--- a/dnssec-keytool.pl Tue Dec 21 17:00:11 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,370 +0,0 @@
-#! /usr/bin/perl
-
-use warnings;
-use strict;
-use FindBin;
-
-sub del_double {
- my %all;
- grep { $all{$_} = 0 } @_;
- return (keys %all);
-}
-
-sub read_conf {
-
- # read configuration
- my @configs = ("$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf");
- our %config;
-
- for (grep { -f } @configs) {
- open(CONFIG, $_) or die "Can't open $_: $!\n";
- }
- unless (seek(CONFIG, 0, 0)) {
- die "Can't open config (searched: @configs)\n";
- }
- while (<CONFIG>) {
- chomp;
- s/#.*//;
- s/\t//g;
- s/\s//g;
-
- next unless length;
- my ($cname, $ccont) = split(/\s*=\s*/, $_, 2);
- $config{$cname} = $ccont;
- }
- close(CONFIG);
-}
-
-sub read_argv {
- # evaluate argv or print the help
- my $arg = shift @ARGV;
- my $zone;
- our $do;
- our @zones;
- our $master_dir;
-
- if (!defined $arg) {
- print " usage: dnssec-keytool <option> zone\n";
- print " -z created a new ZSK\n";
- print " -k created a new ZSK and KSK\n";
- print " -rm deletes the key-set of a zone\n";
- print " -c created configuration files for the dnstools\n";
- print " and a new ZSK for an existing KSK\n";
- print "\n";
-
- exit;
- }
- elsif ($arg eq "-k") { $do = "ksk"; }
- elsif ($arg eq "-rm") { $do = "rm"; }
- elsif ($arg eq "-c") { $do = "ck"; }
- elsif ($arg eq "-z") { $do = "zsk"; }
- else {
- print "not a valid option.\n";
- exit;
- }
-
- # checks the zones in argv if there are managed zones
- for (@ARGV) {
- chomp($zone = `idn --quiet "$_"`);
- if (-e "$master_dir/$zone/$zone") {
- push @zones, $zone;
- }
- }
-}
-
-sub rm_keys {
- # deletes all the keys were handed over -rm in argv
- our @zones;
- our $master_dir;
- my $zone;
- my @new_zone_content;
- my @old_zone_content;
-
- for (@zones) {
- $zone = $_;
-
- my $zpf = "$master_dir/$zone";
- my $ep = 0;
-
- if (-e "$zpf/$zone.signed") {
- unlink "$zpf/$zone.signed" and $ep = 1;
- }
- if (-e "$zpf/.keycounter") {
- unlink "$zpf/.keycounter" and $ep = 1;
- }
- if (-e "$zpf/.index.ksk") {
- unlink "$zpf/.index.ksk" and $ep = 1;
- }
- if (-e "$zpf/.index.zsk") {
- unlink "$zpf/.index.zsk" and $ep = 1;
- }
- if (-e "$zpf/dsset-$zone.") {
- unlink "$zpf/dsset-$zone." and $ep = 1;
- }
- if (-e "$zpf/keyset-$zone.") {
- unlink "$zpf/keyset-$zone." and $ep = 1;
- }
-
- for (glob("$zpf/K$zone*")) {
- chomp($_);
- unlink ("$_");
- }
-
- if ($ep == 1) {
- print " * $zone: removed key-set\n";
- }
-
- open(ZONE, "$zpf/$zone")
- or die "$zpf/$zone: $!\n";
- @old_zone_content = <ZONE>;
- close(ZONE);
-
- for (@old_zone_content) {
- unless (m#\$INCLUDE.*\"K$zone.*\.key\"#) {
- push @new_zone_content, $_;
- }
- }
-
- open(ZONE, ">$zpf/$zone") or die "$zpf/$zone: $!\n";
- print ZONE @new_zone_content;
- close(ZONE);
- }
-}
-
-sub creat_ksk {
- our @zones;
- our $master_dir;
- my @index;
- my $zone;
- my $keyname;
- my $zpf;
-
- for (@zones) {
- $zone = $_;
- $zpf = "$master_dir/$zone";
-
- chdir "$zpf" or die "$zpf: $!\n";
- $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
-
- unless (-f ".index.ksk") { @index = (); }
- else {
- open(INDEX, ".index.ksk") or die "$zpf/.index.ksk: $!\n";
- @index = <INDEX>;
- close(INDEX);
- }
-
- push @index, $keyname;
- if (@index > 2) { shift(@index); }
-
- open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
- print INDEX @index;
- close(INDEX);
-
- chomp($keyname);
- print " * $zone: new KSK $keyname\n";
-
- print "!! THE KSK must be published !! \n";
-
- }
-}
-
-sub creat_zsk {
- our @zones;
- our $master_dir;
- my @index;
- my $zone;
- my $keyname;
- my $zpf;
-
- for (@zones) {
- $zone = $_;
- $zpf = "$master_dir/$zone";
-
- chdir "$zpf" or die "$zpf: $!\n";
- $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
-
- unless (-f ".index.zsk") { @index = (); }
- else {
- open(INDEX, ".index.zsk") or die "$zpf/.index.zsk: $!\n";
- @index = <INDEX>;
- close(INDEX);
- }
-
- push @index, $keyname;
- if (@index > 2) { shift(@index); }
-
- open(INDEX, ">.index.zsk") or die "$zpf/.index.zsk: $!\n";
- print INDEX @index;
- close(INDEX);
-
- chomp($keyname);
- print " * $zone: new ZSK $keyname\n";
-
- open(KC, ">.keycounter") or die "$zpf/keycounter: $!\n";
- print KC "0";
- close(KC);
-
- }
-}
-
-sub ck_zone {
- our @zones;
- our $master_dir;
- my $zone;
-
- for (@zones) {
- $zone = $_;
- my $zpf = "$master_dir/$zone";
- my $keyfile;
- my @content;
- my @keylist;
-
- for (<$zpf/*>) {
- if (m#(K$zone.*\.key)#) {
- $keyfile = $1;
- open(KEYFILE, "<$zpf/$keyfile");
- @content = <KEYFILE>;
- close(KEYFILE);
- for (@content) {
- if (m#DNSKEY.257#) {
- push @keylist, $keyfile;
- }
- }
- }
- }
-
- open(INDEX, ">.index.ksk") or die "$zpf/.index.ksk: $!\n";
- for (@keylist) {
- s#\.key##;
- print INDEX "$_\n";
- }
- close(INDEX);
-
- print " * $zone: new .index.ksk created\n";
-
- if (-f "$zpf/.index.zsk") {
- unlink("$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
- }
- }
-}
-
-sub post_creat {
- our @zones;
- our $master_dir;
-
- for (@zones) {
- my $zone = $_;
- `touch $master_dir/$zone/$zone`;
-
- &kill_useless_keys($zone);
- &key_to_zonefile($zone);
- }
-
-}
-
-sub kill_useless_keys {
-
- # the function deletes all keys that are not available in the zone
- # of index.zsk
- our $master_dir;
- my $zone = $_[0];
- my @keylist = ();
- my $zpf = "$master_dir/$zone";
-
- open(INDEX, "<$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
- @keylist = <INDEX>;
- close(INDEX);
- open(INDEX, "<$zpf/.index.ksk") or die "$zpf/.index.ksk: $!\n";
- push @keylist, <INDEX>;
-
- # shortened the key name from the index file on the id in order to
- # be able to compare
- for (@keylist) {
- chomp;
- s#K.*\+.*\+(.*)#$1#;
- }
-
- # reviewed every key file (KSK, ZSK), whether they are described in
- # the respective index file. if not they will be deleted.
- for ( glob("$master_dir/$zone/K*") {
- chomp;
- my $file = $_;
- my $rm_count = 1;
- my $keyname;
- for (@keylist) {
- if ($file =~ /$_/) { $rm_count = 0; }
- }
- if ($rm_count == 1) {
- unlink "$file";
- if ($file =~ /$zpf\/(.*\.key)/) {
- print " * $zone: Schluessel $1 entfernt \n";
- }
- }
- }
-}
-
-sub key_to_zonefile {
-
- # the function added all keys to the indexfile
- our $master_dir;
- my $zone = $_[0];
- my $zpf = "$master_dir/$zone";
- my @old_content;
- my @new_content = ();
-
- open(ZONEFILE, "<$zpf/$zone");
- @old_content = <ZONEFILE>;
- close(ZONEFILE);
-
- for (@old_content) {
- unless (m#INCLUDE.*key#) { push @new_content, $_; }
- }
-
- for (<$zpf/*>) {
- if (m#(.*\/)(K.*\.key)#) {
- push @new_content, "\$INCLUDE \"$2\"\n";
- }
- }
- open(ZONEFILE, ">$zpf/$zone") or die "$zpf/$zone: $!\n";
- print ZONEFILE @new_content;
- close(ZONEFILE);
-}
-
-&read_conf;
-
-our %config;
-our $do; # statements from argv
-our @zones; # list of zones from argv
-our $master_dir = $config{master_dir};
-our $bind_dir = $config{bind_dir};
-our $conf_dir = $config{zone_conf_dir};
-our $sign_alert_time = $config{sign_alert_time};
-our $indexzone = $config{indexzone};
-our $key_counter_end = $config{key_counter_end};
-our $ablauf_zeit = $config{abl_zeit};
-
-&read_argv;
-
-# completed the program, if not a valid zones was handed over
-unless (@zones) { exit; }
-
-if ($do eq "rm") { &rm_keys; exit; }
-if ($do eq "ck") { &ck_zone; }
-if ($do eq "ksk") { &creat_ksk; }
-
-&creat_zsk;
-&post_creat;
-
-__END__
-
-=pod
-
-=head1 NAME
-
-dnssec-keytool
-
-=head1 SYNOPSIS
-
-dnssec-keytool <option> zone
-
-=head1 DESCRIPTION