ius/dnstools: comparison bin/dnssec-keytool

equal deleted inserted replaced

-:0c9f37c94f0c
+:3c725372a1ce
 use strict;
 use File::Temp;
 use Getopt::Long;
 use Pod::Usage;
 use File::Basename;
+use Net::LibIDN qw(:all);
 use if $ENV{DEBUG} => "Smart::Comments";
 use DNStools::Config qw(get_config);
 my $ME = basename $0;
-sub read_conf(@);
-sub read_argv($);
 sub rm_keys($@);
-sub ck_zone($@);
+sub check_zone($@);
 sub create_ksk($@);
-sub create_zsk($@);
+sub create_zsk(@);
 sub post_create($@);
+my $CHARSET = "UTF-8";
+my %cf;
 MAIN: {
-### reading config
-my %conf = get_config();
+%cf = get_config();
+my $cmd;
-my ($cmd, @zones) = read_argv($conf{master_dir});
+system("command -v dnssec-keygen &>/dev/null");
-given ($cmd) {
+die "$ME: command 'dnssec-keygen' not found in $ENV{PATH}\n" if $?;
-when ("rm") { rm_keys($conf{master_dir}, @zones); exit }
-when ("ck") { ck_zone($conf{master_dir}, @zones) }
-when ("ksk") { create_ksk($conf{master_dir}, @zones) }
-};
-create_zsk($conf{master_dir}, @zones);
-post_create($conf{master_dir}, @zones);
-}
-sub read_argv ($) {
-my ($master_dir) = @_;
-my ($cmd, @zones);    # return
 GetOptions(
-"zsk"      => sub { $cmd = "zsk" },
+"zsk" => sub { push @$cmd => "zsk" },
-"ksk"      => sub { $cmd = "ksk" },
+"ksk" => sub { push @$cmd => "ksk" },
-"rm"       => sub { $cmd = "rm" },
+"rm"  => sub { push @$cmd => "rm" },
-"ck|check" => sub { $cmd = "ck" },
+"check" => sub { $cmd = "check" },
-"h|help" => sub { pod2usage(-exitvalue => 0, -verbose => 1) },
+"h|help" => sub { pod2usage(-exit => 0, -verbose => 1) },
 "m|man"  => sub {
 pod2usage(
--exitvalue => 0,
+-exit      => 0,
 -noperldoc => system("perldoc -V &>/dev/null"),
 -verbose   => 2
 );
 },
 )
 and @ARGV
+and @$cmd == 1
+and $cmd = $cmd->[0]
 or pod2usage;
-# checks the zones in argv if there are managed zones
+# checks the zones in argv if they're managed ones
-foreach (@ARGV) {
+my @zones;
-chomp(my $zone = `idn --quiet "$_"`);
+foreach my $utf8zone (@ARGV) {
+my $zone = idn_to_ascii($utf8zone, $CHARSET);
 die "zone $zone is not managed\n"
-if not -f "$master_dir/$zone/$zone";
+if not -f "$cf{master_dir}/$zone/$zone";
 push @zones, $zone;
 }
-return ($cmd, @zones);
-}
+given ($cmd) {
+when ("zsk")   { exit create_zsk(@zones) };
+#when ("ksk")   { return create_ksk(@zones) };
+#when ("check") { return check_zone(@zones) };
+#when ("rm")    { return rm_keys(@zones) };
+	default		{ die "not implemented\n" };
+};
+}
 sub rm_keys ($@) {
 # deletes all the keys were handed over -rm in argv
 my ($master_dir, @zone) = @_;
 if ($ep == 1) {
 print " * $zone: removed key-set\n";
 }
-	open(my $old, "$zpf/$zone") or die "$zpf/$zone: $!\n";
+open(my $old, "$zpf/$zone") or die "$zpf/$zone: $!\n";
-	my $fh = File::Temp->new(DIR => $zpf) or die "Can't create tmpfile: $!\n";
+my $fh = File::Temp->new(DIR => $zpf)
-	print $fh grep { not /^\s*\$INCLUDE.*"K$zone.*\.key"/i } <$old>;
+or die "Can't create tmpfile: $!\n";
-	rename($fh->filename => "$zpf/$zone")
+print $fh grep { not /^\s*\$INCLUDE.*"K$zone.*\.key"/i } <$old>;
-	    or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+rename($fh->filename => "$zpf/$zone")
+or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
 }
 }
 sub create_ksk ($@) {
 my ($master_dir, @zone) = @_;
 print "!! THE KSK must be published !! \n";
 }
 }
-sub create_zsk ($@) {
+sub create_zsk (@) {
-my ($master_dir, @zone) = @_;
+my @zones = @_;
-my @index;
 my $keyname;
-for (@zone) {
+foreach my $zone (@zones) {
-my $zone = $_;
+my $dir  = "$cf{master_dir}/$zone";
-my $zpf  = "$master_dir/$zone";
+chomp($keyname = `cd $dir && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`);
-$keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
+	my @index;
-unless (-f "$zpf/.index.zsk") {
+	open(my $idx, "+>>", "$dir/.index.zsk") or die "Can't open $dir/.index.zsk: $!\n";
-@index = ();
+	seek($idx, 0, 0);
-}
+	chomp(@index = <$idx>);
-else {
-open(INDEX, "$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
-@index = <INDEX>;
-close(INDEX);
-}
 push @index, $keyname;
-if (@index > 2) { shift(@index); }
+	shift @index if @index > 2;
-{
+	truncate($idx, 0);
-my $fh = File::Temp->new(DIR => "$zpf")
+	print $idx join "\n" => @index, "";
-or die "Can't create tmpdir: $!\n";
+	close($idx);
-print $fh join "" => @index, "";
-rename($fh->filename => "$zpf/.index.zsk")
+say "$zone: new ZSK $keyname";
-or die "Can't rename "
-. $fh->filename
+open(my $kc, ">", "$dir/.keycounter") or die "$dir/.keycounter: $!\n";
-. " to $zpf/.index.zsk: $!\n";
+print $kc "0\n";
-}
+close($kc);
-chomp($keyname);
+}
-print " * $zone: new ZSK $keyname\n";
+}
-open(KC, ">$zpf/.keycounter") or die "$zpf/keycounter: $!\n";
+sub check_zone ($@) {
-print KC "0";
-close(KC);
-}
-}
-sub ck_zone ($@) {
 my ($master_dir, @zone) = @_;
 for (@zone) {
 my $zone = $_;
 my $zpf  = "$master_dir/$zone";
 =pod
 =head1 NAME
-dnssec-keytool
+dnssec-keytool - key management
 =head1 SYNOPSIS
-dnssec-keytool {-z|-k|-r|-c} zone
+dnssec-keytool {--zsk|--ksk|--rm|--check} zone...
 =head1 DESCRIPTION
 Blabla.
 =head1 OPTIONS
 =over
-=item B<-z>  created a new ZSK
+=item B<--zsk>
-=item B<-k>  created a new ZSK and KSK
+Create a new ZSK for the zones.
-=item B<-r>  delete the key-set of a zone
+=item B<--ksk>
-=item B<-c>  created configuration files for the dnstools and a new ZSK for an existing KSK
+Create a new KSK for the zones.
+=item B<--rm>
+Remote all key material from the zones.
+=item B<--check>
+???
 =back
 =cut

changeset 104	3c725372a1ce
parent 85	c47953192c5c
child 113	30bd047cd057