a 4i%@sddlmZddlZddlZddlZddlZddlZddlZddlZddl Z ddl m Z dZ ddl mZmZmZmZmZmZddZdad d Zd d Zd dZdddZddZddZdS))print_functionN) defaultdictzdnssec-coverage)dnskey eventlistkeydictkeyeventkeyzoneutilscOst|i|tddS)N)printsysexit)argskwargsr./usr/lib/python3/dist-packages/isc/coverage.pyfatalsrTcOsNd|vr|d}|ddnd}tr,dan |r8td|rJt|i|dS)zuoutput text, adding a vertical space this is *not* the first first section being printed since a call to vreset()skipNTF)pop _firstliner )rrrrrroutput*srcCsdadS)zreset vertical spacingTN)rrrrrvreset;srcCs|}z t|WSty$Yn0td}||}|sJtd||\}}t|}|}|drx|dS|dr|dS|dr|dS|d r|d S|d r|d S|d r|dS|dr|Std|dS)zconvert a formatted time (e.g., 1y, 6mo, 15mi, etc) into seconds :param s: String with some text representing a time interval :return: Integer with the number of seconds in the time interval z([0-9][0-9]*)\s*([A-Za-z]*)zCannot parse %syi3Zmoi'w: diQhimi<szInvalid suffix %sN) stripint ValueErrorrecompilematchgroupslower startswith)r rmnZunitrrr parse_timeDs6             r-cCs~|}|r"tj|r"t|tjsztjd}|s8tjj}|tjD]4}tj ||}tj|rtt|tjrtqzd}qD|S)a0find the location of a specified command. if a default is supplied and it works, we use it; otherwise we search PATH for a match. :param command: string with a command to look for in the path :param default: default location to use :return: detected location for the desired command PATHN) ospathisfileaccessX_OKenvirondefpathsplitpathsepjoin)ZcommanddefaultZfpathr0Z directoryrrrset_pathns r:c Cs>tdtjtdd}tjtddd}|j dt ddd d |j d d d t ddd|j ddt ddd|j ddt ddd|j ddt ddd|j dddt d dd|j d!d"|t d#d d|j d$d%t d&d'dd(|j d)d*d+d,d-d.|j d/d0d+d,d1d.|j d2d3d4d+d,d5d.|j d6d7d8tj d9| }|j rJ|jrJtd:n*|j sZ|jrn|j rfd;nd<|_nd|_|jrt|jd=krtd>d?d@|jD|_z|jrt|j}||_WntyYn0z|jrt|j}||_WntyYn0z|jr$t|j}||_Wnty:Yn0z<|jrv|j}t|j}|dAkrhd|_nt||_WntyYn0|jr|jr|S|jr$|jr$z:t|jdA|j|j}|jp|j|_|jp|j|_Wn6ty"}ztdB|j|WYd}~n d}~00|js:tdCdD|_|S)Ez8Read command line arguments, set global 'args' structureznamed-compilezoneZsbinz: checks future zDNSKEY coverage for a zone)Z descriptionzone*Nz5zone(s) to check(default: all zones in the directory))typenargsr9helpz-Kr0.z&a directory containing keys to processdir)destr9r=r?metavarz-ffilenamezzone master filefile)rBr=r?rCz-mmaxttlzthe longest TTL in the zone(s)timez-dkeyttlzthe DNSKEY TTLz-rresignZ1944000z:the RRSIG refresh interval in seconds [default: 22.5 days]z-c compilezonezpath to 'named-compilezone'z-l checklimit0zDLength of time to check for DNSSEC coverage [default: 0 (unlimited)])rBr=r9r?rCz-zno_ksk store_trueFz#Only check zone-signing keys (ZSKs))rBactionr9r?z-kno_zskz"Only check key-signing keys (KSKs)z-Dz--debugZ debug_modezTurn on debugging outputz-vz --versionversion)rOrQz)ERROR: -z and -k cannot be used together.ZKSKZZSKr z)ERROR: -f can only be used with one zone.cSs4g|],}t|dkr,|ddkr,|ddn|qS)r r@N)len).0xrrr zparse_args..rz"Unable to load zone data from %s: zWARNING: Maximum TTL value was not specified. Using 1 week (604800 seconds); re-run with the -m option to get more accurate results.r) r:r/r0r8r prefixargparseArgumentParserprog add_argumentstrrQ parse_argsrPrMrkeytyperDrSr;rFr-r#rHrIrKrGrrJ Exceptionr r) rJparserrr+kr*Zlimr;errrr^s            &r^c Cslt}tdzt|j|j|jd}Wn4tyZ}ztdt|WYd}~n d}~00|D]4}| t |j r| t q`| t |j |jq`t dtz t|}Wn4ty}ztdt|WYd}~n d}~00d}|js|d|j|jt sTd}nF|jD]>}z|||j|jt s4d}Wnt d|Yn0qt|rbd nd dS) Nz;PHASE 1--Loading keys to check for internal timing problems)r0ZzonesrHz'ERROR: Unable to build key dictionary: z9PHASE 2--Scanning future key events for coverage failuresz#ERROR: Unable to build event list: FTz&ERROR: Coverage check failed for zone r r)r^r rr0r;rHr`rr]Z check_prepubrsepZ check_postpubrFrIrrZcoverager_rKr r )rZkdrckeyZelisterrorsr;rrrmain(s8&   & rg)N)Z __future__rr/r rYZglobr$rGZcalendarZpprint collectionsrr[Ziscrrrrrr rrrrr-r:r^rgrrrr s(    * "