mirror of
https://github.com/google/nomulus.git
synced 2025-05-02 21:17:50 +02:00
ceed5bdd1c
It was nullable all along, but wasn't tagged as such, and thus it was possible to misuse the method from its call sites. Also adds an assertion about no NORDN tasks being enqueued in a failing domain create test for a required signed mark. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=187649865
136 lines
6.1 KiB
Java
136 lines
6.1 KiB
Java
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package google.registry.flows.domain;
|
|
|
|
import static google.registry.flows.FlowUtils.validateClientIsLoggedIn;
|
|
import static google.registry.flows.ResourceFlowUtils.verifyTargetIdCount;
|
|
import static google.registry.flows.domain.DomainFlowUtils.checkAllowedAccessToTld;
|
|
import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
|
|
import static google.registry.flows.domain.DomainFlowUtils.validateDomainNameWithIdnTables;
|
|
import static google.registry.flows.domain.DomainFlowUtils.verifyClaimsPeriodNotEnded;
|
|
import static google.registry.flows.domain.DomainFlowUtils.verifyNotInPredelegation;
|
|
import static google.registry.model.domain.launch.LaunchPhase.CLAIMS;
|
|
|
|
import com.google.common.collect.ImmutableList;
|
|
import com.google.common.collect.ImmutableSet;
|
|
import com.google.common.net.InternetDomainName;
|
|
import google.registry.config.RegistryConfig.Config;
|
|
import google.registry.flows.EppException;
|
|
import google.registry.flows.EppException.CommandUseErrorException;
|
|
import google.registry.flows.ExtensionManager;
|
|
import google.registry.flows.Flow;
|
|
import google.registry.flows.FlowModule.ClientId;
|
|
import google.registry.flows.FlowModule.Superuser;
|
|
import google.registry.flows.annotations.ReportingSpec;
|
|
import google.registry.model.domain.DomainCommand.Check;
|
|
import google.registry.model.domain.launch.LaunchCheckExtension;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheck;
|
|
import google.registry.model.domain.launch.LaunchCheckResponseExtension.LaunchCheckName;
|
|
import google.registry.model.domain.token.AllocationTokenExtension;
|
|
import google.registry.model.eppinput.EppInput;
|
|
import google.registry.model.eppinput.ResourceCommand;
|
|
import google.registry.model.eppoutput.EppResponse;
|
|
import google.registry.model.registry.Registry;
|
|
import google.registry.model.registry.Registry.TldState;
|
|
import google.registry.model.reporting.IcannReportingTypes.ActivityReportField;
|
|
import google.registry.model.tmch.ClaimsListShard;
|
|
import google.registry.util.Clock;
|
|
import java.util.HashSet;
|
|
import java.util.List;
|
|
import java.util.Optional;
|
|
import java.util.Set;
|
|
import javax.inject.Inject;
|
|
import org.joda.time.DateTime;
|
|
|
|
/**
|
|
* An EPP flow that checks whether domain labels are trademarked.
|
|
*
|
|
* @error {@link google.registry.flows.exceptions.TooManyResourceChecksException}
|
|
* @error {@link DomainFlowUtils.BadCommandForRegistryPhaseException}
|
|
* @error {@link DomainFlowUtils.ClaimsPeriodEndedException}
|
|
* @error {@link DomainFlowUtils.NotAuthorizedForTldException}
|
|
* @error {@link DomainFlowUtils.TldDoesNotExistException}
|
|
* @error {@link DomainClaimsCheckNotAllowedInSunrise}
|
|
* @error {@link DomainClaimsCheckNotAllowedWithAllocationTokens}
|
|
*/
|
|
@ReportingSpec(ActivityReportField.DOMAIN_CHECK) // Claims check is a special domain check.
|
|
public final class DomainClaimsCheckFlow implements Flow {
|
|
|
|
@Inject ExtensionManager extensionManager;
|
|
@Inject EppInput eppInput;
|
|
@Inject ResourceCommand resourceCommand;
|
|
@Inject @ClientId String clientId;
|
|
@Inject @Superuser boolean isSuperuser;
|
|
@Inject Clock clock;
|
|
@Inject @Config("maxChecks") int maxChecks;
|
|
@Inject EppResponse.Builder responseBuilder;
|
|
|
|
@Inject
|
|
DomainClaimsCheckFlow() {}
|
|
|
|
@Override
|
|
public EppResponse run() throws EppException {
|
|
extensionManager.register(LaunchCheckExtension.class, AllocationTokenExtension.class);
|
|
extensionManager.validate();
|
|
validateClientIsLoggedIn(clientId);
|
|
if (eppInput.getSingleExtension(AllocationTokenExtension.class).isPresent()) {
|
|
throw new DomainClaimsCheckNotAllowedWithAllocationTokens();
|
|
}
|
|
List<String> targetIds = ((Check) resourceCommand).getTargetIds();
|
|
verifyTargetIdCount(targetIds, maxChecks);
|
|
Set<String> seenTlds = new HashSet<>();
|
|
ImmutableList.Builder<LaunchCheck> launchChecksBuilder = new ImmutableList.Builder<>();
|
|
for (String targetId : ImmutableSet.copyOf(targetIds)) {
|
|
InternetDomainName domainName = validateDomainName(targetId);
|
|
validateDomainNameWithIdnTables(domainName);
|
|
String tld = domainName.parent().toString();
|
|
// Only validate access to a TLD the first time it is encountered.
|
|
if (seenTlds.add(tld)) {
|
|
if (!isSuperuser) {
|
|
checkAllowedAccessToTld(clientId, tld);
|
|
Registry registry = Registry.get(tld);
|
|
DateTime now = clock.nowUtc();
|
|
verifyNotInPredelegation(registry, now);
|
|
if (registry.getTldState(now) == TldState.SUNRISE) {
|
|
throw new DomainClaimsCheckNotAllowedInSunrise();
|
|
}
|
|
verifyClaimsPeriodNotEnded(registry, now);
|
|
}
|
|
}
|
|
Optional<String> claimKey = ClaimsListShard.get().getClaimKey(domainName.parts().get(0));
|
|
launchChecksBuilder.add(
|
|
LaunchCheck.create(
|
|
LaunchCheckName.create(claimKey.isPresent(), targetId), claimKey.orElse(null)));
|
|
}
|
|
return responseBuilder
|
|
.setOnlyExtension(LaunchCheckResponseExtension.create(CLAIMS, launchChecksBuilder.build()))
|
|
.build();
|
|
}
|
|
|
|
/** Claims checks are not allowed during sunrise. */
|
|
static class DomainClaimsCheckNotAllowedInSunrise extends CommandUseErrorException {
|
|
public DomainClaimsCheckNotAllowedInSunrise() {
|
|
super("Claims checks are not allowed during sunrise");
|
|
}
|
|
}
|
|
|
|
/** Claims checks are not allowed with allocation tokens. */
|
|
static class DomainClaimsCheckNotAllowedWithAllocationTokens extends CommandUseErrorException {
|
|
public DomainClaimsCheckNotAllowedWithAllocationTokens() {
|
|
super("Claims checks are not allowed with allocation tokens");
|
|
}
|
|
}
|
|
}
|