; import static google.registry.flows.contact.ContactFlowUtils.validateContactAgainstPolicy; @@ -92,7 +92,7 @@ public final class ContactUpdateFlow implements TransactionalFlow { Update command = (Update) resourceCommand; DateTime now = ofy().getTransactionTime(); ContactResource existingContact = loadAndVerifyExistence(ContactResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingContact); + verifyOptionalAuthInfo(authInfo, existingContact); ImmutableSet statusToRemove = command.getInnerRemove().getStatusValues(); ImmutableSet statusesToAdd = command.getInnerAdd().getStatusValues(); if (!isSuperuser) { // The superuser can update any contact and set any status. diff --git a/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java b/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java index bfdeca4d9..eafa46093 100644 --- a/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java +++ b/java/google/registry/flows/domain/DomainApplicationDeleteFlow.java @@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.handlePendingTransferOnDel import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder; import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime; import static google.registry.flows.ResourceFlowUtils.verifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId; @@ -85,7 +85,7 @@ public final class DomainApplicationDeleteFlow implements TransactionalFlow { DomainApplication existingApplication = verifyExistence( DomainApplication.class, applicationId, loadDomainApplication(applicationId, now)); verifyApplicationDomainMatchesTargetId(existingApplication, targetId); - verifyOptionalAuthInfoForResource(authInfo, existingApplication); + verifyOptionalAuthInfo(authInfo, existingApplication); String tld = existingApplication.getTld(); checkAllowedAccessToTld(clientId, tld); if (!isSuperuser) { diff --git a/java/google/registry/flows/domain/DomainApplicationInfoFlow.java b/java/google/registry/flows/domain/DomainApplicationInfoFlow.java index ca2f9506c..97bb36917 100644 --- a/java/google/registry/flows/domain/DomainApplicationInfoFlow.java +++ b/java/google/registry/flows/domain/DomainApplicationInfoFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.domain; import static google.registry.flows.EppXmlTransformer.unmarshal; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.verifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent; import static google.registry.flows.domain.DomainFlowUtils.verifyApplicationDomainMatchesTargetId; @@ -86,7 +86,7 @@ public final class DomainApplicationInfoFlow implements Flow { applicationId, loadDomainApplication(applicationId, clock.nowUtc())); verifyApplicationDomainMatchesTargetId(application, targetId); - verifyOptionalAuthInfoForResource(authInfo, application); + verifyOptionalAuthInfo(authInfo, application); LaunchInfoExtension launchInfo = eppInput.getSingleExtension(LaunchInfoExtension.class); if (!application.getPhase().equals(launchInfo.getPhase())) { throw new ApplicationLaunchPhaseMismatchException(); diff --git a/java/google/registry/flows/domain/DomainApplicationUpdateFlow.java b/java/google/registry/flows/domain/DomainApplicationUpdateFlow.java index d7349bd7c..2653d15fc 100644 --- a/java/google/registry/flows/domain/DomainApplicationUpdateFlow.java +++ b/java/google/registry/flows/domain/DomainApplicationUpdateFlow.java @@ -23,7 +23,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable; import static google.registry.flows.ResourceFlowUtils.verifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences; @@ -147,7 +147,7 @@ public class DomainApplicationUpdateFlow implements TransactionalFlow { DomainApplication.class, applicationId, loadDomainApplication(applicationId, now)); verifyApplicationDomainMatchesTargetId(existingApplication, targetId); verifyNoDisallowedStatuses(existingApplication, UPDATE_DISALLOWED_STATUSES); - verifyOptionalAuthInfoForResource(authInfo, existingApplication); + verifyOptionalAuthInfo(authInfo, existingApplication); verifyUpdateAllowed(existingApplication, command); HistoryEntry historyEntry = buildHistory(existingApplication, now); DomainApplication