EppXmlSanitizer

java.lang.Object

google.registry.flows.EppXmlSanitizer

public class EppXmlSanitizer extends Object

Sanitizes sensitive data in incoming/outgoing EPP XML messages.

Current implementation masks user credentials (text following <pw> and <newPW> tags) as follows:

A control character (in ranges [0 - 1F] and [7F - 9F]) is replaced with 'C'.
Everything else is replaced with '*'.

Invalid XML text is not sanitized, and returned as is.

Constructor Summary

Constructors

Constructor

Description

EppXmlSanitizer()
Method Summary

Modifier and Type

Method

Description

static String

sanitizeEppXml(byte[] inputXmlBytes)

Returns sanitized EPP XML message.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details
- EppXmlSanitizer
  
  public EppXmlSanitizer()
Method Details
- sanitizeEppXml
  
  public static String sanitizeEppXml(byte[] inputXmlBytes)
  
  Returns sanitized EPP XML message. For malformed XML messages, base64-encoded raw bytes will be returned.
  The output always begins with version and encoding declarations no matter if the input includes them. If encoding is not declared by input, UTF-8 will be used according to XML standard.
  Also, an empty element will be formatted as <tag></tag> instead of <tag/>.