From 92d3e0ff7cd1db9deb2366bd35065168b927ed68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Gangloff?= Date: Thu, 11 Sep 2025 13:52:53 +0200 Subject: [PATCH] feat: check DNSSEC key consistency --- src/Service/RDAPService.php | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/src/Service/RDAPService.php b/src/Service/RDAPService.php index 3ebba5d..dabbb88 100644 --- a/src/Service/RDAPService.php +++ b/src/Service/RDAPService.php @@ -661,9 +661,16 @@ class RDAPService $dsData->setAlgorithm(Algorithm::from($rdapDsData['algorithm'])); } if (array_key_exists('digest', $rdapDsData)) { - $blob = hex2bin($rdapDsData['digest']); + try { + $blob = hex2bin($rdapDsData['digest']); + } catch (\Exception) { + $this->logger->warning('DNSSEC digest is not a valid hexadecimal value.'); + continue; + } + if (false === $blob) { - throw new ServiceUnavailableHttpException('DNSSEC digest is not a valid hexadecimal value.'); + $this->logger->warning('DNSSEC digest is not a valid hexadecimal value.'); + continue; } $dsData->setDigest($blob); } @@ -671,6 +678,21 @@ class RDAPService $dsData->setDigestType(DigestType::from($rdapDsData['digestType'])); } + $digestLengthByte = [ + DigestType::SHA1->value => 20, + DigestType::SHA256->value => 32, + DigestType::GOST_R_34_11_94->value => 32, + DigestType::SHA384->value => 48, + DigestType::GOST_R_34_11_2012->value => 64, + DigestType::SM3->value => 32, + ]; + + if (array_key_exists($dsData->getDigestType()->value, $digestLengthByte) + && strlen($dsData->getDigest()) / 2 !== $digestLengthByte[$dsData->getDigestType()->value]) { + $this->logger->warning('DNSSEC digest does not have a valid length according to the digest type.'); + continue; + } + $domain->addDnsKey($dsData); $this->em->persist($dsData); }