From 54da4c991429f710f5b76a4afb0167a70342bf38 Mon Sep 17 00:00:00 2001
From: Oleg Hasjanov <oleg.hasjanov@eestiinternet.ee>
Date: Mon, 25 Jan 2021 16:03:41 +0200
Subject: [PATCH 1/4] Test for Illegal chars in DNSkey

---
 .../epp/domain/create/base_test.rb            | 45 +++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb
index 9d817524d..a026c3eed 100644
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@@ -2,6 +2,51 @@ require 'test_helper'
 
 class EppDomainCreateBaseTest < EppTestCase
 
+  def test_some_test
+    name = "new.#{dns_zones(:one).origin}"
+    contact = contacts(:john)
+    registrant = contact.becomes(Registrant)
+
+    pub_key = "AwEAAddt2AkLf\n
+    \n
+    YGKgiEZB5SmIF8E\n
+    vrjxNMH6HtxWEA4RJ9Ao6LCWheg8"
+
+    request_xml = <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <create>
+          <domain:create xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+            <domain:name>#{name}</domain:name>
+            <domain:registrant>#{registrant.code}</domain:registrant>
+          </domain:create>
+        </create>
+        <extension>
+        <secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
+        <secDNS:keyData>
+          <secDNS:flags>257</secDNS:flags>
+          <secDNS:protocol>3</secDNS:protocol>
+          <secDNS:alg>8</secDNS:alg>
+          <secDNS:pubKey>#{pub_key}</secDNS:pubKey>
+        </secDNS:keyData>
+      </secDNS:create>
+          <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+            <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+          </eis:extdata>
+        </extension>
+      </command>
+    </epp>
+    XML
+    assert_no_difference 'Domain.count' do
+      post epp_create_path, params: { frame: request_xml },
+           headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    end
+
+    assert_epp_response :parameter_value_syntax_error
+  end
+
+
   def test_not_registers_domain_without_legaldoc
     now = Time.zone.parse('2010-07-05')
     travel_to now

From b3df3590b7326e3fb30a840813b8e609099c5ac8 Mon Sep 17 00:00:00 2001
From: Oleg Hasjanov <oleg.hasjanov@eestiinternet.ee>
Date: Mon, 25 Jan 2021 16:07:44 +0200
Subject: [PATCH 2/4] Test for Illegal chars in DNSkey

---
 test/integration/epp/domain/create/base_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb
index a026c3eed..99b82c8b6 100644
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@@ -10,7 +10,7 @@ class EppDomainCreateBaseTest < EppTestCase
     pub_key = "AwEAAddt2AkLf\n
     \n
     YGKgiEZB5SmIF8E\n
-    vrjxNMH6HtxWEA4RJ9Ao6LCWheg8"
+    vrjxNMH6HtxW\rEA4RJ9Ao6LCWheg8"
 
     request_xml = <<-XML
     <?xml version="1.0" encoding="UTF-8" standalone="no"?>

From cdf1721ba20ae14a7e3d228cfc60854e20b11ccc Mon Sep 17 00:00:00 2001
From: Oleg Hasjanov <oleg.hasjanov@eestiinternet.ee>
Date: Wed, 27 Jan 2021 10:20:30 +0200
Subject: [PATCH 3/4] changed test name

---
 test/integration/epp/domain/create/base_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb
index 99b82c8b6..e3b7a39ee 100644
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@@ -2,7 +2,7 @@ require 'test_helper'
 
 class EppDomainCreateBaseTest < EppTestCase
 
-  def test_some_test
+  def test_illegal_chars_in_dns_key
     name = "new.#{dns_zones(:one).origin}"
     contact = contacts(:john)
     registrant = contact.becomes(Registrant)

From db729d24210becd89cd00dac66614efa3386179e Mon Sep 17 00:00:00 2001
From: Alex Sherman <yul.golem@gmail.com>
Date: Wed, 27 Jan 2021 15:12:15 +0500
Subject: [PATCH 4/4] Add check if key is Base64-encoded

---
 app/models/epp/domain.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index d3a57df1f..c4d70c2ee 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -312,6 +312,7 @@ class Epp::Domain < Domain
     keys = []
     return keys if frame.blank?
     inf_data = DnsSecKeys.new(frame)
+    add_epp_error('2005', nil, nil, %i[dnskeys invalid]) if not_base64?(inf_data)
 
     if  action == 'rem' &&
         frame.css('rem > all').first.try(:text) == 'true'
@@ -333,6 +334,16 @@ class Epp::Domain < Domain
     errors.any? ? [] : keys
   end
 
+  def not_base64?(inf_data)
+    inf_data.key_data.any? do |key|
+      value = key[:public_key]
+
+      !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+    end
+  rescue ArgumentError
+    true
+  end
+
   class DnsSecKeys
     def initialize(frame)
       @key_data = []
@@ -381,7 +392,7 @@ class Epp::Domain < Domain
 
     def key_data_from(frame)
       xm_copy frame, KEY_INTERFACE
-   end
+    end
 
     def ds_data_from(frame)
       frame.css('dsData').each do |ds_data|