From 4f7957a5ab50b6de1fd72199b5a2bed5af48c396 Mon Sep 17 00:00:00 2001 From: "github@kiekerjan.isdronken.nl" Date: Thu, 24 Jun 2021 12:47:46 +0200 Subject: [PATCH] check presence of dnssec key file before reading it --- management/status_checks.py | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/management/status_checks.py b/management/status_checks.py index bddcdd07..fc7bab48 100755 --- a/management/status_checks.py +++ b/management/status_checks.py @@ -591,19 +591,21 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False): # Some registrars may want the public key so they can compute the digest. The DS # record that we suggest using is for the KSK (and that's how the DS records were generated). # We'll also give the nice name for the key algorithm. - dnssec_keys = load_env_vars_from_file(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg])) - dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3] + dnssec_keys_file = os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg]) + if os.path.exists(dnssec_keys_file) + dnssec_keys = load_env_vars_from_file(dnssec_keys_file) + dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3] - expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = { - "record": rr_ds, - "keytag": ds_keytag, - "alg": ds_alg, - "alg_name": alg_name_map[ds_alg], - "digalg": ds_digalg, - "digalg_name": digalg_name_map[ds_digalg], - "digest": ds_digest, - "pubkey": dnsssec_pubkey, - } + expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = { + "record": rr_ds, + "keytag": ds_keytag, + "alg": ds_alg, + "alg_name": alg_name_map[ds_alg], + "digalg": ds_digalg, + "digalg_name": digalg_name_map[ds_digalg], + "digest": ds_digest, + "pubkey": dnsssec_pubkey, + } # Query public DNS for the DS record at the registrar. ds = query_dns(domain, "DS", nxdomain=None, as_list=True)