mat813 · May 30, 2017 12:51
diff --git a/ripe.rb b/ripe.rb
 #!/usr/bin/env ruby
 # frozen_string_literal: true

 # ods-ksmutil key export --keystate ready -t KSK --all | ruby ripe.rb ready
 # ods-ksmutil key export --keystate retire -t KSK --all | ruby ripe.rb retire

 require 'pp'
 require 'rubygems'
 require 'dnsruby'
 require 'net/smtp'

 PASSWD = 'XXXX'
 FROM = 'noc@toi'

 QUOI = ARGV[0]

 def debug(*rest)
  puts(*rest) if STDOUT.tty?
 end

 if QUOI.nil? || !%w[ready retire].include?(QUOI)
  puts 'usage : ripe.rb [ready|retire]'
  exit 1
 end

 module Dnsruby
  class RR
    # tripoter
    class DS
      # Tripoter le rdata_to_string pour avoir ce dont on a besoin.
      def rdata_to_string
        return '' if @key_tag.nil?
        "#{@key_tag.to_i} #{@algorithm.code} #{@digest_type.code} #{@digest.upcase}"
      end
    end
  end
 end

 thingstodo = []

 domain_found = false

 while (line = STDIN.gets)
  next unless line =~ /^[a-z0-9]/

  new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

  domain = new_key.name.to_s

  debug "Domaine #{domain}"

  if domain =~ /\.(ip6|in-addr)\.arpa$/

    whois = `/usr/local/bin/whois3 -Br #{domain}`.split(/\n/).reject { |l| l =~ /^%/ || l == '' }.map { |l| l.split(/:\s*/) }

    # Le domaine est bien ce qu'on a demande et qu'on est mntner dessus.
    if whois.any? { |k, v| k == 'domain' && v == domain } && whois.any? { |k, v| k == 'mnt-by' && v == 'ABSO-DNS-MNT' }
      domain_found = true
      debug "clef consideree #{new_key.rdata}"

      changed = false

      case QUOI
      when 'ready'
        new_ds = [1, 2, 4].map { |v| Dnsruby::RR::DS.from_key(new_key, v) }

        new_ds.each do |ds|
          if whois.any? { |k, v| k == 'ds-rdata' && ds == Dnsruby::RR::DS.new_from_string("#{domain}. IN DS #{v}") }
            debug "DS #{ds.digest_type} deja la"
          else
            idx = whois.index { |k, _v| k == 'ds-rdata' || k == 'notify' }
            puts "DS ajoute #{ds.digest_type}"
            whois[idx..idx] = [['ds-rdata', ds.rdata_to_string], whois[idx]]
            changed = true
          end
        end
      when 'retire'
        if whois.any? { |k, v| k == 'ds-rdata' && v =~ /^#{new_key.key_tag}\b/ }
          whois.reject! { |k, v| k == 'ds-rdata' && v =~ /^#{new_key.key_tag}\b/ }
          puts "Clef supprime #{new_key.key_tag}"
          changed = true
        else
          debug "Clef #{new_key.key_tag} absent"
        end
      end
      if changed
        whois << ['password', PASSWD]
        thingstodo << "% #{domain}"
        thingstodo << ''
        thingstodo += whois.map { |k, v| k + ':' + ' ' * (15 - k.size) + v }
        thingstodo << ''
      else
        debug 'rien a changer'
      end
    else
      debug 'Domaine pas a nous'
    end
  else
    debug 'Domaine pas bon format'
  end
 end
 unless thingstodo.empty?
  message = <<~eot
    From: #{FROM}
    To: [email protected]
    Cc: #{FROM}
    Subject: DIFF

  eot
  message << thingstodo.join("\n")
  Net::SMTP.start('localhost') do |smtp|
    smtp.send_message message, FROM, ['[email protected]', FROM]
  end
 end
 exit domain_found ? 0 : 1
	#!/usr/bin/env ruby
	# frozen_string_literal: true

