a 4i@sfddlZddlZddlZddlmZmZddlmZmZdZ GdddZ ddZ d d Z d d Z dS) N)PopenPIPE)prefixversionzdnssec-checkdsc@sNeZdZdddddZdZdZdZdZdZdZ d Z d d Z d d Z ddZ dS)SECRRzSHA-1zSHA-256ZGOSTzSHA-384)INNrcCs|stt|tur$|d}n|}t|dkrdzcheck..)key-a-fZdnskey-)stdinr/rz$No DNSKEY records found in zone apexFTz/KSK for %s %s/%03d/%05d (%s) missing from child.z0%s for KSK %s/%03d/%05d (%s) missing from parentz,%s for KSK %s/%03d/%05d (%s) found in parent) dssetfileopenreaddigrrZ communicate splitlinesrrrappendrsorted dsfromkeyalgo masterfilerprintrrstriprrr.r) zoneargsZrrlistfpcmd_lineZklistrAZintodsmatchr0r$r$r%checkXs                  rLc Cstjtdd}d}tjdkr"dnd}|jdtdd|jd d d d gtd d|jdddtjt |dtdd|jdddtjt |dtdd|jdddtdd|jddd td!d|jd"d#d$t d%| }|j d&|_ |S)'Nz: checks DS coverage)Z descriptionbinntZsbinrEz zone to check)rhelpr4z--algorAr>zDS digest algorithm)destactiondefaultrrOz-dz--digr<z path to 'dig')rPrRrrOz-Dz --dsfromkeyr@zdnssec-dsfromkeyzpath to 'dnssec-dsfromkey'r5z--filerBzzone master file)rPrrOz-sz--dssetr9zprepared DSset filez-vz --versionr)rQrr8)argparseArgumentParserprogosname add_argumentrpathr rr parse_argsrErD)parserZbindirZsbindirrFr$r$r%rZsN   rZcCs&t}t|j|}t|rdnddS)Nrr)rZrLrEexit)rFrKr$r$r%mains r])rSrVsys subprocessrrZ isc.utilsrrrUrrLrZr]r$r$r$r% s>V1