From 6c46daaa553bf5c88eae047402f82c0793c0c2ff Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Mon, 23 Nov 2015 15:16:31 +0200 Subject: [PATCH 1/6] Story #107192666 - refactor, make data decl in Depp discript.+id, single point of modification --- app/models/dnskey.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index 26f5a0afd..693cc5844 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -17,7 +17,7 @@ class Dnskey < ActiveRecord::Base end } - ALGORITHMS = %w(3 5 6 7 8 10 13 14) + ALGORITHMS = Depp::Dnskey::ALGORITHMS.map {|pair| pair[1].to_s}.freeze # IANA numbers, single authority list PROTOCOLS = %w(3) FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK From e5299d8835fb0717dda69feeaddabc27b8d1af52 Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Tue, 24 Nov 2015 12:38:14 +0200 Subject: [PATCH 2/6] Story #107192666 - bug fix. ds.alg=key.alg, move default logic to gen-digest --- app/models/dnskey.rb | 8 ++++++-- app/models/epp/domain.rb | 9 ++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index 693cc5844..fb72f1205 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -20,6 +20,7 @@ class Dnskey < ActiveRecord::Base ALGORITHMS = Depp::Dnskey::ALGORITHMS.map {|pair| pair[1].to_s}.freeze # IANA numbers, single authority list PROTOCOLS = %w(3) FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK + DS_DIGEST_TYPE = [1,2] def epp_code_map { @@ -67,6 +68,9 @@ class Dnskey < ActiveRecord::Base def generate_digest return if flags != 257 # generate ds only with KSK + self.ds_alg = alg + self.ds_digest_type = Setting.ds_algorithm if ds_digest_type.blank? || !DS_DIGEST_TYPE.include?(ds_digest_type) + flags_hex = self.class.int_to_hex(flags) protocol_hex = self.class.int_to_hex(protocol) alg_hex = self.class.int_to_hex(alg) @@ -74,9 +78,9 @@ class Dnskey < ActiveRecord::Base hex = [domain.name_in_wire_format, flags_hex, protocol_hex, alg_hex, public_key_hex].join bin = self.class.hex_to_bin(hex) - if ds_digest_type == 1 + if self.ds_digest_type == 1 self.ds_digest = Digest::SHA1.hexdigest(bin).upcase - elsif ds_digest_type == 2 + elsif self.ds_digest_type == 2 self.ds_digest = Digest::SHA256.hexdigest(bin).upcase end end diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb index 9be98d6e6..bd53739c8 100644 --- a/app/models/epp/domain.rb +++ b/app/models/epp/domain.rb @@ -387,13 +387,8 @@ class Epp::Domain < Domain end def key_data_from(frame) - result = xm_copy frame, KEY_INTERFACE - # TODO: can these defaults go where they belong? - result.merge({ - ds_alg: 3, # DSA/SHA-1 [DSA] RFC2536 - ds_digest_type: Setting.ds_algorithm # only 1 - }) - end + xm_copy frame, KEY_INTERFACE + end def ds_data_from(frame) frame.css('dsData').each do |ds_data| From 67fd99b9af3adc555b04bf27943fe4d188383763 Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Mon, 23 Nov 2015 15:16:31 +0200 Subject: [PATCH 3/6] Story #107192666 - refactor, make data decl in Depp discript.+id, single point of modification --- app/models/dnskey.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index 26f5a0afd..693cc5844 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -17,7 +17,7 @@ class Dnskey < ActiveRecord::Base end } - ALGORITHMS = %w(3 5 6 7 8 10 13 14) + ALGORITHMS = Depp::Dnskey::ALGORITHMS.map {|pair| pair[1].to_s}.freeze # IANA numbers, single authority list PROTOCOLS = %w(3) FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK From c4148383834f1a0d4300f9c64b2f5b34483da21c Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Tue, 24 Nov 2015 12:38:14 +0200 Subject: [PATCH 4/6] Story #107192666 - bug fix. ds.alg=key.alg, move default logic to gen-digest --- app/models/dnskey.rb | 8 ++++++-- app/models/epp/domain.rb | 9 ++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index 693cc5844..fb72f1205 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -20,6 +20,7 @@ class Dnskey < ActiveRecord::Base ALGORITHMS = Depp::Dnskey::ALGORITHMS.map {|pair| pair[1].to_s}.freeze # IANA numbers, single authority list PROTOCOLS = %w(3) FLAGS = %w(0 256 257) # 256 = ZSK, 257 = KSK + DS_DIGEST_TYPE = [1,2] def epp_code_map { @@ -67,6 +68,9 @@ class Dnskey < ActiveRecord::Base def generate_digest return if flags != 257 # generate ds only with KSK + self.ds_alg = alg + self.ds_digest_type = Setting.ds_algorithm if ds_digest_type.blank? || !DS_DIGEST_TYPE.include?