Return more informative errors when signed mark is invalid at this time

A "mark" tells us that the holder owns the trademark for a given domain name. It is signed for authentication. If the signature's certificate is either "not yet valid" or "expired", we return explicit errors to that effect. But in addition to the signature's certificate, the mark itself might not be valid yet or already expired. Right now if that happens - we return an error saying "the mark doesn't match the domain name". That is wrong - as the mark can match the domain name, just be expired. Returning "the mark doesn't match the domain name" in that case is misleading. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=190069976
2025-08-05 01:11:50 +02:00 · 2018-03-22 08:39:47 -07:00 · 2018-03-22 08:39:47 -07:00 · b5ae37c5cc
commit b5ae37c5cc
parent 27dedf316b
6 changed files with 61 additions and 7 deletions
--- a/docs/flows.md
+++ b/docs/flows.md
@ -330,6 +330,8 @@ An EPP flow that creates a new application for a domain resource.
        phase.
    *   Domain labels cannot begin with a dash.
    *   Missing type attribute for contact.
+    *   The provided mark is not yet valid.
+    *   The provided mark has expired.
    *   Signed marks must be encoded.
    *   Certificate used in signed mark signature has expired.
    *   Certificate parsing error, or possibly a bad provider or algorithm.
@ -580,6 +582,8 @@ An EPP flow that creates a new domain resource.
 *   2305
    *   The allocation token was already redeemed.
 *   2306
+    *   The provided mark is not yet valid.
+    *   The provided mark has expired.
    *   Domain names can only contain a-z, 0-9, '.' and '-'.
    *   Periods for domain registrations must be specified in years.
    *   The requested fees cannot be provided in the requested currency.