Revert "Add RST support in Sandbox (#2917)" (#2982)

PR 2917 added two `get(tld)` methods to ClaimsListDao and
SignedMarkRevocationList so that RST test TLDs can have separate claims
and smdr lists.

RST tests are completed and this functionality is no longer needed. we
are replaceing all invocations of the above to `get()`.

core/src/main/java/google/registry/flows/domain/DomainClaimsCheckFlow.java

@@ -108,8 +108,7 @@ public final class DomainClaimsCheckFlow implements TransactionalFlow {
           verifyClaimsPeriodNotEnded(tld, now);
         }
       }
-      Optional<String> claimKey =
-          ClaimsListDao.get(tldStr).getClaimKey(parsedDomain.parts().get(0));
+      Optional<String> claimKey = ClaimsListDao.get().getClaimKey(parsedDomain.parts().get(0));
       launchChecksBuilder.add(
           LaunchCheck.create(
               LaunchCheckName.create(claimKey.isPresent(), domainName), claimKey.orElse(null)));

core/src/main/java/google/registry/flows/domain/DomainCreateFlow.java

@@ -279,7 +279,7 @@ public final class DomainCreateFlow implements MutatingFlow {
       checkAllowedAccessToTld(registrarId, tld.getTldStr());
       checkHasBillingAccount(registrarId, tld.getTldStr());
       boolean isValidReservedCreate = isValidReservedCreate(domainName, allocationToken);
-      ClaimsList claimsList = ClaimsListDao.get(tld.getTldStr());
+      ClaimsList claimsList = ClaimsListDao.get();
       verifyIsGaOrSpecialCase(
           tld,
           claimsList,
@@ -311,8 +311,7 @@ public final class DomainCreateFlow implements MutatingFlow {
       // at this point so that we can verify it before the "after validation" extension point.
       signedMarkId =
           tmchUtils
-              .verifySignedMarks(
-                  tld.getTldStr(), launchCreate.get().getSignedMarks(), domainLabel, now)
+              .verifySignedMarks(launchCreate.get().getSignedMarks(), domainLabel, now)
               .getId();
     }
     verifyNotBlockedByBsa(domainName, tld, now, allocationToken);

core/src/main/java/google/registry/flows/domain/DomainFlowTmchUtils.java

@@ -55,7 +55,7 @@ public final class DomainFlowTmchUtils {
   }
 
   public SignedMark verifySignedMarks(
-      String tld, ImmutableList<AbstractSignedMark> signedMarks, String domainLabel, DateTime now)
+      ImmutableList<AbstractSignedMark> signedMarks, String domainLabel, DateTime now)
       throws EppException {
     if (signedMarks.size() > 1) {
       throw new TooManySignedMarksException();
@@ -63,8 +63,7 @@ public final class DomainFlowTmchUtils {
     if (!(signedMarks.get(0) instanceof EncodedSignedMark)) {
       throw new SignedMarksMustBeEncodedException();
     }
-    SignedMark signedMark =
-        verifyEncodedSignedMark(tld, (EncodedSignedMark) signedMarks.get(0), now);
+    SignedMark signedMark = verifyEncodedSignedMark((EncodedSignedMark) signedMarks.get(0), now);
     return verifySignedMarkValidForDomainLabel(signedMark, domainLabel);
   }
 
@@ -76,9 +75,8 @@ public final class DomainFlowTmchUtils {
     return signedMark;
   }
 
-  // TODO(b/412715713): remove the tld parameter when RST completes.
-  public SignedMark verifyEncodedSignedMark(
-      String tld, EncodedSignedMark encodedSignedMark, DateTime now) throws EppException {
+  public SignedMark verifyEncodedSignedMark(EncodedSignedMark encodedSignedMark, DateTime now)
+      throws EppException {
     if (!encodedSignedMark.getEncoding().equals("base64")) {
       throw new Base64RequiredForEncodedSignedMarksException();
     }
@@ -96,7 +94,7 @@ public final class DomainFlowTmchUtils {
       throw new SignedMarkParsingErrorException();
     }
 
-    if (SignedMarkRevocationList.get(tld).isSmdRevoked(signedMark.getId(), now)) {
+    if (SignedMarkRevocationList.get().isSmdRevoked(signedMark.getId(), now)) {
       throw new SignedMarkRevokedErrorException();
     }
 

core/src/main/java/google/registry/model/smd/SignedMarkRevocationList.java

@@ -21,7 +21,6 @@ import static google.registry.util.DateTimeUtils.isBeforeOrAt;
 import com.google.common.base.Supplier;
 import com.google.common.collect.ImmutableMap;
 import google.registry.model.ImmutableObject;
-import google.registry.tmch.RstTmchUtils;
 import jakarta.persistence.CollectionTable;
 import jakarta.persistence.Column;
 import jakarta.persistence.ElementCollection;
@@ -72,11 +71,6 @@ public class SignedMarkRevocationList extends ImmutableObject {
     return CACHE.get();
   }
 
-  // TODO(b/412715713): remove the tld parameter when RST completes.
-  public static SignedMarkRevocationList get(String tld) {
-    return RstTmchUtils.getSmdrList(tld).orElseGet(SignedMarkRevocationList::get);
-  }
-
   /** Create a new {@link SignedMarkRevocationList} without saving it. */
   public static SignedMarkRevocationList create(
       DateTime creationTime, ImmutableMap<String, DateTime> revokes) {

core/src/main/java/google/registry/model/tmch/ClaimsListDao.java

@@ -22,7 +22,6 @@ import com.github.benmanes.caffeine.cache.LoadingCache;
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.collect.ImmutableMap;
 import google.registry.model.CacheUtils;
-import google.registry.tmch.RstTmchUtils;
 import java.time.Duration;
 import java.util.Optional;
 
@@ -73,11 +72,6 @@ public class ClaimsListDao {
     return CACHE.get(ClaimsListDao.class);
   }
 
-  // TODO(b/412715713): remove the tld parameter when RST completes.
-  public static ClaimsList get(String tld) {
-    return RstTmchUtils.getClaimsList(tld).orElseGet(ClaimsListDao::get);
-  }
-
   /**
    * Returns the most recent revision of the {@link ClaimsList} in SQL or an empty list if it
    * doesn't exist.

core/src/main/java/google/registry/tmch/RstTmchUtils.java

@@ -1,120 +0,0 @@
-// Copyright 2025 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.tmch;
-
-import static com.google.common.base.Suppliers.memoize;
-import static com.google.common.io.Resources.getResource;
-import static com.google.common.io.Resources.readLines;
-import static google.registry.tmch.RstTmchUtils.RstEnvironment.OTE;
-import static google.registry.tmch.RstTmchUtils.RstEnvironment.PROD;
-import static google.registry.util.RegistryEnvironment.SANDBOX;
-import static java.nio.charset.StandardCharsets.UTF_8;
-
-import com.google.common.base.Supplier;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.flogger.FluentLogger;
-import google.registry.model.smd.SignedMarkRevocationList;
-import google.registry.model.tmch.ClaimsList;
-import google.registry.util.RegistryEnvironment;
-import java.io.IOException;
-import java.net.URL;
-import java.util.Locale;
-import java.util.Optional;
-
-/**
- * Utilities supporting TMCH-related RST testing in the Sandbox environment.
- *
- * <p>For logistic reasons we must conduct RST testing in the Sandbox environments. RST tests
- * require the use of special labels hosted on their website. To isolate these labels from regular
- * customers conducting onboarding tests, we manually download the test files as resources, and
- * serve them up only to RST TLDs.
- */
-public class RstTmchUtils {
-  private static final FluentLogger logger = FluentLogger.forEnclosingClass();
-
-  /**
-   * The RST environments.
-   *
-   * <p>We conduct both OTE and PROD RST tests in Sandbox.
-   */
-  enum RstEnvironment {
-    OTE,
-    PROD
-  }
-
-  private static final ImmutableMap<RstEnvironment, Supplier<Optional<ClaimsList>>> CLAIMS_CACHE =
-      ImmutableMap.of(
-          OTE, memoize(() -> getClaimsList(OTE)), PROD, memoize(() -> getClaimsList(PROD)));
-
-  private static final ImmutableMap<RstEnvironment, Supplier<Optional<SignedMarkRevocationList>>>
-      SMDRL_CACHE =
-          ImmutableMap.of(
-              OTE, memoize(() -> getSmdrList(OTE)), PROD, memoize(() -> getSmdrList(PROD)));
-
-  /** Returns appropriate test labels if {@code tld} is for RST testing; otherwise returns empty. */
-  public static Optional<ClaimsList> getClaimsList(String tld) {
-    return getRstEnvironment(tld).map(CLAIMS_CACHE::get).flatMap(Supplier::get);
-  }
-
-  /** Returns appropriate test labels if {@code tld} is for RST testing; otherwise returns empty. */
-  public static Optional<SignedMarkRevocationList> getSmdrList(String tld) {
-    return getRstEnvironment(tld).map(SMDRL_CACHE::get).flatMap(Supplier::get);
-  }
-
-  static Optional<RstEnvironment> getRstEnvironment(String tld) {
-    if (!RegistryEnvironment.get().equals(SANDBOX)) {
-      return Optional.empty();
-    }
-    if (tld.startsWith("cc-rst-test-")) {
-      return Optional.of(OTE);
-    }
-    if (tld.startsWith("zz--")) {
-      return Optional.of(PROD);
-    }
-    return Optional.empty();
-  }
-
-  private static Optional<ClaimsList> getClaimsList(RstEnvironment rstEnvironment) {
-    if (!RegistryEnvironment.get().equals(SANDBOX)) {
-      return Optional.empty();
-    }
-    String resourceName = rstEnvironment.name().toLowerCase(Locale.ROOT) + ".rst.dnl.csv";
-    URL resource = getResource(RstTmchUtils.class, resourceName);
-    try {
-      return Optional.of(ClaimsListParser.parse(readLines(resource, UTF_8)));
-    } catch (IOException e) {
-      // Do not throw.
-      logger.atSevere().withCause(e).log(
-          "Could not load Claims list %s for %s in Sandbox.", resourceName, rstEnvironment);
-      return Optional.empty();
-    }
-  }
-
-  private static Optional<SignedMarkRevocationList> getSmdrList(RstEnvironment rstEnvironment) {
-    if (!RegistryEnvironment.get().equals(SANDBOX)) {
-      return Optional.empty();
-    }
-    String resourceName = rstEnvironment.name().toLowerCase(Locale.ROOT) + ".rst.smdrl.csv";
-    URL resource = getResource(RstTmchUtils.class, resourceName);
-    try {
-      return Optional.of(SmdrlCsvParser.parse(readLines(resource, UTF_8)));
-    } catch (IOException e) {
-      // Do not throw.
-      logger.atSevere().withCause(e).log(
-          "Could not load SMDR list %s for %s in Sandbox.", resourceName, rstEnvironment);
-      return Optional.empty();
-    }
-  }
-}

core/src/main/resources/google/registry/tmch/ote.rst.dnl.csv

@@ -1,10 +0,0 @@
-1,2024-09-13T02:21:12.0Z
-DNL,lookup-key,insertion-datetime
-test---validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test--validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-and-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-andvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testand-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testandvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z

core/src/main/resources/google/registry/tmch/ote.rst.smdrl.csv

@@ -1,7 +0,0 @@
-1,2022-11-22T01:49:36.9Z
-smd-id,insertion-datetime
-0000001761385117375880-65535,2013-07-15T00:00:00.0Z
-0000001751501056761969-65535,2017-07-26T10:12:41.9Z
-000000541526299609231-65535,2018-05-14T17:52:23.7Z
-000000541602140609520-65535,2020-10-08T07:07:25.0Z
-000000541669081776937-65535,2022-11-22T01:49:36.9Z

core/src/main/resources/google/registry/tmch/prod.rst.dnl.csv

@@ -1,10 +0,0 @@
-1,2024-09-13T02:21:12.0Z
-DNL,lookup-key,insertion-datetime
-test---validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test--validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-and-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-andvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-test-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testand-validate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testandvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-testvalidate,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z

