a Γi@@sJddlZddlZddlZddlmZmZGdddeZGdddZdS)N)PopenPIPEcseZdZfddZZS)TimePastcstt|d|||fdS)Nz'%s time for key %s (%d) is already past)superr__init__)selfkeypropvalue __class__./usr/lib/python3.9/site-packages/isc/dnskey.pyrs zTimePast.__init__)__name__ __module__ __qualname__r __classcell__r r r rrsrc@seZdZdZdZdZdZdVddZdd Zd d Z e dWd d Z ddZ e ddZe ddZdXddZe ddZe ddZe ddZe ddZddZd d!Zd"d#Zd$d%Zd&d'Zd(d)Zefd*d+Zd,d-Zefd.d/Zd0d1Zefd2d3Z d4d5Z!efd6d7Z"d8d9Z#efd:d;Z$dd?Z&d@dAZ'efdBdCZ(dDdEZ)dFdGZ*dHdIZ+dJdKZ,dLdMZ-dNdOZ.dYdPdQZ/dZdRdSZ0e dTdUZ1dS)[dnskeyztAn individual DNSSEC key. Identified by path, name, algorithm, keyid. Contains a dictionary of metadata events.) CreatedPublishActivateInactiveDeleteRevokeZ DSPublish SyncPublish SyncDelete) N-P-Az-Iz-Dz-RNz-Psyncz-Dsync)NZRSAMD5ZDHZDSANZRSASHA1ZNSEC3DSAZ NSEC3RSASHA1Z RSASHA256NZ RSASHA512NZECCGOSTZECDSAP256SHA256ZECDSAP384SHA384ZED25519ZED448NcCst|tr:t|dkr:|pd|_|\}}}||||||pLtj|pLd|_tj|}| d\}}}|dd}t |}t | dd}|||||dS)N.+r) isinstancetuplelen_dir fromtupleospathdirnamebasenamesplitint)rrZ directorykeyttlnamealgkeyidr r rr&s    zdnskey.__init__cs|dr|}|d}n|d}d|||f}|j|jr@tjpBd|d}|j|jr^tjp`d|d}||_||_t||_t||_ ||_ t |d} | D]zddkrq } | sq| d  d vrd } ||_nd } |st| d n||_t| | d @d krd |_qd|_q| t |d} t|_t|_t|_t|_t|_t|_t|_d|_| D]rpddvrqpfdddDtg} tdd| D}d|}|dd}||j|<qptjD]}d|j|<||jvrb||j|}||j|<| ||j|<|!||j|<|j||j|<n(d|j|<d|j|<d|j|<d|j|<q| dS)Nrz K%s+%03d+%05dz.keyz.privaterr;r!)inZchZhsrTFZrUz!#csg|]}|qSr )find).0cliner r lz$dnskey.fromtuple..z:= cSsg|]}|dkr|qS)r"r )r8posr r rr<mr=)"endswithrstripr&r(sepkeystrr/r-r0r1fullnameopenr,lowerttlclosedictmetadata_changed_delete_times_fmttime _timestamps _original_origttlstripr%minlstripr_PROPS parsetime formattime epochfromtime)rr/r0r1r.rCrBZkey_fileZ private_fileZkfptokensZseptokenZpfpZ punctuationfoundr r tr r:rr'5s~              zdnskey.fromtuplec Ksf|dd}g}d}|jdur0|dt|jg7}ttjtjD]V\}}|r>|j|sVq>d}||j vrr|j |rrd}|rzdn|j |} ||| g7}d}q>|rb|d|j g||j g} |st dd| z.t| ttd } | \} } | rtt| Wn:ty2}z td |t|fWYd}~n d}~00d|_tjD] }|j||j|<d|j|<q@dS) NquietFT-LZnone-K#  stdoutstderrzunable to run %s: %s)getrPstrrFziprrT_OPTSrJrKrMr&rBprintjoinrr communicate ExceptionrNrO)rZ settime_binkwargsr[cmdfirstr optdeleteZwhenZfullcmdprarber r rcommits>      z dnskey.commitc  KsP| dd} |dd|dt|g} |r0| d|g7} |r>| d|rN| d|g7} |rb| d t|g7} | rt| }| d t|g7} | rt| }| d t| g7} | || std d | t| t t d}| \}}|rt dt|z$| d d}t|||}|WSt yJ}zt dt|WYd}~n d}~00dS)Nr[F-qr]r\-rz-fkz-az-brrr^r_r`unable to generate key: rasciiz!unable to parse generated key: %s)rcrdappendr timefromepochrVrgrhrrrirj splitlinesdecode)cls keygen_bin randomdevZkeys_dirr/r0ZkeysizerArFpublishactivaterkr[ keygen_cmdrZrprarbrBnewkeyrqr r rgenerates:         zdnskey.generatec Ks|dd}|s td||dd|jd|jg}|jrL|dt|jg7}|r\|d|g7}|rp|d t|g7}|std d |t |t t d }| \}} | rtd | z(| d d} t| |j|j} | WStd|Yn0dS)Nr[Fz'predecessor key %s has no inactive datersr]z-Sr\rtz-ir^r_r`rurrvz'unable to generate successor for key %s)rcinactiverjr&rBrFrdrgrhrrriryrzr) rr|r}Z prepublishrkr[rrprarbrBrr r rgenerate_successors,     zdnskey.generate_successorcCs0d}|tttjvr tj|}|r(|Sd|S)Nz%03d)ranger%r _ALGNAMES)r0r/r r ralgstrs z dnskey.algstrcCs8|sdS|}ztj|WSty2YdS0dSN)upperrrindex ValueError)r0r r ralgnums z dnskey.algnumcCs||p |jSr)rr0)rr0r r ralgnameszdnskey.algnamecCs