zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-13 16:16:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

DNSSEC interface improvements

Browse source
This commit is contained in:
Pinga 2025-03-11 17:27:20 +02:00
parent 52a0503eed
commit 44e975bf6e
2 changed files with 109 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

75
cp/app/Controllers/SystemController.php
View file

@ -1012,44 +1012,49 @@ class SystemController extends Controller
$secureTld = $tld['secure']; $secureTld = $tld['secure'];
if ($secureTld === 1) { if ($secureTld === 1) {
// Remove the leading dot
$tld_extension_cleaned = ltrim($tld['tld'], '.'); $tld_extension_cleaned = ltrim($tld['tld'], '.');
$zone = escapeshellarg($tld_extension_cleaned);
$statusOutput = shell_exec("rndc dnssec -status $zone");
// Path to the JSON file if (!$statusOutput) {
$jsonFilePath = "/tmp/{$tld_extension_cleaned}.json"; $dnssecData = ['error' => "Unable to fetch DNSSEC status for $zone."];
// Initialize a variable to hold the data for Twig
$dnssecData = null;
if (file_exists($jsonFilePath) && is_readable($jsonFilePath)) {
// Read and decode the JSON file
$jsonContent = file_get_contents($jsonFilePath);
$data = json_decode($jsonContent, true);
if (json_last_error() === JSON_ERROR_NONE) {
// Ensure keys exist and process them
if (isset($data['keys']) && is_array($data['keys'])) {
$dnssecData = [
'zoneName' => $data['zoneName'] ?? 'N/A',
'timestamp' => $data['timestamp'] ?? 'N/A',
'keys' => [],
];
foreach ($data['keys'] as $key) {
$dnssecData['keys'][] = [
'keyFile' => $key['keyFile'] ?? 'N/A',
'dsRecord' => $key['dsRecord'] ?? 'N/A',
'timestamp' => $key['timestamp'] ?? 'N/A',
];
}
} else {
$dnssecData = ['error' => "No keys found in JSON."];
}
} else {
$dnssecData = ['error' => "Failed to decode JSON: " . json_last_error_msg()];
}
} else { } else {
$dnssecData = ['error' => "File {$jsonFilePath} not found or not readable."]; // Extract all KSKs regardless of algorithm
preg_match_all('/key: (\d+) \((\w+)\), KSK/', $statusOutput, $matches, PREG_SET_ORDER);
$dnssecData = [
'zoneName' => $tld['tld'],
'timestamp' => date('Y-m-d H:i:s'),
'keys' => [],
];
foreach ($matches as $match) {
$keyId = $match[1];
$algorithm = $match[2];
// Determine if key is active or in rollover state
$keyStatus = strpos($statusOutput, "key: $keyId") !== false
? (strpos($statusOutput, "key signing: yes") !== false ? 'Active' : 'Pending Rollover')
: 'Unknown';
// Extract DS record for this key
$dsRecord = shell_exec("dnssec-dsfromkey -2 /var/lib/bind/K{$tld_extension_cleaned}.+008+{$keyId}.key");
$dsRecord = $dsRecord ? trim($dsRecord) : 'N/A';
// Append key details
$dnssecData['keys'][] = [
'key_id' => $keyId,
'algorithm' => $algorithm,
'ds_record' => $dsRecord,
'status' => $keyStatus,
'timestamp' => date('Y-m-d H:i:s'),
];
}
// If no keys were found, set an error message
if (empty($dnssecData['keys'])) {
$dnssecData = ['error' => "No DNSSEC keys found for $zone."];
}
} }
} else { } else {
$dnssecData = ['error' => "DNSSEC is not enabled for this TLD."]; $dnssecData = ['error' => "DNSSEC is not enabled for this TLD."];

114
cp/resources/views/admin/system/manageTld.twig
View file

@ -93,56 +93,80 @@
</div> </div>
</div> </div>
{% if dnssecData is defined and dnssecData.keys is defined %} {% if dnssecData is defined and dnssecData.keys is defined and dnssecData.keys|length > 0 %}
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h5 class="card-title">{{ __('DNSSEC Details') }} <span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span></h5> <h5 class="card-title">{{ __('DNSSEC Details') }}
</div> <span class="card-subtitle">{{ __('Last Updated:') }} {{ dnssecData.timestamp }}</span>
<div class="card-body"> </h5>
<div class="table-responsive"> </div>
<table class="table table-vcenter card-table"> <div class="card-body">
<thead> <div class="table-responsive">
<tr> <table class="table table-vcenter card-table">
<th>{{ __('Key File') }}</th> <thead>
<th>{{ __('DS Record') }}</th> <tr>
<th>{{ __('Timestamp') }}</th> <th>{{ __('Key ID') }}</th>
</tr> <th>{{ __('Algorithm') }}</th>
</thead> <th>{{ __('DS Record') }}</th>
<tbody> <th>{{ __('Status') }}</th>
{% for key in dnssecData.keys %} <th>{{ __('Timestamp') }}</th>
<tr> </tr>
<td>{{ key.keyFile }}</td> </thead>
<td><p class="user-select-all tracking-wide mb-0"><kbd>{{ key.dsRecord }}</kbd></p></td> <tbody>
<td>{{ key.timestamp }}</td> {% for key in dnssecData.keys %}
</tr> <tr>
{% endfor %} <td>{{ key.key_id }}</td>
</tbody> <td>{{ key.algorithm }}</td>
</table> <td>
{% if key.ds_record != 'N/A' %}
<p class="user-select-all tracking-wide mb-0">
<kbd>{{ key.ds_record }}</kbd>
</p>
{% else %}
<span class="text-muted">{{ __('Not Available') }}</span>
{% endif %}
</td>
<td>
{% if key.status == 'Active' %}
<span class="badge bg-success">{{ __('Active') }}</span>
{% elseif key.status == 'Pending Rollover' %}
<span class="badge bg-warning">{{ __('Pending Rollover') }}</span>
{% else %}
<span class="badge bg-secondary">{{ __('Unknown') }}</span>
{% endif %}
</td>
<td>{{ key.timestamp }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div> </div>
</div>
</div>
{% elseif dnssecData.error is defined %} {% elseif dnssecData.error is defined %}
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5> <h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="alert alert-warning" role="alert"> <div class="alert alert-warning" role="alert">
<h4 class="alert-title">{{ dnssecData.error }}</h4> <h4 class="alert-title">{{ dnssecData.error }}</h4>
</div>
</div>
</div> </div>
</div>
</div>
{% else %} {% else %}
<div class="card mb-3"> <div class="card mb-3">
<div class="card-header"> <div class="card-header">
<h5 class="card-title">{{ __('DNSSEC Details') }}</h5> <h5 class="card-title">{{ __('DNSSEC Details') }}</h5>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="alert alert-info" role="alert"> <div class="alert alert-info" role="alert">
<div><h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4></div> <div>
<h4 class="alert-heading">{{ __('No DNSSEC data available.') }}</h4>
</div>
</div>
</div>
</div> </div>
</div>
</div>
{% endif %} {% endif %}
<div class="card mb-3"> <div class="card mb-3">