Update signed marks files and add an expiration test

We'll continue to use injected clocks for the rest of our tests that use signed marks files, so that they don't all fail after the current validity period. The new test TmchTestDataExpirationTest will let us know when the files are expired, so we can update them. All updated test data files come from https://newgtlds.icann.org/en/about/trademark-clearinghouse/registries-registrars ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=202208196
2025-05-16 09:27:16 +02:00 · 2018-06-26 15:42:25 -07:00 · 2018-06-26 15:42:25 -07:00 · 892c1fc707
commit 892c1fc707
parent 11c5d11a29
95 changed files with 6574 additions and 6461 deletions
--- a/java/google/registry/flows/domain/DomainFlowTmchUtils.java
+++ b/java/google/registry/flows/domain/DomainFlowTmchUtils.java
@ -63,11 +63,21 @@ public final class DomainFlowTmchUtils {
    if (!(signedMarks.get(0) instanceof EncodedSignedMark)) {
      throw new SignedMarksMustBeEncodedException();
    }
-    return verifyEncodedSignedMark((EncodedSignedMark) signedMarks.get(0), domainLabel, now);
+    SignedMark signedMark =
+        verifyEncodedSignedMark((EncodedSignedMark) signedMarks.get(0), now);
+    return verifySignedMarkValidForDomainLabel(signedMark, domainLabel);
  }

-  public SignedMark verifyEncodedSignedMark(
-      EncodedSignedMark encodedSignedMark, String domainLabel, DateTime now) throws EppException {
+  public SignedMark verifySignedMarkValidForDomainLabel(SignedMark signedMark, String domainLabel)
+      throws NoMarksFoundMatchingDomainException {
+    if (!containsMatchingLabel(signedMark.getMark(), domainLabel)) {
+      throw new NoMarksFoundMatchingDomainException();
+    }
+    return signedMark;
+  }
+
+  public SignedMark verifyEncodedSignedMark(EncodedSignedMark encodedSignedMark, DateTime now)
+      throws EppException {
    if (!encodedSignedMark.getEncoding().equals("base64")) {
      throw new Base64RequiredForEncodedSignedMarksException();
    }
@ -118,10 +128,6 @@ public final class DomainFlowTmchUtils {
      throw new FoundMarkExpiredException();
    }

-    if (!containsMatchingLabel(signedMark.getMark(), domainLabel)) {
-      throw new NoMarksFoundMatchingDomainException();
-    }
-
    return signedMark;
  }

--- a/java/google/registry/tmch/icann-tmch-pilot.crl
+++ b/java/google/registry/tmch/icann-tmch-pilot.crl
@ -1,15 +1,19 @@
 -----BEGIN X509 CRL-----
-MIICVDCCATwCAQEwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxPDA6BgNV
+MIIDADCCAegCAQEwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxPDA6BgNV
 BAoTM0ludGVybmV0IENvcnBvcmF0aW9uIGZvciBBc3NpZ25lZCBOYW1lcyBhbmQg
 TnVtYmVyczEvMC0GA1UEAxMmSUNBTk4gVHJhZGVtYXJrIENsZWFyaW5naG91c2Ug
-UGlsb3QgQ0EXDTEzMDcwOTAwMDAwMFoXDTE4MDYyNTIzNTk1OVowWzBZAiAusBt6
-+hp7nbLd/oLa0HRKfentcmbRPTYWiDEoJ82FexcNMTMwNzA5MjIwMzIwWjAmMAoG
-A1UdFQQDCgEBMBgGA1UdGAQRGA8yMDEzMDcwOTIxMjcwMFqgLzAtMB8GA1UdIwQY
-MBaAFMOtPqbWEQBFgFw6V0qKbdwxDZ5xMAoGA1UdFAQDAgECMA0GCSqGSIb3DQEB
-CwUAA4IBAQCa3ZHr/qihqZ/M6Eo9SQ2G2dkvT6cs1L71YkiGmCpZdWvYm99sJ3yj
-iLe00vEyLWCPcq/qmgmhM0+Ou8ZHZ2nw2f4mzkjRwpzUn8oNMd5FHwlhpcRXHyjH
-DhPbX1a5xITPZj9UUq0Lhk+bciCtC+G/jtEIuaIWL5bW1KER+FxI3Tt3888xx17W
-0QoQiXEHltjl9zTj09YiVb4usGOQysLzAbhnyG5IBDBn11gWwx/g7rcXFO/z0KIp
-h3rKk5noar/kpp/qAzNDyByMfD2uJtHnxHLrafsK3HY6CDLCp6GqLNSA5zxSjVOq
-3sEaZYxI0Fg5DqBuN7efSCbM9bwFTYMy
+UGlsb3QgQ0EXDTE4MDMwMTAwMDAwMFoXDTIzMDMzMTIzNTk1OVowggEFMFkCIC6w
+G3r6Gnudst3+gtrQdEp96e1yZtE9NhaIMSgnzYV7Fw0xMzA3MDkyMjAzMjBaMCYw
+GAYDVR0YBBEYDzIwMTMwNzA5MjEyNzAwWjAKBgNVHRUEAwoBATBZAiAusBt6+hp7
+nbLd/oLa0HRKfentcmbRPTYWiDEoJ82FlRcNMTcwODA2MjIxOTM2WjAmMBgGA1Ud
+GAQRGA8yMDE3MDcyNDAwMDAwMFowCgYDVR0VBAMKAQEwTQIgLrAbevoae52y3f6C
+2tB0Sn3p7XJm0T02FogxKCfNhZgXDTE4MDMwMTAzNDIyN1owGjAYBgNVHRgEERgP
+MjAxODAzMDEwMzQyMDBaoC8wLTAfBgNVHSMEGDAWgBTDrT6m1hEARYBcOldKim3c
+MQ2ecTAKBgNVHRQEAwIBDDANBgkqhkiG9w0BAQsFAAOCAQEAwAUDJBLDPNBbfPkO
+jEeBcwltyS/cESQH9zoa5RblmofHWX99n5AtH9F8ewlqAvVIX+3NRrw7/qVcEwAc
+lSXUCoKeC3dJiSyAvs8aOGmhPZ1MqWnvfWxyjeRuEfesvq1aZSRedQtngSUxufpz
+y7nOtBJPNcZfZV0C32L0xC37TeNM2yLWYwYO5cHwfVT7suR2tzJxY6aU+eosaoPb
+dwG4hi4vRYHi/NWisOUqaUt0DlRSRbTBLxhZfT79Pz8QNj+WqbP7HmiBsrfUWr1m
+oQMAet0LuNtMA9fZFx8C6FGTJAg8pmBeUk7EdEA+OGwxy6DaIhmUiVnIswh2JJYJ
+yYj76w==
 -----END X509 CRL-----
--- a/java/google/registry/tmch/icann-tmch.crl
+++ b/java/google/registry/tmch/icann-tmch.crl
@ -2,12 +2,12 @@
 MIIB8DCB2QIBATANBgkqhkiG9w0BAQsFADB2MQswCQYDVQQGEwJVUzE8MDoGA1UE
 ChMzSW50ZXJuZXQgQ29ycG9yYXRpb24gZm9yIEFzc2lnbmVkIE5hbWVzIGFuZCBO
 dW1iZXJzMSkwJwYDVQQDEyBJQ0FOTiBUcmFkZW1hcmsgQ2xlYXJpbmdob3VzZSBD
-QRcNMTYxMTIzMTgyODAwWhcNMTcwNDA2MjM1OTAwWqAvMC0wHwYDVR0jBBgwFoAU
-XMDxlizKTFsp8UB00xs2PkfUbgQwCgYDVR0UBAMCAQgwDQYJKoZIhvcNAQELBQAD
-ggEBACXagB6BAEnv8F9kVjr3dl694YJT6jPCzK/tWUHi4zNQygzGoq6dVRkl0/0Z
-5YYdx5p7zb4Ppr29GIbh5cyf1PG6w/2qTSP3vDad6/QDdeKuoB7Y95FwRMxXI5G4
-+VjWlAandQLlTfL8m7Ys2p5uSLjk8QJCz6ZxyzCSwBnx8CWUv2Usrkh6cWQISWLx
-7EfJ61C55ImBA1gtxq01k9LsyA+aPyaVeZOO1xLwOrLZDxP7ufXSzX/P1gUyEm37
-plHA4jqmgktlFCP6GaWRenYGH6ggschNIaHxosLNh7KGY7up/3yVNMxFJrR/zOQP
-D9uClW69TzYTPXIT45EE2DMhroI=
+QRcNMTgwMzAxMDAwMDAwWhcNMTgxMDA3MjM1OTU5WqAvMC0wHwYDVR0jBBgwFoAU
+XMDxlizKTFsp8UB00xs2PkfUbgQwCgYDVR0UBAMCAQswDQYJKoZIhvcNAQELBQAD
+ggEBAGhvQtqENy2Ga+nGg6kZRCzEWKy481v111Iycku/qL5aUlqSL5BkQst2Czaq
+xdKRSxKHkMaTChoezSaw5huOTd0prdSXVHPg/tmjxyuuS2pqWpuAICkrG06FgXgh
+AG5YCHt2DvCjeA9F3TMmbOkCMILQ/x+vsyg6Yv4Oiz8rFbFcUMntUKSrymt4dKpk
+S78CTkHH/3M3YNxZCo8JPwaQohC3Rck4M30Pg8C0qC9jjSrudA6hCa4223U6aZwC
+Kz3LNXdkqGWlDJPTf0YWwnT4ZyO7KKXVuEbPzg187htz3Jcr6b0x1UUoHGAkOv7i
+W4IwhPbUJ14/7pUuUef6airQUw8=
 -----END X509 CRL-----
--- a/java/google/registry/tools/UpdateSmdCommand.java
+++ b/java/google/registry/tools/UpdateSmdCommand.java
@ -29,6 +29,7 @@ import google.registry.flows.domain.DomainFlowTmchUtils;
 import google.registry.model.domain.DomainApplication;
 import google.registry.model.reporting.HistoryEntry;
 import google.registry.model.smd.EncodedSignedMark;
+import google.registry.model.smd.SignedMark;
 import google.registry.tools.Command.RemoteApiCommand;
 import google.registry.tools.params.PathParameter;
 import java.nio.file.Files;
@ -92,9 +93,10 @@ final class UpdateSmdCommand implements RemoteApiCommand {
        "Can't update SMD on a landrush application.");

