--- a/dnssec-creatkey Thu Dec 02 16:46:17 2010 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,281 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use FindBin;
-
-sub del_double {
- my %all;
- grep { $all{$_} = 0 } @_;
- return ( keys %all );
-}
-
-# liest die Konfiguration
-my @configs = ( "$FindBin::Bin/dnstools.conf", "/etc/dnstools.conf" );
-my %config;
-
-for ( grep {-f} @configs ) {
- open( CONFIG, $_ ) or die "Can't open $_: $!\n";
-}
-
-unless ( seek( CONFIG, 0, 0 ) ) {
- die "Can't open config (searched: @configs)\n";
-}
-
-while (<CONFIG>) {
- chomp;
- s/#.*//;
- s/\t//g;
- s/\s//g;
-
- next unless length;
- my ( $cname, $ccont ) = split( /\s*=\s*/, $_, 2 );
- $config{$cname} = $ccont;
-}
-close(CONFIG);
-
-my $master_dir = $config{master_dir};
-my $key_counter_end = $config{key_counter_end};
-my @change;
-my @manu;
-my @index;
-my $zone;
-my $keyname;
-
-# prueft ob eingaben in ARGV domains sind und gibt sie in die liste @manu
-for (@ARGV) {
- chomp( my $zone = `idn --quiet "$_"` );
-
- if ( -d "$master_dir/$zone" ) {
- push( @manu, $zone );
- }
- else {
- print " $zone not exist\n ";
- }
-}
-
-# prueft ob zonen mit schluesselmaterial ueber index- und keycounterdatei
-# verfuegen.
-# legt .index.ksk an falls nicht und gibt die entsprechende zone in die
-# liste @change
-while (<$master_dir/*>) {
- chomp( $zone = $_ );
-
- if ( -f "$zone/.index.zsk"
- and -f "$zone/.index.ksk"
- and -f "$zone/.keycounter" )
- {
- next;
- }
-
- while (<$zone/*>) {
- if (m#^K#) {
- my $file_in_zone = $_;
-
- open( KEY, $_ ) or die "$_: $!\n";
- for (<KEY>) {
- if (m#DNSKEY.257#) {
- $file_in_zone =~ s#(/.*/)(.*).key#$2#;
-
- open( INDEX, ">$zone/.index.ksk" ) or die;
- print INDEX "$file_in_zone\n";
- close(INDEX);
-
- $zone =~ s#($master_dir/)(.*)#$2#;
- push( @change, $zone );
-
- }
- }
- close(KEY);
- }
- }
-}
-
-# gibt alle zonen mit abgelaufenen keycounter in die liste @change
-while (<$master_dir/*>) {
- chomp( $zone = $_ );
- my $key;
-
- unless ( -f "$zone/.keycounter" ) {
- next;
- }
-
- open( KEY, "$zone/.keycounter" ) or die "$zone/.keycounter: $!\n";
- $key = <KEY>;
- close(KEY);
-
- if ( $key_counter_end <= $key ) {
- $zone =~ s#($master_dir/)(.*)#$2#;
- push( @change, $zone );
- }
-}
-
-#erzeugt zsks
-for ( &del_double( @change, @manu ) ) {
- $zone = $_;
-
- chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
- $keyname = `dnssec-keygen -a RSASHA1 -b 512 -n ZONE $zone`;
-
- unless ( -f ".index.zsk" ) {
- @index = ();
- }
- else {
- open( INDEX, ".index.zsk" )
- or die "$master_dir/$zone/.index.zsk: $!\n";
- @index = <INDEX>;
- close(INDEX);
- }
-
- push @index, $keyname;
- if ( @index > 2 ) {
- shift(@index);
- }
-
- open( INDEX, ">.index.zsk" ) or die "$master_dir/$zone/.index.zsk: $!\n";
- print INDEX @index;
- close(INDEX);
-
- chomp($keyname);
- print "$keyname (ZSK) creat for $zone \n";
-
- open( KC, ">.keycounter" ) or die "$master_dir/$zone/keycounter: $!\n";
- print KC "0";
- close(KC);
-}
-
-#erzeugt ksks
