3

�gk�@s�dd
lm
Z

ddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZ
dZddl
mZmZmZmZmZmZ
dd�Zddd	�
Zd
d�Zdd
�ZdS)�)
�print_functionN)
�defaultdictz
dnssec-keymgr)�dnskey�keydict�	keyseries�policy�parsetab�utilscOst||
�

t
jd
�

dS)N�
)�print�sys�exit)�args�kwargs�r�/usr/lib/python3.6/keymgr.py�fatals


rcCs�|
}|s(tj
j|�
s(tj|tj�r�tjd
}|s>tj
j}xB|jtj�
D]2}|tj	|}tj
j|�
rztj|tj�rzPd}qLW|S)a2
 find the location of a specified command. If a default is supplied,
    exists and it's an executable, we use it; otherwise we search PATH
    for an alternative.
    :param command: command to look for
    :param default: default value to use
    :return: PATH with the location of a suitable binary
    �PATHN)
�os�path�isfile�access�X_OK�environ�defpath�split�pathsep�sep)Zcommand�defaultZfpathrZ	directoryrrr�set_paths
$








rcCs�
td
t
jjtjd�
d
��}tdt
jjtjd�
d��}
tjtdd�
}|j	dt
ddd;d�
|j	dd
t
ddd�
|j	ddt
ddd�
|j	dd|t
dd
d�
|j	ddt
ddd
d�
|j	dd|
t
dd
d�
|j	d d!d"d#d$d%�
|j	d&d'd"d#d(d%�
|j	d)d*d+d"d#d<d%�
|j	d.d/d0d"d#d1d%�
|j	d2d3d4tjd5�
|j�}|j
�
rJ|j�
rJtd6�

|jdk�
r^td7�

|jdk�
rrtd8�

|jdk	�
r�t
jj|j�
�
s�td9|j�

n(t
jjtjd:�|_t
jj|j�
�
s�d|_|S)=zc Read command line arguments, returns 'args' object
    :return: args object properly prepared
    z
dnssec-keygenZsbinzdnssec-settimezA: schedule DNSSEC key rollovers according to a pre-defined policy)
�description�zone�
*Nz.Zone(s) to which the policy should be applied z%(default: all zones in the directory))�type�nargsr�helpz-KrzDirectory containing keys�dir)�destr#r%�metavarz-c�
policyfilezPolicy definition file�filez-g�keygenzPath to 'dnssec-keygen')r'rr#r%r(z-r�	randomdevz@Path to a file containing random data to pass to 'dnssec-keygen')r'r#rr%r(z-s�settimezPath to 'dnssec-settime'z-k�no_zsk�
store_trueFz,Only apply policy to key-signing keys (KSKs))r'�actionrr%z-z�no_kskz-Only apply policy to zone-signing keys (ZSKs)z-fz--force�forcezForce updates to key events zeven if they are in the pastz-qz--quiet�quietzUpdate keys silentlyz-vz	--version�version)r0r4z)ERROR: -z and -k cannot be used together.zERROR: dnssec-keygen not foundzERROR: dnssec-settime not foundz!ERROR: Policy file "%s" not foundzdnssec-policy.confzSZone(s) to which the policy should be applied (default: all zones in the directory)z8Force updates to key events even if they are in the past)rrr�joinr	�prefix�argparse�ArgumentParser�prog�add_argument�strr4�
parse_argsr.r1rr+r-r)�existsZ
sysconfdir)r+r-�parserrrrrr<6sb














































r<c:CsH
t�}|j
|j|j|jd
�}
ytj|j�
}Wn2tk
r^
}
zt	dt
|�
�

WYdd}~XnXyt||j|jd�}Wn2tk
r�
}
zt	dt
|�
�

WYdd}~XnXyt
||
d�}Wn2tk
r�
}
zt	dt
|�
�

WYdd}~XnXy |j||j|j|j|jd�
Wn4tk
�
rB
}
zt	dt
|�
�

WYdd}~XnXdS)	N)Zkeygen_pathZsettime_pathZ	keys_pathr,zUnable to load DNSSEC policy: )rZzonesz Unable to build key dictionary: )
�contextzUnable to build key series: )ZkskZzskr2r3zUnable to apply policy: )r<r+r-rr,rZ
dnssec_policyr)�	Exceptionrr;rr!rZenforce_policyr.r1r2r3)rr?Zdp�
eZkdZksrrr�main}s,







"


"


"



rB)
N)Z
__future__rrrr7Zglob�reZtimeZcalendar�pprint�collectionsrr9Ziscrrrrrr	rrr<rBrrrr�<module>s
@
 
G