a Γi` @s@ddlZddlmZddlmZddlTddlmZGdddZGdddZGdd d e Z Gd d d Z e d krt|jp@dfS) Na%spolicy %s: inherits %s directory %s algorithm %s coverage %s ksk_keysize %s zsk_keysize %s ksk_rollperiod %s zsk_rollperiod %s ksk_prepublish %s ksk_postpublish %s zsk_prepublish %s zsk_postpublish %s ksk_standby %s zsk_standby %s keyttl %s z constructed zzone z algorithm ZUNKNOWNNone")is_constructedis_zoneis_algrMrO directoryr4rNcoverage ksk_keysize zsk_keysizeksk_rollperiodzsk_rollperiodksk_prepublishksk_postpublishzsk_prepublishzsk_postpublish ksk_standby zsk_standbykeyttlrrrr__repr__s2 zPolicy.__repr__cCs |d|ko|dkSS)Nrrr)rZkey_sizeZ size_rangerrrZ __verify_sizeszPolicy.__verify_sizecCs|jSr;)rMrcrrrget_nameszPolicy.get_namecCs|jSr;)rSrcrrr constructedszPolicy.constructedcCs|jr:|jdur:|j|jkr:t|jdd|j|jffS|jrj|jdurj|j|jkrjdd|j|jffS|jr|jdur|j|jkrdd|j|jffS|jr|jdur|j|jkrdd|j|jffS|jr|jr|jr|j|j|jkrdd|j|j|jffS|jrR|jrR|jrR|j|j|jkrRdd|j|j|jffS|jdur|j |j}|dur| |j |sdd |j |ffS| |j |sdd |j |ffS|jd vrd|_ d|_ d S) zr Check if the values in the policy make sense :return: True/False if the policy passes validation NFz6KSK pre-publish period (%d) exceeds rollover period %dz7KSK post-publish period (%d) exceeds rollover period %dz6ZSK pre-publish period (%d) exceeds rollover period %dz7ZSK post-publish period (%d) exceeds rollover period %dzGKSK pre/post-publish periods (%d/%d) combined exceed rollover period %dzGZSK pre/post-publish periods (%d/%d) combined exceed rollover period %dz&KSK key size %d outside valid range %sz&ZSK key size %d outside valid range %s)rIrJrKrL)TrP) rZr\r,r]r[r^r_rNvalid_key_sz_per_algor%_Policy__verify_sizerXrY)rZ key_sz_rangerrrvalidates            zPolicy.validate)NNN)r@rArBrTrUrSrZr[r\r^r]r_rXrYr`rarbrWrVrgr:rdrhrerfrirrrrrDvs> &rDc@s eZdZdS)PolicyExceptionN)r@rArBrrrrrjsrjc@s.eZdZiZiZiZdZdZdZdEddZ ddZ ddZ d d Z d d Z d dZddZddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Z d3d4Z!d5d6Z"d7d8Z#d9d:Z$d;d<Z%d=d>Z&d?d@Z'dAdBZ(dCdDZ)dS)F dnssec_policyNTcKst|_|jj|_d|vr"d|d<d|vr2d|d<tjfd|i||_|dt}d|_d|_d|_ d|_ t ||j d<d|j d_d|j d_ t ||j d <d |j d _d |j d _ t ||j d <d |j d _d |j d _ t ||j d <d |j d _d |j d _ t ||j d <d |j d _d |j d _ d|j d _ d|j d _ t ||j d <d |j d _d |j d _ d|j d _ d|j d _ t ||j d<d|j d_d|j d_ d|j d_ d|j d_ t ||j d<d|j d_d|j d_ d|j d_ d|j d_ |r||dS)NdebugF write_tablesmoduleapolicy global { algorithm rsasha256; key-size ksk 2048; key-size zsk 2048; roll-period ksk 0; roll-period zsk 1y; pre-publish ksk 1mo; pre-publish zsk 1mo; post-publish ksk 1mo; post-publish zsk 1mo; standby ksk 0; standby zsk 0; keyttl 1h; coverage 6mo; }; policy default { policy global; };TirErFrGrHrIrJrKrL)rplexrCyaccparsersetuprDrNrUrXrYr alg_policyrMload)rfilenamer8prrrr:"s^                          zdnssec_policy.