-for ( &del_double(@manu) ) {
- $zone = $_;
-
- chdir "$master_dir/$zone" or die "$master_dir/$zone: $!\n";
- $keyname = `dnssec-keygen -a RSASHA1 -b 2048 -f KSK -n ZONE $zone`;
-
- print "creat new KSK for $zone? (no): ";
- unless ( <STDIN> =~ m/^yes/ ) {
- next;
- }
-
- unless ( -f ".index.ksk" ) {
- @index = ();
- }
- else {
-
- open( INDEX, ".index.ksk" )
- or die "$master_dir/$zone/.index.ksk: $!\n";
- @index = <INDEX>;
- close(INDEX);
- }
-
- push @index, $keyname;
- if ( @index > 2 ) {
- shift(@index);
- }
-
- open( INDEX, ">.index.ksk" ) or die "$master_dir/$zone/.index.ksk: $!\n";
- print INDEX @index;
- close(INDEX);
-
- chomp($keyname);
- print "$keyname (KSK) creat for $zone \n";
-}
-
-# loescht alle unbenoetigten schluessel, fuegt die schluessel in
-# die zone-datei
-for ( &del_double( @change, @manu ) ) {
- $zone = $_;
- my @old_zone_content = ();
- my @new_zone_content = ();
- my @kkeylist = ();
- my @zkeylist = ();
- my $file = ();
-
- open( INDEX, "<$master_dir/$zone/.index.zsk" )
- or die "$master_dir/$zone/.index.zsk: $!\n";
- @zkeylist = <INDEX>;
- close(INDEX);
-
- open( INDEX, "<$master_dir/$zone/.index.ksk" )
- or die "$master_dir/$zone/.index.ksk: $!\n";
- @kkeylist = <INDEX>;
- close(INDEX);
-
- open( ZONE, "<$master_dir/$zone/$zone" )
- or die "$master_dir/$zone/$zone: $!\n";
- @old_zone_content = <ZONE>;
- close(ZONE);
-
- # kuerzt die schluessel-bezeichnung aus der indexdatei auf die id um sie
- # besser vergleichen zu koennen.
- for ( @kkeylist, @zkeylist ) {
- chomp;
- s#K.*\+.*\+(.*)#$1#;
- }
-
- # filtert alle schluessel aus der zonedatei
- # old_zone_content ==> new_zone_content
- for (@old_zone_content) {
- unless (/dnssec-(zsk|ksk)/) {
- push @new_zone_content, $_;
- }
- }
-
- # prueft alle schluesseldateien (ksk, zsk) ob sie in der jeweiligen
- # indexdatei beschrieben sind. wenn nicht werden sie geloescht.
- for (`ls $master_dir/$zone/K*[key,private]`) {
- chomp;
- $file = $_;
- my $rm_count = 1;
-
- for (@zkeylist) {
-
- if ( $file =~ /$_/ ) {
- $rm_count = 0;
-
- # schluessel die in der indexdatei standen, werden an die
- # zonedatei angehangen.
- if ( $file =~ /.*key/ ) {
-
- $file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content,
- "\$INCLUDE \"$file\"\t\t; dnssec-zsk\n";
-
- last;
- }
- }
- }
- for (@kkeylist) {
-
- if ( $file =~ /$_/ ) {
- $rm_count = 0;
-
- # schluessel die in der indexdatei standen, werden an die
- # zonedatei angehangen.
- if ( $file =~ /.*key/ ) {
-
- $file =~ s#/.*/(K.*)#$1#;
- push @new_zone_content,
- "\$INCLUDE \"$file\"\t\t; dnssec-ksk\n";
-
- last;
- }
- }
- }
-
- #loescht alle unbenoetigten schluessel
- if ( $rm_count == 1 ) {
- unlink "$file";
- }
- }
-
- open( ZONE, ">$master_dir/$zone/$zone" )
- or die "$master_dir/$zone/$zone: $!\n";
- print ZONE @new_zone_content;
- close(ZONE);
-
-}
-
-# "toucht" alle zonen damit der serial erhoeht und die
-# zone neu signiert wird
-for ( &del_double( @change, @manu ) ) {
- system "touch $master_dir/$_/$_";
-}