mirror of
https://github.com/google/nomulus.git
synced 2025-05-14 00:17:20 +02:00
Return more informative errors when signed mark is invalid at this time
A "mark" tells us that the holder owns the trademark for a given domain name. It is signed for authentication. If the signature's certificate is either "not yet valid" or "expired", we return explicit errors to that effect. But in addition to the signature's certificate, the mark itself might not be valid yet or already expired. Right now if that happens - we return an error saying "the mark doesn't match the domain name". That is wrong - as the mark can match the domain name, just be expired. Returning "the mark doesn't match the domain name" in that case is misleading. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=190069976
This commit is contained in:
guyben
jianglai
parent
27dedf316b
commit
b5ae37c5cc
6 changed files with 61 additions and 7 deletions
|
|
@ -16,7 +16,6 @@ package google.registry.flows.domain;
|
|||
|
||||
import static com.google.common.collect.Iterables.concat;
|
||||
import static google.registry.flows.EppXmlTransformer.unmarshal;
|
||||
import static google.registry.util.DateTimeUtils.isAtOrAfter;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import google.registry.flows.EppException;
|
||||
|
|
@ -111,11 +110,18 @@ public final class DomainFlowTmchUtils {
|
|||
throw new SignedMarkParsingErrorException();
|
||||
}
|
||||
|
||||
if (!(isAtOrAfter(now, signedMark.getCreationTime())
|
||||
&& now.isBefore(signedMark.getExpirationTime())
|
||||
&& containsMatchingLabel(signedMark.getMark(), domainLabel))) {
|
||||
if (now.isBefore(signedMark.getCreationTime())) {
|
||||
throw new FoundMarkNotYetValidException();
|
||||
}
|
||||
|
||||
if (now.isAfter(signedMark.getExpirationTime())) {
|
||||
throw new FoundMarkExpiredException();
|
||||
}
|
||||
|
||||
if (!containsMatchingLabel(signedMark.getMark(), domainLabel)) {
|
||||
throw new NoMarksFoundMatchingDomainException();
|
||||
}
|
||||
|
||||
return signedMark;
|
||||
}
|
||||
|
||||
|
|
@ -150,6 +156,20 @@ public final class DomainFlowTmchUtils {
|
|||
}
|
||||
}
|
||||
|
||||
/** The provided mark is not yet valid. */
|
||||
static class FoundMarkNotYetValidException extends ParameterValuePolicyErrorException {
|
||||
public FoundMarkNotYetValidException() {
|
||||
super("The provided mark is not yet valid");
|
||||
}
|
||||
}
|
||||
|
||||
/** The provided mark has expired. */
|
||||
static class FoundMarkExpiredException extends ParameterValuePolicyErrorException {
|
||||
public FoundMarkExpiredException() {
|
||||
super("The provided mark has expired");
|
||||
}
|
||||
}
|
||||
|
||||
/** Certificate used in signed mark signature was revoked by ICANN. */
|
||||
static class SignedMarkCertificateRevokedException extends ParameterValuePolicyErrorException {
|
||||
public SignedMarkCertificateRevokedException() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue