#! /bin/sh
# @(#)(CAcert) $Id: keyexport,v 1.6 2019/10/18 08:49:13 wytze Exp $

TMP=/tmp/`basename $0`-$$
trap "rm -f ${TMP}" 0 1 2 3 15

ODS=/usr/local/sbin/ods-enforcer

case $# in
    0)	sudo ${ODS} zone list 2>/dev/null >${TMP}
	ZONES=`awk 'NR >= 4 { print $1 }' <${TMP}`
	;;
    *)	ZONES=$@
	;;
esac

for zone in ${ZONES}
do
    # key hash to be submitted to registrar
    sudo ${ODS} key export --zone ${zone} --keytype ksk --keystate ready   --ds >${zone}.ds
    sudo ${ODS} key export --zone ${zone} --keytype ksk --keystate active  --ds >>${zone}.ds
    # actual key (only needed for DLV and some registrars)
    sudo ${ODS} key export --zone ${zone} --keytype ksk --keystate ready        >${zone}.dnskey
    sudo ${ODS} key export --zone ${zone} --keytype ksk --keystate active       >>${zone}.dnskey
done