maatma: distinct add/update/delete fonctions

2019-03-19 14:00:33 +01:00 · 2019-03-19 14:00:33 +01:00 · b8179583e6
commit b8179583e6
parent 748939c3b4
3 changed files with 405 additions and 135 deletions
--- a/token-validator/domain.go
+++ b/token-validator/domain.go
@ -1,6 +1,10 @@
 package main

 import (
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/binary"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -43,10 +47,21 @@ func init() {
 		if err := json.Unmarshal(body, &ue); err != nil {
 			return nil, err
 		}
-		return true, student.UpdateNSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+		return true, student.AddNSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+	}))
+	router.PATCH("/api/ddomains/:dn/NS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateNSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.ValuesFrom[0], ue.Values[0])
 	}))
 	router.DELETE("/api/ddomains/:dn/NS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "NS")
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "NS", ue.Values...)
 	}))
 	router.GET("/api/ddomains/:dn/GLUE", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
 		return student.getRRDelegatedDomain(ps.ByName("dn"), "AAAA")
@ -56,17 +71,28 @@ func init() {
 		if err := json.Unmarshal(body, &ue); err != nil {
 			return nil, err
 		}
-		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+		return true, student.AddGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+	}))
+	router.PATCH("/api/ddomains/:dn/AAAA", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.ValuesFrom[0], ue.Values[0])
 	}))
 	router.POST("/api/ddomains/:dn/GLUE", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
 		var ue Entry
 		if err := json.Unmarshal(body, &ue); err != nil {
 			return nil, err
 		}
-		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values[0])
+		return true, student.UpdateGLUEDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.ValuesFrom[0], ue.Values[0])
 	}))
 	router.DELETE("/api/ddomains/:dn/AAAA", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "AAAA")
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "AAAA", ue.Values...)
 	}))
 	router.GET("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
 		return student.getRRDelegatedDomain(ps.ByName("dn"), "DS")
@ -76,18 +102,30 @@ func init() {
 		if err := json.Unmarshal(body, &ue); err != nil {
 			return nil, err
 		}
-		return true, student.UpdateDSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values)
+		return true, student.AddDSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.Values)
+	}))
+	router.PATCH("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.UpdateDSDelegatedDomain(ps.ByName("dn"), ue.TTL, ue.ValuesFrom, ue.Values)
 	}))
 	router.DELETE("/api/ddomains/:dn/DS", apiAuthHandler(func (student Student, ps httprouter.Params, body []byte) (interface{}, error) {
-		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "DS")
+		var ue Entry
+		if err := json.Unmarshal(body, &ue); err != nil {
+			return nil, err
+		}
+		return true, student.DeleteRRDelegatedDomain(ps.ByName("dn"), "DS", ue.Values...)
 	}))
 }

 type Entry struct {
-	Domain string   `json:"domain"`
-	TTL    uint64   `json:"ttl"`
-	RR     string   `json:"rr"`
-	Values []string `json:"values"`
+	Domain     string   `json:"domain"`
+	TTL        uint64   `json:"ttl"`
+	RR         string   `json:"rr"`
+	ValuesFrom []string `json:"valuesfrom,omitempty"`
+	Values     []string `json:"values"`
 }

 func runKnotc(args ...string) (out []byte, err error) {
@ -113,7 +151,7 @@ func parseKnotZoneRead(args ...string) (rr []Entry, err error) {
 				return
 			}

-			rr = append(rr, Entry{cols[1], ttl, cols[3], cols[4:]})
+			rr = append(rr, Entry{cols[1], ttl, cols[3], nil, cols[4:]})
 		}
 	}

@ -197,11 +235,32 @@ func (student Student) getRRDelegatedDomain(dn string, rr string) (rrs []Entry,
 	return
 }

-func (student Student) UpdateNSDelegatedDomain(dn string, ttl uint64, ns string) (err error) {
+func (student Student) AddNSDelegatedDomain(dn string, ttl uint64, ns string) (err error) {
 	for _, d := range []string{student.MyDelegatedDomain()} {
 		for _, cmd := range [][]string{
 			[]string{"zone-begin", DelegatedDomainSuffix},
-			[]string{"zone-unset", DelegatedDomainSuffix, d, "NS"},
+			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "NS", ns},
+			[]string{"zone-commit", DelegatedDomainSuffix},
+		} {
+			var out []byte
+			out, err = runKnotc(cmd...)
+			if err != nil && cmd[0] != "zone-unset" {
+				err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+				log.Println(string(out))
+				runKnotc("zone-abort", DelegatedDomainSuffix)
+				return
+			}
+		}
+	}
+
+	return
+}
+
+func (student Student) UpdateNSDelegatedDomain(dn string, ttl uint64, oldns string, ns string) (err error) {
+	for _, d := range []string{student.MyDelegatedDomain()} {
+		for _, cmd := range [][]string{
+			[]string{"zone-begin", DelegatedDomainSuffix},
+			[]string{"zone-unset", DelegatedDomainSuffix, d, "NS", oldns},
 			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "NS", ns},
 			[]string{"zone-commit", DelegatedDomainSuffix},
 		} {
@ -220,7 +279,7 @@ func (student Student) UpdateNSDelegatedDomain(dn string, ttl uint64, ns string)
 }


