mirror of
https://github.com/getnamingo/registry.git
synced 2025-05-13 08:07:00 +02:00
DNSSEC interface improvements
This commit is contained in:
Pinga
parent
52a0503eed
commit
44e975bf6e
2 changed files with 109 additions and 80 deletions
|
|
@ -1012,44 +1012,49 @@ class SystemController extends Controller
|
|||
|
||||
$secureTld = $tld['secure'];
|
||||
if ($secureTld === 1) {
|
||||
// Remove the leading dot
|
||||
$tld_extension_cleaned = ltrim($tld['tld'], '.');
|
||||
$zone = escapeshellarg($tld_extension_cleaned);
|
||||
$statusOutput = shell_exec("rndc dnssec -status $zone");
|
||||
|
||||
// Path to the JSON file
|
||||
$jsonFilePath = "/tmp/{$tld_extension_cleaned}.json";
|
||||
|
||||
// Initialize a variable to hold the data for Twig
|
||||
$dnssecData = null;
|
||||
|
||||
if (file_exists($jsonFilePath) && is_readable($jsonFilePath)) {
|
||||
// Read and decode the JSON file
|
||||
$jsonContent = file_get_contents($jsonFilePath);
|
||||
$data = json_decode($jsonContent, true);
|
||||
|
||||
if (json_last_error() === JSON_ERROR_NONE) {
|
||||
// Ensure keys exist and process them
|
||||
if (isset($data['keys']) && is_array($data['keys'])) {
|
||||
$dnssecData = [
|
||||
'zoneName' => $data['zoneName'] ?? 'N/A',
|
||||
'timestamp' => $data['timestamp'] ?? 'N/A',
|
||||
'keys' => [],
|
||||
];
|
||||
|
||||
foreach ($data['keys'] as $key) {
|
||||
$dnssecData['keys'][] = [
|
||||
'keyFile' => $key['keyFile'] ?? 'N/A',
|
||||
'dsRecord' => $key['dsRecord'] ?? 'N/A',
|
||||
'timestamp' => $key['timestamp'] ?? 'N/A',
|
||||
];
|
||||
}
|
||||
} else {
|
||||
$dnssecData = ['error' => "No keys found in JSON."];
|
||||
}
|
||||
} else {
|
||||
$dnssecData = ['error' => "Failed to decode JSON: " . json_last_error_msg()];
|
||||
}
|
||||
if (!$statusOutput) {
|
||||
$dnssecData = ['error' => "Unable to fetch DNSSEC status for $zone."];
|
||||
} else {
|
||||
$dnssecData = ['error' => "File {$jsonFilePath} not found or not readable."];
|
||||
// Extract all KSKs regardless of algorithm
|
||||
preg_match_all('/key: (\d+) \((\w+)\), KSK/', $statusOutput, $matches, PREG_SET_ORDER);
|
||||
|
||||
$dnssecData = [
|
||||
'zoneName' => $tld['tld'],
|
||||
'timestamp' => date('Y-m-d H:i:s'),
|
||||
'keys' => [],
|
||||
];
|
||||
|
||||
foreach ($matches as $match) {
|
||||
$keyId = $match[1];
|
||||
$algorithm = $match[2];
|
||||
|
||||
// Determine if key is active or in rollover state
|
||||
$keyStatus = strpos($statusOutput, "key: $keyId") !== false
|
||||
? (strpos($statusOutput, "key signing: yes") !== false ? 'Active' : 'Pending Rollover')
|
||||
: 'Unknown';
|
||||
|
||||
// Extract DS record for this key
|
||||
$dsRecord = shell_exec("dnssec-dsfromkey -2 /var/lib/bind/K{$tld_extension_cleaned}.+008+{$keyId}.key");
|
||||
$dsRecord = $dsRecord ? trim($dsRecord) : 'N/A';
|
||||
|
||||
// Append key details
|
||||
$dnssecData['keys'][] = [
|
||||
'key_id' => $keyId,
|
||||
'algorithm' => $algorithm,
|
||||
'ds_record' => $dsRecord,
|
||||
'status' => $keyStatus,
|
||||
'timestamp' => date('Y-m-d H:i:s'),
|
||||
];
|
||||
}
|
||||
|
||||
// If no keys were found, set an error message
|
||||
if (empty($dnssecData['keys'])) {
|
||||
$dnssecData = ['error' => "No DNSSEC keys found for $zone."];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$dnssecData = ['error' => "DNSSEC is not enabled for this TLD."];
|
||||
|
|
|
|||
|
|
@ -93,56 +93,80 @@
|
|||
</div>
|
||||
</div>
|
||||
|
||||
{% if dnssecData is defined and dnssecData.keys is defined %}
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }} <span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span></h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-vcenter card-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{ __('Key File') }}</th>
|
||||
<th>{{ __('DS Record') }}</th>
|
||||
<th>{{ __('Timestamp') }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for key in dnssecData.keys %}
|
||||
<tr>
|
||||
<td>{{ key.keyFile }}</td>
|
||||
<td><p class="user-select-all tracking-wide mb-0"><kbd>{{ key.dsRecord }}</kbd></p></td>
|
||||
<td>{{ key.timestamp }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
{% if dnssecData is defined and dnssecData.keys is defined and dnssecData.keys|length > 0 %}
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }}
|
||||
<span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span>
|
||||
</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="table-responsive">
|
||||
<table class="table table-vcenter card-table">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>{{ __('Key ID') }}</th>
|
||||
<th>{{ __('Algorithm') }}</th>
|
||||
<th>{{ __('DS Record') }}</th>
|
||||
<th>{{ __('Status') }}</th>
|
||||
<th>{{ __('Timestamp') }}</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for key in dnssecData.keys %}
|
||||
<tr>
|
||||
<td>{{ key.key_id }}</td>
|
||||
<td>{{ key.algorithm }}</td>
|
||||
<td>
|
||||
{% if key.ds_record != 'N/A' %}
|
||||
<p class="user-select-all tracking-wide mb-0">
|
||||
<kbd>{{ key.ds_record }}</kbd>
|
||||
</p>
|
||||
{% else %}
|
||||
<span class="text-muted">{{ __('Not Available') }}</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
<td>
|
||||
{% if key.status == 'Active' %}
|
||||
<span class="badge bg-success">{{ __('Active') }}</span>
|
||||
{% elseif key.status == 'Pending Rollover' %}
|
||||
<span class="badge bg-warning">{{ __('Pending Rollover') }}</span>
|
||||
{% else %}
|
||||
<span class="badge bg-secondary">{{ __('Unknown') }}</span>
|
||||
{% endif %}
|
||||
</td>
|
||||
<td>{{ key.timestamp }}</td>
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% elseif dnssecData.error is defined %}
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<h4 class="alert-title">{{ dnssecData.error }}</h4>
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-warning" role="alert">
|
||||
<h4 class="alert-title">{{ dnssecData.error }}</h4>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% else %}
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-info" role="alert">
|
||||
<div><h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4></div>
|
||||
<div class="card mb-3">
|
||||
<div class="card-header">
|
||||
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
|
||||
</div>
|
||||
<div class="card-body">
|
||||
<div class="alert alert-info" role="alert">
|
||||
<div>
|
||||
<h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
<div class="card mb-3">
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue