mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-24 07:37:04 +00:00
check presence of dnssec key file before reading it
This commit is contained in:
parent
56f9df738f
commit
4f7957a5ab
@ -591,19 +591,21 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False):
|
|||||||
# Some registrars may want the public key so they can compute the digest. The DS
|
# Some registrars may want the public key so they can compute the digest. The DS
|
||||||
# record that we suggest using is for the KSK (and that's how the DS records were generated).
|
# record that we suggest using is for the KSK (and that's how the DS records were generated).
|
||||||
# We'll also give the nice name for the key algorithm.
|
# We'll also give the nice name for the key algorithm.
|
||||||
dnssec_keys = load_env_vars_from_file(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg]))
|
dnssec_keys_file = os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg])
|
||||||
dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3]
|
if os.path.exists(dnssec_keys_file)
|
||||||
|
dnssec_keys = load_env_vars_from_file(dnssec_keys_file)
|
||||||
|
dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3]
|
||||||
|
|
||||||
expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = {
|
expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = {
|
||||||
"record": rr_ds,
|
"record": rr_ds,
|
||||||
"keytag": ds_keytag,
|
"keytag": ds_keytag,
|
||||||
"alg": ds_alg,
|
"alg": ds_alg,
|
||||||
"alg_name": alg_name_map[ds_alg],
|
"alg_name": alg_name_map[ds_alg],
|
||||||
"digalg": ds_digalg,
|
"digalg": ds_digalg,
|
||||||
"digalg_name": digalg_name_map[ds_digalg],
|
"digalg_name": digalg_name_map[ds_digalg],
|
||||||
"digest": ds_digest,
|
"digest": ds_digest,
|
||||||
"pubkey": dnsssec_pubkey,
|
"pubkey": dnsssec_pubkey,
|
||||||
}
|
}
|
||||||
|
|
||||||
# Query public DNS for the DS record at the registrar.
|
# Query public DNS for the DS record at the registrar.
|
||||||
ds = query_dns(domain, "DS", nxdomain=None, as_list=True)
|
ds = query_dns(domain, "DS", nxdomain=None, as_list=True)
|
||||||
|
Loading…
Reference in New Issue
Block a user