Your IP : 52.15.233.83


Current Path : /usr/lib/python3.6/site-packages/isc/__pycache__/
Upload File :
Current File : //usr/lib/python3.6/site-packages/isc/__pycache__/policy.cpython-36.pyc

3

���f2g�@s:ddlZddljZddljZddlTddlmZGdd�d�ZGdd�d�ZGdd	�d	e	�Z
Gd
d�d�Zedk�r6ddl
Z
e
jd
dkr�ee
jd�Zej�Zej�ed
d�Zeje�nxe
jd
dk�r6y4ee
jdddd�Zeejd�eejd��Wn2e	k
�r4Zzeejd�WYddZ[XnXdS)�N)�*)�copyc
@s�eZdZd3Zed4ZiZdZdZdZdZ	dZ
dd�Zdd�Zd d!�Z
d"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2S)5�	PolicyLex�POLICY�ALGORITHM_POLICY�ZONE�	ALGORITHM�	DIRECTORY�KEYTTL�KEY_SIZE�ROLL_PERIOD�PRE_PUBLISH�POST_PUBLISH�COVERAGE�STANDBY�NONE�
DATESUFFIX�KEYTYPE�ALGNAME�STR�QSTRING�NUMBER�LBRACE�RBRACE�SEMIz 	z	(//|\#).*z\{z\}�;cCs|jj|jjd�7_dS)z\n+�
N)�lexer�lineno�value�count)�self�t�r#�/usr/lib/python3.6/policy.py�	t_newline7szPolicyLex.t_newlinecCs|jj|jjd�7_dS)z/\*(.|\n)*?\*/rN)rrrr )r!r"r#r#r$�	t_comment;szPolicyLex.t_commentcCstjd|j�jd�j�|_|S)z�(?i)(?<=[0-9 \t])(y(?:ears|ear|ea|e)?|mo(?:nths|nth|nt|n)?|w(?:eeks|eek|ee|e)?|d(?:ays|ay|a)?|h(?:ours|our|ou|o)?|mi(?:nutes|nute|nut|nu|n)?|s(?:econds|econd|econ|eco|ec|e)?)\bz(?i)(y|mo|w|d|h|mi|s)([a-z]*)�)�re�matchr�group�lower)r!r"r#r#r$�t_DATESUFFIX?szPolicyLex.t_DATESUFFIXcCs|jj�|_|S)z(?i)\b(KSK|ZSK)\b)r�upper)r!r"r#r#r$�	t_KEYTYPEDszPolicyLex.t_KEYTYPEcCs|jj�|_|S)z�(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b)rr-)r!r"r#r#r$�	t_ALGNAMEIszPolicyLex.t_ALGNAMEcCs|jj|jd�|_|S)z[A-Za-z._-][\w._-]*r)�reserved_map�getr�type)r!r"r#r#r$�t_STRNszPolicyLex.t_STRcCs&|jj|jd�|_|jdd�|_|S)z"([^"\n]|(\\"))*"rr'���)r0r1rr2)r!r"r#r#r$�	t_QSTRINGSszPolicyLex.t_QSTRINGcCst|j�|_|S)z\d+)�intr)r!r"r#r#r$�t_NUMBERYszPolicyLex.t_NUMBERcCs"td|jd�|jjd�dS)NzIllegal character '%s'rr')�printrr�skip)r!r"r#r#r$�t_error^szPolicyLex.t_errorcKsbdtt�krtjdd�}n
tdd�}x"|jD]}||j|j�j|�<q,Wtjfd|i|��|_dS)N�	maketrans�_�-�object)	�dir�strr;�reservedr0r+�	translate�lexr)r!�kwargsZtrans�rr#r#r$�__init__bs
zPolicyLex.__init__cCs.|jj|�x|jj�}|sPt|�qWdS)N)r�input�tokenr8)r!�textr"r#r#r$�testks
zPolicyLex.testN)
rrrrr	r
rrr
rrrr)	rrrrrrrrr)�__name__�
__module__�__qualname__rA�tokensr0Zt_ignoreZt_ignore_olcommentZt_LBRACEZt_RBRACEZt_SEMIr%r&r,r.r/r3r5r7r:rFrJr#r#r#r$rsN	rc
@s�eZdZdZdZdZdZdZdZdZ	dZ
dZdZdZ
dZdZdZdZdZddgddgddgddgddgddgddgdddddd�Zddd�Zd	d
�Zdd�Zd
d�Zdd�Zdd�ZdS)�PolicyFNiii)�DSA�NSEC3DSA�RSAMD5�RSASHA1�NSEC3RSASHA1�	RSASHA256�	RSASHA512�ECCGOST�ECDSAP256SHA256�ECDSAP384SHA384�ED25519�ED448cCs||_||_||_dS)N)�name�	algorithm�parent)r!r\r]r^r#r#r$rF�szPolicy.__init__cCsFd|jrdp"|jrdp"|jr dp"d|jp*d|jr8|jjp:d|jrRdt|j�dpTd|jp\d|jrlt|j�pnd|j	r~t|j	�p�d|j
r�t|j
�p�d|jr�t|j�p�d|jr�t|j�p�d|j
r�t|j
�p�d|jr�t|j�p�d|jr�t|j�p�d|jr�t|j�p�d|j�rt|j��pd|j�r(t|j��p*d|j�r>t|j��p@dfS)	Na%spolicy %s:
	inherits %s
	directory %s
	algorithm %s
	coverage %s
	ksk_keysize %s
	zsk_keysize %s
	ksk_rollperiod %s
	zsk_rollperiod %s
	ksk_prepublish %s
	ksk_postpublish %s
	zsk_prepublish %s
	zsk_postpublish %s
	ksk_standby %s
	zsk_standby %s
	keyttl %s
zconstructed zzone z
algorithm �ZUNKNOWN�None�")�is_constructed�is_zone�is_algr\r^�	directoryr@r]�coverage�ksk_keysize�zsk_keysize�ksk_rollperiod�zsk_rollperiod�ksk_prepublish�ksk_postpublish�zsk_prepublish�zsk_postpublish�ksk_standby�zsk_standby�keyttl)r!r#r#r$�__repr__�s(

