Get submitting and storing working.

Add README.dnssec. Do start the dnssecport server. Add config option 'trust_anchors_file'. Pass correct data to validation server. Change URL for submitting to match draft (add-rr-chain). Make add-rr-chain take a base64-encoded string of RR's instead of JSON list with one RR per entry. TODO: Make the python tools know enough DNS to be able to verify SCT's and such (i.e. 'make tests').
author: Linus Nordberg <linus@nordu.net> 2016-04-08 17:33:08 +0200
committer: Linus Nordberg <linus@nordu.net> 2016-04-08 17:33:08 +0200
commit: e173e2a050caa21725b588757becb84b3c56460a (patch)
tree: 558c8537fc85aeede3102b8c59a4f45ae9ca0add /src
parent: ed60e7e384560e8581d16c218ca629a7555beb1e (diff)
3 files changed, 34 insertions, 34 deletions
diff --git a/src/catlfish_app.erl b/src/catlfish_app.erl
index eef74d6..d14fd22 100644
--- a/src/catlfish_app.erl
+++ b/src/catlfish_app.erl
@@ -13,6 +13,7 @@
 %% ===================================================================
 
 start(normal, Args) ->
+    dnssecport:start_link(),
     catlfish:init_cache_table(),
     catlfish_sup:start_link(Args).
 
diff --git a/src/dnssecport.erl b/src/dnssecport.erl
index 30c8c9e..acdc5c4 100644
--- a/src/dnssecport.erl
+++ b/src/dnssecport.erl
@@ -23,9 +23,16 @@ validate(Data) ->
 
 -record(state, {port :: port()}).
 
+-spec trust_anchors() -> string().
+trust_anchors() ->
+    case application:get_env(catlfish, trust_anchors_file) of
+        {ok, Filename} -> Filename;
+        undefined -> []
+    end.
+
 init(Program) ->
     lager:debug("starting dnssec service"),
-    Port = create_port(Program, []), % TODO: Pass path to trust root file.
+    Port = create_port(Program, [trust_anchors()]),
     {ok, #state{port = Port}}.
 
 decode_response(Response) ->
@@ -38,9 +45,9 @@ handle_call(stop, _From, State) ->
 handle_call({validate, Data}, _From, State) ->
     case State#state.port of
         undefined ->
-            {error, noport};
+            {reply, {error, noport}, State};
         Port when is_port(Port) ->
-            Port ! {self(), {command, dns:encode_rrset(Data)}},
+            Port ! {self(), {command, Data}},
             receive
                 {Port, {data, Response}} ->
                     case decode_response(list_to_binary(Response)) of
@@ -50,6 +57,8 @@ handle_call({validate, Data}, _From, State) ->
                                  dns:encode_rrset(Chain)],
                             {reply, {ok, R}, State};
                         {ok, Error, _} ->
+                            lager:debug("DNSSEC validation failed with ~p",
+                                        [Error]),
                             {reply, {error, Error}, State}
                     end;
                 {Port, {exit_status, ExitStatus}} ->
diff --git a/src/v1.erl b/src/v1.erl
index ef9aadd..72d0112 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -30,9 +30,9 @@ check_valid_sth() ->
     end.
 
 %% Public functions, i.e. part of URL.
-request(post, ?APPURL_CT_V1, "add-ds-rr", Input) ->
+request(post, ?APPURL_CT_V1, "add-rr-chain", Input) ->
     check_valid_sth(),
-    add_ds(Input);
+    add_rr_chain(Input);
 
 request(get, ?APPURL_CT_V1, "get-sth", _Query) ->
     check_valid_sth(),
@@ -147,37 +147,27 @@ internalerror(Text) ->
            "~s~n" ++
            "</body></html>~n", [Text])}.
 
--spec add_ds(any()) -> any().
-add_ds(Input) ->
+-spec add_rr_chain(any()) -> any().
+add_rr_chain(Input) ->
     case (catch mochijson2:decode(Input)) of
         {error, E} ->
-            err400("add-ds-rr: bad input:", E);
-        {struct, [{<<"chain">>, List}]} ->
-            case decode_chain(List) of
-                {invalid, ErrText} ->
-                    err400(io:format("add-ds-rr: ~p", [ErrText]), List);
-                Data when is_list(Data) ->
-                    add_ds_helper(Data);
-                _ ->
-                    err400("add-ds-rr: missing one or more entries", List)
+            err400("add-rr-chain: bad input:", E);
+        {struct, [{<<"chain">>, B64}]} ->
+            case (catch base64:decode(B64)) of
+                {'EXIT', _} ->
+                    err400("add-rr-chain: invalid base64-encoding:", B64);
+                Data ->
+                    case dnssecport:validate(Data) of
+                        {ok, [DS | Chain]} ->
+                            lager:debug("succesful DNSSEC validation"),
+                            success(catlfish:add_chain(DS, Chain, normal));
+                        {error, ErrorCode} ->
+                            err400(io_lib:format(
+                                     "add-rr-chain: invalid DS record: ~p",
+                                     [ErrorCode]),
+                                   Data)
+                    end
             end;
         _ ->
-            err400("add-ds-rr: missing input: chain", Input)
-    end.
-
-decode_chain(List) ->
-    case (catch [base64:decode(X) || X <- List]) of
-        {'EXIT', _} ->
-            {invalid, "invalid base64-encoding"};
-        L ->
-            L
-    end.
-
-add_ds_helper(Data) ->
-    case dnssecport:validate(Data) of
-        {ok, [DS | Chain]} ->
-            success(catlfish:add_chain(DS, Chain, normal));
-        {error, ErrorCode} ->
-            err400(io:format("add-ds-rr: invalid DS record: ~p", [ErrorCode]),
-                  Data)
+            err400("add-rr-chain: missing input: chain", Input)
     end.
author	Linus Nordberg <linus@nordu.net>	2016-04-08 17:33:08 +0200
committer	Linus Nordberg <linus@nordu.net>	2016-04-08 17:33:08 +0200
commit	e173e2a050caa21725b588757becb84b3c56460a (patch)
tree	558c8537fc85aeede3102b8c59a4f45ae9ca0add /src
parent	ed60e7e384560e8581d16c218ca629a7555beb1e (diff)