zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-13 21:09:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

RDE module improvements

Browse source
This commit is contained in:
Pinga 2025-06-21 15:39:02 +03:00
parent 4a0aa42df3
commit 256cb6491a
1 changed files with 79 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

174
automation/escrow.php
View file

@ -228,11 +228,13 @@ try {
$stmt->bindParam(':domain_id', $domain['id']); $stmt->bindParam(':domain_id', $domain['id']);
$stmt->execute(); $stmt->execute();
$domain_hosts = $stmt->fetchAll(); $domain_hosts = $stmt->fetchAll();
if (!empty($domain_hosts)) {
$xml->startElement('rdeDomain:ns'); $xml->startElement('rdeDomain:ns');
foreach ($domain_hosts as $host) { foreach ($domain_hosts as $host) {
$xml->writeElement('domain:hostObj', $host['name']); $xml->writeElement('domain:hostObj', $host['name']);
} }
$xml->endElement(); // Closing rdeDomain:ns $xml->endElement(); // Closing rdeDomain:ns
}
$xml->writeElement('rdeDomain:clID', getClid($dbh, $domain['clid'])); $xml->writeElement('rdeDomain:clID', getClid($dbh, $domain['clid']));
$xml->writeElement('rdeDomain:crRr', getClid($dbh, $domain['crid'])); $xml->writeElement('rdeDomain:crRr', getClid($dbh, $domain['crid']));
@ -516,80 +518,54 @@ try {
unlink($c['escrow_deposit_path']."/".$xmlFileName); unlink($c['escrow_deposit_path']."/".$xmlFileName);
} }
// Initialize a GnuPG instance // Initialize the GnuPG object
$res = gnupg_init(); $gpg = new gnupg();
$gpg->seterrormode(gnupg::ERROR_EXCEPTION);
// Get information about the public key from its content // Import public key (ICANN escrow key)
$publicKeyInfo = gnupg_import($res, file_get_contents($c['escrow_keyPath'])); $publicKeyData = file_get_contents($c['escrow_keyPath']);
if ($publicKeyInfo === false) { $importResult = $gpg->import($publicKeyData);
$log->error("Failed to import GPG key from: " . $c['escrow_keyPath']); if (!$importResult || empty($importResult['fingerprint'])) {
$log->error("Failed to import escrow public key: " . $c['escrow_keyPath']);
exit(1); exit(1);
} }
$fingerprint = $publicKeyInfo['fingerprint']; $escrowFingerprint = $importResult['fingerprint'];
// Check if the key is already in the keyring // Add public key for encryption
$existingKeys = gnupg_keyinfo($res, $fingerprint); $gpg->addencryptkey($escrowFingerprint);
if (!$existingKeys) { // Read .tar data and encrypt it
// If not, import the public key
gnupg_import($res, file_get_contents($c['escrow_keyPath']));
}
// Read the .tar file contents
$fileData = file_get_contents($c['escrow_deposit_path'] . "/" . $tarFileName); $fileData = file_get_contents($c['escrow_deposit_path'] . "/" . $tarFileName);
$gpg->setarmor(true);
// Add the encryption key $encryptedData = $gpg->encrypt($fileData);
gnupg_addencryptkey($res, $fingerprint);
// Encrypt the file data using the public key
$encryptedData = gnupg_encrypt($res, $fileData);
if (!$encryptedData) { if (!$encryptedData) {
$log->error('Error encrypting data: ' . gnupg_geterror($res)); $log->error("Encryption failed");
exit(1);
} }
// Save the encrypted data to a new file // Write encrypted .ryde file
file_put_contents($c['escrow_deposit_path'] . "/" . $baseFileName . ".ryde", $encryptedData); $encryptedFilePath = $c['escrow_deposit_path'] . "/" . $baseFileName . ".ryde";
file_put_contents($encryptedFilePath, $encryptedData);
// Delete the original .tar file // Delete the original .tar file
unlink($c['escrow_deposit_path'] . "/" . $tarFileName); //unlink($c['escrow_deposit_path'] . "/" . $tarFileName);
