Archive development backups

tsig-keygen.py

@@ -6,10 +6,12 @@ Pure Python TSIG key generator, with multiple output formats.
 
 import os, base64, argparse
 
+algorithm_bits = dict(("hmac-sha{}".format(bits), bits // 8) for bits in (256, 384, 512))
+
 bind9_template = '''
-key "{name}" {{
-        algorithm = {algorithm};
-        secret = "{secret}";
+key {name} {{
+        algorithm {algorithm};
+        secret "{secret}";
 }};
 '''
 
@@ -21,17 +23,23 @@ key:
 '''
 
 ap = argparse.ArgumentParser(description = __doc__)
-ap.add_argument("-f", "--format", choices = ("bind9", "nsd"))
-ap.add_argument("dnsname")
-ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-")
+ap.add_argument("-a", "--algorithm",
+                choices = tuple(sorted(algorithm_bits)),
+                default = sorted(algorithm_bits)[0])
+ap.add_argument("-f", "--format",
+                choices = ("bind9", "nsd"))
+ap.add_argument("-n", "--name",
+                default = "tsig.example.org")
+ap.add_argument("-o", "--output",
+                default = "-", type = argparse.FileType("w"))
+ap.add_argument("-s", "--servers", nargs = "+")
+ap.add_argument("-z", "--zones",   nargs = "+")
 args = ap.parse_args()
 
-# For the moment this only supports hmac-sha256
-
 params = dict(
-    name = args.dnsname,
-    algorithm = "hmac-sha256",
-    secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"),
+    name = args.name,
+    algorithm = args.algorithm,
+    secret = base64.b64encode(os.urandom(algorithm_bits[args.algorithm])).decode("ascii"),
 )
 
 if args.format is None or args.format == "bind9":