mirror of
https://github.com/google/nomulus.git
synced 2025-05-02 13:07:50 +02:00
315e6d57bf
This makes it harder to use it incorrectly by accident. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=181795813
135 lines
6.1 KiB
Java
135 lines
6.1 KiB
Java
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google.registry.flows.domain;
|
|
|
|
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|
import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
|
|
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
|
import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
|
|
import static google.registry.flows.domain.DomainFlowUtils.validateDomainNameWithIdnTables;
|
|
import static google.registry.flows.domain.DomainFlowUtils.verifyClaimsPeriodNotEnded;
|
|
import static google.registry.flows.domain.DomainFlowUtils.verifyNotInPredelegation;
|
|
import static google.registry.model.domain.launch.LaunchPhase.CLAIMS;
|
|
|
|
import com.google.common.collect.ImmutableList;
|
|
import com.google.common.collect.ImmutableSet;
|
|
import com.google.common.net.InternetDomainName;
|
|
import google.registry.config.RegistryConfig.Config;
|
|
import google.registry.flows.EppException;
|
|
import google.registry.flows.EppException.CommandUseErrorException;
|
|
import google.registry.flows.ExtensionManager;
|
|
import google.registry.flows.Flow;
|
|
import google.registry.flows.FlowModule.ClientId;
|
|
import google.registry.flows.FlowModule.Superuser;
|
|
import google.registry.flows.annotations.ReportingSpec;
|
|
import google.registry.model.domain.DomainCommand.Check;
|
|
import google.registry.model.domain.launch.LaunchCheckExtension;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheck;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheckName;
|
|
import google.registry.model.domain.token.AllocationTokenExtension;
|
|
import google.registry.model.eppinput.EppInput;
|
|
import google.registry.model.eppinput.ResourceCommand;
|
|
import google.registry.model.eppoutput.EppResponse;
|
|
import google.registry.model.registry.Registry;
|
|
import google.registry.model.registry.Registry.TldState;
|
|
import google.registry.model.reporting.IcannReportingTypes.ActivityReportField;
|
|
import google.registry.model.tmch.ClaimsListShard;
|
|
import google.registry.util.Clock;
|
|
import java.util.HashSet;
|
|
import java.util.List;
|
|
import java.util.Set;
|
|
import javax.inject.Inject;
|
|
import org.joda.time.DateTime;
|
|
|
|
/**
|
|
* An EPP flow that checks whether domain labels are trademarked.
|
|
*
|
|
* @error {@link google.registry.flows.exceptions.TooManyResourceChecksException}
|
|
* @error {@link DomainFlowUtils.BadCommandForRegistryPhaseException}
|
|
* @error {@link DomainFlowUtils.ClaimsPeriodEndedException}
|
|
* @error {@link DomainFlowUtils.NotAuthorizedForTldException}
|
|
* @error {@link DomainFlowUtils.TldDoesNotExistException}
|
|
* @error {@link DomainClaimsCheckNotAllowedInSunrise}
|
|
* @error {@link DomainClaimsCheckNotAllowedWithAllocationTokens}
|
|
*/
|
|
@ReportingSpec(ActivityReportField.DOMAIN_CHECK) // Claims check is a special domain check.
|
|
public final class DomainClaimsCheckFlow implements Flow {
|
|
|
|
@Inject ExtensionManager extensionManager;
|
|
@Inject EppInput eppInput;
|
|
@Inject ResourceCommand resourceCommand;
|
|
@Inject @ClientId String clientId;
|
|
@Inject @Superuser boolean isSuperuser;
|
|
@Inject Clock clock;
|
|
@Inject @Config("maxChecks") int maxChecks;
|
|
@Inject EppResponse.Builder responseBuilder;
|
|
|
|
@Inject
|
|
DomainClaimsCheckFlow() {}
|
|
|
|
@Override
|
|
public EppResponse run() throws EppException {
|
|
extensionManager.register(LaunchCheckExtension.class, AllocationTokenExtension.class);
|
|
extensionManager.validate();
|
|
validateClientIsLoggedIn(clientId);
|
|
if (eppInput.getSingleExtension(AllocationTokenExtension.class).isPresent()) {
|
|
throw new DomainClaimsCheckNotAllowedWithAllocationTokens();
|
|
}
|
|
List<String> targetIds = ((Check) resourceCommand).getTargetIds();
|
|
verifyTargetIdCount(targetIds, maxChecks);
|
|
Set<String> seenTlds = new HashSet<>();
|
|
ImmutableList.Builder<LaunchCheck> launchChecksBuilder = new ImmutableList.Builder<>();
|
|
for (String targetId : ImmutableSet.copyOf(targetIds)) {
|
|
InternetDomainName domainName = validateDomainName(targetId);
|
|
validateDomainNameWithIdnTables(domainName);
|
|
String tld = domainName.parent().toString();
|
|
// Only validate access to a TLD the first time it is encountered.
|
|
if (seenTlds.add(tld)) {
|
|
if (!isSuperuser) {
|
|
checkAllowedAccessToTld(clientId, tld);
|
|
Registry registry = Registry.get(tld);
|
|
DateTime now = clock.nowUtc();
|
|
verifyNotInPredelegation(registry, now);
|
|
if (registry.getTldState(now) == TldState.SUNRISE) {
|
|
throw new DomainClaimsCheckNotAllowedInSunrise();
|
|
}
|
|
verifyClaimsPeriodNotEnded(registry, now);
|
|
}
|
|
}
|
|
String claimKey = ClaimsListShard.get().getClaimKey(domainName.parts().get(0));
|
|
launchChecksBuilder.add(
|
|
LaunchCheck.create(
|
|
LaunchCheckName.create(claimKey != null, targetId), claimKey));
|
|
}
|
|
return responseBuilder
|
|
.setOnlyExtension(LaunchCheckResponseExtension.create(CLAIMS, launchChecksBuilder.build()))
|
|
.build();
|
|
}
|
|
|
|
/** Claims checks are not allowed during sunrise. */
|
|
static class DomainClaimsCheckNotAllowedInSunrise extends CommandUseErrorException {
|
|
public DomainClaimsCheckNotAllowedInSunrise() {
|
|
super("Claims checks are not allowed during sunrise");
|
|
}
|
|
}
|
|
|
|
/** Claims checks are not allowed with allocation tokens. */
|
|
static class DomainClaimsCheckNotAllowedWithAllocationTokens extends CommandUseErrorException {
|
|
public DomainClaimsCheckNotAllowedWithAllocationTokens() {
|
|
super("Claims checks are not allowed with allocation tokens");
|
|
}
|
|
}
|
|
}
|