Add base AllocationToken validation logic for domain checks

Next up is adding custom logic so that the results of these checks can be
more meaningful.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=181660956

docs/flows.md

@@ -495,6 +495,7 @@ An EPP flow that checks whether domain labels are trademarked.
 *   2002
     *   Command is not allowed in the current registry phase.
     *   Claims checks are not allowed during sunrise.
+    *   Claims checks are not allowed with allocation tokens.
 *   2004
     *   Domain name is under tld which doesn't exist.
 *   2201

java/google/registry/flows/domain/AllocationTokenFlowUtils.java

@@ -16,6 +16,7 @@ package google.registry.flows.domain;
 
 import static google.registry.model.ofy.ObjectifyService.ofy;
 
+import com.google.common.collect.ImmutableMap;
 import com.google.common.net.InternetDomainName;
 import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
@@ -24,6 +25,8 @@ import google.registry.flows.EppException.ParameterValueSyntaxErrorException;
 import google.registry.model.domain.AllocationToken;
 import google.registry.model.registry.Registry;
 import google.registry.model.reporting.HistoryEntry;
+import java.util.List;
+import java.util.function.Function;
 
 /** Static utility functions for dealing with {@link AllocationToken}s in domain flows. */
 public class AllocationTokenFlowUtils {
@@ -47,6 +50,31 @@ public class AllocationTokenFlowUtils {
     return tokenEntity;
   }
 
+  /**
+   * Checks if the allocation token applies to the given domain names, used for domain checks.
+   *
+   * @return A map of domain names to domain check error response messages. If a message is present
+   *     for a a given domain then it does not validate with this allocation token; domains that do
+   *     validate are not present in the map.
+   */
+  static ImmutableMap<String, String> checkDomainsWithToken(
+      List<String> domainNames, String token, String clientId) {
+    AllocationToken tokenEntity = ofy().load().key(Key.create(AllocationToken.class, token)).now();
+    String result;
+    if (tokenEntity == null) {
+      result = new InvalidAllocationTokenException().getMessage();
+    } else if (tokenEntity.isRedeemed()) {
+      result = AlreadyRedeemedAllocationTokenException.ERROR_MSG_SHORT;
+    } else {
+      return ImmutableMap.of();
+    }
+    // TODO(b/70628322): For now all checks yield the same result, but custom logic will soon allow
+    // them to differ, e.g. if tokens can only be used on certain TLDs.
+    return domainNames
+        .stream()
+        .collect(ImmutableMap.toImmutableMap(Function.identity(), domainName -> result));
+  }
+
   /** Redeems an {@link AllocationToken}, returning the redeemed copy. */
   static AllocationToken redeemToken(
       AllocationToken token, Key<HistoryEntry> redemptionHistoryEntry) {
@@ -56,8 +84,14 @@ public class AllocationTokenFlowUtils {
   /** The allocation token was already redeemed. */
   static class AlreadyRedeemedAllocationTokenException
       extends AssociationProhibitsOperationException {
+
+    public static final String ERROR_MSG_LONG = "The allocation token was already redeemed";
+
+    /** A short error message fitting within 32 characters for use in domain check responses. */
+    public static final String ERROR_MSG_SHORT = "Alloc token was already redeemed";
+
     public AlreadyRedeemedAllocationTokenException() {
-      super("The allocation token was already redeemed");
+      super(ERROR_MSG_LONG);
     }
   }
 

java/google/registry/flows/domain/DomainCheckFlow.java

@@ -16,6 +16,7 @@ package google.registry.flows.domain;
 