newApplication = updateApplication(existingApplication, command, now); diff --git a/java/google/registry/flows/domain/DomainDeleteFlow.java b/java/google/registry/flows/domain/DomainDeleteFlow.java index 6dee104e2..7449bbd81 100644 --- a/java/google/registry/flows/domain/DomainDeleteFlow.java +++ b/java/google/registry/flows/domain/DomainDeleteFlow.java @@ -21,7 +21,7 @@ import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.prepareDeletedResourceAsBuilder; import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.updateAutorenewRecurrenceEndTime; @@ -169,7 +169,7 @@ public final class DomainDeleteFlow implements TransactionalFlow { private void verifyDeleteAllowed(DomainResource existingDomain, Registry registry, DateTime now) throws EppException { verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES); - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); if (!isSuperuser) { verifyResourceOwnership(clientId, existingDomain); verifyNotInPredelegation(registry, now); diff --git a/java/google/registry/flows/domain/DomainInfoFlow.java b/java/google/registry/flows/domain/DomainInfoFlow.java index a2493e5c1..5d0b1a353 100644 --- a/java/google/registry/flows/domain/DomainInfoFlow.java +++ b/java/google/registry/flows/domain/DomainInfoFlow.java @@ -16,7 +16,7 @@ package google.registry.flows.domain; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.domain.DomainFlowUtils.addSecDnsExtensionIfPresent; import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest; import static google.registry.util.CollectionUtils.forceEmptyToNull; @@ -82,7 +82,7 @@ public final class DomainInfoFlow implements Flow { validateClientIsLoggedIn(clientId); DateTime now = clock.nowUtc(); DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, domain); + verifyOptionalAuthInfo(authInfo, domain); return responseBuilder .setResData(getResourceInfo(domain)) .setExtensions(getDomainResponseExtensions(domain, now)) diff --git a/java/google/registry/flows/domain/DomainRenewFlow.java b/java/google/registry/flows/domain/DomainRenewFlow.java index a83ae8a82..9ff6e62f6 100644 --- a/java/google/registry/flows/domain/DomainRenewFlow.java +++ b/java/google/registry/flows/domain/DomainRenewFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.domain; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent; @@ -184,7 +184,7 @@ public final class DomainRenewFlow implements TransactionalFlow { Optional authInfo, DomainResource existingDomain, Renew command) throws EppException { - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); verifyNoDisallowedStatuses(existingDomain, RENEW_DISALLOWED_STATUSES); if (!isSuperuser) { verifyResourceOwnership(clientId, existingDomain); diff --git a/java/google/registry/flows/domain/DomainRestoreRequestFlow.java b/java/google/registry/flows/domain/DomainRestoreRequestFlow.java index c2f60e313..68bcc4ba3 100644 --- a/java/google/registry/flows/domain/DomainRestoreRequestFlow.java +++ b/java/google/registry/flows/domain/DomainRestoreRequestFlow.java @@ -17,7 +17,7 @@ package google.registry.flows.domain; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.updateForeignKeyIndexDeletionTime; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.newAutorenewBillingEvent; @@ -186,7 +186,7 @@ public final class DomainRestoreRequestFlow implements TransactionalFlow { Money renewCost, FeeTransformCommandExtension feeUpdate, DateTime now) throws EppException { - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); if (!isSuperuser) { verifyResourceOwnership(clientId, existingDomain); verifyNotReserved(InternetDomainName.from(targetId), false); diff --git a/java/google/registry/flows/domain/DomainTransferApproveFlow.java b/java/google/registry/flows/domain/DomainTransferApproveFlow.java index 7119fdb7d..3b9d3b297 100644 --- a/java/google/registry/flows/domain/DomainTransferApproveFlow.java +++ b/java/google/registry/flows/domain/DomainTransferApproveFlow.java @@ -20,7 +20,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.approvePendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage; @@ -97,7 +97,7 @@ public final class DomainTransferApproveFlow