#!/usr/bin/perl -w
use strict;



# DNSsigner
# Author Olaf M. Kolkman
# Documentation contained herin. Use perldoc to view.
# $Id: dnssigner,v 0.13 2005/07/19 10:05:08 olaf Exp $
# 

my $_KEY_MODULE_LOADED ;


use Log::Log4perl qw(get_logger :levels);
   


BEGIN {
	eval { require Net::DNS::SEC::Maint::Key };
	 $_KEY_MODULE_LOADED = $@ ? 0 : 1;
}







use Net::DNS::SEC::Maint::Zone;
use Getopt::Std;

my $VERSION = do { 
    my @r=(q$Revision: 0.13 $=~/\d+/g); 
    sprintf "%d."."%03d"x$#r,@r 
    };

die "This program only works if Net::DNS::SEC::Maint::Key is installed " if !
$_KEY_MODULE_LOADED ;


my $default_log4perl_conf=q(
    log4perl.rootLogger=FATAL,Screen

    log4perl.appender.Logfile          = Log::Log4perl::Appender::File
    log4perl.appender.Logfile.filename = test.log
    log4perl.appender.Logfile.layout   = Log::Log4perl::Layout::PatternLayout
    log4perl.appender.Logfile.layout.ConversionPattern = [%r] %F %L %m%n

    log4perl.appender.Screen         = Log::Log4perl::Appender::Screen
    log4perl.appender.Screen.stderr  = 0
    log4perl.appender.Screen.layout = Log::Log4perl::Layout::SimpleLayout
  );



#
# Need some wrapper to get to the "standard"
#
if (-f "/usr/local/etc/log4perl.conf"){
    Log::Log4perl::init_once("/usr/local/etc/log4perl.conf");
  }elsif(-f "/etc/log4perl.conf" ){
      Log::Log4perl::init_once("/etc/log4perl.conf");
    }else{
	Log::Log4perl::init_once(\$default_log4perl_conf);
      }





 ## Parse the command line options # 

my %opts;


getopts( 'c:?hvto:Vs:e:', \%opts );

&PrintUsageExit if $opts{"h"};
&PrintUsageExit if $opts{"?"};

my $verbose = 0;
$verbose = 1 if $opts{"v"};

my $printsysteminfo = 0;
$printsysteminfo = 1 if $opts{"t"};


if ( $opts{"V"} ) {                           
    &PrintVersion
}else{           
	 
    if ( $#ARGV != 0 ) {
	print $#ARGV. "\n";
        print "Wrong number of arguments ! \n\n";
        &PrintUsageExit;
    }
    my $zonefile = $ARGV[0];
    print "Zone: $zonefile\n" if $verbose; 

    my $origin;
    $origin = $opts{"o"} if $opts{"o"};

    print "Origin: $origin\n" if $verbose && $opts{"o"};
    my $conffile;
    if ($opts{"c"}){
	$conffile = $opts{"c"};
	print "Config file: $conffile\n" if $verbose;
	$ENV{"DNSSECMAINT_CONFFILE"}=$conffile;
    }

    my $zone=Net::DNS::SEC::Maint::Zone->read(1,$zonefile,$origin);


    $zone->set_sig_start( $opts{"s"} )     if ( $opts{"s"} ) ;
    $zone->set_sig_end( $opts{"e"} )     if ( $opts{"e"} ) ;
    $zone->sign;

    my $signedzone=$zone->get_signedzone;

    if ( $signedzone ){
	open (OUTFH,"> ".$zonefile.".signed") || 
	    die "could not open output file: "
		.$zonefile.".signed";
	
	if ($opts{"t"}){
	    foreach my $message ( $zone->get_sign_system ){
		print STDERR $message; 
	    }
	}#opts{"t"}

	print OUTFH ";; Signed zone generated using \n";
	print OUTFH ";; Net::DNS::SEC::Maint::Zone::VERSION : $Net::DNS::SEC::Maint::Zone::VERSION \n";
	print OUTFH ";;    Net::DNS::Zone::Parser::REVISION : $Net::DNS::Zone::Parser::REVISION \n";
	print OUTFH ";;    Net::DNS::VERSION                : $Net::DNS::VERSION\n";
	print OUTFH ";;    Net::DNS::SEC::VERSION           : $Net::DNS::SEC::VERSION\n";

	print OUTFH $signedzone;;
	

	close(OUTFH);
	print STDERR "Output written to :" . $zonefile.".signed \n"; 
	exit (0);
	