$encryptedFilePath = $c['escrow_deposit_path'] . "/" . $baseFileName . ".ryde"; $gpg->clearencryptkeys();
$gpg->clearsignkeys();
$gpg->setarmor(true);
$gpg->setsignmode(gnupg::SIG_MODE_DETACH);
// Initialize the GnuPG extension // Use preloaded, trusted private key
$gpg = new gnupg(); $gpg->addsignkey($c['escrow_signing_fingerprint']);
$gpg->seterrormode(gnupg::ERROR_EXCEPTION); // throw exceptions on errors
$gpg->setarmor(0);
// Import your private key (if it's not already in the keyring) // Read encrypted file
if (!file_exists($c['escrow_privateKey'])) { $encryptedFileContents = file_get_contents($encryptedFilePath);
$log->error("Private key file not found: " . $c['escrow_privateKey']); $signature = $gpg->sign($encryptedFileContents);
echo "Error: Private key file not found.\n";
exit(1);
}
$privateKeyData = file_get_contents($c['escrow_privateKey']); // Save .sig file
if ($privateKeyData === false) { $signaturePath = $c['escrow_deposit_path'] . '/' . $baseFileName . '.sig';
$log->error("Failed to read private key file: " . $c['escrow_privateKey']); file_put_contents($signaturePath, $signature);
echo "Error: Unable to read private key file.\n";
exit(1);
}
$importResult = $gpg->import($privateKeyData);
// Set the key to be used for signing
$privateKeyId = $importResult['fingerprint'];
$gpg->addsignkey($privateKeyId);
// Specify the detached signature mode
$gpg->setsignmode(GNUPG_SIG_MODE_DETACH);
// Sign the encrypted data
$encryptedData = file_get_contents($encryptedFilePath);
$signature = $gpg->sign($encryptedData);
// Save the signature to a .sig file
$signatureFilePath = $c['escrow_deposit_path'] . '/' . pathinfo($encryptedFilePath, PATHINFO_FILENAME) . '.sig';
file_put_contents($signatureFilePath, $signature);
// Optionally, delete the encrypted file if you don't need it anymore // Optionally, delete the encrypted file if you don't need it anymore
// unlink($encryptedFilePath); // unlink($encryptedFilePath);
@ -828,11 +804,13 @@ try {
$stmt->bindParam(':domain_id', $domain['id']); $stmt->bindParam(':domain_id', $domain['id']);
$stmt->execute(); $stmt->execute();
$domain_hosts = $stmt->fetchAll(); $domain_hosts = $stmt->fetchAll();
if (!empty($domain_hosts)) {
$xml->startElement('rdeDomain:ns'); $xml->startElement('rdeDomain:ns');
foreach ($domain_hosts as $host) { foreach ($domain_hosts as $host) {
$xml->writeElement('domain:hostObj', $host['name']); $xml->writeElement('domain:hostObj', $host['name']);
} }
$xml->endElement(); // Closing rdeDomain:ns $xml->endElement(); // Closing rdeDomain:ns
}
$xml->writeElement('rdeDomain:clID', getClid($dbh, $domain['clid'])); $xml->writeElement('rdeDomain:clID', getClid($dbh, $domain['clid']));
$xml->writeElement('rdeDomain:crRr', getClid($dbh, $domain['crid'])); $xml->writeElement('rdeDomain:crRr', getClid($dbh, $domain['crid']));
@ -922,63 +900,53 @@ try {
unlink($c['escrow_deposit_path']."/".$xmlFileName); unlink($c['escrow_deposit_path']."/".$xmlFileName);
} }
// Initialize a GnuPG instance // Initialize the GnuPG object
$res = gnupg_init(); $gpg = new gnupg();
$gpg->seterrormode(GNUPG::ERROR_EXCEPTION);
$gpg->setarmor(true);
// Get information about the public key from its content // Import BRDA escrow public key
$publicKeyInfo = gnupg_import($res, file_get_contents($c['escrow_keyPath_brda'])); $brdaPublicKeyData = file_get_contents($c['escrow_keyPath_brda']);
$fingerprint = $publicKeyInfo['fingerprint']; $importResult = $gpg->import($brdaPublicKeyData);
if (!$importResult || empty($importResult['fingerprint'])) {
