a Γi@sfddlZddlZddlZddlmZmZddlmZmZdZ GdddZ ddZ d d Z d d Z dS) N)PopenPIPE)prefixversionzdnssec-checkdsc@sNeZdZdddddZdZdZdZdZdZdZ d Z d d Z d d Z ddZ dS)SECRRzSHA-1zSHA-256ZGOSTzSHA-384)INNrcCs|stt|tur$|d}n|}t|dkr_zcheck..)key-a-fZdnskey-)stdinr/rz$No DNSKEY records found in zone apexFTz/KSK for %s %s/%03d/%05d (%s) missing from child.z0%s for KSK %s/%03d/%05d (%s) missing from parentz,%s for KSK %s/%03d/%05d (%s) found in parent) dssetfileopenreaddigrrZ communicate splitlinesrrrappendrsorted dsfromkeyalgo masterfilerprintrrstriprrr.r) zoneargsZrrlistfpcmd_lineZklistrAZintodsmatchr0r$r$r%checkSsp          rLc Cstjtdd}d}tjdkr"dnd}|jdtdd|jd d d d gtd d|jdddtjt |dtdd|jdddtjt |dtdd|jdddtdd|jddd td!d|jd"d#d$t d%| }|j d&|_ |S)'Nz: checks DS coverage) descriptionbinntZsbinrEz zone to check)rhelpr4z--algorAr>zDS digest algorithm)destactiondefaultrrPz-dz--digr<z path to 'dig')rQrSrrPz-Dz --dsfromkeyr@zdnssec-dsfromkeyzpath to 'dnssec-dsfromkey'r5z--filerBzzone master file)rQrrPz-sz--dssetr9zprepared DSset filez-vz --versionr)rRrr8)argparseArgumentParserprogosname add_argumentrpathr rr parse_argsrErD)parserZbindirZsbindirrFr$r$r%r[s:       r[cCs&t}t|j|}t|rdnddS)Nrr)r[rLrEexit)rFrKr$r$r%mains r^)rTrWsys subprocessrrZ isc.utilsrrrVrrLr[r^r$r$r$r% s9@