implements TransactionalFlow { validateClientIsLoggedIn(clientId); DateTime now = ofy().getTransactionTime(); DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); verifyHasPendingTransfer(existingDomain); verifyResourceOwnership(clientId, existingDomain); String tld = existingDomain.getTld(); diff --git a/java/google/registry/flows/domain/DomainTransferCancelFlow.java b/java/google/registry/flows/domain/DomainTransferCancelFlow.java index 5d5d2ba41..4306174d6 100644 --- a/java/google/registry/flows/domain/DomainTransferCancelFlow.java +++ b/java/google/registry/flows/domain/DomainTransferCancelFlow.java @@ -19,7 +19,7 @@ import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer; import static google.registry.flows.ResourceFlowUtils.verifyIsGainingRegistrar; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage; import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse; @@ -79,7 +79,7 @@ public final class DomainTransferCancelFlow implements TransactionalFlow { validateClientIsLoggedIn(clientId); DateTime now = ofy().getTransactionTime(); DomainResource existingDomain = loadAndVerifyExistence(DomainResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); verifyHasPendingTransfer(existingDomain); verifyIsGainingRegistrar(existingDomain, clientId); checkAllowedAccessToTld(clientId, existingDomain.getTld()); diff --git a/java/google/registry/flows/domain/DomainTransferQueryFlow.java b/java/google/registry/flows/domain/DomainTransferQueryFlow.java index eec2ca1f9..b9c1ec8d5 100644 --- a/java/google/registry/flows/domain/DomainTransferQueryFlow.java +++ b/java/google/registry/flows/domain/DomainTransferQueryFlow.java @@ -16,7 +16,7 @@ package google.registry.flows.domain; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.domain.DomainFlowUtils.createTransferResponse; import static google.registry.model.domain.DomainResource.extendRegistrationWithCap; @@ -68,7 +68,7 @@ public final class DomainTransferQueryFlow implements Flow { validateClientIsLoggedIn(clientId); DateTime now = clock.nowUtc(); DomainResource domain = loadAndVerifyExistence(DomainResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, domain); + verifyOptionalAuthInfo(authInfo, domain); // Most of the fields on the transfer response are required, so there's no way to return valid // XML if the object has never been transferred (and hence the fields aren't populated). TransferData transferData = domain.getTransferData(); diff --git a/java/google/registry/flows/domain/DomainTransferRejectFlow.java b/java/google/registry/flows/domain/DomainTransferRejectFlow.java index 94f03c11e..c716d7b7c 100644 --- a/java/google/registry/flows/domain/DomainTransferRejectFlow.java +++ b/java/google/registry/flows/domain/DomainTransferRejectFlow.java @@ -18,7 +18,7 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.denyPendingTransfer; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyHasPendingTransfer; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage; @@ -84,7 +84,7 @@ public final class DomainTransferRejectFlow implements TransactionalFlow { .setModificationTime(now) .setParent(Key.create(existingDomain)) .build(); - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); verifyHasPendingTransfer(existingDomain); verifyResourceOwnership(clientId, existingDomain); checkAllowedAccessToTld(clientId, existingDomain.getTld()); diff --git a/java/google/registry/flows/domain/DomainTransferRequestFlow.java b/java/google/registry/flows/domain/DomainTransferRequestFlow.java index 953691ddf..5f652691b 100644 --- a/java/google/registry/flows/domain/DomainTransferRequestFlow.java +++ b/java/google/registry/flows/domain/DomainTransferRequestFlow.java @@ -18,8 +18,9 @@ import static com.google.common.collect.Iterables.filter; import static com.google.common.collect.Iterables.getOnlyElement; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; +import static google.registry.flows.ResourceFlowUtils.verifyAuthInfo; +import static google.registry.flows.ResourceFlowUtils.verifyAuthInfoPresentForResourceTransfer; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyRequiredAuthInfoForResourceTransfer; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.createGainingTransferPollMessage; import