1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-12-24 07:37:04 +00:00

check presence of dnssec key file before reading it

This commit is contained in:
github@kiekerjan.isdronken.nl 2021-06-24 12:47:46 +02:00
parent 56f9df738f
commit 4f7957a5ab

View File

@ -591,19 +591,21 @@ def check_dnssec(domain, env, output, dns_zonefiles, is_checking_primary=False):
# Some registrars may want the public key so they can compute the digest. The DS # Some registrars may want the public key so they can compute the digest. The DS
# record that we suggest using is for the KSK (and that's how the DS records were generated). # record that we suggest using is for the KSK (and that's how the DS records were generated).
# We'll also give the nice name for the key algorithm. # We'll also give the nice name for the key algorithm.
dnssec_keys = load_env_vars_from_file(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg])) dnssec_keys_file = os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/%s.conf' % alg_name_map[ds_alg])
dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3] if os.path.exists(dnssec_keys_file)
dnssec_keys = load_env_vars_from_file(dnssec_keys_file)
dnsssec_pubkey = open(os.path.join(env['STORAGE_ROOT'], 'dns/dnssec/' + dnssec_keys['KSK'] + '.key')).read().split("\t")[3].split(" ")[3]
expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = { expected_ds_records[ (ds_keytag, ds_alg, ds_digalg, ds_digest) ] = {
"record": rr_ds, "record": rr_ds,
"keytag": ds_keytag, "keytag": ds_keytag,
"alg": ds_alg, "alg": ds_alg,
"alg_name": alg_name_map[ds_alg], "alg_name": alg_name_map[ds_alg],
"digalg": ds_digalg, "digalg": ds_digalg,
"digalg_name": digalg_name_map[ds_digalg], "digalg_name": digalg_name_map[ds_digalg],
"digest": ds_digest, "digest": ds_digest,
"pubkey": dnsssec_pubkey, "pubkey": dnsssec_pubkey,
} }
# Query public DNS for the DS record at the registrar. # Query public DNS for the DS record at the registrar.
ds = query_dns(domain, "DS", nxdomain=None, as_list=True) ds = query_dns(domain, "DS", nxdomain=None, as_list=True)