RDAP: Change data policy remark for redacted contacts

Changes the code to be in compliance with the RDAP Pilot Profile document,
which specifies:

1.4.11.  If permitted or required by an ICANN agreement provision, waiver, or Consensus Policy, an RDAP response may contain redacted registrant, administrative, technical and/or other contact information. If any information is redacted, the response MUST include a remarks member with title "Data Policy", type "object truncated due to authorization", a description containing the string "Some of the data in this object has been removed" and a links member with the elements rel:alternate and href indicating where the data policy can be found. An entity with redacted information MUST include the "removed" value in the status element.

We were using the "removed" status to indicate deleted contacts and inactive
registrars. Instead, we will now use "inactive", so that we can use "removed"
to indicated redaction.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=185039201

java/google/registry/rdap/RdapIcannStandardInformation.java

@@ -133,13 +133,27 @@ public class RdapIcannStandardInformation {
           "type",
           "object truncated due to unexplainable reasons");
 
-  /** Included when requester is not logged in as the owner of the contact being returned. */
+  /**
+   * Included when requester is not logged in as the owner of the contact being returned. Format
+   * required by ICANN RDAP Pilot Profile draft section 1.4.11.
+   */
   static final ImmutableMap<String, Object> CONTACT_PERSONAL_DATA_HIDDEN_DATA_REMARK =
       ImmutableMap.of(
           "title",
-          "Contact Personal Data Hidden",
+          "Data Policy",
           "description",
-          ImmutableList.of("Contact personal data is visible only to the owning registrar."),
+          ImmutableList.of(
+              "Some of the data in this object has been removed.",
+              "Contact personal data is visible only to the owning registrar."),
           "type",
-          "object truncated due to unexplainable reasons");
+          "object truncated due to authorization",
+          "links",
+          ImmutableList.of(
+              ImmutableMap.of(
+                  "value",
+                      "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+                  "rel", "alternate",
+                  "href",
+                      "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+                  "type", "text/html")));
 }

