Send out Lordn during start-date sunrise

Also prevents signed marks from being used in non-sunrise TldStates. Currently, we send out a Lordn update only when there's a ClaimNotice, or if we're in end-date sunrise. But EPPs can contain a SignedMark instead of a ClaimsNotice for trademarked domains - in which case we aren't sending out Lordn update. This also applies to start-date sunrises. We also change the SignedMark behavior for superusers. Currently, if a mismatched signed mark is given as superuser, we accept it. That causes problems when we want to send the Lordn update. Instead - we no longer allow superusers to give a mismatched SignedMark (just as we don't allow users to give a bad ClaimNotice). A super user can still create a domain WITHOUT a signed mark - but if one is provided, it must match. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=199783411
2025-05-16 17:37:13 +02:00 · 2018-06-08 06:01:30 -07:00 · 2018-06-08 06:01:30 -07:00 · 5aeee19699
commit 5aeee19699
parent 658f31933c
9 changed files with 103 additions and 318 deletions
--- a/docs/flows.md
+++ b/docs/flows.md
@ -522,6 +522,7 @@ An EPP flow that creates a new domain resource.
    *   Service extension(s) must be declared at login.
    *   The current registry phase allows registrations only with signed marks.
    *   The current registry phase does not allow for general registrations.
+    *   Signed marks are only allowed during sunrise.
 *   2003
    *   The provided mark does not match the desired domain label.
    *   Fees must be explicitly acknowledged when creating domains during the
--- a/java/google/registry/flows/domain/DomainCreateFlow.java
+++ b/java/google/registry/flows/domain/DomainCreateFlow.java
@ -44,6 +44,8 @@ import static google.registry.model.index.DomainApplicationIndex.loadActiveAppli
 import static google.registry.model.ofy.ObjectifyService.ofy;
 import static google.registry.model.registry.Registry.TldState.GENERAL_AVAILABILITY;
 import static google.registry.model.registry.Registry.TldState.START_DATE_SUNRISE;
+import static google.registry.model.registry.Registry.TldState.SUNRISE;
+import static google.registry.model.registry.Registry.TldState.SUNRUSH;
 import static google.registry.model.registry.label.ReservedList.matchesAnchorTenantReservation;
 import static google.registry.util.DateTimeUtils.END_OF_TIME;
 import static google.registry.util.DateTimeUtils.leapSafeAddYears;
@ -125,6 +127,7 @@ import org.joda.time.Duration;
 * @error {@link DomainCreateFlow.DomainHasOpenApplicationsException}
 * @error {@link DomainCreateFlow.MustHaveSignedMarksInCurrentPhaseException}
 * @error {@link DomainCreateFlow.NoGeneralRegistrationsInCurrentPhaseException}
+ * @error {@link DomainCreateFlow.SignedMarksOnlyDuringSunriseException}
 * @error {@link DomainFlowTmchUtils.NoMarksFoundMatchingDomainException}
 * @error {@link DomainFlowTmchUtils.FoundMarkNotYetValidException}
 * @error {@link DomainFlowTmchUtils.FoundMarkExpiredException}
@ -183,8 +186,18 @@ import org.joda.time.Duration;
@ReportingSpec(ActivityReportField.DOMAIN_CREATE)
 public class DomainCreateFlow implements TransactionalFlow {

+  /**
+   * States when the TLD is in sunrise.
+   *
+   * <p>Note that a TLD in SUNRUSH means sunrise is in effect, but not necessarily that the "create"
+   * command is a "sunrise create". It might be a landrush create. We must make sure there's a
+   * signed mark to know if the create is "sunrise" or "landrush" for verification purposes.
+   *
+   * <p>Note also that SUNRISE (start-date sunrise) and LANDRUSH can't "naturally" succeed in this
+   * flow. They can only succeed if sent as a superuser or anchor tenant.
+   */
  private static final ImmutableSet<TldState> SUNRISE_STATES =
-      Sets.immutableEnumSet(TldState.SUNRISE, TldState.SUNRUSH);
+      Sets.immutableEnumSet(SUNRISE, SUNRUSH, START_DATE_SUNRISE);