static google.registry.flows.domain.DomainFlowUtils.createLosingTransferPollMessage; @@ -195,7 +196,8 @@ public final class DomainTransferRequestFlow implements TransactionalFlow { private void verifyTransferAllowed(DomainResource existingDomain, Period period, DateTime now) throws EppException { verifyNoDisallowedStatuses(existingDomain, DISALLOWED_STATUSES); - verifyRequiredAuthInfoForResourceTransfer(authInfo, existingDomain); + verifyAuthInfoPresentForResourceTransfer(authInfo); + verifyAuthInfo(authInfo.get(), existingDomain); // Verify that the resource does not already have a pending transfer. if (TransferStatus.PENDING.equals(existingDomain.getTransferData().getTransferStatus())) { throw new AlreadyPendingTransferException(targetId); diff --git a/java/google/registry/flows/domain/DomainUpdateFlow.java b/java/google/registry/flows/domain/DomainUpdateFlow.java index fa865f4e4..23af372b7 100644 --- a/java/google/registry/flows/domain/DomainUpdateFlow.java +++ b/java/google/registry/flows/domain/DomainUpdateFlow.java @@ -22,7 +22,7 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; +import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfo; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReferences; @@ -187,7 +187,7 @@ public final class DomainUpdateFlow implements TransactionalFlow { private void verifyUpdateAllowed(Update command, DomainResource existingDomain, DateTime now) throws EppException { verifyNoDisallowedStatuses(existingDomain, UPDATE_DISALLOWED_STATUSES); - verifyOptionalAuthInfoForResource(authInfo, existingDomain); + verifyOptionalAuthInfo(authInfo, existingDomain); AddRemove add = command.getInnerAdd(); AddRemove remove = command.getInnerRemove(); if (!isSuperuser) { diff --git a/java/google/registry/flows/host/HostDeleteFlow.java b/java/google/registry/flows/host/HostDeleteFlow.java index e5cb23358..bb3a24f13 100644 --- a/java/google/registry/flows/host/HostDeleteFlow.java +++ b/java/google/registry/flows/host/HostDeleteFlow.java @@ -18,13 +18,11 @@ import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.failfastForAsyncDelete; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.model.eppoutput.Result.Code.SUCCESS_WITH_ACTION_PENDING; import static google.registry.model.ofy.ObjectifyService.ofy; import com.google.common.base.Function; -import com.google.common.base.Optional; import com.google.common.collect.ImmutableSet; import com.googlecode.objectify.Key; import google.registry.flows.EppException; @@ -36,7 +34,6 @@ import google.registry.flows.TransactionalFlow; import google.registry.flows.async.AsyncFlowEnqueuer; import google.registry.model.domain.DomainBase; import google.registry.model.domain.metadata.MetadataExtension; -import google.registry.model.eppcommon.AuthInfo; import google.registry.model.eppcommon.StatusValue; import google.registry.model.eppoutput.EppResponse; import google.registry.model.host.HostResource; @@ -74,7 +71,6 @@ public final class HostDeleteFlow implements TransactionalFlow { }}; @Inject ExtensionManager extensionManager; - @Inject Optional authInfo; @Inject @ClientId String clientId; @Inject @TargetId String targetId; @Inject @Superuser boolean isSuperuser; @@ -92,7 +88,6 @@ public final class HostDeleteFlow implements TransactionalFlow { failfastForAsyncDelete(targetId, now, HostResource.class, GET_NAMESERVERS); HostResource existingHost = loadAndVerifyExistence(HostResource.class, targetId, now); verifyNoDisallowedStatuses(existingHost, DISALLOWED_STATUSES); - verifyOptionalAuthInfoForResource(authInfo, existingHost); if (!isSuperuser) { verifyResourceOwnership(clientId, existingHost); } diff --git a/java/google/registry/flows/host/HostInfoFlow.java b/java/google/registry/flows/host/HostInfoFlow.java index bf1eb577b..f03cea67e 100644 --- a/java/google/registry/flows/host/HostInfoFlow.java +++ b/java/google/registry/flows/host/HostInfoFlow.java @@ -16,16 +16,13 @@ package google.registry.flows.host; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; import static google.registry.model.EppResourceUtils.cloneResourceWithLinkedStatus; -import com.google.common.base.Optional; import google.registry.flows.EppException; import google.registry.flows.ExtensionManager; import google.registry.flows.Flow; import google.registry.flows.FlowModule.ClientId; import google.registry.flows.FlowModule.TargetId; -import google.registry.model.eppcommon.AuthInfo; import google.registry.model.eppoutput.EppResponse; import google.registry.model.host.HostResource; import google.registry.util.Clock; @@ -45,7 +42,6 @@ public final class HostInfoFlow implements Flow { @Inject ExtensionManager extensionManager; @Inject @ClientId String clientId; @Inject @TargetId String targetId; - @Inject Optional authInfo; @Inject Clock clock; @Inject EppResponse.Builder responseBuilder; @Inject HostInfoFlow() {} @@ -56,7 +52,6 @@ public final class HostInfoFlow implements Flow { validateClientIsLoggedIn(clientId); DateTime now = clock.nowUtc(); HostResource host = loadAndVerifyExistence(HostResource.class, targetId, now); - verifyOptionalAuthInfoForResource(authInfo, host); return responseBuilder.setResData(cloneResourceWithLinkedStatus(host, now)).build(); } } diff --git a/java/google/registry/flows/host/HostUpdateFlow.java b/java/google/registry/flows/host/HostUpdateFlow.java index c3fa071d5..d48af8ef7 100644 --- a/java/google/registry/flows/host/HostUpdateFlow.java +++ b/java/google/registry/flows/host/HostUpdateFlow.java @@ -21,7 +21,6 @@ import static google.registry.flows.ResourceFlowUtils.checkSameValuesNotAddedAnd import static google.registry.flows.ResourceFlowUtils.loadAndVerifyExistence; import static google.registry.flows.ResourceFlowUtils.verifyAllStatusesAreClientSettable; import static google.registry.flows.ResourceFlowUtils.verifyNoDisallowedStatuses; -import static google.registry.flows.ResourceFlowUtils.verifyOptionalAuthInfoForResource; import static google.registry.flows.ResourceFlowUtils.verifyResourceOwnership; import static google.registry.flows.host.HostFlowUtils.lookupSuperordinateDomain; import static google.registry.flows.host.HostFlowUtils.validateHostName; @@ -49,7 +48,6 @@ import google.registry.flows.exceptions.ResourceHasClientUpdateProhibitedExcepti import google.registry.model.ImmutableObject; import google.registry.model.domain.DomainResource; import google.registry.model.domain.metadata.MetadataExtension; -import google.registry.model.eppcommon.AuthInfo; import google.registry.model.eppcommon.StatusValue; import google.registry.model.eppinput.ResourceCommand; import google.registry.model.eppoutput.EppResponse; @@ -104,7 +102,6 @@ public final class HostUpdateFlow implements TransactionalFlow { @Inject ResourceCommand resourceCommand; @Inject ExtensionManager extensionManager; - @Inject Optional authInfo; @Inject @ClientId String clientId; @Inject @TargetId String targetId; @Inject @Superuser boolean isSuperuser; @@ -178,7 +175,6 @@ public final class HostUpdateFlow implements TransactionalFlow { private void verifyUpdateAllowed( Update command, HostResource existingResource, DomainResource superordinateDomain) throws EppException { - verifyOptionalAuthInfoForResource(authInfo, existingResource); if (!isSuperuser) { verifyResourceOwnership(clientId, existingResource); ImmutableSet statusesToAdd = command.getInnerAdd().getStatusValues(); diff --git a/java/google/registry/model/contact/ContactAuthInfo.java b/java/google/registry/model/contact/ContactAuthInfo.java index cf9268f9e..42eb8b732 100644 --- a/java/google/registry/model/contact/ContactAuthInfo.java +++ b/java/google/registry/model/contact/ContactAuthInfo.java @@ -14,10 +14,7 @@ package google.registry.model.contact; -import static com.google.common.base.Preconditions.checkNotNull; - import com.googlecode.objectify.annotation.Embed; -import google.registry.model.EppResource; import google.registry.model.eppcommon.AuthInfo; import javax.xml.bind.annotation.XmlType; @@ -25,25 +22,9 @@ import javax.xml.bind.annotation.XmlType; @Embed @XmlType(namespace = "urn:ietf:params:xml:ns:contact-1.0") public class ContactAuthInfo extends AuthInfo { - public static ContactAuthInfo