java/google/registry/rdap/RdapJsonFormatter.java

@@ -272,8 +272,8 @@ public class RdapJsonFormatter {
 
   private static final ImmutableList<String> STATUS_LIST_ACTIVE =
       ImmutableList.of(RdapStatus.ACTIVE.rfc7483String);
-  private static final ImmutableList<String> STATUS_LIST_REMOVED =
+  private static final ImmutableList<String> STATUS_LIST_INACTIVE =
-      ImmutableList.of(RdapStatus.REMOVED.rfc7483String);
+      ImmutableList.of(RdapStatus.INACTIVE.rfc7483String);
   private static final ImmutableMap<String, ImmutableList<String>> PHONE_TYPE_VOICE =
       ImmutableMap.of("type", ImmutableList.of("voice"));
   private static final ImmutableMap<String, ImmutableList<String>> PHONE_TYPE_FAX =
@@ -496,7 +496,9 @@ public class RdapJsonFormatter {
     jsonBuilder.put(
         "status",
         makeStatusValueList(
-            domainResource.getStatusValues(), domainResource.getDeletionTime().isBefore(now)));
+            domainResource.getStatusValues(),
+            false, // isRedacted
+            domainResource.getDeletionTime().isBefore(now)));
     jsonBuilder.put("links", ImmutableList.of(
         makeLink("domain", domainResource.getFullyQualifiedDomainName(), linkBase)));
     boolean displayContacts =
@@ -612,7 +614,10 @@ public class RdapJsonFormatter {
     }
     jsonBuilder.put(
         "status",
-        makeStatusValueList(statuses.build(), hostResource.getDeletionTime().isBefore(now)));
+        makeStatusValueList(
+            statuses.build(),
+            false, // isRedacted
+            hostResource.getDeletionTime().isBefore(now)));
     jsonBuilder.put("links", ImmutableList.of(
         makeLink("nameserver", hostResource.getFullyQualifiedHostName(), linkBase)));
     List<ImmutableMap<String, Object>> remarks;
@@ -691,6 +696,8 @@ public class RdapJsonFormatter {
       DateTime now,
       OutputDataType outputDataType,
       RdapAuthorization authorization) {
+    boolean isAuthorized =
+        authorization.isAuthorizedForClientId(contactResource.getCurrentSponsorClientId());
     ImmutableMap.Builder<String, Object> jsonBuilder = new ImmutableMap.Builder<>();
     ImmutableList.Builder<ImmutableMap<String, Object>> remarksBuilder
         = new ImmutableList.Builder<>();
@@ -702,13 +709,14 @@ public class RdapJsonFormatter {
             isLinked(Key.create(contactResource), now)
                 ? union(contactResource.getStatusValues(), StatusValue.LINKED)
                 : contactResource.getStatusValues(),
+            !isAuthorized,
             contactResource.getDeletionTime().isBefore(now)));
     contactType.ifPresent(
         type -> jsonBuilder.put("roles", ImmutableList.of(convertContactTypeToRdapRole(type))));
     jsonBuilder.put("links",
         ImmutableList.of(makeLink("entity", contactResource.getRepoId(), linkBase)));
     // If we are logged in as the owner of this contact, create the vCard.
-    if (authorization.isAuthorizedForClientId(contactResource.getCurrentSponsorClientId())) {
+    if (isAuthorized) {
       ImmutableList.Builder<Object> vcardBuilder = new ImmutableList.Builder<>();
       vcardBuilder.add(VCARD_ENTRY_VERSION);
       PostalInfo postalInfo = contactResource.getInternationalizedPostalInfo();
@@ -794,7 +802,7 @@ public class RdapJsonFormatter {
     jsonBuilder.put("objectClassName", "entity");
     Long ianaIdentifier = registrar.getIanaIdentifier();
     jsonBuilder.put("handle", (ianaIdentifier == null) ? "(none)" : ianaIdentifier.toString());
-    jsonBuilder.put("status", registrar.isLive() ? STATUS_LIST_ACTIVE : STATUS_LIST_REMOVED);
+    jsonBuilder.put("status", registrar.isLive() ? STATUS_LIST_ACTIVE : STATUS_LIST_INACTIVE);
     jsonBuilder.put("roles", ImmutableList.of(RdapEntityRole.REGISTRAR.rfc7483String));
     if (ianaIdentifier != null) {
       jsonBuilder.put("links",
@@ -1086,20 +1094,24 @@ public class RdapJsonFormatter {
   /**
    * Creates a string array of status values.
    *
-   * <p>The spec indicates that OK should be listed as "active". We use the "removed" status to
+   * <p>The spec indicates that OK should be listed as "active". We use the "inactive" status to
-   * indicate deleted objects.
+   * indicate deleted objects, and as directed by the profile, the "removed" status to indicate
+   * redacted objects.
    */
   private static ImmutableList<String> makeStatusValueList(
-      ImmutableSet<StatusValue> statusValues, boolean isDeleted) {
+      ImmutableSet<StatusValue> statusValues, boolean isRedacted, boolean isDeleted) {
     Stream<RdapStatus> stream =
         statusValues
             .stream()
             .map(status -> statusToRdapStatusMap.getOrDefault(status, RdapStatus.OBSCURED));
+    if (isRedacted) {
+      stream = Streams.concat(stream, Stream.of(RdapStatus.REMOVED));
+    }
     if (isDeleted) {
       stream =
           Streams.concat(
               stream.filter(rdapStatus -> !Objects.equals(rdapStatus, RdapStatus.ACTIVE)),
-              Stream.of(RdapStatus.REMOVED));
+              Stream.of(RdapStatus.INACTIVE));
     }
     return stream
         .map(RdapStatus::getDisplayName)

javatests/google/registry/rdap/RdapEntityActionTest.java

@@ -409,7 +409,7 @@ public class RdapEntityActionTest {
     runSuccessfulTest(
         deletedContact.getRepoId(),
         "",
-        "removed",
+        "inactive",
         "",
         false,
         "rdap_contact_deleted.json");
@@ -422,7 +422,7 @@ public class RdapEntityActionTest {
     runSuccessfulTest(
         deletedContact.getRepoId(),
         "",
-        "removed",
+        "inactive",
         "",
         false,
         "rdap_contact_deleted.json");
@@ -471,7 +471,7 @@ public class RdapEntityActionTest {
     login("deletedregistrar");
     action.includeDeletedParam = Optional.of(true);
     runSuccessfulTest(
-        "104", "Yes Virginia <script>", "removed", null, false, "rdap_registrar.json");
+        "104", "Yes Virginia <script>", "inactive", null, false, "rdap_registrar.json");
   }
 