// Check if the key is already in the keyring $log->error("Failed to import BRDA public key: " . $c['escrow_keyPath_brda']);
$existingKeys = gnupg_keyinfo($res, $fingerprint); exit(1);
if (!$existingKeys) {
// If not, import the public key
gnupg_import($res, file_get_contents($c['escrow_keyPath_brda']));
} }
$brdaFingerprint = $importResult['fingerprint'];
// Read the .tar file contents // Add BRDA public key for encryption
$fileData = file_get_contents($c['escrow_deposit_path'] . "/" . $tarFileName); $gpg->addencryptkey($brdaFingerprint);
// Add the encryption key // Encrypt the .tar contents
gnupg_addencryptkey($res, $fingerprint); $tarFilePath = $c['escrow_deposit_path'] . "/" . $tarFileName;
$tarData = file_get_contents($tarFilePath);
// Encrypt the file data using the public key $encryptedData = $gpg->encrypt($tarData);
$encryptedData = gnupg_encrypt($res, $fileData);
if (!$encryptedData) { if (!$encryptedData) {
$log->error('Error encrypting data: ' . gnupg_geterror($res)); $log->error("Encryption failed for BRDA file");
exit(1);
} }
// Save the encrypted data to a new file // Save encrypted BRDA file (.ryde)
file_put_contents($c['escrow_deposit_path'] . "/" . $baseFileNameBrda . ".ryde", $encryptedData); $encryptedFilePathBrda = $c['escrow_deposit_path'] . "/" . $baseFileNameBrda . ".ryde";
file_put_contents($encryptedFilePathBrda, $encryptedData);
// Delete the original .tar file // Delete the original .tar file
unlink($c['escrow_deposit_path'] . "/" . $tarFileName); //unlink($c['escrow_deposit_path'] . "/" . $tarFileName);
$encryptedFilePathBrda = $c['escrow_deposit_path'] . "/" . $baseFileNameBrda . ".ryde"; $gpg->clearencryptkeys(); // ensure clean context
$gpg->clearsignkeys();
// Initialize the GnuPG extension $gpg->setarmor(true);
$gpg = new gnupg();
$gpg->seterrormode(gnupg::ERROR_EXCEPTION); // throw exceptions on errors
$gpg->setarmor(0);
// Import your private key (if it's not already in the keyring)
$privateKeyData = file_get_contents($c['escrow_privateKey']);
$importResult = $gpg->import($privateKeyData);
// Set the key to be used for signing
$privateKeyId = $importResult['fingerprint'];
$gpg->addsignkey($privateKeyId);
// Specify the detached signature mode
$gpg->setsignmode(GNUPG_SIG_MODE_DETACH); $gpg->setsignmode(GNUPG_SIG_MODE_DETACH);
// Sign the encrypted data // Import signing private key
$encryptedData = file_get_contents($encryptedFilePathBrda); $gpg->addsignkey($c['escrow_signing_fingerprint']);
$signature = $gpg->sign($encryptedData);
// Save the signature to a .sig file // Sign the BRDA .ryde file
$brdaFileData = file_get_contents($encryptedFilePathBrda);
$signature = $gpg->sign($brdaFileData);
// Save .sig file
$signatureFilePathBrda = $c['escrow_deposit_path'] . '/' . pathinfo($encryptedFilePathBrda, PATHINFO_FILENAME) . '.sig'; $signatureFilePathBrda = $c['escrow_deposit_path'] . '/' . pathinfo($encryptedFilePathBrda, PATHINFO_FILENAME) . '.sig';
file_put_contents($signatureFilePathBrda, $signature); file_put_contents($signatureFilePathBrda, $signature);
@ -1001,8 +969,7 @@ try {
// Upload the files // Upload the files
$filesToUpload = [ $filesToUpload = [
$encryptedFilePath, $encryptedFilePath,
$signatureFilePath, $signatureFilePath
$reportFilePath
]; ];
foreach ($filesToUpload as $filePath) { foreach ($filesToUpload as $filePath) {
@ -1043,7 +1010,6 @@ try {
} }
curl_close($ch); curl_close($ch);
} }
if ($currentDayOfWeek === $dayOfWeekToRunBRDA) { if ($currentDayOfWeek === $dayOfWeekToRunBRDA) {