 import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
 import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
+import static google.registry.flows.domain.AllocationTokenFlowUtils.checkDomainsWithToken;
 import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
 import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes;
 import static google.registry.flows.domain.DomainFlowUtils.handleFeeRequest;
@@ -146,13 +147,21 @@ public final class DomainCheckFlow implements Flow {
     customLogic.afterValidation(
         DomainCheckFlowCustomLogic.AfterValidationParameters.newBuilder()
             .setDomainNames(domainNames)
-            // TODO: Use as of date from fee extension v0.12 instead of now, if specificed.
+            // TODO: Use as of date from fee extension v0.12 instead of now, if specified.
             .setAsOfDate(now)
             .build());
     Set<String> existingIds = checkResourcesExist(DomainResource.class, targetIds, now);
+    AllocationTokenExtension allocationTokenExtension =
+        eppInput.getSingleExtension(AllocationTokenExtension.class);
+    ImmutableMap<String, String> tokenCheckResults =
+        (allocationTokenExtension == null)
+            ? ImmutableMap.of()
+            : checkDomainsWithToken(
+                targetIds, allocationTokenExtension.getAllocationToken(), clientId);
     ImmutableList.Builder<DomainCheck> checks = new ImmutableList.Builder<>();
     for (String targetId : targetIds) {
-      Optional<String> message = getMessageForCheck(domainNames.get(targetId), existingIds, now);
+      Optional<String> message =
+          getMessageForCheck(domainNames.get(targetId), existingIds, tokenCheckResults, now);
       checks.add(DomainCheck.create(!message.isPresent(), targetId, message.orElse(null)));
     }
     BeforeResponseReturnData responseData =
@@ -169,7 +178,10 @@ public final class DomainCheckFlow implements Flow {
   }
 
   private Optional<String> getMessageForCheck(
-      InternetDomainName domainName, Set<String> existingIds, DateTime now) {
+      InternetDomainName domainName,
+      Set<String> existingIds,
+      ImmutableMap<String, String> tokenCheckResults,
+      DateTime now) {
     if (existingIds.contains(domainName.toString())) {
       return Optional.of("In use");
     }
@@ -187,10 +199,12 @@ public final class DomainCheckFlow implements Flow {
         && eppInput.getSingleExtension(FeeCheckCommandExtension.class) == null) {
       return Optional.of("Premium names require EPP ext.");
     }
-
-    return reservationTypes.isEmpty()
-        ? Optional.empty()
-        : Optional.of(getTypeOfHighestSeverity(reservationTypes).getMessageForCheck());
+    if (!reservationTypes.isEmpty()) {
+      return Optional.of(getTypeOfHighestSeverity(reservationTypes).getMessageForCheck());
+    }
+    return tokenCheckResults.containsKey(domainName.toString())
+        ? Optional.of(tokenCheckResults.get(domainName.toString()))
+        : Optional.empty();
   }
 
   /** Handle the fee check extension. */

java/google/registry/flows/domain/DomainClaimsCheckFlow.java

@@ -39,6 +39,8 @@ import google.registry.model.domain.launch.LaunchCheckExtension;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheck;
 import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheckName;
+import google.registry.model.domain.token.AllocationTokenExtension;
+import google.registry.model.eppinput.EppInput;
 import google.registry.model.eppinput.ResourceCommand;
 import google.registry.model.eppoutput.EppResponse;
 import google.registry.model.registry.Registry;
@@ -61,11 +63,13 @@ import org.joda.time.DateTime;
  * @error {@link DomainFlowUtils.NotAuthorizedForTldException}
  * @error {@link DomainFlowUtils.TldDoesNotExistException}
  * @error {@link DomainClaimsCheckNotAllowedInSunrise}
+ * @error {@link DomainClaimsCheckNotAllowedWithAllocationTokens}
  */
 @ReportingSpec(ActivityReportField.DOMAIN_CHECK)  // Claims check is a special domain check.
 public final class DomainClaimsCheckFlow implements Flow {
 
   @Inject ExtensionManager extensionManager;
+  @Inject EppInput eppInput;
   @Inject ResourceCommand resourceCommand;
   @Inject @ClientId String clientId;
   @Inject @Superuser boolean isSuperuser;
@@ -78,9 +82,12 @@ public final class DomainClaimsCheckFlow implements Flow {
 
   @Override
   public EppResponse run() throws EppException {
-    extensionManager.register(LaunchCheckExtension.class);
+    extensionManager.register(LaunchCheckExtension.class, AllocationTokenExtension.class);
     extensionManager.validate();
     validateClientIsLoggedIn(clientId);
+    if (eppInput.getSingleExtension(AllocationTokenExtension.class) != null) {
+      throw new DomainClaimsCheckNotAllowedWithAllocationTokens();
+    }
     List<String> targetIds = ((Check) resourceCommand).getTargetIds();
     verifyTargetIdCount(targetIds, maxChecks);
     Set<String> seenTlds = new HashSet<>();
@@ -118,4 +125,11 @@ public final class DomainClaimsCheckFlow implements Flow {
       super("Claims checks are not allowed during sunrise");
     }
   }
+
+  /** Claims checks are not allowed with allocation tokens. */
+  static class DomainClaimsCheckNotAllowedWithAllocationTokens extends CommandUseErrorException {
+    public DomainClaimsCheckNotAllowedWithAllocationTokens() {
+      super("Claims checks are not allowed with allocation tokens");
+    }
+  }
 }

javatests/google/registry/flows/ResourceCheckFlowTestCase.java

@@ -31,8 +31,8 @@ public class ResourceCheckFlowTestCase<F extends Flow, R extends EppResource>
 
   protected void doCheckTest(CheckData.Check... expected) throws Exception {
     assertTransactionalFlow(false);
-    assertThat(expected).asList().containsExactlyElementsIn(
-        ((CheckData) runFlow().getResponse().getResponseData().get(0)).getChecks());
+    assertThat(((CheckData) runFlow().getResponse().getResponseData().get(0)).getChecks())
+        .containsExactlyElementsIn(expected);
     assertNoHistory();  // Checks don't create a history event.
     assertNoBillingEvents();  // Checks are always free.
   }

javatests/google/registry/flows/domain/DomainCheckFlowTest.java

@@ -34,6 +34,7 @@ import com.google.common.collect.ImmutableMap;
 import com.google.common.collect.ImmutableSet;
 import com.google.common.collect.ImmutableSortedMap;
 import com.google.common.collect.Ordering;
+import com.googlecode.objectify.Key;
 import google.registry.flows.EppException;
 import google.registry.flows.ResourceCheckFlowTestCase;
 import google.registry.flows.domain.DomainCheckFlow.OnlyCheckedNamesCanBeFeeCheckedException;
@@ -57,12 +58,14 @@ import google.registry.flows.domain.DomainFlowUtils.TrailingDashException;
 import google.registry.flows.domain.DomainFlowUtils.TransfersAreAlwaysForOneYearException;
 import google.registry.flows.domain.DomainFlowUtils.UnknownFeeCommandException;
 import google.registry.flows.exceptions.TooManyResourceChecksException;
+import google.registry.model.domain.AllocationToken;
 import google.registry.model.domain.DomainResource;
 import google.registry.model.domain.launch.ApplicationStatus;
 import google.registry.model.domain.launch.LaunchPhase;
 import google.registry.model.registry.Registry;
 import google.registry.model.registry.Registry.TldState;
 import google.registry.model.registry.label.ReservedList;
+import google.registry.model.reporting.HistoryEntry;
 import org.joda.money.CurrencyUnit;
 import org.joda.money.Money;
 import org.joda.time.DateTime;
@@ -112,14 +115,52 @@ public class DomainCheckFlowTest
   }
 