    } else { 
	foreach my $message ( $zone->get_sign_errors){
	    print STDERR $message; 
	}
	exit (1);
    } 
    
    die "Code should not get here."; 

}















sub PrintUsageExit {
    print "

dnssigner -hVd

Client:
dnssigner [-v] [-o <origin>] zonefile
dnssigner -h
dnssigner -V

General Flags
 -h print this help message and exit
 -V print version information and exit
 -v increase verbosity


Client
 zonefile         name of the zonefile.

 -o <origin>      origin of the zone. If not supplied the name of the zone 
                  will be used as origin.

 -t               print statistics of the signing process to stderr.

 -s               YYYYMMDDHHMMSS|+offset:
		  SIG start time - absolute|offset (now)

 -e               YYYYMMDDHHMMSS|+offset|\"now\"+offset]:
		  SIG end time  - absolute|from start|from now (now + 30 days)
 


";

    exit;
}




sub PrintVersion {
    print "dnssinger version $VERSION \n";
    print "Net::DNS::SEC::Maint::Key version $Net::DNS::SEC::Maint::Key::VERSION \n";
    print "Net::DNS::SEC::Maint::Zone version $Net::DNS::SEC::Maint::Zone::VERSION \n";
}


1;

__END__;



=head1 NAME

    dnssigner - A dnssec zone signer that uses a Net::DNS::SEC::Maint keydatabase

=head1 SYNOPSIS

    dnssigner [options] zonefile

dnssigner [-v] [-o <origin>] zonefile
dnssigner -h|-?
dnssigner -V

General Flags
 -h print this help message and exit
 -V print version information and exit
 -v increase verbosity



 zonefile         name of the zonefile.

 -o <origin>      origin of the zone. If not supplied the name of the zone 
                  will be used as origin.

 -t               print statistics of the signing process to stderr.

 -s               YYYYMMDDHHMMSS|+offset:
		  SIG start time - absolute|offset (now)

 -e               YYYYMMDDHHMMSS|+offset|\"now\"+offset]:
		  SIG end time  - absolute|from start|from now (now + 30 days)
 




=head1 DESCRIPTION

A signer using a Net::DNS::SEC::Maint keydatabase. Users can a separate tool
to configure DNSSEC keys in the keydatabase. The dnssigner will use
this database to include a KEYSET in the apex and sign the zone using
an appropriate zone and keysinging keys.

=head1 CONFIGURATION

The signer needs access to the dnssecmaint configuration file. If the
DNSSECMAINT_CONFFILE does not contain a full path to the configuration file
the system will use the default location. (/usr/local/etc/dnssecmaint.conf)

The Net::DNS::SEC::Maint package commes with a utility called
dnssecmaint-config that will assist you in generating a configuration file.


=head1 Features, bugs and TODO

The code is dependend on Net::DNS::SEC::Maint::Zone. See the TODO file
in the distribution for more info.

This is code in development stage not ment for further
distribution. Use at your own risk


=head1 COPYRIGHT

Copyright (c) 2001  RIPE NCC.  Author Olaf M. Kolkman

All Rights Reserved

Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted,
provided that the above copyright notice appear in all copies and that
both that copyright notice and this permission notice appear in
supporting documentation, and that the name of the author not be used
in advertising or publicity pertaining to distribution of the software
without specific, written prior permission.


THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.






=head1 SEE ALSO

L<Net::DNS::SEC::Maint::User>,  L<Net::DNS::SEC::Maint::Key>, dnssec-signzone

=cut
