Browse files

Allow creation of reserved domains using allocation tokens

Unlike anchor tenants, these domains can be registered for any number of years,
but only during GA, as third parties cannot register domains pre-GA except
through the anchor tenant program.

Since this is new functionality, unlike creation of anchor tenants, there is no
fallback provided to send codes through the domain authcode; they must be sent
using the allocation token extension.

And note that, like with anchor tenants, providing the domain-specific
allocation token overrides any other reserved types that might apply to that

No changes are necessary to the domain application create flow because of the
above restriction to GA.

Created by MOE:
  • Loading branch information...
CydeWeys committed Sep 10, 2018
1 parent 9c280f9 commit 1b3df82fb3df7958640fc389442e18d898f7aa85
@@ -23,6 +23,7 @@
import static google.registry.flows.domain.DomainFlowUtils.createFeeCreateResponse;
import static google.registry.flows.domain.DomainFlowUtils.getReservationTypes;
import static google.registry.flows.domain.DomainFlowUtils.isAnchorTenant;
import static google.registry.flows.domain.DomainFlowUtils.isValidReservedCreate;
import static google.registry.flows.domain.DomainFlowUtils.validateCreateCommandContactsAndNameservers;
import static google.registry.flows.domain.DomainFlowUtils.validateDomainAllowedOnCreateRestrictedTld;
import static google.registry.flows.domain.DomainFlowUtils.validateDomainName;
@@ -276,7 +277,7 @@ public final EppResponse run() throws EppException {
if (launchCreate.isPresent()) {
verifyLaunchPhaseMatchesRegistryPhase(registry, launchCreate.get(), now);
if (!isAnchorTenant) {
if (!isAnchorTenant && !isValidReservedCreate(domainName, allocationToken)) {
verifyNotReserved(domainName, isSunriseCreate);
if (hasClaimsNotice) {
@@ -247,9 +247,7 @@ public static String validateDomainNameWithIdnTables(InternetDomainName domainNa
return idnTableName.get();
* Returns whether the information for a given domain create request is for a valid anchor tenant.
/** Returns whether a given domain create request is for a valid anchor tenant. */
public static boolean isAnchorTenant(
InternetDomainName domainName,
Optional<AllocationToken> token,
@@ -278,6 +276,17 @@ public static boolean isAnchorTenant(
return metadataExtension.isPresent() && metadataExtension.get().getIsAnchorTenant();
/** Returns whether a given domain create request is for a valid reserved domain. */
public static boolean isValidReservedCreate(
InternetDomainName domainName, Optional<AllocationToken> token) {
// If the domain is reserved for specific use, then check if the allocation token exists and
// is for this domain.
return getReservationTypes(domainName).contains(RESERVED_FOR_SPECIFIC_USE)
&& token.isPresent()
&& token.get().getDomainName().isPresent()
&& token.get().getDomainName().get().equals(domainName.toString());
/** Check if the registrar running the flow has access to the TLD in question. */
public static void checkAllowedAccessToTld(String clientId, String tld) throws EppException {
if (!Registrar.loadByClientIdCached(clientId).get().getAllowedTlds().contains(tld)) {
@@ -189,7 +189,8 @@ public void initCreateTest() {
persistReservedList("global-list", "resdom,FULLY_BLOCKED"))
persistClaimsList(ImmutableMap.of("example-one", CLAIMS_KEY));
@@ -1031,6 +1032,25 @@ public void testSuccess_anchorTenant_viaAuthCode_withClaims() throws Exception {
public void testSuccess_reservedDomain_viaAllocationTokenExtension() throws Exception {
AllocationToken token =
new AllocationToken.Builder().setToken("abc123").setDomainName("resdom.tld").build());
// Despite the domain being FULLY_BLOCKED, the non-superuser create succeeds the domain is also
// RESERVED_FOR_SPECIFIC_USE and the correct allocation token is passed.
setEppInput("domain_create_allocationtoken.xml", ImmutableMap.of("DOMAIN", "resdom.tld"));
loadFile("domain_create_response.xml", ImmutableMap.of("DOMAIN", "resdom.tld")));
assertSuccessfulCreate("tld", ImmutableSet.of());
AllocationToken reloadedToken = ofy().load().entity(token).now();
public void testSuccess_superuserReserved() throws Exception {

0 comments on commit 1b3df82

Please sign in to comment.