__init__cCs\||_d|_t|.}|}d|jj_|j|Wdn1sH0Yd|_dSNTr) ruinitialopenreadrorrrqparse)rrufr>rrrrtos  *zdnssec_policy.loadcCs d|_d|jj_|j|dSrw)rxrorrrqr{)rr>rrrrrys zdnssec_policy.setupc Ks|}d}||jvr |j|}|durBt|jd}||_d|_|jdur~|jpZ|jd}|rn|jsn|j}q\|rx|jpzd|_|j|jvr|j|j}nt d|j dur|jp|jd}|dur|j s|j}q|o|j |_ |j dur$|jp|jd}|r|j s|j}q|r|j p |j |_ |j durr|jp@|jd}|jr\|j s\|j}qB|rj|j pn|j |_ |j dur|jp|jd}|jr|j s|j}q|r|j p|j |_ |jdur|jp|jd}|jr|js|j}q|r|jp |j|_|jdur\|jp*|jd}|jrF|jsF|j}q,|rT|jpX|j|_|jdur|jpx|jd}|jr|js|j}qz|r|jp|j|_|jdur|jp|jd}|jr|js|j}q|r|jp|j|_|jdurF|jp|jd}|jr0|js0|j}q|r>|jpB|j|_|jdur|jpb|jd}|jr~|js~|j}qd|r|jp|j|_|jdur|jp|jd}|dur|js|j}q|o|j|_d|vs|ds|\}}|st |dS|S)NdefaultTzalgorithm not foundZ novalidate)r zone_policyr named_policyrMrSrNrOrsrjrVrWrXrYrZr[r\r^r]r_rbri) rzoner8zrvrOZapZvalidmsgrrrpolicy~s                           zdnssec_policy.policycCsdS)zBpolicylist : init policy | policylist policyNrrrvrrr p_policylistszdnssec_policy.p_policylistcCs d|_dS)zinit :FN)rxrrrrp_initszdnssec_policy.p_initcCsdS)zTpolicy : alg_policy | zone_policy | named_policyNrrrrrp_policyszdnssec_policy.p_policycCs|d|d<dS)zAname : STR | KEYTYPE | DATESUFFIXrrNrrrrrp_names zdnssec_policy.p_namecCs,|d|d<td|ds(tddS)zcdomain : STR | QSTRING | KEYTYPE | DATESUFFIXrrz^[\w.-][\w.-]*$zinvalid domainN)striprrrjrrrrp_domainszdnssec_policy.p_domaincCs t|_dS)z new_policy :N)rDcurrentrrrr p_new_policyszdnssec_policy.p_new_policycCs(|d|j_d|j_|j|j|d<dS)zFalg_policy : ALGORITHM_POLICY ALGNAME new_policy alg_option_group SEMITN)rrMrUrsrrrr p_alg_policy s zdnssec_policy.p_alg_policycCs8|dd|j_d|j_|j|j|dd<dS)z=zone_policy : ZONE domain new_policy policy_option_group SEMIr.TN)rstriprrMrTr~rrrrr p_zone_policyszdnssec_policy.p_zone_policycCs$|d|j_|j|j|d<dS)z>named_policy : POLICY name new_policy policy_option_group SEMIrN)rrMrrrrrrp_named_policys zdnssec_policy.p_named_policycCs|d|d<dS)zduration : NUMBERrrNrrrrr p_duration_1s zdnssec_policy.p_duration_1cCs d|d<dS)zduration : NONENrrrrrr p_duration_2#szdnssec_policy.p_duration_2cCs|ddkr|dd|d<n|ddkr<|dd|d<n|ddkrZ|dd |d<n||dd krx|dd |d<n^|dd kr|dd |d<n@|ddkr|dd|d<n"|ddkr|d|d<ntddS)zduration : NUMBER DATESUFFIXryri3rmoi'wi: diQhimi<szinvalid durationN)rjrrrr p_duration_3(s       zdnssec_policy.p_duration_3cCsdS)z6policy_option_group : LBRACE policy_option_list