Allow setting DS records in create_domain and update_domain

The DS records consist of 4 values:
- keyTag: unsigned short (2 bytes)
- alg: unsigned byte
- digestType: unsigned byte
- digest: binary hex

NOTE: the current CL doesn't support keyData, neither as the optional field in dsData nor as a replacement for dsData

The command tool accepts DS records as a string, where the 4 values are given
as one string separated by white-spaces as follows:
<keyTag> <alg>  <digestType>  <digest>

e.g. something like:
60485 5  2  D4B7D520E7BB5F0F67674A0CCEB1E3E0614B93C4F9E99B8383F6A1E4469DA50A

which is how it's written in Zone files, allowing easy copy-paste from existing values.
ommas is confusing when using spaces.

The various "numbers" (keyTag, alg, digestType) are only checked that they are
positive integers - the rest is left for the server.

digest it checked to be an even-lengthed hex string.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=184583068

java/google/registry/tools/UpdateDomainCommand.java

@@ -70,6 +70,13 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
   )
   private List<String> addStatuses = new ArrayList<>();
 
+  @Parameter(
+    names = "--add_ds_records",
+    description = "DS records to add. Cannot be set if --ds_records or --clear_ds_records is set.",
+    converter = DsRecordConverter.class
+  )
+  private List<DsRecord> addDsRecords = new ArrayList<>();
+
   @Parameter(
     names = "--remove_nameservers",
     description =
@@ -96,6 +103,21 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
   )
   private List<String> removeStatuses = new ArrayList<>();
 
+  @Parameter(
+    names = "--remove_ds_records",
+    description =
+        "DS records to remove. Cannot be set if --ds_records or --clear_ds_records is set.",
+    converter = DsRecordConverter.class
+  )
+  private List<DsRecord> removeDsRecords = new ArrayList<>();
+
+  @Parameter(
+    names = "--clear_ds_records",
+    description =
+        "removes all DS records. Is implied true if --ds_records is set."
+  )
+  boolean clearDsRecords = false;
+
   @Override
   protected void initMutatingEppToolCommand() {
     if (!nameservers.isEmpty()) {
@@ -123,6 +145,15 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
               + "you cannot use the add_statuses and remove_statuses flags.");
     }
 
+    if (!dsRecords.isEmpty() || clearDsRecords){
+      checkArgument(
+          addDsRecords.isEmpty() && removeDsRecords.isEmpty(),
+          "If you provide the ds_records or clear_ds_records flags, "
+              + "you cannot use the add_ds_records and remove_ds_records flags.");
+      addDsRecords = dsRecords;
+      clearDsRecords = true;
+    }
+
     for (String domain : domains) {
       if (!nameservers.isEmpty() || !admins.isEmpty() || !techs.isEmpty() || !statuses.isEmpty()) {
         DateTime now = DateTime.now(UTC);
@@ -185,7 +216,13 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
 
       boolean change = registrant != null || password != null;
 
-      if (!add && !remove && !change) {
+      boolean secdns =
+          !addDsRecords.isEmpty()
+              || !removeDsRecords.isEmpty()
+              || !dsRecords.isEmpty()
+              || clearDsRecords;
+
+      if (!add && !remove && !change && !secdns) {
         logger.infofmt("No changes need to be made to domain %s", domain);
         continue;
       }
@@ -207,7 +244,11 @@ final class UpdateDomainCommand extends CreateOrUpdateDomainCommand {
               "removeStatuses", removeStatuses,
               "change", change,
               "registrant", registrant,
-              "password", password));
+              "password", password,
+              "secdns", secdns,
+              "addDsRecords", DsRecord.convertToSoy(addDsRecords),
+              "removeDsRecords", DsRecord.convertToSoy(removeDsRecords),
+              "removeAllDsRecords", clearDsRecords));
     }
   }