External/domain-watchdog
1
0
Fork 0
mirror of https://github.com/maelgangloff/domain-watchdog.git synced 2025-12-29 16:15:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: check DNSSEC key consistency

Browse Source
This commit is contained in:
Maël Gangloff
2025-09-11 13:52:53 +02:00
parent 039004b6a1
commit 92d3e0ff7c
1 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Service/RDAPService.php
View File

@@ -661,9 +661,16 @@ class RDAPService
$dsData->setAlgorithm(Algorithm::from($rdapDsData['algorithm'])); $dsData->setAlgorithm(Algorithm::from($rdapDsData['algorithm']));
} }
if (array_key_exists('digest', $rdapDsData)) { if (array_key_exists('digest', $rdapDsData)) {
$blob = hex2bin($rdapDsData['digest']); try {
$blob = hex2bin($rdapDsData['digest']);
} catch (\Exception) {
$this->logger->warning('DNSSEC digest is not a valid hexadecimal value.');
continue;
}
if (false === $blob) { if (false === $blob) {
throw new ServiceUnavailableHttpException('DNSSEC digest is not a valid hexadecimal value.'); $this->logger->warning('DNSSEC digest is not a valid hexadecimal value.');
continue;
} }
$dsData->setDigest($blob); $dsData->setDigest($blob);
} }
@@ -671,6 +678,21 @@ class RDAPService
$dsData->setDigestType(DigestType::from($rdapDsData['digestType'])); $dsData->setDigestType(DigestType::from($rdapDsData['digestType']));
} }
$digestLengthByte = [
DigestType::SHA1->value => 20,
DigestType::SHA256->value => 32,
DigestType::GOST_R_34_11_94->value => 32,
DigestType::SHA384->value => 48,
DigestType::GOST_R_34_11_2012->value => 64,
DigestType::SM3->value => 32,
];
if (array_key_exists($dsData->getDigestType()->value, $digestLengthByte)
&& strlen($dsData->getDigest()) / 2 !== $digestLengthByte[$dsData->getDigestType()->value]) {
$this->logger->warning('DNSSEC digest does not have a valid length according to the digest type.');
continue;
}
$domain->addDnsKey($dsData); $domain->addDnsKey($dsData);
$this->em->persist($dsData); $this->em->persist($dsData);
} }