def initialize(zone_name, kasp_file_loc, policy, config_file_loc, syslog)
return if !zone_name
@name = (zone_name.to_s+"").untaint
@err = 0
@partial_audit = false
begin
File.open((kasp_file_loc+"").untaint, 'r') {|file|
doc = REXML::Document.new(file)
found_policy = false
doc.elements.each('KASP/Policy') {|p|
if (p.attributes['name'] == policy)
found_policy = true
@audit_tag_present = false
p.elements.each('Audit') {|a|
@audit_tag_present = true
a.elements.each('Partial') {|partial|
@partial_audit = true
}
}
begin
@signatures = Signatures.new(p.elements['Signatures'])
@denial = Denial.new(p.elements['Denial'])
@keys = Keys.new(p.elements['Keys'])
@soa = SOA.new(p.elements['Zone/SOA'])
rescue Exception => e
raise ConfigLoadError.new("ERROR - Configuration file #{kasp_file_loc} can't be loaded. Try running ods-kaspcheck to check the configuration.")
end
end
}
if (!found_policy)
raise ConfigLoadError.new("ERROR - Can't find policy #{policy.inspect} in KASP Policy.")
end
}
rescue Exception => e
raise ConfigLoadError.new("ERROR - Can't find KASP file : #{kasp_file_loc.inspect} : #{e}")
end
if (@denial.nsec3)
conf_f = (config_file_loc.to_s+"").untaint
begin
File.open(conf_f, 'r') {|file|
doc = REXML::Document.new(file)
e = doc.elements['SignerConfiguration/Zone/Denial/NSEC3/Hash/']
if (e)
@denial.nsec3.hash.salt = e.elements['Salt'].text
decoded_salt = Dnsruby::RR::NSEC3.decode_salt(@denial.nsec3.hash.salt)
if (decoded_salt.length.to_i != @denial.nsec3.hash.salt_length.to_i)
msg = "ERROR : SALT LENGTH IS #{decoded_salt.length}, but should be #{@denial.nsec3.hash.salt_length}"
print "#{Syslog::LOG_ERR}: #{msg}\n"
begin
syslog.log(Syslog::LOG_ERR, msg)
rescue ArgumentError
end
@err = Syslog::LOG_ERR
end
else
raise ConfigLoadError.new("ERROR - can't read salt from SignerConfiguration file : #{conf_f}")
end
}
rescue Errno::ENOENT
raise ConfigLoadError.new("ERROR - Can't find SignerConfiguration file : #{conf_f}")
end
end
end