core/src/main/resources/google/registry/tmch/prod.rst.smdrl.csv

@@ -1,7 +0,0 @@
-1,2022-11-22T01:49:36.9Z
-smd-id,insertion-datetime
-0000001761385117375880-65535,2013-07-15T00:00:00.0Z
-0000001751501056761969-65535,2017-07-26T10:12:41.9Z
-000000541526299609231-65535,2018-05-14T17:52:23.7Z
-000000541602140609520-65535,2020-10-08T07:07:25.0Z
-000000541669081776937-65535,2022-11-22T01:49:36.9Z

core/src/test/java/google/registry/tmch/RstTmchUtilsIntTest.java

@@ -1,161 +0,0 @@
-// Copyright 2025 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.tmch;
-
-import static com.google.common.truth.Truth.assertThat;
-import static google.registry.persistence.transaction.TransactionManagerFactory.tm;
-import static google.registry.util.RegistryEnvironment.PRODUCTION;
-import static google.registry.util.RegistryEnvironment.SANDBOX;
-import static org.joda.time.DateTime.now;
-import static org.joda.time.DateTimeZone.UTC;
-
-import com.google.common.base.Splitter;
-import google.registry.model.smd.SignedMarkRevocationList;
-import google.registry.model.smd.SignedMarkRevocationListDao;
-import google.registry.model.tmch.ClaimsListDao;
-import google.registry.persistence.transaction.JpaTestExtensions;
-import google.registry.testing.FakeClock;
-import google.registry.util.RegistryEnvironment;
-import java.util.stream.Stream;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.extension.RegisterExtension;
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.Arguments;
-import org.junit.jupiter.params.provider.MethodSource;
-
-public class RstTmchUtilsIntTest {
-  private final FakeClock clock = new FakeClock();
-
-  @RegisterExtension
-  final JpaTestExtensions.JpaIntegrationTestExtension jpa =
-      new JpaTestExtensions.Builder().withClock(clock).buildIntegrationTestExtension();
-
-  private static final String TMCH_CLAIM_LABEL = "tmch";
-  // RST label found in *.rst.dnl.csv resources. Currently both files are identical
-  private static final String RST_CLAIM_LABEL = "test--validate";
-
-  private static final String TMCH_SMD_ID = "tmch";
-  // RST label found in *.rst.smdrl.csv resources. Currently both files are identical
-  private static final String RST_SMD_ID = "0000001761385117375880-65535";
-
-  private static final String TMCH_DNL =
-      """
-      1,2024-09-13T02:21:12.0Z
-      DNL,lookup-key,insertion-datetime
-      LABEL,2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001,2024-09-13T02:21:12.0Z
-      """
-          .replace("LABEL", TMCH_CLAIM_LABEL);
-
-  private static final String TMCH_SMDRL =
-      """
-      1,2022-11-22T01:49:36.9Z
-      smd-id,insertion-datetime
-      ID,2013-07-15T00:00:00.0Z
-      """
-          .replace("ID", TMCH_SMD_ID);
-
-  @BeforeEach
-  void setup() throws Exception {
-    Splitter lineSplitter = Splitter.on("\n").omitEmptyStrings().trimResults();
-    tm().transact(
-            () -> ClaimsListDao.save(ClaimsListParser.parse(lineSplitter.splitToList(TMCH_DNL))));
-    tm().transact(
-            () ->
-                SignedMarkRevocationListDao.save(
-                    SmdrlCsvParser.parse(lineSplitter.splitToList(TMCH_SMDRL))));
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getClaimsList_production(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      PRODUCTION.setup();
-      var claimsList = ClaimsListDao.get(tld);
-      assertThat(claimsList.getClaimKey(TMCH_CLAIM_LABEL)).isPresent();
-      assertThat(claimsList.getClaimKey(RST_CLAIM_LABEL)).isEmpty();
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getSmdrList_production(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      PRODUCTION.setup();
-      var smdrl = SignedMarkRevocationList.get(tld);
-      assertThat(smdrl.isSmdRevoked(TMCH_SMD_ID, now(UTC))).isTrue();
-      assertThat(smdrl.isSmdRevoked(RST_SMD_ID, now(UTC))).isFalse();
-      assertThat(smdrl.size()).isEqualTo(1);
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getClaimsList_sandbox(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      SANDBOX.setup();
-      var claimsList = ClaimsListDao.get(tld);
-      if (tld.equals("app")) {
-        assertThat(claimsList.getClaimKey(TMCH_CLAIM_LABEL)).isPresent();
-        assertThat(claimsList.getClaimKey(RST_CLAIM_LABEL)).isEmpty();
-      } else {
-        assertThat(claimsList.getClaimKey(TMCH_CLAIM_LABEL)).isEmpty();
-        // Currently ote and prod have the same data.
-        assertThat(claimsList.getClaimKey(RST_CLAIM_LABEL)).isPresent();
-      }
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getSmdrList_sandbox(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      SANDBOX.setup();
-      var smdrList = SignedMarkRevocationList.get(tld);
-      if (tld.equals("app")) {
-        assertThat(smdrList.size()).isEqualTo(1);
-        assertThat(smdrList.isSmdRevoked(TMCH_SMD_ID, now(UTC))).isTrue();
-        assertThat(smdrList.isSmdRevoked(RST_SMD_ID, now(UTC))).isFalse();
-      } else {
-        // Currently ote and prod have the same data.
-        assertThat(smdrList.size()).isEqualTo(5);
-        assertThat(smdrList.isSmdRevoked(TMCH_SMD_ID, now())).isFalse();
-        assertThat(smdrList.isSmdRevoked(RST_SMD_ID, now())).isTrue();
-      }
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  private static Stream<Arguments> provideTestCases() {
-    return Stream.of(
-        Arguments.of("NotRST", "app"),
-        Arguments.of("OTE", "cc-rst-test-tld-1"),
-        Arguments.of("PROD", "zz--idn-123"));
-  }
-}

