Added test file and explanation

metaregistrar · metaregistrar · commit 131cfa2d4ec4 · 2015-10-30T15:31:59.000+01:00
diff --git a/readme.md b/readme.md
@@ -10,7 +10,7 @@ Please feel free to test, use, add or modify.
 
 To use this suite: 
 - Clone this repository
-- php test.php <domainname>
+- php test.php domainname
 
 At this time it will only test .nl, .eu and .com domains because the nameservers are known for these extensions. Nameservers can be added for other extensions.
 See DNS/dnsProtocol.php function registrynameservers()
diff --git a/test.php b/test.php
@@ -2,13 +2,14 @@
 include_once('validate.php');
 
 
-if ($argc<1) {
+if ($argc<2) {
     die("Usage: test.php <domainname>\n\n");
 }
 $domainname = $argv[1];
 
 try {
     validateDomain($domainname);
+    echo "$domainname validation succesful\n";
 } catch (DnsException $e) {
     echo "ERROR: ".$e->getMessage()."\n";
 }
diff --git a/validate.php b/validate.php
@@ -4,6 +4,7 @@
 
 function validateDomain($domainname)
 {
+    $parentkeys = null;
     $domainname = strtolower($domainname);
     $dns = new dnsProtocol(false);
     $tld = substr($domainname,strpos($domainname,'.')+1);
@@ -21,6 +22,7 @@ function validateDomain($domainname)
             $ns = $result->getNameserverResults();
             foreach ($ns as $n)
             {
+                /* @var $n dnsNSresult */
                 $nameservers[]=$n->getNameserver();
             }
             $result = $dns->Query($domainname,'DS');
@@ -29,13 +31,14 @@ function validateDomain($domainname)
                 #
                 # No DS record found at parent: domain is not secured
                 #
-                return false;
+                throw new DnsException("No DS record found at parent: Domainname is not secured");
             }
             else
             {
                 $ds = $result->getResourceResults();
                 foreach ($ds as $d)
                 {
+                    /* @var $d dnsDSresult */
                     $pk['key']=$d->getKey();
                     $pk['keytag']=$d->getKeytag();
                     $pk['algorithm']=$d->getAlgorithm();
@@ -50,52 +53,57 @@ function validateDomain($domainname)
     #
     # Retrieve all necessary records
     #
-
-    foreach ($nameservers as $ns)
-    {
-        $dns->setServer($ns);
-        $result = $dns->Query($domainname,'RRSIG');
-        if ($result->getResourceResultCount()==0)
-        {
-            throw new DnsException("No RRSIG records found on ".$ns." for domain name ".$domainname);
-        }
-        else
+    if (isset($nameservers) && is_array($nameservers)) {
+        foreach ($nameservers as $ns)
         {
-            $rrsigs = $result->getResourceResults();
-            foreach ($rrsigs as $rrsig)
+            $dns->setServer($ns);
+            $result = $dns->Query($domainname,'RRSIG');
+            if ($result->getResourceResultCount()==0)
             {
-                if ($rrsig->getTypeCovered()=='SOA')
-                {
