From e173e2a050caa21725b588757becb84b3c56460a Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Fri, 8 Apr 2016 17:33:08 +0200
Subject: Get submitting and storing working.

Add README.dnssec.
Do start the dnssecport server.
Add config option 'trust_anchors_file'.
Pass correct data to validation server.
Change URL for submitting to match draft (add-rr-chain).
Make add-rr-chain take a base64-encoded string of RR's instead of JSON
list with one RR per entry.

TODO: Make the python tools know enough DNS to be able to verify SCT's
and such (i.e. 'make tests').
---
 src/dnssecport.erl | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'src/dnssecport.erl')

diff --git a/src/dnssecport.erl b/src/dnssecport.erl
index 30c8c9e..acdc5c4 100644
--- a/src/dnssecport.erl
+++ b/src/dnssecport.erl
@@ -23,9 +23,16 @@ validate(Data) ->
 
 -record(state, {port :: port()}).
 
+-spec trust_anchors() -> string().
+trust_anchors() ->
+    case application:get_env(catlfish, trust_anchors_file) of
+        {ok, Filename} -> Filename;
+        undefined -> []
+    end.
+
 init(Program) ->
     lager:debug("starting dnssec service"),
-    Port = create_port(Program, []), % TODO: Pass path to trust root file.
+    Port = create_port(Program, [trust_anchors()]),
     {ok, #state{port = Port}}.
 
 decode_response(Response) ->
@@ -38,9 +45,9 @@ handle_call(stop, _From, State) ->
 handle_call({validate, Data}, _From, State) ->
     case State#state.port of
         undefined ->
-            {error, noport};
+            {reply, {error, noport}, State};
         Port when is_port(Port) ->
-            Port ! {self(), {command, dns:encode_rrset(Data)}},
+            Port ! {self(), {command, Data}},
             receive
                 {Port, {data, Response}} ->
                     case decode_response(list_to_binary(Response)) of
@@ -50,6 +57,8 @@ handle_call({validate, Data}, _From, State) ->
                                  dns:encode_rrset(Chain)],
                             {reply, {ok, R}, State};
                         {ok, Error, _} ->
+                            lager:debug("DNSSEC validation failed with ~p",
+                                        [Error]),
                             {reply, {error, Error}, State}
                     end;
                 {Port, {exit_status, ExitStatus}} ->
-- 
cgit v1.1