-func (student Student) UpdateGLUEDelegatedDomain(dn string, ttl uint64, aaaa string) (err error) {
+func (student Student) AddGLUEDelegatedDomain(dn string, ttl uint64, aaaa string) (err error) {
 	domains := []string{student.MyDelegatedDomain()}
 	found := false
 	for _, d := range domains {
@ -236,8 +295,40 @@ func (student Student) UpdateGLUEDelegatedDomain(dn string, ttl uint64, aaaa str

 	for _, cmd := range [][]string{
 		[]string{"zone-begin", DelegatedDomainSuffix},
-		[]string{"zone-unset", DelegatedDomainSuffix, student.MyDelegatedDomain(), "AAAA"},
-		[]string{"zone-unset", DelegatedDomainSuffix, dn, "AAAA"},
+		[]string{"zone-set", DelegatedDomainSuffix, dn, fmt.Sprintf("%d", ttl), "AAAA", aaaa},
+		[]string{"zone-commit", DelegatedDomainSuffix},
+	} {
+		var out []byte
+		out, err = runKnotc(cmd...)
+		if err != nil && cmd[0] != "zone-unset" {
+			err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+			log.Println(string(out))
+			runKnotc("zone-abort", DelegatedDomainSuffix)
+			return
+		}
+	}
+
+	return
+}
+
+func (student Student) UpdateGLUEDelegatedDomain(dn string, ttl uint64, oldaaaa string, aaaa string) (err error) {
+	domains := []string{student.MyDelegatedDomain()}
+	found := false
+	for _, d := range domains {
+		if strings.HasSuffix(dn, d) {
+			found = true
+		}
+	}
+
+	if !found {
+		err = errors.New(fmt.Sprintf("Unable to find domain %q in your whitelist.", dn))
+		return
+	}
+
+	for _, cmd := range [][]string{
+		[]string{"zone-begin", DelegatedDomainSuffix},
+		[]string{"zone-unset", DelegatedDomainSuffix, student.MyDelegatedDomain(), "AAAA", oldaaaa},
+		[]string{"zone-unset", DelegatedDomainSuffix, dn, "AAAA", oldaaaa},
 		[]string{"zone-set", DelegatedDomainSuffix, dn, fmt.Sprintf("%d", ttl), "AAAA", aaaa},
 		[]string{"zone-commit", DelegatedDomainSuffix},
 	} {
@ -255,11 +346,60 @@ func (student Student) UpdateGLUEDelegatedDomain(dn string, ttl uint64, aaaa str
 }


-func (student Student) UpdateDSDelegatedDomain(dn string, ttl uint64, ds []string) (err error) {
+func (student Student) AddDSDelegatedDomain(dn string, ttl uint64, dnskey []string) (err error) {
+	if len(dnskey) != 4 {
+		return errors.New("Wrong number of value for this record")
+	}
+
+	dshash := sha256.New()
+	dshash.Write([]byte("nemunai.re"))
+
+	var flag uint64
+	if flag, err = strconv.ParseUint(dnskey[1], 10, 16); err != nil {
+		return
+	}
+	binary.Write(dshash, binary.BigEndian, flag)
+
+	var proto uint8 = 3
+	dshash.Write([]byte{proto})
+
+	var alg uint64
+	if alg, err = strconv.ParseUint(dnskey[2], 10, 8); err != nil {
+		return
+	}
+	dshash.Write([]byte{uint8(alg)})
+
+	var pubkey []byte
+	if pubkey, err = base64.StdEncoding.DecodeString(strings.Replace(dnskey[3], " ", "", -1)); err != nil {
+		return
+	}
+	dshash.Write(pubkey)
+
 	for _, d := range []string{student.MyDelegatedDomain()} {
 		for _, cmd := range [][]string{
 			[]string{"zone-begin", DelegatedDomainSuffix},
-			[]string{"zone-unset", DelegatedDomainSuffix, d, "DS"},
+			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "DS", dnskey[0], dnskey[2], hex.EncodeToString(dshash.Sum(nil))},
+			[]string{"zone-commit", DelegatedDomainSuffix},
+		} {
+			var out []byte
+			out, err = runKnotc(cmd...)
+			if err != nil && cmd[0] != "zone-unset" {
+				err = errors.New(fmt.Sprintf("An error occurs on command '%s': %s", strings.Join(cmd, " "), err.Error()))
+				log.Println(string(out))
+				runKnotc("zone-abort", DelegatedDomainSuffix)
+				return
+			}
+		}
+	}
+
+	return
+}
+
+func (student Student) UpdateDSDelegatedDomain(dn string, ttl uint64, oldds []string, ds []string) (err error) {
+	for _, d := range []string{student.MyDelegatedDomain()} {
+		for _, cmd := range [][]string{
+			[]string{"zone-begin", DelegatedDomainSuffix},
+			[]string{"zone-unset", DelegatedDomainSuffix, d, "DS", strings.Join(oldds, " ")},
 			[]string{"zone-set", DelegatedDomainSuffix, d, fmt.Sprintf("%d", ttl), "DS", strings.Join(ds, " ")},
 			[]string{"zone-commit", DelegatedDomainSuffix},
 		} {
@ -278,7 +418,7 @@ func (student Student) UpdateDSDelegatedDomain(dn string, ttl uint64, ds []strin
 }


-func (student Student) DeleteRRDelegatedDomain(dn string, rr string) (err error) {
+func (student Student) DeleteRRDelegatedDomain(dn string, rr string, values ...string) (err error) {
 	domains := []string{student.MyDelegatedDomain()}
 	found := false
 	for _, d := range domains {
@ -292,9 +432,12 @@ func (student Student) DeleteRRDelegatedDomain(dn string, rr string) (err error)
 		return
 	}

+	zu := []string{"zone-unset", DelegatedDomainSuffix, dn, rr}
+	zu = append(zu, values...)
+
 	for _, cmd := range [][]string{
 		[]string{"zone-begin", DelegatedDomainSuffix},
-		[]string{"zone-unset", DelegatedDomainSuffix, dn, rr},
+		zu,
 		[]string{"zone-commit", DelegatedDomainSuffix},
 	} {
 		var out []byte