|
|
@@ -6,10 +6,12 @@ Pure Python TSIG key generator, with multiple output formats.
|
|
|
|
|
|
import os, base64, argparse
|
|
|
|
|
|
+algorithm_bits = dict(("hmac-sha{}".format(bits), bits // 8) for bits in (256, 384, 512))
|
|
|
+
|
|
|
bind9_template = '''
|
|
|
-key "{name}" {{
|
|
|
- algorithm = {algorithm};
|
|
|
- secret = "{secret}";
|
|
|
+key {name} {{
|
|
|
+ algorithm {algorithm};
|
|
|
+ secret "{secret}";
|
|
|
}};
|
|
|
'''
|
|
|
|
|
|
@@ -21,17 +23,23 @@ key:
|
|
|
'''
|
|
|
|
|
|
ap = argparse.ArgumentParser(description = __doc__)
|
|
|
-ap.add_argument("-f", "--format", choices = ("bind9", "nsd"))
|
|
|
-ap.add_argument("dnsname")
|
|
|
-ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-")
|
|
|
+ap.add_argument("-a", "--algorithm",
|
|
|
+ choices = tuple(sorted(algorithm_bits)),
|
|
|
+ default = sorted(algorithm_bits)[0])
|
|
|
+ap.add_argument("-f", "--format",
|
|
|
+ choices = ("bind9", "nsd"))
|
|
|
+ap.add_argument("-n", "--name",
|
|
|
+ default = "tsig.example.org")
|
|
|
+ap.add_argument("-o", "--output",
|
|
|
+ default = "-", type = argparse.FileType("w"))
|
|
|
+ap.add_argument("-s", "--servers", nargs = "+")
|
|
|
+ap.add_argument("-z", "--zones", nargs = "+")
|
|
|
args = ap.parse_args()
|
|
|
|
|
|
-# For the moment this only supports hmac-sha256
|
|
|
-
|
|
|
params = dict(
|
|
|
- name = args.dnsname,
|
|
|
- algorithm = "hmac-sha256",
|
|
|
- secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"),
|
|
|
+ name = args.name,
|
|
|
+ algorithm = args.algorithm,
|
|
|
+ secret = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii"),
|
|
|
)
|
|
|
|
|
|
if args.format is None or args.format == "bind9":
|
