// Copyright 2017 The Nomulus Authors. All Rights Reserved. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package google.registry.flows.domain; import static google.registry.flows.FlowUtils.validateClientIsLoggedIn; import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount; import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld; import static google.registry.flows.domain.DomainFlowUtils.validateDomainName; import static google.registry.flows.domain.DomainFlowUtils.validateDomainNameWithIdnTables; import static google.registry.flows.domain.DomainFlowUtils.verifyClaimsPeriodNotEnded; import static google.registry.flows.domain.DomainFlowUtils.verifyNotInPredelegation; import static google.registry.model.domain.launch.LaunchPhase.CLAIMS; import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.common.net.InternetDomainName; import google.registry.config.RegistryConfig.Config; import google.registry.flows.EppException; import google.registry.flows.EppException.CommandUseErrorException; import google.registry.flows.ExtensionManager; import google.registry.flows.Flow; import google.registry.flows.FlowModule.ClientId; import google.registry.flows.FlowModule.Superuser; import google.registry.flows.annotations.ReportingSpec; import google.registry.model.domain.DomainCommand.Check; import google.registry.model.domain.launch.LaunchCheckExtension; import google.registry.model.domain.launch.LaunchCheckResponseExtension; import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheck; import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheckName; import google.registry.model.domain.token.AllocationTokenExtension; import google.registry.model.eppinput.EppInput; import google.registry.model.eppinput.ResourceCommand; import google.registry.model.eppoutput.EppResponse; import google.registry.model.registry.Registry; import google.registry.model.registry.Registry.TldState; import google.registry.model.reporting.IcannReportingTypes.ActivityReportField; import google.registry.model.tmch.ClaimsListShard; import google.registry.util.Clock; import java.util.HashSet; import java.util.List; import java.util.Optional; import java.util.Set; import javax.inject.Inject; import org.joda.time.DateTime; /** * An EPP flow that checks whether domain labels are trademarked. * * @error {@link google.registry.flows.exceptions.TooManyResourceChecksException} * @error {@link DomainFlowUtils.BadCommandForRegistryPhaseException} * @error {@link DomainFlowUtils.ClaimsPeriodEndedException} * @error {@link DomainFlowUtils.NotAuthorizedForTldException} * @error {@link DomainFlowUtils.TldDoesNotExistException} * @error {@link DomainClaimsCheckNotAllowedInSunrise} * @error {@link DomainClaimsCheckNotAllowedWithAllocationTokens} */ @ReportingSpec(ActivityReportField.DOMAIN_CHECK) // Claims check is a special domain check. public final class DomainClaimsCheckFlow implements Flow { @Inject ExtensionManager extensionManager; @Inject EppInput eppInput; @Inject ResourceCommand resourceCommand; @Inject @ClientId String clientId; @Inject @Superuser boolean isSuperuser; @Inject Clock clock; @Inject @Config("maxChecks") int maxChecks; @Inject EppResponse.Builder responseBuilder; @Inject DomainClaimsCheckFlow() {} @Override public EppResponse run() throws EppException { extensionManager.register(LaunchCheckExtension.class, AllocationTokenExtension.class); extensionManager.validate(); validateClientIsLoggedIn(clientId); if (eppInput.getSingleExtension(AllocationTokenExtension.class).isPresent()) { throw new DomainClaimsCheckNotAllowedWithAllocationTokens(); } List targetIds = ((Check) resourceCommand).getTargetIds(); verifyTargetIdCount(targetIds, maxChecks); Set seenTlds = new HashSet<>(); ImmutableList.Builder launchChecksBuilder = new ImmutableList.Builder<>(); for (String targetId : ImmutableSet.copyOf(targetIds)) { InternetDomainName domainName = validateDomainName(targetId); validateDomainNameWithIdnTables(domainName); String tld = domainName.parent().toString(); // Only validate access to a TLD the first time it is encountered. if (seenTlds.add(tld)) { if (!isSuperuser) { checkAllowedAccessToTld(clientId, tld); Registry registry = Registry.get(tld); DateTime now = clock.nowUtc(); verifyNotInPredelegation(registry, now); if (registry.getTldState(now) == TldState.SUNRISE) { throw new DomainClaimsCheckNotAllowedInSunrise(); } verifyClaimsPeriodNotEnded(registry, now); } } Optional claimKey = ClaimsListShard.get().getClaimKey(domainName.parts().get(0)); launchChecksBuilder.add( LaunchCheck.create( LaunchCheckName.create(claimKey.isPresent(), targetId), claimKey.orElse(null))); } return responseBuilder .setOnlyExtension(LaunchCheckResponseExtension.create(CLAIMS, launchChecksBuilder.build())) .build(); } /** Claims checks are not allowed during sunrise. */ static class DomainClaimsCheckNotAllowedInSunrise extends CommandUseErrorException { public DomainClaimsCheckNotAllowedInSunrise() { super("Claims checks are not allowed during sunrise"); } } /** Claims checks are not allowed with allocation tokens. */ static class DomainClaimsCheckNotAllowedWithAllocationTokens extends CommandUseErrorException { public DomainClaimsCheckNotAllowedWithAllocationTokens() { super("Claims checks are not allowed with allocation tokens"); } } }