From dd59fc76e21c7b40c1afdced1f162c597335fbbc Mon Sep 17 00:00:00 2001
From: olegphenomenon <oleg.hasjanov@eestiinternet.ee>
Date: Mon, 3 Jan 2022 14:58:26 +0200
Subject: [PATCH] added job

---
 app/jobs/validate_dnssec.rb     | 25 ---------
 app/jobs/validate_dnssec_job.rb | 93 +++++++++++++++++++++++++++++++++
 2 files changed, 93 insertions(+), 25 deletions(-)
 delete mode 100644 app/jobs/validate_dnssec.rb
 create mode 100644 app/jobs/validate_dnssec_job.rb

diff --git a/app/jobs/validate_dnssec.rb b/app/jobs/validate_dnssec.rb
deleted file mode 100644
index 286495f23..000000000
--- a/app/jobs/validate_dnssec.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-class ValidateDnssecJob < ApplicationJob
-  discard_on StandardError
-
-  def perform(domain_name:)
-
-  rescue StandardError => e
-    logger.error e.message
-    raise e
-  end
-
-  private
-
-  def prepare_resolver
-    dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
-    dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
-    dns.do_validation = false
-    dns.do_caching = false
-    dns.dnssec = true
-
-    dns
-  end
-
-
-
-end
diff --git a/app/jobs/validate_dnssec_job.rb b/app/jobs/validate_dnssec_job.rb
new file mode 100644
index 000000000..de818280f
--- /dev/null
+++ b/app/jobs/validate_dnssec_job.rb
@@ -0,0 +1,93 @@
+class ValidateDnssecJob < ApplicationJob
+  discard_on StandardError
+
+  def perform(domain_name: nil)
+    unless domain_name.nil?
+      domain = Domain.find_by(name: domain_name)
+
+      return logger.info "No domain found" if domain.nil?
+
+      return logger.info "No related dnskeys for this domain" if domain.dnskeys.empty?
+
+      flag = iterate_domain_data(domain: domain)
+      logger.info "#{domain_name} " + log_templates[flag.to_s]
+    else
+      Dnskey.all.each do |key|
+        domain = Domain.find(key.domain_id)
+
+        flag = iterate_domain_data(domain: domain)
+        logger.info "#{domain.name} " + log_templates[flag.to_s]
+      end
+    end
+  rescue StandardError => e
+    logger.error e.message
+    raise e
+  end
+
+  private
+
+  def iterate_domain_data(domain:)
+    zone_datas = get_data_from_zone(domain: domain)
+    flag = domain.dnskeys.all? { |key| validate(zone_datas: zone_datas, domain_dnskey: key) }
+
+    flag
+  end
+
+  def get_data_from_zone(domain:)
+    resolver = prepare_resolver
+    ds_records_answers = resolver.query(domain.name, 'DNSKEY').answer
+
+    result_container = []
+
+    ds_records_answers.each do |ds|
+      next unless ds.type == Dnsruby::Types.DNSKEY
+
+      result_container << {
+        flags: ds.flags.to_s,
+        algorithm: ds.algorithm.code.to_s,
+        protocol: ds.protocol.to_s,
+        public_key: ds.public_key.export.gsub!(/\s+/, ''),
+      }
+    end
+
+    result_container
+  rescue Dnsruby::NXDomain
+    domain.add_epp_error('2308', nil, nil, I18n.t(:dns_policy_violation))
+  end
+
+  def validate(zone_datas:, domain_dnskey:)
+    flag = zone_datas.any? do |zone_data|
+      zone_data[:flags] == domain_dnskey.flags.to_s &&
+        zone_data[:algorithm] == domain_dnskey.alg.to_s &&
+        zone_data[:protocol] == domain_dnskey.protocol.to_s &&
+        zone_data[:public_key].include?(domain_dnskey[:public_key].to_s)
+    end
+
+    text = "#{domain_dnskey.flags} - #{domain_dnskey.alg} -
+            #{domain_dnskey.protocol} - #{domain_dnskey.public_key} "
+    logger.info text + log_templates[flag.to_s]
+
+    flag
+  end
+
+  def prepare_resolver
+    dns_servers = ENV['dnssec_resolver_ips'].to_s.split(',').map(&:strip)
+    dns = Dnsruby::Resolver.new({ nameserver: dns_servers })
+    dns.do_validation = false
+    dns.do_caching = false
+    dns.dnssec = true
+
+    dns
+  end
+
+  def log_templates
+    {
+      "true" => "validated successfully",
+      "false" => "validated fail"
+    }
+  end
+
+  def logger
+    @logger ||= Rails.logger
+  end
+end