refactored job

2025-06-04 03:37:28 +02:00 · 2022-01-08 09:22:34 +02:00 · 2022-01-08 09:22:34 +02:00 · aff950aa97
commit aff950aa97
parent 57e653e9e6
3 changed files with 4 additions and 151 deletions
--- a/app/jobs/validate_dnssec_job.rb
+++ b/app/jobs/validate_dnssec_job.rb
@ -32,9 +32,7 @@ class ValidateDnssecJob < ApplicationJob

  def iterate_nameservers(domain)
    domain.nameservers.each do |n|
-      result_nameserver_validation = SoaNameserverQuery.validate(domain_name: domain.name, hostname: n.hostname)
-
-      return unless result_nameserver_validation
+      next unless n.validated?

      validate(hostname: n.hostname, domain: domain)

@ -124,11 +122,12 @@ class ValidateDnssecJob < ApplicationJob

  def prepare_validator(nameserver)
    inner_resolver = Dnsruby::Resolver.new
+    timeouts = ENV['nameserver_validation_timeout'] || 4
    inner_resolver.do_validation = true
    inner_resolver.dnssec = true
    inner_resolver.nameserver = nameserver
-    inner_resolver.packet_timeout = ENV['a_and_aaaa_validation_timeout'].to_i
-    inner_resolver.query_timeout = ENV['a_and_aaaa_validation_timeout'].to_i
+    inner_resolver.packet_timeout = timeouts.to_i
+    inner_resolver.query_timeout = timeouts.to_i
    resolver = Dnsruby::Recursor.new(inner_resolver)
    resolver.dnssec = true

--- a/app/services/soa_nameserver_query.rb
+++ b/app/services/soa_nameserver_query.rb
@ -1,49 +0,0 @@
-module SoaNameserverQuery
-  include Dnsruby
-
-  extend self
-
-  def validate(domain_name:, hostname:)
-
-      resolver = create_resolver(hostname)
-
-      answers = resolver.query(domain_name, 'SOA', 'IN')
-      answers.answer.each do |a|
-
-        if a.serial.nil?
-          logger.info "No serial number of nameserver found"
-
-          return false
-        end
-
-        serial_number = a.serial.to_s
-
-        p "-------------- >>"
-        p "serial number #{serial_number} of #{hostname} - domain name: #{domain_name}"
-        p "<< --------------"
-        true
-      end
-
-  rescue StandardError => e
-    logger.error e.message
-    logger.error "failed #{hostname} validation of #{domain_name} domain name"
-
-    false
-  end
-
-  private
-
-  def create_resolver(nameserver)
-    resolver = Dnsruby::Resolver.new
-    resolver.retry_times = 3
-    resolver.recurse = 0  # Send out non-recursive queries
-    # disable caching otherwise SOA is cached from first nameserver queried
-    resolver.do_caching = false
-    resolver.nameserver = nameserver
-    resolver
-  end
-
-  def logger
-    @logger ||= Rails.logger
-  end
-end
--- a/app/services/validate_dnssec.rb
+++ b/app/services/validate_dnssec.rb
@ -1,97 +0,0 @@
-module ValidateDnssec
-  include Dnsruby
-
-  extend self
-
-  def prepare_resolver
-    dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
-    dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
-    dns.do_validation = false
-    dns.do_caching = false
-    dns.dnssec = true
-
-    dns
-  end
-
-  def validate_dnssec(params:, domain:)
-    return if params[:action] == 'rem'
-
-    dns = prepare_resolver
-    subzone_records = get_dnskey_records_from_subzone(resolver: dns, hostname: params[:domain], domain: domain)
-    form_extension_records = extensional_dnskeys_data(params)
-
-    return true if form_extension_records.empty?
-
-    validate_data(subzone_records: subzone_records, form_extension_records: form_extension_records, domain: domain)
-  end
-
-  def make_magic(subzone_records:, form_data:)
-    subzone_records.any? do |subzone_data|
-      subzone_data[:basic] == form_data[:basic] &&
-        subzone_data[:public_key].include?(form_data[:public_key])
-    end
-  end
-
-  def validate_data(subzone_records:, form_extension_records:, domain:)
-    flag = false
-    form_extension_records.each do |form_data|
-      flag = make_magic(subzone_records: subzone_records, form_data: form_data)
-
-      break if flag
-    end
-
-    return validation_dns_key_error(domain) unless flag
-
-    flag
-  end
-
-  def get_dnskey_records_from_subzone(resolver:, hostname:, domain:)
-    ds_records_answers = resolver.query(hostname, 'DNSKEY').answer
-
-    result_container = []
-
-    ds_records_answers.each do |ds|
-      next unless ds.type == Dnsruby::Types.DNSKEY
-
-      result_container << {
-        basic: {
-          flags: ds.flags.to_s,
-          algorithm: ds.algorithm.code.to_s,
-          protocol: ds.protocol.to_s,
-        },
-        public_key: ds.public_key.export.gsub!(/\s+/, ''),
-      }
-    end
-
-    result_container
-  rescue Dnsruby::NXDomain
-    domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
-  end
-
-  def validation_dns_key_error(domain)
-    domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
-  end
-
-  def extensional_dnskeys_data(params)
-    dnskeys_data = params[:dns_keys]
-
-    return [] if dnskeys_data.nil?
-
-    result_container = []
-
-    dnskeys_data.each do |ds|
-      next if ds[:action] == 'rem'
-
-      result_container << {
-        basic: {
-          flags: ds[:flags].to_s,
-          algorithm: ds[:alg].to_s,
-          protocol: ds[:protocol].to_s,
-        },
-        public_key: ds[:public_key],
-      }
-    end
-
-    result_container
-  end
-end