From f7760782147de3dcff8f39ad17dc1febe9f1c527 Mon Sep 17 00:00:00 2001
From: Martin Lensment <mlensment@gmail.com>
Date: Thu, 2 Oct 2014 10:58:46 +0300
Subject: [PATCH] Algorithm validation for dnskey

---
 app/models/dnskey.rb    | 22 ++++++++++++++++++++++
 config/locales/en.yml   |  5 +++++
 spec/epp/domain_spec.rb | 41 ++++++++++++++++++++++++++++++++++++++++-
 3 files changed, 67 insertions(+), 1 deletion(-)

diff --git a/app/models/dnskey.rb b/app/models/dnskey.rb
index eb6e414c4..2d1634680 100644
--- a/app/models/dnskey.rb
+++ b/app/models/dnskey.rb
@@ -1,3 +1,25 @@
 class Dnskey < ActiveRecord::Base
+  include EppErrors
+
   belongs_to :domain
+
+  validate :validate_algorithm
+
+  def epp_code_map
+    {
+      '2005' => [
+        [:alg, :invalid, { value: { obj: 'alg', val: alg } }]
+      ],
+      '2306' => [
+        [:ipv4, :blank]
+      ]
+    }
+  end
+
+
+  def validate_algorithm
+    return if %w(3 5 6 7 8 252 253 254 255).include?(alg.to_s)
+    errors.add(:alg, :invalid)
+    # , format: {with: /3|5|6/, message: :alg_invalid}
+  end
 end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 6d6527f86..bdd8949d9 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -183,6 +183,11 @@ en:
             registrar:
               blank: 'Registrar is missing'
 
+        dnskey:
+          attributes:
+            alg:
+              invalid: 'Algorithm is invalid'
+
     attributes:
       epp_domain: &epp_domain_attributes
         name: 'Domain name'
diff --git a/spec/epp/domain_spec.rb b/spec/epp/domain_spec.rb
index 00e8f1953..95ccf1c9b 100644
--- a/spec/epp/domain_spec.rb
+++ b/spec/epp/domain_spec.rb
@@ -353,7 +353,7 @@ describe 'EPP Domain', epp: true do
           ]
         })
 
-        response = epp_request(xml, :xml)
+        epp_request(xml, :xml)
         d = Domain.first
 
         expect(d.dnskeys.pluck(:flags)).to match_array([257, 0, 256])
@@ -365,6 +365,45 @@ describe 'EPP Domain', epp: true do
           841936717ae427ace63c28d04918569a841936717ae427ace63c28d0
         ))
       end
+
+      it 'does not create a domain when dnskeys are invalid' do
+        xml = domain_create_xml({
+          dnssec: [
+            {
+              dnskey: {
+                flags: { value: '257' },
+                protocol: { value: '3' },
+                alg: { value: '9' },
+                pubKey: { value: 'AwEAAddt2AkLfYGKgiEZB5SmIF8EvrjxNMH6HtxWEA4RJ9Ao6LCWheg8' }
+              }
+            },
+            {
+              dnskey: {
+                flags: { value: '0' },
+                protocol: { value: '3' },
+                alg: { value: '10' },
+                pubKey: { value: '700b97b591ed27ec2590d19f06f88bba700b97b591ed27ec2590d19f' }
+              }
+            },
+            {
+              dnskey: {
+                flags: { value: '256' },
+                protocol: { value: '3' },
+                alg: { value: '254' },
+                pubKey: { value: '841936717ae427ace63c28d04918569a841936717ae427ace63c28d0' }
+              }
+            }
+          ]
+        })
+
+        response = epp_request(xml, :xml)
+
+        expect(response[:results][0][:msg]).to eq('Algorithm is invalid')
+        expect(response[:results][0][:value]).to eq('9')
+        expect(response[:results][1][:msg]).to eq('Algorithm is invalid')
+        expect(response[:results][1][:value]).to eq('10')
+        po response
+      end
     end
 
     context 'with juridical persion as an owner' do