zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-30 17:24:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add new reserved domain creation from allocation tokens mechanism

Browse source 
Note that this gets rid of anchor tenant codes in reserved lists (yay!), which
are no longer valid.  They have to come from allocation tokens now.

This removes support for LRP from domain application create flow (that's fine,
we never used it and I'm going to delete all of LRP later).  It also uses
allocation tokens from EPP authcodes as a fallback, for now, but that will be
removed later once we switch fully to the allocation token mechanism.

This doesn't yet allow registration of RESERVED_FOR_SPECIFIC_USE domains using
the allocation token extension; that will come in the next CL.  Ditto for
showing these reserved domains as available on domain checks when the allocation
token is specified.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=209019617
This commit is contained in:
mcilwain 2018-08-16 11:41:34 -07:00 committed by jianglai
parent 782643ce33
commit d2f849ac0f
19 changed files with 184 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

70
java/google/registry/model/registry/label/ReservedList.java
View file

@ -16,15 +16,12 @@ package google.registry.model.registry.label;
import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static com.google.common.collect.ImmutableSet.toImmutableSet;
import static com.google.common.collect.Iterables.getOnlyElement;
import static google.registry.config.RegistryConfig.getDomainLabelListCacheDuration;
import static google.registry.model.common.EntityGroupRoot.getCrossTldKey;
import static google.registry.model.ofy.ObjectifyService.ofy;
import static google.registry.model.registry.label.ReservationType.FULLY_BLOCKED;
import static google.registry.model.registry.label.ReservationType.NAMESERVER_RESTRICTED;
import static google.registry.model.registry.label.ReservationType.RESERVED_FOR_ANCHOR_TENANT;
import static google.registry.util.CollectionUtils.nullToEmpty;
import static java.util.concurrent.TimeUnit.MILLISECONDS;
import static org.joda.time.DateTimeZone.UTC;
@ -77,12 +74,6 @@ public final class ReservedList
ReservationType reservationType;
/**
* Contains the auth code necessary to register a domain with this label. Note that this field
* will only ever be populated for entries with type RESERVED_FOR_ANCHOR_TENANT.
*/
String authCode;
/**
* Contains a comma-delimited list of the fully qualified hostnames of the nameservers that can
* be set on a domain with this label (only applicable to NAMESERVER_RESTRICTED).
@ -114,34 +105,21 @@ public final class ReservedList
public static ReservedListEntry create(
String label,
ReservationType reservationType,
@Nullable String restrictions,
@Nullable String allowedNameservers,
@Nullable String comment) {
ReservedListEntry.Builder builder =
ReservedListEntry.Builder entry =
new ReservedListEntry.Builder()
.setLabel(label)
.setComment(comment)
.setReservationType(reservationType);
if (restrictions != null) {
checkArgument(
reservationType == RESERVED_FOR_ANCHOR_TENANT
|| reservationType == NAMESERVER_RESTRICTED,
"Only anchor tenant and nameserver restricted reservations "
+ "should have restrictions imposed");
if (reservationType == RESERVED_FOR_ANCHOR_TENANT) {
builder.setAuthCode(restrictions);
} else if (reservationType == NAMESERVER_RESTRICTED) {
builder.setAllowedNameservers(
ImmutableSet.copyOf(Splitter.on(':').trimResults().split(restrictions)));
}
} else {
checkArgument(
reservationType != RESERVED_FOR_ANCHOR_TENANT,
"Anchor tenant reservations must have an auth code configured");
checkArgument(
reservationType != NAMESERVER_RESTRICTED,
"Nameserver restricted reservations must have at least one nameserver configured");
checkArgument(
(reservationType == NAMESERVER_RESTRICTED) ^ (allowedNameservers == null),
"Allowed nameservers must be specified for NAMESERVER_RESTRICTED reservations only");
if (allowedNameservers != null) {
entry.setAllowedNameservers(
ImmutableSet.copyOf(Splitter.on(':').trimResults().split(allowedNameservers)));
}
return builder.build();
return entry.build();
}
private static void checkNameserversAreValid(Set<String> nameservers) {
@ -159,10 +137,6 @@ public final class ReservedList
return reservationType;
}
public String getAuthCode() {
return authCode;
}
public ImmutableSet<String> getAllowedNameservers() {
return ImmutableSet.copyOf(Splitter.on(',').splitToList(allowedNameservers));
}
@ -188,11 +162,6 @@ public final class ReservedList
return this;
}
ReservedListEntry.Builder setAuthCode(String authCode) {
getInstance().authCode = authCode;
return this;
}
ReservedListEntry.Builder setReservationType(ReservationType reservationType) {
getInstance().reservationType = reservationType;
return this;
@ -256,27 +225,6 @@ public final class ReservedList
.collect(toImmutableSet());
}
/**
* Returns true if the given label and TLD is reserved for an anchor tenant, and the given auth
* code matches the one set on the reservation. If there are multiple anchor tenant entries for
* this label, all the auth codes need to be the same and match the given one, otherwise an
* exception is thrown.
*/
public static boolean matchesAnchorTenantReservation(
InternetDomainName domainName, String authCode) {
ImmutableSet<String> domainAuthCodes =
getReservedListEntries(domainName.parts().get(0), domainName.parent().toString())
.stream()
.filter((entry) -> entry.reservationType == RESERVED_FOR_ANCHOR_TENANT)
.map(ReservedListEntry::getAuthCode)
.collect(toImmutableSet());
checkState(
domainAuthCodes.size() <= 1, "There are conflicting auth codes for domain: %s", domainName);
return !domainAuthCodes.isEmpty() && getOnlyElement(domainAuthCodes).equals(authCode);
}
/**
* Returns the set of nameservers that can be set on the given domain.
*