RBRACENrrrrrp_policy_option_group;sz#dnssec_policy.p_policy_option_groupcCsdS)zmpolicy_option_list : policy_option SEMI | policy_option_list policy_option SEMINrrrrrp_policy_option_list?sz"dnssec_policy.p_policy_option_listcCsdS)apolicy_option : parent_option | directory_option | coverage_option | rollperiod_option | prepublish_option | postpublish_option | keysize_option | algorithm_option | keyttl_option | standby_optionNrrrrrp_policy_optionDs zdnssec_policy.p_policy_optioncCsdS)z0alg_option_group : LBRACE alg_option_list RBRACENrrrrrp_alg_option_groupQsz dnssec_policy.p_alg_option_groupcCsdS)z^alg_option_list : alg_option SEMI | alg_option_list alg_option SEMINrrrrrp_alg_option_listUszdnssec_policy.p_alg_option_listcCsdS)aalg_option : coverage_option | rollperiod_option | prepublish_option | postpublish_option | keyttl_option | keysize_option | standby_optionNrrrrr p_alg_optionZszdnssec_policy.p_alg_optioncCs|j|d|j_dS)zparent_option : POLICY namerN)rrrrOrrrrp_parent_optiondszdnssec_policy.p_parent_optioncCs|d|j_dS)z$directory_option : DIRECTORY QSTRINGrN)rrVrrrrp_directory_optionhsz dnssec_policy.p_directory_optioncCs|d|j_dS)z#coverage_option : COVERAGE durationrN)rrWrrrrp_coverage_optionlszdnssec_policy.p_coverage_optioncCs*|ddkr|d|j_n |d|j_dS)z0rollperiod_option : ROLL_PERIOD KEYTYPE durationrKSKN)rrZr[rrrrp_rollperiod_optionps z!dnssec_policy.p_rollperiod_optioncCs*|ddkr|d|j_n |d|j_dS)z0prepublish_option : PRE_PUBLISH KEYTYPE durationrrrN)rr\r^rrrrp_prepublish_optionws z!dnssec_policy.p_prepublish_optioncCs*|ddkr|d|j_n |d|j_dS)z2postpublish_option : POST_PUBLISH KEYTYPE durationrrrN)rr]r_rrrrp_postpublish_option~s z"dnssec_policy.p_postpublish_optioncCs*|ddkr|d|j_n |d|j_dS)z(keysize_option : KEY_SIZE KEYTYPE NUMBERrrrN)rrXrYrrrrp_keysize_options zdnssec_policy.p_keysize_optioncCs*|ddkr|d|j_n |d|j_dS)z'standby_option : STANDBY KEYTYPE NUMBERrrrN)rr`rarrrrp_standby_options zdnssec_policy.p_standby_optioncCs|d|j_dS)zkeyttl_option : KEYTTL durationrN)rrbrrrrp_keyttl_optionszdnssec_policy.p_keyttl_optioncCs|d|j_dS)z$algorithm_option : ALGORITHM ALGNAMErN)rrNrrrrp_algorithm_optionsz dnssec_policy.p_algorithm_optioncCsd|r.td|jpd|jrdnd|j|jfn2|js`td|jp@d|jrJdnd|rV|jpXdfdS)Nz%s%s%d:syntax error near '%s'rP:z%s%s%d:unexpected end of inputr)r,rurrrxrjrrrrp_errors zdnssec_policy.p_error)N)*r@rArBrsrr~rrurxr:rtrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrksN M h   rk__main__rr7r)rlr{T)rmrlr}znonexistent.zone)rZply.lexr7Zply.yaccrpstringrrrD Exceptionrjrkr@sysargvryfilerzr>closeror?ppr,rreargsrrrr s6   `"