core/src/test/java/google/registry/tmch/RstTmchUtilsTest.java

@@ -1,117 +0,0 @@
-// Copyright 2025 The Nomulus Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.tmch;
-
-import static com.google.common.truth.Truth.assertThat;
-import static google.registry.tmch.RstTmchUtils.getClaimsList;
-import static google.registry.tmch.RstTmchUtils.getSmdrList;
-import static google.registry.util.RegistryEnvironment.PRODUCTION;
-import static google.registry.util.RegistryEnvironment.SANDBOX;
-
-import google.registry.util.RegistryEnvironment;
-import java.util.stream.Stream;
-import org.joda.time.DateTime;
-import org.junit.jupiter.params.ParameterizedTest;
-import org.junit.jupiter.params.provider.Arguments;
-import org.junit.jupiter.params.provider.MethodSource;
-
-public class RstTmchUtilsTest {
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getClaimsList_production(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      PRODUCTION.setup();
-      assertThat(getClaimsList(tld)).isEmpty();
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getSmdrList_production(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      PRODUCTION.setup();
-      assertThat(getSmdrList(tld)).isEmpty();
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getClaimsList_sandbox(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      SANDBOX.setup();
-      var claimsListOptional = getClaimsList(tld);
-      if (tld.equals("app")) {
-        assertThat(claimsListOptional).isEmpty();
-      } else {
-        // Currently ote and prod have the same data.
-        var claimsList = claimsListOptional.get();
-        assertThat(claimsList.getClaimKey("test-and-validate")).isPresent();
-        var labelsToKeys = claimsList.getLabelsToKeys();
-        assertThat(labelsToKeys).hasSize(8);
-        assertThat(labelsToKeys)
-            .containsEntry(
-                "test---validate", "2024091300/6/a/b/arJyPPf2CK7f21bVGne0qMgW0000000001");
-      }
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  @ParameterizedTest
-  @MethodSource("provideTestCases")
-  @SuppressWarnings("unused") // testCaseName
-  void getSmdrList_sandbox(String testCaseName, String tld) {
-    var currEnv = RegistryEnvironment.get();
-    try {
-      SANDBOX.setup();
-      var smdrListOptional = getSmdrList(tld);
-      if (tld.equals("app")) {
-        assertThat(smdrListOptional).isEmpty();
-      } else {
-        // Currently ote and prod have the same data.
-        var smdrList = smdrListOptional.get();
-        assertThat(smdrList.size()).isEqualTo(5);
-        assertThat(
-                smdrList.isSmdRevoked(
-                    "000000541526299609231-65535", DateTime.parse("2018-05-14T17:52:23.6Z")))
-            .isFalse();
-        assertThat(
-                smdrList.isSmdRevoked(
-                    "000000541526299609231-65535", DateTime.parse("2018-05-14T17:52:23.7Z")))
-            .isTrue();
-      }
-    } finally {
-      currEnv.setup();
-    }
-  }
-
-  private static Stream<Arguments> provideTestCases() {
-    return Stream.of(
-        Arguments.of("NotRST", "app"),
-        Arguments.of("OTE", "cc-rst-test-tld-1"),
-        Arguments.of("PROD", "zz--idn-123"));
-  }
-}