-                    $rr[$ns]=$rrsig;
+                throw new DnsException("No RRSIG records found on ".$ns." for domain name ".$domainname);
+            }
+            else
+            {
+                $rrsigs = $result->getResourceResults();
+                if (is_array($rrsigs)) {
+                    foreach ($rrsigs as $rrsig)
+                    {
+                        /* @var $rrsig dnsRRSIGresult */
+                        if ($rrsig->getTypeCovered()=='SOA')
+                        {
+                            $rr[$ns]=$rrsig;
+                        }
+                    }
                 }
             }
-        }
-        $result2 = $dns->Query($domainname,'DNSKEY');
-        if ($result2->getResourceResultCount()==0)
-        {
-            throw new DnsException("No DNSKEY records found on ".$ns." for domain name ".$domainname);
-        }
-        else
-        {
-            $ds = $result2->getResourceResults();
-            foreach ($ds as $childkey)
+            $result2 = $dns->Query($domainname,'DNSKEY');
+            if ($result2->getResourceResultCount()==0)
             {
-                if ($childkey->getSep())
+                throw new DnsException("No DNSKEY records found on ".$ns." for domain name ".$domainname);
+            }
+            else
+            {
+                $ds = $result2->getResourceResults();
+                foreach ($ds as $childkey)
                 {
-                    $dnskey[$ns]=$childkey;
+                    /* @var $childkey dnsDNSKEYresult */
+                    if ($childkey->getSep())
+                    {
+                        $dnskey[$ns]=$childkey;
+                    }
                 }
             }
+            if ((!isset($rr)) || (!$rr[$ns]))
+            {
+                throw new DnsException("No matching resource record type SOA found on ".$ns." for ".$domainname);
+            }
+            if ((!isset($dnskey)) || (!$dnskey[$ns]))
+            {
+                throw new DnsException("No matching DNSKEY record found with SEP flag enabled on ".$ns." for $domainname");
+            }
+            validateRRSIG($domainname, $rr[$ns], $ds);
+            validateDNSKEY($domainname, $dnskey[$ns], $parentkeys);
         }
-        if (!$rr[$ns])
-        {
-            throw new DnsException("No matching resource record type SOA found on ".$ns." for ".$domainname);
-        }
-        if (!$dnskey[$ns])
-        {
-            throw new DnsException("No matching DNSKEY record found with SEP flag enabled on ".$ns." for $domainname");
-        }
-        validateRRSIG($domainname, $rr[$ns], $ds);
-        validateDNSKEY($domainname, $dnskey[$ns], $parentkeys);
     }
     return true;
 }
@@ -120,7 +128,7 @@ function validateDNSKEY($domainname, dnsDNSKEYresult $dnskey, $parentkeys)
         }
         else
         {
-            $algo = $dns->algorithm($dnskey->getAlgorithm());
+            //$algo = $dnskey->algorithm($dnskey->getAlgorithm());
         }
 
