mat813/afnic.rb

## afnic.rb
#!/usr/bin/env ruby
# frozen_string_literal: true

# ods-ksmutil key export --keystate ready -t KSK --all | ruby afnic.rb ready
# ods-ksmutil key export --keystate retire -t KSK --all | ruby afnic.rb retire

require 'pp'
require 'rubygems'
require 'dnsruby'
require 'epp-client/afnic'

QUOI = ARGV[0]

def debug(*rest)
  puts(*rest) if STDOUT.tty?
end

if QUOI.nil? || !%w[ready retire].include?(QUOI)
  puts 'usage : afnic.rb [ready|retire]'
  exit 1
end

EPP_NAME  = 'afnic_prod'
EPP_CERT  = "#{EPP_NAME}.crt"
EPP_KEY   = "#{EPP_NAME}.key"
EPP_LOGIN = 'login'
EPP_PASS  = 'password'

domain_found = false

begin
  epp = EPPClient::AFNIC.new(client_id: EPP_LOGIN,
                             password: EPP_PASS,
                             ssl_cert: EPP_CERT,
                             ssl_key: EPP_KEY,
                             test: false)

  epp.clTRID = "Abso-ds-submit-#{Time.now.to_f}"
  epp.open_connection
  epp.login

  while (line = STDIN.gets)
    next unless line =~ /^[a-z0-9]/

    new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

    domain = new_key.name.to_s

    debug "Domaine #{domain}"

    begin
      i = epp.domain_info(domain)
      domain_found = true
      debug "clef consideree algo #{new_key.algorithm} tag #{new_key.key_tag}"
      old_ds = if i.key?(:secDNS) && i[:secDNS].key?(:dsData)
                 i[:secDNS][:dsData]
               else
                 []
               end
      to_do = []
      case QUOI
      when 'ready'
        new_ds = [1, 2, 4].map { |v| Dnsruby::RR::DS.from_key(new_key, v) }
        new_ds.each do |ds|
          ds_present = old_ds.find do |k|
            ds.digest == k[:digest].downcase &&
              ds.key_tag == k[:keyTag]
          end
          if ds_present.nil?
            puts "nouveau DS #{ds.digest_type} ajoute"
            to_do << { keyTag: ds.key_tag,
                       alg: ds.algorithm.code,
                       digestType: ds.digest_type.code,
                       digest: ds.digest }
          else
            debug "DS #{ds.digest_type} deja la"
          end
        end
      when 'retire'
        ds_present = old_ds.select { |k| new_key.key_tag == k[:keyTag] }
        ds_present.each do |ds|
          puts "ancien DS #{ds.inspect} supprime"
          to_do << ds
        end
      end
      unless to_do.empty?
        begin
          case QUOI
          when 'ready'
            epp.domain_update(name: domain,
                              secDNS: {
                                add: { dsData: to_do },
                              })
          when 'retire'
            epp.domain_update(name: domain,
                              secDNS: {
                                rem: { dsData: to_do },
                              })
          end
        rescue EPPClient::EPPErrorResponse => e
          pp e
        end
      end
    rescue EPPClient::EPPErrorResponse => e
      debug "Domaine pas a l'afnic : #{e}"
    end
  end
ensure
  epp.logout
  exit domain_found ? 0 : 1
end

## change-ns.rb
#!/usr/bin/env ruby
# frozen_string_literal: true

# vim:sw=2 sts=2:

require 'rubygems'
require 'dnsruby'
require 'epp-client/afnic'
require 'awesome_print'
require 'getoptlong'

AwesomePrint.force_colors = true

new_ns = 1.upto(4).map { |i| "ns#{i}.absolight.net" }

opts = GetoptLong.new(
  ['--ns', '-n', GetoptLong::REQUIRED_ARGUMENT]
)

opts.each do |opt, arg|
  case opt
  when '--ns'
    new_ns = arg.split(/,/)
  end
end

ENV['RAILS_ENV'] ||= 'sandbox'

EPP_NAME  = 'afnic_prod'
EPP_CERT  = "#{EPP_NAME}.crt"
EPP_KEY   = "#{EPP_NAME}.key"
EPP_LOGIN = 'login'
EPP_PASS  = 'password'

epp = EPPClient::AFNIC.new(client_id: EPP_LOGIN,
                           password: EPP_PASS,
                           ssl_cert: EPP_CERT,
                           ssl_key: EPP_KEY,
                           test: false)

epp.clTRID = "Abso-change-ns-#{Time.now.to_f}"
epp.open_connection
epp.login
errors = []

ARGV.each do |domain|
  begin
    # get info
    info = epp.domain_info(domain)
    # change NS & Contact
    if info[:ns].nil?
      epp.domain_update(name: domain,
                        add: {
                          ns: new_ns,
                        })
      ap [domain, new_ns.join(', ')]
    else
      epp.domain_update(name: domain,
                        rem: {
                          ns: info[:ns],
                        },
                        add: {
                          ns: new_ns,
                        })
      ap [domain, info[:ns].join(', '), new_ns.join(', ')]
    end
  rescue EPPClient::EPPErrorResponse => e
    errors << [domain, e.to_s, info]
    p e
  end
end
ap errors unless errors.empty?
	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# ods-ksmutil key export --keystate ready -t KSK --all \| ruby afnic.rb ready
	# ods-ksmutil key export --keystate retire -t KSK --all \| ruby afnic.rb retire

	require 'pp'
	require 'rubygems'
	require 'dnsruby'
	require 'epp-client/afnic'