core/src/test/java/google/registry/tmch/TmchTestDataExpirationTest.java

@@ -57,7 +57,7 @@ class TmchTestDataExpirationTest {
     String tmchData = loadFile(TmchTestDataExpirationTest.class, filePath);
     EncodedSignedMark smd = TmchData.readEncodedSignedMark(tmchData);
     try {
-      tmchUtils.verifyEncodedSignedMark("", smd, DateTime.now(UTC));
+      tmchUtils.verifyEncodedSignedMark(smd, DateTime.now(UTC));
     } catch (EppException e) {
       throw new AssertionError("Error verifying signed mark " + filePath, e);
     }

networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java

@@ -70,10 +70,10 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
   /**
    * The list of cipher suites that are currently acceptable to create a successful handshake.
    *
-   * <p>This list includes all of the current TLS1.3 ciphers and a collection of TLS1.2 ciphers with
-   * no known security vulnerabilities. Note that OpenSSL uses a separate nomenclature for the
-   * ciphers internally but the IANA names listed here will be transparently translated by the
-   * OpenSSL provider (if used), so there is no need to include the OpenSSL name variants here. More
+   * <p>This list includes all the current TLS1.3 ciphers and a collection of TLS1.2 ciphers with no
+   * known security vulnerabilities. Note that OpenSSL uses a separate nomenclature for the ciphers
+   * internally but the IANA names listed here will be transparently translated by the OpenSSL
+   * provider (if used), so there is no need to include the OpenSSL name variants here. More
    * information about these cipher suites and their OpenSSL names can be found at ciphersuite.info.
    */
   private static final ImmutableList<String> ALLOWED_TLS_CIPHERS =
@@ -90,6 +90,10 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
           "TLS_AES_128_CCM_SHA256",
           "TLS_AES_128_CCM_8_SHA256");
 
+  /** Thankfully, the JDK supports TLS version 1.3 now. */
+  private static final ImmutableList<String> SUPPORTED_TLS_VERSIONS =
+      ImmutableList.of("TLSv1.3", "TLSv1.2");
+
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
   private final boolean requireClientCert;
   // TODO(jianglai): Always validate client certs (if required).
@@ -99,7 +103,6 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
   // change when the artifacts on GCS changes.
   private final Supplier<PrivateKey> privateKeySupplier;
   private final Supplier<ImmutableList<X509Certificate>> certificatesSupplier;
-  private final ImmutableList<String> supportedSslVersions;
 
   public SslServerInitializer(
       boolean requireClientCert,
@@ -116,12 +119,6 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
     this.sslProvider = sslProvider;
     this.privateKeySupplier = privateKeySupplier;
     this.certificatesSupplier = certificatesSupplier;
-    this.supportedSslVersions =
-        sslProvider == SslProvider.OPENSSL
-            ? ImmutableList.of("TLSv1.3", "TLSv1.2")
-            // JDK support for TLS 1.3 won't be available until 2021-04-20 at the earliest.
-            // See: https://java.com/en/jre-jdk-cryptoroadmap.html
-            : ImmutableList.of("TLSv1.2");
   }
 
   @Override
@@ -133,7 +130,7 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
             .sslProvider(sslProvider)
             .trustManager(InsecureTrustManagerFactory.INSTANCE)
             .clientAuth(requireClientCert ? ClientAuth.REQUIRE : ClientAuth.NONE)
-            .protocols(supportedSslVersions)
+            .protocols(SUPPORTED_TLS_VERSIONS)
             .ciphers(ALLOWED_TLS_CIPHERS, SupportedCipherSuiteFilter.INSTANCE)
             .build();