	# ods-ksmutil key export --keystate ready -t KSK --all \| ruby ripe.rb ready
	# ods-ksmutil key export --keystate retire -t KSK --all \| ruby ripe.rb retire

	require 'pp'
	require 'rubygems'
	require 'dnsruby'
	require 'net/smtp'

	PASSWD = 'XXXX'
	FROM = 'noc@toi'

	QUOI = ARGV[0]

	def debug(*rest)
	puts(*rest) if STDOUT.tty?
	end

	if QUOI.nil? \|\| !%w[ready retire].include?(QUOI)
	puts 'usage : ripe.rb [ready\|retire]'
	exit 1
	end

	module Dnsruby
	class RR
	# tripoter
	class DS
	# Tripoter le rdata_to_string pour avoir ce dont on a besoin.
	def rdata_to_string
	return '' if @key_tag.nil?
	"#{@key_tag.to_i} #{@algorithm.code} #{@digest_type.code} #{@digest.upcase}"
	end
	end
	end
	end

	thingstodo = []

	domain_found = false

	while (line = STDIN.gets)
	next unless line =~ /^[a-z0-9]/

	new_key = Dnsruby::RR::DNSKEY.new_from_string(line)

	domain = new_key.name.to_s

	debug "Domaine #{domain}"

	if domain =~ /\.(ip6\|in-addr)\.arpa$/

	whois = `/usr/local/bin/whois3 -Br #{domain}`.split(/\n/).reject { \|l\| l =~ /^%/ \|\| l == '' }.map { \|l\| l.split(/:\s*/) }

	# Le domaine est bien ce qu'on a demande et qu'on est mntner dessus.
	if whois.any? { \|k, v\| k == 'domain' && v == domain } && whois.any? { \|k, v\| k == 'mnt-by' && v == 'ABSO-DNS-MNT' }
	domain_found = true
	debug "clef consideree #{new_key.rdata}"

	changed = false

	case QUOI
	when 'ready'
	new_ds = [1, 2, 4].map { \|v\| Dnsruby::RR::DS.from_key(new_key, v) }

	new_ds.each do \|ds\|
	if whois.any? { \|k, v\| k == 'ds-rdata' && ds == Dnsruby::RR::DS.new_from_string("#{domain}. IN DS #{v}") }
	debug "DS #{ds.digest_type} deja la"
	else
	idx = whois.index { \|k, _v\| k == 'ds-rdata' \|\| k == 'notify' }
	puts "DS ajoute #{ds.digest_type}"
	whois[idx..idx] = [['ds-rdata', ds.rdata_to_string], whois[idx]]
	changed = true
	end
	end
	when 'retire'
	if whois.any? { \|k, v\| k == 'ds-rdata' && v =~ /^#{new_key.key_tag}\b/ }
	whois.reject! { \|k, v\| k == 'ds-rdata' && v =~ /^#{new_key.key_tag}\b/ }
	puts "Clef supprime #{new_key.key_tag}"
	changed = true
	else
	debug "Clef #{new_key.key_tag} absent"
	end
	end
	if changed
	whois << ['password', PASSWD]
	thingstodo << "% #{domain}"
	thingstodo << ''
	thingstodo += whois.map { \|k, v\| k + ':' + ' ' * (15 - k.size) + v }
	thingstodo << ''
	else
	debug 'rien a changer'
	end
	else
	debug 'Domaine pas a nous'
	end
	else
	debug 'Domaine pas bon format'
	end
	end
	unless thingstodo.empty?
	message = <<~eot
	From: #{FROM}
	To: [email protected]
	Cc: #{FROM}
	Subject: DIFF

	eot
	message << thingstodo.join("\n")
	Net::SMTP.start('localhost') do \|smtp\|
	smtp.send_message message, FROM, ['[email protected]', FROM]
	end
	end
	exit domain_found ? 0 : 1