zydronium/internetee-registry
1
0
Fork 0
mirror of https://github.com/internetee/registry.git synced 2025-05-17 09:57:23 +02:00
Code Issues Projects Releases Packages Wiki Activity

Story #107192666 - refactor dns sec key processing, ensure rules are applied and multiple keys ok

Browse source
This commit is contained in:
Matt Farnsworth 2015-11-13 19:30:55 +02:00
parent 9ca17e6b4a
commit e01599fb1a
1 changed files with 66 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

106
app/models/epp/domain.rb
View file

@ -314,20 +314,11 @@ class Epp::Domain < Domain
# rubocop: disable Metrics/PerceivedComplexity # rubocop: disable Metrics/PerceivedComplexity
# rubocop: disable Metrics/CyclomaticComplexity # rubocop: disable Metrics/CyclomaticComplexity
def dnskeys_attrs(frame, action) def dnskeys_attrs(frame, action)
if frame.css('dsData').any? && !Setting.ds_data_allowed return [] if frame.empty?
errors.add(:base, :ds_data_not_allowed) keys = DnsSecKeys.new(self).values frame
end
if frame.xpath('keyData').any? && !Setting.key_data_allowed
errors.add(:base, :key_data_not_allowed)
end
res = ds_data_from(frame)
dnskeys_list = key_data_from(frame, res)
if action == 'rem' if action == 'rem'
to_destroy = [] to_destroy = []
dnskeys_list.each do |x| keys.each do |x|
dk = dnskeys.find_by(public_key: x[:public_key]) dk = dnskeys.find_by(public_key: x[:public_key])
unless dk unless dk
@ -343,50 +334,79 @@ class Epp::Domain < Domain
return to_destroy return to_destroy
else else
return dnskeys_list return keys
end end
end end
# rubocop: enable Metrics/PerceivedComplexity # rubocop: enable Metrics/PerceivedComplexity
# rubocop: enable Metrics/CyclomaticComplexity # rubocop: enable Metrics/CyclomaticComplexity
def key_data_from(frame, res) class DnsSecKeys
frame.xpath('keyData').each do |x| def initialize(domain)
res << { @domain = domain
flags: x.css('flags').first.try(:text), end
protocol: x.css('protocol').first.try(:text),
alg: x.css('alg').first.try(:text), def values(frame)
public_key: x.css('pubKey').first.try(:text), if Setting.key_data_allowed
@domain.errors.add(:base, :ds_data_not_allowed) if frame.css('dsData').present?
return key_data_from frame
end
if Setting.ds_data_allowed
@domain.errors.add(:base, :key_data_not_allowed) if frame.css('keyData').present?
return ds_data_from frame
end
[]
end
private
KEY_INTERFACE = {flags: 'flags', protocol: 'protocol', alg: 'alg', public_key: 'pubKey' }
DS_INTERFACE =
{ ds_key_tag: 'keyTag',
ds_alg: 'alg',
ds_digest_type: 'digestType',
ds_digest: 'digest'
}
def xm_copy(frame, map)
result = {}
map.each do |key, value|
result[key] = frame.css(value).first.try(:text)
end
result
end
# frame requires NodeSet with direct children of keyData
def key_data(frame)
result = xm_copy frame.css('keyData'), KEY_INTERFACE
# TODO: can these defaults go where they belong?
result.merge({
ds_alg: 3, ds_alg: 3,
ds_digest_type: Setting.ds_algorithm ds_digest_type: Setting.ds_algorithm
} })
end
res
end end
# get all top level dsData from NodeSet
def ds_data_from(frame) def ds_data_from(frame)
res = [] result = []
frame.css('dsData').each do |x| frame.css('dsData').each do |ds_data|
data = { key = ds_data.css('keyData')
ds_key_tag: x.css('keyTag').first.try(:text), ds = xm_copy ds_data, DS_INTERFACE
ds_alg: x.css('alg').first.try(:text), ds.merge! (key_data key) if key.present?
ds_digest_type: x.css('digestType').first.try(:text), result << ds
ds_digest: x.css('digest').first.try(:text) end
} result
kd = x.css('keyData').first
data.merge!({
flags: kd.css('flags').first.try(:text),
protocol: kd.css('protocol').first.try(:text),
alg: kd.css('alg').first.try(:text),
public_key: kd.css('pubKey').first.try(:text)
}) if kd
res << data
end end
res def key_data_from(frame)
result = []
frame.css('keyData').each do |key|
result << key_data(key)
end end
result
end
end
def domain_statuses_attrs(frame, action) def domain_statuses_attrs(frame, action)
status_list = domain_status_list_from(frame) status_list = domain_status_list_from(frame)