3 8Pe @@sJddlZddlZddlZddlmZmZGdddeZGdddZdS)N)PopenPIPEcseZdZfddZZS)TimePastcstt|jd|||fdS)Nz'%s time for key %s (%d) is already past)superr__init__)selfkeypropvalue) __class__/usr/lib/python3.6/dnskey.pyrs zTimePast.__init__)__name__ __module__ __qualname__r __classcell__r r )r r rsrc@seZdZdZdqZdrZdsZdtd!d"Zd#d$Zd%d&Z e dud'd(Z d)d*Z e d+d,Ze d-d.Zdvd/d0Ze d1d2Ze d3d4Ze d5d6Ze d7d8Zd9d:Zd;d<Zd=d>Zd?d@ZdAdBZdCdDZejfdEdFZdGdHZejfdIdJZdKdLZejfdMdNZ dOdPZ!ejfdQdRZ"dSdTZ#ejfdUdVZ$dWdXZ%ejfdYdZZ&d[d\Z'ejfd]d^Z(d_d`Z)dadbZ*dcddZ+dedfZ,dgdhZ-didjZ.dwdkdlZ/dxdmdnZ0e dodpZ1d S)ydnskeyztAn individual DNSSEC key. Identified by path, name, algorithm, keyid. Contains a dictionary of metadata events.CreatedPublishActivateInactiveDeleteRevoke DSPublish SyncPublish SyncDeleteN-P-A-I-D-R-Psync-DsyncRSAMD5DHDSAECCRSASHA1NSEC3DSA NSEC3RSASHA1 RSASHA256 RSASHA512ECCGOSTECDSAP256SHA256ECDSAP384SHA384ED25519ED448cCst|tr:t|dkr:|pd|_|\}}}|j|||||pLtjj|pLd|_tjj|}|j d\}}}|dd}t |}t |j dd}|j||||dS)N.+r) isinstancetuplelen_dir fromtupleospathdirnamebasenamesplitint)rrZ directorykeyttlnamealgkeyidr r r r&s    zdnskey.__init__cs|jdr|}|jd}n|d}d|||f}|j|jr@tjpBd|d}|j|jr^tjp`d|d}||_||_t||_t||_ ||_ t |d} x| D]zddkrqj } | sq| d j dkrd } ||_nd} |st| d n||_t| | d @d krd|_qd|_qW| jt |d} t|_t|_t|_t|_t|_t|_t|_d|_x| D]j svddkrqvfdddDtg} tdd| D}d|j}|djdj}||j|<qvWxtjD]}d|j|<||jkrn|j|j|}||j|<|j ||j|<|j!||j|<|j||j|<n(d|j|<d|j|<d|j|<d|j|<qW| jdS)Nr2z K%s+%03d+%05dz.keyz.privaterr;r4inchhsr1TFZrUz!#csg|]}j|qSr )find).0c)liner r lsz$dnskey.fromtuple..z:= cSsg|]}|dkr|qS)r4r5r )rMposr r r rPms)rHrIrJ)"endswithrstripr9r;sepkeystrrBr@rCrDfullnameopenr?lowerttlclosedictZmetadata_changed_delete_times_fmttime _timestamps _original_origttlstripr8minlstripr_PROPS parsetime formattime epochfromtime)rrBrCrDrArVrUZkey_fileZ private_fileZkfptokensZseptokenZpfpZ punctuationfoundr r tr )rOr r:5sv                 zdnskey.fromtuplecKsr|jdd}g}d}|jdk r0|dt|jg7}xlttjtjD]Z\}}| s@|j| r\q@d}||j krx|j |rxd}|rdn|j |} ||| g7}d}q@W|rn|d|j g||j g} |st ddj| y0t| ttd } | j\} } | rtt| Wn8tk r:}ztd |t|fWYdd}~XnXd|_x*tjD] }|j||j|<d|j|<qJWdS) NquietFTz-LZnonez-Kz#  )stdoutstderrzunable to run %s: %s)getrbstrrYziprrf_OPTSr\r]r_r9rUprintjoinrr communicate Exceptionr`ra)rZ settime_binkwargsrmcmdfirstr optdeleteZwhenZfullcmdprorper r r commits<    " z dnskey.commitc KsL| jdd} |dd|dt|g} |r0| d|g7} |r>| jd|rN| d|g7} |rb| d t|g7} | rtj| }| d tj|g7} | rtj| }| d tj| g7} | j|| std d j| t| t t d}|j \}}|rt dt|y"|j dj d}t|||}|St k rF}zt dt|WYdd}~XnXdS)NrmFz-qz-Kz-Lz-rz-fkz-az-bz-Pz-Az# rn)rorpzunable to generate key: rasciiz!unable to parse generated key: %s)rqrrappendr timefromepochrhrurvrrrwrx splitlinesdecode)cls keygen_bin randomdevZkeys_dirrBrCZkeysizerTrYpublishactivateryrm keygen_cmdrlr~rorprUnewkeyrr r r generates:         zdnskey.generatec Ks|jdd}|js td||dd|jd|jg}|jrL|dt|jg7}|r\|d|g7}|rp|d t|g7}|std d j|t |t t d }|j \}} | rtd | y&|j dj d} t| |j|j} | Std|YnXdS)NrmFz'predecessor key %s has no inactive datez-qz-Kz-Sz-Lz-rz-iz# rn)rorpzunable to generate key: rrz'unable to generate successor for key %s)rqinactiverxr9rUrYrrrurvrrrwrrr) rrrZ prepublishryrmrr~rorprUrr r r generate_successors,     zdnskey.generate_successorcCs0d}|tttjkr tj|}|r(|Sd|S)Nz%03d)ranger8r _ALGNAMES)rCrBr r r algstrs z dnskey.algstrc Cs6|sdS|j}y tjj|Stk r0dSXdS)N)upperrrindex ValueError)rCr r r algnums z dnskey.algnumcCs|j|p |jS)N)rrC)rrCr r r algnameszdnskey.algnamecCs tj|S)N)timeZgmtime)secsr r r rszdnskey.timefromepochcCs tj|dS)Nz %Y%m%d%H%M%S)rZstrptime)stringr r r rg szdnskey.parsetimecCs tj|S)N)calendarZtimegm)rlr r r riszdnskey.epochfromtimecCs tjd|S)Nz %Y%m%d%H%M%S)rZstrftime)rlr r r rhszdnskey.formattimecKs|jdd}|j||krdS|j|dk rR|j||krR| rRt|||j||dkr|j|dkrldnd|j|<d|j|<d|j|<d|j|<d|j|<dS|j|}||j|<||j|<|j ||j|<|j||j|krdnd|j|<dS)NforceFT) rqr`rarr\r]r^r_rrh)rr rnowryrrlr r r setmetas$        zdnskey.setmetacCs |j|S)N)r^)rr r r r gettime2szdnskey.gettimecCs |j|S)N)r_)rr r r r getfmttime5szdnskey.getfmttimecCs |j|S)N)r`)rr r r r gettimestamp8szdnskey.gettimestampcCs |jdS)Nr)r`)rr r r created;szdnskey.createdcCs |jdS)Nr)r`)rr r r syncpublish>szdnskey.syncpublishcKs|jd||f|dS)Nr)r)rrrryr r r setsyncpublishAszdnskey.setsyncpublishcCs |jdS)Nr)r`)rr r r rDszdnskey.publishcKs|jd||f|dS)Nr)r)rrrryr r r setpublishGszdnskey.setpublishcCs |jdS)Nr)r`)rr r r rJszdnskey.activatecKs|jd||f|dS)Nr)r)rrrryr r r setactivateMszdnskey.setactivatecCs |jdS)Nr)r`)rr r r revokePsz dnskey.revokecKs|jd||f|dS)Nr)r)rrrryr r r setrevokeSszdnskey.setrevokecCs |jdS)Nr)r`)rr r r rVszdnskey.inactivecKs|jd||f|dS)Nr)r)rrrryr r r setinactiveYszdnskey.setinactivecCs |jdS)Nr)r`)rr r r r}\sz dnskey.deletecKs|jd||f|dS)Nr)r)rrrryr r r setdelete_szdnskey.setdeletecCs |jdS)Nr)r`)rr r r syncdeletebszdnskey.syncdeletecKs|jd||f|dS)Nr)r)rrrryr r r setsyncdeleteeszdnskey.setsyncdeletecCsR|dks|j|krdS|jdkr0|j|_||_n|j|krHd|_||_n||_dS)N)rYrb)rrYr r r setttlhs  z dnskey.setttlcCs|jr dSdS)NKSKZSK)rT)rr r r keytypetszdnskey.keytypecCsd|j|j|jfS)Nz %s/%s/%05d)rBrrD)rr r r __str__wszdnskey.__str__cCs"d|j|j|j|jrdndfS)Nz%s/%s/%05d (%s)rr)rBrrDrT)rr r r __repr__{szdnskey.__repr__cCs|jp|jp|jS)N)rrr)rr r r datesz dnskey.datecCs@|j|jkr|j|jkS|j|jkr0|j|jkS|j|jkS)N)rBrCr)rotherr r r __lt__s     z dnskey.__lt__cCsdd}|s|}ttj}|j}|j}|s4dS|sT||krP|dt|dS||krh||krhdS||kr|dt|tj|jpdfdS||kr|dt|dS|jdk r|||jkr|d t|tj|jpdfdSdS) Nc_sdS)Nr )argsryr r r noopsz!dnskey.check_prepub..noopFzFWARNING: Key %s is scheduled for activation but not for publication.TzWARNING: %s is scheduled to be published and activated at the same time. This could result in a coverage gap if the zone was previously signed. Activation should be at least %s after publication.zone DNSKEY TTLz0WARNING: Key %s is active before it is publishedzWARNING: Key %s is activated too soon after publication; this could result in coverage gaps due to resolver caches containing old data. Activation should be at least %s after publication.)r@rrrreprrdurationrY)routputrrar~r r r check_prepubs<   zdnskey.check_prepubcCsdd}|dkr|}|dkr"|j}|dkr>|dt|d }tj}|j}|j}|s^dS|s~||krz|dt|dS||kr||krdS||kr|d t|dS|||kr|d t|tj|fdSdS) Nc_sdS)Nr )rryr r r rsz"dnskey.check_postpub..noopz"WARNING: Key %s using default TTL.<FzEWARNING: Key %s is scheduled for deletion but not for inactivation.Tz@WARNING: Key %s is scheduled for deletion before inactivation.zWARNING: Key %s scheduled for deletion too soon after deactivation; this may result in coverage gaps due to resolver caches containing old data. Deletion should be at least %s after inactivation.iiQ)rYrrr}rrr)rrZtimespanrrdir r r check_postpubs:   zdnskey.check_postpubcCsz|sdSddddddg}g}xR|D]J}||d ||d }}|d kr"|jd ||d |d krbdndfq"Wdj|S) Nyearrrimmonthdayhourminutesecondr4rz%d %s%ssrEz, iiQ3)rriiQ')rriQ)rr)rr)rr)rr4)rrv)rZunitsrZunitvr r r rs (zdnskey.duration) rrrrrrrrr) Nrrrrr Nr!r")Nr#r$r%r&r'r(r)r*Nr+Nr,r-r.r/r0)NN)NN)N)N)NN)2rrr__doc__rfrtrrr:r classmethodrr staticmethodrrrrrgrirhrrrrrrrrrrrrrrrrr}rrrrrrrrrrrrr r r r rsb M% *        1 -r) r;rr subprocessrrrxrrr r r r  s