a Γi&@sddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z dZ ddl mZmZmZmZmZmZddZdad d Zd d Zd dZdddZddZddZdS))print_functionN) defaultdictzdnssec-coverage)dnskey eventlistkeydictkeyeventkeyzoneutilscOst|i|tddS)N)printsysexit)argskwargsr0/usr/lib/python3.9/site-packages/isc/coverage.pyfatalsrTcOsNd|vr|d}|ddnd}tr,dan |r8td|rJt|i|dS)zuoutput text, adding a vertical space this is *not* the first first section being printed since a call to vreset()skipNTF)pop _firstliner )rrrrrroutput'srcCsdadS)zreset vertical spacingTN)rrrrrvreset8srcCs|}z t|WSty$Yn0td}||}|sJtd||\}}t|}|}|drx|dS|dr|dS|dr|dS|d r|d S|d r|d S|d r|dS|dr|Std|dS)z convert a formatted time (e.g., 1y, 6mo, 15mi, etc) into seconds :param s: String with some text representing a time interval :return: Integer with the number of seconds in the time interval z([0-9][0-9]*)\s*([A-Za-z]*)zCannot parse %syi3moi'w: diQhimi<szInvalid suffix %sN) stripint ValueErrorrecompilematchgroupslower startswith)r!rmnZunitrrr parse_timeAs6             r.cCs~|}|r"tj|r"t|tjsztjd}|s8tjj}|tjD]4}tj ||}tj|rtt|tjrtqzd}qD|S)a1 find the location of a specified command. if a default is supplied and it works, we use it; otherwise we search PATH for a match. :param command: string with a command to look for in the path :param default: default location to use :return: detected location for the desired command PATHN) ospathisfileaccessX_OKenvirondefpathsplitpathsepjoin)ZcommanddefaultZfpathr1Z directoryrrrset_pathks r;c Cs>tdtjtdd}tjtddd}|j dt ddd d |j d d d t ddd|j ddt ddd|j ddt ddd|j ddt ddd|j dddt d dd|j d!d"|t d#d d|j d$d%t d&d'dd(|j d)d*d+d,d-d.|j d/d0d+d,d1d.|j d2d3d4d+d,d5d.|j d6d7d8tj d9| }|j rJ|jrJtd:n*|j sZ|jrn|j rfd;nd<|_nd|_|jrt|jd=krtd>d?d@|jD|_z|jrt|j}||_WntyYn0z|jrt|j}||_WntyYn0z|jr$t|j}||_Wnty:Yn0z<|jrv|j}t|j}|dAkrhd|_nt||_WntyYn0|jr|jr|S|jr$|jr$z:t|jdA|j|j}|jp|j|_|jp|j|_Wn6ty"}ztdB|j|WYd}~n d}~00|js:tdCdD|_|S)Ez8Read command line arguments, set global 'args' structureznamed-compilezoneZsbinz: checks future zDNSKEY coverage for a zone) descriptionzone*Nz5zone(s) to check(default: all zones in the directory))typenargsr:helpz-Kr1.z&a directory containing keys to processdir)destr:r?rAmetavarz-ffilenamezzone master filefile)rDr?rArEz-mmaxttlzthe longest TTL in the zone(s)timez-dkeyttlzthe DNSKEY TTLz-rresignZ1944000z:the RRSIG refresh interval in seconds [default: 22.5 days]z-c compilezonezpath to 'named-compilezone'z-l checklimit0zDLength of time to check for DNSSEC coverage [default: 0 (unlimited)])rDr?r:rArEz-zno_ksk store_trueFz#Only check zone-signing keys (ZSKs))rDactionr:rAz-kno_zskz"Only check key-signing keys (KSKs)z-Dz--debugZ debug_modezTurn on debugging outputz-vz --versionversion)rQrSz)ERROR: -z and -k cannot be used together.ZKSKZZSKr z)ERROR: -f can only be used with one zone.cSs4g|],}t|dkr,|ddkr,|ddn|qS)r rBN)len).0xrrr szparse_args..rz"Unable to load zone data from %s: zWARNING: Maximum TTL value was not specified. Using 1 week (604800 seconds); re-run with the -m option to get more accurate results.r) r;r0r1r9r prefixargparseArgumentParserprog add_argumentstrrS parse_argsrRrOrkeytyperFrUr=rHr.r$rJrKrMrIrrL Exceptionr r) rLparserrr,kr+Zlimr=errrr_s                  &r_c Cslt}tdzt|j|j|jd}Wn4tyZ}ztdt|WYd}~n d}~00|D]4}| t |j r| t q`| t |j |jq`t dtz t|}Wn4ty}ztdt|WYd}~n d}~00d}|js|d|j|jt sTd}nF|jD]>}z|||j|jt s4d}Wnt d|Yn0qt|rbd nd dS) Nz;PHASE 1--Loading keys to check for internal timing problems)r1ZzonesrJz'ERROR: Unable to build key dictionary: z9PHASE 2--Scanning future key events for coverage failuresz#ERROR: Unable to build event list: FTz&ERROR: Coverage check failed for zone r r)r_r rr1r=rJrarr^Z check_prepubrsepZ check_postpubrHrKrrZcoverager`rMr r )rZkdrdkeyZelisterrorsr=rrrmains<&   &  rh)N)Z __future__rr0r rZglobr%rIZcalendarZpprint collectionsrr\Ziscrrrrrr rrrrr.r;r_rhrrrr s&    * x