# cat makekeys.py
#!/usr/bin/python3.4
import subprocess
import sys
import string
import os.path
import datetime
import shlex
from time import gmtime, strftime
from subprocess import Popen, PIPE, STDOUT
pretime = strftime("%Y%m%d%H", gmtime())
time = datetime.datetime.strptime(pretime,'%Y%m%d%H')
print (time)
plustime = datetime.timedelta(days=730)
timeadd = (time + plustime)
str(timeadd)
#ndate = datetime.strptime(timeadd, '%Y%m%d%H')
#timeadd = timeadd.replace(tzinfo=UTC())
print (timeadd)
dname = input("Enter the domain to configure keys for? ")
if os.path.exists(dname+".external.signed"):
os.remove(dname+".external.signed")
#os.remove(dname+".external")
os.remove(dname+".ksk.key")
os.remove(dname+".zsk.key")
os.remove(dname+".ksk.private")
os.remove(dname+".zsk.private")
fd = open( dname+".external", 'w')
fd.write("$TTL 86400\n")
fd.write("$ORIGIN "+dname+".\n")
fd.write("@ 1D IN SOA yoda.ex-mailer.com. admin@"+dname+".(\n")
fd.write(" "+strftime("%Y%m%d%H", gmtime())+"\n")
#fd.write(" "+repr(timeadd)+"\n")
fd.write(" 3h\n")
fd.write(" 1h\n")
fd.write(" 1w\n")
fd.write(" 1h)\n")
fd.write(" IN NS yoda.ex-mailer.com.\n")
fd.write(" IN NS r2d2.ex-mailer.com.\n")
fd.write(dname+". IN TXT v=spf1 mx a:r2d2.ex-mailer.com -all\n")
fd.write(dname+". MX 0 r2d2.ex-mailer.com.\n")
fd.write("mail."+dname+". IN A 107.191.60.48\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".zsk.key ; ZSK\n")
fd.write("$include /usr/local/etc/namedb/K"+dname+".ksk.key ; KSK\n")
fd.close()
result = subprocess.check_output(["dnssec-keygen", "-f", "KSK", "-r",
"/dev/urandom", "-a", "RSASHA256", "-b", "2048", "-n", "ZONE", dname])
result_utf8 = result.decode("utf-8").strip()
mylist = list(result_utf8)
print (mylist[0])
listlen= len(mylist)
array = list()
listlen -= 11
i = 0
while( i < listlen ):
#if mylist != '\n' ^ mylist != '':
array.insert(i, mylist[i])
i = i + 1
combined = "".join(array)
print ('combined')
print (combined)
fmove = subprocess.call(["mv", result_utf8+".key",combined +".ksk.key"])
fmove = subprocess.call(["mv", result_utf8+".private",combined +".ksk.private"])
zresult =
subprocess.check_output(["dnssec-keygen","-r","/dev/urandom","-a","RSASHA256","-b","2048","-n","ZONE",
dname])
zresult_utf8 = zresult.decode("utf-8").strip()
myzlist = list(zresult_utf8)
print (myzlist[0])
zlistlen= len(myzlist)
zarray = list()
zlistlen -= 11
zi = 0
while( zi <zlistlen ):
zarray.insert(zi, myzlist[zi])
zi = zi + 1
zcombined = "".join(zarray)
zfmove = subprocess.call(["mv", zresult_utf8+".key",zcombined+".zsk.key"])
zfmove = subprocess.call(["mv",
zresult_utf8+".private",zcombined+".zsk.private"])
sfmove = subprocess.call(['dnssec-signzone','-e',strftime('%Y%m%d%H',
gmtime())+'0000','-p','-t','-g','-k',zcombined+'.ksk.key','-o',dname,dname+'.external',zcombined+'.zsk.key'])
#cmd = "dnssec-signzone','-e',strftime('%Y%m%d%H',
gmtime())+'0000','-p','-t','-g','-k','K'+dname+'.ksk.key','-o',dname,dname+'.external','K"+dname+'.zsk.key'
#subprocess.check_call(shlex.split(cmd))
# python3.4 makekeys.py
2015-02-20 23:00:00
2017-02-19 23:00:00
Enter the domain to configure keys for? test123.com
Generating key pair.........+++ ...............+++
K
combined
Ktest123.com
Generating key pair...+++
.........................................................+++
K
dnssec-signzone: fatal: No self-signed KSK DNSKEY found. Supply an active
key with the KSK flag set, or use '-P'.
I am trying to execute a subprocess, something done in my script a couple of
times. But on the last one, it outputs an error I cannot find the solution to.
The exact same command using the same files produced at the command line works
just fine.
command works on the command line:
dnssec-signzone -e20180330000000 -p -t -g -k Ktest123.com.ksk.key -o
test123.com test123.com.external Ktest123.com.zsk.key
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
test123.com.external.signed
Signatures generated: 9
Signatures retained: 0
Signatures dropped: 0
Signatures successfully verified: 0
Signatures unsuccessfully verified: 0
Signing time in seconds: 0.010
Signatures per second: 875.401
Runtime in seconds: 0.013
--
https://mail.python.org/mailman/listinfo/python-list
