From: Mark Schouten Date: Tue, 27 May 2014 15:07:03 +0000 (+0200) Subject: This kindof implements https://github.com/PowerDNS/pdnsapi/blob/master/api_spec.md... X-Git-Tag: rec-3.6.0~10^2~4 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4b7f120af199775f682d65f35724132523de0edf;p=pdns This kindof implements https://github.com/PowerDNS/pdnsapi/blob/master/api_spec.md#cryptokeys There is an issue with dses not being consistent (thus incorrect) and the content of the keys should only be returned if is sent in the request. Thus, this needs some more work. --- diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc index d53fe6feb..88cd26100 100644 --- a/pdns/ws-auth.cc +++ b/pdns/ws-auth.cc @@ -474,6 +474,76 @@ static void updateDomainSettingsFromDocument(const DomainInfo& di, const string& } } +static void apiZoneCryptokeys(HttpRequest* req, HttpResponse* resp) { + if(req->method != "GET") + throw ApiException("Only GET is implemented"); + + string zonename = apiZoneIdToName(req->path_parameters["id"]); + + UeberBackend B; + DomainInfo di; + DNSSECKeeper dk; + + if(!B.getDomainInfo(zonename, di)) + throw ApiException("Could not find domain '"+zonename+"'"); + + if(!dk.isSecuredZone(zonename)) + throw ApiException("Zone '"+zonename+"' is not secured"); + + DNSSECKeeper::keyset_t keyset=dk.getKeys(zonename); + + if (keyset.empty()) + throw ApiException("No keys for zone '"+zonename+"'"); + + Document doc; + doc.SetArray(); + + BOOST_FOREACH(DNSSECKeeper::keyset_t::value_type value, keyset) { + Value key; + key.SetObject(); + key.AddMember("type", "Cryptokey", doc.GetAllocator()); + key.AddMember("id", value.second.id, doc.GetAllocator()); + key.AddMember("active", value.second.active, doc.GetAllocator()); + key.AddMember("keytype", (value.second.keyOrZone ? "ksk" : "zsk"), doc.GetAllocator()); + Value content(value.first.getDNSKEY().getZoneRepresentation().c_str(), doc.GetAllocator()); + key.AddMember("content", content, doc.GetAllocator()); + + if (value.second.keyOrZone) { + Value dses; + dses.SetArray(); + Value ds; + ds.SetString(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), 1).getZoneRepresentation().c_str()); + dses.PushBack(ds, doc.GetAllocator()); + Value ds2; + ds2.SetString(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), 2).getZoneRepresentation().c_str()); + dses.PushBack(ds2, doc.GetAllocator()); + + try { + Value ds3; + ds3.SetString(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), 3).getZoneRepresentation().c_str()); + dses.PushBack(ds3, doc.GetAllocator()); + } + catch(...) + { + } + try { + Value ds4; + ds4.SetString(makeDSFromDNSKey(zonename, value.first.getDNSKEY(), 4).getZoneRepresentation().c_str()); + dses.PushBack(ds4, doc.GetAllocator()); + } + catch(...) + { + } + + key.AddMember("ds", dses, doc.GetAllocator()); + } + + doc.PushBack(key, doc.GetAllocator()); + } + + resp->setBody(doc); +} + static void apiServerZones(HttpRequest* req, HttpResponse* resp) { UeberBackend B; if (req->method == "POST" && !::arg().mustDo("experimental-api-readonly")) { @@ -1108,6 +1178,8 @@ void AuthWebServer::webThread() d_ws->registerApiHandler("/servers/localhost/search-log", &apiServerSearchLog); d_ws->registerApiHandler("/servers/localhost/search-data", &apiServerSearchData); d_ws->registerApiHandler("/servers/localhost/statistics", &apiServerStatistics); + d_ws->registerApiHandler("/servers/localhost/zones//cryptokeys/", &apiZoneCryptokeys); + d_ws->registerApiHandler("/servers/localhost/zones//cryptokeys", &apiZoneCryptokeys); d_ws->registerApiHandler("/servers/localhost/zones//export", &apiServerZoneExport); d_ws->registerApiHandler("/servers/localhost/zones/", &apiServerZoneDetail); d_ws->registerApiHandler("/servers/localhost/zones", &apiServerZones);