  /** Anchor tenant creates should always be for 2 years, since they get 2 years free. */
  private static final int ANCHOR_TENANT_CREATE_VALID_YEARS = 2;
@ -245,7 +258,6 @@ public class DomainCreateFlow implements TransactionalFlow {
      validateLaunchCreateNotice(launchCreate.get().getNotice(), domainLabel, isSuperuser, now);
    }
    boolean isSunriseCreate = hasSignedMarks && SUNRISE_STATES.contains(tldState);
-    String signedMarkId = null;
    // Superusers can create reserved domains, force creations on domains that require a claims
    // notice without specifying a claims key, ignore the registry phase, and override blocks on
    // registering premium domains.
@ -266,6 +278,9 @@ public class DomainCreateFlow implements TransactionalFlow {
      verifyPremiumNameIsNotBlocked(targetId, now, clientId);
      verifyNoOpenApplications(now);
      verifyIsGaOrIsSpecialCase(tldState, isAnchorTenant, hasSignedMarks);
+      verifySignedMarkOnlyInSunrise(hasSignedMarks, tldState);
+    }
+    String signedMarkId = null;
    if (hasSignedMarks) {
      // If a signed mark was provided, then it must match the desired domain label. Get the mark
      // at this point so that we can verify it before the "after validation" extension point.
@ -274,7 +289,6 @@ public class DomainCreateFlow implements TransactionalFlow {
              .verifySignedMarks(launchCreate.get().getSignedMarks(), domainLabel, now)
              .getId();
    }
-    }
    Optional<AllocationToken> allocationToken =
        verifyAllocationTokenIfPresent(command, registry, clientId, now);
    flowCustomLogic.afterValidation(
@ -348,7 +362,7 @@ public class DomainCreateFlow implements TransactionalFlow {
      entitiesToSave.add(
          prepareMarkedLrpTokenEntity(authInfo.getPw().getValue(), domainName, historyEntry));
    }
-    enqueueTasks(isSunriseCreate, hasClaimsNotice, newDomain);
+    enqueueTasks(newDomain, hasSignedMarks, hasClaimsNotice);

    EntityChanges entityChanges =
        flowCustomLogic.beforeSave(
@ -380,6 +394,23 @@ public class DomainCreateFlow implements TransactionalFlow {
        || (metadataExtension.isPresent() && metadataExtension.get().getIsAnchorTenant());
  }

+  /**
+   * Verifies that signed marks are only sent during sunrise.
+   *
+   * <p>A trademarked domain name requires either a signed mark or a claims notice. We then need to
+   * send out a LORDN message - either a "sunrise" LORDN if we have a signed mark, or a "claims"
+   * LORDN if we have a claims notice.
+   *
+   * <p>This verification prevents us from either sending out a "sunrise" LORDN out of sunrise, or
+   * not sending out any LORDN, for a trademarked domain with a signed mark in GA.
+   */
+  static void verifySignedMarkOnlyInSunrise(boolean hasSignedMarks, TldState tldState)
+      throws EppException {
+    if (hasSignedMarks && !SUNRISE_STATES.contains(tldState)) {
+      throw new SignedMarksOnlyDuringSunriseException();
+    }
+  }
+
  /**
   * Verifies anchor tenant creates are only done for {@value ANCHOR_TENANT_CREATE_VALID_YEARS} year
   * periods, as anchor tenants get exactly that many years of free registration.
@ -539,11 +570,11 @@ public class DomainCreateFlow implements TransactionalFlow {
  }

  private void enqueueTasks(
-      boolean isSunriseCreate, boolean hasClaimsNotice, DomainResource newDomain) {
+      DomainResource newDomain, boolean hasSignedMarks, boolean hasClaimsNotice) {
    if (newDomain.shouldPublishToDns()) {
      dnsQueue.addDomainRefreshTask(newDomain.getFullyQualifiedDomainName());
    }
-    if (hasClaimsNotice || isSunriseCreate) {
+    if (hasClaimsNotice || hasSignedMarks) {
      LordnTask.enqueueDomainResourceTask(newDomain);
    }
  }
@ -555,6 +586,13 @@ public class DomainCreateFlow implements TransactionalFlow {
        : ImmutableList.of();
  }

