mirror of
https://github.com/google/nomulus.git
synced 2025-05-13 07:57:13 +02:00
Break domain flow TMCH helper methods into separate injected class
This is a necessary prerequisite to subsequently injecting the configuration dependencies. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=143567753
This commit is contained in:
mcilwain
Ben McIlwain
parent
c35c3a678b
commit
8252e97dfb
8 changed files with 285 additions and 239 deletions
|
|
@ -18,10 +18,8 @@ import static com.google.common.base.Preconditions.checkNotNull;
|
|||
import static com.google.common.base.Preconditions.checkState;
|
||||
import static com.google.common.base.Predicates.equalTo;
|
||||
import static com.google.common.collect.Iterables.any;
|
||||
import static com.google.common.collect.Iterables.concat;
|
||||
import static com.google.common.collect.Sets.difference;
|
||||
import static com.google.common.collect.Sets.union;
|
||||
import static google.registry.flows.EppXmlTransformer.unmarshal;
|
||||
import static google.registry.flows.domain.DomainPricingLogic.getMatchingLrpToken;
|
||||
import static google.registry.model.EppResourceUtils.loadByForeignKey;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
|
|
@ -95,9 +93,6 @@ import google.registry.model.domain.secdns.SecDnsUpdateExtension.Remove;
|
|||
import google.registry.model.eppcommon.StatusValue;
|
||||
import google.registry.model.eppoutput.EppResponse.ResponseExtension;
|
||||
import google.registry.model.host.HostResource;
|
||||
import google.registry.model.mark.Mark;
|
||||
import google.registry.model.mark.ProtectedMark;
|
||||
import google.registry.model.mark.Trademark;
|
||||
import google.registry.model.poll.PendingActionNotificationResponse.DomainPendingActionNotificationResponse;
|
||||
import google.registry.model.poll.PollMessage;
|
||||
import google.registry.model.registrar.Registrar;
|
||||
|
|
@ -105,35 +100,19 @@ import google.registry.model.registry.Registry;
|
|||
import google.registry.model.registry.Registry.TldState;
|
||||
import google.registry.model.registry.label.ReservationType;
|
||||
import google.registry.model.reporting.HistoryEntry;
|
||||
import google.registry.model.smd.AbstractSignedMark;
|
||||
import google.registry.model.smd.EncodedSignedMark;
|
||||
import google.registry.model.smd.SignedMark;
|
||||
import google.registry.model.smd.SignedMarkRevocationList;
|
||||
import google.registry.model.tmch.ClaimsListShard;
|
||||
import google.registry.model.transfer.TransferData;
|
||||
import google.registry.model.transfer.TransferResponse.DomainTransferResponse;
|
||||
import google.registry.tmch.TmchXmlSignature;
|
||||
import google.registry.tmch.TmchXmlSignature.CertificateSignatureException;
|
||||
import google.registry.util.Idn;
|
||||
import java.io.IOException;
|
||||
import java.math.BigDecimal;
|
||||
import java.security.GeneralSecurityException;
|
||||
import java.security.SignatureException;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.CertificateNotYetValidException;
|
||||
import java.security.cert.CertificateRevokedException;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.xml.crypto.MarshalException;
|
||||
import javax.xml.crypto.dsig.XMLSignatureException;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import org.joda.money.CurrencyUnit;
|
||||
import org.joda.money.Money;
|
||||
import org.joda.time.DateTime;
|
||||
import org.xml.sax.SAXException;
|