     }
@@ -166,11 +174,14 @@ function validateRRSIG($domainname, dnsRRSIGresult $rrsig, $ds)
     # Keytag for signing must exist in the DNSKEY records
     #
     $keyfound = false;
-    foreach ($ds as $childkey)
-    {
-        if ($childkey->getKeytag()==$rrsig->getKeytag())
+    if (is_array($ds)) {
+        foreach ($ds as $childkey)
         {
-            $keyfound = true;
+            /* @var $childkey dnsRRSIGresult */
+            if ($childkey->getKeytag()==$rrsig->getKeytag())
+            {
+                $keyfound = true;
+            }
         }
     }
     if (!$keyfound)

Original file line number	Diff line number	Diff line change
`@@ -2,13 +2,14 @@`
`2`	`2`	`include_once('validate.php');`
`3`	`3`
`4`	`4`
`5`		`-if ($argc<1) {`
	`5`	`+if ($argc<2) {`
`6`	`6`	`die("Usage: test.php <domainname>\n\n");`
`7`	`7`	`}`
`8`	`8`	`$domainname = $argv[1];`
`9`	`9`
`10`	`10`	`try {`
`11`	`11`	`validateDomain($domainname);`
	`12`	`+ echo "$domainname validation succesful\n";`
`12`	`13`	`} catch (DnsException $e) {`
`13`	`14`	`echo "ERROR: ".$e->getMessage()."\n";`
`14`	`15`	`}`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`
`5`	`5`	`function validateDomain($domainname)`
`6`	`6`	`{`
	`7`	`+ $parentkeys = null;`
`7`	`8`	`$domainname = strtolower($domainname);`
`8`	`9`	`$dns = new dnsProtocol(false);`
`9`	`10`	`$tld = substr($domainname,strpos($domainname,'.')+1);`
`@@ -21,6 +22,7 @@ function validateDomain($domainname)`
`21`	`22`	`$ns = $result->getNameserverResults();`
`22`	`23`	`foreach ($ns as $n)`
`23`	`24`	`{`
	`25`	`+ /* @var $n dnsNSresult */`
`24`	`26`	`$nameservers[]=$n->getNameserver();`
`25`	`27`	`}`
`26`	`28`	`$result = $dns->Query($domainname,'DS');`
`@@ -29,13 +31,14 @@ function validateDomain($domainname)`
`29`	`31`	`#`
`30`	`32`	`# No DS record found at parent: domain is not secured`
`31`	`33`	`#`
`32`		`- return false;`
	`34`	`+ throw new DnsException("No DS record found at parent: Domainname is not secured");`
`33`	`35`	`}`
`34`	`36`	`else`
`35`	`37`	`{`
`36`	`38`	`$ds = $result->getResourceResults();`
`37`	`39`	`foreach ($ds as $d)`
`38`	`40`	`{`
	`41`	`+ /* @var $d dnsDSresult */`
`39`	`42`	`$pk['key']=$d->getKey();`
`40`	`43`	`$pk['keytag']=$d->getKeytag();`
`41`	`44`	`$pk['algorithm']=$d->getAlgorithm();`
`@@ -50,52 +53,57 @@ function validateDomain($domainname)`
`50`	`53`	`#`
`51`	`54`	`# Retrieve all necessary records`
`52`	`55`	`#`
`53`		`-`
`54`		`- foreach ($nameservers as $ns)`
`55`		`- {`
`56`		`- $dns->setServer($ns);`
`57`		`- $result = $dns->Query($domainname,'RRSIG');`
`58`		`- if ($result->getResourceResultCount()==0)`
`59`		`- {`
`60`		`- throw new DnsException("No RRSIG records found on ".$ns." for domain name ".$domainname);`
`61`		`- }`
`62`		`- else`
	`56`	`+ if (isset($nameservers) && is_array($nameservers)) {`
	`57`	`+ foreach ($nameservers as $ns)`
`63`	`58`	`{`
`64`		`- $rrsigs = $result->getResourceResults();`
`65`		`- foreach ($rrsigs as $rrsig)`
	`59`	`+ $dns->setServer($ns);`
	`60`	`+ $result = $dns->Query($domainname,'RRSIG');`
	`61`	`+ if ($result->getResourceResultCount()==0)`
`66`	`62`	`{`
`67`		`- if ($rrsig->getTypeCovered()=='SOA')`
`68`		`- {`
`69`		`- $rr[$ns]=$rrsig;`
	`63`	`+ throw new DnsException("No RRSIG records found on ".$ns." for domain name ".$domainname);`
