Merge pull request #55 from infinityofspace/support_dnssec_api

Support dnssec api

Author: infinityofspace

pkb_client/client/client.py

@@ -2,19 +2,20 @@
 import logging
 from hashlib import sha256
 from pathlib import Path
-from typing import Optional, List, Union
+from typing import List, Optional, Union
 from urllib.parse import urljoin
 
 import dns.resolver
 import requests
 
 from pkb_client.client import BindFile
 from pkb_client.client.dns import (
+    DNS_RECORDS_WITH_PRIORITY,
     DNSRecord,
-    DNSRestoreMode,
     DNSRecordType,
-    DNS_RECORDS_WITH_PRIORITY,
+    DNSRestoreMode,
 )
+from pkb_client.client.dnssec import DNSSECRecord
 from pkb_client.client.domain import DomainInfo
 from pkb_client.client.forwarding import URLForwarding, URLForwardingType
 from pkb_client.client.ssl_cert import SSLCertBundle
@@ -842,6 +843,112 @@ def get_ssl_bundle(self, domain) -> SSLCertBundle:
                 response_json.get("message", "Unknown message"),
             )
 
+    def get_dnssec_records(self, domain: str) -> List[DNSSECRecord]:
+        """
+        API DNSSEC retrieve method: retrieve all DNSSEC records for the given domain.
+        See https://porkbun.com/api/json/v3/documentation#DNSSEC%20Get%20Records for more info.
+
+        :param domain: the domain for which the DNSSEC records should be retrieved
+        :return: list of :class:`DNSSECRecord` objects
+        """
+
+        url = urljoin(self.api_endpoint, f"dns/getDnssecRecords/{domain}")
+        req_json = self._get_auth_request_json()
+        r = requests.post(url=url, json=req_json)
+
+        if r.status_code == 200:
+            return [
+                DNSSECRecord.from_dict(record)
+                for record in json.loads(r.text).get("records", {}).values()
+            ]
+        else:
+            response_json = json.loads(r.text)
+            raise PKBClientException(
+                response_json.get("status", "Unknown status"),
+                response_json.get("message", "Unknown message"),
+            )
+
+    def create_dnssec_record(
+        self,
+        domain: str,
+        key_tag: int,
+        alg: int,
+        digest_type: int,
+        digest: str,
+        max_sig_life: Optional[int] = None,
+        key_data_flags: Optional[int] = None,
+        key_data_protocol: Optional[int] = None,
+        key_data_algo: Optional[int] = None,
+        key_data_pub_key: Optional[str] = None,
+    ) -> bool:
+        """
+        API DNSSEC create method: create a new DNSSEC record for the given domain.
+        See https://porkbun.com/api/json/v3/documentation#DNSSEC%20Create%20Record for more info.
+
+        :param domain: the domain for which the DNSSEC record should be created
+        :param key_tag: the key tag of the DNSSEC record
+        :param alg: algorithm of the DNSSEC record
+        :param digest_type: digest type of the DNSSEC record
+        :param digest: digest of the DNSSEC record
+        :param max_sig_life: maximum signature life of the DNSSEC record in seconds
+        :param key_data_flags: key data flags of the DNSSEC record
+        :param key_data_protocol: key data protocol of the DNSSEC record
+        :param key_data_algo: key data algorithm of the DNSSEC record
+        :param key_data_pub_key: key data public key of the DNSSEC record
+
+        :return: True if everything went well
+        """
+
+        if max_sig_life is not None and max_sig_life < 0:
+            raise ValueError("max_sig_life must be greater than 0")
+
+        url = urljoin(self.api_endpoint, f"dns/createDnssecRecord/{domain}")
+        req_json = {
+            **self._get_auth_request_json(),
+            "keyTag": key_tag,
+            "alg": alg,
+            "digestType": digest_type,
+            "digest": digest,
+            "maxSigLife": max_sig_life,
+            "keyDataFlags": key_data_flags,
+            "keyDataProtocol": key_data_protocol,
+            "keyDataAlgo": key_data_algo,
+            "keyDataPubKey": key_data_pub_key,
+        }
+        r = requests.post(url=url, json=req_json)
+
+        if r.status_code == 200:
+            return True
+        else:
+            response_json = json.loads(r.text)
+            raise PKBClientException(
+                response_json.get("status", "Unknown status"),
+                response_json.get("message", "Unknown message"),
+            )
+
+    def delete_dnssec_record(self, domain: str, key_tag: int) -> bool:
+        """
+        API DNSSEC delete method: delete an existing DNSSEC record for the given domain.
+        See https://porkbun.com/api/json/v3/documentation#DNSSEC%20Delete%20Record for more info.
+
+        :param domain: the domain for which the DNSSEC record should be deleted
+        :param key_tag: the key tag of the DNSSEC record
+        :return: True if everything went well
+        """
+
+        url = urljoin(self.api_endpoint, f"dns/deleteDnssecRecord/{domain}/{key_tag}")
+        req_json = self._get_auth_request_json()
+        r = requests.post(url=url, json=req_json)
+
+        if r.status_code == 200:
+            return True
+        else:
+            response_json = json.loads(r.text)
+            raise PKBClientException(
+                response_json.get("status", "Unknown status"),
+                response_json.get("message", "Unknown message"),
+            )
+
     @staticmethod
     def __handle_error_backup__(dns_records):
         # merge the single DNS records into one single dict with the record id as key

pkb_client/client/dnssec.py

@@ -0,0 +1,35 @@
+from dataclasses import dataclass
+from typing import Optional
+
+
+@dataclass
+class DNSSECRecord:
+    key_tag: int  # The key tag is a 16-bit integer that identifies the DNSKEY record
+    alg: int  # Indicates the algorithm used to generate the public key
+    digest_type: int  # Indicates the type of digest algorithm used
+    digest: str  # The digest of the public key
+    max_sig_life: Optional[
+        int
+    ]  # Indicates the amount of time in seconds the signature is valid
+    key_data_flags: Optional[
+        int
+    ]  # Indicates the key type (Zone-signing or Key-signing)
+    key_data_protocol: Optional[int]  # Indicates the protocol used for the key
+    key_data_algo: Optional[int]  # Indicates the algorithm used for the key
+    key_data_pub_key: Optional[str]  # The public key in base64 format
+
+    @staticmethod
+    def from_dict(d):
+        return DNSSECRecord(
+            key_tag=int(d["keyTag"]),
+            alg=int(d["alg"]),
+            digest_type=int(d["digestType"]),
+            digest=d["digest"],
+            max_sig_life=int(d["maxSigLife"]) if "maxSigLife" in d else None,
+            key_data_flags=int(d["keyDataFlags"]) if "keyDataFlags" in d else None,
+            key_data_protocol=int(d["keyDataProtocol"])
+            if "keyDataProtocol" in d
+            else None,
+            key_data_algo=int(d["keyDataAlgo"]) if "keyDataAlgo" in d else None,
+            key_data_pub_key=d["keyDataPubKey"] if "keyDataPubKey" in d else None,
+        )

tests/client.py

@@ -9,13 +9,14 @@
 from responses.registries import OrderedRegistry
 
 from pkb_client.client import (
-    PKBClient,
-    PKBClientException,
     API_ENDPOINT,
     DNSRestoreMode,
+    PKBClient,
+    PKBClientException,
+    SSLCertBundle,
 )
-from pkb_client.client import SSLCertBundle
 from pkb_client.client.dns import DNSRecord, DNSRecordType
+from pkb_client.client.dnssec import DNSSECRecord
 from pkb_client.client.forwarding import URLForwarding, URLForwardingType
 
 
@@ -1020,6 +1021,160 @@ def test_import_bind_dns_records(self):
 
             pkb_client.import_bind_dns_records(filename, DNSRestoreMode.clear)
 