create(PasswordAuth pw) { ContactAuthInfo instance = new ContactAuthInfo(); instance.pw = pw; return instance; } - - @Override - public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException { - ContactResource contact = (ContactResource) eppResource; - PasswordAuth passwordAuth = checkNotNull(getPw()); - - // It's rather strange to specify a repoId on a contact auth info. Instead of explicitly - // rejecting it, we'll just make sure the repoId matches this particular contact. - if (passwordAuth.getRepoId() != null && !contact.getRepoId().equals(getRepoId())) { - throw new BadAuthInfoException(); - } - if (!contact.getAuthInfo().getPw().getValue().equals(passwordAuth.getValue())) { - throw new BadAuthInfoException(); - } - } } diff --git a/java/google/registry/model/domain/DomainAuthInfo.java b/java/google/registry/model/domain/DomainAuthInfo.java index 59e6b9b2d..a2f5cba49 100644 --- a/java/google/registry/model/domain/DomainAuthInfo.java +++ b/java/google/registry/model/domain/DomainAuthInfo.java @@ -14,52 +14,15 @@ package google.registry.model.domain; -import static com.google.common.base.Preconditions.checkNotNull; -import static google.registry.model.ofy.ObjectifyService.ofy; - -import com.googlecode.objectify.Key; import com.googlecode.objectify.annotation.Embed; -import google.registry.model.EppResource; -import google.registry.model.contact.ContactResource; import google.registry.model.eppcommon.AuthInfo; /** A version of authInfo specifically for domains. */ @Embed public class DomainAuthInfo extends AuthInfo { - public static DomainAuthInfo create(PasswordAuth pw) { DomainAuthInfo instance = new DomainAuthInfo(); instance.pw = pw; return instance; } - - @Override - public void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException { - DomainBase domain = (DomainBase) eppResource; - checkNotNull(getPw()); - if (getRepoId() != null) { - // Make sure the repo id matches one of the contacts on the domain. - Key foundContact = null; - for (Key contact : domain.getReferencedContacts()) { - String contactRepoId = contact.getName(); - if (getRepoId().equals(contactRepoId)) { - foundContact = contact; - break; - } - } - if (foundContact == null) { - throw new BadAuthInfoException(); - } - // Check if the password provided matches the password on the referenced contact. - if (!ofy().load().key(foundContact).now().getAuthInfo().getPw().getValue().equals( - getPw().getValue())) { - throw new BadAuthInfoException(); - } - } else { - // If not repository ID is specified, then check the password against the domain's password. - if (!domain.getAuthInfo().getPw().getValue().equals(getPw().getValue())) { - throw new BadAuthInfoException(); - } - } - } } diff --git a/java/google/registry/model/eppcommon/AuthInfo.java b/java/google/registry/model/eppcommon/AuthInfo.java index a997c3210..12d57223f 100644 --- a/java/google/registry/model/eppcommon/AuthInfo.java +++ b/java/google/registry/model/eppcommon/AuthInfo.java @@ -15,7 +15,6 @@ package google.registry.model.eppcommon; import com.googlecode.objectify.annotation.Embed; -import google.registry.model.EppResource; import google.registry.model.ImmutableObject; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlTransient; @@ -33,13 +32,6 @@ import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; @XmlTransient public abstract class AuthInfo extends ImmutableObject { - /** - * Verify that the authorization info is valid for the given resource in the given tld. - * - * @throws BadAuthInfoException if this authorization info is invalid for this resource - */ - public abstract void verifyAuthorizedFor(EppResource eppResource) throws BadAuthInfoException; - protected PasswordAuth pw; public PasswordAuth getPw() { @@ -77,12 +69,4 @@ public abstract class AuthInfo extends ImmutableObject { return create(value, null); } } - - /** Returns the repoId for the contact this auth info is associated with. */ - protected String getRepoId() { - return pw.getRepoId(); - } - - /** Exception to throw when an auth info can't be verified. */ - public static class BadAuthInfoException extends Exception {} }