From b2e062c5de3fb233d34bf0c67c7e43cfd9969706 Mon Sep 17 00:00:00 2001
From: Mike Crute <mike@crute.us>
Date: Tue, 21 May 2019 13:00:58 +0000
Subject: Read secrets from a file

---
 main.go | 156 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 137 insertions(+), 19 deletions(-)

diff --git a/main.go b/main.go
index 777a2d7..2c99e0e 100644
--- a/main.go
+++ b/main.go
@@ -2,9 +2,13 @@ package main
 
 import (
 	"bytes"
+	"encoding/json"
+	"errors"
 	"fmt"
 	"github.com/miekg/dns"
+	"io/ioutil"
 	"net/http"
+	"strings"
 	"text/template"
 	"time"
 )
@@ -14,17 +18,115 @@ type Zone struct {
 	View string
 }
 
-var SECRETS = map[string]string{
-	"crute-me-internal.":          "",
-	"crute-me-external.":          "",
-	"crute-us-internal.":          "",
-	"crute-us-external.":          "",
-	"crute-org-internal.":         "",
-	"crute-org-external.":         "",
-	"faldowski-com-internal.":     "",
-	"faldowski-com-external.":     "",
-	"softgroupcorp-com-internal.": "",
-	"softgroupcorp-com-external.": "",
+type TSIGSecrets struct {
+	secrets   map[string]map[string]TSIGSecret
+	viewzones map[string][]string
+}
+
+func NewTSIGSecrets() *TSIGSecrets {
+	return &TSIGSecrets{
+		secrets:   make(map[string]map[string]TSIGSecret),
+		viewzones: make(map[string][]string),
+	}
+}
+
+func (t *TSIGSecrets) GetViews() []string {
+	r := make([]string, 0, len(t.viewzones))
+	for k := range t.viewzones {
+		r = append(r, k)
+	}
+	return r
+}
+
+func (t *TSIGSecrets) GetViewZones() map[string][]string {
+	return t.viewzones
+}
+
+func (t *TSIGSecrets) UnmarshalJSON(d []byte) error {
+	v := make(map[string]map[string]string)
+
+	if err := json.Unmarshal(d, &v); err != nil {
+		return err
+	}
+
+	for k, v := range v {
+		o := strings.Split(k, "-")
+		view := o[len(o)-1]
+
+		d := make([]string, len(o))
+		copy(d, o[:len(o)-1])
+		dn := strings.Join(d, ".")
+
+		a, ok := v["algorithm"]
+		if !ok {
+			a = "hmac-sha256."
+		}
+
+		if !strings.HasSuffix(a, ".") {
+			a = fmt.Sprintf("%s.", a)
+		}
+
+		if _, ok := t.viewzones[view]; !ok {
+			t.viewzones[view] = make([]string, 1)
+			t.viewzones[view] = append(t.viewzones[view], dn)
+		} else {
+			t.viewzones[view] = append(t.viewzones[view], dn)
+		}
+
+		if _, ok := t.secrets[view]; !ok {
+			t.secrets[view] = make(map[string]TSIGSecret)
+		}
+
+		if !strings.HasSuffix(k, ".") {
+			k = fmt.Sprintf("%s.", k)
+		}
+
+		t.secrets[view][dn] = TSIGSecret{
+			KeyName:   k,
+			Algorithm: a,
+			Secret:    v["secret"],
+		}
+	}
+
+	return nil
+}
+
+func (t *TSIGSecrets) GetSecret(zone, view string) (*TSIGSecret, error) {
+	if !strings.HasSuffix(zone, ".") {
+		zone = fmt.Sprintf("%s.", zone)
+	}
+
+	if _, ok := t.secrets[view]; !ok {
+		return nil, errors.New("No keys for requested zone")
+	}
+
+	key, ok := t.secrets[view][zone]
+	if !ok {
+		return nil, errors.New("No keys for requested view of zone")
+	}
+
+	return &key, nil
+}
+
+type Signable interface {
+	SetTsig(string, string, uint16, int64) *dns.Msg
+}
+
+// TODO: Name and Algorithm end with dot (.)
+type TSIGSecret struct {
+	KeyName   string
+	Algorithm string `json:"algorithm"`
+	Secret    string `json:"secret"`
+}
+
+func (t *TSIGSecret) Sign(r Signable) {
+	r.SetTsig(t.KeyName, t.Algorithm, 300, time.Now().Unix())
+}
+
+func (t *TSIGSecret) AsMap() map[string]string {
+	return map[string]string{
+		t.KeyName: t.Secret,
+	}
 }
 
 func getValue(v interface{}) string {
@@ -62,15 +164,17 @@ func getValue(v interface{}) string {
 	}
 }
 
-func getDns() chan *dns.Envelope {
+func getDns(sm *TSIGSecrets) chan *dns.Envelope {
+	s, _ := sm.GetSecret("crute.us", "external")
+
 	c := &dns.Transfer{}
-	c.TsigSecret = SECRETS
+	c.TsigSecret = s.AsMap()
 
 	m := &dns.Msg{}
-	m.SetAxfr("crute.me.")
-	m.SetTsig("crute-me-internal.", dns.HmacSHA256, 300, time.Now().Unix())
+	m.SetAxfr("crute.us.")
+	s.Sign(m)
 
-	in, err := c.In(m, "172.31.46.225:53")
+	in, err := c.In(m, "172.16.18.52:53")
 	if err != nil {
 		fmt.Printf("Error: %s\n", err.Error())
 		return nil
@@ -109,10 +213,24 @@ func handler(w http.ResponseWriter, r *http.Request) {
 		"dnsTTL":   dnsTTL,
 	}
 	t, _ := template.New("").Funcs(fm).ParseFiles("dns.html")
-	t.ExecuteTemplate(w, "dns.html", getDns())
+	t.ExecuteTemplate(w, "dns.html", getDns(nil))
 }
 
 func main() {
-	http.HandleFunc("/", handler)
-	http.ListenAndServe(":8080", nil)
+	/*
+		http.HandleFunc("/", handler)
+		http.ListenAndServe(":8080", nil)
+	*/
+
+	c, _ := ioutil.ReadFile("secrets.json")
+	k := NewTSIGSecrets()
+	json.Unmarshal(c, k)
+
+	//fmt.Printf("%+v\n", k)
+	for r := range getDns(k) {
+		for _, rr := range r.RR {
+			/* hlen := len(rr.Header().String())
+			   fmt.Printf("%+v\n", rr.String()[hlen:]) */
+		}
+	}
 }
-- 
cgit v1.2.3