   @Test
-  public void testSuccess_oneExists_allocationTokenDoesNothing() throws Exception {
-    // TODO(b/70628322): Change this test to fail on invalid allocationToken.
+  public void testSuccess_oneExists_allocationTokenIsInvalid() throws Exception {
     setEppInput("domain_check_allocationtoken.xml");
     persistActiveDomain("example1.tld");
+    doCheckTest(
+        create(false, "example1.tld", "In use"),
+        create(false, "example2.tld", "The allocation token is invalid"),
+        create(false, "reserved.tld", "Reserved"));
+  }
+
+  @Test
+  public void testSuccess_oneExists_allocationTokenIsValid() throws Exception {
+    setEppInput("domain_check_allocationtoken.xml");
+    persistActiveDomain("example1.tld");
+    persistResource(new AllocationToken.Builder().setToken("abc123").build());
     doCheckTest(
         create(false, "example1.tld", "In use"),
         create(true, "example2.tld", null),
-        create(true, "example3.tld", null));
+        create(false, "reserved.tld", "Reserved"));
+  }
+
+  @Test
+  public void testSuccess_oneExists_allocationTokenIsRedeemed() throws Exception {
+    setEppInput("domain_check_allocationtoken.xml");
+    persistActiveDomain("example1.tld");
+    persistResource(
+        new AllocationToken.Builder()
+            .setToken("abc123")
+            .setRedemptionHistoryEntry(Key.create(HistoryEntry.class, 1L))
+            .build());
+    doCheckTest(
+        create(false, "example1.tld", "In use"),
+        create(false, "example2.tld", "Alloc token was already redeemed"),
+        create(false, "reserved.tld", "Reserved"));
+  }
+
+  @Test
+  public void testSuccess_nothingExists_reservationsOverrideInvalidAllocationTokens()
+      throws Exception {
+    setEppInput("domain_check_reserved_allocationtoken.xml");
+    // Fill out these reasons
+    doCheckTest(
+        create(false, "collision.tld", "Cannot be delegated"),
+        create(false, "reserved.tld", "Reserved"),
+        create(false, "anchor.tld", "Reserved"),
+        create(false, "allowedinsunrise.tld", "Reserved for non-sunrise"),
+        create(false, "premiumcollision.tld", "Cannot be delegated"));
   }
 
   @Test
@@ -202,6 +243,12 @@ public class DomainCheckFlowTest
     runFlow();
   }
 
+  @Test
+  public void testSuccess_50IdsAllowed_withAllocationToken() throws Exception {
+    setEppInput("domain_check_50_allocationtoken.xml");
+    runFlow();
+  }
+
   @Test
   public void testSuccess_pendingSunriseApplicationInGeneralAvailability() throws Exception {
     createTld("tld", TldState.GENERAL_AVAILABILITY);

javatests/google/registry/flows/domain/DomainClaimsCheckFlowTest.java

@@ -16,6 +16,7 @@ package google.registry.flows.domain;
 
 import static google.registry.testing.DatastoreHelper.assertNoBillingEvents;
 import static google.registry.testing.DatastoreHelper.createTld;
+import static google.registry.testing.DatastoreHelper.createTlds;
 import static google.registry.testing.DatastoreHelper.loadRegistrar;
 import static google.registry.testing.DatastoreHelper.persistResource;
 import static google.registry.testing.EppExceptionSubject.assertAboutEppExceptions;
@@ -26,6 +27,7 @@ import com.google.common.collect.ImmutableSet;
 import google.registry.flows.EppException;
 import google.registry.flows.ResourceFlowTestCase;
 import google.registry.flows.domain.DomainClaimsCheckFlow.DomainClaimsCheckNotAllowedInSunrise;
+import google.registry.flows.domain.DomainClaimsCheckFlow.DomainClaimsCheckNotAllowedWithAllocationTokens;
 import google.registry.flows.domain.DomainFlowUtils.BadCommandForRegistryPhaseException;
 import google.registry.flows.domain.DomainFlowUtils.ClaimsPeriodEndedException;
 import google.registry.flows.domain.DomainFlowUtils.NotAuthorizedForTldException;
@@ -48,7 +50,6 @@ public class DomainClaimsCheckFlowTest
   @Before
   public void initCheckTest() {
     createTld("tld");
-    persistResource(Registry.get("tld").asBuilder().build());
   }
 
   protected void doSuccessfulTest(String expectedXmlFilename) throws Exception {
@@ -66,14 +67,12 @@ public class DomainClaimsCheckFlowTest
   @Test
   public void testSuccess_sunrush() throws Exception {
     createTld("tld", TldState.SUNRUSH);
-    persistResource(Registry.get("tld").asBuilder().build());
     doSuccessfulTest("domain_check_claims_response_none.xml");
   }
 
