#!/usr/bin/env python

"""
Pure Python TSIG key generator, with multiple output formats.
"""

import os, base64, argparse

bind9_template = '''
key "{name}" {{
        algorithm = {algorithm};
        secret = "{secret}";
}};
'''

nsd_template = '''
key:
        name: "{name}"
        algorithm: {algorithm}
        secret: "{secret}"
'''

ap = argparse.ArgumentParser(description = __doc__)
ap.add_argument("-f", "--format", choices = ("bind9", "nsd"))
ap.add_argument("dnsname")
ap.add_argument("output", type = argparse.FileType("w"), nargs = "?", default = "-")
args = ap.parse_args()

# For the moment this only supports hmac-sha256

params = dict(
    name = args.dnsname,
    algorithm = "hmac-sha256",
    secret = base64.b64encode(os.urandom(256 // 8)).decode("ascii"),
)

if args.format is None or args.format == "bind9":
    args.output.write(bind9_template.format(**params))

if args.format is None or args.format == "nsd":
    args.output.write(nsd_template.format(**params))