||||
|
||||
/** Static utility functions for domain flows. */
|
||||
public class DomainFlowUtils {
|
||||
|
|
@ -496,86 +475,6 @@ public class DomainFlowUtils {
|
|||
.build());
|
||||
}
|
||||
|
||||
static SignedMark verifySignedMarks(
|
||||
ImmutableList<AbstractSignedMark> signedMarks, String domainLabel, DateTime now)
|
||||
throws EppException {
|
||||
if (signedMarks.size() > 1) {
|
||||
throw new TooManySignedMarksException();
|
||||
}
|
||||
if (!(signedMarks.get(0) instanceof EncodedSignedMark)) {
|
||||
throw new SignedMarksMustBeEncodedException();
|
||||
}
|
||||
return verifyEncodedSignedMark((EncodedSignedMark) signedMarks.get(0), domainLabel, now);
|
||||
}
|
||||
|
||||
public static SignedMark verifyEncodedSignedMark(
|
||||
EncodedSignedMark encodedSignedMark, String domainLabel, DateTime now) throws EppException {
|
||||
if (!encodedSignedMark.getEncoding().equals("base64")) {
|
||||
throw new Base64RequiredForEncodedSignedMarksException();
|
||||
}
|
||||
byte[] signedMarkData;
|
||||
try {
|
||||
signedMarkData = encodedSignedMark.getBytes();
|
||||
} catch (IllegalStateException e) {
|
||||
throw new SignedMarkEncodingErrorException();
|
||||
}
|
||||
|
||||
SignedMark signedMark;
|
||||
try {
|
||||
signedMark = unmarshal(SignedMark.class, signedMarkData);
|
||||
} catch (EppException e) {
|
||||
throw new SignedMarkParsingErrorException();
|
||||
}
|
||||
|
||||
if (SignedMarkRevocationList.get().isSmdRevoked(signedMark.getId(), now)) {
|
||||
throw new SignedMarkRevokedErrorException();
|
||||
}
|
||||
|
||||
try {
|
||||
TmchXmlSignature.verify(signedMarkData);
|
||||
} catch (CertificateExpiredException e) {
|
||||
throw new SignedMarkCertificateExpiredException();
|
||||
} catch (CertificateNotYetValidException e) {
|
||||
throw new SignedMarkCertificateNotYetValidException();
|
||||
} catch (CertificateRevokedException e) {
|
||||
throw new SignedMarkCertificateRevokedException();
|
||||
} catch (CertificateSignatureException e) {
|
||||
throw new SignedMarkCertificateSignatureException();
|
||||
} catch (SignatureException | XMLSignatureException e) {
|
||||
throw new SignedMarkSignatureException();
|
||||
} catch (GeneralSecurityException e) {
|
||||
throw new SignedMarkCertificateInvalidException();
|
||||
} catch (IOException
|
||||
| MarshalException
|
||||
| SAXException
|
||||
| ParserConfigurationException e) {
|
||||
throw new SignedMarkParsingErrorException();
|
||||
}
|
||||
|
||||
if (!(isAtOrAfter(now, signedMark.getCreationTime())
|
||||
&& now.isBefore(signedMark.getExpirationTime())
|
||||
&& containsMatchingLabel(signedMark.getMark(), domainLabel))) {
|
||||
throw new NoMarksFoundMatchingDomainException();
|
||||
}
|
||||
return signedMark;
|
||||
}
|
||||
|
||||
/** Returns true if the mark contains a valid claim that matches the label. */
|
||||
static boolean containsMatchingLabel(Mark mark, String label) {
|
||||
for (Trademark trademark : mark.getTrademarks()) {
|
||||
if (trademark.getLabels().contains(label)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
for (ProtectedMark protectedMark
|
||||
: concat(mark.getTreatyOrStatuteMarks(), mark.getCourtMarks())) {
|
||||
if (protectedMark.getLabels().contains(label)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Validates a {@link FeeQueryCommandExtensionItem} and sets the appropriate fields on a {@link
|
||||
* FeeQueryResponseExtensionItem} builder.