   @Test
   public void testSuccess_quietPeriod() throws Exception {
     createTld("tld", TldState.QUIET_PERIOD);
-    persistResource(Registry.get("tld").asBuilder().build());
     doSuccessfulTest("domain_check_claims_response_none.xml");
   }
 
@@ -139,7 +138,6 @@ public class DomainClaimsCheckFlowTest
   @Test
   public void testFailure_predelgation() throws Exception {
     createTld("tld", TldState.PREDELEGATION);
-    persistResource(Registry.get("tld").asBuilder().build());
     setEppInput("domain_check_claims.xml");
     EppException thrown = expectThrows(BadCommandForRegistryPhaseException.class, this::runFlow);
     assertAboutEppExceptions().that(thrown).marshalsToXml();
@@ -148,16 +146,23 @@ public class DomainClaimsCheckFlowTest
   @Test
   public void testFailure_sunrise() throws Exception {
     createTld("tld", TldState.SUNRISE);
-    persistResource(Registry.get("tld").asBuilder().build());
     setEppInput("domain_check_claims.xml");
     EppException thrown = expectThrows(DomainClaimsCheckNotAllowedInSunrise.class, this::runFlow);
     assertAboutEppExceptions().that(thrown).marshalsToXml();
   }
 
+  @Test
+  public void testFailure_allocationToken() throws Exception {
+    createTld("tld", TldState.SUNRISE);
+    setEppInput("domain_check_claims_allocationtoken.xml");
+    EppException thrown =
+        expectThrows(DomainClaimsCheckNotAllowedWithAllocationTokens.class, this::runFlow);
+    assertAboutEppExceptions().that(thrown).marshalsToXml();
+  }
+
   @Test
   public void testFailure_multipleTlds_oneHasEndedClaims() throws Exception {
-    createTld("tld1");
-    createTld("tld2");
+    createTlds("tld1", "tld2");
     persistResource(
         Registry.get("tld2").asBuilder().setClaimsPeriodEnd(clock.nowUtc().minusMillis(1)).build());
     setEppInput("domain_check_claims_multiple_tlds.xml");

javatests/google/registry/flows/domain/testdata/domain_check_50_allocationtoken.xml

@@ -0,0 +1,66 @@
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <check>
+      <domain:check xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>www1.tld</domain:name>
+        <domain:name>www2.tld</domain:name>
+        <domain:name>www3.tld</domain:name>
+        <domain:name>www4.tld</domain:name>
+        <domain:name>www5.tld</domain:name>
+        <domain:name>www6.tld</domain:name>
+        <domain:name>www7.tld</domain:name>
+        <domain:name>www8.tld</domain:name>
+        <domain:name>www9.tld</domain:name>
+        <domain:name>www10.tld</domain:name>
+        <domain:name>www11.tld</domain:name>
+        <domain:name>www12.tld</domain:name>
+        <domain:name>www13.tld</domain:name>
+        <domain:name>www14.tld</domain:name>
+        <domain:name>www15.tld</domain:name>
+        <domain:name>www16.tld</domain:name>
+        <domain:name>www17.tld</domain:name>
+        <domain:name>www18.tld</domain:name>
+        <domain:name>www19.tld</domain:name>
+        <domain:name>www20.tld</domain:name>
+        <domain:name>www21.tld</domain:name>
+        <domain:name>www22.tld</domain:name>
+        <domain:name>www23.tld</domain:name>
+        <domain:name>www24.tld</domain:name>
+        <domain:name>www25.tld</domain:name>
+        <domain:name>www26.tld</domain:name>
+        <domain:name>www27.tld</domain:name>
+        <domain:name>www28.tld</domain:name>
+        <domain:name>www29.tld</domain:name>
+        <domain:name>www30.tld</domain:name>
+        <domain:name>www31.tld</domain:name>
+        <domain:name>www32.tld</domain:name>
+        <domain:name>www33.tld</domain:name>
+        <domain:name>www34.tld</domain:name>
+        <domain:name>www35.tld</domain:name>
+        <domain:name>www36.tld</domain:name>
+        <domain:name>www37.tld</domain:name>
+        <domain:name>www38.tld</domain:name>
+        <domain:name>www39.tld</domain:name>
+        <domain:name>www40.tld</domain:name>
+        <domain:name>www41.tld</domain:name>
+        <domain:name>www42.tld</domain:name>
+        <domain:name>www43.tld</domain:name>
+        <domain:name>www44.tld</domain:name>
+        <domain:name>www45.tld</domain:name>
+        <domain:name>www46.tld</domain:name>
+        <domain:name>www47.tld</domain:name>
+        <domain:name>www48.tld</domain:name>
+        <domain:name>www49.tld</domain:name>
+        <domain:name>www50.tld</domain:name>
+      </domain:check>
+    </check>
+    <extension>
+      <allocationToken:allocationToken
+          xmlns:allocationToken=
+              "urn:ietf:params:xml:ns:allocationToken-1.0">
+        abc123
+      </allocationToken:allocationToken>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>