+  /** Signed marks are only allowed during sunrise. */
+  static class SignedMarksOnlyDuringSunriseException extends CommandUseErrorException {
+    public SignedMarksOnlyDuringSunriseException() {
+      super("Signed marks are only allowed during sunrise");
+    }
+  }
+
  /** There is an open application for this domain. */
  static class DomainHasOpenApplicationsException extends StatusProhibitsOperationException {
    public DomainHasOpenApplicationsException() {
--- a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
+++ b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java
@ -69,6 +69,7 @@ import google.registry.flows.domain.DomainCreateFlow.AnchorTenantCreatePeriodExc
 import google.registry.flows.domain.DomainCreateFlow.DomainHasOpenApplicationsException;
 import google.registry.flows.domain.DomainCreateFlow.MustHaveSignedMarksInCurrentPhaseException;
 import google.registry.flows.domain.DomainCreateFlow.NoGeneralRegistrationsInCurrentPhaseException;
+import google.registry.flows.domain.DomainCreateFlow.SignedMarksOnlyDuringSunriseException;
 import google.registry.flows.domain.DomainFlowTmchUtils.FoundMarkExpiredException;
 import google.registry.flows.domain.DomainFlowTmchUtils.FoundMarkNotYetValidException;
 import google.registry.flows.domain.DomainFlowTmchUtils.NoMarksFoundMatchingDomainException;
@ -151,7 +152,6 @@ import google.registry.model.reporting.HistoryEntry;
 import google.registry.monitoring.whitebox.EppMetric;
 import google.registry.testing.TaskQueueHelper.TaskMatcher;
 import java.util.Map;
-import javax.annotation.Nullable;
 import org.joda.money.CurrencyUnit;
 import org.joda.money.Money;
 import org.joda.time.DateTime;
@ -297,16 +297,11 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  }

  private void assertNoLordn() throws Exception {
-    assertNoLordn(null, null);
-  }
-
-  private void assertNoLordn(@Nullable String smdId, @Nullable LaunchNotice launchNotice)
-      throws Exception {
    assertAboutDomains()
        .that(reloadResourceByForeignKey())
-        .hasSmdId(smdId)
+        .hasSmdId(null)
        .and()
-        .hasLaunchNotice(launchNotice);
+        .hasLaunchNotice(null);
    assertNoTasksEnqueued(QUEUE_CLAIMS, QUEUE_SUNRISE);
  }

@ -537,27 +532,30 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  }

  @Test
-  public void testSuccess_generalAvailability_ignoresEncodedSignedMark() throws Exception {
+  public void testFailure_generalAvailability_withEncodedSignedMark() throws Exception {
    createTld("tld", TldState.GENERAL_AVAILABILITY);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
-    setEppInput("domain_create_registration_encoded_signed_mark.xml");
-    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "test-validate.tld", "PHASE", "open"));
    persistContactsAndHosts();
-    runFlow();
-    assertSuccessfulCreate("tld", true);
-    assertNoLordn("0000001761376042759136-65535", null);
+    EppException thrown =
+        assertThrows(SignedMarksOnlyDuringSunriseException.class, this::runFlow);
+    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }

  @Test
-  public void testSuccess_generalAvailability_ignoresEncodedSignedMarkMismatch() throws Exception {
+  public void testFailure_generalAvailability_superuserMismatchedEncodedSignedMark()
+      throws Exception {
    createTld("tld", TldState.GENERAL_AVAILABILITY);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
-    setEppInput("domain_create_registration_encoded_signed_mark_mismatched_label.xml");
-    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "wrong.tld", "PHASE", "open"));
    persistContactsAndHosts();
-    runFlowAsSuperuser();
-    assertSuccessfulCreate("tld", true);
-    assertNoLordn();
+    EppException thrown =
+        assertThrows(NoMarksFoundMatchingDomainException.class, this::runFlowAsSuperuser);
+    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }

  @Test
@ -1447,10 +1445,16 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }

+  /**
+   * Tests that a sunrise registration fails with the correct error during end-date sunrise.
+   *
+   * <p>Makes sure that a sunrise registration without signed mark during end-date sunrise fails
+   * with the "wrong phase" error rather than the "missing signed mark" error.
+   */
  @Test
-  public void testFailure_signedMarkWithoutAnchorTenant() throws Exception {
+  public void testFailure_registrationDuringEndDateSunrise_wrongPhase() throws Exception {
    createTld("tld", TldState.SUNRISE);
-    setEppInput("domain_create_signed_mark.xml");
+    setEppInput("domain_create_registration_sunrise.xml");
    persistContactsAndHosts();
    EppException thrown =
        assertThrows(NoGeneralRegistrationsInCurrentPhaseException.class, this::runFlow);
@ -1755,7 +1759,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  @Test
  public void testFailure_startDateSunriseRegistration_missingSignedMark() throws Exception {
    createTld("tld", TldState.START_DATE_SUNRISE);
-    setEppInput("domain_create_registration_start_date_sunrise.xml");
+    setEppInput("domain_create_registration_sunrise.xml");
    persistContactsAndHosts();
    EppException thrown =
        assertThrows(MustHaveSignedMarksInCurrentPhaseException.class, this::runFlow);
@ -1765,7 +1769,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  @Test
  public void testSuccess_superuserStartDateSunriseRegistration_isSuperuser() throws Exception {
    createTld("tld", TldState.START_DATE_SUNRISE);
-    setEppInput("domain_create_registration_start_date_sunrise.xml");
+    setEppInput("domain_create_registration_sunrise.xml");
    persistContactsAndHosts();
    doSuccessfulTest("tld", "domain_create_response.xml", UserPrivileges.SUPERUSER);
  }
@ -1785,11 +1789,13 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  public void testSuccess_startDateSunriseRegistration_withEncodedSignedMark() throws Exception {
    createTld("tld", TldState.START_DATE_SUNRISE);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
-    setEppInput("domain_create_registration_start_date_sunrise_encoded_signed_mark.xml");
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "test-validate.tld", "PHASE", "sunrise"));
    persistContactsAndHosts();
    runFlowAssertResponse(loadFile("domain_create_response_encoded_signed_mark_name.xml"));
    assertSuccessfulCreate("tld", false);
-    assertNoLordn("0000001761376042759136-65535", null);
+    assertSunriseLordn();
  }

  /**
@ -1807,7 +1813,7 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    persistContactsAndHosts();
    runFlowAssertResponse(loadFile("domain_create_response_encoded_signed_mark_name.xml"));
    assertSuccessfulCreate("tld", false);
-    assertNoLordn("0000001761376042759136-65535", null);
+    assertSunriseLordn();
  }


@ -1816,7 +1822,9 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  public void testFail_sunriseRegistration_withEncodedSignedMark() throws Exception {
    createTld("tld", TldState.SUNRISE);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
-    setEppInput("domain_create_registration_start_date_sunrise_encoded_signed_mark.xml");
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "test-validate.tld", "PHASE", "sunrise"));
    persistContactsAndHosts();
    EppException thrown =
        assertThrows(NoGeneralRegistrationsInCurrentPhaseException.class, this::runFlow);
@ -1827,7 +1835,9 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  public void testFail_startDateSunriseRegistration_wrongEncodedSignedMark() throws Exception {
    createTld("tld", TldState.START_DATE_SUNRISE);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
-    setEppInput("domain_create_registration_start_date_sunrise_wrong_encoded_signed_mark.xml");
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "wrong.tld", "PHASE", "sunrise"));
    persistContactsAndHosts();
    EppException thrown = assertThrows(NoMarksFoundMatchingDomainException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
@ -1838,7 +1848,9 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    createTld("tld", TldState.START_DATE_SUNRISE);
    // If we move now back in time a bit, the mark will not have gone into effect yet.
    clock.setTo(DateTime.parse("2013-08-09T10:05:59Z").minusSeconds(1));
-    setEppInput("domain_create_registration_start_date_sunrise_encoded_signed_mark.xml");
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "test-validate.tld", "PHASE", "sunrise"));
    persistContactsAndHosts();
    EppException thrown = assertThrows(FoundMarkNotYetValidException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
@ -1849,7 +1861,9 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
    createTld("tld", TldState.START_DATE_SUNRISE);
    // Move time forward to the mark expiration time.
    clock.setTo(DateTime.parse("2017-07-23T22:00:00.000Z"));
-    setEppInput("domain_create_registration_start_date_sunrise_encoded_signed_mark.xml");
+    setEppInput(
+        "domain_create_registration_encoded_signed_mark.xml",
+        ImmutableMap.of("NAME", "test-validate.tld", "PHASE", "sunrise"));
    persistContactsAndHosts();
    EppException thrown = assertThrows(FoundMarkExpiredException.class, this::runFlow);
    assertAboutEppExceptions().that(thrown).marshalsToXml();
@ -1962,15 +1976,15 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase<DomainCreateFlow,
  }

  @Test
-  public void testSuccess_qlpLandrushRegistration_ignoresEncodedSignedMark() throws Exception {
+  public void testFailure_qlpLandrushRegistration_withEncodedSignedMark() throws Exception {
    createTld("tld", TldState.LANDRUSH);
    clock.setTo(DateTime.parse("2014-09-09T09:09:09Z"));
    setEppInput("domain_create_registration_qlp_landrush_encoded_signed_mark.xml");
    eppRequestSource = EppRequestSource.TOOL; // Only tools can pass in metadata.
    persistContactsAndHosts();
-    runFlow();
-    assertSuccessfulCreate("tld", true);
-    assertNoLordn("0000001761376042759136-65535", null);
+    EppException thrown =
+        assertThrows(SignedMarksOnlyDuringSunriseException.class, this::runFlow);
+    assertAboutEppExceptions().that(thrown).marshalsToXml();
  }

  @Test
--- a/javatests/google/registry/flows/domain/testdata/domain_create_registration_encoded_signed_mark.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_registration_encoded_signed_mark.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_registration_encoded_signed_mark_mismatched_label.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_registration_encoded_signed_mark_mismatched_label.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise.xml
@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
-  <command>
-    <create>
-      <domain:create
-       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
-        <domain:name>example.tld</domain:name>
-        <domain:period unit="y">2</domain:period>
-        <domain:ns>
-          <domain:hostObj>ns1.example.net</domain:hostObj>
-          <domain:hostObj>ns2.example.net</domain:hostObj>
-        </domain:ns>
-        <domain:registrant>jd1234</domain:registrant>
-        <domain:contact type="admin">sh8013</domain:contact>
-        <domain:contact type="tech">sh8013</domain:contact>
-        <domain:authInfo>
-          <domain:pw>2fooBAR</domain:pw>
-        </domain:authInfo>
-      </domain:create>
-    </create>
-    <extension>
-      <launch:create
-       xmlns:launch="urn:ietf:params:xml:ns:launch-1.0"
-       type="registration">
-        <launch:phase>sunrise</launch:phase>
-      </launch:create>
-    </extension>
-    <clTRID>ABC-12345</clTRID>
-  </command>
-</epp>
--- a/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise_encoded_signed_mark.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise_encoded_signed_mark.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise_wrong_encoded_signed_mark.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_registration_start_date_sunrise_wrong_encoded_signed_mark.xml
--- a/javatests/google/registry/flows/domain/testdata/domain_create_signed_mark.xml
+++ b/javatests/google/registry/flows/domain/testdata/domain_create_signed_mark.xml
@ -1,137 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
-  <command>
-    <create>
-      <domain:create
-       xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
-        <domain:name>exampleone.tld</domain:name>
-        <domain:ns>
-          <domain:hostObj>ns1.example.net</domain:hostObj>
-          <domain:hostObj>ns2.example.net</domain:hostObj>
-        </domain:ns>
-        <domain:registrant>jd1234</domain:registrant>
-        <domain:contact type="admin">sh8013</domain:contact>
-        <domain:contact type="tech">sh8013</domain:contact>
-        <domain:authInfo>
-          <domain:pw>2fooBAR</domain:pw>
-        </domain:authInfo>
-      </domain:create>
-    </create>
-    <extension>
-      <launch:create
-       xmlns:launch="urn:ietf:params:xml:ns:launch-1.0"
-       type="registration">
-        <launch:phase>sunrise</launch:phase>
-        <smd:signedMark xmlns:smd="urn:ietf:params:xml:ns:signedMark-1.0" id="signedMark">
-          <smd:id>1-2</smd:id>
-          <smd:issuerInfo issuerID="2">
-            <smd:org>Example Inc.</smd:org>
-            <smd:email>support@example.tld</smd:email>
-            <smd:url>http://www.example.tld</smd:url>
-            <smd:voice x="1234">+1.7035555555</smd:voice>
-          </smd:issuerInfo>
-          <smd:notBefore>2009-08-16T09:00:00.0Z</smd:notBefore>
-          <smd:notAfter>2010-08-16T09:00:00.0Z</smd:notAfter>
-          <mark:mark xmlns:mark="urn:ietf:params:xml:ns:mark-1.0">
-            <mark:trademark>
-              <mark:id>1234-2</mark:id>
-              <mark:markName>Example One</mark:markName>
-              <mark:holder entitlement="owner">
-                <mark:org>Example Inc.</mark:org>
-                <mark:addr>
-                  <mark:street>123 Example Dr.</mark:street>
-                  <mark:street>Suite 100</mark:street>
-                  <mark:city>Reston</mark:city>
-                  <mark:sp>VA</mark:sp>
-                  <mark:pc>20190</mark:pc>
-                  <mark:cc>US</mark:cc>
-                </mark:addr>
-              </mark:holder>
-              <mark:jurisdiction>US</mark:jurisdiction>
-              <mark:class>35</mark:class>
-              <mark:class>36</mark:class>
-              <mark:label>example-one</mark:label>
-              <mark:label>exampleone</mark:label>
-              <mark:goodsAndServices>Dirigendas et eiusmodi featuring infringo in airfare et cartam servicia.</mark:goodsAndServices>
-              <mark:regNum>234235</mark:regNum>
-              <mark:regDate>2009-08-16T09:00:00.0Z</mark:regDate>
-              <mark:exDate>2015-08-16T09:00:00.0Z</mark:exDate>
-            </mark:trademark>
-          </mark:mark>
-          <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
-    <SignedInfo>
-     <CanonicalizationMethod
-  Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
-     <SignatureMethod
-  Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
-     <Reference URI="#signedMark">
-      <Transforms>
-       <Transform
-  Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
-      </Transforms>
-      <DigestMethod
-  Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
-      <DigestValue>
-       miF4M2aTd1Y3tKOzJtiyl2VpzAnVPnV1Hq7Zax+yzrA=
-      </DigestValue>
-     </Reference>
-    </SignedInfo>
-    <SignatureValue>
-     MELpHTWEVfG1JcsG1/a//o54OnlJ5A864+X5JwfqgGBBeZSzGHNzwzTKFzIyyyfn
-     lGxVwNMoBV5aSvkF7oEKMNVzfcl/P0czNQZ/LJ83p3Ol27/iUNsqgCaGf9Zupw+M
-     XT4Q2lOrIw+qSx5g7q9T83siMLvkD5uEYlU5dPqgsObLTW8/doTQrA14RcxgY4kG
-     a4+t5B1cT+5VaghTOPb8uUSEDKjnOsGdy8p24wgyK9n8h0CTSS2ZQ6Zq/RmQeT7D
-     sbceUHheQ+mkQWIljpMQqsiBjw5XXh4jkEgfAzrb6gkYEF+X8ReuPZuOYC4QjIET
-     yx8ifN4KE3GIbMXeF4LDsA==
-    </SignatureValue>
-    <KeyInfo>
-     <KeyValue>
-      <RSAKeyValue>
-       <Modulus>
-        o/cwvXhbVYl0RDWWvoyeZpETVZVVcMCovUVNg/swWinuMgEWgVQFrz0xA04pEhXC
-        FVv4evbUpekJ5buqU1gmQyOsCKQlhOHTdPjvkC5upDqa51Flk0TMaMkIQjs7aUKC
-        mA4RG4tTTGK/EjR1ix8/D0gHYVRldy1YPrMP+ou75bOVnIos+HifrAtrIv4qEqwL
-        L4FTZAUpaCa2BmgXfy2CSRQbxD5Or1gcSa3vurh5sPMCNxqaXmIXmQipS+DuEBqM
-        M8tldaN7RYojUEKrGVsNk5i9y2/7sjn1zyyUPf7vL4GgDYqhJYWV61DnXgx/Jd6C
-        WxvsnDF6scscQzUTEl+hyw==
-       </Modulus>
-       <Exponent>
-        AQAB
-       </Exponent>
-      </RSAKeyValue>
-     </KeyValue>
-     <X509Data>
-      <X509Certificate>
-       MIIESTCCAzGgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEL
-       MAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJQ0FO
-       TiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0EwHhcNMTMwMjA4MDAw
-       MDAwWhcNMTgwMjA3MjM1OTU5WjBsMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0Ex
-       FDASBgNVBAcTC0xvcyBBbmdlbGVzMRcwFQYDVQQKEw5WYWxpZGF0b3IgVE1DSDEh
-       MB8GA1UEAxMYVmFsaWRhdG9yIFRNQ0ggVEVTVCBDRVJUMIIBIjANBgkqhkiG9w0B
-       AQEFAAOCAQ8AMIIBCgKCAQEAo/cwvXhbVYl0RDWWvoyeZpETVZVVcMCovUVNg/sw
-       WinuMgEWgVQFrz0xA04pEhXCFVv4evbUpekJ5buqU1gmQyOsCKQlhOHTdPjvkC5u
-       pDqa51Flk0TMaMkIQjs7aUKCmA4RG4tTTGK/EjR1ix8/D0gHYVRldy1YPrMP+ou7
-       5bOVnIos+HifrAtrIv4qEqwLL4FTZAUpaCa2BmgXfy2CSRQbxD5Or1gcSa3vurh5
-       sPMCNxqaXmIXmQipS+DuEBqMM8tldaN7RYojUEKrGVsNk5i9y2/7sjn1zyyUPf7v
-       L4GgDYqhJYWV61DnXgx/Jd6CWxvsnDF6scscQzUTEl+hywIDAQABo4H/MIH8MAwG
-       A1UdEwEB/wQCMAAwHQYDVR0OBBYEFPZEcIQcD/Bj2IFz/LERuo2ADJviMIGMBgNV
-       HSMEgYQwgYGAFO0/7kEh3FuEKS+Q/kYHaD/W6wihoWakZDBiMQswCQYDVQQGEwJV
-       UzELMAkGA1UECBMCQ0ExFDASBgNVBAcTC0xvcyBBbmdlbGVzMRMwEQYDVQQKEwpJ
-       Q0FOTiBUTUNIMRswGQYDVQQDExJJQ0FOTiBUTUNIIFRFU1QgQ0GCAQEwDgYDVR0P
-       AQH/BAQDAgeAMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jcmwuaWNhbm4ub3Jn
-       L3RtY2guY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB2qSy7ui+43cebKUKwWPrzz9y/
-       IkrMeJGKjo40n+9uekaw3DJ5EqiOf/qZ4pjBD++oR6BJCb6NQuQKwnoAz5lE4Ssu
-       y5+i93oT3HfyVc4gNMIoHm1PS19l7DBKrbwbzAea/0jKWVzrvmV7TBfjxD3AQo1R
-       bU5dBr6IjbdLFlnO5x0G0mrG7x5OUPuurihyiURpFDpwH8KAH1wMcCpXGXFRtGKk
-       wydgyVYAty7otkl/z3bZkCVT34gPvF70sR6+QxUy8u0LzF5A/beYaZpxSYG31amL
-       AdXitTWFipaIGea9lEGFM0L9+Bg7XzNn4nVLXokyEB3bgS4scG6QznX23FGk
-      </X509Certificate>
-     </X509Data>
-    </KeyInfo>
-   </Signature>
-        </smd:signedMark>
-      </launch:create>
-    </extension>
-    <clTRID>ABC-12345</clTRID>
-  </command>
-</epp>