t|Sr)timegmtime)secsr r rrxszdnskey.timefromepochcCs t|dSNz %Y%m%d%H%M%S)rstrptime)stringr r rrU szdnskey.parsetimecCs t|Sr)calendarZtimegmrZr r rrWszdnskey.epochfromtimecCs td|Sr)rstrftimerr r rrVszdnskey.formattimecKs|dd}|j||krdS|j|durP|j||krP|sPt|||j||dur|j|durjdnd|j|<d|j|<d|j|<d|j|<d|j|<dS||}||j|<||j|<| ||j|<|j||j|krdnd|j|<dS)NforceFT) rcrNrOrrJrKrLrMrxrV)rr rnowrkrrZr r rsetmetas6          zdnskey.setmetacCs |j|Sr)rLrr r r rgettime2szdnskey.gettimecCs |j|Sr)rMrr r r getfmttime5szdnskey.getfmttimecCs |j|SrrNrr r r gettimestamp8szdnskey.gettimestampcCs |jdS)Nrrrr r rcreated;szdnskey.createdcCs |jdSNrrrr r r syncpublish>szdnskey.syncpublishcKs|jd||fi|dSrrrrrrkr r rsetsyncpublishAszdnskey.setsyncpublishcCs |jdSNrrrr r rr~Dszdnskey.publishcKs|jd||fi|dSrrrr r r setpublishGszdnskey.setpublishcCs |jdSNrrrr r rrJszdnskey.activatecKs|jd||fi|dSrrrr r r setactivateMszdnskey.setactivatecCs |jdSNrrrr r rrevokePsz dnskey.revokecKs|jd||fi|dSrrrr r r setrevokeSszdnskey.setrevokecCs |jdSNrrrr r rrVszdnskey.inactivecKs|jd||fi|dSrrrr r r setinactiveYszdnskey.setinactivecCs |jdSNrrrr r rro\sz dnskey.deletecKs|jd||fi|dSrrrr r r setdelete_szdnskey.setdeletecCs |jdSNrrrr r r syncdeletebszdnskey.syncdeletecKs|jd||fi|dSrrrr r r setsyncdeleteeszdnskey.setsyncdeletecCsR|dus|j|krdS|jdur0|j|_||_n|j|krHd|_||_n||_dSr)rFrP)rrFr r rsetttlhs  z dnskey.setttlcCs|jr dSdS)NKSKZSK)rArr r rkeytypetszdnskey.keytypecCsd|j||jfS)Nz %s/%s/%05d)r/rr1rr r r__str__wszdnskey.__str__cCs"d|j||j|jrdndfS)Nz%s/%s/%05d (%s)rr)r/rr1rArr r r__repr__{s  zdnskey.__repr__cCs|p|p|Sr)rr~rrr r rdatesz dnskey.datecCs@|j|jkr|j|jkS|j|jkr0|j|jkS||kSr)r/r0r)rotherr r r__lt__s     z dnskey.__lt__cCsdd}|s|}tt}|}|}|s4dS|sT||krP|dt|dS||krh||krhdS||kr|dt|t|jpdfdS||kr|dt|dS|jdur|||jkr|d t|t|jpdfdSdS) Nc_sdSrr argsrkr r rnoopr=z!dnskey.check_prepub..noopFzFWARNING: Key %s is scheduled for activation but not for publication.TzWARNING: %s is scheduled to be published and activated at the same time. This could result in a coverage gap if the zone was previously signed. Activation should be at least %s after publication.zone DNSKEY TTLz0WARNING: Key %s is active before it is publishedzWARNING: Key %s is activated too soon after publication; this could result in coverage gaps due to resolver caches containing old data. Activation should be at least %s after publication.)r-rrr~reprrdurationrF)routputrrarpr r r check_prepubsH zdnskey.check_prepubcCsdd}|dur|}|dur"|j}|dur>|dt|d}t}|}|}|s^dS|s~||krz|dt|dS||kr||krdS||kr|dt|dS|||kr|d t|t|fdSdS) Nc_sdSrr rr r rrr=z"dnskey.check_postpub..noopz"WARNING: Key %s using default TTL.QFzEWARNING: Key %s is scheduled for deletion but not for inactivation.Tz@WARNING: Key %s is scheduled for deletion before inactivation.zWARNING: Key %s scheduled for deletion too soon after deactivation; this may result in coverage gaps due to resolver caches containing old data. Deletion should be at least %s after inactivation.)rFrrrorrr)rrZtimespanrrdir r r check_postpubs@ zdnskey.check_postpubcCsn|sdSgd}g}|D]J}||d||d}}|dkr|d||d|dkrXdndfqd|S)N))Zyeari3)Zmonthi')Zdayr)Zhouri)Zminute<)secondr!r!rz%d %s%ssr2z, )rwrh)rZunitsrZunitvr r rrs&zdnskey.duration)NN)NN)N)N)NN)2rrr__doc__rTrfrrr'rr classmethodrr staticmethodrrrrxrUrWrVrrrrrrrrr~rrrrrrrrorrrrrrrrrrrrr r r rrsj M% +         1 -r) r(rr subprocessrrrjrrr r r r s