javatests/google/registry/flows/domain/testdata/domain_check_allocationtoken.xml

@@ -2,10 +2,10 @@
   <command>
     <check>
       <domain:check
-        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
         <domain:name>example1.tld</domain:name>
         <domain:name>example2.tld</domain:name>
-        <domain:name>example3.tld</domain:name>
+        <domain:name>reserved.tld</domain:name>
       </domain:check>
     </check>
     <extension>

javatests/google/registry/flows/domain/testdata/domain_check_claims.xml

@@ -1,20 +1,20 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
   <command>
-   <check>
-    <domain:check
-     xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
-      <domain:name>example1.tld</domain:name>
-      <domain:name>example2.tld</domain:name>
-    </domain:check>
-   </check>
-   <extension>
-    <launch:check
-     xmlns:launch="urn:ietf:params:xml:ns:launch-1.0"
-     type="claims">
-      <launch:phase>claims</launch:phase>
-    </launch:check>
-   </extension>
-   <clTRID>ABC-12345</clTRID>
+    <check>
+      <domain:check
+          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>example1.tld</domain:name>
+        <domain:name>example2.tld</domain:name>
+      </domain:check>
+    </check>
+    <extension>
+      <launch:check
+          xmlns:launch="urn:ietf:params:xml:ns:launch-1.0"
+          type="claims">
+        <launch:phase>claims</launch:phase>
+      </launch:check>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
   </command>
 </epp>

javatests/google/registry/flows/domain/testdata/domain_check_claims_allocationtoken.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <check>
+      <domain:check
+          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>example1.tld</domain:name>
+        <domain:name>example2.tld</domain:name>
+      </domain:check>
+    </check>
+    <extension>
+      <launch:check
+          xmlns:launch="urn:ietf:params:xml:ns:launch-1.0"
+          type="claims">
+        <launch:phase>claims</launch:phase>
+      </launch:check>
+      <allocationToken:allocationToken
+          xmlns:allocationToken=
+              "urn:ietf:params:xml:ns:allocationToken-1.0">
+        abc123
+      </allocationToken:allocationToken>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>

javatests/google/registry/flows/domain/testdata/domain_check_reserved_allocationtoken.xml

@@ -0,0 +1,22 @@
+<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
+  <command>
+    <check>
+      <domain:check
+        xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
+        <domain:name>collision.tld</domain:name>
+        <domain:name>reserved.tld</domain:name>
+        <domain:name>anchor.tld</domain:name>
+        <domain:name>allowedinsunrise.tld</domain:name>
+        <domain:name>premiumcollision.tld</domain:name>
+      </domain:check>
+    </check>
+    <extension>
+      <allocationToken:allocationToken
+          xmlns:allocationToken=
+              "urn:ietf:params:xml:ns:allocationToken-1.0">
+        abc123
+      </allocationToken:allocationToken>
+    </extension>
+    <clTRID>ABC-12345</clTRID>
+  </command>
+</epp>