From 46a91e2fdf47593e956d2a9dc63b640dbf1ff6cf Mon Sep 17 00:00:00 2001
From: Jeffrey Forman <jforman@malbec.home.jeffreyforman.net>
Date: Thu, 29 Nov 2012 21:52:27 -0500
Subject: [PATCH] Add error handling in delete_record function around
 unrecognized/malformed keys.

---
 binder/exceptions.py |  8 ++++++++
 binder/helpers.py    | 17 +++++++++++++----
 binder/keyutils.py   | 15 +++++++++++----
 3 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/binder/exceptions.py b/binder/exceptions.py
index 9c608f5..7bad101 100644
--- a/binder/exceptions.py
+++ b/binder/exceptions.py
@@ -23,3 +23,11 @@ class RecordException(Exception):
     """
 
     pass
+
+class KeyringException(Exception):
+    """
+    Thrown when there is a problem creating the keyring.
+      * When the length/padding of the TSIG data is incorrect.
+    """
+
+    pass
diff --git a/binder/helpers.py b/binder/helpers.py
index 83934d2..a20e4eb 100644
--- a/binder/helpers.py
+++ b/binder/helpers.py
@@ -9,6 +9,7 @@ import socket
 import dns.query
 import dns.reversename
 import dns.update
+import dns.tsig
 
 # App Imports
 from binder import exceptions, keyutils, models
@@ -83,8 +84,12 @@ def delete_record(dns_server, rr_list, key_name):
     if key_name is None:
         keyring = None
     else:
-        this_key = models.Key.objects.get(name=key_name)
-        keyring = keyutils.create_keyring(this_key.name, this_key.data)
+        try:
+            this_key = models.Key.objects.get(name=key_name)
+            keyring = keyutils.create_keyring(this_key.name, this_key.data)
+        except exceptions.KeyringException, err:
+            return([{ "description" : "Error in deletion process",
+                      "output" : err }])
 
     delete_response = []
     for current_rr in rr_list:
@@ -93,8 +98,12 @@ def delete_record(dns_server, rr_list, key_name):
         domain = re_record.group(2)
         dns_update = dns.update.Update(domain, keyring = keyring)
         dns_update.delete(record)
-        output = dns.query.tcp(dns_update, dns_server)
-        delete_response.append({ "description" : "Delete record %s" % current_rr,
+        try:
+            output = dns.query.tcp(dns_update, dns_server)
+        except dns.tsig.PeerBadKey:
+            output = "The DNS server does not know about the TSIG key: %s" % key_name
+
+        delete_response.append({ "description" : "Delete Record: %s" % current_rr,
                                  "output" : output })
 
     return delete_response
diff --git a/binder/keyutils.py b/binder/keyutils.py
index 7e414bd..c246321 100755
--- a/binder/keyutils.py
+++ b/binder/keyutils.py
@@ -1,5 +1,10 @@
+import binascii
+
 import dns.tsigkeyring
 
+from binder import exceptions
+
+
 def create_keyring(key_name, key_data):
     """Return a tsigkeyring object from key name and key data.
 
@@ -11,8 +16,10 @@ def create_keyring(key_name, key_data):
       keyring object with the key name and TSIG secret.
     """
 
-    keyring = dns.tsigkeyring.from_text({
-            key_name : key_data
-            })
-
+    try:
+        keyring = dns.tsigkeyring.from_text({
+                key_name : key_data
+                })
+    except binascii.Error, err:
+        raise exceptions.KeyringException("Error creating keyring. Verify correct key data for key: %s. Reason: %s" % (key_name, err))
     return keyring