    // Verify the new SMD.
-    String domainLabel = InternetDomainName.from(domainApplication.getFullyQualifiedDomainName())
-        .parts().get(0);
-    tmchUtils.verifyEncodedSignedMark(encodedSignedMark, domainLabel, now);
+    String domainLabel =
+        InternetDomainName.from(domainApplication.getFullyQualifiedDomainName()).parts().get(0);
+    SignedMark signedMark = tmchUtils.verifyEncodedSignedMark(encodedSignedMark, now);
+    tmchUtils.verifySignedMarkValidForDomainLabel(signedMark, domainLabel);

    DomainApplication updatedApplication = domainApplication.asBuilder()
        .setEncodedSignedMarks(ImmutableList.of(encodedSignedMark))
--- a/java/google/registry/util/X509Utils.java
+++ b/java/google/registry/util/X509Utils.java
@ -31,6 +31,7 @@ import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CRLException;
+import java.security.cert.CRLReason;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
 import java.security.cert.CertificateParsingException;
@ -40,6 +41,7 @@ import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.NoSuchElementException;
+import java.util.Optional;
 import javax.annotation.Tainted;

 /** X.509 Public Key Infrastructure (PKI) helper functions. */
@ -146,7 +148,7 @@ public final class X509Utils {
      X509CRLEntry entry = crl.getRevokedCertificate(cert);
      throw new CertificateRevokedException(
          checkNotNull(entry.getRevocationDate(), "revocationDate"),
-          checkNotNull(entry.getRevocationReason(), "revocationReason"),
+          Optional.ofNullable(entry.getRevocationReason()).orElse(CRLReason.UNSPECIFIED),
          firstNonNull(entry.getCertificateIssuer(), crl.getIssuerX500Principal()),
          ImmutableMap.of());
    }