zPolicy.__repr__cCs |d|ko|dkSS)Nrr'r#)r!Zkey_sizeZ
size_ranger#r#r$Z
__verify_size�szPolicy.__verify_sizecCs|jS)N)r\)r!r#r#r$�get_name�szPolicy.get_namecCs|jS)N)rb)r!r#r#r$�constructed�szPolicy.constructedcCs$|jr:|jdk	r:|j|jkr:t|j�dd|j|jffS|jrj|jdk	rj|j|jkrjdd|j|jffS|jr�|jdk	r�|j|jkr�dd|j|jffS|jr�|jdk	r�|j|jkr�dd|j|jffS|jo�|jo�|jo�|j|j|jk�rdd|j|j|jffS|j�rL|j�rL|j�rL|j|j|jk�rLdd|j|j|jffS|jdk	�r |jj	|j�}|dk	�r�|j
|j|��s�dd
|j|ffS|j
|j|��s�dd|j|ffS|jdk�r�|jddk�r�dd|jfS|jdk�r|jddk�rdd|jfS|jd k�r d|_d|_d!S)"zr Check if the values in the policy make sense
        :return: True/False if the policy passes validation
        NFz6KSK pre-publish period (%d) exceeds rollover period %dz7KSK post-publish period (%d) exceeds rollover period %dz6ZSK pre-publish period (%d) exceeds rollover period %dz7ZSK post-publish period (%d) exceeds rollover period %dz%KSK pre/post-publish periods (%d/%d) z"combined exceed rollover period %dz%ZSK pre/post-publish periods (%d/%d) z&KSK key size %d outside valid range %sz&ZSK key size %d outside valid range %srPrQ�@rz$KSK key size %d not divisible by 64 zas required for DSAz$ZSK key size %d not divisible by 64 rWrXrYrZr[Tr_zGKSK pre/post-publish periods (%d/%d) combined exceed rollover period %dzGZSK pre/post-publish periods (%d/%d) combined exceed rollover period %d)rPrQz7KSK key size %d not divisible by 64 as required for DSA)rPrQz7ZSK key size %d not divisible by 64 as required for DSA)rWrXrYrZr[)Tr_)
rirkr8rlrjrmrnr]�valid_key_sz_per_algor1�_Policy__verify_sizergrh)r!Zkey_sz_ranger#r#r$�validate�s�





zPolicy.validate)NNN)rKrLrMrcrdrbrirjrkrmrlrnrgrhrorprqrfrervrFrrrwrsrtrxr#r#r#r$rOvsD
&rOc@seZdZdS)�PolicyExceptionN)rKrLrMr#r#r#r$ry)sryc@s.eZdZiZiZiZdZdZdZdEdd�Z	dd�Z
dd�Zd	d
�Zdd�Z
d
d�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Z d3d4�Z!d5d6�Z"d7d8�Z#d9d:�Z$d;d<�Z%d=d>�Z&d?d@�Z'dAdB�Z(dCdD�Z)dS)F�
dnssec_policyNTcKs�t�|_|jj|_d|kr"d|d<d|kr2d|d<tjfd|i|��|_|jd�t�}d|_d|_d|_	d|_
t|�|jd<d|jd_d|jd_
d	|jd_	t|�|jd
<d
|jd
_d
|jd
_
d	|jd
_	t|�|jd<d|jd_d|jd_
t|�|jd<d|jd_d|jd_
t|�|jd
<d
|jd
_d
|jd
_
t|�|jd<d|jd_d|jd_
t|�|jd<d|jd_d|jd_
t|�|jd<d|jd_d|jd_
t|�|jd<d|jd_d|jd_
d|jd_	d|jd_
t|�|jd<d|jd_d|jd_
d|jd_	d|jd_
t|�|jd<d|jd_d|jd_
d|jd_	d|jd_
t|�|jd<d|jd_d|jd_
d|jd_	d|jd_
|�r�|j|�dS)N�debugF�write_tables�moduleapolicy global { algorithm rsasha256;
                                      key-size ksk 2048;
                                      key-size zsk 2048;
                                      roll-period ksk 0;
                                      roll-period zsk 1y;
                                      pre-publish ksk 1mo;
                                      pre-publish zsk 1mo;
                                      post-publish ksk 1mo;
                                      post-publish zsk 1mo;
                                      standby ksk 0;
                                      standby zsk 0;
                                      keyttl 1h;
                                      coverage 6mo; };
                      policy default { policy global; };TirPirQrRrSrTrUrVrWrXrYrZr[)r�plexrN�yacc�parser�setuprOr]rdrgrhr�
alg_policyr\�load)r!�filenamerD�pr#r#r$rF4s|

zdnssec_policy.__init__c	CsH||_d|_t|��$}|j�}d|jj_|jj|�WdQRXd|_dS)NTr)	r��initial�open�readr~rrr��parse)r!r��frIr#r#r$r��s

zdnssec_policy.loadcCs d|_d|jj_|jj|�dS)NTr)r�r~rrr�r�)r!rIr#r#r$r��s
zdnssec_policy.setupc	Ks`|j�}d}||jkr |j|}|dkrBt|jd�}||_d|_|jdkr�|jpZ|jd}x|rr|jrr|j}q^W|r~|jp�d|_|j|jkr�|j|j}nt	d��|j
dkr�|jp�|jd}x|dk	r�|j
r�|j}q�W|o�|j
|_
|jdk�r:|j�p|jd}x|�r"|j�r"|j}�qW|�r2|j�p6|j|_|jdk�r�|j�pV|jd}x|j�rv|j�rv|j}�qZW|�r�|j�p�|j|_|j
dk�r�|j�p�|jd}x|j�r�|j
�r�|j}�q�W|�r�|j
�p�|j
|_
|jdk�r6|j�p�|jd}x|j�r|j�r|j}�qW|�r.|j�p2|j|_|jdk�r�|j�pR|jd}x|j�rr|j�rr|j}�qVW|�r�|j�p�|j|_|jdk�r�|j�p�|jd}x|j�r�|j�r�|j}�q�W|�r�|j�p�|j|_|jdk�r2|j�p�|jd}x|j�r|j�r|j}�q�W|�r*|j�p.|j|_|jdk�r�|j�pN|jd}x|j�rn|j�rn|j}�qRW|�r~|j�p�|j|_|jdk�r�|j�p�|jd}x|j�r�|j�r�|j}�q�W|�r�|j�p�|j|_|jdk�r(|j�p�|jd}x |dk	�r|j�r|j}�q�W|�o$|j|_d|k�s>|d�r\|j�\}}|�s\t	|��dS|S)N�defaultTzalgorithm not foundZ
novalidate)r+�zone_policyr�named_policyr\rbr]r^r�ryrerfrgrhrirjrkrmrlrnrqrx)	r!ZzonerD�zr�r^ZapZvalid�msgr#r#r$�policy�s�





zdnssec_policy.policycCsdS)zBpolicylist : init policy
                      | policylist policyNr#)r!r�r#r#r$�p_policylist
szdnssec_policy.p_policylistcCs
d|_dS)zinit :FN)r�)r!r�r#r#r$�p_initszdnssec_policy.p_initcCsdS)zTpolicy : alg_policy
                  | zone_policy
                  | named_policyNr#)r!r�r#r#r$�p_policyszdnssec_policy.p_policycCs|d|d<dS)zAname : STR
                | KEYTYPE
                | DATESUFFIXr'rNr#)r!r�r#r#r$�p_nameszdnssec_policy.p_namecCs,|dj�|d<tjd|d�s(td��dS)zcdomain : STR
                  | QSTRING
                  | KEYTYPE
                  | DATESUFFIXr'rz^[\w.-][\w.-]*$zinvalid domainN)�stripr(r)ry)r!r�r#r#r$�p_domain szdnssec_policy.p_domaincCst�|_dS)znew_policy :N)rO�current)r!r�r#r#r$�p_new_policy*szdnssec_policy.p_new_policycCs(|d|j_d|j_|j|j|d<dS)zFalg_policy : ALGORITHM_POLICY ALGNAME new_policy alg_option_group SEMI�TN)r�r\rdr�)r!r�r#r#r$�p_alg_policy.szdnssec_policy.p_alg_policycCs8|djd�|j_d|j_|j|j|djd�j�<dS)z=zone_policy : ZONE domain new_policy policy_option_group SEMIr��.TN)�rstripr�r\rcr�r+)r!r�r#r#r$�
p_zone_policy5szdnssec_policy.p_zone_policycCs$|d|j_|j|j|dj�<dS)z>named_policy : POLICY name new_policy policy_option_group SEMIr�N)r�r\r�r+)r!r�r#r#r$�p_named_policy<szdnssec_policy.p_named_policycCs|d|d<dS)zduration : NUMBERr'rNr#)r!r�r#r#r$�p_duration_1Bszdnssec_policy.p_duration_1cCsd|d<dS)zduration : NONENrr#)r!r�r#r#r$�p_duration_2Gszdnssec_policy.p_duration_2cCs�|ddkr|dd|d<n�|ddkr<|dd|d<n�|ddkrZ|dd	|d<n||dd
krx|dd|d<n^|ddkr�|dd
|d<n@|ddkr�|dd|d<n"|ddkr�|d|d<ntd��dS)zduration : NUMBER DATESUFFIXr��yr'i�3�r�moi�'�wi�:	�di�Q�hiZmi�<�szinvalid durationN)ry)r!r�r#r#r$�p_duration_3Lszdnssec_policy.p_duration_3cCsdS)z6policy_option_group : LBRACE policy_option_list RBRACENr#)r!r�r#r#r$�p_policy_option_group_sz#dnssec_policy.p_policy_option_groupcCsdS)zmpolicy_option_list : policy_option SEMI
                              | policy_option_list policy_option SEMINr#)r!r�r#r#r$�p_policy_option_listcsz"dnssec_policy.p_policy_option_listcCsdS)a�policy_option : parent_option
                         | directory_option
                         | coverage_option
                         | rollperiod_option
                         | prepublish_option
                         | postpublish_option
                         | keysize_option
                         | algorithm_option
                         | keyttl_option
                         | standby_optionNr#)r!r�r#r#r$�p_policy_optionhszdnssec_policy.p_policy_optioncCsdS)z0alg_option_group : LBRACE alg_option_list RBRACENr#)r!r�r#r#r$�p_alg_option_groupusz dnssec_policy.p_alg_option_groupcCsdS)z^alg_option_list : alg_option SEMI
                           | alg_option_list alg_option SEMINr#)r!r�r#r#r$�p_alg_option_listyszdnssec_policy.p_alg_option_listcCsdS)aalg_option : coverage_option
                      | rollperiod_option
                      | prepublish_option
                      | postpublish_option
                      | keyttl_option
                      | keysize_option
                      | standby_optionNr#)r!r�r#r#r$�p_alg_option~szdnssec_policy.p_alg_optioncCs|j|dj�|j_dS)zparent_option : POLICY namer�N)r�r+r�r^)r!r�r#r#r$�p_parent_option�szdnssec_policy.p_parent_optioncCs|d|j_dS)z$directory_option : DIRECTORY QSTRINGr�N)r�re)r!r�r#r#r$�p_directory_option�sz dnssec_policy.p_directory_optioncCs|d|j_dS)z#coverage_option : COVERAGE durationr�N)r�rf)r!r�r#r#r$�p_coverage_option�szdnssec_policy.p_coverage_optioncCs*|ddkr|d|j_n|d|j_dS)z0rollperiod_option : ROLL_PERIOD KEYTYPE durationr��KSK�N)r�rirj)r!r�r#r#r$�p_rollperiod_option�sz!dnssec_policy.p_rollperiod_optioncCs*|ddkr|d|j_n|d|j_dS)z0prepublish_option : PRE_PUBLISH KEYTYPE durationr�r�r�N)r�rkrm)r!r�r#r#r$�p_prepublish_option�sz!dnssec_policy.p_prepublish_optioncCs*|ddkr|d|j_n|d|j_dS)z2postpublish_option : POST_PUBLISH KEYTYPE durationr�r�r�N)r�rlrn)r!r�r#r#r$�p_postpublish_option�sz"dnssec_policy.p_postpublish_optioncCs*|ddkr|d|j_n|d|j_dS)z(keysize_option : KEY_SIZE KEYTYPE NUMBERr�r�r�N)r�rgrh)r!r�r#r#r$�p_keysize_option�szdnssec_policy.p_keysize_optioncCs*|ddkr|d|j_n|d|j_dS)z'standby_option : STANDBY KEYTYPE NUMBERr�r�r�N)r�rorp)r!r�r#r#r$�p_standby_option�szdnssec_policy.p_standby_optioncCs|d|j_dS)zkeyttl_option : KEYTTL durationr�N)r�rq)r!r�r#r#r$�p_keyttl_option�szdnssec_policy.p_keyttl_optioncCs|d|j_dS)z$algorithm_option : ALGORITHM ALGNAMEr�N)r�r])r!r�r#r#r$�p_algorithm_option�sz dnssec_policy.p_algorithm_optioncCsd|r.td|jpd|jrdnd|j|jf�n2|js`td|jp@d|jrJdnd|rV|jpXdf��dS)Nz%s%s%d:syntax error near '%s'r_�:z%s%s%d:unexpected end of inputr)r8r�rrr�ry)r!r�r#r#r$�p_error�szdnssec_policy.p_error)N)*rKrLrMr�r�r�r�r�r�rFr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r#r#r#r$rz,sN
_
h


rz�__main__r'rCr�)r{r�T)r|r{r�znonexistent.zone)r(Zply.lexrCZply.yaccr�stringrrrO�	ExceptionryrzrK�sys�argvr��filer�rI�closer~rJZppr8r�r��e�argsr#r#r#r$�<module>s6

`4!



?>