+    @responses.activate
+    def test_get_dnssec_records(self):
+        pkb_client = PKBClient("key", "secret")
+
+        responses.post(
+            url=urljoin(API_ENDPOINT, "dns/getDnssecRecords/example.com"),
+            json={
+                "status": "SUCCESS",
+                "records": {
+                    "12345": {
+                        "keyTag": "12345",
+                        "alg": "8",
+                        "digestType": "1",
+                        "digest": "abc123",
+                    },
+                    "12346": {
+                        "keyTag": "12346",
+                        "alg": "8",
+                        "digestType": "1",
+                        "digest": "abc456",
+                        "maxSigLife": 3600,
+                        "keyDataFlags": 257,
+                        "keyDataProtocol": 3,
+                        "keyDataAlgo": 8,
+                        "keyDataPubKey": "abc789",
+                    },
+                },
+            },
+            match=[
+                matchers.json_params_matcher(
+                    {"apikey": "key", "secretapikey": "secret"}
+                )
+            ],
+        )
+        dnssec_records = pkb_client.get_dnssec_records("example.com")
+
+        self.assertEqual(2, len(dnssec_records))
+        self.assertEqual(
+            DNSSECRecord(
+                key_tag=12345,
+                alg=8,
+                digest_type=1,
+                digest="abc123",
+                max_sig_life=None,
+                key_data_flags=None,
+                key_data_protocol=None,
+                key_data_algo=None,
+                key_data_pub_key=None,
+            ),
+            dnssec_records[0],
+        )
+        self.assertEqual(
+            DNSSECRecord(
+                key_tag=12346,
+                alg=8,
+                digest_type=1,
+                digest="abc456",
+                max_sig_life=3600,
+                key_data_flags=257,
+                key_data_protocol=3,
+                key_data_algo=8,
+                key_data_pub_key="abc789",
+            ),
+            dnssec_records[1],
+        )
+
+    @responses.activate
+    def test_create_dnssec_record(self):
+        pkb_client = PKBClient("key", "secret")
+
+        responses.post(
+            url=urljoin(API_ENDPOINT, "dns/createDnssecRecord/example.com"),
+            json={"status": "SUCCESS"},
+            match=[
+                matchers.json_params_matcher(
+                    {
+                        "apikey": "key",
+                        "secretapikey": "secret",
+                        "keyTag": 4242,
+                        "alg": 12345,
+                        "digestType": 8,
+                        "digest": "abc123",
+                        "maxSigLife": None,
+                        "keyDataFlags": None,
+                        "keyDataProtocol": None,
+                        "keyDataAlgo": None,
+                        "keyDataPubKey": None,
+                    }
+                )
+            ],
+        )
+
+        success = pkb_client.create_dnssec_record(
+            domain="example.com",
+            key_tag=4242,
+            alg=12345,
+            digest_type=8,
+            digest="abc123",
+        )
+        self.assertTrue(success)
+
+        responses.post(
+            url=urljoin(API_ENDPOINT, "dns/createDnssecRecord/example2.com"),
+            json={"status": "SUCCESS"},
+            match=[
+                matchers.json_params_matcher(
+                    {
+                        "apikey": "key",
+                        "secretapikey": "secret",
+                        "keyTag": 4242,
+                        "alg": 12345,
+                        "digestType": 8,
+                        "digest": "abc123",
+                        "maxSigLife": 42,
+                        "keyDataFlags": 41,
+                        "keyDataProtocol": 40,
+                        "keyDataAlgo": 39,
+                        "keyDataPubKey": "abc42",
+                    }
+                )
+            ],
+        )
+
+        success = pkb_client.create_dnssec_record(
+            domain="example2.com",
+            key_tag=4242,
+            alg=12345,
+            digest_type=8,
+            digest="abc123",
+            max_sig_life=42,
+            key_data_flags=41,
+            key_data_protocol=40,
+            key_data_algo=39,
+            key_data_pub_key="abc42",
+        )
+        self.assertTrue(success)
+
+    @responses.activate
+    def delete_dnssec_record(self):
+        pkb_client = PKBClient("key", "secret")
+
+        responses.post(
+            url=urljoin(API_ENDPOINT, "dns/deleteDnssecRecord/example.com/123456"),
+            json={"status": "SUCCESS"},
+            match=[
+                matchers.json_params_matcher(
+                    {"apikey": "key", "secretapikey": "secret"}
+                )
+            ],
+        )
+
+        success = pkb_client.delete_dnssec_record("example.com", 123456)
+        self.assertTrue(success)
+
 
 if __name__ == "__main__":
     unittest.main()