   @Test
@@ -486,7 +486,7 @@ public class RdapEntityActionTest {
     loginAsAdmin();
     action.includeDeletedParam = Optional.of(true);
     runSuccessfulTest(
-        "104", "Yes Virginia <script>", "removed", null, false, "rdap_registrar.json");
+        "104", "Yes Virginia <script>", "inactive", null, false, "rdap_registrar.json");
   }
 
   @Test

javatests/google/registry/rdap/RdapEntitySearchActionTest.java

@@ -946,7 +946,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
   public void testNameMatchRegistrar_found_inactiveAsSameRegistrar() throws Exception {
     action.includeDeletedParam = Optional.of(true);
     login("2-RegistrarInact");
-    runSuccessfulNameTest("No Way", "21", "No Way", "removed", null, null, "rdap_registrar.json");
+    runSuccessfulNameTest("No Way", "21", "No Way", "inactive", null, null, "rdap_registrar.json");
     verifyMetrics(0);
   }
 
@@ -954,7 +954,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
   public void testNameMatchRegistrar_found_inactiveAsAdmin() throws Exception {
     action.includeDeletedParam = Optional.of(true);
     loginAsAdmin();
-    runSuccessfulNameTest("No Way", "21", "No Way", "removed", null, null, "rdap_registrar.json");
+    runSuccessfulNameTest("No Way", "21", "No Way", "inactive", null, null, "rdap_registrar.json");
     verifyMetrics(0);
   }
 
@@ -1059,7 +1059,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
         "6-ROID",
         "6-ROID",
         "",
-        "removed",
+        "inactive",
         "",
         "",
         "rdap_contact_deleted.json");
@@ -1074,7 +1074,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
         "6-ROID",
         "6-ROID",
         "",
-        "removed",
+        "inactive",
         "",
         "",
         "rdap_contact_deleted.json");
@@ -1106,7 +1106,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
         "6-ROI*",
         "6-ROID",
         "",
-        "removed",
+        "inactive",
         "",
         "",
         "rdap_contact_deleted.json");
@@ -1121,7 +1121,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
         "6-ROI*",
         "6-ROID",
         "",
-        "removed",
+        "inactive",
         "",
         "",
         "rdap_contact_deleted.json");
@@ -1321,7 +1321,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
   public void testHandleMatchRegistrar_found_inactiveAsSameRegistrar() throws Exception {
     action.includeDeletedParam = Optional.of(true);
     login("2-RegistrarInact");
-    runSuccessfulHandleTest("21", "21", "No Way", "removed", null, null, "rdap_registrar.json");
+    runSuccessfulHandleTest("21", "21", "No Way", "inactive", null, null, "rdap_registrar.json");
     verifyMetrics(0);
   }
 
@@ -1329,7 +1329,7 @@ public class RdapEntitySearchActionTest extends RdapSearchActionTestCase {
   public void testHandleMatchRegistrar_found_inactiveAsAdmin() throws Exception {
     action.includeDeletedParam = Optional.of(true);
     loginAsAdmin();
-    runSuccessfulHandleTest("21", "21", "No Way", "removed", null, null, "rdap_registrar.json");
+    runSuccessfulHandleTest("21", "21", "No Way", "inactive", null, null, "rdap_registrar.json");
     verifyMetrics(0);
   }
 }

javatests/google/registry/rdap/RdapNameserverActionTest.java

@@ -384,7 +384,7 @@ public class RdapNameserverActionTest {
                     "HANDLE", "A-ROID",
                     "ADDRESSTYPE", "v4",
                     "ADDRESS", "1.2.3.4",
-                    "STATUS", "removed"),
+                    "STATUS", "inactive"),
                 "rdap_host.json"));
     assertThat(response.getStatus()).isEqualTo(200);
   }
@@ -407,7 +407,7 @@ public class RdapNameserverActionTest {
                     "HANDLE", "A-ROID",
                     "ADDRESSTYPE", "v4",
                     "ADDRESS", "1.2.3.4",
-                    "STATUS", "removed"),
+                    "STATUS", "inactive"),
                 "rdap_host.json"));
     assertThat(response.getStatus()).isEqualTo(200);
   }
@@ -425,7 +425,7 @@ public class RdapNameserverActionTest {
                     "HANDLE", "A-ROID",
                     "ADDRESSTYPE", "v4",
                     "ADDRESS", "1.2.3.4",
-                    "STATUS", "removed"),
+                    "STATUS", "inactive"),
                 "rdap_host.json"));
     assertThat(response.getStatus()).isEqualTo(200);
   }