|
||||
|
|
@ -997,14 +896,6 @@ public class DomainFlowUtils {
|
|||
.build();
|
||||
}
|
||||
|
||||
/** Encoded signed marks must use base64 encoding. */
|
||||
static class Base64RequiredForEncodedSignedMarksException
|
||||
extends ParameterValuePolicyErrorException {
|
||||
public Base64RequiredForEncodedSignedMarksException() {
|
||||
super("Encoded signed marks must use base64 encoding");
|
||||
}
|
||||
}
|
||||
|
||||
/** Resource linked to this domain does not exist. */
|
||||
static class LinkedResourcesDoNotExistException extends ObjectDoesNotExistException {
|
||||
public LinkedResourcesDoNotExistException(Class<?> type, ImmutableSet<String> resourceIds) {
|
||||
|
|
@ -1162,91 +1053,6 @@ public class DomainFlowUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/** Signed mark data is improperly encoded. */
|
||||
static class SignedMarkEncodingErrorException extends ParameterValueSyntaxErrorException {
|
||||
public SignedMarkEncodingErrorException() {
|
||||
super("Signed mark data is improperly encoded");
|
||||
}
|
||||
}
|
||||
|
||||
/** Error while parsing encoded signed mark data. */
|
||||
static class SignedMarkParsingErrorException extends ParameterValueSyntaxErrorException {
|
||||
public SignedMarkParsingErrorException() {
|
||||
super("Error while parsing encoded signed mark data");
|
||||
}
|
||||
}
|
||||
|
||||
/** Invalid signature on a signed mark. */
|
||||
static class SignedMarkSignatureException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkSignatureException() {
|
||||
super("Signed mark signature is invalid");
|
||||
}
|
||||
}
|
||||
|
||||
/** Invalid signature on a signed mark. */
|
||||
static class SignedMarkCertificateSignatureException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateSignatureException() {
|
||||
super("Signed mark certificate not signed by ICANN");
|
||||
}
|
||||
}
|
||||
|
||||
/** Certificate used in signed mark signature was revoked by ICANN. */
|
||||
static class SignedMarkCertificateRevokedException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateRevokedException() {
|
||||
super("Signed mark certificate was revoked");
|
||||
}
|
||||
}
|
||||
|
||||
/** Certificate used in signed mark signature has expired. */
|
||||
static class SignedMarkCertificateExpiredException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateExpiredException() {
|
||||
super("Signed mark certificate has expired");
|
||||
}
|
||||
}
|
||||
|
||||
/** Certificate used in signed mark signature has expired. */
|
||||
static class SignedMarkCertificateNotYetValidException
|
||||
extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateNotYetValidException() {
|
||||
super("Signed mark certificate not yet valid");
|
||||
}
|
||||
}
|
||||
|
||||
/** Certificate parsing error, or possibly a bad provider or algorithm. */
|
||||
static class SignedMarkCertificateInvalidException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateInvalidException() {
|
||||
super("Signed mark certificate is invalid");
|
||||
}
|
||||
}
|
||||
|
||||
/** Signed mark data is revoked. */
|
||||
static class SignedMarkRevokedErrorException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkRevokedErrorException() {
|
||||
super("SMD has been revoked");
|
||||
}
|
||||
}
|
||||
|
||||
/** Only one signed mark is allowed per application. */
|
||||
static class TooManySignedMarksException extends ParameterValuePolicyErrorException {
|
||||
public TooManySignedMarksException() {
|
||||
super("Only one signed mark is allowed per application");
|
||||
}
|
||||
}
|
||||
|
||||
/** Signed marks must be encoded. */
|
||||
static class SignedMarksMustBeEncodedException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarksMustBeEncodedException() {
|
||||
super("Signed marks must be encoded");
|
||||
}
|
||||
}
|
||||
|
||||
/** The provided mark does not match the desired domain label. */
|
||||
static class NoMarksFoundMatchingDomainException extends RequiredParameterMissingException {
|
||||
public NoMarksFoundMatchingDomainException() {
|
||||
super("The provided mark does not match the desired domain label");
|
||||
}
|
||||
}
|
||||
|
||||
/** Unknown fee command name. */
|
||||
static class UnknownFeeCommandException extends ParameterValuePolicyErrorException {
|
||||
UnknownFeeCommandException(String commandName) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue