--- a/bin/dnssec-keytool Tue Jan 25 23:52:02 2011 +0100
+++ b/bin/dnssec-keytool Wed Jan 26 00:05:46 2011 +0100
@@ -7,69 +7,68 @@
use Getopt::Long;
use Pod::Usage;
use File::Basename;
+use Net::LibIDN qw(:all);
use if $ENV{DEBUG} => "Smart::Comments";
use DNStools::Config qw(get_config);
my $ME = basename $0;
-sub read_conf(@);
-sub read_argv($);
sub rm_keys($@);
-sub ck_zone($@);
+sub check_zone($@);
sub create_ksk($@);
-sub create_zsk($@);
+sub create_zsk(@);
sub post_create($@);
+my $CHARSET = "UTF-8";
+my %cf;
+
MAIN: {
- ### reading config
- my %conf = get_config();
-
- my ($cmd, @zones) = read_argv($conf{master_dir});
- given ($cmd) {
- when ("rm") { rm_keys($conf{master_dir}, @zones); exit }
- when ("ck") { ck_zone($conf{master_dir}, @zones) }
- when ("ksk") { create_ksk($conf{master_dir}, @zones) }
- };
+ %cf = get_config();
+ my $cmd;
- create_zsk($conf{master_dir}, @zones);
- post_create($conf{master_dir}, @zones);
-}
-
-sub read_argv ($) {
- my ($master_dir) = @_;
- my ($cmd, @zones); # return
+ system("command -v dnssec-keygen &>/dev/null");
+ die "$ME: command 'dnssec-keygen' not found in $ENV{PATH}\n" if $?;
GetOptions(
- "zsk" => sub { $cmd = "zsk" },
- "ksk" => sub { $cmd = "ksk" },
- "rm" => sub { $cmd = "rm" },
- "ck|check" => sub { $cmd = "ck" },
- "h|help" => sub { pod2usage(-exitvalue => 0, -verbose => 1) },
+ "zsk" => sub { push @$cmd => "zsk" },
+ "ksk" => sub { push @$cmd => "ksk" },
+ "rm" => sub { push @$cmd => "rm" },
+ "check" => sub { $cmd = "check" },
+ "h|help" => sub { pod2usage(-exit => 0, -verbose => 1) },
"m|man" => sub {
pod2usage(
- -exitvalue => 0,
+ -exit => 0,
-noperldoc => system("perldoc -V &>/dev/null"),
-verbose => 2
);
},
)
and @ARGV
+ and @$cmd == 1
+ and $cmd = $cmd->[0]
or pod2usage;
- # checks the zones in argv if there are managed zones
- foreach (@ARGV) {
- chomp(my $zone = `idn --quiet "$_"`);
+ # checks the zones in argv if they're managed ones
+ my @zones;
+ foreach my $utf8zone (@ARGV) {
+ my $zone = idn_to_ascii($utf8zone, $CHARSET);
die "zone $zone is not managed\n"
- if not -f "$master_dir/$zone/$zone";
+ if not -f "$cf{master_dir}/$zone/$zone";
push @zones, $zone;
}
- return ($cmd, @zones);
+
+ given ($cmd) {
+ when ("zsk") { exit create_zsk(@zones) };
+ #when ("ksk") { return create_ksk(@zones) };
+ #when ("check") { return check_zone(@zones) };
+ #when ("rm") { return rm_keys(@zones) };
+ default { die "not implemented\n" };
+ };
}
-
sub rm_keys ($@) {
# deletes all the keys were handed over -rm in argv
@@ -109,11 +108,12 @@
print " * $zone: removed key-set\n";
}
- open(my $old, "$zpf/$zone") or die "$zpf/$zone: $!\n";
- my $fh = File::Temp->new(DIR => $zpf) or die "Can't create tmpfile: $!\n";
- print $fh grep { not /^\s*\$INCLUDE.*"K$zone.*\.key"/i } <$old>;
- rename($fh->filename => "$zpf/$zone")
- or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
+ open(my $old, "$zpf/$zone") or die "$zpf/$zone: $!\n";
+ my $fh = File::Temp->new(DIR => $zpf)
+ or die "Can't create tmpfile: $!\n";
+ print $fh grep { not /^\s*\$INCLUDE.*"K$zone.*\.key"/i } <$old>;
+ rename($fh->filename => "$zpf/$zone")
+ or die "Can't rename " . $fh->filename . " to $zpf/$zone: $!\n";
}
}
@@ -156,48 +156,37 @@
}
}
-sub create_zsk ($@) {
- my ($master_dir, @zone) = @_;
- my @index;
+sub create_zsk (@) {
+ my @zones = @_;
+
my $keyname;
- for (@zone) {
- my $zone = $_;
- my $zpf = "$master_dir/$zone";
+ foreach my $zone (@zones) {
+ my $dir = "$cf{master_dir}/$zone";
- $keyname = `cd $zpf && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
+ chomp($keyname = `cd $dir && dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`);
- unless (-f "$zpf/.index.zsk") {
- @index = ();
- }
- else {
- open(INDEX, "$zpf/.index.zsk") or die "$zpf/.index.zsk: $!\n";
- @index = <INDEX>;
- close(INDEX);
- }
+ my @index;
+ open(my $idx, "+>>", "$dir/.index.zsk") or die "Can't open $dir/.index.zsk: $!\n";
+ seek($idx, 0, 0);
+ chomp(@index = <$idx>);
push @index, $keyname;
- if (@index > 2) { shift(@index); }
+ shift @index if @index > 2;
+
+ truncate($idx, 0);
+ print $idx join "\n" => @index, "";
+ close($idx);
- {
- my $fh = File::Temp->new(DIR => "$zpf")
- or die "Can't create tmpdir: $!\n";
- print $fh join "" => @index, "";
- rename($fh->filename => "$zpf/.index.zsk")
- or die "Can't rename "
- . $fh->filename
- . " to $zpf/.index.zsk: $!\n";
- }
- chomp($keyname);
- print " * $zone: new ZSK $keyname\n";
+ say "$zone: new ZSK $keyname";
- open(KC, ">$zpf/.keycounter") or die "$zpf/keycounter: $!\n";
- print KC "0";
- close(KC);
+ open(my $kc, ">", "$dir/.keycounter") or die "$dir/.keycounter: $!\n";
+ print $kc "0\n";
+ close($kc);
}
}
-sub ck_zone ($@) {
+sub check_zone ($@) {
my ($master_dir, @zone) = @_;
for (@zone) {
@@ -320,11 +309,11 @@
=head1 NAME
-dnssec-keytool
+ dnssec-keytool - key management
=head1 SYNOPSIS
-dnssec-keytool {-z|-k|-r|-c} zone
+ dnssec-keytool {--zsk|--ksk|--rm|--check} zone...
=head1 DESCRIPTION
@@ -334,13 +323,21 @@
=over
-=item B<-z> created a new ZSK
+=item B<--zsk>
+
+Create a new ZSK for the zones.
-=item B<-k> created a new ZSK and KSK
+=item B<--ksk>
+
+Create a new KSK for the zones.
-=item B<-r> delete the key-set of a zone
+=item B<--rm>
+
+Remote all key material from the zones.
-=item B<-c> created configuration files for the dnstools and a new ZSK for an existing KSK
+=item B<--check>
+
+???
=back