javatests/google/registry/rdap/RdapTestHelper.java

@@ -69,11 +69,23 @@ public class RdapTestHelper {
       case CONTACT:
         noticesBuilder.add(
             ImmutableMap.of(
-                "title", "Contact Personal Data Hidden",
+                "title", "Data Policy",
                 "description",
                 ImmutableList.of(
+                    "Some of the data in this object has been removed.",
                     "Contact personal data is visible only to the owning registrar."),
-                "type", "object truncated due to unexplainable reasons"));
+                "type", "object truncated due to authorization",
+                "links",
+                ImmutableList.of(
+                    ImmutableMap.of(
+                        "value",
+                        "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+                        "rel",
+                        "alternate",
+                        "href",
+                        "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+                        "type",
+                        "text/html"))));
         break;
       default:
         break;

javatests/google/registry/rdap/testdata/rdap_associated_contact_no_personal_data.json

@@ -1,7 +1,7 @@
 {
   "objectClassName" : "entity",
   "handle" : "%NAME%",
-  "status" : ["active", "associated"],
+  "status" : ["active", "associated", "removed"],
   "links" :
   [
     {

javatests/google/registry/rdap/testdata/rdap_contact_deleted.json

@@ -1,7 +1,7 @@
 {
   "objectClassName" : "entity",
   "handle" : "%NAME%",
-  "status" : ["removed"],
+  "status" : ["inactive"],
   "links" :
   [
     {

javatests/google/registry/rdap/testdata/rdap_contact_no_personal_data_with_remark.json

@@ -1,7 +1,7 @@
 {
   "objectClassName" : "entity",
   "handle" : "%NAME%",
-  "status" : ["active"],
+  "status" : ["active", "removed"],
   "links" :
   [
     {
@@ -24,11 +24,21 @@
   ],
   "remarks": [
     {
-      "title": "Contact Personal Data Hidden",
+      "title": "Data Policy",
       "description": [
+        "Some of the data in this object has been removed.",
         "Contact personal data is visible only to the owning registrar."
       ],
-      "type": "object truncated due to unexplainable reasons"
+      "type": "object truncated due to authorization",
+      "links" :
+      [
+        {
+          "value" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "rel" : "alternate",
+          "href" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "type" : "text/html"
+        }
+      ]
     }
   ]
 }

javatests/google/registry/rdap/testdata/rdap_domain_deleted.json

@@ -3,7 +3,7 @@
     "client delete prohibited",
     "client renew prohibited",
     "client transfer prohibited",
-    "removed",
+    "inactive",
     "server update prohibited"
   ],
   "handle": "%HANDLE%",

javatests/google/registry/rdap/testdata/rdapjson_registrant_logged_out.json

@@ -1,7 +1,7 @@
 {
   "objectClassName" : "entity",
   "handle" : "2-ROID",
-  "status" : ["active", "associated"],
+  "status" : ["active", "associated", "removed"],
   "roles" : ["registrant"],
   "links" :
   [
@@ -25,11 +25,21 @@
   ],
   "remarks": [
     {
-      "title": "Contact Personal Data Hidden",
+      "title": "Data Policy",
       "description": [
+        "Some of the data in this object has been removed.",
         "Contact personal data is visible only to the owning registrar."
       ],
-      "type": "object truncated due to unexplainable reasons"
+      "type": "object truncated due to authorization",
+      "links" :
+      [
+        {
+          "value" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "rel" : "alternate",
+          "href" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "type" : "text/html"
+        }
+      ]
     }
   ]
 }

javatests/google/registry/rdap/testdata/rdapjson_registrant_summary_logged_out.json

@@ -33,11 +33,21 @@
       "type": "object truncated due to unexplainable reasons"
     },
     {
-      "title": "Contact Personal Data Hidden",
+      "title": "Data Policy",
       "description": [
+        "Some of the data in this object has been removed.",
         "Contact personal data is visible only to the owning registrar."
       ],
-      "type": "object truncated due to unexplainable reasons"
+      "type": "object truncated due to authorization",
+      "links" :
+      [
+        {
+          "value" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "rel" : "alternate",
+          "href" : "https://github.com/google/nomulus/blob/master/docs/rdap.md#authentication",
+          "type" : "text/html"
+        }
+      ]
     }
   ]
 }