Don't allow setting reserved lists with conflicting auth codes

This is an error condition that will soon throw an exception when attempting to register the domain name, so it's good to let the registry operator know of the error when it is first introduced. Unfortunately there's still a backdoor that allows duplicate labels that's harder to protect against (that this commit doesn't cover): the case where reserved lists are already applied to a TLD, then one of the reserved lists is updated to add another auth code, which then conflicts with one on a different reserved list. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=149443007
2025-08-05 09:21:49 +02:00 · 2017-03-07 11:28:41 -08:00 · 2017-03-07 11:28:41 -08:00 · ce4f3c0d56
commit ce4f3c0d56
parent 5d4287a375
4 changed files with 74 additions and 12 deletions
--- a/javatests/google/registry/model/registry/RegistryTest.java
+++ b/javatests/google/registry/model/registry/RegistryTest.java
@ -48,8 +48,7 @@ import org.junit.Test;
 /** Unit tests for {@link Registry}. */
 public class RegistryTest extends EntityTestCase {

-  @Rule
-  public final ExceptionRule thrown = new ExceptionRule();
+  @Rule public final ExceptionRule thrown = new ExceptionRule();

  Registry registry;

@ -173,6 +172,37 @@ public class RegistryTest extends EntityTestCase {
    assertThat(r.getReservedLists()).isEmpty();
  }

+  @Test
+  public void testSetReservedLists_succeedsWithDuplicateIdenticalAuthCodes() {
+    ReservedList rl1 = persistReservedList(
+        "tld-reserved007",
+        "lol,RESERVED_FOR_ANCHOR_TENANT,identical",
+        "cat,FULLY_BLOCKED");
+    ReservedList rl2 = persistReservedList(
+        "tld-reserved008",
+        "lol,RESERVED_FOR_ANCHOR_TENANT,identical",
+        "tim,FULLY_BLOCKED");
+    Registry registry = Registry.get("tld").asBuilder().setReservedLists(rl1, rl2).build();
+    assertThat(registry.getReservedLists()).containsExactly(Key.create(rl1), Key.create(rl2));
+  }
+
+  @Test
+  public void testSetReservedLists_failsForConflictingAuthCodes() {
+    ReservedList rl1 = persistReservedList(
+        "tld-reserved055",
+        "lol,RESERVED_FOR_ANCHOR_TENANT,conflict1",
+        "cat,FULLY_BLOCKED");
+    ReservedList rl2 = persistReservedList(
+        "tld-reserved056",
+        "lol,RESERVED_FOR_ANCHOR_TENANT,conflict2",
+        "tim,FULLY_BLOCKED");
+    thrown.expect(
+        IllegalArgumentException.class,
+        "auth code conflicts for labels: [lol=[conflict1, conflict2]]");
+    @SuppressWarnings("unused")
+    Registry unused = Registry.get("tld").asBuilder().setReservedLists(rl1, rl2).build();
+  }
+
  @Test
  public void testSetPremiumList() {
    PremiumList pl2 = persistPremiumList("tld2", "lol,USD 50", "cat,USD 700");