	QUOI = ARGV[0]

	def debug(*rest)
	puts(*rest) if STDOUT.tty?
	end

	if QUOI.nil? \|\| !%w[ready retire].include?(QUOI)
	puts 'usage : afnic.rb [ready\|retire]'
	exit 1
	end

	EPP_NAME = 'afnic_prod'
	EPP_CERT = "#{EPP_NAME}.crt"
	EPP_KEY = "#{EPP_NAME}.key"
	EPP_LOGIN = 'login'
	EPP_PASS = 'password'

	domain_found = false

	begin
	epp = EPPClient::AFNIC.new(client_id: EPP_LOGIN,
	password: EPP_PASS,
	ssl_cert: EPP_CERT,
	ssl_key: EPP_KEY,
	test: false)

	epp.clTRID = "Abso-ds-submit-#{Time.now.to_f}"
	epp.open_connection
	epp.login

	while (line = STDIN.gets)
	next unless line =~ /^[a-z0-9]/

	new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

	domain = new_key.name.to_s

	debug "Domaine #{domain}"

	begin
	i = epp.domain_info(domain)
	domain_found = true
	debug "clef consideree algo #{new_key.algorithm} tag #{new_key.key_tag}"
	old_ds = if i.key?(:secDNS) && i[:secDNS].key?(:dsData)
	i[:secDNS][:dsData]
	else
	[]
	end
	to_do = []
	case QUOI
	when 'ready'
	new_ds = [1, 2, 4].map { \|v\| Dnsruby::RR::DS.from_key(new_key, v) }
	new_ds.each do \|ds\|
	ds_present = old_ds.find do \|k\|
	ds.digest == k[:digest].downcase &&
	ds.key_tag == k[:keyTag]
	end
	if ds_present.nil?
	puts "nouveau DS #{ds.digest_type} ajoute"
	to_do << { keyTag: ds.key_tag,
	alg: ds.algorithm.code,
	digestType: ds.digest_type.code,
	digest: ds.digest }
	else
	debug "DS #{ds.digest_type} deja la"
	end
	end
	when 'retire'
	ds_present = old_ds.select { \|k\| new_key.key_tag == k[:keyTag] }
	ds_present.each do \|ds\|
	puts "ancien DS #{ds.inspect} supprime"
	to_do << ds
	end
	end
	unless to_do.empty?
	begin
	case QUOI
	when 'ready'
	epp.domain_update(name: domain,
	secDNS: {
	add: { dsData: to_do },
	})
	when 'retire'
	epp.domain_update(name: domain,
	secDNS: {
	rem: { dsData: to_do },
	})
	end
	rescue EPPClient::EPPErrorResponse => e
	pp e
	end
	end
	rescue EPPClient::EPPErrorResponse => e
	debug "Domaine pas a l'afnic : #{e}"
	end
	end
	ensure
	epp.logout
	exit domain_found ? 0 : 1
	end
	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# vim:sw=2 sts=2:

	require 'rubygems'
	require 'dnsruby'
	require 'epp-client/afnic'
	require 'awesome_print'
	require 'getoptlong'

	AwesomePrint.force_colors = true

	new_ns = 1.upto(4).map { \|i\| "ns#{i}.absolight.net" }

	opts = GetoptLong.new(
	['--ns', '-n', GetoptLong::REQUIRED_ARGUMENT]
	)

	opts.each do \|opt, arg\|
	case opt
	when '--ns'
	new_ns = arg.split(/,/)
	end
	end

	ENV['RAILS_ENV'] \|\|= 'sandbox'

	EPP_NAME = 'afnic_prod'
	EPP_CERT = "#{EPP_NAME}.crt"
	EPP_KEY = "#{EPP_NAME}.key"
	EPP_LOGIN = 'login'
	EPP_PASS = 'password'

	epp = EPPClient::AFNIC.new(client_id: EPP_LOGIN,
	password: EPP_PASS,
	ssl_cert: EPP_CERT,
	ssl_key: EPP_KEY,
	test: false)

	epp.clTRID = "Abso-change-ns-#{Time.now.to_f}"
	epp.open_connection
	epp.login
	errors = []

	ARGV.each do \|domain\|
	begin
	# get info
	info = epp.domain_info(domain)
	# change NS & Contact
	if info[:ns].nil?
	epp.domain_update(name: domain,
	add: {
	ns: new_ns,
	})
	ap [domain, new_ns.join(', ')]
	else
	epp.domain_update(name: domain,
	rem: {
	ns: info[:ns],
	},
	add: {
	ns: new_ns,
	})
	ap [domain, info[:ns].join(', '), new_ns.join(', ')]
	end
	rescue EPPClient::EPPErrorResponse => e
	errors << [domain, e.to_s, info]
	p e
	end
	end
	ap errors unless errors.empty?