// Convert a DNSKEY request object into a DS model object. It can return errors related to // the generation of the DS objects func (d *DNSKEYRequest) toDSModel(fqdn string) (model.DS, error) { // The base64 decode method don't deal very well with spaces inside the public key raw // data. So we replace it before calculating the KeyTag publicKey := strings.Replace(d.PublicKey, " ", "", -1) rawDNSKEY := dns.DNSKEY{ Hdr: dns.RR_Header{ Name: fqdn, }, Flags: d.Flags, Protocol: uint8(3), Algorithm: d.Algorithm, PublicKey: publicKey, } rawDS := rawDNSKEY.ToDS(uint8(DefaultDigestType)) if rawDS == nil { return model.DS{}, ErrInvalidDNSKEY } dsRequest := DSRequest{ Keytag: rawDS.KeyTag, Algorithm: rawDS.Algorithm, Digest: rawDS.Digest, DigestType: rawDS.DigestType, } return dsRequest.toDSModel() }
// Function to mock a domain func generateAndSaveDomain(fqdn string, domainDAO dao.DomainDAO, dnskey *dns.DNSKEY) { ds := dnskey.ToDS(uint8(model.DSDigestTypeSHA1)) domain := model.Domain{ FQDN: fqdn, Nameservers: []model.Nameserver{ { Host: fmt.Sprintf("ns1.%s", fqdn), IPv4: net.ParseIP("127.0.0.1"), }, }, DSSet: []model.DS{ { Keytag: dnskey.KeyTag(), Algorithm: utils.ConvertKeyAlgorithm(dnskey.Algorithm), DigestType: model.DSDigestTypeSHA1, Digest: ds.Digest, }, }, } owner, _ := mail.ParseAddress("*****@*****.**") domain.Owners = []model.Owner{ { Email: owner, Language: "pt-BR", }, } lastCheckAt := time.Now().Add(-72 * time.Hour) lastOKAt := lastCheckAt.Add(-24 * time.Hour) // Set all nameservers with error and the last check equal of the error check interval, // this will force the domain to be checked for index, _ := range domain.Nameservers { domain.Nameservers[index].LastCheckAt = lastCheckAt domain.Nameservers[index].LastOKAt = lastOKAt domain.Nameservers[index].LastStatus = model.NameserverStatusServerFailure } // Set all DS records with error and the last check equal of the error check interval, // this will force the domain to be checked for index, _ := range domain.DSSet { domain.DSSet[index].LastCheckAt = lastCheckAt domain.DSSet[index].LastOKAt = lastOKAt domain.DSSet[index].LastStatus = model.DSStatusTimeout } if err := domainDAO.Save(&domain); err != nil { utils.Fatalln(fmt.Sprintf("Fail to save domain %s", domain.FQDN), err) } }
func SignKey(zone string, dnskey *dns.DNSKEY, privateKey dns.PrivateKey) (*dns.RRSIG, error) { rrsig := &dns.RRSIG{ Hdr: dns.RR_Header{ Name: zone, Rrtype: dns.TypeRRSIG, }, TypeCovered: dns.TypeDNSKEY, Algorithm: dnskey.Algorithm, Expiration: uint32(time.Now().Add(10 * time.Second).Unix()), Inception: uint32(time.Now().Unix()), KeyTag: dnskey.KeyTag(), SignerName: zone, } err := rrsig.Sign(privateKey, []dns.RR{dnskey}) return rrsig, err }