From e8ae619f8967be830cdce23228eafd9723282471 Mon Sep 17 00:00:00 2001
From: Yannik Sembritzki <yannik@sembritzki.me>
Date: Tue, 7 Feb 2023 17:39:18 +0530
Subject: [PATCH] HOSTINGDE: Remove dnssec key from domain upon autodnssec
 disable (#2055)

Co-authored-by: Yannik Sembritzki <yannik@sembritzki.org>
---
 providers/hostingde/api.go               | 14 ++++++++++
 providers/hostingde/hostingdeProvider.go | 34 +++++++++++++++++++++++-
 providers/hostingde/types.go             | 29 +++++++++++++-------
 3 files changed, 67 insertions(+), 10 deletions(-)

diff --git a/providers/hostingde/api.go b/providers/hostingde/api.go
index 861e3070f..e6d2cf493 100644
--- a/providers/hostingde/api.go
+++ b/providers/hostingde/api.go
@@ -248,6 +248,20 @@ func (hp *hostingdeProvider) getDNSSECOptions(zoneConfigId string) (*dnsSecOptio
 	return dnsSecOptions[0], nil
 }
 
+func (hp *hostingdeProvider) dnsSecKeyModify(domain string, add []dnsSecEntry, remove []dnsSecEntry) error {
+	params := request{
+		DomainName: domain,
+		Add:        add,
+		Remove:     remove,
+	}
+
+	_, err := hp.get("domain", "dnsSecKeyModify", params)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 func (hp *hostingdeProvider) get(service, method string, params request) (*responseData, error) {
 	params.AuthToken = hp.authToken
 	params.OwnerAccountID = hp.ownerAccountID
diff --git a/providers/hostingde/hostingdeProvider.go b/providers/hostingde/hostingdeProvider.go
index 98e49ff63..62842a47a 100644
--- a/providers/hostingde/hostingdeProvider.go
+++ b/providers/hostingde/hostingdeProvider.go
@@ -217,7 +217,8 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
 	existingAutoDNSSecEnabled := zone.ZoneConfig.DNSSECMode == "automatic"
 	desiredAutoDNSSecEnabled := dc.AutoDNSSEC == "on"
 
-	var DnsSecOptions *dnsSecOptions = nil
+	var DnsSecOptions *dnsSecOptions
+	var removeDNSSecEntries []dnsSecEntry
 
 	// ensure that publishKsk is set for domains with AutoDNSSec
 	if existingAutoDNSSecEnabled && desiredAutoDNSSecEnabled {
@@ -242,8 +243,25 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
 		zone.ZoneConfig.DNSSECMode = "automatic"
 		zoneChanged = true
 	} else if existingAutoDNSSecEnabled && !desiredAutoDNSSecEnabled {
+		CurrentDnsSecOptions, err := hp.getDNSSECOptions(zone.ZoneConfig.ID)
+		if err != nil {
+			return nil, err
+		}
 		msg = append(msg, "Disable AutoDNSSEC")
 		zone.ZoneConfig.DNSSECMode = "off"
+
+		// Remove auto dnssec keys from domain
+		DomainConfig, err := hp.getDomainConfig(dc.Name)
+		if err != nil {
+			return nil, err
+		}
+		for _, entry := range DomainConfig.DNSSecEntries {
+			for _, autoDNSKey := range CurrentDnsSecOptions.Keys {
+				if entry.KeyData.PublicKey == autoDNSKey.KeyData.PublicKey {
+					removeDNSSecEntries = append(removeDNSSecEntries, entry)
+				}
+			}
+		}
 		zoneChanged = true
 	}
 
@@ -274,6 +292,20 @@ func (hp *hostingdeProvider) GetDomainCorrections(dc *models.DomainConfig) ([]*m
 		},
 	}
 
+	if removeDNSSecEntries != nil {
+		correction := models.Correction{
+			Msg: "Removing AutoDNSSEC Keys from Domain",
+			F: func() error {
+				err := hp.dnsSecKeyModify(dc.Name, nil, removeDNSSecEntries)
+				if err != nil {
+					return err
+				}
+				return nil
+			},
+		}
+		corrections = append(corrections, &correction)
+	}
+
 	return corrections, nil
 }
 
diff --git a/providers/hostingde/types.go b/providers/hostingde/types.go
index 70b0ec50c..24cba942a 100644
--- a/providers/hostingde/types.go
+++ b/providers/hostingde/types.go
@@ -23,13 +23,17 @@ type request struct {
 	Page           uint    `json:"page,omitempty"`
 
 	// Update Zone
-	ZoneConfig      *zoneConfig `json:"zoneConfig"`
-	RecordsToAdd    []*record   `json:"recordsToAdd"`
-	RecordsToModify []*record   `json:"recordsToModify"`
-	RecordsToDelete []*record   `json:"recordsToDelete"`
+	ZoneConfig      *zoneConfig `json:"zoneConfig,omitempty"`
+	RecordsToAdd    []*record   `json:"recordsToAdd,omitempty"`
+	RecordsToModify []*record   `json:"recordsToModify,omitempty"`
+	RecordsToDelete []*record   `json:"recordsToDelete,omitempty"`
 
 	// Create Zone
-	Records []*record `json:"records"`
+	Records []*record `json:"records,omitempty"`
+
+	DomainName string        `json:"domainName,omitempty"`
+	Add        []dnsSecEntry `json:"add,omitempty"`
+	Remove     []dnsSecEntry `json:"remove,omitempty"`
 
 	// Domain
 	Domain *domainConfig `json:"domain"`
@@ -52,9 +56,16 @@ type domainConfig struct {
 	Name                string          `json:"name"`
 	Contacts            json.RawMessage `json:"contacts"`
 	Nameservers         []nameserver    `json:"nameservers"`
+	DNSSecEntries       []dnsSecEntry   `json:"dnsSecEntries"`
 	TransferLockEnabled bool            `json:"transferLockEnabled"`
 }
 
+type dnsSecEntry struct {
+	KeyData dnsSecKey `json:"keyData"`
+	Comment string    `json:"comment"`
+	KeyTag  uint32    `json:"keyTag"`
+}
+
 type zoneConfig struct {
 	ID                    string          `json:"id"`
 	DNSSECMode            string          `json:"dnsSecMode"`
@@ -82,10 +93,10 @@ type zone struct {
 }
 
 type dnsSecOptions struct {
-	Keys       []dnsSecKey `json:"flags,omitempty"`
-	Algorithms []string    `json:"algorithms,omitempty"`
-	NSECMode   string      `json:"nsecMode"`
-	PublishKSK bool        `json:"publishKsk"`
+	Keys       []dnsSecEntry `json:"keys,omitempty"`
+	Algorithms []string      `json:"algorithms,omitempty"`
+	NSECMode   string        `json:"nsecMode"`
+	PublishKSK bool          `json:"publishKsk"`
 }
 
 type dnsSecKey struct {