(ds_digest_type) + flags_hex = self.class.int_to_hex(flags) protocol_hex = self.class.int_to_hex(protocol) alg_hex = self.class.int_to_hex(alg) @@ -74,9 +78,9 @@ class Dnskey < ActiveRecord::Base hex = [domain.name_in_wire_format, flags_hex, protocol_hex, alg_hex, public_key_hex].join bin = self.class.hex_to_bin(hex) - if ds_digest_type == 1 + if self.ds_digest_type == 1 self.ds_digest = Digest::SHA1.hexdigest(bin).upcase - elsif ds_digest_type == 2 + elsif self.ds_digest_type == 2 self.ds_digest = Digest::SHA256.hexdigest(bin).upcase end end diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb index 66ea0768f..afdc8e085 100644 --- a/app/models/epp/domain.rb +++ b/app/models/epp/domain.rb @@ -387,13 +387,8 @@ class Epp::Domain < Domain end def key_data_from(frame) - result = xm_copy frame, KEY_INTERFACE - # TODO: can these defaults go where they belong? - result.merge({ - ds_alg: 3, # DSA/SHA-1 [DSA] RFC2536 - ds_digest_type: Setting.ds_algorithm # only 1 - }) - end + xm_copy frame, KEY_INTERFACE + end def ds_data_from(frame) frame.css('dsData').each do |ds_data| From bcf38e55ad16e533f612c1dafd3b4e5c661d3f5b Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Tue, 24 Nov 2015 12:50:38 +0200 Subject: [PATCH 5/6] Story #107192666 - ds-digest requires ZoneFlag, but SecureEntryPoint is optional --- app/models/dnskey.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index fb72f1205..05adbe29a 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -67,7 +67,7 @@ class Dnskey < ActiveRecord::Base end def generate_digest - return if flags != 257 # generate ds only with KSK + return unless flags == 257 || flags == 256 # require ZoneFlag, but optional SecureEntryPoint self.ds_alg = alg self.ds_digest_type = Setting.ds_algorithm if ds_digest_type.blank? || !DS_DIGEST_TYPE.include?(ds_digest_type) @@ -90,7 +90,7 @@ class Dnskey < ActiveRecord::Base end def generate_ds_key_tag - return if flags != 257 # generate ds key tag only with KSK + return unless flags == 257 || flags == 256 # require ZoneFlag, but optional SecureEntryPoint pk = public_key.gsub(' ', '') wire_format = [flags, protocol, alg].pack('S!>CC') wire_format += Base64.decode64(pk) From 88973c5241d2f9303c9feb900dcbd5451deb88dd Mon Sep 17 00:00:00 2001 From: Matt Farnsworth Date: Tue, 24 Nov 2015 13:23:01 +0200 Subject: [PATCH 6/6] Story #107192666 - change setting value and symbol, admin configures ds_digest_type --- app/controllers/admin/settings_controller.rb | 2 +- app/models/dnskey.rb | 2 +- app/views/admin/settings/index.haml | 4 ++-- config/initializers/initial_settings.rb | 2 +- config/locales/en.yml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/app/controllers/admin/settings_controller.rb b/app/controllers/admin/settings_controller.rb index 4014cd7fc..89ccd9ac6 100644 --- a/app/controllers/admin/settings_controller.rb +++ b/app/controllers/admin/settings_controller.rb @@ -51,7 +51,7 @@ class Admin::SettingsController < AdminController :admin_contacts_max_count, :tech_contacts_min_count, :tech_contacts_max_count, - :ds_algorithm, + :ds_digest_type, :dnskeys_min_count, :dnskeys_max_count, :ns_min_count, diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb index 05adbe29a..02b43d729 100644 --- a/app/models/dnskey.rb +++ b/app/models/dnskey.rb @@ -69,7 +69,7 @@ class Dnskey < ActiveRecord::Base def generate_digest return unless flags == 257 || flags == 256 # require ZoneFlag, but optional SecureEntryPoint self.ds_alg = alg - self.ds_digest_type = Setting.ds_algorithm if ds_digest_type.blank? || !DS_DIGEST_TYPE.include?(ds_digest_type) + self.ds_digest_type = Setting.ds_digest_type if self.ds_digest_type.blank? || !DS_DIGEST_TYPE.include?(ds_digest_type) flags_hex = self.class.int_to_hex(flags) protocol_hex = self.class.int_to_hex(protocol) diff --git a/app/views/admin/settings/index.haml b/app/views/admin/settings/index.haml index fc4cc4e9d..ede30e979 100644 --- a/app/views/admin/settings/index.haml +++ b/app/views/admin/settings/index.haml @@ -47,8 +47,8 @@ %th{class: 'col-xs-6'}= t(:setting) %th{class: 'col-xs-6'}= t(:value) %tbody - /= render 'setting_row', var: :transfer_wait_time - = render 'setting_row', var: :ds_algorithm + = render 'setting_row', var: :transfer_wait_time + = render 'setting_row', var: :ds_digest_type = render 'setting_row', var: :client_side_status_editing_enabled = render 'setting_row', var: :api_ip_whitelist_enabled = render 'setting_row', var: :registrar_ip_whitelist_enabled diff --git a/config/initializers/initial_settings.rb b/config/initializers/initial_settings.rb index 35c3eebb3..812641a09 100644 --- a/config/initializers/initial_settings.rb +++ b/config/initializers/initial_settings.rb @@ -12,7 +12,7 @@ if con.present? && con.table_exists?('settings') Setting.save_default(:tech_contacts_max_count, 10) Setting.save_default(:expire_pending_confirmation, 48) - Setting.save_default(:ds_algorithm, 2) + Setting.save_default(:ds_digest_type, 2) Setting.save_default(:ds_data_allowed, false) Setting.save_default(:key_data_allowed, true) diff --git a/config/locales/en.yml b/config/locales/en.yml index 937096ad6..07f4ebc0a 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -443,7 +443,7 @@ en: ds_data_allowed: 'DS data allowed' ds_data_with_key_allowed: 'Allow DS data with key' key_data_allowed: 'Allow key data' - ds_algorithm: 'DS algorithm' + ds_digest_type: 'DS digest type' zonefile_settings: 'Zonefile settings' background_jobs: Background jobs domain_history: Domain history