From 1b3df82fb3df7958640fc389442e18d898f7aa85 Mon Sep 17 00:00:00 2001 From: mcilwain Date: Mon, 10 Sep 2018 12:18:18 -0700 Subject: [PATCH] Allow creation of reserved domains using allocation tokens Unlike anchor tenants, these domains can be registered for any number of years, but only during GA, as third parties cannot register domains pre-GA except through the anchor tenant program. Since this is new functionality, unlike creation of anchor tenants, there is no fallback provided to send codes through the domain authcode; they must be sent using the allocation token extension. And note that, like with anchor tenants, providing the domain-specific allocation token overrides any other reserved types that might apply to that domain. No changes are necessary to the domain application create flow because of the above restriction to GA. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=212310701 --- .../flows/domain/DomainCreateFlow.java | 3 ++- .../flows/domain/DomainFlowUtils.java | 15 ++++++++++--- .../flows/domain/DomainCreateFlowTest.java | 22 ++++++++++++++++++- 3 files changed, 35 insertions(+), 5 deletions(-) diff --git a/java/google/registry/flows/domain/DomainCreateFlow.java b/java/google/registry/flows/domain/DomainCreateFlow.java index 377abc310..71e16f879 100644 --- a/java/google/registry/flows/domain/DomainCreateFlow.java +++ b/java/google/registry/flows/domain/DomainCreateFlow.java @@ -23,6 +23,7 @@ import static google.registry.flows.domain.DomainFlowUtils.cloneAndLinkReference import static google.registry.flows.domain.DomainFlowUtils.createFeeCreateResponse; import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes; import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant; +import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate; import static google.registry.flows.domain.DomainFlowUtils.validateCreateCommandContactsAndNameservers; import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld; import static google.registry.flows.domain.DomainFlowUtils.validateDomainName; @@ -276,7 +277,7 @@ public class DomainCreateFlow implements TransactionalFlow { if (launchCreate.isPresent()) { verifyLaunchPhaseMatchesRegistryPhase(registry, launchCreate.get(), now); } - if (!isAnchorTenant) { + if (!isAnchorTenant && !isValidReservedCreate(domainName, allocationToken)) { verifyNotReserved(domainName, isSunriseCreate); } if (hasClaimsNotice) { diff --git a/java/google/registry/flows/domain/DomainFlowUtils.java b/java/google/registry/flows/domain/DomainFlowUtils.java index dfd7c38f0..cc274f564 100644 --- a/java/google/registry/flows/domain/DomainFlowUtils.java +++ b/java/google/registry/flows/domain/DomainFlowUtils.java @@ -247,9 +247,7 @@ public class DomainFlowUtils { return idnTableName.get(); } - /** - * Returns whether the information for a given domain create request is for a valid anchor tenant. - */ + /** Returns whether a given domain create request is for a valid anchor tenant. */ public static boolean isAnchorTenant( InternetDomainName domainName, Optional token, @@ -278,6 +276,17 @@ public class DomainFlowUtils { return metadataExtension.isPresent() && metadataExtension.get().getIsAnchorTenant(); } + /** Returns whether a given domain create request is for a valid reserved domain. */ + public static boolean isValidReservedCreate( + InternetDomainName domainName, Optional token) { + // If the domain is reserved for specific use, then check if the allocation token exists and + // is for this domain. + return getReservationTypes(domainName).contains(RESERVED_FOR_SPECIFIC_USE) + && token.isPresent() + && token.get().getDomainName().isPresent() + && token.get().getDomainName().get().equals(domainName.toString()); + } + /** Check if the registrar running the flow has access to the TLD in question. */ public static void checkAllowedAccessToTld(String clientId, String tld) throws EppException { if (!Registrar.loadByClientIdCached(clientId).get().getAllowedTlds().contains(tld)) { diff --git a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java index 8b7e43e49..33f417273 100644 --- a/javatests/google/registry/flows/domain/DomainCreateFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainCreateFlowTest.java @@ -189,7 +189,8 @@ public class DomainCreateFlowTest extends ResourceFlowTestCase