Skip to content

Instantly share code, notes, and snippets.

@mat813

mat813/change-ns.rb

Last active May 30, 2017
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
OpenDNSSEC to SmallRegistry
Raw
change-ns.rb
#!/usr/bin/env ruby
# frozen_string_literal: true
# vim:sw=2 sts=2:
require 'rubygems'
require 'dnsruby'
require 'epp-client/smallregistry'
require 'awesome_print'
require 'getoptlong'
AwesomePrint.force_colors = true
new_ns = 1.upto(4).map { |i| "ns#{i}.absolight.net" }
opts = GetoptLong.new(
['--ns', '-n', GetoptLong::REQUIRED_ARGUMENT]
)
opts.each do |opt, arg|
case opt
when '--ns'
new_ns = arg.split(/,/)
end
end
ENV['RAILS_ENV'] ||= 'sandbox'
EPP_NAME = 'smallregistry'
EPP_CERT = "#{EPP_NAME}.crt"
EPP_KEY = "#{EPP_NAME}.key"
EPP_LOGIN = 'login'
EPP_PASS = 'password'
epp = EPPClient::SmallRegistry.new(client_id: EPP_LOGIN,
password: EPP_PASS,
ssl_cert: EPP_CERT,
ssl_key: EPP_KEY,
test: false)
epp.clTRID = "Abso-change-ns-#{Time.now.to_f}"
epp.open_connection
epp.login
errors = []
ARGV.each do |domain|
begin
# get info
info = epp.domain_info(domain)
# change NS & Contact
if info[:ns].nil?
epp.domain_update(name: domain,
add: {
ns: new_ns,
})
ap [domain, new_ns.join(', ')]
else
epp.domain_update(name: domain,
rem: {
ns: info[:ns],
},
add: {
ns: new_ns,
})
ap [domain, info[:ns].join(', '), new_ns.join(', ')]
end
rescue EPPClient::EPPErrorResponse => e
errors << [domain, e.to_s, info]
p e
end
end
ap errors unless errors.empty?
Raw
smallregistry.rb
#!/usr/bin/env ruby
# frozen_string_literal: true
# ods-ksmutil key export --keystate ready -t KSK --all | ruby afnic.rb ready
# ods-ksmutil key export --keystate retire -t KSK --all | ruby afnic.rb retire
require 'pp'
require 'rubygems'
require 'dnsruby'
require 'epp-client/smallregistry'
QUOI = ARGV[0]
def debug(*rest)
puts(*rest) if STDOUT.tty?
end
if QUOI.nil? || !%w[ready retire].include?(QUOI)
puts 'usage : afnic.rb [ready|retire]'
exit 1
end
EPP_NAME = 'smallregistry'
EPP_CERT = "#{EPP_NAME}.crt"
EPP_KEY = "#{EPP_NAME}.key"
EPP_LOGIN = 'login'
EPP_PASS = 'password'
domain_found = false
begin
epp = EPPClient::SmallRegistry.new(client_id: EPP_LOGIN,
password: EPP_PASS,
ssl_cert: EPP_CERT,
ssl_key: EPP_KEY,
test: false)
epp.clTRID = "Abso-ds-submit-#{Time.now.to_f}"
epp.open_connection
epp.login
while (line = STDIN.gets)
next unless line =~ /^[a-z0-9]/
new_key = Dnsruby::RR::DNSKEY.new_from_string(line)
domain = new_key.name.to_s
debug "Domaine #{domain}"
begin
i = epp.domain_info(domain)
domain_found = true
debug "clef consideree algo #{new_key.algorithm} tag #{new_key.key_tag}"
old_ds = if i.key?(:secDNS)
i[:secDNS][:dsData]
else
[]
end
to_do = []
case QUOI
when 'ready'
new_ds = [1, 2, 4].map { |v| Dnsruby::RR::DS.from_key(new_key, v) }
new_ds.each do |ds|
ds_present = old_ds.find { |k| ds.digest == k[:digest].downcase && ds.key_tag == k[:keyTag] }
if ds_present.nil?
puts "nouveau DS #{ds.digest_type} ajoute"
to_do << { keyTag: ds.key_tag, alg: ds.algorithm.code, digestType: ds.digest_type.code, digest: ds.digest }
else
debug "DS #{ds.digest_type} deja la"
end
end
when 'retire'
ds_present = old_ds.select { |k| new_key.key_tag == k[:keyTag] }
ds_present.each do |ds|
puts "ancien DS #{ds.inspect} supprime"
to_do << ds
end
end
unless to_do.empty?
begin
case QUOI
when 'ready'
epp.domain_update(name: domain,
secDNS: {
add: { dsData: to_do },
})
when 'retire'
epp.domain_update(name: domain,
secDNS: {
rem: { dsData: to_do },
})
end
rescue EPPClient::EPPErrorResponse => e
pp e
end
end
rescue EPPClient::EPPErrorResponse
debug 'Domaine pas chez smallregistry'
end
end
ensure
epp.logout
exit domain_found ? 0 : 1
end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment