def check_zone(cnfg, unsigned_file, signed_file, original_unsigned_file, original_signed_file)
reset
@num_output_lines = 0
set_config(cnfg)
nsec3auditor = Nsec3Auditor.new(self, @working)
nsec3auditor.delete_nsec3_files()
begin
load_soas(original_unsigned_file, original_signed_file)
if ((@config.name.downcase != @soa.name.to_s) && (@config.name.downcase != @soa.name.to_s.chop))
log(LOG_ERR, "SOA name (#{@soa.name}) is different to the configured zone name (#{@config.name}) - aborting")
return 1
end
if (!@soa.name.absolute?)
log(LOG_ERR, "SOA name not absolute #{@soa.name} - aborting")
return 1
end
log(LOG_INFO, "Auditing #{@soa.name} zone : #{@config.denial.nsec ? 'NSEC' : 'NSEC3'} SIGNED")
@key_tracker = KeyTracker.new(@working, @soa.name.to_s, self, @config, @enforcer_interval, @config.signatures.validity.default)
@key_cache = @key_tracker.load_tracker_cache
signed_file = (signed_file.to_s + "").untaint
unsigned_file = (unsigned_file.to_s + "").untaint
File.open(unsigned_file) {|unsignedfile|
File.open(signed_file) {|signedfile|
last_signed_rr = get_next_rr(signedfile)
last_unsigned_rr = get_next_rr(unsignedfile)
while (!unsignedfile.eof? || !signedfile.eof?)
unsigned_domain_rrs = []
compare_return = compare_subdomain_of_zone(last_signed_rr, last_unsigned_rr)
while (last_unsigned_rr && compare_return != 0 && (!unsignedfile.eof? || !signedfile.eof?))
if ((compare_return > 0) || (!last_signed_rr))
process_additional_unsigned_rr(last_unsigned_rr)
last_unsigned_rr = get_next_rr(unsignedfile)
elsif (compare_return < 0)
last_signed_rr = load_signed_subdomain(signedfile, last_signed_rr, [])
end
compare_return = compare_subdomain_of_zone(last_signed_rr, last_unsigned_rr)
end
unsigned_domain_rrs, last_unsigned_rr = load_unsigned_subdomain(unsignedfile, last_unsigned_rr)
last_signed_rr = load_signed_subdomain(signedfile, last_signed_rr, unsigned_domain_rrs)
end
if (last_unsigned_rr && (!last_signed_rr || (compare_return != 0) ) )
process_additional_unsigned_rr(last_unsigned_rr)
end
}
}
do_final_nsec_check()
Auditor.check_key_config(@keys_to_check, @unsigned_keys, @key_cache, @config, self)
if (@config.denial.nsec3)
nsec3auditor.check_nsec3_types_and_opt_out(@unknown_nsecs)
end
@key_tracker.process_key_data(@keys, @keys_used, @soa.serial, @config.keys.ttl)
rescue FatalError => e
return 3
end
log(LOG_INFO, "Finished auditing #{@soa.name} zone")
if (@ret_val == 999)
return 0
else
return @ret_val
end
end