	`64`	`+ }`
	`65`	`+ else`
	`66`	`+ {`
	`67`	`+ $rrsigs = $result->getResourceResults();`
	`68`	`+ if (is_array($rrsigs)) {`
	`69`	`+ foreach ($rrsigs as $rrsig)`
	`70`	`+ {`
	`71`	`+ /* @var $rrsig dnsRRSIGresult */`
	`72`	`+ if ($rrsig->getTypeCovered()=='SOA')`
	`73`	`+ {`
	`74`	`+ $rr[$ns]=$rrsig;`
	`75`	`+ }`
	`76`	`+ }`
`70`	`77`	`}`
`71`	`78`	`}`
`72`		`- }`
`73`		`- $result2 = $dns->Query($domainname,'DNSKEY');`
`74`		`- if ($result2->getResourceResultCount()==0)`
`75`		`- {`
`76`		`- throw new DnsException("No DNSKEY records found on ".$ns." for domain name ".$domainname);`
`77`		`- }`
`78`		`- else`
`79`		`- {`
`80`		`- $ds = $result2->getResourceResults();`
`81`		`- foreach ($ds as $childkey)`
	`79`	`+ $result2 = $dns->Query($domainname,'DNSKEY');`
	`80`	`+ if ($result2->getResourceResultCount()==0)`
`82`	`81`	`{`
`83`		`- if ($childkey->getSep())`
	`82`	`+ throw new DnsException("No DNSKEY records found on ".$ns." for domain name ".$domainname);`
	`83`	`+ }`
	`84`	`+ else`
	`85`	`+ {`
	`86`	`+ $ds = $result2->getResourceResults();`
	`87`	`+ foreach ($ds as $childkey)`
`84`	`88`	`{`
`85`		`- $dnskey[$ns]=$childkey;`
	`89`	`+ /* @var $childkey dnsDNSKEYresult */`
	`90`	`+ if ($childkey->getSep())`
	`91`	`+ {`
	`92`	`+ $dnskey[$ns]=$childkey;`
	`93`	`+ }`
`86`	`94`	`}`
`87`	`95`	`}`
	`96`	`+ if ((!isset($rr)) \|\| (!$rr[$ns]))`
	`97`	`+ {`
	`98`	`+ throw new DnsException("No matching resource record type SOA found on ".$ns." for ".$domainname);`
	`99`	`+ }`
	`100`	`+ if ((!isset($dnskey)) \|\| (!$dnskey[$ns]))`
	`101`	`+ {`
	`102`	`+ throw new DnsException("No matching DNSKEY record found with SEP flag enabled on ".$ns." for $domainname");`
	`103`	`+ }`
	`104`	`+ validateRRSIG($domainname, $rr[$ns], $ds);`
	`105`	`+ validateDNSKEY($domainname, $dnskey[$ns], $parentkeys);`
`88`	`106`	`}`
`89`		`- if (!$rr[$ns])`
`90`		`- {`
`91`		`- throw new DnsException("No matching resource record type SOA found on ".$ns." for ".$domainname);`
`92`		`- }`
`93`		`- if (!$dnskey[$ns])`
`94`		`- {`
`95`		`- throw new DnsException("No matching DNSKEY record found with SEP flag enabled on ".$ns." for $domainname");`
`96`		`- }`
`97`		`- validateRRSIG($domainname, $rr[$ns], $ds);`
`98`		`- validateDNSKEY($domainname, $dnskey[$ns], $parentkeys);`
`99`	`107`	`}`
`100`	`108`	`return true;`
`101`	`109`	`}`
`@@ -120,7 +128,7 @@ function validateDNSKEY($domainname, dnsDNSKEYresult $dnskey, $parentkeys)`
`120`	`128`	`}`
`121`	`129`	`else`
`122`	`130`	`{`
`123`		`- $algo = $dns->algorithm($dnskey->getAlgorithm());`
	`131`	`+ //$algo = $dnskey->algorithm($dnskey->getAlgorithm());`
`124`	`132`	`}`
`125`	`133`
`126`	`134`	`}`
`@@ -166,11 +174,14 @@ function validateRRSIG($domainname, dnsRRSIGresult $rrsig, $ds)`
`166`	`174`	`# Keytag for signing must exist in the DNSKEY records`
`167`	`175`	`#`
`168`	`176`	`$keyfound = false;`
`169`		`- foreach ($ds as $childkey)`
`170`		`- {`
`171`		`- if ($childkey->getKeytag()==$rrsig->getKeytag())`
	`177`	`+ if (is_array($ds)) {`
	`178`	`+ foreach ($ds as $childkey)`
`172`	`179`	`{`
`173`		`- $keyfound = true;`
	`180`	`+ /* @var $childkey dnsRRSIGresult */`
	`181`	`+ if ($childkey->getKeytag()==$rrsig->getKeytag())`
	`182`	`+ {`
	`183`	`+ $keyfound = true;`
	`184`	`+ }`
`174`	`185`	`}`
`175`	`186`	`}`
`176`	`187`	`if (!$keyfound)`